Simplify password handling, better naming for a few functions

This commit is contained in:
natemaia 2018-12-13 02:26:00 -08:00
parent 04c4441fc5
commit ba91ed8b79
10 changed files with 170 additions and 163 deletions

View File

@ -1,16 +1,18 @@
# ArchLabs Installer # ArchLabs Installer
#### Features #### Features
- Simple, easy to follow configuration. - LUKS/LVM
- Automatic partitioning for whole devices. - Basic setup
- Translations for different languages. - 10 languages
- No input halts during install. - Auto partition
- Support for LUKS and/or LVM. - Package selection
- Built-in error detection. - Error detection
- Written entirely in Bash - Written in Bash
- Fast Install on fast hardware _(~6min)_ - Fast Install _(~6min)_
#### Requirements #### Requirements
- Network connection.
- `rsync` for unpacking the squashfs. - `rsync` for unpacking the squashfs.
- `dialog` for all user input/output. - `dialog` for all user input/output.
- `vim` for editing files post install. - `vim` for editing files post install.
@ -18,22 +20,15 @@
- `wipe` for the secure wipe. - `wipe` for the secure wipe.
- `arch-chroot` to perform operations in a chroot. - `arch-chroot` to perform operations in a chroot.
- `chpasswd` to set root and user passwords. - `chpasswd` to set root and user passwords.
- `openssl` to encrypt passwords. - `awk` `sed` `grep` `uniq` `sort` `find` `ping` `mkfs` `lsblk` `curl`
- Basic unix tool set: `awk` `sed` `grep` `uniq` `sort` `find` `ping` `mkfs` `lsblk` `curl`.
- Network connection is needed to install packages and update the system.
#### Manual Installation #### Manual Installation
- curl
``` ```
sh -c "$(curl -fsSL https://bitbucket.org/archlabslinux/installer/raw/master/install.sh)" sh -c "$(curl -fsSL https://bitbucket.org/archlabslinux/installer/raw/master/install.sh)"
``` ```
- wget - A packaged version can also be found in our repos:
```
sh -c "$(wget https://bitbucket.org/archlabslinux/installer/raw/master/install.sh -O -)"
```
- Pre-built packages can be found in our repos:
[stable](https://bitbucket.org/archlabslinux/archlabs_repo/src/master/x86_64/) [stable](https://bitbucket.org/archlabslinux/archlabs_repo/src/master/x86_64/)
[unstable](https://bitbucket.org/archlabslinux/archlabs_unstable/src/master/x86_64/) [unstable](https://bitbucket.org/archlabslinux/archlabs_unstable/src/master/x86_64/)

View File

@ -1,17 +1,16 @@
#!/bin/bash #!/bin/bash
hash git >/dev/null 2>&1 || { echo "This requires git installed"; exit 1; } hash git >/dev/null 2>&1 || { printf "This requires git installed\n"; exit 1; }
git clone --depth=1 https://bitbucket.org/archlabslinux/installer git clone --depth=1 https://bitbucket.org/archlabslinux/installer
echo printf "\nRoot access is needed to continue\n\n"
echo "Root access is needed to continue"
echo sudo mkdir -p /usr/share/archlabs/installer/{lang,lib,docs}
sudo mkdir -p /usr/share/archlabs/installer/lang
sudo mkdir -p /usr/share/archlabs/installer/lib
sudo mkdir -p /usr/share/archlabs/installer/docs
sudo cp -fv installer/src/archlabs-installer /usr/bin/ sudo cp -fv installer/src/archlabs-installer /usr/bin/
sudo cp -fv installer/src/lib/*.sh /usr/share/archlabs/installer/lib/ sudo cp -fv installer/src/lib/*.sh /usr/share/archlabs/installer/lib/
sudo cp -fv installer/lang/*.trans /usr/share/archlabs/installer/lang/ sudo cp -fv installer/lang/*.trans /usr/share/archlabs/installer/lang/
sudo cp -fv installer/{LICENSE,README.md} /usr/share/archlabs/installer/docs/ sudo cp -fv installer/{LICENSE,README.md} /usr/share/archlabs/installer/docs/
echo
echo "Install complete" printf "\nInstall complete\n"

View File

@ -10,9 +10,9 @@
# immutable globals # immutable globals
readonly VER="1.7.25" # Installer version readonly VER="1.7.27" # Installer version
readonly DIST="ArchLabs" # Linux distributor readonly DIST="ArchLabs" # Linux distributor
readonly MNT="/mnt/install" # Install mountpoint readonly MNT="/mnt" # Install mountpoint
readonly ERR="/tmp/errlog" # Built-in error log readonly ERR="/tmp/errlog" # Built-in error log
readonly DBG="/tmp/debuglog" # Built-in error log readonly DBG="/tmp/debuglog" # Built-in error log
@ -53,9 +53,9 @@ main()
2) partition || SELECTED=1 ;; 2) partition || SELECTED=1 ;;
3) luks_menu || SELECTED=2 ;; 3) luks_menu || SELECTED=2 ;;
4) lvm_menu || SELECTED=3 ;; 4) lvm_menu || SELECTED=3 ;;
5) mount_install_partitions || SELECTED=4 ;; 5) select_partitions || SELECTED=4 ;;
6) configure_system_settings || SELECTED=5 ;; 6) configure_settings || SELECTED=5 ;;
7) display_system_settings ;; 7) display_settings ;;
8) install ;; 8) install ;;
*) yesno "$_CloseInst" "$_CloseInstBody" "Exit" "Back" && die *) yesno "$_CloseInst" "$_CloseInstBody" "Exit" "Back" && die
esac esac

