It would be good to define new requirements, if any. Currently, I see only single disk drive support for GELI in pc-sysinstall. Here's code for multiple GELI drive support. It gives you the option to encrypt the drive(s) selected.
Sorry, I've been too busy to work on it, but this might help you get a little further.
This is for GBI
# File: gbi/partition_ui.py
from tkinter import Tk, Label, Entry, Checkbutton, Button, OptionMenu, StringVar, BooleanVar, Toplevel, messagebox
class PartitionConfigUI:
def __init__(self, root):
self.root = root
self.selected_drive = StringVar()
self.encrypt_var = BooleanVar()
self.passphrase = None
self.partition_config = []
# Available drives
self.available_drives = self.get_available_drives()
self.selected_drive.set(self.available_drives[0])
# Drive Selection Dropdown
Label(root, text="Select Drive:").grid(row=0, column=0, sticky="w")
self.drive_dropdown = OptionMenu(root, self.selected_drive, *self.available_drives)
self.drive_dropdown.grid(row=0, column=1, sticky="w")
# Partition Name
Label(root, text="Partition Name:").grid(row=1, column=0, sticky="w")
self.partition_name_entry = Entry(root)
self.partition_name_entry.grid(row=1, column=1, sticky="w")
# Mount Point
Label(root, text="Mount Point:").grid(row=2, column=0, sticky="w")
self.mount_point_entry = Entry(root)
self.mount_point_entry.grid(row=2, column=1, sticky="w")
# Enable Encryption
self.encrypt_checkbox = Checkbutton(
root, text="Enable Encryption (GELI)", variable=self.encrypt_var, command=self.toggle_passphrase_prompt
)
self.encrypt_checkbox.grid(row=3, column=1, sticky="w")
# Submit Button
self.submit_button = Button(root, text="Add Partition", command=self.save_partition_config)
self.submit_button.grid(row=4, column=1, sticky="e")
# Done Button
self.done_button = Button(root, text="Done", command=self.done)
self.done_button.grid(row=5, column=1, sticky="e")
def get_available_drives(self):
# Simulated list of drives for demo purposes
return ["/dev/ada0", "/dev/ada1", "/dev/nda0"]
def toggle_passphrase_prompt(self):
if self.encrypt_var.get():
self.get_passphrase()
def get_passphrase(self):
"""
Prompt the user to enter and confirm a passphrase.
"""
top = Toplevel(self.root)
top.title("Enter Passphrase")
Label(top, text="Enter Passphrase (min 8 characters):").grid(row=0, column=0, sticky="w")
passphrase_entry = Entry(top, show="*")
passphrase_entry.grid(row=0, column=1)
Label(top, text="Confirm Passphrase:").grid(row=1, column=0, sticky="w")
confirm_entry = Entry(top, show="*")
confirm_entry.grid(row=1, column=1)
def save_passphrase():
passphrase = passphrase_entry.get()
confirm_passphrase = confirm_entry.get()
if len(passphrase) < 8:
messagebox.showerror("Error", "Passphrase must be at least 8 characters.")
elif passphrase != confirm_passphrase:
messagebox.showerror("Error", "Passphrases do not match!")
else:
self.passphrase = passphrase
top.destroy()
Button(top, text="OK", command=save_passphrase).grid(row=2, column=1, sticky="e")
def save_partition_config(self):
"""
Save the partition configuration for the selected drive.
"""
partition_config = {
"drive": self.selected_drive.get(),
"partition_name": self.partition_name_entry.get(),
"mount_point": self.mount_point_entry.get(),
"encrypt": self.encrypt_var.get(),
"passphrase": self.passphrase,
}
if partition_config["encrypt"] and not partition_config["passphrase"]:
messagebox.showerror("Error", "Encryption enabled but no passphrase provided.")
return
self.partition_config.append(partition_config)
print(f"Partition Config: {self.partition_config}") # Debug print
# Clear inputs for next partition
self.partition_name_entry.delete(0, "end")
self.mount_point_entry.delete(0, "end")
self.encrypt_var.set(False)
self.passphrase = None
def done(self):
"""
Print the final partition configuration and exit.
"""
print("Final Partition Config:", self.partition_config)
self.root.destroy()
if __name__ == "__main__":
root = Tk()
root.title("Partition Configuration")
PartitionConfigUI(root)
root.mainloop()
This is for pc-sysinstall
#!/bin/sh
# File: pc-sysinstall/partitioning.sh
setup_geli_passphrase() {
local partition=$1
local passphrase=$2
echo "Initializing GELI encryption with passphrase on $partition..."
echo "$passphrase" | geli init -s 4096 -e AES-XTS -l 256 -J - "$partition"
echo "$passphrase" | geli attach -j - "$partition"
}
partition_drive() {
local drive=$1
local partitions=$2
echo "Partitioning drive: $drive"
for partition in $partitions; do
local mount_point=$(echo $partition | cut -d':' -f1)
local encrypt=$(echo $partition | cut -d':' -f2)
local passphrase=$(echo $partition | cut -d':' -f3)
if [ "$encrypt" = "YES" ]; then
setup_geli_passphrase "/dev/${drive}" "$passphrase"
drive="${drive}.eli"
fi
# Create filesystem
newfs -U "/dev/$drive"
echo "File system created on /dev/$drive"
# Mount the partition
mkdir -p "/mnt/$mount_point"
mount "/dev/$drive" "/mnt/$mount_point"
done
}
# Main script entry point
main() {
local config_file="/installerconfig"
# Iterate through all disks in the config
for drive in $(grep "^disk" $config_file | cut -d'=' -f2); do
partitions=$(grep "${drive}-partitions" $config_file | cut -d'=' -f2)
partition_drive "$drive" "$partitions"
done
}
main "$@"