getch 0.0.8 → 0.1.3

data/lib/getch/filesystem/device.rb

@@ -0,0 +1,61 @@
+module Getch
+  module FileSystem
+    class Device
+      def initialize
+        @efi = Helpers::efi?
+        @root_part = 1
+        @user = DEFAULT_OPTIONS[:username]
+
+        @disk = DEFAULT_OPTIONS[:disk]
+        @boot_disk = DEFAULT_OPTIONS[:boot_disk]
+        @cache_disk = DEFAULT_OPTIONS[:cache_disk]
+        @home_disk = DEFAULT_OPTIONS[:home_disk]
+
+        search_boot
+        search_swap
+        search_root
+        search_home
+      end
+
+      private
+      def search_boot
+        if @efi
+          if @boot_disk
+            @dev_esp = "/dev/#{@boot_disk}#{@root_part}"
+          else
+            @dev_esp = "/dev/#{@disk}#{@root_part}"
+            @root_part += 1
+          end
+        else
+          if @boot_disk
+            @dev_gpt = "/dev/#{@boot_disk}#{@root_part}"
+            @dev_grub = "/dev/#{@boot_disk}"
+          else
+            @dev_gpt = "/dev/#{@disk}#{@root_part}"
+            @dev_grub = "/dev/#{@disk}"
+            @root_part += 1
+          end
+        end
+      end
+
+      def search_swap
+        if @cache_disk
+          @dev_swap = "/dev/#{@cache_disk}1"
+        else
+          @dev_swap = "/dev/#{@disk}#{@root_part}"
+          @root_part += 1
+        end
+      end
+
+      def search_root
+        @dev_root = "/dev/#{@disk}#{@root_part}"
+      end
+
+      def search_home
+        if @home_disk
+          @dev_home = "/dev/#{@home_disk}1"
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4.rb

@@ -11,3 +11,4 @@ require_relative 'ext4/format'
 require_relative 'ext4/mount'
 require_relative 'ext4/config'
 require_relative 'ext4/deps'
+require_relative 'ext4/encrypt'

data/lib/getch/filesystem/ext4/config.rb

@@ -17,7 +17,7 @@ module Getch
 
         def systemd_boot
           return if ! Helpers::efi? 
-          esp = '/boot/efi'
+          esp = '/efi'
           dir = "#{@root_dir}/#{esp}/loader/entries/"
           datas_gentoo = [
             'title Gentoo Linux',
@@ -30,28 +30,27 @@ module Getch
         def grub
           return if Helpers::efi?
           file = "#{@root_dir}/etc/default/grub"
-          cmdline = "GRUB_CMDLINE_LINUX=\"resume=#{@dev_swap} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force\"\n"
+          cmdline = "GRUB_CMDLINE_LINUX=\"resume=PARTUUID=#{@partuuid_swap} root=PARTUUID=#{@partuuid_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force\"\n"
           File.write(file, cmdline, mode: 'a')
         end
 
         private
 
         def gen_uuid
-          @partuuid_root = `lsblk -o "PARTUUID" #{@dev_root} | tail -1`.chomp() if @dev_root
-          @uuid_swap = `lsblk -o "UUID" #{@dev_swap} | tail -1`.chomp() if @dev_swap
+          @partuuid_root = Helpers::partuuid(@dev_root)
+          @partuuid_swap = Helpers::partuuid(@dev_swap)
           @uuid_root = `lsblk -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
-          @uuid_boot = `lsblk -o "UUID" #{@dev_boot} | tail -1`.chomp() if @dev_boot
-          @uuid_boot_efi = `lsblk -o "UUID" #{@dev_boot_efi} | tail -1`.chomp() if @dev_boot_efi
+          @uuid_esp = `lsblk -o "UUID" #{@dev_esp} | tail -1`.chomp() if @dev_esp
           @uuid_home = `lsblk -o "UUID" #{@dev_home} | tail -1`.chomp() if @dev_home
         end
 
         def data_fstab
-          boot_efi = @dev_boot_efi ? "UUID=#{@uuid_boot_efi} /boot/efi vfat noauto,noatime 1 2" : ''
-          swap = @dev_swap ? "UUID=#{@uuid_swap} none swap discard 0 0" : ''
+          esp = @dev_esp ? "UUID=#{@uuid_esp} /efi vfat noauto,noatime 1 2" : ''
+          swap = @dev_swap ? "PARTUUID=#{@partuuid_swap} none swap discard 0 0" : ''
           root = @dev_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
           home = @dev_home ? "UUID=#{@uuid_home} /home/#{@user} ext4 defaults 0 2" : ''
 
