From ba91ed8b7930fe42863c63d39c81abc2c8d49673 Mon Sep 17 00:00:00 2001 From: natemaia Date: Thu, 13 Dec 2018 02:26:00 -0800 Subject: [PATCH] Simplify password handling, better naming for a few functions --- README.md | 31 +++++++++------------- install.sh | 23 ++++++++-------- src/archlabs-installer | 10 +++---- src/lib/boot.sh | 37 +++++++++++++++----------- src/lib/dialogs.sh | 54 +++++++++++++++---------------------- src/lib/install.sh | 27 ++++++++++--------- src/lib/luks.sh | 35 +++++++++--------------- src/lib/mount.sh | 40 ++++++++++++++++++---------- src/lib/part.sh | 60 +++++++++++++++++++++++++++--------------- src/lib/utils.sh | 16 +++++------ 10 files changed, 170 insertions(+), 163 deletions(-) diff --git a/README.md b/README.md index d6304ed..79c2f49 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,18 @@ # ArchLabs Installer #### Features -- Simple, easy to follow configuration. -- Automatic partitioning for whole devices. -- Translations for different languages. -- No input halts during install. -- Support for LUKS and/or LVM. -- Built-in error detection. -- Written entirely in Bash -- Fast Install on fast hardware _(~6min)_ +- LUKS/LVM +- Basic setup +- 10 languages +- Auto partition +- Package selection +- Error detection +- Written in Bash +- Fast Install _(~6min)_ #### Requirements + +- Network connection. - `rsync` for unpacking the squashfs. - `dialog` for all user input/output. - `vim` for editing files post install. @@ -18,22 +20,15 @@ - `wipe` for the secure wipe. - `arch-chroot` to perform operations in a chroot. - `chpasswd` to set root and user passwords. -- `openssl` to encrypt passwords. -- Basic unix tool set: `awk` `sed` `grep` `uniq` `sort` `find` `ping` `mkfs` `lsblk` `curl`. -- Network connection is needed to install packages and update the system. +- `awk` `sed` `grep` `uniq` `sort` `find` `ping` `mkfs` `lsblk` `curl` + #### Manual Installation -- curl ``` sh -c "$(curl -fsSL https://bitbucket.org/archlabslinux/installer/raw/master/install.sh)" ``` -- wget -``` -sh -c "$(wget https://bitbucket.org/archlabslinux/installer/raw/master/install.sh -O -)" -``` - -- Pre-built packages can be found in our repos: +- A packaged version can also be found in our repos: [stable](https://bitbucket.org/archlabslinux/archlabs_repo/src/master/x86_64/) [unstable](https://bitbucket.org/archlabslinux/archlabs_unstable/src/master/x86_64/) diff --git a/install.sh b/install.sh index d70f28e..84cb1cb 100755 --- a/install.sh +++ b/install.sh @@ -1,17 +1,16 @@ #!/bin/bash -hash git >/dev/null 2>&1 || { echo "This requires git installed"; exit 1; } +hash git >/dev/null 2>&1 || { printf "This requires git installed\n"; exit 1; } + git clone --depth=1 https://bitbucket.org/archlabslinux/installer -echo -echo "Root access is needed to continue" -echo -sudo mkdir -p /usr/share/archlabs/installer/lang -sudo mkdir -p /usr/share/archlabs/installer/lib -sudo mkdir -p /usr/share/archlabs/installer/docs +printf "\nRoot access is needed to continue\n\n" + +sudo mkdir -p /usr/share/archlabs/installer/{lang,lib,docs} + sudo cp -fv installer/src/archlabs-installer /usr/bin/ -sudo cp -fv installer/src/lib/*.sh /usr/share/archlabs/installer/lib/ -sudo cp -fv installer/lang/*.trans /usr/share/archlabs/installer/lang/ -sudo cp -fv installer/{LICENSE,README.md} /usr/share/archlabs/installer/docs/ -echo -echo "Install complete" +sudo cp -fv installer/src/lib/*.sh /usr/share/archlabs/installer/lib/ +sudo cp -fv installer/lang/*.trans /usr/share/archlabs/installer/lang/ +sudo cp -fv installer/{LICENSE,README.md} /usr/share/archlabs/installer/docs/ + +printf "\nInstall complete\n" diff --git a/src/archlabs-installer b/src/archlabs-installer index d98cb6b..9b503c2 100755 --- a/src/archlabs-installer +++ b/src/archlabs-installer @@ -10,9 +10,9 @@ # immutable globals -readonly VER="1.7.25" # Installer version +readonly VER="1.7.27" # Installer version readonly DIST="ArchLabs" # Linux distributor -readonly MNT="/mnt/install" # Install mountpoint +readonly MNT="/mnt" # Install mountpoint readonly ERR="/tmp/errlog" # Built-in error log readonly DBG="/tmp/debuglog" # Built-in error log @@ -53,9 +53,9 @@ main() 2) partition || SELECTED=1 ;; 3) luks_menu || SELECTED=2 ;; 4) lvm_menu || SELECTED=3 ;; - 5) mount_install_partitions || SELECTED=4 ;; - 6) configure_system_settings || SELECTED=5 ;; - 7) display_system_settings ;; + 5) select_partitions || SELECTED=4 ;; + 6) configure_settings || SELECTED=5 ;; + 7) display_settings ;; 8) install ;; *) yesno "$_CloseInst" "$_CloseInstBody" "Exit" "Back" && die esac diff --git a/src/lib/boot.sh b/src/lib/boot.sh index 3408776..ce31970 100644 --- a/src/lib/boot.sh +++ b/src/lib/boot.sh @@ -16,8 +16,11 @@ declare -Ag BCMDS=( # readonly boot partition mount points for each bootloader declare -Agr BMNTS=( -[UEFI-grub]="/boot/efi" [UEFI-systemd-boot]="/boot" [BIOS-grub]="/boot" -[BIOS-syslinux]="/boot" [UEFI-syslinux]="/boot" +[BIOS-grub]="/boot" +[UEFI-grub]="/boot/efi" +[BIOS-syslinux]="/boot" +[UEFI-syslinux]="/boot" +[UEFI-systemd-boot]="/boot" ) # readonly bootloader options with respective boot partition mountpoint @@ -115,24 +118,26 @@ EOF install_bootloader() { - # not an LVM we can use the UUID for booting otherwise use the partition label if ! [[ $ROOT_PART =~ /dev/mapper ]]; then ROOT_PART_ID="UUID=$(blkid -s PARTUUID -o value $ROOT_PART)" else + # for LVM we just use the partition label ROOT_PART_ID="$ROOT_PART" fi # remove old UEFI boot entries if [[ $SYS == 'UEFI' ]]; then - find ${MNT}${BMNTS[$SYS-$BOOTLDR]}/EFI/ -maxdepth 1 -mindepth 1 \ - -name '[aA][rR][cC][hH][lL]abs' -type d -exec rm -rf '{}' \; >/dev/null 2>&1 + find ${MNT}${BMNTS[$SYS-$BOOTLDR]}/EFI/ \ + -maxdepth 1 -mindepth 1 -name '[aA][rR][cC][hH][lL]abs' \ + -type d -exec rm -rf '{}' \; >/dev/null 2>&1 fi # sets up the bootloader configs and BCMD (boot command) prep_for_$BOOTLDR # install/setup the bootloader by running the BCMD (boot command) - chrun "${BCMDS[$BOOTLDR]}" # 2>$ERR + printf "\nInstalling and setting up $BOOTLDR in ${BMNTS[$SYS-$BOOTLDR]}\n\n" + chrun "${BCMDS[$BOOTLDR]}" echeck "${BCMDS[$BOOTLDR]}" # copy efi stub to generic catch all @@ -148,22 +153,24 @@ uefi_boot_fallback() local esp="${MNT}${BMNTS[$SYS-$BOOTLDR]}" local default="Boot" - default="$(find $esp/EFI/ -maxdepth 1 -mindepth 1 -name '[Bb][oO][oO][tT]' -type d)" + default="$(find $esp/EFI/ -maxdepth 1 -mindepth 1 \ + -name '[Bb][oO][oO][tT]' -type d)" + [[ $default ]] && default="$(basename $default)" - # directory exists: remove everything inside, otherwise mkdir it - [[ -d $esp/EFI/$default ]] && rm -rf $esp/EFI/$default/* || mkdir -p $esp/EFI/$default + if [[ -d $esp/EFI/$default ]]; then + rm -rf $esp/EFI/$default/* + else + mkdir -p $esp/EFI/$default + fi - # copy efi stub to the new default location if [[ $BOOTLDR == 'syslinux' ]]; then - # syslinux requires the whole boot setup be copied, not just the stub cp -rf $esp/EFI/syslinux/* $esp/EFI/$default/ cp -f $esp/EFI/syslinux/syslinux.efi $esp/EFI/$default/bootx64.efi + elif [[ $BOOTLDR == 'grub' && $IS_64BIT == true ]]; then + cp -f $esp/EFI/$DIST/grubx64.efi $esp/EFI/$default/bootx64.efi elif [[ $BOOTLDR == 'grub' ]]; then - # grub uses different names for the stub depending on architecture - local ext="ia32" - [[ $IS_64BIT == true ]] && ext="x64" - cp -f $esp/EFI/$DIST/grub${ext}.efi $esp/EFI/$default/boot${ext}.efi + cp -f $esp/EFI/$DIST/grubia32.efi $esp/EFI/$default/bootia32.efi fi return 0 } diff --git a/src/lib/dialogs.sh b/src/lib/dialogs.sh index d521786..2aaf690 100644 --- a/src/lib/dialogs.sh +++ b/src/lib/dialogs.sh @@ -50,11 +50,11 @@ declare -gA WM_SESSIONS=( # additional packages installed for the given window manager declare -gA WM_EXT=( -[bspwm]="sxhkd libmpdclient jsoncpp archlabs-screenlock archlabs-polybar rofi" +[bspwm]="sxhkd libmpdclient archlabs-skel-bspwm jsoncpp archlabs-screenlock archlabs-polybar rofi" [gnome]="gnome-extra" -[i3-gaps]="i3status perl-anyevent-i3 libmpdclient jsoncpp archlabs-screenlock archlabs-polybar rofi" -[xfce4]="xfce4-goodies xfce4-pulseaudio-plugin" -[openbox]="archlabs-obkey obconf archlabs-kickshaw tint2 archlabs-oblogout jgmenu tint2 archlabs-skippy-xd conky thunar termite libmpdclient jsoncpp archlabs-screenlock archlabs-paranoid archlabs-polybar rofi" +[i3-gaps]="i3status perl-anyevent-i3 libmpdclient archlabs-skel-i3-gaps jsoncpp archlabs-screenlock archlabs-polybar rofi" +[xfce4]="xfce4-goodies xfce4-pulseaudio-plugin archlabs-skel-xfce4" +[openbox]="archlabs-obkey obconf archlabs-kickshaw tint2 archlabs-oblogout jgmenu archlabs-skel-openbox tint2 archlabs-skippy-xd conky thunar termite libmpdclient jsoncpp archlabs-screenlock archlabs-paranoid archlabs-polybar rofi zenity" ) # files the user can edit during the final stage of install @@ -186,6 +186,7 @@ user_creation() { tput cnorm local values + if ! values="$(dialog --stdout --no-cancel --separator '~' \ --ok-label "Submit" --backtitle "$BT" --title " $_UserTitle " \ --insecure --mixedform "$_UserBody" 27 75 10 \ @@ -194,42 +195,28 @@ user_creation() "$_Password2" 3 1 "" 3 $((${#_Password2} + 2)) 71 0 1 \ "$_RootBody" 6 1 "" 6 $((${#_RootBody} + 1)) 71 0 2 \ "$_Password" 8 1 "" 8 $((${#_Password} + 2)) 71 0 1 \ - "$_Password2" 9 1 "" 9 $((${#_Password2} + 2)) 71 0 1 | - openssl enc -pbkdf2 -a -salt -pass pass:$SALT)"; then + "$_Password2" 9 1 "" 9 $((${#_Password2} + 2)) 71 0 1)"; then return 1 fi - # username doesn't need to be re-encrypted local user - user="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | - awk -F'~' '{print $1}')" - - # all of this is a bit hacky, but we don't ever want the passwords to be stored in plain text - # so it decrypts the string '$values', gets the field we want, and re-encrypts it + user="$(awk -F'~' '{print $1}' <<< "$values")" local pass pass2 - pass="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | - awk -F'~' '{print $2}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)" - pass2="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | - awk -F'~' '{print $3}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)" + pass="$(awk -F'~' '{print $2}' <<< "$values")" + pass2="$(awk -F'~' '{print $3}' <<< "$values")" local rpass rpass2 - rpass="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | - awk -F'~' '{print $5}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)" - rpass2="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | - awk -F'~' '{print $6}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)" - - # due to encrypting the string, when empty, once encrypted it wont be empty - local empty - empty="$(openssl enc -pbkdf2 -a -salt -pass pass:$SALT <<< "")" + rpass="$(awk -F'~' '{print $5}' <<< "$values")" + rpass2="$(awk -F'~' '{print $6}' <<< "$values")" # both root passwords are empty, so use the user passwords instead - [[ $rpass == "$empty" && $rpass2 == "$empty" ]] && { rpass="$pass"; rpass2="$pass2"; } + [[ $rpass == "" && $rpass2 == "" ]] && { rpass="$pass"; rpass2="$pass2"; } # make sure a username was entered and that the passwords match - if [[ ${#user} -eq 0 || $user =~ \ |\' || $user =~ [^a-z0-9] || $pass == "$empty" || "$pass" != "$pass2" || "$rpass" != "$rpass2" ]]; then - if [[ $pass == "$empty" || "$pass" != "$pass2" || "$rpass" != "$rpass2" ]]; then + if [[ ${#user} -eq 0 || $user =~ \ |\' || $user =~ [^a-z0-9] || $pass == "" || "$pass" != "$pass2" || "$rpass" != "$rpass2" ]]; then + if [[ $pass == "" || "$pass" != "$pass2" || "$rpass" != "$rpass2" ]]; then # password was left empty or doesn't match - if [[ $pass == "$empty" ]]; then + if [[ $pass == "" ]]; then msgbox "$_ErrTitle" "\nUser password CANNOT be left empty.\n$_TryAgain" elif [[ "$rpass" != "$rpass2" ]]; then msgbox "$_ErrTitle" "$_RootPassErr\n$_TryAgain" @@ -470,7 +457,7 @@ select_mirrorcmd() return 0 } -display_system_settings() +display_settings() { local cmd mnt pkgs cmd="${BCMDS[$BOOTLDR]}" @@ -525,7 +512,7 @@ display_system_settings() " } -configure_system_settings() +configure_settings() { tput cnorm if ! HOSTNAME="$(getinput "$_ConfHost" "$_HostNameBody" "${DIST,,}")"; then @@ -549,17 +536,18 @@ configure_system_settings() return 1 fi + select_mirrorcmd || return 1 + yesno "$_DevelTitle" "$_DevelBody" && BASEDEV=true || BASEDEV=false select_wm_or_de || return 1 select_packages || return 1 - select_mirrorcmd || return 1 export CONFIG_DONE=true return 0 } -edit_system_configs() +edit_configs() { if [[ $CURRENT_MENU != "edit" ]]; then SELECTED=1; CURRENT_MENU="edit" @@ -578,7 +566,7 @@ edit_system_configs() "9" "${BOOTLDR^}" "10" "Pacman.conf" "11" "${LOGIN_TYPE^}") if [[ ! $SELECTED || $SELECTED -eq 1 ]]; then - [[ $DEBUG == true && -r $DBG ]] && more $DBG + [[ $DEBUG == true && -r $DBG ]] && vim $DBG # when die() is passed 127 as the exit code it will issue `systemctl -i reboot` die 127 else diff --git a/src/lib/install.sh b/src/lib/install.sh index e4c9958..e18a21b 100644 --- a/src/lib/install.sh +++ b/src/lib/install.sh @@ -23,13 +23,12 @@ install() oneshot install_base # generate /etc/fstab and touch it up if we used a swapfile - echo + printf "\n\n" genfstab -U $MNT > $MNT/etc/fstab 2>$ERR echeck "genfstab -U $MNT > $MNT/etc/fstab" [[ -f $MNT/swapfile ]] && sed -i "s~${MNT}~~" $MNT/etc/fstab # update the mirrorlist.. MUST be done before updating or it may be