You are not logged in.

#51 2011-11-30 17:11:30

altercation
Member
From: Seattle
Registered: 2011-05-15
Posts: 135
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

the.ridikulus.rat wrote:
altercation wrote:
the.ridikulus.rat wrote:

Is there any way to detect whether a system in Apple Mac system or a normal UEFI 2.x system? efibootmgr will brick a Apple Mac system and should not be executed (may be even efivars not be loaded in Apple systems).

I've got plenty of macs to test on here, but for now I can stick a prominent note in the timeout period, perhaps changing that to a y/n.

If you have lots of maacs i guess you will be interested in https://bugzilla.redhat.com/show_bug.cgi?id=755093 , https://lists.gnu.org/archive/html/grub … 00123.html and http://bzr.savannah.gnu.org/lh/grub/bra … el/changes (grub2 upstream bzr mactel branch).

Also, what do you mean by brick? I'm assuming you mean that the efi will fail to locate the apple efi entry and that will need to be reset manually?

https://bugs.launchpad.net/efibootmgr/+ … mments=all . I don't know how severe it is since I don't use any Mac (not even PPC ones).

Thanks for the pointers. I had considered using refit as well, but until now haven't had any interest in dual booting my macs. They stick around for graphics work till GIMP catches up (if ever) to Photoshop's CMYK and other missing features.

If I have time over the coming days I'll give a mac install a spin.


Ethan Schoonover
Precision Colors - http://ethanschoonover.com/solarized

Offline

#52 2011-12-01 18:21:01

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

@altercation: Can you give the output of

sudo dmidecode -s bios-vendor
sudo dmidecode -s system-manufacturer
sudo dmidecode -s system-product-name
sudo dmidecode -s baseboard-manufacturer
sudo dmidecode -s baseboard-product-name
sudo dmidecode -s chassis-manufacturer

for different generations Macs that you have. May be 3 to 4 macs. I think this output can be used to detect Macs and prevent running of efibootmgr in such systems.

Last edited by the.ridikulus.rat (2011-12-01 18:21:17)

Offline

#53 2011-12-29 16:39:04

Fallback
Member
Registered: 2009-12-26
Posts: 21

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

I have modified the install script based on the System encryption using LUKS and GPG encrypted keys for arch linux Howto to use it with a UEFI system with gpg encrypted keyfile, that can be on a usb stick. 

I tested it on my HP EliteBook 8460p, unfortunately the efibootmgr isn't working because of a bios bug (F.08), so I have to copy grub.efi to the default HP OS manager path for automatic bootup.

Boot Archboot 2011.11-1 "2k11-R7" in EFI mode
exit installer
'km' for the right keymap 
mount a USB Stick with the files on /src and run the script

I also use a yubikey with static paraphrase + password for decrypting the gpg file, but that isn't relevant

Have fun smile

script:

#!/bin/bash

# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.

# prereqs:
# --------------------
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src

set -o nounset
#set -o errexit

# ------------------------------------------------------------------------
# Host specific configuration
# ------------------------------------------------------------------------
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=shadow
USERNAME=daniel

# ------------------------------------------------------------------------
# Globals
# ------------------------------------------------------------------------
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.

INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'

# ------------------------------------------------------------------------
# Functions
# ------------------------------------------------------------------------
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step 
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.

SetValue () { 
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
}

CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
}

UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
}

# ------------------------------------------------------------------------
# Initialize
# ------------------------------------------------------------------------
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
#     1. The Archboot installation image might have an out of date kernel
#	 (currently the case) which results in problems when chrooting
#	 into the install mount point to modprobe efivars. So we use the
#	 package snapshot on the Archboot media to ensure our kernel is
#	 the same as the one we booted with.
#     2. Ideally we'd source all local then, but some critical items,
#	 notably grub2-efi variants, aren't yet on the Archboot media.

# Warn
# ------------------------------------------------------------------------
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
	sleep 1
	let timer-=1
	echo -en "$timer seconds..."
done

echo "STARTING"

# Get Network
# ------------------------------------------------------------------------
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."

# Mount packages squashfs images
# ------------------------------------------------------------------------
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"

mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"

modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"

# Create temporary pacman.conf file
# ------------------------------------------------------------------------
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg

[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}

[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}

#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF

# Prepare pacman
# ------------------------------------------------------------------------
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy

# Install prereqs from network (not on archboot media)
# ------------------------------------------------------------------------
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg 

# ------------------------------------------------------------------------
# Configure Host
# ------------------------------------------------------------------------
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.

echo -e "format\n"

# shred -v /dev/sda

# disk prep
sgdisk -Z /dev/sda # zap all on disk
# sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
# sgdisk -a 2048 -o /dev/mmcb1k0

# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
# sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg 

# for testing purpose root.gpg is on the boot partition
# don't forget to change the paths in grub and cryptsetup when you use an other place 
# for example a USB Stick or a SD Card


# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
# sgdisk -t 1:0700 /dev/mmcb1k0

# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
# sgdisk -c 1:"Key" /dev/mmcb1k0

echo -e "remember every time you need the LUKS Keyfile you have to decrypt the gpg file with its passphrase, even when you open the partition \n"

echo -e "(your password)+(static yubikey password-[push]-)\n"

echo -e "create gpg file\n"

# create gpg file 
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg

echo -e "create LUKS partition for root\n"

# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3

echo -e "open root LUKS partition on /dev/mapper/root \n"

gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root


# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf


# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1

echo -e "mount targets\n"

# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot


# ------------------------------------------------------------------------
# Install base, necessary utilities
# ------------------------------------------------------------------------

mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64

# ------------------------------------------------------------------------
# Configure new system
# ------------------------------------------------------------------------
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf

# ------------------------------------------------------------------------
# write fstab
# ------------------------------------------------------------------------
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# 
# /etc/fstab: static file system information
#
# <file system>		<dir>	<type>	<options>		<dump>	<pass>
tmpfs			/tmp	tmpfs	nodev,nosuid		0	0
/dev/sda1		/boot	vfat	defaults		0	0 
/dev/mapper/cryptswap	none	swap	defaults		0	0 
/dev/mapper/root	/ 	ext4	defaults,noatime	0	1 
FSTAB_EOF

# write etwo 

mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/ 
cp /src/etwo_hooks /lib/initcpio/hooks/etwo 
cp /src/etwo_install /lib/initcpio/install/etwo 

mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/ 
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo 
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo 


# ------------------------------------------------------------------------
# write crypttab
# ------------------------------------------------------------------------
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab

# ------------------------------------------------------------------------
# copy configs we want to carry over to target from install environment
# ------------------------------------------------------------------------

mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf

mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf

# ------------------------------------------------------------------------
# mount proc, sys, dev in install root
# ------------------------------------------------------------------------

mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev

echo -e "umount boot\n"

# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot

# ------------------------------------------------------------------------
# Create install_efi script (to be run *after* chroot /install)
# ------------------------------------------------------------------------

touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF


# functions (these could be a library, but why overcomplicate things
# ------------------------------------------------------------------------
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }

echo -e "mount boot\n"

# remount here or grub et al gets confused
# ------------------------------------------------------------------------
mount -t vfat /dev/sda1 /boot


# kernel modules for EFI install
# ------------------------------------------------------------------------
modprobe efivars
modprobe dm-mod

# the etwo hook replace the encrypt hook
# usb and usbinput must set before the encrypt (etwo) hook
# mkinitcpio
# ------------------------------------------------------------------------
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf

mkinitcpio -p linux



# locale-gen
# ------------------------------------------------------------------------
UncommentValue de_AT /etc/locale.gen
locale-gen


# install and configure grub2
# ------------------------------------------------------------------------
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64

# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap modprobe.blacklist=pcspkr i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub

# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode

# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck

# create our EFI boot entry
# bug in the HP bios firmware (F.08)
#   

efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"

# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub

# generate config file
grub-mkconfig -o /boot/grub/grub.cfg




exit
EFI_EOF

# ------------------------------------------------------------------------
# Install EFI using script inside chroot
# ------------------------------------------------------------------------
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi


# ------------------------------------------------------------------------
# Post install steps
# ------------------------------------------------------------------------
# anything you want to do post install. run the script automatically or
# manually

touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset

# functions (these could be a library, but why overcomplicate things
# ------------------------------------------------------------------------
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }

# root password
# ------------------------------------------------------------------------
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd

# add user
# ------------------------------------------------------------------------
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}

# mirror ranking
# ------------------------------------------------------------------------
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist

# temporary fix for locale.sh update conflict
# ------------------------------------------------------------------------
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true

# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
# ------------------------------------------------------------------------
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf

# additional groups and utilities
# ------------------------------------------------------------------------
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt

# sudo
# ------------------------------------------------------------------------
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers 

# power
# ------------------------------------------------------------------------
pacman --noconfirm -S acpi acpid cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local

# time
# ------------------------------------------------------------------------
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf

# wireless (wpa supplicant should already be installed)
# ------------------------------------------------------------------------
#pacman --noconfirm -S iw wpa_supplicant rfkill
#pacman --noconfirm -S netcfg wpa_actiond ifplugd
#mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
#echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
#make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
#sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
#sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
#echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
#echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
#echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf

# sound
# ------------------------------------------------------------------------
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2

# video
# ------------------------------------------------------------------------
pacman --noconfirm -S base-devel mesa mesa-demos

# x
# ------------------------------------------------------------------------
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils

# TODO: wacom

# environment/wm/etc.
# ------------------------------------------------------------------------
#pacman --noconfirm -S xfce4 compiz ccsm

#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?

#pacman --noconfirm -S ghc

# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# 	switching to cabal

# fonts
# ------------------------------------------------------------------------
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
#	and create the sym link from /etc/fonts/conf.avail to conf.d

# misc apps
# ------------------------------------------------------------------------
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll

POST_EOF

# ------------------------------------------------------------------------
# Post install in chroot
# ------------------------------------------------------------------------
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install


# copy grub.efi file to the default HP EFI OS boot manager path for automatic boot 
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# shred -z -u /root/root.gpg

# ------------------------------------------------------------------------
# NOTES/TODO
# ------------------------------------------------------------------------

etwo_hooks :

run_hook ()
{
    /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
    if [ -e "/sys/class/misc/device-mapper" ]; then
        if [ ! -e "/dev/mapper/control" ]; then
            /bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
        fi
        [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"

        # Get keyfile if specified
        ckeyfile="/crypto_keyfile"
        usegpg="n"
        if [ "x${cryptkey}" != "x" ]; then
            ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
            ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
            ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
            if poll_device "${ckdev}" ${rootdelay}; then
                case ${ckarg1} in
                    *[!0-9]*)
                        # Use a file on the device
                        # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
                        if [ "${ckarg2#*.}" = "gpg" ]; then
                            ckeyfile="${ckeyfile}.gpg"
                            usegpg="y"
                        fi
                        mkdir /ckey
                        mount -r -t ${ckarg1} ${ckdev} /ckey
                        dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
                        umount /ckey
                        ;;
                    *)
                        # Read raw data from the block device
                        # ckarg1 is numeric: ckarg1=offset, ckarg2=length
                        dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
                        ;;
                esac
            fi
            [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
        fi
        if [ -n "${cryptdevice}" ]; then
            DEPRECATED_CRYPT=0
            cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
            cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
        else
            DEPRECATED_CRYPT=1
            cryptdev="${root}"
            cryptname="root"
        fi

        warn_deprecated() {
            echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
            echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
        }

        if  poll_device "${cryptdev}" ${rootdelay}; then
            if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
                [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
                dopassphrase=1
                # If keyfile exists, try to use that
                if [ -f ${ckeyfile} ]; then
                    if [ "${usegpg}" = "y" ]; then
                        # gpg tty fixup
                        if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
                        cp -a /dev/console /dev/tty
                        while [ ! -e /dev/mapper/${cryptname} ];
                        do
                            sleep 2
                            /usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
                            dopassphrase=0
                        done
                        rm /dev/tty
                        if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
                    else
                        if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
                            dopassphrase=0
                        else
                            echo "Invalid keyfile. Reverting to passphrase."
                        fi
                    fi
                fi
                # Ask for a passphrase
                if [ ${dopassphrase} -gt 0 ]; then
                    echo ""
                    echo "A password is required to access the ${cryptname} volume:"