-          [ boot_efi, swap, root, home ]
+          [ esp, swap, root, home ]
         end
       end
     end

data/lib/getch/filesystem/ext4/device.rb

@@ -1,14 +1,9 @@
 module Getch
   module FileSystem
     module Ext4
-      class Device
+      class Device < Getch::FileSystem::Device
         def initialize
-          @disk = DEFAULT_OPTIONS[:disk]
-          @user = DEFAULT_OPTIONS[:username]
-          @dev_boot_efi = Helpers::efi? ? "/dev/#{@disk}1" : nil
-          @dev_root = "/dev/#{@disk}2"
-          @dev_swap = "/dev/#{@disk}3"
-          @dev_home = @user ? "/dev/#{@disk}4" : nil
+          super
         end
       end
     end

data/lib/getch/filesystem/ext4/encrypt/config.rb

@@ -1,60 +1,82 @@
+require 'fileutils'
+
 module Getch
   module FileSystem
     module Ext4
-      class Config < Getch::FileSystem::Ext4::Encrypt::Device
-        def initialize
-          super
-          gen_uuid
-          @root_dir = MOUNTPOINT
-          @init = '/usr/lib/systemd/systemd'
-        end
+      module Encrypt
+        class Config < Getch::FileSystem::Ext4::Encrypt::Device
+          def initialize
+            super
+            gen_uuid
+            @root_dir = MOUNTPOINT
+            @init = '/usr/lib/systemd/systemd'
+            move_secret_keys
+            crypttab
+          end
 
-        def fstab
-          file = "#{@root_dir}/etc/fstab"
-          datas = data_fstab
-          File.write(file, datas.join("\n"))
-        end
+          def fstab
+            file = "#{@root_dir}/etc/fstab"
+            datas = data_fstab
+            File.write(file, datas.join("\n"))
+          end
 
-        def systemd_boot
-          return if ! Helpers::efi? 
-          esp = '/boot/efi'
-          dir = "#{@root_dir}/#{esp}/loader/entries/"
-          datas_gentoo = [
-            'title Gentoo Linux',
-            'linux /vmlinuz',
-            "options crypt_root=UUID=#{uuid_dev_root} root=/dev/mapper/#{@vg}-root init=#{@init} dolvm rw"
-          ]
-          File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
-        end
+          def systemd_boot
+            return if ! Helpers::efi?
+            esp = '/efi'
+            dir = "#{@root_dir}/#{esp}/loader/entries/"
+            datas_gentoo = [
+              'title Gentoo Linux',
+              'linux /vmlinuz',
+              'initrd /initramfs',
+              "options crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} keymap=#{DEFAULT_OPTIONS[:keymap]} rw"
+            ]
+            File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
+          end
 
-        def grub
-          return if Helpers::efi?
-          file = "#{@root_dir}/etc/default/grub"
-          cmdline = [ 
-            "GRUB_CMDLINE_LINUX=\"resume=UUID=#{@uuid_swap} crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/#{@vg}-root init=#{@init} dolvm rw\"",
-            "GRUB_ENABLE_CRYPTODISK=y"
-          ]
-          File.write("#{file}", cmdline.join("\n"), mode: 'a')
-        end
+          def crypttab
+            home = @home_disk ? "crypthome UUID=#{@uuid_home} /root/secretkeys/crypto_keyfile.bin luks" : ''
+            datas = [
+              "cryptswap PARTUUID=#{@partuuid_swap} /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=512",
+              home
+            ]
+            File.write("#{@root_dir}/etc/crypttab", datas.join("\n"))
+          end
 
-        private
+          def grub
+            return if Helpers::efi?
+            file = "#{@root_dir}/etc/default/grub"
+            cmdline = [
+              "GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{DEFAULT_OPTIONS[:keymap]}\"",
+              "GRUB_ENABLE_CRYPTODISK=y"
+            ]
+            File.write(file, cmdline.join("\n"), mode: 'a')
+          end
 