slow - # this may already have been done if oneshot mirrorlist_sort # MUST be before bootloader and running mkinitcpio @@ -50,28 +49,30 @@ install() oneshot login_manager # drop off the user at the config editing menu - edit_system_configs + edit_configs } install_base() { # compressed image? - if [[ -e /run/archiso/sfs/airootfs/ ]]; then - printf "\nUnpacking base system --- Total: ~ 2.7G\n\n" + if [[ -e /run/archiso/sfs/airootfs/etc/skel ]]; then + printf "\n\nUnpacking base system --- Total: ~ 2.7G\n\n" rsync -ah --info=progress2 /run/archiso/sfs/airootfs/ $MNT/ else # update the mirrorlist.. MUST be done before pacstrapping or it may be slow oneshot mirrorlist_sort printf "\nPacstrapping the base system.\n\n" + local vmpkgs + if [[ $VM && $KERNEL == 'linux-lts' ]]; then + vmpkgs="virtualbox-guest-utils virtualbox-guest-dkms linux-lts-headers" + elif [[ $VM && $KERNEL == 'linux' ]]; then + vmpkgs="virtualbox-guest-utils virtualbox-guest-modules-arch" + fi + local packages packages="$(grep -hv '^#' /usr/share/archlabs/installer/packages.txt)" - local vmpkgs="" - if [[ $VM ]]; then - vmpkgs="virtualbox-guest-utils" - [[ $KERNEL == 'linux-lts' ]] && - vmpkgs+=" virtualbox-guest-dkms linux-lts-headers" || vmpkgs+=" virtualbox-guest-modules-arch" - fi + pacstrap $MNT base $KERNEL $UCODE $packages $vmpkgs fi @@ -176,7 +177,7 @@ EOF create_user() { # set root password - chrun "chpasswd <<< 'root:$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$ROOT_PASS")'" + chrun "chpasswd <<< 'root:$ROOT_PASS'" local groups='audio,autologin,floppy,log,network,rfkill,scanner,storage,optical,power,wheel' @@ -185,7 +186,7 @@ create_user() # Create the user, set password, and make sure the ownership of ~/ is correct chrun "useradd -m -u 1000 -g users -G $groups -s $MYSHELL $NEWUSER" 2>$ERR - chrun "chpasswd <<< '$NEWUSER:$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$USER_PASS")'" + chrun "chpasswd <<< '$NEWUSER:$USER_PASS'" chrun "chown -Rf $NEWUSER:users /home/$NEWUSER" # remove configs for window managers that were never installed diff --git a/src/lib/luks.sh b/src/lib/luks.sh index dabacee..bc1780a 100644 --- a/src/lib/luks.sh +++ b/src/lib/luks.sh @@ -37,7 +37,7 @@ luks_open() luks_pass "$_LuksOpen" "$LUKS_NAME" || return 1 infobox "$_LuksOpen" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0 - cryptsetup open --type luks $LUKS_PART "$LUKS_NAME" <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR + cryptsetup open --type luks $LUKS_PART "$LUKS_NAME" <<< "$LUKS_PASS" 2>$ERR echeck "cryptsetup open --type luks $LUKS_PART $LUKS_NAME" LUKS=' encrypted' @@ -49,6 +49,7 @@ luks_pass() { local title="$1" local name="$2" + local pass pass2 LUKS_PASS="" LUKS_NAME="" @@ -58,27 +59,15 @@ luks_pass() --title " $title " --insecure --mixedform "$_LuksOpenBody" 16 75 4 \ "$_Name" 1 1 "$name" 1 $((${#_Name} + 2)) 71 0 0 \ "$_Password" 2 1 "" 2 $((${#_Password} + 2)) 71 0 1 \ - "$_Password2" 3 1 "" 3 $((${#_Password2} + 2)) 71 0 1 | - openssl enc -pbkdf2 -a -salt -pass pass:$SALT)"; then + "$_Password2" 3 1 "" 3 $((${#_Password2} + 2)) 71 0 1)"; then return 1 fi - name="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | - awk -F'~' '{print $1}')" + name="$(awk -F'~' '{print $1}' <<< "$values")" + pass="$(awk -F'~' '{print $2}' <<< "$values")" + pass2="$(awk -F'~' '{print $3}' <<< "$values")" - # all of this is a bit hacky, but we don't ever want the passwords to be stored in plain text - # so it decrypts the string '$values', gets the field we want, and re-encrypts it - local pass pass2 - pass="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | - awk -F'~' '{print $2}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)" - pass2="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | - awk -F'~' '{print $3}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)" - - # due to the encryption the string while encrypted will not be empty - local empty - empty="$(openssl enc -pbkdf2 -a -salt -pass pass:$SALT <<< "")" - - if [[ $pass == "$empty" || "$pass" != "$pass2" ]]; then + if [[ $pass == "" || "$pass" != "$pass2" ]]; then msgbox "$_ErrTitle" "$_PassErr\n$_TryAgain" luks_pass "$title" "$name" || return 1 fi @@ -122,10 +111,10 @@ luks_default() luks_setup || return 1 infobox "$_LuksEncrypt" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0 - cryptsetup -q luksFormat $LUKS_PART <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR + cryptsetup -q luksFormat $LUKS_PART <<< "$LUKS_PASS" 2>$ERR echeck "cryptsetup -q luksFormat $LUKS_PART" - cryptsetup open $LUKS_PART "$LUKS_NAME" <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR + cryptsetup open $LUKS_PART "$LUKS_NAME" <<< "$LUKS_PASS" 2>$ERR echeck "cryptsetup open $LUKS_PART $LUKS_NAME" export LUKS=' encrypted' @@ -144,10 +133,10 @@ luks_keycmd() infobox "$_LuksEncryptAdv" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0 - cryptsetup -q $cipher luksFormat $LUKS_PART <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR + cryptsetup -q $cipher luksFormat $LUKS_PART <<< "$LUKS_PASS" 2>$ERR echeck "cryptsetup -q $cipher luksFormat $LUKS_PART" - cryptsetup open $LUKS_PART "$LUKS_NAME" <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR + cryptsetup open $LUKS_PART "$LUKS_NAME" <<< "$LUKS_PASS" 2>$ERR echeck "cryptsetup open $LUKS_PART $LUKS_NAME" luks_show @@ -198,7 +187,7 @@ luks_keyfile() local mkkey="dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin" mkkey="$mkkey && chmod 000 /crypto_keyfile.bin" - mkkey="$mkkey && cryptsetup luksAddKey /dev/$n /crypto_keyfile.bin <<< '$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")'" + mkkey="$mkkey && cryptsetup luksAddKey /dev/$n /crypto_keyfile.bin <<< '$LUKS_PASS'" chrun "$mkkey" sed -i 's/FILES=()/FILES=(\/crypto_keyfile.bin)/g' $MNT/etc/mkinitcpio.conf 2>$ERR diff --git a/src/lib/mount.sh b/src/lib/mount.sh index e808106..4b349b6 100644 --- a/src/lib/mount.sh +++ b/src/lib/mount.sh @@ -9,11 +9,15 @@ # shellcheck disable=2154,2153,2046 readonly SYS_MEM="$(awk '/MemTotal/ {print int($2 / 1024)"M"}' /proc/meminfo)" -readonly SALT="$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)" -readonly LOCALES="$(awk '/\.UTF-8/ {gsub(/# .*|#/, ""); if($1) print $1 " -"}' /etc/locale.gen)" -readonly CMAPS="$(find /usr/share/kbd/keymaps -name '*.map.gz' | awk '{gsub(/\.map\.gz|.*\//, ""); print $1 " -"}')" +readonly LOCALES="$(awk '/\.UTF-8/ { gsub(/# .*|#/, "") + if ($1) { + print $1 " -" + } +}' /etc/locale.gen)" +readonly CMAPS="$(find /usr/share/kbd/keymaps -name '*.map.gz' | + awk '{gsub(/\.map\.gz|.