getch 0.0.4 → 0.0.9

data/lib/getch/filesystem.rb

@@ -0,0 +1,7 @@
+module Getch
+  module FileSystem
+  end
+end
+
+require_relative 'filesystem/ext4'
+require_relative 'filesystem/lvm'

data/lib/getch/filesystem/ext4.rb

@@ -0,0 +1,14 @@
+module Getch
+  module FileSystem
+    module Ext4
+    end
+  end
+end
+
+require_relative 'ext4/device'
+require_relative 'ext4/partition'
+require_relative 'ext4/format'
+require_relative 'ext4/mount'
+require_relative 'ext4/config'
+require_relative 'ext4/deps'
+require_relative 'ext4/encrypt'

data/lib/getch/filesystem/ext4/config.rb

@@ -0,0 +1,59 @@
+module Getch
+  module FileSystem
+    module Ext4
+      class Config < Getch::FileSystem::Ext4::Device
+        def initialize
+          super
+          gen_uuid
+          @root_dir = MOUNTPOINT
+          @init = '/usr/lib/systemd/systemd'
+        end
+
+        def fstab
+          file = "#{@root_dir}/etc/fstab"
+          datas = data_fstab
+          File.write(file, datas.join("\n"))
+        end
+
+        def systemd_boot
+          return if ! Helpers::efi? 
+          esp = '/boot/efi'
+          dir = "#{@root_dir}/#{esp}/loader/entries/"
+          datas_gentoo = [
+            'title Gentoo Linux',
+            'linux /vmlinuz',
+            "options root=PARTUUID=#{@partuuid_root} init=#{@init} rw"
+          ]
+          File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
+        end
+
+        def grub
+          return if Helpers::efi?
+          file = "#{@root_dir}/etc/default/grub"
+          cmdline = "GRUB_CMDLINE_LINUX=\"resume=#{@dev_swap} root=#{@dev_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force\"\n"
+          File.write(file, cmdline, mode: 'a')
+        end
+
+        private
+
+        def gen_uuid
+          @partuuid_root = `lsblk -o "PARTUUID" #{@dev_root} | tail -1`.chomp() if @dev_root
+          @uuid_swap = `lsblk -o "UUID" #{@dev_swap} | tail -1`.chomp() if @dev_swap
+          @uuid_root = `lsblk -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
+          @uuid_boot = `lsblk -o "UUID" #{@dev_boot} | tail -1`.chomp() if @dev_boot
+          @uuid_boot_efi = `lsblk -o "UUID" #{@dev_boot_efi} | tail -1`.chomp() if @dev_boot_efi
+          @uuid_home = `lsblk -o "UUID" #{@dev_home} | tail -1`.chomp() if @dev_home
+        end
+
+        def data_fstab
+          boot_efi = @dev_boot_efi ? "UUID=#{@uuid_boot_efi} /boot/efi vfat noauto,noatime 1 2" : ''
+          swap = @dev_swap ? "UUID=#{@uuid_swap} none swap discard 0 0" : ''
+          root = @dev_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
+          home = @dev_home ? "UUID=#{@uuid_home} /home/#{@user} ext4 defaults 0 2" : ''
+
+          [ boot_efi, swap, root, home ]
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/deps.rb

@@ -0,0 +1,22 @@
+module Getch
+  module FileSystem
+    module Ext4
+      class Deps
+        def initialize
+          if Helpers::efi?
+            install_efi
+          else
+            install_bios
+          end
+        end
+
+        private
+        def install_efi
+        end
+
+        def install_bios
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/device.rb

@@ -0,0 +1,16 @@
+module Getch
+  module FileSystem
+    module Ext4
+      class Device
+        def initialize
+          @disk = DEFAULT_OPTIONS[:disk]
+          @user = DEFAULT_OPTIONS[:username]
+          @dev_boot_efi = Helpers::efi? ? "/dev/#{@disk}1" : nil
+          @dev_root = "/dev/#{@disk}2"
+          @dev_swap = "/dev/#{@disk}3"
+          @dev_home = @user ? "/dev/#{@disk}4" : nil
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/encrypt.rb

