getch 0.1.2 → 0.1.9

data/lib/getch/config.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require_relative 'config/gentoo'
+require_relative 'config/void'
+
+CONFIG_LOAD = {
+  gentoo: Getch::Config::Gentoo,
+  void: Getch::Config::Void
+}.freeze
+
+module Getch
+  module Config
+    class Main
+      def initialize
+        os = OPTIONS[:os].to_sym
+        @load = CONFIG_LOAD[os].new
+      end
+
+      def ethernet
+        @load.ethernet
+      end
+
+      def dns
+        @load.dns
+      end
+
+      def wifi
+        @load.wifi
+      end
+
+      def sysctl
+        pwd = File.expand_path(File.dirname(__FILE__))
+        dest = "#{Getch::MOUNTPOINT}/etc/sysctl.d/"
+
+        Helpers.mkdir dest
+        Helpers.cp("#{pwd}/../../assets/network-stack.conf", dest)
+        Helpers.cp("#{pwd}/../../assets/system.conf", dest)
+      end
+      
+      def shell
+        @load.shell
+      end
+    end
+  end
+end

data/lib/getch/filesystem/clean.rb

@@ -2,48 +2,55 @@ module Getch
   module FileSystem
     module Clean
       def self.clean_hdd(disk)
-        return if ! disk
+        return unless disk
         raise ArgumentError, "Disk #{disk} is no found." if ! File.exist? "/dev/#{disk}"
+
         puts
         print "Cleaning data on #{disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? [y,N] "
         case gets.chomp
         when /^y|^Y/
           bloc=`blockdev --getbsz /dev/#{disk}`.chomp
-          Helpers::sys("dd if=/dev/urandom of=/dev/#{disk} bs=#{bloc} status=progress")
-        else
-          return
+          Helpers.sys("dd if=/dev/urandom of=/dev/#{disk} bs=#{bloc} status=progress")
         end
       end
 
       def self.clean_struct(disk)
-        return if ! disk
-        raise ArgumentError, "Disk #{disk} is no found." if ! File.exist? "/dev/#{disk}"
-        Helpers::sys("sgdisk -Z /dev/#{disk}")
-        Helpers::sys("wipefs -a /dev/#{disk}")
+        return unless disk
+        raise ArgumentError, "Disk #{disk} is no found." unless File.exist? "/dev/#{disk}"
+
+        Helpers.sys("sgdisk -Z /dev/#{disk}")
+        Helpers.sys("wipefs -a /dev/#{disk}")
       end
 
       def self.hdd(*disks)
-        disks.each { |d| clean_hdd(d) }
+        disks.each { |d|
+          clean_struct(d)
+          clean_hdd(d)
+        }
       end
       # See https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing
       # for SSD
       def self.sdd
       end
 
-      def self.struct(*disks)
-        disks.each { |d| clean_struct(d) }
+      def self.external_disk(root_disk, *disks)
+        disks.each do |d|
+          unless d && d != '' && d != nil && d == root_disk
+            hdd(d)
+          end
+        end
       end
 
       def self.old_vg(disk, vg)
         oldvg = `vgdisplay | grep #{vg}`.chomp
-        Helpers::sys("vgremove -f #{vg}") if oldvg != ''
-        Helpers::sys("pvremove -f #{disk}") if oldvg != '' and File.exist? disk
+        Helpers.sys("vgremove -f #{vg}") if oldvg != ''
+        Helpers.sys("pvremove -f #{disk}") if oldvg != '' and File.exist? disk
       end
 
       def self.old_zpool
         oldzpool = `zpool status | grep pool:`.gsub(/pool: /, '').delete(' ').split("\n")
-        if oldzpool[0] != "" and $?.success?
-          oldzpool.each { |p| Helpers::sys("zpool destroy #{p}") if p }
+        if oldzpool[0] != '' and $?.success?
+          oldzpool.each { |p| Helpers.sys("zpool destroy #{p}") if p }
         end
       end
     end

data/lib/getch/filesystem/device.rb

@@ -1,15 +1,17 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     class Device
       def initialize
-        @efi = Helpers::efi?
+        @efi = Helpers.efi?
         @root_part = 1
-        @user = DEFAULT_OPTIONS[:username]
+        @user = Getch::OPTIONS[:username]
 
