getch 0.1.2 → 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +66 -32
- data/assets/network-stack.conf +63 -0
- data/assets/system.conf +38 -0
- data/bin/getch +12 -4
- data/lib/cmdline.rb +128 -0
- data/lib/getch/command.rb +32 -22
- data/lib/getch/config/gentoo.rb +58 -0
- data/lib/getch/config/void.rb +47 -0
- data/lib/getch/config.rb +45 -0
- data/lib/getch/filesystem/clean.rb +22 -15
- data/lib/getch/filesystem/device.rb +8 -6
- data/lib/getch/filesystem/ext4/config.rb +8 -4
- data/lib/getch/filesystem/ext4/deps.rb +3 -1
- data/lib/getch/filesystem/ext4/device.rb +2 -3
- data/lib/getch/filesystem/ext4/encrypt/config.rb +15 -11
- data/lib/getch/filesystem/ext4/encrypt/deps.rb +5 -10
- data/lib/getch/filesystem/ext4/encrypt/device.rb +5 -3
- data/lib/getch/filesystem/ext4/encrypt/format.rb +4 -2
- data/lib/getch/filesystem/ext4/encrypt/mount.rb +3 -3
- data/lib/getch/filesystem/ext4/encrypt/partition.rb +29 -35
- data/lib/getch/filesystem/ext4/encrypt/void.rb +101 -0
- data/lib/getch/filesystem/ext4/encrypt.rb +3 -0
- data/lib/getch/filesystem/ext4/format.rb +4 -1
- data/lib/getch/filesystem/ext4/mount.rb +3 -0
- data/lib/getch/filesystem/ext4/partition.rb +11 -8
- data/lib/getch/filesystem/ext4/void.rb +44 -0
- data/lib/getch/filesystem/ext4.rb +3 -0
- data/lib/getch/filesystem/lvm/config.rb +10 -29
- data/lib/getch/filesystem/lvm/deps.rb +7 -11
- data/lib/getch/filesystem/lvm/device.rb +5 -3
- data/lib/getch/filesystem/lvm/encrypt/config.rb +17 -17
- data/lib/getch/filesystem/lvm/encrypt/deps.rb +8 -12
- data/lib/getch/filesystem/lvm/encrypt/device.rb +7 -5
- data/lib/getch/filesystem/lvm/encrypt/format.rb +5 -2
- data/lib/getch/filesystem/lvm/encrypt/mount.rb +4 -2
- data/lib/getch/filesystem/lvm/encrypt/partition.rb +17 -13
- data/lib/getch/filesystem/lvm/encrypt/void.rb +101 -0
- data/lib/getch/filesystem/lvm/encrypt.rb +3 -0
- data/lib/getch/filesystem/lvm/format.rb +4 -1
- data/lib/getch/filesystem/lvm/mount.rb +3 -0
- data/lib/getch/filesystem/lvm/partition.rb +10 -7
- data/lib/getch/filesystem/lvm/void.rb +46 -0
- data/lib/getch/filesystem/lvm.rb +3 -0
- data/lib/getch/filesystem/mount.rb +19 -12
- data/lib/getch/filesystem/partition.rb +19 -11
- data/lib/getch/filesystem/zfs/config.rb +10 -24
- data/lib/getch/filesystem/zfs/deps.rb +28 -58
- data/lib/getch/filesystem/zfs/device.rb +9 -1
- data/lib/getch/filesystem/zfs/encrypt/config.rb +12 -28
- data/lib/getch/filesystem/zfs/encrypt/deps.rb +29 -60
- data/lib/getch/filesystem/zfs/encrypt/device.rb +9 -1
- data/lib/getch/filesystem/zfs/encrypt/format.rb +24 -22
- data/lib/getch/filesystem/zfs/encrypt/mount.rb +15 -14
- data/lib/getch/filesystem/zfs/encrypt/partition.rb +24 -18
- data/lib/getch/filesystem/zfs/encrypt/void.rb +97 -0
- data/lib/getch/filesystem/zfs/encrypt.rb +3 -0
- data/lib/getch/filesystem/zfs/format.rb +21 -18
- data/lib/getch/filesystem/zfs/mount.rb +12 -13
- data/lib/getch/filesystem/zfs/partition.rb +20 -15
