- yes YES | cryptsetup luksFormat /dev/$crypt $luks_dir/host-$HOSTNAME \
- -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
- yes $(cat $luks_dir/traci) | \
- cryptsetup luksAddKey --key-file \
- $luks_dir/host-$HOSTNAME /dev/$crypt || [[ $? == 141 ]]
- # this would remove the keyfile. we will do that manually later.
- # yes 'test' | cryptsetup luksRemoveKey /dev/... \
- # /key/file || [[ $? == 141 ]]
- cryptsetup luksOpen /dev/$crypt crypt_dev_$crypt --key-file \
- $luks_dir/host-$HOSTNAME
- parted ${devs[0]} set 1 boot on
- mkfs.btrfs -f /dev/mapper/crypt_dev_$crypt
- mount /dev/mapper/crypt_dev_$crypt /mnt
- cd /mnt
- btrfs subvolume create a
- btrfs subvolume create root
- btrfs subvolume set-default $(btrfs subvolume list . | grep 'root$' | awk '{print $2}') .
- cd /
- umount /mnt
+ parted -s $dev mklabel gpt
+ # MiB because parted complains about alignment otherwise.
+ pcmd="parted -a optimal -s -- $dev"
+ $pcmd mkpart primary "ext3" 12MiB ${root_end}MiB
+ $pcmd mkpart primary "linux-swap" ${root_end}MiB ${swap_end}MiB
+ $pcmd mkpart primary "" ${swap_end}MiB ${disk_mib}MiB
+ # i only need a few k, but googling min size,
+ # I found someone saying that gparted required
+ # required at least 8 because of their hard drive cylinder size.
+ # And 8 is still very tiny.
+ $pcmd mkpart primary "ext2" 4MiB 12MiB
+ # gpt ubuntu cloud image uses ~4 mb for this partition. fai uses 1 MiB.
+ # so, I use 3, whatever.
+ # note: parted manual saying cheap flash media
+ # should to start at 4.
+ $pcmd mkpart primary "" 1MiB 4MiB
+ $pcmd set $bios_grubn bios_grub on
+ $pcmd set $bootn boot on # generally not needed on modern systems
+ # the mkfs failed before on a vm, which prompted me to add
+ # sleep .1
+ # then it failed again on a physical machine
+ # with:
+ # Device /dev/disk/by-id/foo doesn't exist or access denied,
+ # so I added a wait until it existed.
+ # Then I added the mkfs.ext2, which claimed to succeed,
+ # but then couldn't be found upon reboot. In that case we didn't
+ # wait at all. So I've added a 3 second minimum wait.
+ sleep 3
+ secs=0
+ while [[ ! -e `rootdev` ]] && (( secs < 10 )); do
+ sleep 1
+ secs=$((secs +1))
+ done
+ # Holds just a single file, rarely written, so
+ # use ext2, like was often used for the /boot partition.
+ # This exists because grub can only persist data to a non-cow fs.
+ # And we use persisting a var in grub to do a one time boot.
+ # We could pass the data on the kernel command line and persist it
+ # to grubenv after booting, but that relies on the boot always succeeding.
+ # This is just a bit more robust, and it could work for booting
+ # into ipxe which can't persist data, if we ever got that working.
+ mkfs.ext2 `grub_extdev`
+ yes YES | cryptsetup luksFormat `rootdev` $luks_dir/host-$HOSTNAME \
+ -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
+ yes "$lukspw" | \
+ cryptsetup luksAddKey --key-file $luks_dir/host-$HOSTNAME \
+ `rootdev` || [[ $? == 141 ]]
+ # background: Keyfile and password are treated just
+ # like 2 ways to input a passphrase, so we don't actually need to have
+ # different contents of keyfile and passphrase, but it makes some
+ # security sense to a really big randomly generated passphrase
+ # as much as possible, so we have both.
+ #
+ # This would remove the keyfile.
+ # yes 'test' | cryptsetup luksRemoveKey /dev/... \
+ # /key/file || [[ $? == 141 ]]
+
+ cryptsetup luksOpen `rootdev` `root-cryptname` \
+ --key-file $luks_dir/host-$HOSTNAME
+ done
+ ls -la /dev/btrfs-control # this was probably for debugging...
+ sleep 1
+ bpart $(for dev in ${devs[@]}; do root-cryptdev; done)
+ bpart ${boot_devs[@]}