getch 0.1.0 → 0.1.6

data/lib/getch/filesystem/ext4/encrypt/deps.rb

@@ -3,23 +3,13 @@ module Getch
     module Ext4
       module Encrypt
         class Deps
-          def initialize
-            if Helpers::efi?
-              install_efi
-            else
-              install_bios
-            end
-            install_deps
-          end
-
           def make
+            install_deps
             genkernel
             Getch::Make.new("genkernel --kernel-config=/usr/src/linux/.config all").run!
           end
 
           private
-          def install_efi
-          end
 
           def genkernel
             grub = Helpers::efi? ? 'BOOTLOADER="no"' : 'BOOTLOADER="grub2"'
@@ -39,18 +29,12 @@ module Getch
             File.write(file, datas.join("\n"), mode: 'a')
           end
 
-          def install_bios
-            exec("euse -p sys-boot/grub -E device-mapper")
-            exec("euse -p sys-fs/cryptsetup -E luks1_default")
-          end
-
           def install_deps
-            exec("euse -E cryptsetup") if ! Helpers::grep?("#{MOUNTPOINT}/etc/portage/make.conf", /cryptsetup/)
-            Getch::Emerge.new('genkernel sys-apps/systemd sys-fs/cryptsetup').pkg!
+            Getch::Emerge.new('genkernel').pkg!
           end
 
           def exec(cmd)
-            Helpers::run_chroot(cmd, MOUNTPOINT)
+            Getch::Chroot.new(cmd).run!
           end
         end
       end

data/lib/getch/filesystem/ext4/encrypt/device.rb

@@ -2,16 +2,11 @@ module Getch
   module FileSystem
     module Ext4
       module Encrypt
-        class Device
+        class Device < Getch::FileSystem::Device
           def initialize
-            @disk = DEFAULT_OPTIONS[:disk]
-            @user = DEFAULT_OPTIONS[:username]
-            @dev_boot_efi = Helpers::efi? ? "/dev/#{@disk}1" : nil
-            @dev_root = "/dev/#{@disk}2"
-            @dev_swap = "/dev/#{@disk}3"
-            @dev_home = @user ? "/dev/#{@disk}4" : nil
+            super
             @luks_root = "/dev/mapper/cryptroot"
-            @luks_home = @user ? "/dev/mapper/crypthome" : nil
+            @luks_home = @home_disk ? "/dev/mapper/crypthome" : nil
             @luks_swap = "/dev/mapper/cryptswap"
           end
         end

data/lib/getch/filesystem/ext4/encrypt/format.rb

@@ -5,18 +5,15 @@ module Getch
         class Format < Getch::FileSystem::Ext4::Encrypt::Device
           def initialize
             super
-            @fs = 'ext4'
             @state = Getch::States.new()
             format
           end
 
           def format
             return if STATES[:format]
-            puts "Format #{@disk} with #{@fs}"
-            exec("mkfs.fat -F32 #{@dev_boot_efi}") if Helpers::efi?
-            exec("mkfs.#{@fs} -F #{@luks_root}")
-            exec("mkswap -f #{@dev_swap}")
-            exec("mkfs.#{@fs} -F #{@luks_home}") if @dev_home
+            exec("mkfs.fat -F32 #{@dev_esp}") if @dev_esp
+            exec("mkfs.ext4 -F #{@luks_root}")
+            exec("mkfs.ext4 -F #{@luks_home}") if @dev_home
             @state.format
           end
 

data/lib/getch/filesystem/ext4/encrypt/mount.rb

@@ -7,54 +7,16 @@ module Getch
         class Mount < Getch::FileSystem::Ext4::Encrypt::Device
           def initialize
             super
-            @root_dir = MOUNTPOINT
-            @boot_dir = "#{@root_dir}/boot"
-            @boot_efi_dir = "#{@root_dir}/boot/efi"
-            @home_dir = @user ? "#{@root_dir}/home/#{@user}" : nil
+            @mount = Getch::FileSystem::Mount.new
             @state = Getch::States.new()
           end
 