*\//, ""); print $1 " -"}')" -mount_install_partitions() +select_partitions() { # prepare partition list PARTS for dialog lvm_detect @@ -45,21 +49,25 @@ select_swap() # Ask user to select partition or create swapfile tput civis if ! SWAP_PART="$(menubox "$_SelSwpSetup" "$_SelSwpBody" 0 0 0 \ - "$_SelSwpNone" "-" "$_SelSwpFile" "$SYS_MEM" $PARTS)" || [[ $SWAP_PART == "$_SelSwpNone" ]]; then - SWAP_PART=""; return 0 + "$_SelSwpNone" "-" "$_SelSwpFile" "$SYS_MEM" $PARTS)" || + [[ $SWAP_PART == "$_SelSwpNone" ]]; then + SWAP_PART="" + return 0 fi if [[ $SWAP_PART == "$_SelSwpFile" ]]; then tput cnorm - if ! SWAP_SIZE="$(getinput "$_SelSwpSetup" "$_SelSwpSize" "$SYS_MEM")"; then - SWAP_PART=""; SWAP_SIZE=""; return 0 - fi + local i=0 while ! [[ ${SWAP_SIZE:0:1} =~ [1-9] && ${SWAP_SIZE: -1} =~ (M|G) ]]; do - msgbox "$_SelSwpSetup Error" "\n$_SelSwpErr $SWAP_SIZE\n" + (( i > 0 )) && msgbox "$_SelSwpSetup Error" "\n$_SelSwpErr $SWAP_SIZE\n" if ! SWAP_SIZE="$(getinput "$_SelSwpSetup" "$_SelSwpSize" "$SYS_MEM")"; then - SWAP_PART=""; SWAP_SIZE=""; break; return 0 + SWAP_PART="" + SWAP_SIZE="" + break + return 0 fi + ((i++)) done enable_swap "$MNT/swapfile" @@ -119,7 +127,7 @@ select_boot_setup() if [[ $SYS == 'UEFI' ]]; then local ttype="i386-efi" [[ $IS_64BIT == true ]] && ttype='x86_64-efi' - BCMDS[grub]+=" --target=$ttype --bootloader-id=$DIST" + BCMDS[grub]+=" --target=$ttype --efi-directory=${BMNTS[$SYS-$BOOTLDR]} --bootloader-id=$DIST" else BCMDS[grub]+=" --target=i386-pc $BOOT_DEVICE" fi @@ -129,10 +137,13 @@ select_boot_setup() if [[ $BOOT_PART != "" ]]; then infobox "$_PrepMount" "\nSetting up for the bootloader and mounting the boot partition.\n" 1 setup_boot_device - mount_partition "$BOOT_PART" "${BMNTS[$SYS-$BOOTLDR]}" || - { src /usr/share/archlabs/installer/lib/boot.sh ; return 1; } + if ! mount_partition "$BOOT_PART" "${BMNTS[$SYS-$BOOTLDR]}"; then + src /usr/share/archlabs/installer/lib/boot.sh + return 1 + fi export SEPERATE_BOOT=true fi + return 0 } @@ -271,5 +282,6 @@ select_extra_partitions() # if the mountpoint was /usr add 'usr' to MKINIT_HOOKS [[ $EXTRA_MNT == "/usr" && $MKINIT_HOOKS != *usr* ]] && MKINIT_HOOKS="usr $MKINIT_HOOKS" done + return 0 } diff --git a/src/lib/part.sh b/src/lib/part.sh index 59ba08d..7c47f5f 100644 --- a/src/lib/part.sh +++ b/src/lib/part.sh @@ -194,24 +194,28 @@ auto_partition() { local device="$1" local size - size=$(lsblk -lno SIZE $device | awk 'NR == 1 { - if ($1 ~ "G") { - sub(/G/, ""); print ($1 * 1000 - 512) / 1000"G" - } else { - sub(/M/, ""); print ($1 - 512)"M" - }}') + size=$(lsblk -lno SIZE $device | + awk 'NR == 1 { + if ($1 ~ "G") { + sub(/G/, ""); print ($1 * 1000 - 512) / 1000"G" + } else { + sub(/M/, ""); print ($1 - 512)"M" + } + }') local msg="$_PartBody2" - local newtable="gpt"; local format="fat32"; + local table="gpt" + local fs="fat32"; + if [[ $SYS == 'BIOS' ]]; then msg="$(sed 's|vfat/fat32|ext4|' <<< "$msg")" - newtable="msdos" - format="ext4" + table="msdos" + fs="ext4" fi # confirm or bail yesno "$_PrepParts" "$_PartBody1 $device $msg ($size)$_PartBody3" || return 0 - infobox "$_PrepParts" "\nRemoving existing partitions on $device and setting partition table to $newtable\n" 1 + infobox "$_PrepParts" "\nRemoving existing partitions on $device and setting partition table to $table\n" 1 swapoff -a # in case the device was previously used for swap @@ -224,15 +228,15 @@ auto_partition() parted -s $device rm $i >/dev/null 2>&1 done - if [[ $(awk '/Table:/ {print $3}' <<< "$dev_info") != "$newtable" ]]; then - parted -s $device mklabel $newtable >/dev/null 2>&1 + if [[ $(awk '/Table:/ {print $3}' <<< "$dev_info") != "$table" ]]; then + parted -s $device mklabel $table >/dev/null 2>&1 fi - infobox "$_PrepParts" "\nCreating a 512M $format boot partition.