}
rootdev() { add-part $@ $rootn; }
-root2dev() { add-part $@ $root2n; }
swapdev() { add-part $@ $swapn; }
bootdev() { add-part $@ $bootn; }
boot2dev() { add-part $@ $boot2n; }
crypt-dev() { echo /dev/mapper/crypt_dev_${1##*/}; }
crypt-name() { echo crypt_dev_${1##*/}; }
root-cryptdev() { crypt-dev $(rootdev $@); }
-root2-cryptdev() { crypt-dev $(root2dev $@); }
swap-cryptdev() { crypt-dev $(swapdev $@); }
root-cryptname() { crypt-name $(rootdev $@); }
-root2-cryptname() { crypt-name $(root2dev $@); }
swap-cryptname() { crypt-name $(swapdev $@); }
dev-mib() {
# cryptsetup luksAddKey --pbkdf pbkdf2
# then remove the new format keys with cryptsetup luksRemoveKey
# then cryptsetup convert DEV --type luks1, then readd old keys and remove temp.
- yes YES | cryptsetup luksFormat $luksdev $luks_file \
- --type luks1 -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
+ yes YES | cryptsetup luksFormat $luksdev $luks_file || [[ $? == 141 ]]
yes "$lukspw" | \
cryptsetup luksAddKey --key-file $luks_file \
$luksdev || [[ $? == 141 ]]
case $raid_level in
1*) boot_space=$(( boot_space / 2 )) ;;
esac
+build_mib=0
+browse_mib=0
+whonix_mib=0
if (( boot_space > 60000 )); then
# this is larger than needed for several /boot subvols,
# becuase I keep a minimal debian install on it for
boot_mib=10000
root2_mib=200000
boot2_mib=2000
-elif (( boot_spa_ce > 30000 )); then
+ build_mib=30000
+ browse_mib=10000
+ whonix_mib=15000
+elif (( boot_space > 30000 )); then
boot_mib=$(( 5000 + (boot_space - 30000) / 2 ))
root2_mib=100
boot2_mib=100
boot_mib=$(( boot_mib * 2 ))
boot2_mib=$(( boot2_mib * 2 ))
root2_mib=$(( root2_mib * 2 ))
+ build_mib=$(( build_mib * 2 ))
+ browse_mib=$(( browse_mib * 2 ))
+ whonix_mib=$(( whonix_mib * 2 ))
;;
esac
### end calculate boot partition space
if [[ ! $DISTRO ]]; then
- if ifclass VOL_BUSTER_BOOTSTRAP; then
- DISTRO=debianbuster_bootstrap
+ if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+ DISTRO=debianbullseye_bootstrap
elif ifclass VOL_STRETCH; then
DISTRO=debianstretch
elif ifclass VOL_BUSTER; then
boot_part_mib=$(( boot_mib / ${#boot_devs[@]} ))
boot2_part_mib=$(( boot2_mib / ${#boot_devs[@]} ))
root2_part_mib=$(( root2_mib / ${#root_devs[@]} ))
- root_end=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib ))
- root2_end=$(( root_end + root2_part_mib ))
- swap_end=$(( root2_end + swap_mib ))
- boot_end=$(( swap_end + boot_part_mib ))
+ build_part_mib=$(( build_mib / ${#root_devs[@]} ))
+ whonix_part_mib=$(( whonix_mib / ${#root_devs[@]} ))
+ browse_part_mib=$(( browse_mib / ${#root_devs[@]} ))
+ root_end=$(( disk_mib - boot_part_mib - boot2_part_mib ))
+ boot_end=$(( root_end + boot_part_mib ))
parted -s $dev mklabel gpt
# MiB because parted complains about alignment otherwise.
pcmd="parted -a optimal -s -- $dev"
# root partition, the main big one
- $pcmd mkpart primary ext3 524MiB ${root_end}MiB
+ $pcmd mkpart primary ext2 524MiB ${root_end}MiB
# without naming, systemd gives us misc errors like:
# dev-disk-by\x2dpartlabel-primary.device: Dev dev-disk-by\x2dpartlabel-primary.device appeared twice
+ $pcmd set $rootn lvm on
$pcmd name $rootn root
- # root2 partition
- $pcmd mkpart primary ext3 ${root_end}MiB ${root2_end}MiB
- $pcmd name $root2n root2
- # normally a swap is type "linux-swap", but this is encrypted swap. using that
- # label will confuse systemd.
- # swap partition
- $pcmd mkpart primary "" ${root2_end}MiB ${swap_end}MiB
- $pcmd name $swapn swap
# boot partition
- $pcmd mkpart primary "" ${swap_end}MiB ${boot_end}MiB
+ $pcmd mkpart primary "" ${root_end}MiB ${boot_end}MiB
$pcmd name $bootn boot
# boot2 partition
$pcmd mkpart primary "" ${boot_end}MiB ${disk_mib}MiB
done
ls -la /dev/btrfs-control # this was probably for debugging...
sleep 1
- bpart $(for dev in ${devs[@]}; do root-cryptdev; done)
+ pvcreate $(root-cryptdev)
+ vgcreate vg$dev $(root-cryptdev)
+ lvcreate -n lvroot2 -L ${root2_part_mib}m vg$dev
+ lvcreate -n lvbuild -L ${build_part_mib}m vg$dev
+ lvcreate -n lvwhonix -L ${whonix_part_mib}m vg$dev
+ lvcreate -n lvbrowse -L ${browse_part_mib}m vg$dev
+ lvcreate -n lvroot -L 95%FREE vg$dev
+ bpart $(for dev in ${devs[@]}; do echo /dev/vg$dev/lvroot; done)
bpart ${boot_devs[@]}
else
for dev in ${devs[@]}; do
fi
-if $wipe && [[ $DISTRO != debianbuster_bootstrap ]]; then
+if $wipe && [[ $DISTRO != debianbullseye_bootstrap ]]; then
# bootstrap distro doesn't use separate encrypted root.
mount -o subvolid=0 $first_root_crypt /mnt
# systemd creates subvolumes we want to delete.
mkdir -p /mnt/grub2
cp $FAI/distro-install-common/libreboot_grub.cfg /mnt/grub2
-if [[ $DISTRO == debianbuster_bootstrap ]]; then
+if [[ $DISTRO == debianbullseye_bootstrap ]]; then
# this is just convenience for the libreboot_grub config
# so we can glob the other ones easier.
boot_vol=$DISTRO
umount /mnt
fstabstd=x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s
-if [[ $DISTRO == debianbuster_bootstrap ]]; then
+if [[ $DISTRO == debianbullseye_bootstrap ]]; then
cat > /tmp/fai/fstab <<EOF
$first_boot_dev / btrfs noatime,subvol=$boot_vol 0 0
$first_efi /boot/efi vfat nofail,$fstabstd 0 0