           def run
             return if STATES[:mount]
-            #mount_swap
-            mount_root
-            mount_boot
-            mount_home
-            mount_boot_efi
-            @state.mount
-          end
-
-          private
-
-          def mount_swap
-            return if ! @dev_swap
-            system("swapon #{@dev_swap}")
-          end
-
-          def mount_root
-            return if ! @dev_root
-            Dir.mkdir(@root_dir, 0700) if ! Dir.exist?(@root_dir)
-            system("mount #{@luks_root} #{@root_dir}")
-          end
-
-          def mount_boot_efi
-            return if ! @dev_boot_efi
-            FileUtils.mkdir_p @boot_efi_dir, mode: 0700 if ! Dir.exist?(@boot_efi_dir)
-            system("mount #{@dev_boot_efi} #{@boot_efi_dir}")
-          end
-
-          def mount_boot
-            return if ! @dev_boot
-            FileUtils.mkdir_p @boot_dir, mode: 0700 if ! Dir.exist?(@boot_dir)
-            system("mount #{@dev_boot} #{@boot_dir}")
-          end
-
-          def mount_home
-            return if ! @dev_home
-            if @user != nil then
-              FileUtils.mkdir_p @home_dir, mode: 0700 if ! Dir.exist?(@home_dir)
-              system("mount #{@luks_home} #{@home_dir}")
-            end
+            @mount.root(@luks_root)
+            @mount.boot(@dev_boot)
+            @mount.esp(@dev_esp)
+            @mount.home(@luks_home)
             @state.mount
           end
         end

data/lib/getch/filesystem/ext4/encrypt/partition.rb

@@ -1,75 +1,52 @@
+require_relative '../../../helpers'
+
 module Getch
   module FileSystem
     module Ext4
       module Encrypt
-        class Partition < Getch::FileSystem::Ext4::Encrypt::Device
+        class Partition < Device
+          include Helpers::Cryptsetup
+
           def initialize
             super
-            @state = Getch::States.new()
+            @state = Getch::States.new
+            @partition = Getch::FileSystem::Partition.new
+            @clean = Getch::FileSystem::Clean
             @log = Log.new
             run_partition
           end
 
           def run_partition
             return if STATES[:partition ]
-            clear_struct
-            cleaning
+            @clean.hdd(@disk)
+            @clean.external_disk(@disk, @boot_disk, @cache_disk, @home_disk)
             if Helpers::efi?
               partition_efi
-              encrypt_efi
             else
               partition_bios
-              encrypt_bios
             end
+            encrypting
             @state.partition
           end
 
           private
 
-          def clear_struct
-            exec("sgdisk -Z /dev/#{@disk}")
-            exec("wipefs -a /dev/#{@disk}")
-          end
-
-          def cleaning
-            puts
-            print "Cleaning data on #{@disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? (n,y) "
-            case gets.chomp
-            when /^y|^Y/
-              bloc=`blockdev --getbsz /dev/#{@disk}`.chomp
-              exec("dd if=/dev/urandom of=/dev/#{@disk} bs=#{bloc} status=progress")
-            else
-              return
-            end
-          end
-
           # Follow https://wiki.archlinux.org/index.php/Partitioning
           def partition_efi
-            # /boot/efi - EFI system partition - 260MB
-            # /         - Root
-            # swap      - Linux Swap - size of the ram
-            # /home     - Home
-            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
-
-            exec("sgdisk -n1:1M:+260M -t1:EF00 /dev/#{@disk}")
-            exec("sgdisk -n2:0:+15G -t2:8309 /dev/#{@disk}")
-            exec("sgdisk -n3:0:+#{mem} -t3:8200 /dev/#{@disk}")
-            exec("sgdisk -n4:0:0 -t4:8309 /dev/#{@disk}") if @dev_home
+            # /efi  - EFI system partition - 260MB
+            # swap  - Linux Swap - size of the ram
+            # /     - Root
+            # /home - Home
+            @partition.efi(@dev_esp)
+            @partition.swap(@dev_swap)
+            @partition.root(@dev_root, "8309")
+            @partition.home(@dev_home, "8309") if @dev_home
           end
 
-          def encrypt_efi
-            @log.info("Format root")
-            Helpers::sys("cryptsetup luksFormat #{@dev_root}")
-            @log.debug("Opening root")
-            Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
-            encrypt_home
-          end
-
-          def encrypt_bios
-            @log.info("Format root for bios")
-            Helpers::sys("cryptsetup luksFormat --type luks1 #{@dev_root}")
-            @log.debug("Opening root")
-            Helpers::sys("cryptsetup open --type luks1 #{@dev_root} cryptroot")
+          def encrypting
+            @log.info("Cryptsetup")
+            encrypt(@dev_root)
+            open_crypt(@dev_root, "cryptroot")
             encrypt_home
           end
 