-        @disk = DEFAULT_OPTIONS[:disk]
-        @boot_disk = DEFAULT_OPTIONS[:boot_disk]
-        @cache_disk = DEFAULT_OPTIONS[:cache_disk]
-        @home_disk = DEFAULT_OPTIONS[:home_disk]
+        @disk = Getch::OPTIONS[:disk]
+        @boot_disk = Getch::OPTIONS[:boot_disk]
+        @cache_disk = Getch::OPTIONS[:cache_disk]
+        @home_disk = Getch::OPTIONS[:home_disk]
 
         search_boot
         search_swap

data/lib/getch/filesystem/ext4/config.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
@@ -16,7 +18,8 @@ module Getch
         end
 
         def systemd_boot
-          return if ! Helpers::efi? 
+          return unless Helpers.efi?
+
           esp = '/efi'
           dir = "#{@root_dir}/#{esp}/loader/entries/"
           datas_gentoo = [
@@ -28,7 +31,8 @@ module Getch
         end
 
         def grub
-          return if Helpers::efi?
+          return if Helpers.efi?
+
           file = "#{@root_dir}/etc/default/grub"
           cmdline = "GRUB_CMDLINE_LINUX=\"resume=PARTUUID=#{@partuuid_swap} root=PARTUUID=#{@partuuid_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force\"\n"
           File.write(file, cmdline, mode: 'a')
@@ -37,8 +41,8 @@ module Getch
         private
 
         def gen_uuid
-          @partuuid_root = Helpers::partuuid(@dev_root)
-          @partuuid_swap = Helpers::partuuid(@dev_swap)
+          @partuuid_root = Helpers.partuuid(@dev_root)
+          @partuuid_swap = Helpers.partuuid(@dev_swap)
           @uuid_root = `lsblk -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
           @uuid_esp = `lsblk -o "UUID" #{@dev_esp} | tail -1`.chomp() if @dev_esp
           @uuid_home = `lsblk -o "UUID" #{@dev_home} | tail -1`.chomp() if @dev_home

data/lib/getch/filesystem/ext4/deps.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
       class Deps
         def initialize
-          if Helpers::efi?
+          if Helpers.efi?
             install_efi
           else
             install_bios

data/lib/getch/filesystem/ext4/device.rb

@@ -1,10 +1,9 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
       class Device < Getch::FileSystem::Device
-        def initialize
-          super
-        end
       end
     end
   end

data/lib/getch/filesystem/ext4/encrypt/config.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'fileutils'
 
 module Getch
@@ -21,14 +23,15 @@ module Getch
           end
 
           def systemd_boot
-            return if ! Helpers::efi?
+            return unless Helpers.efi?
+
             esp = '/efi'
             dir = "#{@root_dir}/#{esp}/loader/entries/"
             datas_gentoo = [
               'title Gentoo Linux',
               'linux /vmlinuz',
               'initrd /initramfs',
-              "options crypt_root=PARTUUID=#{@partuuid_root} root=/dev/mapper/root init=#{@init} keymap=#{DEFAULT_OPTIONS[:keymap]} rw"
+              "options crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} keymap=#{Getch::OPTIONS[:keymap]} rw"
             ]
             File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
           end
@@ -36,17 +39,18 @@ module Getch
           def crypttab
             home = @home_disk ? "crypthome UUID=#{@uuid_home} /root/secretkeys/crypto_keyfile.bin luks" : ''
             datas = [
-              "cryptswap PARTUUID=#{@partuuid_swap} /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=256",
+              "cryptswap PARTUUID=#{@partuuid_swap} /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=512",
               home
             ]
             File.write("#{@root_dir}/etc/crypttab", datas.join("\n"))
           end
 
           def grub
-            return if Helpers::efi?
+            return if Helpers.efi?
+
             file = "#{@root_dir}/etc/default/grub"
             cmdline = [
-              "GRUB_CMDLINE_LINUX=\"crypt_root=PARTUUID=#{@partuuid_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{DEFAULT_OPTIONS[:keymap]}\"",
+              "GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{Getch::OPTIONS[:keymap]}\"",
               "GRUB_ENABLE_CRYPTODISK=y"
             ]
             File.write(file, cmdline.join("\n"), mode: 'a')
@@ -55,10 +59,9 @@ module Getch
           private
 
           def gen_uuid
-            @partuuid_root = Helpers::partuuid(@dev_root)
-            @partuuid_swap = Helpers::partuuid(@dev_swap)
+            @partuuid_swap = Helpers.partuuid(@dev_swap)
             @uuid_dev_root = `lsblk -d -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
-            @uuid_esp = Helpers::uuid(@dev_esp) if @dev_esp
+            @uuid_esp = Helpers.uuid(@dev_esp) if @dev_esp
             @uuid_root = `lsblk -d -o "UUID" #{@luks_root} | tail -1`.chomp() if @dev_root
             @uuid_home = `lsblk -d -o "UUID" #{@dev_home} | tail -1`.chomp() if @luks_home
           end
@@ -73,10 +76,11 @@ module Getch
           end
 