- data/lib/getch/filesystem/zfs/void.rb +81 -0
- data/lib/getch/filesystem/zfs.rb +3 -0
- data/lib/getch/filesystem.rb +2 -0
- data/lib/getch/gentoo/boot.rb +29 -67
- data/lib/getch/gentoo/bootloader.rb +68 -0
- data/lib/getch/gentoo/chroot.rb +26 -29
- data/lib/getch/gentoo/config.rb +69 -31
- data/lib/getch/gentoo/sources.rb +73 -38
- data/lib/getch/gentoo/stage.rb +12 -13
- data/lib/getch/gentoo/use.rb +39 -0
- data/lib/getch/gentoo/use_flag.rb +89 -0
- data/lib/getch/gentoo.rb +39 -21
- data/lib/getch/guard.rb +71 -0
- data/lib/getch/helpers.rb +180 -48
- data/lib/getch/log.rb +10 -7
- data/lib/getch/options.rb +50 -41
- data/lib/getch/states.rb +10 -3
- data/lib/getch/version.rb +1 -1
- data/lib/getch/void/boot.rb +84 -0
- data/lib/getch/void/chroot.rb +56 -0
- data/lib/getch/void/config.rb +90 -0
- data/lib/getch/void/stage.rb +69 -0
- data/lib/getch/void.rb +65 -0
- data/lib/getch.rb +125 -74
- data.tar.gz.sig +0 -0
- metadata +28 -10
- metadata.gz.sig +0 -0
- data/.gitignore +0 -2
- data/CHANGELOG.md +0 -80
- data/Rakefile +0 -21
- data/bin/setup.sh +0 -90
- data/getch.gemspec +0 -25
data/lib/getch/config.rb
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'config/gentoo'
|
4
|
+
require_relative 'config/void'
|
5
|
+
|
6
|
+
CONFIG_LOAD = {
|
7
|
+
gentoo: Getch::Config::Gentoo,
|
8
|
+
void: Getch::Config::Void
|
9
|
+
}.freeze
|
10
|
+
|
11
|
+
module Getch
|
12
|
+
module Config
|
13
|
+
class Main
|
14
|
+
def initialize
|
15
|
+
os = OPTIONS[:os].to_sym
|
16
|
+
@load = CONFIG_LOAD[os].new
|
17
|
+
end
|
18
|
+
|
19
|
+
def ethernet
|
20
|
+
@load.ethernet
|
21
|
+
end
|
22
|
+
|
23
|
+
def dns
|
24
|
+
@load.dns
|
25
|
+
end
|
26
|
+
|
27
|
+
def wifi
|
28
|
+
@load.wifi
|
29
|
+
end
|
30
|
+
|
31
|
+
def sysctl
|
32
|
+
pwd = File.expand_path(File.dirname(__FILE__))
|
33
|
+
dest = "#{Getch::MOUNTPOINT}/etc/sysctl.d/"
|
34
|
+
|
35
|
+
Helpers.mkdir dest
|
36
|
+
Helpers.cp("#{pwd}/../../assets/network-stack.conf", dest)
|
37
|
+
Helpers.cp("#{pwd}/../../assets/system.conf", dest)
|
38
|
+
end
|
39
|
+
|
40
|
+
def shell
|
41
|
+
@load.shell
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -2,48 +2,55 @@ module Getch
|
|
2
2
|
module FileSystem
|
3
3
|
module Clean
|
4
4
|
def self.clean_hdd(disk)
|
5
|
-
return
|
5
|
+
return unless disk
|
6
6
|
raise ArgumentError, "Disk #{disk} is no found." if ! File.exist? "/dev/#{disk}"
|
7
|
+
|
7
8
|
puts
|
8
9
|
print "Cleaning data on #{disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? [y,N] "
|
9
10
|
case gets.chomp
|
10
11
|
when /^y|^Y/
|
11
12
|
bloc=`blockdev --getbsz /dev/#{disk}`.chomp
|
12
|
-
Helpers
|
13
|
-
else
|
14
|
-
return
|
13
|
+
Helpers.sys("dd if=/dev/urandom of=/dev/#{disk} bs=#{bloc} status=progress")
|
15
14
|
end
|
16
15
|
end
|
17
16
|
|
18
17
|
def self.clean_struct(disk)
|
19
|
-
return
|
20
|
-
raise ArgumentError, "Disk #{disk} is no found."