@@ -0,0 +1,15 @@
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+      end
+    end
+  end
+end
+
+require_relative 'encrypt/device'
+require_relative 'encrypt/partition'
+require_relative 'encrypt/format'
+require_relative 'encrypt/mount'
+require_relative 'encrypt/config'
+require_relative 'encrypt/deps'

data/lib/getch/filesystem/ext4/encrypt/config.rb

@@ -0,0 +1,85 @@
+require 'fileutils'
+
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+        class Config < Getch::FileSystem::Ext4::Encrypt::Device
+          def initialize
+            super
+            gen_uuid
+            @root_dir = MOUNTPOINT
+            @init = '/usr/lib/systemd/systemd'
+            move_secret_keys
+            crypttab
+          end
+
+          def fstab
+            file = "#{@root_dir}/etc/fstab"
+            datas = data_fstab
+            File.write(file, datas.join("\n"))
+          end
+
+          def systemd_boot
+            return if ! Helpers::efi?
+            esp = '/boot/efi'
+            dir = "#{@root_dir}/#{esp}/loader/entries/"
+            datas_gentoo = [
+              'title Gentoo Linux',
+              'linux /vmlinuz',
+              'initrd /initramfs',
+              "options crypt_root=UUID=#{@uuid_root} root=/dev/mapper/root init=#{@init} keymap=#{DEFAULT_OPTIONS[:keymap]} rw"
+            ]
+            File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
+          end
+
+          def crypttab
+            home = @dev_home ? "crypthome UUID=#{@uuid_home} /root/secretkeys/crypto_keyfile.bin luks" : ''
+            datas = [
+              "cryptswap UUID=#{@uuid_swap} /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=256",
+              home
+            ]
+            File.write("#{@root_dir}/etc/crypttab", datas.join("\n"))
+          end
+
+          def grub
+            return if Helpers::efi?
+            file = "#{@root_dir}/etc/default/grub"
+            cmdline = [
+              "GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{DEFAULT_OPTIONS[:keymap]}\"",
+              "GRUB_ENABLE_CRYPTODISK=y"
+            ]
+            File.write(file, cmdline.join("\n"), mode: 'a')
+          end
+
+          private
+
+          def gen_uuid
+            @partuuid_root = `lsblk -o "PARTUUID" #{@dev_root} | tail -1`.chomp() if @dev_root
+            @uuid_swap = `lsblk -o "UUID" #{@dev_swap} | tail -1`.chomp() if @dev_swap
+            @uuid_dev_root = `lsblk -d -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
+            @uuid_boot_efi = `lsblk -o "UUID" #{@dev_boot_efi} | tail -1`.chomp() if @dev_boot_efi
+            @uuid_root = `lsblk -d -o "UUID" #{@luks_root} | tail -1`.chomp() if @dev_root
+            @uuid_home = `lsblk -d -o "UUID" #{@dev_home} | tail -1`.chomp() if @luks_home
+          end
+
+          def data_fstab
+            boot_efi = @dev_boot_efi ? "UUID=#{@uuid_boot_efi} /boot/efi vfat noauto,noatime 1 2" : ''
+            swap = @dev_swap ? "#{@luks_swap} none swap discard 0 0 " : ''
+            root = @dev_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
+            home = @dev_home ? "#{@luks_home} /home/#{@user} ext4 defaults 0 2" : ''
+
+            [ boot_efi, swap, root, home ]
+          end
+
+          def move_secret_keys
+            return if ! @luks_home
+            puts "Moving secret keys"
+            keys_path = "#{@root_dir}/root/secretkeys"
+            FileUtils.mv("/root/secretkeys", keys_path) if ! Dir.exist?(keys_path)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/encrypt/deps.rb

