Forum Debian Users Gang

Udostępniłem tutorial, ale komuś się to nie spodobało i temat został wrzucony do kosza. Szkoda, że bez wcześniejszej konsultacji z autorem, czyli ze mną.
https://forum.dug.net.pl/viewtopic.php?id=31439

Nie zamierzam wchodzić w szerszą polemikę, która nie ma sensu. Mam ciekawsze  rzeczy do roboty. W każdym razie PDF nie zawiera z całą pewnością wirusów (o ile morfik go nie podmienił :P). Jak ktoś umie korzytać z programów antywirusowych to może się sam o tym przekonać.

Jeszcze raz, może tym razem ktoś nie będzie taki szybki do zamykania wątków, bez oczekiwania na odpowiedź autora.
Szczegóły oraz sam tutorial w pliku PDF, dostępne pod linkiem:
https://docdro.id/5wdBWxR

A oto plain text w 100%.

=============================================================================
Przygotowanie dysku twardego na instalację systemu operacyjnego
=============================================================================
mount | grep efivars
sudo -i
export DEV="/dev/nvme0n1"
export DM="${DEV##*/}"

sgdisk --zap-all $DEV
sgdisk --print $DEV
sgdisk --new=1:0:+300M $DEV
sgdisk --new=2:0:+1024M $DEV
sgdisk --new=5:0:0 $DEV

sgdisk --typecode=1:EF00 --typecode=2:8300 --typecode=5:8300 $DEV
sgdisk --change-name=1:EFI-SP --change-name=2:/boot --change-name=5:rootfs $DEV
sgdisk --print $DEV

cryptsetup --help
cryptsetup luksFormat --type=luks1 ${DEV}p2
cryptsetup luksFormat --type=luks1 ${DEV}p5
cryptsetup open ${DEV}p2 LUKS_BOOT
cryptsetup open ${DEV}p5 ${DM}p5_crypt

mkfs.vfat -F 32 ${DEV}p1
mkfs.ext4 /dev/mapper/LUKS_BOOT

pvcreate /dev/mapper/${DM}p5_crypt
vgcreate systemvg /dev/mapper/${DM}p5_crypt
lvcreate -n rootlv -L 50G systemvg
lvcreate -n homelv -L 50G systemvg

vgs
lvs
lsblk ${DEV}

--------------------------------------------------------------
=============================================================================
Przygotowanie dodatkowego dysku twardego
=============================================================================
export DEV2="/dev/sda"
export DM2="${DEV2##*/}"

sgdisk --zap-all $DEV2
sgdisk --print $DEV2
sgdisk --new=1:0:0 $DEV2
sgdisk --typecode=1:8300 $DEV2
sgdisk --change-name=1:datafs $DEV2
sgdisk --print $DEV2

cryptsetup luksFormat --type=luks1 ${DEV2}1
cryptsetup open ${DEV2}1 ${DM2}1_crypt

pvcreate /dev/mapper/${DM2}1_crypt
vgcreate datavg /dev/mapper/${DM2}1_crypt
lvcreate -n documentslv -L 50G datavg
lvcreate -n musiclv -L 30G datavg
lvcreate -n pictureslv -L 30G datavg
lvcreate -n videolv -L 50G datavg
lvcreate -n downloadlv -L 30G datavg

vgs
lvs
lsblk ${DEV2}

gparted

mkfs.ext4 /dev/mapper/datavg-documentslv
mkfs.ext4 /dev/mapper/datavg-musiclv
mkfs.ext4 /dev/mapper/datavg-pictureslv
mkfs.ext4 /dev/mapper/datavg-videolv
mkfs.ext4 /dev/mapper/datavg-downloadlv

---------------------------------------------------------------------
=============================================================================
Instalacja systemu na przygotowanym dysku twardym
=============================================================================
xed /lib/partman/check.d/07crypto_check_mountpoints
exit
$ sh -c 'ubiquity -b gtk_ui'&