|
21
|
-
|
22
|
-
Helpers
|
18
|
+
return unless disk
|
19
|
+
raise ArgumentError, "Disk #{disk} is no found." unless File.exist? "/dev/#{disk}"
|
20
|
+
|
21
|
+
Helpers.sys("sgdisk -Z /dev/#{disk}")
|
22
|
+
Helpers.sys("wipefs -a /dev/#{disk}")
|
23
23
|
end
|
24
24
|
|
25
25
|
def self.hdd(*disks)
|
26
|
-
disks.each { |d|
|
26
|
+
disks.each { |d|
|
27
|
+
clean_struct(d)
|
28
|
+
clean_hdd(d)
|
29
|
+
}
|
27
30
|
end
|
28
31
|
# See https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing
|
29
32
|
# for SSD
|
30
33
|
def self.sdd
|
31
34
|
end
|
32
35
|
|
33
|
-
def self.
|
34
|
-
disks.each
|
36
|
+
def self.external_disk(root_disk, *disks)
|
37
|
+
disks.each do |d|
|
38
|
+
unless d && d != '' && d != nil && d == root_disk
|
39
|
+
hdd(d)
|
40
|
+
end
|
41
|
+
end
|
35
42
|
end
|
36
43
|
|
37
44
|
def self.old_vg(disk, vg)
|
38
45
|
oldvg = `vgdisplay | grep #{vg}`.chomp
|
39
|
-
Helpers
|
40
|
-
Helpers
|
46
|
+
Helpers.sys("vgremove -f #{vg}") if oldvg != ''
|
47
|
+
Helpers.sys("pvremove -f #{disk}") if oldvg != '' and File.exist? disk
|
41
48
|
end
|
42
49
|
|
43
50
|
def self.old_zpool
|
44
51
|
oldzpool = `zpool status | grep pool:`.gsub(/pool: /, '').delete(' ').split("\n")
|
45
|
-
if oldzpool[0] !=
|
46
|
-
oldzpool.each { |p| Helpers
|
52
|
+
if oldzpool[0] != '' and $?.success?
|
53
|
+
oldzpool.each { |p| Helpers.sys("zpool destroy #{p}") if p }
|
47
54
|
end
|
48
55
|
end
|
49
56
|
end
|
@@ -1,15 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
class Device
|
4
6
|
def initialize
|
5
|
-
@efi = Helpers
|
7
|
+
@efi = Helpers.efi?
|
6
8
|
@root_part = 1
|
7
|
-
@user =
|
9
|
+
@user = Getch::OPTIONS[:username]
|
8
10
|
|
9
|
-
@disk =
|
10
|
-
@boot_disk =
|
11
|
-
@cache_disk =
|
12
|
-
@home_disk =
|
11
|
+
@disk = Getch::OPTIONS[:disk]
|
12
|
+
@boot_disk = Getch::OPTIONS[:boot_disk]
|
13
|
+
@cache_disk = Getch::OPTIONS[:cache_disk]
|
14
|
+
@home_disk = Getch::OPTIONS[:home_disk]
|
13
15
|
|
14
16
|
search_boot
|
15
17
|
search_swap
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
@@ -16,7 +18,8 @@ module Getch
|
|
16
18
|
end
|
17
19
|
|
18
20
|
def systemd_boot
|
19
|
-
return
|
21
|
+
return unless Helpers.efi?