@@ -0,0 +1,59 @@
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+        class Deps
+          def initialize
+            if Helpers::efi?
+              install_efi
+            else
+              install_bios
+            end
+            install_deps
+          end
+
+          def make
+            genkernel
+            Getch::Make.new("genkernel --kernel-config=/usr/src/linux/.config all").run!
+          end
+
+          private
+          def install_efi
+          end
+
+          def genkernel
+            grub = Helpers::efi? ? 'BOOTLOADER="no"' : 'BOOTLOADER="grub2"'
+            datas = [
+              '',
+              grub,
+              'INSTALL="yes"',
+              'MENUCONFIG="no"',
+              'CLEAN="yes"',
+              'KEYMAP="yes"',
+              'SAVE_CONFIG="yes"',
+              'MOUNTBOOT="yes"',
+              'MRPROPER="no"',
+              'LUKS="yes"',
+            ]
+            file = "#{MOUNTPOINT}/etc/genkernel.conf"
+            File.write(file, datas.join("\n"), mode: 'a')
+          end
+
+          def install_bios
+            exec("euse -p sys-boot/grub -E device-mapper")
+            exec("euse -p sys-fs/cryptsetup -E luks1_default")
+          end
+
+          def install_deps
+            exec("euse -E cryptsetup") if ! Helpers::grep?("#{MOUNTPOINT}/etc/portage/make.conf", /cryptsetup/)
+            Getch::Emerge.new('genkernel sys-apps/systemd sys-fs/cryptsetup').pkg!
+          end
+
+          def exec(cmd)
+            Helpers::run_chroot(cmd, MOUNTPOINT)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/encrypt/device.rb

@@ -0,0 +1,21 @@
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+        class Device
+          def initialize
+            @disk = DEFAULT_OPTIONS[:disk]
+            @user = DEFAULT_OPTIONS[:username]
+            @dev_boot_efi = Helpers::efi? ? "/dev/#{@disk}1" : nil
+            @dev_root = "/dev/#{@disk}2"
+            @dev_swap = "/dev/#{@disk}3"
+            @dev_home = @user ? "/dev/#{@disk}4" : nil
+            @luks_root = "/dev/mapper/cryptroot"
+            @luks_home = @user ? "/dev/mapper/crypthome" : nil
+            @luks_swap = "/dev/mapper/cryptswap"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/encrypt/format.rb

@@ -0,0 +1,32 @@
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+        class Format < Getch::FileSystem::Ext4::Encrypt::Device
+          def initialize
+            super
+            @fs = 'ext4'
+            @state = Getch::States.new()
+            format
+          end
+
+          def format
+            return if STATES[:format]
+            puts "Format #{@disk} with #{@fs}"
+            exec("mkfs.fat -F32 #{@dev_boot_efi}") if Helpers::efi?
+            exec("mkfs.#{@fs} -F #{@luks_root}")
+            exec("mkswap -f #{@dev_swap}")
+            exec("mkfs.#{@fs} -F #{@luks_home}") if @dev_home
+            @state.format
+          end
+
+          private
+
+          def exec(cmd)
+            Getch::Command.new(cmd).run!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/encrypt/mount.rb

@@ -0,0 +1,64 @@
+require 'fileutils'
+
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+        class Mount < Getch::FileSystem::Ext4::Encrypt::Device
+          def initialize
+            super
+            @root_dir = MOUNTPOINT
+            @boot_dir = "#{@root_dir}/boot"
+            @boot_efi_dir = "#{@root_dir}/boot/efi"
+            @home_dir = @user ? "#{@root_dir}/home/#{@user}" : nil
+            @state = Getch::States.new()
+          end
+
+          def run
+            return if STATES[:mount]
+            #mount_swap
+            mount_root
+            mount_boot
+            mount_home
+            mount_boot_efi
+            @state.mount
+          end
+
+          private
+
+          def mount_swap
+            return if ! @dev_swap
+            system("swapon #{@dev_swap}")
+          end
+
+          def mount_root
+            return if ! @dev_root
+            Dir.mkdir(@root_dir, 0700) if ! Dir.exist?(@root_dir)
+            system("mount #{@luks_root} #{@root_dir}")
+          end
+
+          def mount_boot_efi
+            return if ! @dev_boot_efi
+            FileUtils.mkdir_p @boot_efi_dir, mode: 0700 if ! Dir.exist?(@boot_efi_dir)
+            system("mount #{@dev_boot_efi} #{@boot_efi_dir}")
+          end
+
+          def mount_boot
+            return if ! @dev_boot
+            FileUtils.mkdir_p @boot_dir, mode: 0700 if ! Dir.exist?(@boot_dir)
+            system("mount #{@dev_boot} #{@boot_dir}")
+          end
+
+          def mount_home
+            return if ! @dev_home
+            if @user != nil then
+              FileUtils.mkdir_p @home_dir, mode: 0700 if ! Dir.exist?(@home_dir)
+              system("mount #{@luks_home} #{@home_dir}")
+            end
+            @state.mount
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/encrypt/partition.rb

