-
Notifications
You must be signed in to change notification settings - Fork 10
/
CRYPT
187 lines (149 loc) · 5.51 KB
/
CRYPT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
set -x
set -e
# the two disks
geom0=ada0
geom1=ada1
# installation files be here:
bsd=/usr/freebsd-dist
if [ "$(uname -s)" != "FreeBSD" ] ; then
echo "Only works on FreeBSD, Sorry." >&2
exit 1
fi
if [ ! -d $bsd ] ; then
set +x
rdir="$(uname -m)/$(uname -r |sed 's/-.*/-RELEASE/')"
echo "FreeBSD installation files missing..."
echo ""
echo "Enter to fetch, ^c to abort"
read cont
(
mkdir $bsd
cd $bsd
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$rdir/base.txz
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$rdir/lib32.txz
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$rdir/kernel.txz
)
set -x
fi
if [ ! -f $bsd/base.txz ] ; then
set +x
echo "Can't find FreeBSD installation files in $bsd" >&2
exit 1
fi
bin=$(dirname $0)
[ "$bin" == "." ] && bin=$(pwd) || true
base=/mnt
ufsdir=/xboot
gpart destroy -F $geom0 || true
gpart destroy -F $geom1 || true
gpart create -s gpt $geom0
gpart create -s gpt $geom1
gpart add -b 40 -s 512k -t freebsd-boot $geom0
gpart add -b 40 -s 512k -t freebsd-boot $geom1
gpart add -l boot0 -s 1G -t freebsd-ufs -a 4k $geom0 # 512M is absolute minimum, the kernel is so large.
gpart add -l boot1 -s 1G -t freebsd-ufs -a 4k $geom1
gpart add -l swap0 -s 2G -t freebsd-swap -a 4k $geom0
gpart add -l swap1 -s 2G -t freebsd-swap -a 4k $geom1
gpart add -l zroot0 -t freebsd-zfs -a 4k $geom0
gpart add -l zroot1 -t freebsd-zfs -a 4k $geom1
kldload geom_mirror || true
gmirror label -b load -F swap /dev/gpt/swap0 /dev/gpt/swap1
gmirror label -b load -F boot /dev/gpt/boot0 /dev/gpt/boot1
geli onetime -d -e AES-XTS -l 256 -s 4096 /dev/mirror/swap
set +x
echo -n Password:
stty -echo
read pw
stty echo
echo $pw > /tmp/pw
echo ""
set -x
geli init -s 4096 -J /tmp/pw /dev/gpt/zroot0
geli init -s 4096 -J /tmp/pw /dev/gpt/zroot1
geli attach -j /tmp/pw /dev/gpt/zroot0
geli attach -j /tmp/pw /dev/gpt/zroot1
gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 $geom0
gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 $geom1
# no idea why -j fails....
#newfs -U -j /dev/mirror/boot
newfs -U /dev/mirror/boot
pool=tank
zpool create -f -m none -o altroot=$base -o cachefile=/tmp/zpool.cache $pool mirror /dev/gpt/zroot0.eli /dev/gpt/zroot1.eli
root=$pool/root
zfs create -o mountpoint=/ $root
zfs create $root/usr
zfs create -o compression=lzjb -o setuid=off $root/usr/ports
zfs create -o compression=off -o exec=off -o setuid=off $root/usr/ports/distfiles
zfs create -o compression=off -o exec=off -o setuid=off $root/usr/ports/packages
zfs create -o compression=lzjb -o exec=off -o setuid=off $root/usr/src
zfs create $root/home
zfs create $root/var
zfs create -o compression=lzjb -o exec=off -o setuid=off $root/var/crash
zfs create -o exec=off -o setuid=off $root/var/db
zfs create -o compression=lzjb -o exec=on -o setuid=off $root/var/db/pkg
zfs create -o exec=off -o setuid=off $root/var/empty
zfs create -o compression=lzjb -o exec=off -o setuid=off $root/var/log
zfs create -o compression=gzip -o exec=off -o setuid=off $root/var/mail
zfs create -o exec=off -o setuid=off $root/var/run
zfs create -o compression=lzjb -o exec=on -o setuid=off $root/var/tmp
tar --unlink -xpJf $bsd/base.txz -C $base
tar --unlink -xpJf $bsd/lib32.txz -C $base
zfs set readonly=on $root/var/empty
#zpool set bootfs=$pool/root $pool
if=$(ifconfig -ul ether |awk '{print $1}')
ip=$(ifconfig -f inet:cidr $if inet|awk '/inet/{print $2;exit}')
router=$(netstat -nrf inet|awk '/default/{print $2}')
name=$(hostname)
[ -z "$name" ] && name="setup"
cat << EOM >> $base/etc/rc.conf
# minimal rc.conf
# please set hostname and ip configuration
#
hostname="$name"
ifconfig_$if="$ip"
defaultrouter="$router"
# OR
#ifconfig_$if="DHCP"
zfs_enable="YES"
sshd_enable="YES"
sendmail_enable="NONE"
# existing rc.conf for reference:
EOM
[ -f /etc/rc.conf ] && cat /etc/rc.conf|sed 's/^/#/' >> $base/etc/rc.conf
zpool export $pool
zpool import -o altroot=$base -o cachefile=/tmp/zpool.cache $pool
cp /tmp/zpool.cache $base/boot/zfs/
[ ! -d $base$ufsdir ] && mkdir $base$ufsdir
mount /dev/mirror/boot $base$ufsdir
cp -pRP $base/boot $base$ufsdir
rm -rf $base/boot
ln -s ${ufsdir#/}/boot $base/boot
chflags -h sunlink $base/boot
tar -xpPJf $bsd/kernel.txz -C $base
echo /dev/mirror/boot $ufsdir ufs rw 1 1 >> /mnt/etc/fstab
echo /dev/mirror/swap.eli none swap sw 0 0 >> /mnt/etc/fstab
echo 'geom_eli_load="YES"' >> $base/boot/loader.conf
echo 'geom_mirror_load="YES"' >> $base/boot/loader.conf
echo 'zfs_load="YES"' >> $base/boot/loader.conf
echo vfs.root.mountfrom=\"ufs:/dev/mirror/boot\" >> $base/boot/loader.conf
# -- Enable daily status reporting
echo 'daily_status_gmirror_enable="YES"' >> $base/etc/periodic.conf
# If we used ssh, keep the keys
cp /etc/ssh/ssh_host* $base/etc/ssh/ || true
rpw=`grep '^root:[^*]' /etc/master.passwd`
if [ ! -z "$rpw" ] ; then
sed -i '' '/^root:/i\
'"$rpw"'
/^root:/d' $base/etc/master.passwd
pwd_mkdb -p -d $base/etc $base/etc/master.passwd
else
chroot $base passwd root
fi
sed -i '' -e 's/^#\(PermitRootLogin\).*/\1 yes/' $base/etc/ssh/sshd_config
vi $base/etc/rc.conf
export ufsdir pool
sh PREBOOT setup $base$ufsdir $base
[ -f bin/dropbear ] && cp bin/dropbear $base$ufsdir/sbin/
[ -d $base$ufsdir/root/.ssh ] || mkdir $base$ufsdir/root/.ssh
[ -f .ssh/authorized_keys ] && cp .ssh/authorized_keys $base$ufsdir/root/.ssh/
echo "All ok"