|
22
|
+
|
20
23
|
esp = '/efi'
|
21
24
|
dir = "#{@root_dir}/#{esp}/loader/entries/"
|
22
25
|
datas_gentoo = [
|
@@ -28,7 +31,8 @@ module Getch
|
|
28
31
|
end
|
29
32
|
|
30
33
|
def grub
|
31
|
-
return if Helpers
|
34
|
+
return if Helpers.efi?
|
35
|
+
|
32
36
|
file = "#{@root_dir}/etc/default/grub"
|
33
37
|
cmdline = "GRUB_CMDLINE_LINUX=\"resume=PARTUUID=#{@partuuid_swap} root=PARTUUID=#{@partuuid_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force\"\n"
|
34
38
|
File.write(file, cmdline, mode: 'a')
|
@@ -37,8 +41,8 @@ module Getch
|
|
37
41
|
private
|
38
42
|
|
39
43
|
def gen_uuid
|
40
|
-
@partuuid_root = Helpers
|
41
|
-
@partuuid_swap = Helpers
|
44
|
+
@partuuid_root = Helpers.partuuid(@dev_root)
|
45
|
+
@partuuid_swap = Helpers.partuuid(@dev_swap)
|
42
46
|
@uuid_root = `lsblk -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
|
43
47
|
@uuid_esp = `lsblk -o "UUID" #{@dev_esp} | tail -1`.chomp() if @dev_esp
|
44
48
|
@uuid_home = `lsblk -o "UUID" #{@dev_home} | tail -1`.chomp() if @dev_home
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'fileutils'
|
2
4
|
|
3
5
|
module Getch
|
@@ -21,14 +23,15 @@ module Getch
|
|
21
23
|
end
|
22
24
|
|
23
25
|
def systemd_boot
|
24
|
-
return
|
26
|
+
return unless Helpers.efi?
|
27
|
+
|
25
28
|
esp = '/efi'
|
26
29
|
dir = "#{@root_dir}/#{esp}/loader/entries/"
|
27
30
|
datas_gentoo = [
|
28
31
|
'title Gentoo Linux',
|
29
32
|
'linux /vmlinuz',
|
30
33
|
'initrd /initramfs',
|
31
|
-
"options crypt_root=
|
34
|
+
"options crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} keymap=#{Getch::OPTIONS[:keymap]} rw"
|
32
35
|
]
|
33
36
|
File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
|
34
37
|
end
|
@@ -36,17 +39,18 @@ module Getch
|
|
36
39
|
def crypttab
|
37
40
|
home = @home_disk ? "crypthome UUID=#{@uuid_home} /root/secretkeys/crypto_keyfile.bin luks" : ''
|
38
41
|
datas = [
|
39
|
-
"cryptswap PARTUUID=#{@partuuid_swap} /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=
|
42
|
+
"cryptswap PARTUUID=#{@partuuid_swap} /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=512",
|
40
43
|
home
|
41
44
|
]
|
42
45
|
File.write("#{@root_dir}/etc/crypttab", datas.join("\n"))
|
43
46
|
end
|
44
47
|
|
45
48
|
def grub
|
46
|
-
return if Helpers
|
49
|
+
return if Helpers.efi?
