-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathpart-luks-2.ks.in
61 lines (44 loc) · 1.34 KB
/
part-luks-2.ks.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
%ksappend repos/default.ks
network --bootproto=dhcp
bootloader --timeout=1
zerombr
clearpart --all --initlabel
# Test LUKS 2 with default values.
reqpart
part / --fstype="ext4" --size=7891 --encrypted --passphrase="passphrase" --luks-version=luks2
part /boot --fstype="ext4" --size=1024
part swap --fstype="swap" --size=1024
keyboard us
lang en
timezone America/New_York
rootpw qweqwe
shutdown
%packages
%end
%post
# Find the LUKS device.
crypted="$(blkid --match-token TYPE="crypto_LUKS" --output device)"
if [[ $? != 0 ]] ; then
echo "*** couldn't find a LUKS device" > /root/RESULT
exit 1
fi
# Check if the type of the crypted device is crypto_LUKS.
type="$(blkid -o value -s TYPE ${crypted})"
if [[ "$type" != "crypto_LUKS" ]] ; then
echo "*** unexpected type ${type} of ${crypted}" >> /root/RESULT
fi
# Check if the LUKS version is luks2.
result="$(cryptsetup luksDump ${crypted} | awk '{ if ($1 == "Version:") print $2; }' )"
if [[ "$result" != "2" ]] ; then
echo "*** unexpected LUKS version for ${crypted}: ${result}" >> /root/RESULT
fi
# Try to use the passphrase.
echo "passphrase" | cryptsetup luksOpen --test-passphrase "${crypted}"
if [[ $? != 0 ]] ; then
echo "*** cannot open ${crypted} with the passphrase" >> /root/RESULT
fi
# The test was successful.
if [ ! -e /root/RESULT ]; then
echo SUCCESS > /root/RESULT
fi
%end