           def move_secret_keys
-            return if ! @luks_home
-            puts "Moving secret keys"
+            return unless @luks_home
+
+            puts 'Moving secret keys'
             keys_path = "#{@root_dir}/root/secretkeys"
-            FileUtils.mv("/root/secretkeys", keys_path) if ! Dir.exist?(keys_path)
+            FileUtils.mv('/root/secretkeys', keys_path) unless Dir.exist? keys_path
           end
         end
       end

data/lib/getch/filesystem/ext4/encrypt/deps.rb

@@ -1,19 +1,20 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
       module Encrypt
         class Deps
           def make
-            install_bios unless Helpers::efi?
             install_deps
             genkernel
-            Getch::Make.new("genkernel --kernel-config=/usr/src/linux/.config all").run!
+            Getch::Make.new('genkernel --kernel-config=/usr/src/linux/.config all').run!
           end
 
           private
 
           def genkernel
-            grub = Helpers::efi? ? 'BOOTLOADER="no"' : 'BOOTLOADER="grub2"'
+            grub = Helpers.efi? ? 'BOOTLOADER="no"' : 'BOOTLOADER="grub2"'
             datas = [
               '',
               grub,
@@ -30,14 +31,8 @@ module Getch
             File.write(file, datas.join("\n"), mode: 'a')
           end
 
-          def install_bios
-            exec("euse -p sys-boot/grub -E device-mapper")
-            exec("euse -p sys-fs/cryptsetup -E luks1_default")
-          end
-
           def install_deps
-            exec("euse -E cryptsetup") if ! Helpers::grep?("#{MOUNTPOINT}/etc/portage/make.conf", /cryptsetup/)
-            Getch::Emerge.new('genkernel sys-apps/systemd sys-fs/cryptsetup').pkg!
+            Getch::Emerge.new('genkernel').pkg!
           end
 
           def exec(cmd)

data/lib/getch/filesystem/ext4/encrypt/device.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
@@ -5,9 +7,9 @@ module Getch
         class Device < Getch::FileSystem::Device
           def initialize
             super
-            @luks_root = "/dev/mapper/cryptroot"
-            @luks_home = @home_disk ? "/dev/mapper/crypthome" : nil
-            @luks_swap = "/dev/mapper/cryptswap"
+            @luks_root = '/dev/mapper/cryptroot'
+            @luks_home = @home_disk ? '/dev/mapper/crypthome' : nil
+            @luks_swap = '/dev/mapper/cryptswap'
           end
         end
       end

data/lib/getch/filesystem/ext4/encrypt/format.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
@@ -5,15 +7,15 @@ module Getch
         class Format < Getch::FileSystem::Ext4::Encrypt::Device
           def initialize
             super
-            @state = Getch::States.new()
+            @state = Getch::States.new
             format
           end
 
           def format
             return if STATES[:format]
+
             exec("mkfs.fat -F32 #{@dev_esp}") if @dev_esp
             exec("mkfs.ext4 -F #{@luks_root}")
-            exec("mkswap -f #{@dev_swap}")
             exec("mkfs.ext4 -F #{@luks_home}") if @dev_home
             @state.format
           end

data/lib/getch/filesystem/ext4/encrypt/mount.rb

@@ -1,4 +1,4 @@
-require 'fileutils'
+# frozen_string_literal: true
 
 module Getch
   module FileSystem
@@ -8,12 +8,12 @@ module Getch
           def initialize
             super
             @mount = Getch::FileSystem::Mount.new
-            @state = Getch::States.new()
+            @state = Getch::States.new
           end
 
           def run
             return if STATES[:mount]
-            @mount.swap(@dev_swap)
+
             @mount.root(@luks_root)
             @mount.boot(@dev_boot)
             @mount.esp(@dev_esp)

data/lib/getch/filesystem/ext4/encrypt/partition.rb

@@ -2,7 +2,9 @@ module Getch
   module FileSystem
     module Ext4
       module Encrypt
-        class Partition < Getch::FileSystem::Ext4::Encrypt::Device
+        class Partition < Device
+          include Helpers::Cryptsetup
+
           def initialize
             super
             @state = Getch::States.new
@@ -14,15 +16,15 @@ module Getch
 
           def run_partition
             return if STATES[:partition ]
-            @clean.struct(@disk, @cache_disk, @home_disk)
-            @clean.hdd(@disk, @cache_disk, @home_disk)
-            if Helpers::efi?
+
+            @clean.hdd(@disk)
+            @clean.external_disk(@disk, @boot_disk, @cache_disk, @home_disk)
+            if Helpers.efi?
               partition_efi
-              encrypt_efi
             else
               partition_bios
-              encrypt_bios
             end
+            encrypting
             @state.partition
           end
 