                    #loop until we get a real password
                    while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
                        sleep 2;
                    done
                fi
                if [ -e "/dev/mapper/${cryptname}" ]; then
                    if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
                        export root="/dev/mapper/root"
                    fi
                else
                    err "Password succeeded, but ${cryptname} creation failed, aborting..."
                    exit 1
                fi
            elif [ -n "${crypto}" ]; then
                [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
                msg "Non-LUKS encrypted device found..."
                if [ $# -ne 5 ]; then
                    err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
                    err "Non-LUKS decryption not attempted..."
                    return 1
                fi
                exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
                tmp=$(echo "${crypto}" | cut -d: -f1)
                [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
                tmp=$(echo "${crypto}" | cut -d: -f2)
                [ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
                tmp=$(echo "${crypto}" | cut -d: -f3)
                [ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
                tmp=$(echo "${crypto}" | cut -d: -f4)
                [ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
                tmp=$(echo "${crypto}" | cut -d: -f5)
                [ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
                if [ -f ${ckeyfile} ]; then
                    exe="${exe} --key-file ${ckeyfile}"
                else
                    exe="${exe} --verify-passphrase"
                    echo ""
                    echo "A password is required to access the ${cryptname} volume:"
                fi
                eval "${exe} ${CSQUIET}"

                if [ $? -ne 0 ]; then
                    err "Non-LUKS device decryption failed. verify format: "
                    err "      crypto=hash:cipher:keysize:offset:skip"
                    exit 1
                fi
                if [ -e "/dev/mapper/${cryptname}" ]; then
                    if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
                        export root="/dev/mapper/root"
                    fi
                else
                    err "Password succeeded, but ${cryptname} creation failed, aborting..."
                    exit 1
                fi
            else
                err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
            fi
        fi
        rm -f ${ckeyfile}
    fi
}

etwo_install:

#!/bin/bash

build() {
    if [ -z "${CRYPTO_MODULES}" ]; then
        MODULES=" dm-crypt $(all_modules "/crypto/") "
    else
        MODULES=" dm-crypt ${CRYPTO_MODULES} "
    fi
    FILES=""
    SCRIPT="etwo"
    add_dir "/dev/mapper"
    [ -f "/sbin/cryptsetup" ] && add_binary "/sbin/cryptsetup" "/sbin/cryptsetup"
    [ -f "/usr/sbin/cryptsetup" ] && add_binary "/usr/sbin/cryptsetup" "/sbin/cryptsetup"
    add_binary "/sbin/dmsetup"
    add_file "/lib/udev/rules.d/10-dm.rules"
    add_file "/lib/udev/rules.d/13-dm-disk.rules"
    add_file "/lib/udev/rules.d/95-dm-notify.rules"
}

help()
{
cat<<HELPEOF
  This hook allows for an encrypted root device with support for gpg encrypted key files.
  To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
  to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
}

EDIT:
archbyhand_efi_crypto_gpg.tar.xz

Last edited by Fallback (2012-04-01 20:19:53)

Offline

#54 2012-01-08 00:16:39

KairiTech
Member
From: Toronto, Canada
Registered: 2011-06-04
Posts: 231

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Has anyone attempted to modify this script to use root on RAID?

A simple conversion of the device only gets me the "Unable to determine major/minor number of root device" error.


-=[ LIVE enabled UEFI with redundant syslinux pure systemd detached LUKS header partitionless encrypted GPT SSDx3 RAID0 because I can.  ]=-

Backward compatibility is for the masses. There's no dual-boot here...

Offline

#55 2012-01-08 00:40:47

Fallback
Member
Registered: 2009-12-26
Posts: 21

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

try to change  /boot/grub/grub.cfg
then
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck

Offline

#56 2012-01-08 18:30:02

KairiTech
Member
From: Toronto, Canada
Registered: 2011-06-04
Posts: 231

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

I could kick myself. I've done this so many times before with RAID installs I don't know how it slipped me this time around.

Before I built the boot image with...

 mkinitcpio -p linux

I had to rebuild /etc/mdadm.conf with...

mdadm --examine --scan > /etc/mdadm.conf

after I started the RAID array and copy /etc/mdadm.conf to /tmp/install/etc/mdadm.conf so it'd suvrvive the reboot into the new system.

Last edited by KairiTech (2012-01-18 16:24:27)


-=[ LIVE enabled UEFI with redundant syslinux pure systemd detached LUKS header partitionless encrypted GPT SSDx3 RAID0 because I can.  ]=-

Backward compatibility is for the masses. There's no dual-boot here...

Offline

#57 2012-01-13 16:03:56

KairiTech
Member
From: Toronto, Canada
Registered: 2011-06-04
Posts: 231

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Thank you so much Ethan. This is a brilliant piece of work.

I was able to modify the original script to include installing on a LUKS encrypted RAID array that I split into two LVM2 volumes. One for root and one for my data. That way I only enter the passphrase once to open the array and not once for root and again for my data.

Last edited by KairiTech (2012-01-18 16:21:40)


-=[ LIVE enabled UEFI with redundant syslinux pure systemd detached LUKS header partitionless encrypted GPT SSDx3 RAID0 because I can.  ]=-

Backward compatibility is for the masses. There's no dual-boot here...