-        def gen_uuid
-          @uuid_swap = `lsblk -o "UUID" #{@lv_swap} | tail -1`.chomp() if @lv_swap
-          @uuid_root = `lsblk -o "UUID" #{@lv_root} | tail -1`.chomp() if @lv_root
-          @uuid_dev_root = `lsblk -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
-          @uuid_boot = `lsblk -o "UUID" #{@dev_boot} | tail -1`.chomp() if @dev_boot
-          @uuid_boot_efi = `lsblk -o "UUID" #{@dev_boot_efi} | tail -1`.chomp() if @dev_boot_efi
-          @uuid_home = `lsblk -o "UUID" #{@lv_home} | tail -1`.chomp() if @lv_home
-        end
+          private
+
+          def gen_uuid
+            @partuuid_swap = Helpers::partuuid(@dev_swap)
+            @uuid_dev_root = `lsblk -d -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
+            @uuid_esp = Helpers::uuid(@dev_esp) if @dev_esp
+            @uuid_root = `lsblk -d -o "UUID" #{@luks_root} | tail -1`.chomp() if @dev_root
+            @uuid_home = `lsblk -d -o "UUID" #{@dev_home} | tail -1`.chomp() if @luks_home
+          end
+
+          def data_fstab
+            boot_efi = @dev_esp ? "UUID=#{@uuid_esp} /efi vfat noauto,noatime 1 2" : ''
+            swap = @dev_swap ? "#{@luks_swap} none swap discard 0 0 " : ''
+            root = @dev_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
+            home = @dev_home ? "#{@luks_home} /home/#{@user} ext4 defaults 0 2" : ''
 
-        def data_fstab
-          boot_efi = @lv_boot_efi ? "UUID=#{@uuid_boot_efi} /boot/efi vfat noauto,noatime 1 2" : ''
-          swap = @lv_swap ? "UUID=#{@uuid_swap} none swap discard 0 0" : ''
-          root = @lv_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
-          home = @lv_home ? "UUID=#{@uuid_home} /home/#{@user} ext4 defaults 0 2" : ''
+            [ boot_efi, swap, root, home ]
+          end
 
-          [ boot_efi, swap, root, home ]
+          def move_secret_keys
+            return if ! @luks_home
+            puts "Moving secret keys"
+            keys_path = "#{@root_dir}/root/secretkeys"
+            FileUtils.mv("/root/secretkeys", keys_path) if ! Dir.exist?(keys_path)
+          end
         end
       end
     end

data/lib/getch/filesystem/ext4/encrypt/deps.rb

@@ -3,32 +3,38 @@ module Getch
     module Ext4
       module Encrypt
         class Deps
-          def initialize
-            if Helpers::efi?
-              install_efi
-            else
-              install_bios
-            end
+          def make
             install_deps
+            genkernel
+            Getch::Make.new("genkernel --kernel-config=/usr/src/linux/.config all").run!
           end
 
           private
-          def install_efi
-          end
 
-          def install_bios
-            exec("euse -p sys-boot/grub -E device-mapper")
+          def genkernel
+            grub = Helpers::efi? ? 'BOOTLOADER="no"' : 'BOOTLOADER="grub2"'
+            datas = [
+              '',
+              grub,
+              'INSTALL="yes"',
+              'MENUCONFIG="no"',
+              'CLEAN="yes"',
+              'KEYMAP="yes"',
+              'SAVE_CONFIG="yes"',
+              'MOUNTBOOT="yes"',
+              'MRPROPER="no"',
+              'LUKS="yes"',
+            ]
+            file = "#{MOUNTPOINT}/etc/genkernel.conf"
+            File.write(file, datas.join("\n"), mode: 'a')
           end
 
           def install_deps
-            exec("euse -p sys-apps/systemd -E cryptsetup")
-            Getch::Emerge.new('genkernel cryptsetup lvm2').pkg!
-            exec("genkernel --install --luks --keymap #{DEFAULT_OPTIONS[:keyboard]} --lvm --kernel-config=/usr/src/linux/.config initramfs")
-            exec("systemctl enable lvm2-monitor")
+            Getch::Emerge.new('genkernel').pkg!
           end
 
           def exec(cmd)
-            Helpers::run_chroot(cmd, MOUNTPOINT)
+            Getch::Chroot.new(cmd).run!
           end
         end
       end

data/lib/getch/filesystem/ext4/encrypt/device.rb

@@ -2,16 +2,12 @@ module Getch
   module FileSystem
     module Ext4
       module Encrypt
-        class Device
+        class Device < Getch::FileSystem::Device
           def initialize
-            @disk = DEFAULT_OPTIONS[:disk]
-            @user = DEFAULT_OPTIONS[:username]
-            @dev_boot_efi = Helpers::efi? ? "/dev/#{@disk}1" : nil
-            @dev_root = "/dev/#{@disk}2"
-            @vg = 'vg0'
-            @lv_root = "/dev/mapper/#{@vg}-root"
-            @lv_swap = "/dev/mapper/#{@vg}-swap"
-            @lv_home = @user ? "/dev/mapper/#{@vg}-home" : nil
+            super
+            @luks_root = "/dev/mapper/cryptroot"
+            @luks_home = @home_disk ? "/dev/mapper/crypthome" : nil
+            @luks_swap = "/dev/mapper/cryptswap"
           end
         end
       end