View File

@ -16,8 +16,11 @@ declare -Ag BCMDS=(
# readonly boot partition mount points for each bootloader # readonly boot partition mount points for each bootloader
declare -Agr BMNTS=( declare -Agr BMNTS=(
[UEFI-grub]="/boot/efi" [UEFI-systemd-boot]="/boot" [BIOS-grub]="/boot" [BIOS-grub]="/boot"
[BIOS-syslinux]="/boot" [UEFI-syslinux]="/boot" [UEFI-grub]="/boot/efi"
[BIOS-syslinux]="/boot"
[UEFI-syslinux]="/boot"
[UEFI-systemd-boot]="/boot"
) )
# readonly bootloader options with respective boot partition mountpoint # readonly bootloader options with respective boot partition mountpoint
@ -115,24 +118,26 @@ EOF
install_bootloader() install_bootloader()
{ {
# not an LVM we can use the UUID for booting otherwise use the partition label
if ! [[ $ROOT_PART =~ /dev/mapper ]]; then if ! [[ $ROOT_PART =~ /dev/mapper ]]; then
ROOT_PART_ID="UUID=$(blkid -s PARTUUID -o value $ROOT_PART)" ROOT_PART_ID="UUID=$(blkid -s PARTUUID -o value $ROOT_PART)"
else else
# for LVM we just use the partition label
ROOT_PART_ID="$ROOT_PART" ROOT_PART_ID="$ROOT_PART"
fi fi
# remove old UEFI boot entries # remove old UEFI boot entries
if [[ $SYS == 'UEFI' ]]; then if [[ $SYS == 'UEFI' ]]; then
find ${MNT}${BMNTS[$SYS-$BOOTLDR]}/EFI/ -maxdepth 1 -mindepth 1 \ find ${MNT}${BMNTS[$SYS-$BOOTLDR]}/EFI/ \
-name '[aA][rR][cC][hH][lL]abs' -type d -exec rm -rf '{}' \; >/dev/null 2>&1 -maxdepth 1 -mindepth 1 -name '[aA][rR][cC][hH][lL]abs' \
-type d -exec rm -rf '{}' \; >/dev/null 2>&1
fi fi
# sets up the bootloader configs and BCMD (boot command) # sets up the bootloader configs and BCMD (boot command)
prep_for_$BOOTLDR prep_for_$BOOTLDR
# install/setup the bootloader by running the BCMD (boot command) # install/setup the bootloader by running the BCMD (boot command)
chrun "${BCMDS[$BOOTLDR]}" # 2>$ERR printf "\nInstalling and setting up $BOOTLDR in ${BMNTS[$SYS-$BOOTLDR]}\n\n"
chrun "${BCMDS[$BOOTLDR]}"
echeck "${BCMDS[$BOOTLDR]}" echeck "${BCMDS[$BOOTLDR]}"
# copy efi stub to generic catch all # copy efi stub to generic catch all
@ -148,22 +153,24 @@ uefi_boot_fallback()
local esp="${MNT}${BMNTS[$SYS-$BOOTLDR]}" local esp="${MNT}${BMNTS[$SYS-$BOOTLDR]}"
local default="Boot" local default="Boot"
default="$(find $esp/EFI/ -maxdepth 1 -mindepth 1 -name '[Bb][oO][oO][tT]' -type d)" default="$(find $esp/EFI/ -maxdepth 1 -mindepth 1 \
-name '[Bb][oO][oO][tT]' -type d)"
[[ $default ]] && default="$(basename $default)" [[ $default ]] && default="$(basename $default)"
# directory exists: remove everything inside, otherwise mkdir it if [[ -d $esp/EFI/$default ]]; then
[[ -d $esp/EFI/$default ]] && rm -rf $esp/EFI/$default/* || mkdir -p $esp/EFI/$default rm -rf $esp/EFI/$default/*
else
mkdir -p $esp/EFI/$default
fi
# copy efi stub to the new default location
if [[ $BOOTLDR == 'syslinux' ]]; then if [[ $BOOTLDR == 'syslinux' ]]; then
# syslinux requires the whole boot setup be copied, not just the stub
cp -rf $esp/EFI/syslinux/* $esp/EFI/$default/ cp -rf $esp/EFI/syslinux/* $esp/EFI/$default/
cp -f $esp/EFI/syslinux/syslinux.efi $esp/EFI/$default/bootx64.efi cp -f $esp/EFI/syslinux/syslinux.efi $esp/EFI/$default/bootx64.efi
elif [[ $BOOTLDR == 'grub' && $IS_64BIT == true ]]; then
cp -f $esp/EFI/$DIST/grubx64.efi $esp/EFI/$default/bootx64.efi
elif [[ $BOOTLDR == 'grub' ]]; then elif [[ $BOOTLDR == 'grub' ]]; then
# grub uses different names for the stub depending on architecture cp -f $esp/EFI/$DIST/grubia32.efi $esp/EFI/$default/bootia32.efi
local ext="ia32"
[[ $IS_64BIT == true ]] && ext="x64"
cp -f $esp/EFI/$DIST/grub${ext}.efi $esp/EFI/$default/boot${ext}.efi
fi fi
return 0 return 0
} }

