getch 0.1.0 → 0.1.6

data/lib/getch/filesystem/lvm/encrypt/mount.rb

@@ -1,60 +1,20 @@
-require 'fileutils'
-
 module Getch
   module FileSystem
     module Lvm
       module Encrypt
-        class Mount < Getch::FileSystem::Lvm::Encrypt::Device
+        class Mount < Device
           def initialize
             super
-            @root_dir = MOUNTPOINT
-            @boot_dir = "#{@root_dir}/boot"
-            @boot_efi_dir = "#{@root_dir}/boot/efi"
-            @home_dir = @user ? "#{@root_dir}/home/#{@user}" : nil
-            @state = Getch::States.new()
+            @mount = Getch::FileSystem::Mount.new
+            @state = Getch::States.new
           end
 
           def run
             return if STATES[:mount]
-            mount_swap
-            mount_root
-            mount_boot
-            mount_home
-            mount_boot_efi
-            @state.mount
-          end
-
-          private
-
-          def mount_swap
-            return if ! @lv_swap
-            system("swapon #{@lv_swap}")
-          end
-
-          def mount_root
-            return if ! @lv_root
-            Dir.mkdir(@root_dir, 0700) if ! Dir.exist?(@root_dir)
-            system("mount #{@lv_root} #{@root_dir}")
-          end
-
-          def mount_boot_efi
-            return if ! @dev_boot_efi
-            FileUtils.mkdir_p @boot_efi_dir, mode: 0700 if ! Dir.exist?(@boot_efi_dir)
-            system("mount #{@dev_boot_efi} #{@boot_efi_dir}")
-          end
-
-          def mount_boot
-            return if ! @dev_boot
-            FileUtils.mkdir_p @boot_dir, mode: 0700 if ! Dir.exist?(@boot_dir)
-            system("mount #{@dev_boot} #{@boot_dir}")
-          end
-
-          def mount_home
-            return if ! @lv_home
-            if @user != nil then
-              FileUtils.mkdir_p @home_dir, mode: 0700 if ! Dir.exist?(@home_dir)
-              system("mount #{@lv_home} #{@home_dir}")
-            end
+            @mount.root(@lv_root)
+            @mount.boot(@dev_boot)
+            @mount.esp(@dev_esp)
+            @mount.home(@lv_home)
             @state.mount
           end
         end

data/lib/getch/filesystem/lvm/encrypt/partition.rb

@@ -1,64 +1,50 @@
+require_relative '../../../helpers'
+
 module Getch
   module FileSystem
     module Lvm
       module Encrypt
-        class Partition < Getch::FileSystem::Lvm::Encrypt::Device
+        class Partition < Device
+          include Helpers::Cryptsetup
+
           def initialize
             super
             @state = Getch::States.new()
+            @clean = Getch::FileSystem::Clean
+            @partition = Getch::FileSystem::Partition.new
             @log = Log.new
             run_partition
           end
 
           def run_partition
             return if STATES[:partition ]
-            clear_struct
-            cleaning
+            @clean.old_vg(@dev_root, @vg)
+            @clean.hdd(@disk)
+            @clean.external_disk(@disk, @boot_disk, @cache_disk, @home_disk)
+
             partition
-            encrypt
+            encrypting
             lvm
             @state.partition
           end
 
           private
 
-          def clear_struct
-            oldvg = `vgdisplay | grep #{@vg}`.chomp
-            exec("vgremove -f #{@vg}") if oldvg != '' # remove older volume group
-            exec("pvremove -f #{@dev_root}") if oldvg != '' and File.exist? @dev_root # remove older volume group
-
-            exec("sgdisk -Z /dev/#{@disk}")
-            exec("wipefs -a /dev/#{@disk}")
-          end
-
-          def cleaning
-            puts
-            print "Cleaning data on #{@disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? (n,y) "
-            case gets.chomp
-            when /^y|^Y/
-              bloc=`blockdev --getbsz /dev/#{@disk}`.chomp
-              exec("dd if=/dev/urandom of=/dev/#{@disk} bs=#{bloc} status=progress")
-            else
-              return
-            end
-          end
-
           def partition
             if Helpers::efi?
-              exec("sgdisk -n1:1M:+260M -t1:EF00 /dev/#{@disk}")
-              exec("sgdisk -n2:0:+0 -t2:8e00 /dev/#{@disk}")
+              @partition.efi(@dev_esp)
+              @partition.root(@dev_root, "8e00")
             else
-              exec("sgdisk -n1:1MiB:+1MiB -t1:EF02 /dev/#{@disk}")
-              exec("sgdisk -n2:0:+128MiB -t2:8300 /dev/#{@disk}")
-              exec("sgdisk -n3:0:+0 -t3:8e00 /dev/#{@disk}")
+              @partition.gpt(@dev_gpt)
+              @partition.boot(@dev_boot)
+              @partition.root(@dev_root, "8e00")
             end
           end
 