|
50
|
+
|
47
51
|
file = "#{@root_dir}/etc/default/grub"
|
48
52
|
cmdline = [
|
49
|
-
"GRUB_CMDLINE_LINUX=\"crypt_root=
|
53
|
+
"GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{Getch::OPTIONS[:keymap]}\"",
|
50
54
|
"GRUB_ENABLE_CRYPTODISK=y"
|
51
55
|
]
|
52
56
|
File.write(file, cmdline.join("\n"), mode: 'a')
|
@@ -55,10 +59,9 @@ module Getch
|
|
55
59
|
private
|
56
60
|
|
57
61
|
def gen_uuid
|
58
|
-
@
|
59
|
-
@partuuid_swap = Helpers::partuuid(@dev_swap)
|
62
|
+
@partuuid_swap = Helpers.partuuid(@dev_swap)
|
60
63
|
@uuid_dev_root = `lsblk -d -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
|
61
|
-
@uuid_esp = Helpers
|
64
|
+
@uuid_esp = Helpers.uuid(@dev_esp) if @dev_esp
|
62
65
|
@uuid_root = `lsblk -d -o "UUID" #{@luks_root} | tail -1`.chomp() if @dev_root
|
63
66
|
@uuid_home = `lsblk -d -o "UUID" #{@dev_home} | tail -1`.chomp() if @luks_home
|
64
67
|
end
|
@@ -73,10 +76,11 @@ module Getch
|
|
73
76
|
end
|
74
77
|
|
75
78
|
def move_secret_keys
|
76
|
-
return
|
77
|
-
|
79
|
+
return unless @luks_home
|
80
|
+
|
81
|
+
puts 'Moving secret keys'
|
78
82
|
keys_path = "#{@root_dir}/root/secretkeys"
|
79
|
-
FileUtils.mv(
|
83
|
+
FileUtils.mv('/root/secretkeys', keys_path) unless Dir.exist? keys_path
|
80
84
|
end
|
81
85
|
end
|
82
86
|
end
|
@@ -1,19 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
4
6
|
module Encrypt
|
5
7
|
class Deps
|
6
8
|
def make
|
7
|
-
install_bios unless Helpers::efi?
|
8
9
|
install_deps
|
9
10
|
genkernel
|
10
|
-
Getch::Make.new(
|
11
|
+
Getch::Make.new('genkernel --kernel-config=/usr/src/linux/.config all').run!
|
11
12
|
end
|
12
13
|
|
13
14
|
private
|
14
15
|
|
15
16
|
def genkernel
|
16
|
-
grub = Helpers
|
17
|
+
grub = Helpers.efi? ? 'BOOTLOADER="no"' : 'BOOTLOADER="grub2"'
|
17
18
|
datas = [
|
18
19
|
'',
|
19
20
|
grub,
|
@@ -30,14 +31,8 @@ module Getch
|
|
30
31
|
File.write(file, datas.join("\n"), mode: 'a')
|
31
32
|
end
|
32
33
|
|
33
|
-
def install_bios
|
34
|
-
exec("euse -p sys-boot/grub -E device-mapper")
|
35
|
-
exec("euse -p sys-fs/cryptsetup -E luks1_default")
|
36
|
-
end
|
37
|
-
|
38
34
|
def install_deps
|
39
|
-
|
40
|
-
Getch::Emerge.new('genkernel sys-apps/systemd sys-fs/cryptsetup').pkg!
|
35
|
+
Getch::Emerge.new('genkernel').pkg!
|
41
36
|
end
|
42
37
|
|
43
38
|
def exec(cmd)
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
@@ -5,9 +7,9 @@ module Getch
|
|
5
7
|
class Device < Getch::FileSystem::Device
|
6
8
|
def initialize
|
7
9
|
super
|
8
|
-
@luks_root =
|
9
|
-
@luks_home = @home_disk ?