View File

@ -50,11 +50,11 @@ declare -gA WM_SESSIONS=(
# additional packages installed for the given window manager # additional packages installed for the given window manager
declare -gA WM_EXT=( declare -gA WM_EXT=(
[bspwm]="sxhkd libmpdclient jsoncpp archlabs-screenlock archlabs-polybar rofi" [bspwm]="sxhkd libmpdclient archlabs-skel-bspwm jsoncpp archlabs-screenlock archlabs-polybar rofi"
[gnome]="gnome-extra" [gnome]="gnome-extra"
[i3-gaps]="i3status perl-anyevent-i3 libmpdclient jsoncpp archlabs-screenlock archlabs-polybar rofi" [i3-gaps]="i3status perl-anyevent-i3 libmpdclient archlabs-skel-i3-gaps jsoncpp archlabs-screenlock archlabs-polybar rofi"
[xfce4]="xfce4-goodies xfce4-pulseaudio-plugin" [xfce4]="xfce4-goodies xfce4-pulseaudio-plugin archlabs-skel-xfce4"
[openbox]="archlabs-obkey obconf archlabs-kickshaw tint2 archlabs-oblogout jgmenu tint2 archlabs-skippy-xd conky thunar termite libmpdclient jsoncpp archlabs-screenlock archlabs-paranoid archlabs-polybar rofi" [openbox]="archlabs-obkey obconf archlabs-kickshaw tint2 archlabs-oblogout jgmenu archlabs-skel-openbox tint2 archlabs-skippy-xd conky thunar termite libmpdclient jsoncpp archlabs-screenlock archlabs-paranoid archlabs-polybar rofi zenity"
) )
# files the user can edit during the final stage of install # files the user can edit during the final stage of install
@ -186,6 +186,7 @@ user_creation()
{ {
tput cnorm tput cnorm
local values local values
if ! values="$(dialog --stdout --no-cancel --separator '~' \ if ! values="$(dialog --stdout --no-cancel --separator '~' \
--ok-label "Submit" --backtitle "$BT" --title " $_UserTitle " \ --ok-label "Submit" --backtitle "$BT" --title " $_UserTitle " \
--insecure --mixedform "$_UserBody" 27 75 10 \ --insecure --mixedform "$_UserBody" 27 75 10 \
@ -194,42 +195,28 @@ user_creation()
"$_Password2" 3 1 "" 3 $((${#_Password2} + 2)) 71 0 1 \ "$_Password2" 3 1 "" 3 $((${#_Password2} + 2)) 71 0 1 \
"$_RootBody" 6 1 "" 6 $((${#_RootBody} + 1)) 71 0 2 \ "$_RootBody" 6 1 "" 6 $((${#_RootBody} + 1)) 71 0 2 \
"$_Password" 8 1 "" 8 $((${#_Password} + 2)) 71 0 1 \ "$_Password" 8 1 "" 8 $((${#_Password} + 2)) 71 0 1 \
"$_Password2" 9 1 "" 9 $((${#_Password2} + 2)) 71 0 1 | "$_Password2" 9 1 "" 9 $((${#_Password2} + 2)) 71 0 1)"; then
openssl enc -pbkdf2 -a -salt -pass pass:$SALT)"; then
return 1 return 1
fi fi
# username doesn't need to be re-encrypted
local user local user
user="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | user="$(awk -F'~' '{print $1}' <<< "$values")"
awk -F'~' '{print $1}')"
# all of this is a bit hacky, but we don't ever want the passwords to be stored in plain text
# so it decrypts the string '$values', gets the field we want, and re-encrypts it
local pass pass2 local pass pass2
pass="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | pass="$(awk -F'~' '{print $2}' <<< "$values")"
awk -F'~' '{print $2}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)" pass2="$(awk -F'~' '{print $3}' <<< "$values")"
pass2="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" |
awk -F'~' '{print $3}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)"
local rpass rpass2 local rpass rpass2
rpass="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | rpass="$(awk -F'~' '{print $5}' <<< "$values")"