-          def encrypt
-            @log.info("Format root")
-            Helpers::sys("cryptsetup luksFormat #{@dev_root}")
-            @log.debug("Opening root")
-            Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
+          def encrypting
+            @log.info("Cryptsetup")
+            encrypt(@dev_root)
+            open_crypt(@dev_root, "cryptroot")
           end
 
           def lvm
@@ -66,15 +52,21 @@ module Getch
             exec("pvcreate -f #{@luks_root}")
             exec("vgcreate -f #{@vg} #{@luks_root}")
             # Wipe old signature: https://github.com/chef-cookbooks/lvm/issues/45
-            exec("lvcreate -y -Wy -Zy -L 15G -n root #{@vg}")
             exec("lvcreate -y -Wy -Zy -L #{mem} -n swap #{@vg}")
-            exec("lvcreate -y -Wy -Zy -l 100%FREE -n home #{@vg}") if @user
+
+            if @user
+              exec("lvcreate -y -Wy -Zy -L 18G -n root #{@vg}")
+              exec("lvcreate -y -Wy -Zy -l 100%FREE -n home #{@vg}")
+            else
+              exec("lvcreate -y -Wy -Zy -l 100%FREE -n root #{@vg}")
+            end
+
             exec("vgchange --available y")
           end
 
           # Follow https://wiki.archlinux.org/index.php/Partitioning
           # Partition_efi
-          # /boot/efi - EFI system partition - 260MB
+          # /efi      - EFI system partition - 260MB
           # /         - Root
 
           # Partition_bios

data/lib/getch/filesystem/lvm/encrypt/void.rb

@@ -0,0 +1,100 @@
+require_relative '../../../helpers'
+
+module Getch
+  module FileSystem
+    module Lvm
+      module Encrypt
+        class Void < Device
+          include Helpers::Void
+          attr_reader :boot_disk
+
+          # Create key to avoid enter password twice
+          def create_key
+            add_key("volume.key", @dev_root)
+            add_key("home.key", @dev_home) if @home_disk
+          end
+
+          # Key need to be added in dracut.conf.d and crypttab
+          def add_key(name, dev)
+            command "dd bs=1 count=64 if=/dev/urandom of=/boot/#{name}"
+            puts " => Creating a key for #{dev}, password required:"
+            chroot "cryptsetup luksAddKey #{dev} /boot/#{name}"
+            command "chmod 000 /boot/#{name}"
+            #command "chmod -R g-rwx,o-rwx /boot"
+          end
+
+          def fstab
+            conf = "#{MOUNTPOINT}/etc/fstab"
+            File.write(conf, "\n", mode: 'w', chmod: 0644)
+            line_fstab(@dev_esp, "/efi vfat noauto,rw,relatime 0 0") if @dev_esp
+            line_fstab(@dev_boot, "/boot ext4 noauto,rw,relatime 0 0") if @dev_boot
+            add_line(conf, "/dev/mapper/cryptswap none swap sw 0 0")
+            add_line(conf, "#{@lv_home} /home ext4 rw,discard 0 0") if @home_disk
+            add_line(conf, "#{@lv_root} / ext4 rw,relatime 0 1")
+            add_line(conf, "tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0")
+          end
+
+          def crypttab
+            conf = "#{MOUNTPOINT}/etc/crypttab"
+            File.write(conf, "\n", mode: 'w', chmod: 0644)
+            add_line(conf, "cryptswap #{@lv_swap} /dev/urandom swap,discard,cipher=aes-xts-plain64:sha256,size=512")
+            line_crypttab(@vg, @dev_root, "/boot/volume.key", "luks")
+            line_crypttab("crypthome", @dev_home, "/boot/home.key", "luks") if @home_disk
+          end
+
+          def config_grub
+            conf = "#{MOUNTPOINT}/etc/default/grub"
+            content = "GRUB_ENABLE_CRYPTODISK=y"
+            unless search(conf, content)
+              File.write(conf, "#{content}\n", mode: 'a')
+            end
+          end
+
+          def config_dracut
+            conf = "#{MOUNTPOINT}/etc/dracut.conf.d/lvm.conf"
+            content = [
+              "hostonly=\"yes\"",
+              "omit_dracutmodules+=\" btrfs \"",
+              "install_items+=\" /boot/volume.key /etc/crypttab \"",
+              ""
+            ]
+            File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
+            #add_line(conf, "install_items+=\" /boot/home.key \"") if @home_disk
+          end
+
+          def kernel_cmdline_dracut
+            conf = "#{MOUNTPOINT}/etc/dracut.conf.d/cmdline.conf"
+            root_uuid = b_uuid(@dev_root)
+            args = "rd.lvm.vg=#{@vg} rd.luks.uuid=#{root_uuid} rootflags=rw,relatime"
+            line = "kernel_cmdline=\"#{args}\""
+            File.write(conf, "#{line}\n", mode: 'w', chmod: 0644)
+          end
+
+          def finish
+            puts "+ Enter in your system: chroot /mnt /bin/bash"
+            puts "+ Reboot with: shutdown -r now"
+          end
+
+          private
+
+          def b_uuid(dev)
+            device = dev.delete_prefix("/dev/")
+            Dir.glob("/dev/disk/by-uuid/*").each { |f|
+              link = File.readlink(f)
+              return f.delete_prefix("/dev/disk/by-uuid/") if link.match(/#{device}$/)
+            }
+          end
+
+          # line_crypttab("cryptswap", "sda2", "/dev/urandom", "luks")
+          def line_crypttab(mapname, dev, point, rest)
+            conf = "#{MOUNTPOINT}/etc/crypttab"
+            device = s_uuid(dev)
+            raise "No partuuid for #{dev} #{device}" if !device
+            raise "Bad partuuid for #{dev} #{device}" if device.kind_of? Array
+            add_line(conf, "#{mapname} PARTUUID=#{device} #{point} #{rest}")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/lvm/format.rb