@@ -90,20 +67,18 @@ module Getch
             key_name = "crypto_keyfile.bin"
             @key_path = "#{keys_dir}/#{key_name}"
             FileUtils.mkdir keys_dir, mode: 0700 if ! Dir.exist?(keys_dir)
-            Getch::Command.new("dd bs=512 count=4 if=/dev/urandom of=#{@key_path}").run!
+            exec("dd bs=512 count=4 if=/dev/urandom of=#{@key_path}")
           end
 
           def partition_bios
             # None      - Bios Boot Partition - 1MiB
-            # /         - Root
             # swap      - Linux Swap - size of the ram
+            # /         - Root
             # /home     - Home
-            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
-
-            exec("sgdisk -n1:1MiB:+1MiB -t1:EF02 /dev/#{@disk}")
-            exec("sgdisk -n2:0:+15G -t2:8309 /dev/#{@disk}")
-            exec("sgdisk -n3:0:+#{mem} -t3:8200 /dev/#{@disk}")
-            exec("sgdisk -n4:0:0 -t4:8309 /dev/#{@disk}") if @dev_home
+            @partition.gpt(@dev_gpt)
+            @partition.swap(@dev_swap)
+            @partition.root(@dev_root, "8309")
+            @partition.home(@dev_home, "8309") if @dev_home
           end
 
           def exec(cmd)

data/lib/getch/filesystem/ext4/encrypt/void.rb

@@ -0,0 +1,100 @@
+require_relative '../../../helpers'
+
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+        class Void < Device
+          include Helpers::Void
+          attr_reader :boot_disk
+
+          # Create key to avoid enter password twice
+          def create_key
+            add_key("volume.key", @dev_root)
+            add_key("home.key", @dev_home) if @home_disk
+          end
+
+          # Key need to be added in dracut.conf.d and crypttab
+          def add_key(name, dev)
+            command "dd bs=1 count=64 if=/dev/urandom of=/boot/#{name}"
+            puts " => Creating a key for #{dev}, password required:"
+            chroot "cryptsetup luksAddKey #{dev} /boot/#{name}"
+            command "chmod 000 /boot/#{name}"
+            #command "chmod -R g-rwx,o-rwx /boot"
+          end
+
+          def fstab
+            conf = "#{MOUNTPOINT}/etc/fstab"
+            File.write(conf, "\n", mode: 'w', chmod: 0644)
+            line_fstab(@dev_esp, "/efi vfat noauto,rw,relatime 0 0") if @dev_esp
+            line_fstab(@dev_boot, "/boot ext4 noauto,rw,relatime 0 0") if @dev_boot
+            add_line(conf, "#{@luks_swap} none swap sw 0 0") if @dev_swap
+            add_line(conf, "#{@luks_home} /home ext4 rw,discard 0 0") if @home_disk
+            add_line(conf, "#{@luks_root} / ext4 rw,relatime 0 1")
+            add_line(conf, "tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0")
+          end
+
+          def crypttab
+            conf = "#{MOUNTPOINT}/etc/crypttab"
+            File.write(conf, "\n", mode: 'w', chmod: 0644)
+            line_crypttab("cryptswap", @dev_swap, "/dev/urandom", "swap,discard,cipher=aes-xts-plain64:sha256,size=512") if @dev_swap
+            line_crypttab("cryptroot", @dev_root, "/boot/volume.key", "luks")
+            line_crypttab("crypthome", @dev_home, "/boot/home.key", "luks") if @home_disk
+          end
+
+          def config_grub
+            conf = "#{MOUNTPOINT}/etc/default/grub"
+            content = "GRUB_ENABLE_CRYPTODISK=y"
+            unless search(conf, content)
+              File.write(conf, "#{content}\n", mode: 'a')
+            end
+          end
+
+          def config_dracut
+            conf = "#{MOUNTPOINT}/etc/dracut.conf.d/ext4.conf"
+            content = [
+              "hostonly=\"yes\"",
+              "omit_dracutmodules+=\" btrfs lvm \"",
+              "install_items+=\" /boot/volume.key /etc/crypttab \"",
+              ""
+            ]
+            File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
+            #add_line(conf, "install_items+=\" /boot/home.key \"") if @home_disk
+          end
+
+          def kernel_cmdline_dracut
+            conf = "#{MOUNTPOINT}/etc/dracut.conf.d/cmdline.conf"
+            root_uuid = b_uuid(@dev_root)
+            args = "rd.luks.uuid=#{root_uuid} rootfstype=ext4 rootflags=rw,relatime"
+            line = "kernel_cmdline=\"#{args}\""
+            File.write(conf, "#{line}\n", mode: 'w', chmod: 0644)
+          end
+
+          def finish
+            puts "+ Enter in your system: chroot /mnt /bin/bash"
+            puts "+ Reboot with: shutdown -r now"
+          end
+
+          private
+
+          def b_uuid(dev)
+            device = dev.delete_prefix("/dev/")
+            Dir.glob("/dev/disk/by-uuid/*").each { |f|
+              link = File.readlink(f)
+              return f.delete_prefix("/dev/disk/by-uuid/") if link.match(/#{device}$/)
+            }
+          end
+
+          # line_crypttab("cryptswap", "sda2", "/dev/urandom", "luks")
+          def line_crypttab(mapname, dev, point, rest)
+            conf = "#{MOUNTPOINT}/etc/crypttab"
+            device = s_uuid(dev)
+            raise "No partuuid for #{dev} #{device}" if !device
+            raise "Bad partuuid for #{dev} #{device}" if device.kind_of? Array
+            add_line(conf, "#{mapname} PARTUUID=#{device} #{point} #{rest}")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/format.rb

