diff options
| author | Craig Jennings <c@cjennings.net> | 2026-01-24 12:23:45 -0600 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-01-24 12:23:45 -0600 |
| commit | 3fc34866ab9092445039f1da3c9f71c60f30f2ee (patch) | |
| tree | beb1babf521f80962095ff93c2f1740a0216b6b2 /custom | |
| parent | 94af83c1c8446ef1a564cff8aec5487afa47693e (diff) | |
| download | archangel-3fc34866ab9092445039f1da3c9f71c60f30f2ee.tar.gz archangel-3fc34866ab9092445039f1da3c9f71c60f30f2ee.zip | |
Fix LUKS btrfs installation and reduce ISO size
- Fix GRUB cryptodisk: configure_grub() heredoc was overwriting LUKS
settings added by configure_luks_grub(). Moved LUKS GRUB config
(GRUB_ENABLE_CRYPTODISK=y, cryptdevice cmdline) into configure_grub()
after the heredoc writes the base config.
- Fix ISO bloat: archsetup copy was including vm-images (17GB).
Changed from cp -r to rsync with exclusions for vm-images,
test-results, .qcow2, and .iso files. ISO now 2.0GB.
- btrfs-luks VM test now passes.
Diffstat (limited to 'custom')
| -rw-r--r-- | custom/lib/btrfs.sh | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/custom/lib/btrfs.sh b/custom/lib/btrfs.sh index 47c6f42..90c5e6d 100644 --- a/custom/lib/btrfs.sh +++ b/custom/lib/btrfs.sh @@ -105,11 +105,14 @@ configure_luks_grub() { local uuid uuid=$(blkid -s UUID -o value "$partition") + # Enable GRUB cryptodisk support (required for encrypted /boot) + echo "GRUB_ENABLE_CRYPTODISK=y" >> /mnt/etc/default/grub + # Add cryptdevice to GRUB cmdline sed -i "s|^GRUB_CMDLINE_LINUX=\"|GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$uuid:$LUKS_MAPPER_NAME:allow-discards |" \ /mnt/etc/default/grub - info "GRUB configured with cryptdevice parameter." + info "GRUB configured with cryptdevice parameter and cryptodisk enabled." } ############################# @@ -399,6 +402,25 @@ GRUB_DISABLE_OS_PROBER=true GRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true EOF + # Add LUKS encryption settings if enabled + if [[ "$NO_ENCRYPT" != "yes" && -n "$LUKS_PASSPHRASE" ]]; then + echo "" >> /mnt/etc/default/grub + echo "# LUKS encryption support" >> /mnt/etc/default/grub + echo "GRUB_ENABLE_CRYPTODISK=y" >> /mnt/etc/default/grub + + # Get UUID of encrypted partition and add cryptdevice to cmdline + # Find the LUKS partition (partition 2 of the first disk) + local luks_part + luks_part=$(echo "$DISKS" | cut -d',' -f1)2 + if [[ -b "$luks_part" ]]; then + local uuid + uuid=$(blkid -s UUID -o value "$luks_part") + sed -i "s|^GRUB_CMDLINE_LINUX=\"|GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$uuid:$LUKS_MAPPER_NAME:allow-discards |" \ + /mnt/etc/default/grub + info "Added cryptdevice parameter for LUKS partition." + fi + fi + # Create /boot/grub directory mkdir -p /mnt/boot/grub |