Add Arch helper scripts

2018-12-29 13:18:48 +01:00
parent c9882d01d8
commit f27e6a0bf8
7 changed files with 111 additions and 1 deletions
--- a/scripts/arch/01-init.sh
+++ b/scripts/arch/01-init.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -e
+
+SCRIPT_NAME=`basename "$0"`
+echo "=========== ${SCRIPT_NAME} ==========="
+pacman -Sy yubikey-manager yubikey-personalization pcsc-tools libu2f-host make json-c cryptsetup
+
+systemctl start pcscd.service
+
+ykman list
+
+lsblk
+
+echo ""
+echo "====================="
+echo "Proceed with chapter 02: Prepare disks"
--- a/scripts/arch/03-ykfde.sh
+++ b/scripts/arch/03-ykfde.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -e
+
+SCRIPT_NAME=`basename "$0"`
+echo "=========== ${SCRIPT_NAME} ==========="
+
+curl -L https://github.com/agherzan/yubikey-full-disk-encryption/archive/master.zip | bsdtar -xvf - -C .
+cd yubikey-full-disk-encryption-master
+make install
+
+echo ""
+echo "====================="
+echo "Proceed with chapter 03: Prepare 2nd slot"
--- a/scripts/arch/04-prepare-volumes.sh
+++ b/scripts/arch/04-prepare-volumes.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -e
+
+SCRIPT_NAME=`basename "$0"`
+echo "=========== ${SCRIPT_NAME} ==========="
+
+pvcreate /dev/mapper/cryptlvm
+vgcreate MyVolGroup /dev/mapper/cryptlvm
+
+lvcreate -L 20G MyVolGroup -n root
+lvcreate -l 100%FREE MyVolGroup -n home
+
+mkfs.ext4 /dev/MyVolGroup/root
+mkfs.ext4 /dev/MyVolGroup/home
+
+mount /dev/MyVolGroup/root /mnt
+mkdir /mnt/home
+mount /dev/MyVolGroup/home /mnt/home
+
+echo ""
+echo "====================="
+echo "Proceed with chapter 04: Encrypted boot partition"
--- a/scripts/arch/05-chroot.sh
+++ b/scripts/arch/05-chroot.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -e
+
+SCRIPT_NAME=`basename "$0"`
+echo "=========== ${SCRIPT_NAME} ==========="
+
+pacman -Sy yubikey-manager yubikey-personalization pcsc-tools libu2f-host make json-c cryptsetup
+
+mkdir -p /run/lvm
+mount --bind /hostrun/lvm /run/lvm
+
+cd /home/yubikey-full-disk-encryption-master
+make install
+
+cp /home/ykfde.conf /etc/ykfde.conf
+
+source /home/challenge.txt
+sed -i "s/#YKFDE_CHALLENGE=\"/YKFDE_CHALLENGE=\"$YKFDE_CHALLENGE/g" /etc/ykfde.conf
+
+cat /etc/ykfde.conf
+
+echo ""
+echo "====================="
+echo "Proceed with chapter 05: mkinitcpio"
--- a/scripts/arch/05-install.sh
+++ b/scripts/arch/05-install.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -e
+
+SCRIPT_NAME=`basename "$0"`
+echo "=========== ${SCRIPT_NAME} ==========="
+
+pacstrap /mnt base yubikey-manager yubikey-personalization pcsc-tools libu2f-host acpid dbus grub-efi-x86_64 efibootmgr lvm2
+
+genfstab -U -p /mnt >> /mnt/etc/fstab
+
+cat /mnt/etc/fstab
+
+echo ""
+echo "====================="
+echo "Proceed with chapter 05: YubiKey Full Disk Encryption"
--- a/scripts/arch/06-secure-boot.sh
+++ b/scripts/arch/06-secure-boot.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -e
+
+SCRIPT_NAME=`basename "$0"`
+echo "=========== ${SCRIPT_NAME} ==========="
+
+pacman -Sy binutils fakeroot
+
+curl -L https://github.com/xmikos/cryptboot/archive/master.zip | bsdtar -xvf - -C .
+cd cryptboot-master
+
+makepkg -si --skipchecksums
+
+cryptboot-efikeys create
+cryptboot-efikeys enroll
+cryptboot update-grub
+
+echo ""
+echo "====================="
+echo "Proceed with chapter 06: Pacman hooks"