diff options
author | Eric Hameleers <alien@slackware.com> | 2016-01-22 15:15:17 +0100 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2016-01-22 15:15:17 +0100 |
commit | c4e4112bdc8aa5fe92d797ab77744d3bcd70caf9 (patch) | |
tree | 0ec836a54d4cf7eca147b887632e2583aad2680b /make_slackware_live.sh | |
parent | 1f94ea9542d4c54340e8b138d32c16f5c02a764e (diff) | |
download | liveslak-c4e4112bdc8aa5fe92d797ab77744d3bcd70caf9.tar.gz liveslak-c4e4112bdc8aa5fe92d797ab77744d3bcd70caf9.tar.xz |
Add support for a LUKS-encrypted /home in the USB Live version.
Using iso2usb.sh script's new '-c' parameter, you can define the size for
a container file in the root of the USB stick's Linux partition.
- The container file will be loop-mounted and LUKS-encrypted and the
Live OS will mount the filesystem inside the container on /home/.
- The LUKS passphrase will be defined when executing the 'iso2usb.sh' script.
- The original /home content of the ISO will be copied into the
LUKS-encrypted container during execution of the 'iso2usb.sh' script.
- If for whatever reason you do not want to unlock & mount the LUKS container
during boot, you must add the boot parameter " luksvol= " to the syslinux
or grub commandline.
Diffstat (limited to 'make_slackware_live.sh')
-rwxr-xr-x | make_slackware_live.sh | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/make_slackware_live.sh b/make_slackware_live.sh index c83623d..0f7a577 100755 --- a/make_slackware_live.sh +++ b/make_slackware_live.sh @@ -31,6 +31,7 @@ # - uses overlayfs to bind multiple squashfs modules together # - you can add your own modules into ./addons/ or ./optional subdirectories. # - persistence is enabled when writing the ISO to USB stick using iso2usb.sh. +# - LUKS encrypted homedirectory is optional on USB stick using iso2usb.sh. # # ----------------------------------------------------------------------------- @@ -155,8 +156,9 @@ SEQ_MSB="tagfile:a,ap,d,e,f,k,l,n,t,tcl,x,xap,xfce,y pkglist:slackextra,mate loc # - each will become a squashfs module: SEQ_CIN="tagfile:a,ap,d,e,f,k,l,n,t,tcl,x,xap,xfce,y pkglist:slackextra,cinnamon local:slackpkg+" -# List of kernel modules required for a live medium to boot properly: -KMODS=${KMODS:-"squashfs:overlay:loop:xhci-pci:ehci-pci:uhci_hcd:usb-storage:hid:usbhid:hid_generic:jbd:mbcache:ext3:ext4:isofs:fat:nls_cp437:nls_iso8859-1:msdos:vfat"} +# List of kernel modules required for a live medium to boot properly; +# Lots of HID modules added to support keyboard input for LUKS password entry: +KMODS=${KMODS:-"squashfs:overlay:loop:xhci-pci:ohci-pci:ehci-pci:xhci-hcd:uhci-hcd:ehci-hcd:usb-storage:hid:usbhid:hid-generic:hid-cherry:hid-logitech:hid-logitech-dj:hid-logitech-hidpp:hid-lenovo:hid-microsoft:jbd:mbcache:ext3:ext4:isofs:fat:nls_cp437:nls_iso8859-1:msdos:vfat"} # What compression to use for the squashfs modules? # Default is xz, alternatives are gzip, lzma, lzo: @@ -1330,13 +1332,14 @@ KVER=$(ls --indicator-style=none ${LIVE_ROOTDIR}/lib/modules/ |head -1) # Create an initrd for the generic kernel, using a modified init script: echo "-- Creating initrd for kernel-generic $KVER ..." -chroot ${LIVE_ROOTDIR} /sbin/mkinitrd -c -w ${WAIT} -l us -o /boot/initrd_${KVER}.gz -k ${KVER} -m ${KMODS} 1>${DBGOUT} 2>${DBGOUT} +chroot ${LIVE_ROOTDIR} /sbin/mkinitrd -c -w ${WAIT} -l us -o /boot/initrd_${KVER}.gz -k ${KVER} -m ${KMODS} -L -C dummy 1>${DBGOUT} 2>${DBGOUT} cat $LIVE_TOOLDIR/liveinit | sed \ -e "s/@LIVEMAIN@/$LIVEMAIN/g" \ -e "s/@MEDIALABEL@/$MEDIALABEL/g" \ -e "s/@PERSISTENCE@/$PERSISTENCE/g" \ -e "s/@DARKSTAR@/$LIVE_HOSTNAME/g" \ > ${LIVE_ROOTDIR}/boot/initrd-tree/init +cat /dev/null > ${LIVE_ROOTDIR}/boot/initrd-tree/luksdev chroot ${LIVE_ROOTDIR} /sbin/mkinitrd 1>/dev/null 2>${DBGOUT} rm -rf ${LIVE_ROOTDIR}/boot/initrd-tree |