awk -F'~' '{print $5}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)" rpass2="$(awk -F'~' '{print $6}' <<< "$values")"
rpass2="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" |
awk -F'~' '{print $6}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)"
# due to encrypting the string, when empty, once encrypted it wont be empty
local empty
empty="$(openssl enc -pbkdf2 -a -salt -pass pass:$SALT <<< "")"
# both root passwords are empty, so use the user passwords instead # both root passwords are empty, so use the user passwords instead
[[ $rpass == "$empty" && $rpass2 == "$empty" ]] && { rpass="$pass"; rpass2="$pass2"; } [[ $rpass == "" && $rpass2 == "" ]] && { rpass="$pass"; rpass2="$pass2"; }
# make sure a username was entered and that the passwords match # make sure a username was entered and that the passwords match
if [[ ${#user} -eq 0 || $user =~ \ |\' || $user =~ [^a-z0-9] || $pass == "$empty" || "$pass" != "$pass2" || "$rpass" != "$rpass2" ]]; then if [[ ${#user} -eq 0 || $user =~ \ |\' || $user =~ [^a-z0-9] || $pass == "" || "$pass" != "$pass2" || "$rpass" != "$rpass2" ]]; then
if [[ $pass == "$empty" || "$pass" != "$pass2" || "$rpass" != "$rpass2" ]]; then if [[ $pass == "" || "$pass" != "$pass2" || "$rpass" != "$rpass2" ]]; then
# password was left empty or doesn't match # password was left empty or doesn't match
if [[ $pass == "$empty" ]]; then if [[ $pass == "" ]]; then
msgbox "$_ErrTitle" "\nUser password CANNOT be left empty.\n$_TryAgain" msgbox "$_ErrTitle" "\nUser password CANNOT be left empty.\n$_TryAgain"
elif [[ "$rpass" != "$rpass2" ]]; then elif [[ "$rpass" != "$rpass2" ]]; then
msgbox "$_ErrTitle" "$_RootPassErr\n$_TryAgain" msgbox "$_ErrTitle" "$_RootPassErr\n$_TryAgain"
@ -470,7 +457,7 @@ select_mirrorcmd()
return 0 return 0
} }
display_system_settings() display_settings()
{ {
local cmd mnt pkgs local cmd mnt pkgs
cmd="${BCMDS[$BOOTLDR]}" cmd="${BCMDS[$BOOTLDR]}"
@ -525,7 +512,7 @@ display_system_settings()
" "
} }
configure_system_settings() configure_settings()
{ {
tput cnorm tput cnorm
if ! HOSTNAME="$(getinput "$_ConfHost" "$_HostNameBody" "${DIST,,}")"; then if ! HOSTNAME="$(getinput "$_ConfHost" "$_HostNameBody" "${DIST,,}")"; then
@ -549,17 +536,18 @@ configure_system_settings()
return 1 return 1
fi fi
select_mirrorcmd || return 1
yesno "$_DevelTitle" "$_DevelBody" && BASEDEV=true || BASEDEV=false yesno "$_DevelTitle" "$_DevelBody" && BASEDEV=true || BASEDEV=false
select_wm_or_de || return 1 select_wm_or_de || return 1
select_packages || return 1 select_packages || return 1
select_mirrorcmd || return 1
export CONFIG_DONE=true export CONFIG_DONE=true
return 0 return 0
} }
edit_system_configs() edit_configs()
{ {
if [[ $CURRENT_MENU != "edit" ]]; then if [[ $CURRENT_MENU != "edit" ]]; then
SELECTED=1; CURRENT_MENU="edit" SELECTED=1; CURRENT_MENU="edit"
@ -578,7 +566,7 @@ edit_system_configs()
"9" "${BOOTLDR^}" "10" "Pacman.conf" "11" "${LOGIN_TYPE^}") "9" "${BOOTLDR^}" "10" "Pacman.conf" "11" "${LOGIN_TYPE^}")
if [[ ! $SELECTED || $SELECTED -eq 1 ]]; then if [[ ! $SELECTED || $SELECTED -eq 1 ]]; then
[[ $DEBUG == true && -r $DBG ]] && more $DBG [[ $DEBUG == true && -r $DBG ]] && vim $DBG
# when die() is passed 127 as the exit code it will issue `systemctl -i reboot` # when die() is passed 127 as the exit code it will issue `systemctl -i reboot`
die 127 die 127
else else