--------------------------------------------------------------------
=============================================================================
Konfiguracja systemu po instalacji
=============================================================================
sudo -i

mount /dev/mapper/systemvg-rootlv /target
mount /dev/mapper/LUKS_BOOT /target/boot
mount --bind /dev /target/dev
mount --bind /dev/pts /target/dev/pts
mount --bind /sys /target/sys
mount --bind /proc /target/proc
mount --bind /run /target/run
mount /dev/nvme0n1p1 /target/boot/efi

chroot /target

apt-get update
apt-get -y install grub-efi

apt-get install -y cryptsetup-initramfs

echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf

mkdir /etc/luks
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=4
dd if=/dev/urandom of=/etc/luks/boot_data.keyfile bs=4096 count=4

chmod u=rx,go-rwx /etc/luks
chmod u=r,go-rwx /etc/luks/boot_os.keyfile
chmod u=r,go-rwx /etc/luks/boot_data.keyfile

export DEV="/dev/nvme0n1"
export DM="${DEV##*/}"
export DEV2="/dev/sda"
export DM2="${DEV2##*/}"

cryptsetup luksAddKey ${DEV}p2 /etc/luks/boot_os.keyfile
cryptsetup luksAddKey ${DEV}p5 /etc/luks/boot_os.keyfile
cryptsetup luksAddKey ${DEV2}1 /etc/luks/boot_data.keyfile

echo "LUKS_BOOT UUID=$(blkid -s UUID -o value ${DEV}p2) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
echo "${DM}p5_crypt UUID=$(blkid -s UUID -o value ${DEV}p5) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
echo "${DM2}1_crypt UUID=$(blkid -s UUID -o value ${DEV2}1) /etc/luks/boot_data.keyfile luks,discard" >> /etc/crypttab

vi /etc/crypttab

locale-gen --purge --no-archive
update-initramfs -u -k all

Edycja wpisów w pliku /etc/default/grub
#############################################################
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=menu
#GRUB_TIMEOUT_STYLE=hidden
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_ENABLE_CRYPTODISK=y
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/sda5:sda5_crypt"
GRUB_CMDLINE_LINUX=""
#############################################################


update-grub
grub-mkconfig -o /boot/grub/grub.cfg


grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=Mint --boot-directory=/boot --modules="all_video boot btrfs cat chain configfile crypto cryptodisk disk diskfilter echo efifwsetup efinet ext2 fat font gettext gcry_arcfour gcry_blowfish gcry_camellia gcry_cast5 gcry_crc gcry_des gcry_dsa gcry_idea gcry_md4 gcry_md5 gcry_rfc2268 gcry_rijndael gcry_rmd160 gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_tiger gcry_twofish gcry_whirlpool gfxmenu gfxterm gfxterm_background gzio halt hfsplus iso9660 jpeg keystatus loadenv loopback linux linuxefi lsefi lsefimmap lsefisystab lssal luks lvm mdraid09 mdraid1x memdisk minicmd normal part_apple part_msdos part_gpt password_pbkdf2 png raid5rec raid6rec reboot search search_fs_uuid search_fs_file search_label sleep squash4 test true verify video zfs zfscrypt zfsinfo" --recheck

rm -r /mnt/boot/efi/EFI/ubuntu


exit
umount /target/boot/efi /target/proc /target/dev/pts /target/dev /target/sys /target/boot /target


---------------------------------------------------------------------
cryptsetup luksHeaderBackup /dev/sda2 --header-backup-file sda2_header_backup
cryptsetup luksHeaderBackup /dev/sda5 --header-backup-file sda5_header_backup
cryptsetup luksHeaderBackup /dev/sdb1 --header-backup-file sdb1_header_backup


---------------------------------------------------------------------
=============================================================================
Montowanie woluminów LVM w katalogu użytkownika
=============================================================================

sudo vim /etc/fstab
# Montowanie dysków LVM jako katalogów użytkownika
/dev/datavg/documentslv         /home/test/Dokumenty      ext4    defaults,x-gvfs-hide    0       2
/dev/datavg/musiclv             /home/test/Muzyka         ext4    defaults,x-gvfs-hide    0       2
/dev/datavg/pictureslv          /home/test/Obrazy         ext4    defaults,x-gvfs-hide    0       2
/dev/datavg/videolv             /home/test/Wideo          ext4    defaults,x-gvfs-hide    0       2
/dev/datavg/downloadlv          /home/test/Pobrane        ext4    defaults,x-gvfs-hide    0       2

sudo mount -a

df -h | grep /home/test

ls -l /home/test

sudo chown -R test:test /home/test/Dokumenty/
sudo chown -R test:test /home/test/Muzyka/
sudo chown -R test:test /home/test/Obrazy/
sudo chown -R test:test /home/test/Wideo/
sudo chown -R test:test /home/test/Pobrane/

ls -l /home/test