@@ -4,18 +4,16 @@ module Getch
       class Format < Getch::FileSystem::Ext4::Device
         def initialize
           super
-          @fs = 'ext4'
-          @state = Getch::States.new()
+          @state = Getch::States.new
           format
         end
 
         def format
           return if STATES[:format]
-          puts "Format #{@disk} with #{@fs}"
-          exec("mkfs.fat -F32 #{@dev_boot_efi}") if Helpers::efi?
+          exec("mkfs.fat -F32 #{@dev_esp}") if @dev_esp
           exec("mkswap -f #{@dev_swap}")
-          exec("mkfs.#{@fs} -F #{@dev_root}")
-          exec("mkfs.#{@fs} -F #{@dev_home}") if @dev_home
+          exec("mkfs.ext4 -F #{@dev_root}")
+          exec("mkfs.ext4 -F #{@dev_home}") if @dev_home
           @state.format
         end
 

data/lib/getch/filesystem/ext4/mount.rb

@@ -1,59 +1,20 @@
-require 'fileutils'
-
 module Getch
   module FileSystem
     module Ext4
       class Mount < Getch::FileSystem::Ext4::Device
         def initialize
           super
-          @root_dir = MOUNTPOINT
-          @boot_dir = "#{@root_dir}/boot"
-          @boot_efi_dir = "#{@root_dir}/boot/efi"
-          @home_dir = @user ? "#{@root_dir}/home/#{@user}" : nil
-          @state = Getch::States.new()
+          @mount = Getch::FileSystem::Mount.new
+          @state = Getch::States.new
         end
 
         def run
           return if STATES[:mount]
-          mount_swap
-          mount_root
-          mount_boot
-          mount_home
-          mount_boot_efi
-          @state.mount
-        end
-
-        private
-
-        def mount_swap
-          return if ! @dev_swap
-          system("swapon #{@dev_swap}")
-        end
-
-        def mount_root
-          return if ! @dev_root
-          Dir.mkdir(@root_dir, 0700) if ! Dir.exist?(@root_dir)
-          system("mount #{@dev_root} #{@root_dir}")
-        end
-
-        def mount_boot_efi
-          return if ! @dev_boot_efi
-          FileUtils.mkdir_p @boot_efi_dir, mode: 0700 if ! Dir.exist?(@boot_efi_dir)
-          system("mount #{@dev_boot_efi} #{@boot_efi_dir}")
-        end
-
-        def mount_boot
-          return if ! @dev_boot
-          FileUtils.mkdir_p @boot_dir, mode: 0700 if ! Dir.exist?(@boot_dir)
-          system("mount #{@dev_boot} #{@boot_dir}")
-        end
-
-        def mount_home
-          return if ! @dev_home
-          if @user != nil then
-            FileUtils.mkdir_p @home_dir, mode: 0700 if ! Dir.exist?(@home_dir)
-            system("mount #{@dev_home} #{@home_dir}")
-          end
+          @mount.swap(@dev_swap)
+          @mount.root(@dev_root)
+          @mount.boot(@dev_boot)
+          @mount.esp(@dev_esp)
+          @mount.home(@dev_home)
           @state.mount
         end
       end