|
10
|
-
@luks_swap =
|
10
|
+
@luks_root = '/dev/mapper/cryptroot'
|
11
|
+
@luks_home = @home_disk ? '/dev/mapper/crypthome' : nil
|
12
|
+
@luks_swap = '/dev/mapper/cryptswap'
|
11
13
|
end
|
12
14
|
end
|
13
15
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
@@ -5,15 +7,15 @@ module Getch
|
|
5
7
|
class Format < Getch::FileSystem::Ext4::Encrypt::Device
|
6
8
|
def initialize
|
7
9
|
super
|
8
|
-
@state = Getch::States.new
|
10
|
+
@state = Getch::States.new
|
9
11
|
format
|
10
12
|
end
|
11
13
|
|
12
14
|
def format
|
13
15
|
return if STATES[:format]
|
16
|
+
|
14
17
|
exec("mkfs.fat -F32 #{@dev_esp}") if @dev_esp
|
15
18
|
exec("mkfs.ext4 -F #{@luks_root}")
|
16
|
-
exec("mkswap -f #{@dev_swap}")
|
17
19
|
exec("mkfs.ext4 -F #{@luks_home}") if @dev_home
|
18
20
|
@state.format
|
19
21
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Getch
|
4
4
|
module FileSystem
|
@@ -8,12 +8,12 @@ module Getch
|
|
8
8
|
def initialize
|
9
9
|
super
|
10
10
|
@mount = Getch::FileSystem::Mount.new
|
11
|
-
@state = Getch::States.new
|
11
|
+
@state = Getch::States.new
|
12
12
|
end
|
13
13
|
|
14
14
|
def run
|
15
15
|
return if STATES[:mount]
|
16
|
-
|
16
|
+
|
17
17
|
@mount.root(@luks_root)
|
18
18
|
@mount.boot(@dev_boot)
|
19
19
|
@mount.esp(@dev_esp)
|
@@ -2,7 +2,9 @@ module Getch
|
|
2
2
|
module FileSystem
|
3
3
|
module Ext4
|
4
4
|
module Encrypt
|
5
|
-
class Partition <
|
5
|
+
class Partition < Device
|
6
|
+
include Helpers::Cryptsetup
|
7
|
+
|
6
8
|
def initialize
|
7
9
|
super
|
8
10
|
@state = Getch::States.new
|
@@ -14,15 +16,15 @@ module Getch
|
|
14
16
|
|
15
17
|
def run_partition
|
16
18
|
return if STATES[:partition ]
|
17
|
-
|
18
|
-
@clean.hdd(@disk
|
19
|
-
|
19
|
+
|
20
|
+
@clean.hdd(@disk)
|
21
|
+
@clean.external_disk(@disk, @boot_disk, @cache_disk, @home_disk)
|
22
|
+
if Helpers.efi?
|
20
23
|
partition_efi
|
21
|
-
encrypt_efi
|
22
24
|
else
|
23
25
|
partition_bios
|
24
|
-
encrypt_bios
|
25
26
|
end
|
27
|
+
encrypting
|
26
28
|
@state.partition
|
27
29
|
end
|
28
30
|
|
@@ -36,43 +38,35 @@ module Getch
|
|
36
38
|
# /home - Home
|
37
39
|
@partition.efi(@dev_esp)
|
38
40
|
@partition.swap(@dev_swap)
|
39
|
-
@partition.root(@dev_root,
|
40
|
-
@partition.home(@dev_home,
|
41
|
-
end
|
42
|
-
|
43
|
-
def encrypt_efi
|
44
|
-
@log.info("Format root")
|
45
|
-
Helpers::sys("cryptsetup luksFormat #{@dev_root}")
|
46
|
-
@log.debug("Opening root")
|
47
|
-
Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
|
48
|
-
encrypt_home
|
41
|
+
@partition.root(@dev_root, '8309')
|
42
|
+
@partition.home(@dev_home, '8309') if @dev_home
|
49
43
|
end
|
50
44
|
|
51
|
-
def
|
52
|
-
@log.info(
|
53
|
-
|
54
|
-
@
|
55
|
-
Helpers::sys("cryptsetup open --type luks1 #{@dev_root} cryptroot")
|
45
|
+
def encrypting
|
46
|
+
@log.info('Cryptsetup')
|
47
|
+
encrypt(@dev_root)
|
48
|
+
open_crypt(@dev_root, 'cryptroot')
|
56
49
|
encrypt_home