@@ -36,43 +38,35 @@ module Getch
             # /home - Home
             @partition.efi(@dev_esp)
             @partition.swap(@dev_swap)
-            @partition.root(@dev_root, "8309")
-            @partition.home(@dev_home, "8309") if @dev_home
-          end
-
-          def encrypt_efi
-            @log.info("Format root")
-            Helpers::sys("cryptsetup luksFormat #{@dev_root}")
-            @log.debug("Opening root")
-            Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
-            encrypt_home
+            @partition.root(@dev_root, '8309')
+            @partition.home(@dev_home, '8309') if @dev_home
           end
 
-          def encrypt_bios
-            @log.info("Format root for bios")
-            Helpers::sys("cryptsetup luksFormat --type luks1 #{@dev_root}")
-            @log.debug("Opening root")
-            Helpers::sys("cryptsetup open --type luks1 #{@dev_root} cryptroot")
+          def encrypting
+            @log.info('Cryptsetup')
+            encrypt(@dev_root)
+            open_crypt(@dev_root, 'cryptroot')
             encrypt_home
           end
 
           def encrypt_home
-            if @dev_home then
-              create_secret_keys
-              @log.info("Format home with #{@key_path}")
-              Helpers::sys("cryptsetup luksFormat #{@dev_home} #{@key_path}")
-              @log.debug("Open home with key #{@key_path}")
-              exec("cryptsetup open --type luks -d #{@key_path} #{@dev_home} crypthome")
-            end
+            return unless @dev_home
+
+            create_secret_keys
+            @log.info("Format home with #{@key_path}")
+            Helpers.sys("cryptsetup luksFormat #{@dev_home} #{@key_path}")
+            @log.debug("Open home with key #{@key_path}")
+            exec("cryptsetup open --type luks -d #{@key_path} #{@dev_home} crypthome")
           end
 
           def create_secret_keys
-            return if ! @dev_home
-            @log.info("Creating secret keys")
-            keys_dir = "/root/secretkeys"
-            key_name = "crypto_keyfile.bin"
+            return unless @dev_home
+
+            @log.info('Creating secret keys')
+            keys_dir = '/root/secretkeys'
+            key_name = 'crypto_keyfile.bin'
             @key_path = "#{keys_dir}/#{key_name}"
-            FileUtils.mkdir keys_dir, mode: 0700 if ! Dir.exist?(keys_dir)
+            FileUtils.mkdir keys_dir, mode: 0700 unless Dir.exist? keys_dir
             exec("dd bs=512 count=4 if=/dev/urandom of=#{@key_path}")
           end
 
@@ -83,8 +77,8 @@ module Getch
             # /home     - Home
             @partition.gpt(@dev_gpt)
             @partition.swap(@dev_swap)
-            @partition.root(@dev_root, "8309")
-            @partition.home(@dev_home, "8309") if @dev_home
+            @partition.root(@dev_root, '8309')
+            @partition.home(@dev_home, '8309') if @dev_home
           end
 
           def exec(cmd)

