From d2dabb5912d30f2cd4c91ebbb25f50eaac3797e6 Mon Sep 17 00:00:00 2001
From: Dominik Roth <mail@dominik-roth.eu>
Date: Tue, 13 May 2025 18:41:52 +0200
Subject: [PATCH] bunch of fixes

---
 build.py | 63 ++++++++++++++++++--------------------------------------
 1 file changed, 20 insertions(+), 43 deletions(-)

diff --git a/build.py b/build.py
index 1574125..e334757 100644
--- a/build.py
+++ b/build.py
@@ -288,20 +288,16 @@ text
 
 # Wipe all disk
 zerombr
-bootloader --location=mbr --boot-drive=sda
 clearpart --all --initlabel
 
 # Disk partitioning information
-part btrfs.boot --fstype=btrfs --size=5120 --ondisk=sda
-part btrfs.boot --fstype=btrfs --size=5120 --ondisk=sdb
-part btrfs.main --fstype=btrfs --encrypted --grow --fsoptions="compress=zstd:1,space_cache=v2" --ondisk=sda
-part btrfs.main --fstype=btrfs --encrypted --grow --fsoptions="compress=zstd:1,space_cache=v2" --ondisk=sdb
+# Boot partitions (5GB each)
+part /boot --fstype=btrfs --size=5120 --ondisk=sda
+part /boot --fstype=btrfs --size=5120 --ondisk=sdb
 
-# BTRFS subvolumes
-btrfs /boot --label=fedora-boot btrfs.boot
-btrfs none --label=fedora-btrfs btrfs.main
-btrfs /home --subvol --name=home fedora-btrfs
-btrfs /db --subvol --name=db fedora-btrfs
+# Main data partitions with LUKS
+part / --fstype=btrfs --encrypted --cipher=aes-xts-plain64 --luks-version=luks2 --grow --ondisk=sda
+part / --fstype=btrfs --encrypted --cipher=aes-xts-plain64 --luks-version=luks2 --grow --ondisk=sdb
 
 # Package source
 url --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch
@@ -324,8 +320,9 @@ tpm2-tools
 tpm2-tss
 cryptsetup
 systemd
-mdadm
 curl
+shim-x64
+grub2-efi-x64
 %end
 
 # Pre-installation script
@@ -351,43 +348,28 @@ EOF
 printf "\n=== Nullpoint Installation Progress ===\r\n" > /dev/tty1
 printf "Press Alt+F3 to view detailed installation logs\r\n" > /dev/tty1
 printf "Press Alt+F1 to return to main installation screen\r\n" > /dev/tty1
-printf "Current step: Setting up storage and encryption...\r\n\n" > /dev/tty1
+printf "Current step: Setting up TPM and Tang...\r\n\n" > /dev/tty1
 {{
-    # Generate secure passphrase
-    printf "Generating secure passphrase...\r\n" > /dev/tty1
-    LUKS_PASSPHRASE=$(openssl rand -base64 32)
+    # Get the LUKS passphrase that was used during installation
+    LUKS_PASSPHRASE=$(cat /tmp/luks-passphrase.txt)
     echo "$LUKS_PASSPHRASE" > /root/luks-passphrase.txt
     chmod 600 /root/luks-passphrase.txt
 
-    # Create RAID1 for boot
-    printf "Creating RAID1 array for boot...\r\n" > /dev/tty1
-    mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1 --metadata=1.2
-    mkfs.btrfs -f -L boot /dev/md0
-
-    # Setup LUKS on data partitions
-    printf "Setting up LUKS encryption...\r\n" > /dev/tty1
-    echo -n "$LUKS_PASSPHRASE" | tr -d "\n" | cryptsetup luksFormat /dev/sda2 --type luks2 --key-file -
-    echo -n "$LUKS_PASSPHRASE" | tr -d "\n" | cryptsetup luksFormat /dev/sdb2 --type luks2 --key-file -
-
-    # Setup Clevis
+    # Setup Clevis for TPM and Tang
     printf "Configuring Clevis for TPM and Tang...\r\n" > /dev/tty1
     clevis luks bind -d /dev/sda2 tpm2 -c /etc/clevis/tpm2.conf
     clevis luks bind -d /dev/sda2 tang -c /etc/clevis/tang.conf
     clevis luks bind -d /dev/sdb2 tpm2 -c /etc/clevis/tpm2.conf
     clevis luks bind -d /dev/sdb2 tang -c /etc/clevis/tang.conf
 
-    # Open LUKS volumes
-    printf "Opening LUKS volumes...\r\n" > /dev/tty1
-    echo -n "$LUKS_PASSPHRASE" | tr -d "\n" | cryptsetup luksOpen /dev/sda2 root_a --key-file -
-    echo -n "$LUKS_PASSPHRASE" | tr -d "\n" | cryptsetup luksOpen /dev/sdb2 root_b --key-file -
-
-    # Create BTRFS
-    printf "Creating BTRFS filesystem...\r\n" > /dev/tty1
-    mkfs.btrfs -f -d raid1 -m raid1 /dev/mapper/root_a /dev/mapper/root_b
+    # Get BTRFS UUID (same for all devices in the filesystem)
+    BTRFS_UUID=$(blkid -s UUID -o value /dev/mapper/luks-$(blkid -s UUID -o value /dev/sda2))
 
     # Create subvolumes
     printf "Creating BTRFS subvolumes...\r\n" > /dev/tty1
-    mount /dev/mapper/root_a /mnt
+    # Mount both devices for RAID1
+    mount -t btrfs -o raid1 UUID=$BTRFS_UUID /mnt
+    btrfs subvolume create /mnt/@root
     btrfs subvolume create /mnt/@home
     btrfs subvolume create /mnt/@db
     chattr +C /mnt/@db
@@ -395,16 +377,11 @@ printf "Current step: Setting up storage and encryption...\r\n\n" > /dev/tty1
     # Setup fstab
     printf "Configuring system mount points...\r\n" > /dev/tty1
     cat > /etc/fstab << EOF
-/dev/md0 /boot btrfs defaults 0 0
-/dev/mapper/root_a / btrfs compress=zstd 0 0
-/dev/mapper/root_a /home btrfs subvol=@home,compress=zstd 0 0
-/dev/mapper/root_a /db btrfs subvol=@db,nodatacow,noatime,compress=zstd 0 0
+UUID=$BTRFS_UUID / btrfs subvol=@root,compress=zstd,raid1 0 0
+UUID=$BTRFS_UUID /home btrfs subvol=@home,compress=zstd,raid1 0 0
+UUID=$BTRFS_UUID /db btrfs subvol=@db,nodatacow,noatime,compress=zstd,raid1 0 0
 EOF
 
-    # Save RAID configuration
-    printf "Saving RAID configuration...\r\n" > /dev/tty1
-    mdadm --detail --scan > /etc/mdadm.conf
-
     # Enable services
     printf "Enabling system services...\r\n" > /dev/tty1
     systemctl enable clevis-luks-askpass.service