\n" 1 + infobox "$_PrepParts" "\nCreating a 512M $fs boot partition.\n" 1 if [[ $SYS == "BIOS" ]]; then - parted -s $device mkpart primary $format 1MiB 513MiB >/dev/null 2>&1 + parted -s $device mkpart primary $fs 1MiB 513MiB >/dev/null 2>&1 else - parted -s $device mkpart ESP $format 1MiB 513MiB >/dev/null 2>&1 + parted -s $device mkpart ESP $fs 1MiB 513MiB >/dev/null 2>&1 fi sleep 0.1 @@ -274,6 +278,7 @@ mount_partition() confirm_mount $part "$mountp" || return 1 check_cryptlvm "$part" + return 0 } @@ -285,12 +290,18 @@ find_partitions() # string of partitions as /TYPE/PART SIZE if [[ $IGNORE_DEV != "" ]]; then PARTS="$(lsblk -lno TYPE,NAME,SIZE | - awk "/$str/"' && !'"/$IGNORE_DEV/"' {sub(/^part/, "/dev/"); - sub(/^lvm|^crypt/, "/dev/mapper/"); print $1$2 " " $3}')" + awk "/$str/"' && !'"/$IGNORE_DEV/"' { + sub(/^part/, "/dev/"); + sub(/^lvm|^crypt/, "/dev/mapper/") + print $1$2 " " $3 + }')" else PARTS="$(lsblk -lno TYPE,NAME,SIZE | - awk "/$str/"' {sub(/^part/, "/dev/") sub(/^lvm|^crypt/, "/dev/mapper/") - print $1$2 " " $3}')" + awk "/$str/"' { + sub(/^part/, "/dev/") + sub(/^lvm|^crypt/, "/dev/mapper/") + print $1$2 " " $3 + }')" fi # number of partitions total @@ -308,18 +319,25 @@ find_partitions() msgbox "$_ErrTitle" "$err" return 1 fi + return 0 } setup_boot_device() { - [[ $BOOT_PART = /dev/nvme* ]] && BOOT_DEVICE="${BOOT_PART%p[1-9]}" || + if [[ $BOOT_PART = /dev/nvme* ]]; then + BOOT_DEVICE="${BOOT_PART%p[1-9]}" + else BOOT_DEVICE="${BOOT_PART%[1-9]}" + fi + BOOT_PART_NUM="${BOOT_PART: -1}" - parted -s $BOOT_DEVICE set $BOOT_PART_NUM boot on >/dev/null 2>&1 if [[ $SYS == 'UEFI' ]]; then parted -s $BOOT_DEVICE set $BOOT_PART_NUM esp on >/dev/null 2>&1 + else + parted -s $BOOT_DEVICE set $BOOT_PART_NUM boot on >/dev/null 2>&1 fi + return 0 } diff --git a/src/lib/utils.sh b/src/lib/utils.sh index b74129b..871c59e 100644 --- a/src/lib/utils.sh +++ b/src/lib/utils.sh @@ -18,7 +18,8 @@ json() { # get a value from http://api.ipstack.com in json format using my API key # this includes: ip, geolocation, country name - curl -s "http://api.ipstack.com/$2" | python3 -c "import sys, json; print(json.load(sys.stdin)['$1'])" + curl -s "http://api.ipstack.com/$2" | + python3 -c "import sys, json; print(json.load(sys.stdin)['$1'])" } src() @@ -42,18 +43,14 @@ die() local exitcode=0 (( $# == 0 )) || exitcode=$1 tput cnorm - if [[ -d $MNT ]] && cd; then - # use `fuser` to kill processes using the mounted directory before umounting it - fuser -km $MNT + if [[ -d $MNT ]] && command cd /; then umount_dir $MNT - - # when passed 127 as the exit code, kill the loop mount to avoid hangups and reboot the system - if [[ $exitcode -eq 127 ]]; then - fuser -km /run/archiso/bootmnt - umount -l /run/archiso/bootmnt + if (( exitcode == 127 )); then + # umount -l /run/archiso/bootmnt systemctl -i reboot fi fi + rm -fv /tmp/.ai_* exit $exitcode } @@ -200,6 +197,7 @@ echeck() else yesno "$_ErrTitle" "$msg" "Exit" "Ignore & Continue" && die fi + return 0 }