Offline

#58 2012-01-16 20:19:23

beta990
Member
Registered: 2011-07-10
Posts: 162

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Hi,

I have created a custom with correct efi installation:
- It uses the base that altercation has created
- SSD and HDD installation, /var and /home are separated
- No encryption
- Correct EFI directory -> x64!
- No extra's

Thanks & credits goes out to altercation! smile

NOTE: THIS SCRIPT IS AT YOUR OWN RISK. IT WILL ERASE ALL THE DATA!!! SO MAKE BACKUPS!!!

Howto:
- Archboot.iso to usb-stick, and boot with UEFI
- Put this script onto root
- Exit the installer, and on the prompt enter: mount /dev/sdc1 /src (*can be diff.)
- /src/archbyhand.sh

Tip:
Use link to remove entries from EFI-list.

-v0.1:

#!/bin/bash

# beta990 - date 16-01-2011 - v1.0

set -o nounset

# Base
HOSTNAME=Hostname

# Globals
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'

# Functions
SetValue () { 
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
}

CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
}

UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
}

# Initialize
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format all disks. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
	sleep 1
	let timer-=1
	echo -en "$timer seconds..."
done

echo "STARTING"

# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."

# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"

mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"

modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"

# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg

[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}

[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}

[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF

# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy

# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy btrfs-progs-unstable

# Kernel modules for EFI install
modprobe efivars
modprobe dm-mod

# Configure Host
echo -e "\nFormatting disk...\n$HR"

sgdisk -Z /dev/sda
sgdisk -a 2048 -o /dev/sda
sgdisk -n 1:0:+200M /dev/sda
sgdisk -n 2:0:+2G /dev/sda
sgdisk -n 3:0:+15G /dev/sda
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
sgdisk -c 1:"UEFI" /dev/sda
sgdisk -c 2:"SWAP" /dev/sda
sgdisk -c 3:"Arch" /dev/sda

sgdisk -Z /dev/sdb
sgdisk -a 2048 -o /dev/sdb
sgdisk -n 1:0:+15G /dev/sdb
sgdisk -n 2:0:+10G /dev/sdb
sgdisk -t 1:8300 /dev/sdb
sgdisk -t 2:8300 /dev/sdb
sgdisk -c 1:"VAR" /dev/sdb
sgdisk -c 2:"HOME" /dev/sdb

# Make filesystems
echo -e "\nCreating Filesystems...\n$HR"
mkfs.vfat -F32 /dev/sda1
mkswap /dev/sda2
mkfs.btrfs /dev/sda3
mkfs.btrfs /dev/sdb1
mkfs.btrfs /dev/sdb2

# Mount target
mkdir ${INSTALL_TARGET}
mount /dev/sda3 ${INSTALL_TARGET}
mkdir -p ${INSTALL_TARGET}/boot/efi/efi
mkdir -p ${INSTALL_TARGET}/var
mkdir -p ${INSTALL_TARGET}/home
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot/efi
mount /dev/sdb1 ${INSTALL_TARGET}/var
mount /dev/sdb2 ${INSTALL_TARGET}/home

# Fix permission issues
chmod 755 ${INSTALL_TARGET}/var
chmod 755 ${INSTALL_TARGET}/home

# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64

# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf

# Write fstab
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# 
# /etc/fstab: static file system information
#
# <file system>		<dir>	<type>	<options>		<dump>	<pass>
tmpfs		/tmp		tmpfs	nodev,nosuid		0	0
/dev/sda1	/boot/efi	vfat	defaults			0	0 
/dev/sda2	none 		swap	swap				0	0 
/dev/sda3	/ 			btrfs	noatime,discard		0	1 
/dev/sdb1	/var 		btrfs	noatime,discard		0	1
/dev/sdb2	/home 		btrfs	noatime,discard		0	1
FSTAB_EOF

# Copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf

mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf

# Mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev

# We have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot

# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF

# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }

# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot/efi

# mkinitcpio
SetValue MODULES '\\"dm_mod ext2 ext4 vfat\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont encrypt filesystems\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux

# locale-gen
UncommentValue en_US /etc/locale.gen
locale-gen

SetValue GRUB_CMDLINE_LINUX '\\"add_efi_memmap pcie_aspm=force quiet\\"' /etc/default/grub
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub
grub_efi_x86_64-install --root-directory=/boot/efi --boot-directory=/boot/efi/efi --bootloader-id=grub --no-floppy --recheck --debug
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "GRUB" --loader "\\\\EFI\\\\grub\\\\grub.efi"
cp /usr/share/grub/unicode.pf2 /boot/efi/efi/grub
grub-mkconfig -o /boot/efi/efi/grub/grub.cfg

exit
EFI_EOF

# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi

# Post install steps
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset

SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }

echo -e "${HR}\\nNew root user password\\n${HR}"
passwd

# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true

# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf

POST_EOF

# Chroot install
chroot /install /post_install
rm /install/post_install

v0.2 (06-02-2012 - testing - compatible 2012.01 „2k12-R1“)

#!/bin/bash

# beta990 - date 21-01-2011 - v2

set -o nounset

# Base
HOSTNAME=lastname
USERNAME=user

# Globals
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://ftp.nluug.nl/pub/os/Linux/distr/archlinux/$repo/os/$arch'
HTTP_URL='http://ftp.nluug.nl/pub/os/Linux/distr/archlinux/$repo/os/$arch'

# Functions
SetValue () { 
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
}

CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
}

UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
}

# Initialize
timer=5
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format all disks. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
	sleep 1
	let timer-=1
	echo -en "$timer seconds..."
done

echo "STARTING"

# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."

# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"

mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"

modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"

# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
SigLevel = Never

[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}

[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}

PACMANEOF

# Prepare pacman
mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy

# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist
SetValue SigLevel '\\"Never\\"' /etc/pacman.conf
${PACMAN} --noconfirm -Sy ntfsprogs ntfs-3g

# Kernel modules for EFI install
modprobe efivars
modprobe dm-mod

# Configure Host
echo -e "\nFormatting disk...\n$HR"

sgdisk -Z /dev/sda
sgdisk -a 2048 -o /dev/sda
sgdisk -n 1:0:+200M /dev/sda
sgdisk -n 2:0:+2G /dev/sda
sgdisk -n 3:0:+15G /dev/sda
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
sgdisk -c 1:"UEFI" /dev/sda
sgdisk -c 2:"SWAP" /dev/sda
sgdisk -c 3:"ARCH" /dev/sda

sgdisk -Z /dev/sdb
sgdisk -a 2048 -o /dev/sdb
sgdisk -n 1:0:+15G /dev/sdb
sgdisk -n 2:0:+10G /dev/sdb
sgdisk -n 3:0 /dev/sdb
sgdisk -t 1:8300 /dev/sdb
sgdisk -t 2:8300 /dev/sdb
sgdisk -t 3:0700 /dev/sdb
sgdisk -c 1:"VAR" /dev/sdb
sgdisk -c 2:"HOME" /dev/sdb
sgdisk -c 3:"DATA" /dev/sdb

# Make filesystems
echo -e "\nCreating Filesystems...\n$HR"
mkfs.vfat -F32 /dev/sda1
mkswap /dev/sda2
mkfs.ext4 /dev/sda3
mkfs.ext4 /dev/sdb1
mkfs.ext4 /dev/sdb2
mkfs.ntfs /dev/sdb3

# Mount target
mkdir ${INSTALL_TARGET}
mount /dev/sda3 ${INSTALL_TARGET}
mkdir -p ${INSTALL_TARGET}/boot/efi/efi
mkdir -p ${INSTALL_TARGET}/var
mkdir -p ${INSTALL_TARGET}/home
mkdir -p ${INSTALL_TARGET}/media/data
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot/efi
mount /dev/sdb1 ${INSTALL_TARGET}/var
mount /dev/sdb2 ${INSTALL_TARGET}/home

# Fix permission issues
chmod 755 ${INSTALL_TARGET}/var
chmod 755 ${INSTALL_TARGET}/home

# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
SetValue SigLevel '\\"Never\\"' ${INSTALL_TARGET}/etc/pacman.conf
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64

# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
SetValue LOCALE nl_NL.UTF-8 ${INSTALL_TARGET}/etc/rc.conf
SetValue TIMEZONE Europe/Amsterdam ${INSTALL_TARGET}/etc/rc.conf
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf

# Write fstab
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# 
# /etc/fstab: static file system information
#
# <file system>		<dir>	<type>	<options>					<dump>	<pass>
tmpfs 		/tmp 		tmpfs 	defaults,nodev,nosuid,mode=1777,size=7G		0	0
/dev/sda1	/boot/efi	vfat	defaults					0	0 
/dev/sda2	none 		swap	swap						0	0 
/dev/sda3	/ 		ext4	defaults,noatime,discard			0	1 
/dev/sdb1	/var 		ext4	defaults,noatime				0	1
/dev/sdb2	/home 		ext4	defaults,noatime				0	1
/dev/sdb3	/media/data  ntfs-3g	uid=${USERNAME},gid=users			0	0
FSTAB_EOF

# Copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf

mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf

# Mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev

# We have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot

# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF

# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }

# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot/efi

# mkinitcpio
SetValue MODULES '\\"dm_mod ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev autodetect pata scsi sata usb usbinput keymap consolefont filesystems\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux

# locale-gen
UncommentValue en_US /etc/locale.gen
UncommentValue nl_NL /etc/locale.gen
locale-gen

SetValue GRUB_CMDLINE_LINUX '\\"add_efi_memmap i915.modeset=1 i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force elevator=noop\\"' /etc/default/grub
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 1024x768x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub
grub_efi_x86_64-install --root-directory=/boot/efi --boot-directory=/boot/efi/efi --bootloader-id=grub --no-floppy --recheck --debug
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "GRUB" --loader "\\\\EFI\\\\grub\\\\grub.efi"
cp /usr/share/grub/unicode.pf2 /boot/efi/efi/grub
grub-mkconfig -o /boot/efi/efi/grub/grub.cfg

exit
EFI_EOF

# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi

# Post install steps
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset

SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }

# setup root
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd

# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -c 'user lastname' -G audio,lp,optical,storage,video,games,power,scanner,network,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}

# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true

# additional groups and utilities
echo -e "\\nServer = ftp://ftp.nluug.nl/pub/os/Linux/distr/archlinux/\\\$repo/os/\\\$arch" >> /etc/pacman.d/mirrorlist
echo -e "\\nServer = http://ftp.nluug.nl/pub/os/Linux/distr/archlinux/\\\$repo/os/\\\$arch" >> /etc/pacman.d/mirrorlist
echo -e "\\nServer = ftp://mirror.nl.leaseweb.net/archlinux/\\\$repo/os/\\\$arch" >> /etc/pacman.d/mirrorlist
echo -e "\\nServer = http://mirror.nl.leaseweb.net/archlinux/\\\$repo/os/\\\$arch" >> /etc/pacman.d/mirrorlist
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel yaourt

# sudo
pacman --noconfirm -S sudo gksu
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
#sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
echo -e "\\n%wheel	ALL=/usr/bin/gufw" >> /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers 

# power
pacman --noconfirm -S acpi acpid cpufrequtils
sed -i "/^DAEMONS/ s/)/ acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
UncommentValue governor /etc/conf.d/cpufreq
UncommentValue min_freq /etc/conf.d/cpufreq
UncommentValue max_freq /etc/conf.d/cpufreq
SetValue min_freq '\\"1.60GHz\\"' /etc/conf.d/cpufreq
SetValue max_freq '\\"3.40Ghz\\"' /etc/conf.d/cpufreq