data/lib/getch/filesystem/ext4/encrypt/format.rb

@@ -5,20 +5,24 @@ module Getch
         class Format < Getch::FileSystem::Ext4::Encrypt::Device
           def initialize
             super
-            @fs = 'ext4'
             @state = Getch::States.new()
             format
           end
 
           def format
             return if STATES[:format]
-            puts "Format #{@disk} with #{@fs}"
-            system("mkfs.fat -F32 #{@dev_boot_efi}") if Helpers::efi?
-            system("mkswap #{@lv_swap}")
-            system("mkfs.#{@fs} #{@lv_root}")
-            system("mkfs.#{@fs} #{@lv_home}") if @lv_home
+            exec("mkfs.fat -F32 #{@dev_esp}") if @dev_esp
+            exec("mkfs.ext4 -F #{@luks_root}")
+            exec("mkswap -f #{@dev_swap}")
+            exec("mkfs.ext4 -F #{@luks_home}") if @dev_home
             @state.format
           end
+
+          private
+
+          def exec(cmd)
+            Getch::Command.new(cmd).run!
+          end
         end
       end
     end

data/lib/getch/filesystem/ext4/encrypt/mount.rb

@@ -7,54 +7,17 @@ module Getch
         class Mount < Getch::FileSystem::Ext4::Encrypt::Device
           def initialize
             super
-            @root_dir = MOUNTPOINT
-            @boot_dir = "#{@root_dir}/boot"
-            @boot_efi_dir = "#{@root_dir}/boot/efi"
-            @home_dir = @user ? "#{@root_dir}/home/#{@user}" : nil
+            @mount = Getch::FileSystem::Mount.new
             @state = Getch::States.new()
           end
 
           def run
             return if STATES[:mount]
-            mount_swap
-            mount_root
-            mount_boot
-            mount_home
-            mount_boot_efi
-            @state.mount
-          end
-
-          private
-
-          def mount_swap
-            return if ! @lv_swap
-            system("swapon #{@lv_swap}")
-          end
-
-          def mount_root
-            return if ! @lv_root
-            Dir.mkdir(@root_dir, 0700) if ! Dir.exist?(@root_dir)
-            system("mount #{@lv_root} #{@root_dir}")
-          end
-
-          def mount_boot_efi
-            return if ! @dev_boot_efi
-            FileUtils.mkdir_p @boot_efi_dir, mode: 0700 if ! Dir.exist?(@boot_efi_dir)
-            system("mount #{@dev_boot_efi} #{@boot_efi_dir}")
-          end
-
-          def mount_boot
-            return if ! @dev_boot
-            FileUtils.mkdir_p @boot_dir, mode: 0700 if ! Dir.exist?(@boot_dir)
-            system("mount #{@dev_boot} #{@boot_dir}")
-          end
-
-          def mount_home
-            return if ! @lv_home
-            if @user != nil then
-              FileUtils.mkdir_p @home_dir, mode: 0700 if ! Dir.exist?(@home_dir)
-              system("mount #{@lv_home} #{@home_dir}")
-            end
+            @mount.swap(@dev_swap)
+            @mount.root(@luks_root)
+            @mount.boot(@dev_boot)
+            @mount.esp(@dev_esp)
+            @mount.home(@luks_home)
             @state.mount
           end
         end

data/lib/getch/filesystem/ext4/encrypt/partition.rb

@@ -5,85 +5,87 @@ module Getch
         class Partition < Getch::FileSystem::Ext4::Encrypt::Device
           def initialize
             super
-            @state = Getch::States.new()
+            @state = Getch::States.new
+            @partition = Getch::FileSystem::Partition.new
+            @clean = Getch::FileSystem::Clean
+            @log = Log.new
             run_partition
           end
 
           def run_partition
             return if STATES[:partition ]
-            clear_struct
-            cleaning
-            boot
-            others
-            luks
-            lvm
+            @clean.struct(@disk, @cache_disk, @home_disk)
+            @clean.hdd(@disk, @cache_disk, @home_disk)
+            if Helpers::efi?
+              partition_efi
+              encrypt_efi
+            else
+              partition_bios
+              encrypt_bios
+            end
             @state.partition
           end
 