data/lib/getch/filesystem/ext4/encrypt/void.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+module Getch
+  module FileSystem
+    module Ext4
+      module Encrypt
+        class Void < Device
+          include Helpers::Void
+
+          attr_reader :boot_disk
+
+          # Create key to avoid enter password twice
+          def create_key
+            add_key('volume.key', @dev_root)
+            add_key('home.key', @dev_home) if @home_disk
+          end
+
+          # Key need to be added in dracut.conf.d and crypttab
+          def add_key(name, dev)
+            command "dd bs=1 count=64 if=/dev/urandom of=/boot/#{name}"
+            puts " => Creating a key for #{dev}, password required:"
+            chroot "cryptsetup luksAddKey #{dev} /boot/#{name}"
+            command "chmod 000 /boot/#{name}"
+            #command "chmod -R g-rwx,o-rwx /boot"
+          end
+
+          def fstab
+            conf = "#{MOUNTPOINT}/etc/fstab"
+            File.write(conf, "\n", mode: 'w', chmod: 0644)
+            line_fstab(@dev_esp, '/efi vfat noauto,rw,relatime 0 0') if @dev_esp
+            line_fstab(@dev_boot, '/boot ext4 noauto,rw,relatime 0 0') if @dev_boot
+            add_line(conf, "#{@luks_swap} none swap sw 0 0") if @dev_swap
+            add_line(conf, "#{@luks_home} /home ext4 rw,discard 0 0") if @home_disk
+            add_line(conf, "#{@luks_root} / ext4 rw,relatime 0 1")
+            add_line(conf, 'tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0')
+          end
+
+          def crypttab
+            conf = "#{MOUNTPOINT}/etc/crypttab"
+            File.write(conf, "\n", mode: 'w', chmod: 0644)
+            line_crypttab('cryptswap', @dev_swap, '/dev/urandom', 'swap,discard,cipher=aes-xts-plain64:sha256,size=512') if @dev_swap
+            line_crypttab('cryptroot', @dev_root, '/boot/volume.key', 'luks')
+            line_crypttab('crypthome', @dev_home, '/boot/home.key', 'luks') if @home_disk
+          end
+
+          def config_grub
+            conf = "#{MOUNTPOINT}/etc/default/grub"
+            content = 'GRUB_ENABLE_CRYPTODISK=y'
+            unless search(conf, content)
+              File.write(conf, "#{content}\n", mode: 'a')
+            end
+          end
+
+          def config_dracut
+            conf = "#{MOUNTPOINT}/etc/dracut.conf.d/ext4.conf"
+            content = [
+              'hostonly="yes"',
+              'omit_dracutmodules+=" btrfs lvm "',
+              'install_items+=" /boot/volume.key /etc/crypttab "',
+            ]
+            File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
+            #add_line(conf, "install_items+=\" /boot/home.key \"") if @home_disk
+          end
+
+          def kernel_cmdline_dracut
+            conf = "#{MOUNTPOINT}/etc/dracut.conf.d/cmdline.conf"
+            root_uuid = b_uuid(@dev_root)
+            args = "rd.luks.uuid=#{root_uuid} rootfstype=ext4 rootflags=rw,relatime"
+            line = "kernel_cmdline=\"#{args}\""
+            File.write(conf, "#{line}\n", mode: 'w', chmod: 0644)
+          end
+
+          def finish
+            puts '+ Enter in your system: chroot /mnt /bin/bash'
+            puts '+ Reboot with: shutdown -r now'
+          end
+
+          private
+
+          def b_uuid(dev)
+            device = dev.delete_prefix('/dev/')
+            Dir.glob('/dev/disk/by-uuid/*').each do |f|
+              link = File.readlink(f)
+              return f.delete_prefix('/dev/disk/by-uuid/') if link.match(/#{device}$/)
+            end
+          end
+
+          # line_crypttab("cryptswap", "sda2", "/dev/urandom", "luks")
+          def line_crypttab(mapname, dev, point, rest)
+            conf = "#{MOUNTPOINT}/etc/crypttab"
+            device = s_uuid(dev)
+            raise "No partuuid for #{dev} #{device}" unless device
+            raise "Bad partuuid for #{dev} #{device}" if device.kind_of? Array
+
+            add_line(conf, "#{mapname} PARTUUID=#{device} #{point} #{rest}")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/ext4/encrypt.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
@@ -13,3 +15,4 @@ require_relative 'encrypt/format'
 require_relative 'encrypt/mount'
 require_relative 'encrypt/config'
 require_relative 'encrypt/deps'
+require_relative 'encrypt/void'

data/lib/getch/filesystem/ext4/format.rb

@@ -1,15 +1,18 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
       class Format < Getch::FileSystem::Ext4::Device
         def initialize
           super
-          @state = Getch::States.new()
+          @state = Getch::States.new
           format
         end
 
         def format
           return if STATES[:format]
+
           exec("mkfs.fat -F32 #{@dev_esp}") if @dev_esp
           exec("mkswap -f #{@dev_swap}")
           exec("mkfs.ext4 -F #{@dev_root}")

data/lib/getch/filesystem/ext4/mount.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Getch
   module FileSystem
     module Ext4
@@ -10,6 +12,7 @@ module Getch
 
         def run
           return if STATES[:mount]
+
           @mount.swap(@dev_swap)
           @mount.root(@dev_root)
           @mount.boot(@dev_boot)