@@ -0,0 +1,116 @@
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+        class Partition < Getch::FileSystem::Ext4::Encrypt::Device
+          def initialize
+            super
+            @state = Getch::States.new()
+            @log = Log.new
+            run_partition
+          end
+
+          def run_partition
+            return if STATES[:partition ]
+            clear_struct
+            cleaning
+            if Helpers::efi?
+              partition_efi
+              encrypt_efi
+            else
+              partition_bios
+              encrypt_bios
+            end
+            @state.partition
+          end
+
+          private
+
+          def clear_struct
+            exec("sgdisk -Z /dev/#{@disk}")
+            exec("wipefs -a /dev/#{@disk}")
+          end
+
+          def cleaning
+            puts
+            print "Cleaning data on #{@disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? (n,y) "
+            case gets.chomp
+            when /^y|^Y/
+              bloc=`blockdev --getbsz /dev/#{@disk}`.chomp
+              exec("dd if=/dev/urandom of=/dev/#{@disk} bs=#{bloc} status=progress")
+            else
+              return
+            end
+          end
+
+          # Follow https://wiki.archlinux.org/index.php/Partitioning
+          def partition_efi
+            # /boot/efi - EFI system partition - 260MB
+            # /         - Root
+            # swap      - Linux Swap - size of the ram
+            # /home     - Home
+            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
+
+            exec("sgdisk -n1:1M:+260M -t1:EF00 /dev/#{@disk}")
+            exec("sgdisk -n2:0:+15G -t2:8309 /dev/#{@disk}")
+            exec("sgdisk -n3:0:+#{mem} -t3:8200 /dev/#{@disk}")
+            exec("sgdisk -n4:0:0 -t4:8309 /dev/#{@disk}") if @dev_home
+          end
+
+          def encrypt_efi
+            @log.info("Format root")
+            Helpers::sys("cryptsetup luksFormat #{@dev_root}")
+            @log.debug("Opening root")
+            Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
+            encrypt_home
+          end
+
+          def encrypt_bios
+            @log.info("Format root for bios")
+            Helpers::sys("cryptsetup luksFormat --type luks1 #{@dev_root}")
+            @log.debug("Opening root")
+            Helpers::sys("cryptsetup open --type luks1 #{@dev_root} cryptroot")
+            encrypt_home
+          end
+
+          def encrypt_home
+            if @dev_home then
+              create_secret_keys
+              @log.info("Format home with #{@key_path}")
+              Helpers::sys("cryptsetup luksFormat #{@dev_home} #{@key_path}")
+              @log.debug("Open home with key #{@key_path}")
+              exec("cryptsetup open --type luks -d #{@key_path} #{@dev_home} crypthome")
+            end
+          end
+
+          def create_secret_keys
+            return if ! @dev_home
+            @log.info("Creating secret keys")
+            keys_dir = "/root/secretkeys"
+            key_name = "crypto_keyfile.bin"
+            @key_path = "#{keys_dir}/#{key_name}"
+            FileUtils.mkdir keys_dir, mode: 0700 if ! Dir.exist?(keys_dir)
+            Getch::Command.new("dd bs=512 count=4 if=/dev/urandom of=#{@key_path}").run!
+          end
+
+          def partition_bios
+            # None      - Bios Boot Partition - 1MiB
+            # /         - Root
+            # swap      - Linux Swap - size of the ram
+            # /home     - Home
+            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
+
+            exec("sgdisk -n1:1MiB:+1MiB -t1:EF02 /dev/#{@disk}")
+            exec("sgdisk -n2:0:+15G -t2:8309 /dev/#{@disk}")
+            exec("sgdisk -n3:0:+#{mem} -t3:8200 /dev/#{@disk}")
+            exec("sgdisk -n4:0:0 -t4:8309 /dev/#{@disk}") if @dev_home
+          end
+
+          def exec(cmd)
+            Getch::Command.new(cmd).run!
+          end
+        end
+      end
+    end
+  end
+end