@@ -4,21 +4,25 @@ module Getch
       class Format < Getch::FileSystem::Lvm::Device
         def initialize
           super
-          @fs = 'ext4'
-          @state = Getch::States.new()
+          @state = Getch::States.new
           format
         end
 
         def format
           return if STATES[:format]
-          puts "Format #{@disk} with #{@fs}"
-          system("mkfs.fat -F32 #{@dev_boot_efi}") if @dev_boot_efi
-          system("mkfs.#{@fs} -F #{@dev_boot}") if @dev_boot
-          system("mkswap -f #{@lv_swap}")
-          system("mkfs.#{@fs} -F #{@lv_root}")
-          system("mkfs.#{@fs} -F #{@lv_home}") if @lv_home
+          exec("mkfs.fat -F32 #{@dev_esp}") if @dev_esp
+          exec("mkfs.ext4 -F #{@dev_boot}") if @dev_boot
+          exec("mkswap -f #{@lv_swap}")
+          exec("mkfs.ext4 -F #{@lv_root}")
+          exec("mkfs.ext4 -F #{@lv_home}") if @lv_home
           @state.format
         end
+
+        private
+
+        def exec(cmd)
+          Getch::Command.new(cmd).run!
+        end
       end
     end
   end

data/lib/getch/filesystem/lvm/mount.rb

@@ -1,59 +1,20 @@
-require 'fileutils'
-
 module Getch
   module FileSystem
     module Lvm
       class Mount < Getch::FileSystem::Lvm::Device
         def initialize
           super
-          @root_dir = MOUNTPOINT
-          @boot_dir = "#{@root_dir}/boot"
-          @boot_efi_dir = "#{@root_dir}/boot/efi"
-          @home_dir = @user ? "#{@root_dir}/home/#{@user}" : nil
-          @state = Getch::States.new()
+          @mount = Getch::FileSystem::Mount.new
+          @state = Getch::States.new
         end
 