|
57
50
|
end
|
58
51
|
|
59
52
|
def encrypt_home
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
53
|
+
return unless @dev_home
|
54
|
+
|
55
|
+
create_secret_keys
|
56
|
+
@log.info("Format home with #{@key_path}")
|
57
|
+
Helpers.sys("cryptsetup luksFormat #{@dev_home} #{@key_path}")
|
58
|
+
@log.debug("Open home with key #{@key_path}")
|
59
|
+
exec("cryptsetup open --type luks -d #{@key_path} #{@dev_home} crypthome")
|
67
60
|
end
|
68
61
|
|
69
62
|
def create_secret_keys
|
70
|
-
return
|
71
|
-
|
72
|
-
|
73
|
-
|
63
|
+
return unless @dev_home
|
64
|
+
|
65
|
+
@log.info('Creating secret keys')
|
66
|
+
keys_dir = '/root/secretkeys'
|
67
|
+
key_name = 'crypto_keyfile.bin'
|
74
68
|
@key_path = "#{keys_dir}/#{key_name}"
|
75
|
-
FileUtils.mkdir keys_dir, mode: 0700
|
69
|
+
FileUtils.mkdir keys_dir, mode: 0700 unless Dir.exist? keys_dir
|
76
70
|
exec("dd bs=512 count=4 if=/dev/urandom of=#{@key_path}")
|
77
71
|
end
|
78
72
|
|
@@ -83,8 +77,8 @@ module Getch
|
|
83
77
|
# /home - Home
|
84
78
|
@partition.gpt(@dev_gpt)
|
85
79
|
@partition.swap(@dev_swap)
|
86
|
-
@partition.root(@dev_root,
|
87
|
-
@partition.home(@dev_home,
|
80
|
+
@partition.root(@dev_root, '8309')
|
81
|
+
@partition.home(@dev_home, '8309') if @dev_home
|
88
82
|
end
|
89
83
|
|
90
84
|
def exec(cmd)
|
@@ -0,0 +1,101 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module FileSystem
|
5
|
+
module Ext4
|
6
|
+
module Encrypt
|
7
|
+
class Void < Device
|
8
|
+
include Helpers::Void
|
9
|
+
|
10
|
+
attr_reader :boot_disk
|
11
|
+
|
12
|
+
# Create key to avoid enter password twice
|
13
|
+
def create_key
|
14
|
+
add_key('volume.key', @dev_root)
|
15
|
+
add_key('home.key', @dev_home) if @home_disk
|
16
|
+
end
|
17
|
+
|
18
|
+
# Key need to be added in dracut.conf.d and crypttab
|
19
|
+
def add_key(name, dev)
|
20
|
+
command "dd bs=1 count=64 if=/dev/urandom of=/boot/#{name}"
|
21
|
+
puts " => Creating a key for #{dev}, password required:"
|
22
|
+
chroot "cryptsetup luksAddKey #{dev} /boot/#{name}"
|
23
|
+
command "chmod 000 /boot/#{name}"
|
24
|
+
#command "chmod -R g-rwx,o-rwx /boot"
|
25
|
+
end
|
26
|
+
|
27
|
+
def fstab
|
28
|
+
conf = "#{MOUNTPOINT}/etc/fstab"
|
29
|
+
File.write(conf, "\n", mode: 'w', chmod: 0644)
|
30
|
+
line_fstab(@dev_esp, '/efi vfat noauto,rw,relatime 0 0') if @dev_esp
|
31
|
+
line_fstab(@dev_boot, '/boot ext4 noauto,rw,relatime 0 0') if @dev_boot
|
32
|
+
add_line(conf, "#{@luks_swap} none swap sw 0 0") if @dev_swap
|
33
|
+
add_line(conf, "#{@luks_home} /home ext4 rw,discard 0 0") if @home_disk
|
34
|
+
add_line(conf, "#{@luks_root} / ext4 rw,relatime 0 1")
|
35
|
+
add_line(conf, 'tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0')
|
36
|
+
end
|
37
|
+
|
38
|
+
def crypttab
|
39
|
+
conf = "#{MOUNTPOINT}/etc/crypttab"
|
40
|
+
File.write(conf, "\n", mode: 'w', chmod: 0644)
|
41
|
+