View File

@ -23,13 +23,12 @@ install()
oneshot install_base oneshot install_base
# generate /etc/fstab and touch it up if we used a swapfile # generate /etc/fstab and touch it up if we used a swapfile
echo printf "\n\n"
genfstab -U $MNT > $MNT/etc/fstab 2>$ERR genfstab -U $MNT > $MNT/etc/fstab 2>$ERR
echeck "genfstab -U $MNT > $MNT/etc/fstab" echeck "genfstab -U $MNT > $MNT/etc/fstab"
[[ -f $MNT/swapfile ]] && sed -i "s~${MNT}~~" $MNT/etc/fstab [[ -f $MNT/swapfile ]] && sed -i "s~${MNT}~~" $MNT/etc/fstab
# update the mirrorlist.. MUST be done before updating or it may be slow # update the mirrorlist.. MUST be done before updating or it may be slow
# this may already have been done if
oneshot mirrorlist_sort oneshot mirrorlist_sort
# MUST be before bootloader and running mkinitcpio # MUST be before bootloader and running mkinitcpio
@ -50,28 +49,30 @@ install()
oneshot login_manager oneshot login_manager
# drop off the user at the config editing menu # drop off the user at the config editing menu
edit_system_configs edit_configs
} }
install_base() install_base()
{ {
# compressed image? # compressed image?
if [[ -e /run/archiso/sfs/airootfs/ ]]; then if [[ -e /run/archiso/sfs/airootfs/etc/skel ]]; then
printf "\nUnpacking base system --- Total: ~ 2.7G\n\n" printf "\n\nUnpacking base system --- Total: ~ 2.7G\n\n"
rsync -ah --info=progress2 /run/archiso/sfs/airootfs/ $MNT/ rsync -ah --info=progress2 /run/archiso/sfs/airootfs/ $MNT/
else else
# update the mirrorlist.. MUST be done before pacstrapping or it may be slow # update the mirrorlist.. MUST be done before pacstrapping or it may be slow
oneshot mirrorlist_sort oneshot mirrorlist_sort
printf "\nPacstrapping the base system.\n\n" printf "\nPacstrapping the base system.\n\n"
local vmpkgs
if [[ $VM && $KERNEL == 'linux-lts' ]]; then
vmpkgs="virtualbox-guest-utils virtualbox-guest-dkms linux-lts-headers"
elif [[ $VM && $KERNEL == 'linux' ]]; then
vmpkgs="virtualbox-guest-utils virtualbox-guest-modules-arch"
fi
local packages local packages
packages="$(grep -hv '^#' /usr/share/archlabs/installer/packages.txt)" packages="$(grep -hv '^#' /usr/share/archlabs/installer/packages.txt)"
local vmpkgs=""
if [[ $VM ]]; then
vmpkgs="virtualbox-guest-utils"
[[ $KERNEL == 'linux-lts' ]] &&
vmpkgs+=" virtualbox-guest-dkms linux-lts-headers" || vmpkgs+=" virtualbox-guest-modules-arch"
fi
pacstrap $MNT base $KERNEL $UCODE $packages $vmpkgs pacstrap $MNT base $KERNEL $UCODE $packages $vmpkgs
fi fi
@ -176,7 +177,7 @@ EOF
create_user() create_user()
{ {
# set root password # set root password
chrun "chpasswd <<< 'root:$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$ROOT_PASS")'" chrun "chpasswd <<< 'root:$ROOT_PASS'"
local groups='audio,autologin,floppy,log,network,rfkill,scanner,storage,optical,power,wheel' local groups='audio,autologin,floppy,log,network,rfkill,scanner,storage,optical,power,wheel'
@ -185,7 +186,7 @@ create_user()
# Create the user, set password, and make sure the ownership of ~/ is correct # Create the user, set password, and make sure the ownership of ~/ is correct
chrun "useradd -m -u 1000 -g users -G $groups -s $MYSHELL $NEWUSER" 2>$ERR chrun "useradd -m -u 1000 -g users -G $groups -s $MYSHELL $NEWUSER" 2>$ERR
chrun "chpasswd <<< '$NEWUSER:$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$USER_PASS")'" chrun "chpasswd <<< '$NEWUSER:$USER_PASS'"
chrun "chown -Rf $NEWUSER:users /home/$NEWUSER" chrun "chown -Rf $NEWUSER:users /home/$NEWUSER"
# remove configs for window managers that were never installed # remove configs for window managers that were never installed