# dbus, upower, networkmanager, ntp, ufw, preload
pacman --noconfirm -S dbus upower  ntp ufw gufw preload
yaourt --noconfirm -S profile-sync-daemon
sed -i "/^DAEMONS/ s/network /acpi dbus @ufw @networkmanager @ntpd @psd /" /etc/rc.conf
ufw enable
SetValue USERS '\\"${USERNAME}\\"' /etc/psd.conf

# cpufreq
sed -i "/^DAEMONS/ s/)/ @cpufreq)/" /etc/rc.conf

# sound
pacman --noconfirm -S pulseaudio pulseaudio-alsa alsa-utils ossp
sed -i "/^DAEMONS/ s/)/ @osspd)/" /etc/rc.conf

# xorg
pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts xscreensaver hsetroot xf86-video-intel xf86-video-fbdev xf86-video-v4l xf86-video-vesa intel-dri libva-driver-intel 

# video
pacman --noconfirm -S mesa mesa-demos

# environment/wm/etc.
pacman --noconfirm -S gnome gnome-extra gnome-tweak-tool gnome-shell-extension-user-theme gksu xdg-user-dirs
pacman --noconfirm -R orca vinagre vino epiphany sushi
pacman --noconfirm -S gtk-engine-murrine gtk-engines
yaourt --noconfirm -S gtk-engine-unico
yaourt --noconfirm -S gdm3setup

# fonts
pacman --noconfirm -S terminus-font ttf-dejavu
yaourt --noconfirm -S ttf-ms-fonts

# samba
pacman --noconfirm -S smbclient samba gvfs-smb gnome-vfs smbnetfs xinetd
cp /etc/samba/smb.conf.default /etc/samba/smb.conf
pdbedit -a -u ${USERNAME}
sed -i "/^DAEMONS/ s/)/ @samba @xinetd @smbnetfs)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ fuse)/" /etc/rc.conf
UncommentValue user_allow_other /etc/fuse.conf

# set gdm and preload
sed -i "/^DAEMONS/ s/)/ @preload gdm)/" /etc/rc.conf

# misc apps
pacman --noconfirm -S firefox
pacman --noconfirm -S flashplugin
pacman --noconfirm -S gstreamer0.10-plugins
pacman --noconfirm -S vlc
pacman --noconfirm -S transmission-cli transmission-gtk
pacman --noconfirm -S gparted dosfstools ntfsprogs
pacman --noconfirm -S zip unzip unrar p7zip
pacman --noconfirm -S virtualbox virtualbox-additions virtualbox-modules
gpasswd -a ${USERNAME} vboxusers
sed -i "/^MODULES/ s/)/ vboxdrv vboxnetflt)/" /etc/rc.conf
pacman --noconfirm -S nautilus-actions nautilus-open-terminal nautilus-sendt
yaourt --noconfirm -S gnome-cursors-fix
yaourt --noconfirm -S dropbox-experimental nautilus-dropbox
yaourt --noconfirm -S faenza-icon-theme
yaourt --noconfirm -S gloobus-preview gloobus-sushi-bzr
yaourt --noconfirm -S sabnzbd
yaourt --noconfirm -S alacarte
yaourt --noconfirm -S bleachbit-svn

# ssd optimize
echo -e "\\nvm.swappiness=1" >> /etc/sysctl.conf
echo -e "\\nvfs_cache_pressure=50" >> /etc/sysctl.conf

# pacman-key
yaourt --noconfirm -S rng-tools
sed -i 's/0/10/' /etc/conf.d/rngd
rngd -f -r /dev/urandom &
pacman-key --init
killall rngd
pacman --noconfirm -Rns rng-tools
sed -i '/keyserver/ s,keys.gnupg.net,pgp.mit.edu,' /etc/pacman.d/gnupg/gpg.conf

echo -e "${HR}\\nInstallation Completed\\n${HR}"

POST_EOF

# Chroot install
chroot /install /post_install
rm /install/post_install

Last edited by beta990 (2012-02-06 11:20:11)

Offline

#59 2012-02-23 02:05:10

KairiTech
Member
From: Toronto, Canada
Registered: 2011-06-04
Posts: 231

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

beta990 wrote:

Hi,

I have created a custom with correct efi installation:
- It uses the base that altercation has created
- SSD and HDD installation, /var and /home are separated
- No encryption
- Correct EFI directory -> x64!
- No extra's

Thanks & credits goes out to altercation! smile

.
.
.

So looking at this post is there really such a thing as a "correct" EFI directory for x86_64?


-=[ LIVE enabled UEFI with redundant syslinux pure systemd detached LUKS header partitionless encrypted GPT SSDx3 RAID0 because I can.  ]=-

Backward compatibility is for the masses. There's no dual-boot here...

Offline

#60 2012-03-01 12:17:35

beta990
Member
Registered: 2011-07-10
Posts: 162

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

There is a correct way to install a bootloader for UEFI.

Path should look like: /efi/EFI/*VENDOR*/grub
in this it is /boot/efi/efi/grub

Offline

#61 2012-03-01 15:45:48

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

beta990 wrote:

There is a correct way to install a bootloader for UEFI.

Path should look like: /efi/EFI/*VENDOR*/grub
in this it is /boot/efi/efi/grub

It should be /boot/efi/efi/arch/ . In archboot (in git) I have changes it to /boot/efi/efi/arch_grub/

Offline

#62 2012-04-03 09:59:44

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 1,959
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

In this paragraph https://wiki.archlinux.org/index.php/So … _partition it's mentioned "When using cryptsetup, define a sufficient payload " see http://www.spinics.net/lists/dm-crypt/msg02421.html where they use a command like "cryptsetup luksFormat --align-payload=8192"

is there a specific reason your luks script doesn't use the align-payload argument?

note, that tip is 2 years old, may be obsolete now?
edit: from man cryptsetup:

--align-payload=value
              Align payload at a boundary of value 512-byte sectors.  This option is relevant for luksFormat.
              If not specified, cryptsetup tries to use topology info provided by kernel for underlying device to get optimal alignment.  If not available (or calculated value is multiple of default) data is by default aligned to 1 MiB boundary (2048 512-byte sectors).
              For detached LUKS header it specifies offset on data device.  See also --header option.