line_crypttab('cryptswap', @dev_swap, '/dev/urandom', 'swap,discard,cipher=aes-xts-plain64:sha256,size=512') if @dev_swap
|
42
|
+
line_crypttab('cryptroot', @dev_root, '/boot/volume.key', 'luks')
|
43
|
+
line_crypttab('crypthome', @dev_home, '/boot/home.key', 'luks') if @home_disk
|
44
|
+
end
|
45
|
+
|
46
|
+
def config_grub
|
47
|
+
conf = "#{MOUNTPOINT}/etc/default/grub"
|
48
|
+
content = 'GRUB_ENABLE_CRYPTODISK=y'
|
49
|
+
unless search(conf, content)
|
50
|
+
File.write(conf, "#{content}\n", mode: 'a')
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
def config_dracut
|
55
|
+
conf = "#{MOUNTPOINT}/etc/dracut.conf.d/ext4.conf"
|
56
|
+
content = [
|
57
|
+
'hostonly="yes"',
|
58
|
+
'omit_dracutmodules+=" btrfs lvm "',
|
59
|
+
'install_items+=" /boot/volume.key /etc/crypttab "',
|
60
|
+
]
|
61
|
+
File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
|
62
|
+
#add_line(conf, "install_items+=\" /boot/home.key \"") if @home_disk
|
63
|
+
end
|
64
|
+
|
65
|
+
def kernel_cmdline_dracut
|
66
|
+
conf = "#{MOUNTPOINT}/etc/dracut.conf.d/cmdline.conf"
|
67
|
+
root_uuid = b_uuid(@dev_root)
|
68
|
+
args = "rd.luks.uuid=#{root_uuid} rootfstype=ext4 rootflags=rw,relatime"
|
69
|
+
line = "kernel_cmdline=\"#{args}\""
|
70
|
+
File.write(conf, "#{line}\n", mode: 'w', chmod: 0644)
|
71
|
+
end
|
72
|
+
|
73
|
+
def finish
|
74
|
+
puts '+ Enter in your system: chroot /mnt /bin/bash'
|
75
|
+
puts '+ Reboot with: shutdown -r now'
|
76
|
+
end
|
77
|
+
|
78
|
+
private
|
79
|
+
|
80
|
+
def b_uuid(dev)
|
81
|
+
device = dev.delete_prefix('/dev/')
|
82
|
+
Dir.glob('/dev/disk/by-uuid/*').each do |f|
|
83
|
+
link = File.readlink(f)
|
84
|
+
return f.delete_prefix('/dev/disk/by-uuid/') if link.match(/#{device}$/)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
# line_crypttab("cryptswap", "sda2", "/dev/urandom", "luks")
|
89
|
+
def line_crypttab(mapname, dev, point, rest)
|
90
|
+
conf = "#{MOUNTPOINT}/etc/crypttab"
|
91
|
+
device = s_uuid(dev)
|
92
|
+
raise "No partuuid for #{dev} #{device}" unless device
|
93
|
+
raise "Bad partuuid for #{dev} #{device}" if device.kind_of? Array
|
94
|
+
|
95
|
+
add_line(conf, "#{mapname} PARTUUID=#{device} #{point} #{rest}")
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
@@ -13,3 +15,4 @@ require_relative 'encrypt/format'
|
|
13
15
|
require_relative 'encrypt/mount'
|
14
16
|
require_relative 'encrypt/config'
|
15
17
|
require_relative 'encrypt/deps'
|
18
|
+
require_relative 'encrypt/void'
|
@@ -1,15 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
4
6
|
class Format < Getch::FileSystem::Ext4::Device
|
5
7
|
def initialize
|
6
8
|
super
|
7
|
-
@state = Getch::States.new
|
9
|
+
@state = Getch::States.new
|
8
10
|
format
|
9
11
|
end
|
10
12
|
|
11
13
|
def format
|
12
14
|
return if STATES[:format]
|
15
|
+
|
13
16
|
exec("mkfs.fat -F32 #{@dev_esp}") if @dev_esp
|
14
17
|
exec("mkswap -f #{@dev_swap}")
|
15
18
|
exec("mkfs.ext4 -F #{@dev_root}")
|