View File

@ -37,7 +37,7 @@ luks_open()
luks_pass "$_LuksOpen" "$LUKS_NAME" || return 1 luks_pass "$_LuksOpen" "$LUKS_NAME" || return 1
infobox "$_LuksOpen" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0 infobox "$_LuksOpen" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0
cryptsetup open --type luks $LUKS_PART "$LUKS_NAME" <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR cryptsetup open --type luks $LUKS_PART "$LUKS_NAME" <<< "$LUKS_PASS" 2>$ERR
echeck "cryptsetup open --type luks $LUKS_PART $LUKS_NAME" echeck "cryptsetup open --type luks $LUKS_PART $LUKS_NAME"
LUKS=' encrypted' LUKS=' encrypted'
@ -49,6 +49,7 @@ luks_pass()
{ {
local title="$1" local title="$1"
local name="$2" local name="$2"
local pass pass2
LUKS_PASS="" LUKS_PASS=""
LUKS_NAME="" LUKS_NAME=""
@ -58,27 +59,15 @@ luks_pass()
--title " $title " --insecure --mixedform "$_LuksOpenBody" 16 75 4 \ --title " $title " --insecure --mixedform "$_LuksOpenBody" 16 75 4 \
"$_Name" 1 1 "$name" 1 $((${#_Name} + 2)) 71 0 0 \ "$_Name" 1 1 "$name" 1 $((${#_Name} + 2)) 71 0 0 \
"$_Password" 2 1 "" 2 $((${#_Password} + 2)) 71 0 1 \ "$_Password" 2 1 "" 2 $((${#_Password} + 2)) 71 0 1 \
"$_Password2" 3 1 "" 3 $((${#_Password2} + 2)) 71 0 1 | "$_Password2" 3 1 "" 3 $((${#_Password2} + 2)) 71 0 1)"; then
openssl enc -pbkdf2 -a -salt -pass pass:$SALT)"; then
return 1 return 1
fi fi
name="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" | name="$(awk -F'~' '{print $1}' <<< "$values")"
awk -F'~' '{print $1}')" pass="$(awk -F'~' '{print $2}' <<< "$values")"
pass2="$(awk -F'~' '{print $3}' <<< "$values")"
# all of this is a bit hacky, but we don't ever want the passwords to be stored in plain text if [[ $pass == "" || "$pass" != "$pass2" ]]; then
# so it decrypts the string '$values', gets the field we want, and re-encrypts it
local pass pass2
pass="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" |
awk -F'~' '{print $2}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)"
pass2="$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$values" |
awk -F'~' '{print $3}' | openssl enc -pbkdf2 -a -salt -pass pass:$SALT)"
# due to the encryption the string while encrypted will not be empty
local empty
empty="$(openssl enc -pbkdf2 -a -salt -pass pass:$SALT <<< "")"
if [[ $pass == "$empty" || "$pass" != "$pass2" ]]; then
msgbox "$_ErrTitle" "$_PassErr\n$_TryAgain" msgbox "$_ErrTitle" "$_PassErr\n$_TryAgain"
luks_pass "$title" "$name" || return 1 luks_pass "$title" "$name" || return 1
fi fi
@ -122,10 +111,10 @@ luks_default()
luks_setup || return 1 luks_setup || return 1
infobox "$_LuksEncrypt" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0 infobox "$_LuksEncrypt" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0
cryptsetup -q luksFormat $LUKS_PART <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR cryptsetup -q luksFormat $LUKS_PART <<< "$LUKS_PASS" 2>$ERR
echeck "cryptsetup -q luksFormat $LUKS_PART" echeck "cryptsetup -q luksFormat $LUKS_PART"
cryptsetup open $LUKS_PART "$LUKS_NAME" <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR cryptsetup open $LUKS_PART "$LUKS_NAME" <<< "$LUKS_PASS" 2>$ERR
echeck "cryptsetup open $LUKS_PART $LUKS_NAME" echeck "cryptsetup open $LUKS_PART $LUKS_NAME"
export LUKS=' encrypted' export LUKS=' encrypted'
@ -144,10 +133,10 @@ luks_keycmd()
infobox "$_LuksEncryptAdv" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0 infobox "$_LuksEncryptAdv" "$_LuksWaitBody $LUKS_NAME $_LuksWaitBody2 $LUKS_PART\n" 0
cryptsetup -q $cipher luksFormat $LUKS_PART <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR cryptsetup -q $cipher luksFormat $LUKS_PART <<< "$LUKS_PASS" 2>$ERR
echeck "cryptsetup -q $cipher luksFormat $LUKS_PART" echeck "cryptsetup -q $cipher luksFormat $LUKS_PART"
cryptsetup open $LUKS_PART "$LUKS_NAME" <<< "$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")" 2>$ERR cryptsetup open $LUKS_PART "$LUKS_NAME" <<< "$LUKS_PASS" 2>$ERR
echeck "cryptsetup open $LUKS_PART $LUKS_NAME" echeck "cryptsetup open $LUKS_PART $LUKS_NAME"
luks_show luks_show
@ -198,7 +187,7 @@ luks_keyfile()
local mkkey="dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin" local mkkey="dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin"
mkkey="$mkkey && chmod 000 /crypto_keyfile.bin" mkkey="$mkkey && chmod 000 /crypto_keyfile.bin"
mkkey="$mkkey && cryptsetup luksAddKey /dev/$n /crypto_keyfile.bin <<< '$(openssl enc -pbkdf2 -a -d -salt -pass pass:$SALT <<< "$LUKS_PASS")'" mkkey="$mkkey && cryptsetup luksAddKey /dev/$n /crypto_keyfile.bin <<< '$LUKS_PASS'"
chrun "$mkkey" chrun "$mkkey"
sed -i 's/FILES=()/FILES=(\/crypto_keyfile.bin)/g' $MNT/etc/mkinitcpio.conf 2>$ERR sed -i 's/FILES=()/FILES=(\/crypto_keyfile.bin)/g' $MNT/etc/mkinitcpio.conf 2>$ERR