Last edited by Dieter@be (2012-04-04 08:44:04)


< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#63 2012-04-03 11:35:53

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 1,959
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

altercation wrote:

Don't just dd the archlinux iso to a usb. Format the USB stick as an MBR FAT drive and dump the entire Archboot ISO contents to it. To be honest, I did this in an Ubuntu vmware image I had on my mac, though I'd like to include command line options for doing this. TODO!

I get a grub prompt when I try to boot like this.
Here's what I did:

mkdir -p /mnt/usbdisk/
mkdir -p /mnt/loop
fdisk /dev/sdd # create one primary partition like so (start sector is what fdisk suggested, maybe that's not good?):
   Device Boot      Start         End      Blocks   Id  System
/dev/sdd1            2048     2063351     1030652   83  Linux
mkfs.vfat /dev/sdd1
mount /dev/sdd1 /mnt/usbdisk/
mount -o loop archlinux-2012.01-1-archboot.iso /mnt/loop
cp -ax /mnt/loop/* /mnt/usbdisk/
cd /mnt/usbdisk
git clone git://github.com/altercation/arch-by-hand.git
umount /mnt/usbdisk

Last edited by Dieter@be (2012-04-03 11:40:54)


< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#64 2012-04-03 14:48:53

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Dieter@be wrote:

   Device Boot      Start         End      Blocks   Id  System
/dev/sdd1            2048     2063351     1030652   83  Linux

Wrong MBR type code or Id for FAT. It should be 0x0b or 0x0c for FAT32, not 0x83 (used for Linux filesystems ext2/3/4 etc.) http://www.win.tue.nl/~aeb/partitions/p … pes-1.html . Start sector is not an issue here.

BTW check out rEFInd and EFISTUB enabled kernels for UEFI booting (alternative to grub2) https://bbs.archlinux.org/viewtopic.php?id=136833 .

Offline

#65 2012-04-03 22:39:28

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 1,959
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

the.ridikulus.rat wrote:
Dieter@be wrote:

   Device Boot      Start         End      Blocks   Id  System
/dev/sdd1            2048     2063351     1030652   83  Linux

Wrong MBR type code or Id for FAT. It should be 0x0b or 0x0c for FAT32, not 0x83 (used for Linux filesystems ext2/3/4 etc.) http://www.win.tue.nl/~aeb/partitions/p … pes-1.html . Start sector is not an issue here.

BTW check out rEFInd and EFISTUB enabled kernels for UEFI booting (alternative to grub2) https://bbs.archlinux.org/viewtopic.php?id=136833 .

thanks bro. setting it to 'b' in fdisk fixed it. boots fine now.


< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#66 2012-04-05 00:21:20

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 1,959
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

I'm getting 3 errors at the end of the script:

error: failed to initialize alpm library (could not find or read directory)
/install_efi: line 51: grub_efi_x86_64-install:command not found
Fatal: Couldn't open either sysfs or procfs directories for accessing EFI variables.
Try 'modprobe efivars' as root.

it seems like the middle one can be fixed by renaming the command to  "grub-install --target=x86_64-efi"
but the other ones....are probably the reason my new system doesn't want to boot. (note that the script actually does run 'modprobe efivars' before this part)

I reported this, and a bunch of other issues @ https://github.com/altercation/arch-by-hand/issues

any help appreciated!

Last edited by Dieter@be (2012-04-05 00:21:44)


< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#67 2012-04-05 05:48:33

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Dieter@be wrote:

I'm getting 3 errors at the end of the script:

error: failed to initialize alpm library (could not find or read directory)
/install_efi: line 51: grub_efi_x86_64-install:command not found
Fatal: Couldn't open either sysfs or procfs directories for accessing EFI variables.
Try 'modprobe efivars' as root.

it seems like the middle one can be fixed by renaming the command to  "grub-install --target=x86_64-efi"
but the other ones....are probably the reason my new system doesn't want to boot. (note that the script actually does run 'modprobe efivars' before this part)

I reported this, and a bunch of other issues @ https://github.com/altercation/arch-by-hand/issues

any help appreciated!

Is this with i686 kernel in x86_64-efi . In that case efivars will not work. BTW the grub_efi_x86_64-install is for grub2 1.99, for 2.00 it is just grub-install .

There are also other issues with the script, using same partition as /boot and /boot/efi etc. And the efivars issue might be due to not bind mounting /sys in the chroot. Try http://sprunge.us/YMbP?diff .

@altercation: Why 2 separate scripts to do the same job?

Offline

#68 2012-04-05 05:50:17

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

beta990 wrote:

There is a correct way to install a bootloader for UEFI.

Path should look like: /efi/EFI/*VENDOR*/grub
in this it is /boot/efi/efi/grub

It is actually (UEFISYS)/EFI/<VENDOR>/<VENDOR's files> . In the case of Arch and grub2 it is (/boot/efi)/EFI/(arch_grub)/<grub2's files> .

Last edited by the.ridikulus.rat (2012-04-05 08:43:40)

Offline

#69 2012-04-05 09:29:52

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 1,959
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

the.ridikulus.rat wrote:

Is this with i686 kernel in x86_64-efi . In that case efivars will not work.

I booted the x86_64 (not LTS) option in archboot, if that's your question.

the.ridikulus.rat wrote:

There are also other issues with the script, using same partition as /boot and /boot/efi etc. And the efivars issue might be due to not bind mounting /sys in the chroot. Try http://sprunge.us/YMbP?diff .

