From 3fe2d2657e3926d716cd83d0b22606e3d823a0a3 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Thu, 9 Feb 2023 10:40:38 -0700
Subject: [PATCH] fix

---
 debian.sh | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/debian.sh b/debian.sh
index 7e23b16..83b8da7 100755
--- a/debian.sh
+++ b/debian.sh
@@ -46,6 +46,7 @@ WIRELESS_INTERFACE='wlan0'
 DISK_PASSWORD='123456'
 COMPRESSION='compress=zlib:5'
 DEBIAN_RELEASE='stable'
+AUTO_DECRYPT='True'
 FLATPAKS+=( app/net.brinkervii.grapejuice org.kde.kdenlive )
 
 #Packages
@@ -116,7 +117,19 @@ systemMounts(){
 }
 
 decryptBoot(){
-	sed -i "s/none/\/etc\/keyfile.key/" /etc/crypttab
+    KEYFILE='keyfile.key'
+    echo;echo "Setting LUKS to use Keyfile for password entry";echo
+    echo;echo "Clearing Old Keys";echo
+    for i in 1 2 3 4 5 6
+        do
+            printf "$DISK_PASSWORD" | cryptsetup luksKillSlot ${BTRFS} $i
+    done
+    dd if=/dev/urandom of=/etc/$KEYFILE bs=1024 count=4 
+    chown root:root /etc/$KEYFILE
+    chmod 0400 /etc/$KEYFILE
+    echo;echo "Adding new key......";echo
+    printf "$DISK_PASSWORD" | cryptsetup luksAddKey ${BTRFS} /etc/$KEYFILE
+	sed -i "s/none/\/etc\/$KEYFILE/" /etc/crypttab
 	echo "KEYFILE_PATTERN=\"/etc/*.key\"" > /etc/cryptsetup-initramfs/conf-hook
 }
 
@@ -242,7 +255,9 @@ bootloader() {
     tar xf /etc/default/debian.tar -C /boot/grub/themes/
     plymouth-set-default-theme -R spacefun
     echo "root UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2)  none luks" > /etc/crypttab 
-    decryptBoot
+    if [ "$AUTO_DECRYPT" == "True" ];then
+        decryptBoot
+    fi
     /sbin/update-initramfs -c -k all
     echo "GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash\"" >/etc/default/grub 
     echo "GRUB_CMDLINE_LINUX=cryptdevice=UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2):root root=UUID=$(/sbin/blkid | grep root | cut -d '"' -f4) rootflags=subvol@${ROOT_NAME} mitigations=-off" >>/etc/default/grub   
@@ -254,7 +269,6 @@ bootloader() {
 
  function setup_script() {
     cp -f debian.sh $TARGET/usr/bin/
-    cp -f keyfile $TARGET/etc/keyfile.key 
     echo 'bash /usr/bin/debian.sh kernel-packages' >>$TARGET/setup.sh
     sed -i 's/most/dep/i' $TARGET/etc/initramfs-tools/initramfs.conf 
     echo "bash /usr/bin/debian.sh bootloader $1" >>$TARGET/setup.sh
@@ -427,6 +441,7 @@ server-config(){
     apt autoremove -y
 }
 
+
 initialize-disk() {
     parted /dev/$HARD_DISK mklabel gpt
     parted /dev/$HARD_DISK mkpart primary fat32 1MiB 200MiB
@@ -438,8 +453,6 @@ initialize-disk() {
     echo
     echo "Formatting....."
     echo y | mkfs.btrfs /dev/mapper/root --force
-    dd if=/dev/urandom of=keyfile bs=1024 count=4 
-    printf "$DISK_PASSWORD" | cryptsetup luksAddKey ${BTRFS} keyfile 
 }
 
 wifi() {