View File

@ -9,11 +9,15 @@
# shellcheck disable=2154,2153,2046 # shellcheck disable=2154,2153,2046
readonly SYS_MEM="$(awk '/MemTotal/ {print int($2 / 1024)"M"}' /proc/meminfo)" readonly SYS_MEM="$(awk '/MemTotal/ {print int($2 / 1024)"M"}' /proc/meminfo)"
readonly SALT="$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)" readonly LOCALES="$(awk '/\.UTF-8/ { gsub(/# .*|#/, "")
readonly LOCALES="$(awk '/\.UTF-8/ {gsub(/# .*|#/, ""); if($1) print $1 " -"}' /etc/locale.gen)" if ($1) {
readonly CMAPS="$(find /usr/share/kbd/keymaps -name '*.map.gz' | awk '{gsub(/\.map\.gz|.*\//, ""); print $1 " -"}')" print $1 " -"
}
}' /etc/locale.gen)"
readonly CMAPS="$(find /usr/share/kbd/keymaps -name '*.map.gz' |
awk '{gsub(/\.map\.gz|.*\//, ""); print $1 " -"}')"
mount_install_partitions() select_partitions()
{ {
# prepare partition list PARTS for dialog # prepare partition list PARTS for dialog
lvm_detect lvm_detect
@ -45,21 +49,25 @@ select_swap()
# Ask user to select partition or create swapfile # Ask user to select partition or create swapfile
tput civis tput civis
if ! SWAP_PART="$(menubox "$_SelSwpSetup" "$_SelSwpBody" 0 0 0 \ if ! SWAP_PART="$(menubox "$_SelSwpSetup" "$_SelSwpBody" 0 0 0 \
"$_SelSwpNone" "-" "$_SelSwpFile" "$SYS_MEM" $PARTS)" || [[ $SWAP_PART == "$_SelSwpNone" ]]; then "$_SelSwpNone" "-" "$_SelSwpFile" "$SYS_MEM" $PARTS)" ||
SWAP_PART=""; return 0 [[ $SWAP_PART == "$_SelSwpNone" ]]; then
SWAP_PART=""
return 0
fi fi
if [[ $SWAP_PART == "$_SelSwpFile" ]]; then if [[ $SWAP_PART == "$_SelSwpFile" ]]; then
tput cnorm tput cnorm
if ! SWAP_SIZE="$(getinput "$_SelSwpSetup" "$_SelSwpSize" "$SYS_MEM")"; then local i=0
SWAP_PART=""; SWAP_SIZE=""; return 0
fi
while ! [[ ${SWAP_SIZE:0:1} =~ [1-9] && ${SWAP_SIZE: -1} =~ (M|G) ]]; do while ! [[ ${SWAP_SIZE:0:1} =~ [1-9] && ${SWAP_SIZE: -1} =~ (M|G) ]]; do
msgbox "$_SelSwpSetup Error" "\n$_SelSwpErr $SWAP_SIZE\n" (( i > 0 )) && msgbox "$_SelSwpSetup Error" "\n$_SelSwpErr $SWAP_SIZE\n"
if ! SWAP_SIZE="$(getinput "$_SelSwpSetup" "$_SelSwpSize" "$SYS_MEM")"; then if ! SWAP_SIZE="$(getinput "$_SelSwpSetup" "$_SelSwpSize" "$SYS_MEM")"; then
SWAP_PART=""; SWAP_SIZE=""; break; return 0 SWAP_PART=""
SWAP_SIZE=""
break
return 0
fi fi
((i++))
done done
enable_swap "$MNT/swapfile" enable_swap "$MNT/swapfile"
@ -119,7 +127,7 @@ select_boot_setup()
if [[ $SYS == 'UEFI' ]]; then if [[ $SYS == 'UEFI' ]]; then
local ttype="i386-efi" local ttype="i386-efi"
[[ $IS_64BIT == true ]] && ttype='x86_64-efi' [[ $IS_64BIT == true ]] && ttype='x86_64-efi'
BCMDS[grub]+=" --target=$ttype --bootloader-id=$DIST" BCMDS[grub]+=" --target=$ttype --efi-directory=${BMNTS[$SYS-$BOOTLDR]} --bootloader-id=$DIST"
else else
BCMDS[grub]+=" --target=i386-pc $BOOT_DEVICE" BCMDS[grub]+=" --target=i386-pc $BOOT_DEVICE"
fi fi
@ -129,10 +137,13 @@ select_boot_setup()
if [[ $BOOT_PART != "" ]]; then if [[ $BOOT_PART != "" ]]; then
infobox "$_PrepMount" "\nSetting up for the bootloader and mounting the boot partition.\n" 1 infobox "$_PrepMount" "\nSetting up for the bootloader and mounting the boot partition.\n" 1
setup_boot_device setup_boot_device
mount_partition "$BOOT_PART" "${BMNTS[$SYS-$BOOTLDR]}" || if ! mount_partition "$BOOT_PART" "${BMNTS[$SYS-$BOOTLDR]}"; then
{ src /usr/share/archlabs/installer/lib/boot.sh ; return 1; } src /usr/share/archlabs/installer/lib/boot.sh
return 1
fi
export SEPERATE_BOOT=true export SEPERATE_BOOT=true
fi fi
return 0 return 0
} }
@ -271,5 +282,6 @@ select_extra_partitions()
# if the mountpoint was /usr add 'usr' to MKINIT_HOOKS # if the mountpoint was /usr add 'usr' to MKINIT_HOOKS
[[ $EXTRA_MNT == "/usr" && $MKINIT_HOOKS != *usr* ]] && MKINIT_HOOKS="usr $MKINIT_HOOKS" [[ $EXTRA_MNT == "/usr" && $MKINIT_HOOKS != *usr* ]] && MKINIT_HOOKS="usr $MKINIT_HOOKS"
done done
return 0 return 0
} }