@altercation: Why 2 separate scripts to do the same job?

do I need to change anything for the /boot vs /boot/efi thing?  I use the crypto variant btw, I applied the same changes you did, and that removes 2 out of 3 errors at the end wink http://imgur.com/XGpOg
However, the new system still doesn't want to boot (in the lenovo boot menu i select "arch linux (grub2)" but it gives me the same boot menu again.

Last edited by Dieter@be (2012-04-05 09:30:06)


< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#70 2012-04-05 09:52:07

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Dieter@be wrote:
the.ridikulus.rat wrote:

There are also other issues with the script, using same partition as /boot and /boot/efi etc. And the efivars issue might be due to not bind mounting /sys in the chroot. Try http://sprunge.us/YMbP?diff .

do I need to change anything for the /boot vs /boot/efi thing?

I don't think so. If /boot itself is working properly as UEFISYS for you, no need to change it.

I use the crypto variant btw, I applied the same changes you did, and that removes 2 out of 3 errors at the end wink http://imgur.com/XGpOg

Glad to hear. The issue is then not loading efivars outside the chroot and not using bind mount of /sys inside the chroot.

However, the new system still doesn't want to boot (in the lenovo boot menu i select "arch linux (grub2)" but it gives me the same boot menu again.

Post the output of "find /boot/EFI/arch_grub/" .

Offline

#71 2012-04-05 10:00:46

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 1,959
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

the.ridikulus.rat wrote:
Dieter@be wrote:
the.ridikulus.rat wrote:

There are also other issues with the script, using same partition as /boot and /boot/efi etc. And the efivars issue might be due to not bind mounting /sys in the chroot. Try http://sprunge.us/YMbP?diff .

do I need to change anything for the /boot vs /boot/efi thing?

I don't think so. If /boot itself is working properly as UEFISYS for you, no need to change it.

I don't know.. how do I test?

the.ridikulus.rat wrote:

However, the new system still doesn't want to boot (in the lenovo boot menu i select "arch linux (grub2)" but it gives me the same boot menu again.

Post the output of "find /boot/EFI/arch_grub/" .

The directory /boot/EFI is empty. See: http://i.imgur.com/DXstJ.jpg


< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#72 2012-04-05 10:20:17

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Dieter@be wrote:
the.ridikulus.rat wrote:
Dieter@be wrote:

do I need to change anything for the /boot vs /boot/efi thing?

I don't think so. If /boot itself is working properly as UEFISYS for you, no need to change it.

I don't know.. how do I test?

I think this is not an issue for now. Its just a matter of mounting the partitions and changing --root-directory=/boot/efi .

the.ridikulus.rat wrote:

However, the new system still doesn't want to boot (in the lenovo boot menu i select "arch linux (grub2)" but it gives me the same boot menu again.

Post the output of "find /boot/EFI/arch_grub/" .

The directory /boot/EFI is empty. See: http://i.imgur.com/DXstJ.jpg

Thats not good.  Add

--debug 1>/boot/grub.log 2>&1

to the end of grub-install and post /boot/grub.log file .

EDIT: Try http://sprunge.us/hfff?diff .

Last edited by the.ridikulus.rat (2012-04-05 10:25:21)

Offline

#73 2012-04-05 17:12:11

the.ridikulus.rat
Member
From: Indiana, USA
Registered: 2011-10-04
Posts: 765

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Fixed scripts:

Patch: http://sprunge.us/jAeY?diff
archbyhand_efi_crypto.sh: http://sprunge.us/cSeX?sh
archbyhand_efi.sh: http://sprunge.us/HYUN?sh

Changes:

Added proper /proc, /sys, /dev bind mounts for TARGET_PACMAN and CHROOT operations
Load the efivars and dm-mod modules before chrooting (kernel version mismatch)
Separate /boot and /boot/efi (UEFISYS)
/boot/efi = 512 MiB FAT32
/boot = 400 MiB ext3
grub2 2.00beta3 grub-install fix
Fix efibootmgr path

Last edited by the.ridikulus.rat (2012-04-05 17:16:33)

Offline

#74 2012-04-05 17:28:08

Dieter@be
Forum Fellow
From: Belgium
Registered: 2006-11-05
Posts: 1,959
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

the.ridikulus.rat has been helping me out on IRC and we managed to get rid of a lot of issues.
In my fork on github, you can see commits for each individual fix, as well as my changes to set up dm_crypt+lvm for my dieter-t420s machine in the corresponding branch, which also has fixes which apply to the general use cases. https://github.com/Dieterbe/arch-by-hand

I'm now able to boot a system after installing it with this script, but it's still quite broken (no /var/lib/pacman, bunches of errors during bootup, fsck recovers stray inodes, cannot tear down encrypted volume on shutdown, ...)

Last edited by Dieter@be (2012-04-05 20:20:11)


< Daenyth> and he works prolifically
4 8 15 16 23 42

Offline

#75 2012-04-06 07:36:09

Ahadiel
Member
From: Vancouver, BC
Registered: 2008-05-11
Posts: 31
Website

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

the.ridikulus.rat wrote:

Fixed scripts:

Patch: http://sprunge.us/jAeY?diff
archbyhand_efi_crypto.sh: http://sprunge.us/cSeX?sh
archbyhand_efi.sh: http://sprunge.us/HYUN?sh

Changes:

Added proper /proc, /sys, /dev bind mounts for TARGET_PACMAN and CHROOT operations
Load the efivars and dm-mod modules before chrooting (kernel version mismatch)
Separate /boot and /boot/efi (UEFISYS)
/boot/efi = 512 MiB FAT32
/boot = 400 MiB ext3
grub2 2.00beta3 grub-install fix
Fix efibootmgr path

Which version of Archboot did you test this on?

Offline

Board footer

Powered by FluxBB