         def run
           return if STATES[:mount]
-          mount_swap
-          mount_root
-          mount_boot
-          mount_home
-          mount_boot_efi
-          @state.mount
-        end
-
-        private
-
-        def mount_swap
-          return if ! @lv_swap
-          system("swapon #{@lv_swap}")
-        end
-
-        def mount_root
-          return if ! @lv_root
-          Dir.mkdir(@root_dir, 0700) if ! Dir.exist?(@root_dir)
-          system("mount #{@lv_root} #{@root_dir}")
-        end
-
-        def mount_boot_efi
-          return if ! @dev_boot_efi
-          FileUtils.mkdir_p @boot_efi_dir, mode: 0700 if ! Dir.exist?(@boot_efi_dir)
-          system("mount #{@dev_boot_efi} #{@boot_efi_dir}")
-        end
-
-        def mount_boot
-          return if ! @dev_boot
-          FileUtils.mkdir_p @boot_dir, mode: 0700 if ! Dir.exist?(@boot_dir)
-          system("mount #{@dev_boot} #{@boot_dir}")
-        end
-
-        def mount_home
-          return if ! @lv_home
-          if @user != nil then
-            FileUtils.mkdir_p @home_dir, mode: 0700 if ! Dir.exist?(@home_dir)
-            system("mount #{@lv_home} #{@home_dir}")
-          end
+          @mount.swap(@lv_swap)
+          @mount.root(@lv_root)
+          @mount.boot(@dev_boot)
+          @mount.esp(@dev_esp)
+          @mount.home(@lv_home)
           @state.mount
         end
       end

data/lib/getch/filesystem/lvm/partition.rb

@@ -5,13 +5,16 @@ module Getch
         def initialize
           super
           @state = Getch::States.new()
+          @partition = Getch::FileSystem::Partition.new
+          @clean = Getch::FileSystem::Clean
           run_partition
         end
 
         def run_partition
           return if STATES[:partition ]
-          clear_struct
-          cleaning
+          @clean.old_vg(@dev_root, @vg)
+          @clean.hdd(@disk)
+          @clean.external_disk(@disk, @boot_disk, @cache_disk, @home_disk)
           partition
           lvm
           @state.partition
@@ -19,35 +22,14 @@ module Getch
 
         private
 
-        def clear_struct
-          oldvg = `vgdisplay | grep #{@vg}`.chomp
-          exec("vgremove -f #{@vg}") if oldvg != '' # remove older volume group
-          exec("pvremove -f #{@dev_root}") if oldvg != '' and File.exist? @dev_root # remove older volume group
-
-          exec("sgdisk -Z /dev/#{@disk}")
-          exec("wipefs -a /dev/#{@disk}")
-        end
-
-        def cleaning
-          puts
-          print "Cleaning data on #{@disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? (n,y) "
-          case gets.chomp
-          when /^y|^Y/
-            bloc=`blockdev --getbsz /dev/#{@disk}`.chomp
-            exec("dd if=/dev/urandom of=/dev/#{@disk} bs=#{bloc} status=progress")
-          else
-            return
-          end
-        end
-
         def partition
           if Helpers::efi?
-            exec("sgdisk -n1:1M:+260M -t1:EF00 /dev/#{@disk}")
-            exec("sgdisk -n2:0:+0 -t2:8e00 /dev/#{@disk}")
+            @partition.efi(@dev_esp)
+            @partition.root(@dev_root, "8e00")
           else
-            exec("sgdisk -n1:1MiB:+1MiB -t1:EF02 /dev/#{@disk}")
-            exec("sgdisk -n2:0:+128MiB -t2:8300 /dev/#{@disk}")
-            exec("sgdisk -n3:0:+0 -t3:8e00 /dev/#{@disk}")
+            @partition.gpt(@dev_gpt)
+            @partition.boot(@dev_boot)
+            @partition.root(@dev_root, "8e00")
           end
         end
 
@@ -56,15 +38,21 @@ module Getch
           exec("pvcreate -f #{@dev_root}")
           exec("vgcreate -f #{@vg} #{@dev_root}")
           # Wipe old signature: https://github.com/chef-cookbooks/lvm/issues/45
-          exec("lvcreate -y -Wy -Zy -L 15G -n root #{@vg}")
           exec("lvcreate -y -Wy -Zy -L #{mem} -n swap #{@vg}")
-          exec("lvcreate -y -Wy -Zy -l 100%FREE -n home #{@vg}") if @user
+
+          if @user
+            exec("lvcreate -y -Wy -Zy -L 18G -n root #{@vg}")
+            exec("lvcreate -y -Wy -Zy -l 100%FREE -n home #{@vg}")
+          else
+            exec("lvcreate -y -Wy -Zy -l 100%FREE -n root #{@vg}")
+          end
+
           exec("vgchange --available y")
         end
 
         # Follow https://wiki.archlinux.org/index.php/Partitioning
         # Partition_efi
-        # /boot/efi - EFI system partition - 260MB
+        # /efi      - EFI system partition - 260MB
         # /         - Root
 
         # Partition_bios