View File

@ -194,24 +194,28 @@ auto_partition()
{ {
local device="$1" local device="$1"
local size local size
size=$(lsblk -lno SIZE $device | awk 'NR == 1 { size=$(lsblk -lno SIZE $device |
awk 'NR == 1 {
if ($1 ~ "G") { if ($1 ~ "G") {
sub(/G/, ""); print ($1 * 1000 - 512) / 1000"G" sub(/G/, ""); print ($1 * 1000 - 512) / 1000"G"
} else { } else {
sub(/M/, ""); print ($1 - 512)"M" sub(/M/, ""); print ($1 - 512)"M"
}}') }
}')
local msg="$_PartBody2" local msg="$_PartBody2"
local newtable="gpt"; local format="fat32"; local table="gpt"
local fs="fat32";
if [[ $SYS == 'BIOS' ]]; then if [[ $SYS == 'BIOS' ]]; then
msg="$(sed 's|vfat/fat32|ext4|' <<< "$msg")" msg="$(sed 's|vfat/fat32|ext4|' <<< "$msg")"
newtable="msdos" table="msdos"
format="ext4" fs="ext4"
fi fi
# confirm or bail # confirm or bail
yesno "$_PrepParts" "$_PartBody1 $device $msg ($size)$_PartBody3" || return 0 yesno "$_PrepParts" "$_PartBody1 $device $msg ($size)$_PartBody3" || return 0
infobox "$_PrepParts" "\nRemoving existing partitions on $device and setting partition table to $newtable\n" 1 infobox "$_PrepParts" "\nRemoving existing partitions on $device and setting partition table to $table\n" 1
swapoff -a # in case the device was previously used for swap swapoff -a # in case the device was previously used for swap
@ -224,15 +228,15 @@ auto_partition()
parted -s $device rm $i >/dev/null 2>&1 parted -s $device rm $i >/dev/null 2>&1
done done
if [[ $(awk '/Table:/ {print $3}' <<< "$dev_info") != "$newtable" ]]; then if [[ $(awk '/Table:/ {print $3}' <<< "$dev_info") != "$table" ]]; then
parted -s $device mklabel $newtable >/dev/null 2>&1 parted -s $device mklabel $table >/dev/null 2>&1
fi fi
infobox "$_PrepParts" "\nCreating a 512M $format boot partition.\n" 1 infobox "$_PrepParts" "\nCreating a 512M $fs boot partition.\n" 1
if [[ $SYS == "BIOS" ]]; then if [[ $SYS == "BIOS" ]]; then
parted -s $device mkpart primary $format 1MiB 513MiB >/dev/null 2>&1 parted -s $device mkpart primary $fs 1MiB 513MiB >/dev/null 2>&1
else else
parted -s $device mkpart ESP $format 1MiB 513MiB >/dev/null 2>&1 parted -s $device mkpart ESP $fs 1MiB 513MiB >/dev/null 2>&1
fi fi
sleep 0.1 sleep 0.1
@ -274,6 +278,7 @@ mount_partition()
confirm_mount $part "$mountp" || return 1 confirm_mount $part "$mountp" || return 1
check_cryptlvm "$part" check_cryptlvm "$part"
return 0 return 0
} }
@ -285,12 +290,18 @@ find_partitions()
# string of partitions as /TYPE/PART SIZE # string of partitions as /TYPE/PART SIZE
if [[ $IGNORE_DEV != "" ]]; then if [[ $IGNORE_DEV != "" ]]; then
PARTS="$(lsblk -lno TYPE,NAME,SIZE | PARTS="$(lsblk -lno TYPE,NAME,SIZE |
awk "/$str/"' && !'"/$IGNORE_DEV/"' {sub(/^part/, "/dev/"); awk "/$str/"' && !'"/$IGNORE_DEV/"' {
sub(/^lvm|^crypt/, "/dev/mapper/"); print $1$2 " " $3}')" sub(/^part/, "/dev/");
sub(/^lvm|^crypt/, "/dev/mapper/")
print $1$2 " " $3
}')"
else else
PARTS="$(lsblk -lno TYPE,NAME,SIZE | PARTS="$(lsblk -lno TYPE,NAME,SIZE |
awk "/$str/"' {sub(/^part/, "/dev/") sub(/^lvm|^crypt/, "/dev/mapper/") awk "/$str/"' {
print $1$2 " " $3}')" sub(/^part/, "/dev/")
sub(/^lvm|^crypt/, "/dev/mapper/")
print $1$2 " " $3
}')"
fi fi
# number of partitions total # number of partitions total
@ -308,18 +319,25 @@ find_partitions()
msgbox "$_ErrTitle" "$err" msgbox "$_ErrTitle" "$err"
return 1 return 1
fi fi
return 0 return 0
} }
setup_boot_device() setup_boot_device()
{ {
[[ $BOOT_PART = /dev/nvme* ]] && BOOT_DEVICE="${BOOT_PART%p[1-9]}" || if [[ $BOOT_PART = /dev/nvme* ]]; then
BOOT_DEVICE="${BOOT_PART%p[1-9]}"
else
BOOT_DEVICE="${BOOT_PART%[1-9]}" BOOT_DEVICE="${BOOT_PART%[1-9]}"
fi
BOOT_PART_NUM="${BOOT_PART: -1}" BOOT_PART_NUM="${BOOT_PART: -1}"
parted -s $BOOT_DEVICE set $BOOT_PART_NUM boot on >/dev/null 2>&1
if [[ $SYS == 'UEFI' ]]; then if [[ $SYS == 'UEFI' ]]; then
parted -s $BOOT_DEVICE set $BOOT_PART_NUM esp on >/dev/null 2>&1 parted -s $BOOT_DEVICE set $BOOT_PART_NUM esp on >/dev/null 2>&1
else
parted -s $BOOT_DEVICE set $BOOT_PART_NUM boot on >/dev/null 2>&1
fi fi
return 0 return 0
} }

View File

@ -18,7 +18,8 @@ json()
{ {
# get a value from http://api.ipstack.com in json format using my API key # get a value from http://api.ipstack.com in json format using my API key
# this includes: ip, geolocation, country name # this includes: ip, geolocation, country name
curl -s "http://api.ipstack.com/$2" | python3 -c "import sys, json; print(json.load(sys.stdin)['$1'])" curl -s "http://api.ipstack.com/$2" |
python3 -c "import sys, json; print(json.load(sys.stdin)['$1'])"
} }
src() src()
@ -42,18 +43,14 @@ die()
local exitcode=0 local exitcode=0
(( $# == 0 )) || exitcode=$1 (( $# == 0 )) || exitcode=$1
tput cnorm tput cnorm
if [[ -d $MNT ]] && cd; then if [[ -d $MNT ]] && command cd /; then
# use `fuser` to kill processes using the mounted directory before umounting it
fuser -km $MNT
umount_dir $MNT umount_dir $MNT
if (( exitcode == 127 )); then
# when passed 127 as the exit code, kill the loop mount to avoid hangups and reboot the system # umount -l /run/archiso/bootmnt
if [[ $exitcode -eq 127 ]]; then
fuser -km /run/archiso/bootmnt
umount -l /run/archiso/bootmnt
systemctl -i reboot systemctl -i reboot
fi fi
fi fi
rm -fv /tmp/.ai_*
exit $exitcode exit $exitcode
} }
@ -200,6 +197,7 @@ echeck()
else else
yesno "$_ErrTitle" "$msg" "Exit" "Ignore & Continue" && die yesno "$_ErrTitle" "$msg" "Exit" "Ignore & Continue" && die
fi fi
return 0 return 0
} }