           private
 
-          def clear_struct
-            exec("sgdisk -Z /dev/#{@disk}")
-            exec("wipefs -a /dev/#{@disk}")
-          end
-
-          def cleaning
-            puts
-            print "Cleaning data on #{@disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? (n,y) "
-            case gets.chomp
-            when /^y|^Y/
-              bloc=`blockdev --getbsz /dev/#{@disk}`.chomp
-              exec("dd if=/dev/urandom of=/dev/#{@disk} bs=#{bloc} status=progress")
-            else
-              return
-            end
+          # Follow https://wiki.archlinux.org/index.php/Partitioning
+          def partition_efi
+            # /efi  - EFI system partition - 260MB
+            # swap  - Linux Swap - size of the ram
+            # /     - Root
+            # /home - Home
+            @partition.efi(@dev_esp)
+            @partition.swap(@dev_swap)
+            @partition.root(@dev_root, "8309")
+            @partition.home(@dev_home, "8309") if @dev_home
           end
 
-          def boot
-            if Helpers::efi?
-              exec("sgdisk -n1:1M:+260M -t1:EF00 /dev/#{@disk}}")
-            else
-              exec("sgdisk -n1:1MiB:+1MiB -t1:EF02 /dev/#{@disk}")
-            end
+          def encrypt_efi
+            @log.info("Format root")
+            Helpers::sys("cryptsetup luksFormat #{@dev_root}")
+            @log.debug("Opening root")
+            Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
+            encrypt_home
           end
 
-          def others
-            exec("sgdisk -n2:0:+0 -t2:8309 /dev/#{@disk}")
+          def encrypt_bios
+            @log.info("Format root for bios")
+            Helpers::sys("cryptsetup luksFormat --type luks1 #{@dev_root}")
+            @log.debug("Opening root")
+            Helpers::sys("cryptsetup open --type luks1 #{@dev_root} cryptroot")
+            encrypt_home
           end
 
-          def luks
-            if Helpers::efi?
-              exec("cryptsetup --use-random luksFormat /dev/#{@disk}2")
-              exec("cryptsetup open --type luks /dev/#{@disk}2 crypt-lvm")
-            else
-              # GRUB do not support LUKS2
-              exec("cryptsetup --use-random luksFormat --type luks1 /dev/#{@disk}2")
-              exec("cryptsetup open --type luks1 /dev/#{@disk}2 crypt-lvm")
+          def encrypt_home
+            if @dev_home then
+              create_secret_keys
+              @log.info("Format home with #{@key_path}")
+              Helpers::sys("cryptsetup luksFormat #{@dev_home} #{@key_path}")
+              @log.debug("Open home with key #{@key_path}")
+              exec("cryptsetup open --type luks -d #{@key_path} #{@dev_home} crypthome")
             end
           end
 
-          def lvm
-            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
-            exec("pvcreate /dev/mapper/crypt-lvm")
-            exec("vgcreate #{@vg} /dev/mapper/crypt-lvm")
-            exec("lvcreate -L 15G -n root #{@vg}")
-            exec("lvcreate -L #{mem} -n swap #{@vg}")
-            exec("lvcreate -l 100%FREE -n home #{@vg}") if @user
-            exec("vgchange --available y")
+          def create_secret_keys
+            return if ! @dev_home
+            @log.info("Creating secret keys")
+            keys_dir = "/root/secretkeys"
+            key_name = "crypto_keyfile.bin"
+            @key_path = "#{keys_dir}/#{key_name}"
+            FileUtils.mkdir keys_dir, mode: 0700 if ! Dir.exist?(keys_dir)
+            exec("dd bs=512 count=4 if=/dev/urandom of=#{@key_path}")
           end
 
-          # Follow https://wiki.archlinux.org/index.php/Partitioning
-          # Partition_efi
-            # /boot/efi - EFI system partition - 260MB
-            # /         - Root
-            # swap      - Linux Swap - size of the ram
-            # /home     - Home
-
-          # Partition_bios
+          def partition_bios
             # None      - Bios Boot Partition - 1MiB
-            # /         - Root
             # swap      - Linux Swap - size of the ram
+            # /         - Root
             # /home     - Home
+            @partition.gpt(@dev_gpt)
+            @partition.swap(@dev_swap)
+            @partition.root(@dev_root, "8309")
+            @partition.home(@dev_home, "8309") if @dev_home
+          end
 
           def exec(cmd)
             Getch::Command.new(cmd).run!