add cryptdisk bios/mbr support

arch.sh

@@ -5,7 +5,7 @@
 # do this if you exactly understand EVERY SINGLE
 # LINE of this bash script. You'll thank me later.
 
-pacman -Sy --noconfirm dialog ||  { printf "Error at script start:\n\nAre you sure you're running this as the root user?\n\t(Tip: run 'whoami' to check)\n\nAre you sure you have an internet connection?\n\t(Tip: run 'ip a' to check)\n"; exit; }
+pacman -Sy --noconfirm dialog || { printf "Error at script start:\n\nAre you sure you're running this as the root user?\n\t(Tip: run 'whoami' to check)\n\nAre you sure you have an internet connection?\n\t(Tip: run 'ip a' to check)\n"; exit; }
 
 dialog --defaultno --title "WARNING!" --yesno "Do only run this script if you're a big brain who doesn't mind deleting one or more (this depends on your level of stupidity in the following steps) of his /dev/sd[x] drives. \n\nThis script is only really for me so I can save some of my precious time.\n\nNoah"  15 60 || { clear; exit; }
 
@@ -27,42 +27,35 @@ DRIVE=$(cat drive)
 timedatectl set-ntp true
 
 cat <<EOF | fdisk -W always /dev/${DRIVE}
-p
-g
-n
-
-
-+1024M
-t
-4
+o
 n
+p
 
 
 +${SIZE}G
 t
 2
-19
-p
+82
 n
+p
 
 
 
-t
-3
-20
-p
+a
+2
 w
 EOF
 partprobe
 
-yes | mkfs.ext4 /dev/${DRIVE}3
-mkswap /dev/${DRIVE}2
-swapon /dev/${DRIVE}2
-mount /dev/${DRIVE}3 /mnt
+cryptsetup luksFormat --type luks1 /dev/${DRIVE}2
+cryptsetup open /dev/${DRIVE}2 cryptroot
+
+yes | mkfs.ext4 /dev/mapper/cryptroot
+mount /dev/mapper/cryptroot /mnt
 
 pacman -Sy --noconfirm archlinux-keyring
 
-pacstrap /mnt base base-devel linux linux-firmware networkmanager rsync
+pacstrap /mnt base linux linux-firmware cryptsetup
 
 genfstab -U /mnt >> /mnt/etc/fstab
 cat tz.tmp > /mnt/tzfinal.tmp
@@ -71,7 +64,5 @@ mv drive /mnt
 mv comp /mnt/etc/hostname
 curl https://raw.githubusercontent.com/noahvogt/norisa/main/chroot.sh > /mnt/chroot.sh && arch-chroot /mnt bash chroot.sh && rm /mnt/chroot.sh
 
-dialog --defaultno --title "Final Qs" --yesno "Reboot computer?"  5 30 && reboot
 dialog --defaultno --title "Final Qs" --yesno "Return to chroot environment?"  6 30 && arch-chroot /mnt
 clear
-

chroot.sh

@@ -1,13 +1,13 @@
 #!/bin/bash
 
-# This a lazy and DANGEROUS way to install Arch.
-# I do not recommend this to other people, ONLY
-# do this if you exactly understand EVERY SINGLE
-# LINE of this bash script. You'll thank me later.
-
-passwd
+while true; do 
+    passwd && break
+done
 
 TZuser=$(cat tzfinal.tmp)
+DRIVE=$(cat drive)
+
+echo KEYMAP=de_CH-latin1 > /etc/vconsole.conf
 
 ln -sf /usr/share/zoneinfo/$TZuser /etc/localtime
 
@@ -20,5 +20,21 @@ locale-gen
 pacman --noconfirm --needed -S networkmanager
 systemctl enable NetworkManager
 
-DRIVE=$(cat drive)
-pacman --noconfirm --needed -S grub && grub-install --target=i386-pc /dev/${DRIVE} && grub-mkconfig -o /boot/grub/grub.cfg
+dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin
+while true; do
+    cryptsetup luksAddKey /dev/${DRIVE}2 /crypto_keyfile.bin && break
+done
+chmod 000 /crypto_keyfile.bin
+
+sed -i 's/FILES=()/FILES=(\/crypto_keyfile.bin)/' /etc/mkinitcpio.conf
+sed -i 's/block filesystems/block encrypt filesystems/' /etc/mkinitcpio.conf
+mkinitcpio -P
+
+sed -i "s/GRUB_CMDLINE_LINUX=\"\"/GRUB_CMDLINE_LINUX=\"cryptdevice=\/dev\/${DRIVE}2:cryptroot\"/" /etc/default/grub
+sed -i 's/#GRUB_ENABLE_CRYPTODISK/GRUB_ENABLE_CRYPTODISK/' /etc/default/grub
+
+echo "swap /dev/${DRIVE}1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256" >> /etc/crypttab
+
+pacman --noconfirm --needed -S grub
+grub-install --target=i386-pc /dev/${DRIVE} --recheck
+grub-mkconfig -o /boot/grub/grub.cfg