X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;ds=sidebyside;f=fai%2Fconfig%2Fhooks%2Fpartition.DEFAULT;h=9ab73b22cceb9a2f91f2932b1c2c864f948484b0;hb=4a45eef497075283554ba123ae7cf6edc762b083;hp=b10a3e0f4c67e80fe6061ad23f2628785295c1b3;hpb=debe67641f661b4e47a72cb27bb2957cd44c4bed;p=automated-distro-installer

diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index b10a3e0..9ab73b2 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -396,8 +396,15 @@ if $partition; then
     # This is just a bit more robust, and it could work for booting
     # into ipxe which can't persist data, if we ever got that working.
     mkfs.ext2 `grub_extdev`
+    # when we move to newer than trisquel 8, we can remove
+    # --type luks1. We can also check on cryptsetup --help | less /compil
+    # to see about the other settings. Default in debian 9 is luks2.
+    # You can convert from luks2 to luks 1 by adding a temporary key:
+    # cryptsetup luksAddKey --pbkdf pbkdf2
+    # then remove the new format keys with cryptsetup luksRemoveKey
+    # then cryptsetup convert DEV --type luks1, then readd old keys and remove temp.
     yes YES | cryptsetup luksFormat `rootdev` $luks_dir/host-$HOSTNAME \
-                         -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
+                         --type luks1 -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
     yes "$lukspw" | \
       cryptsetup luksAddKey --key-file $luks_dir/host-$HOSTNAME \
                  `rootdev` || [[ $? == 141 ]]