getch 0.1.3 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +75 -35
- data/assets/network-stack.conf +63 -0
- data/assets/system.conf +38 -0
- data/bin/getch +14 -4
- data/lib/clean.rb +149 -0
- data/lib/cmdline.rb +128 -0
- data/lib/cryptsetup.rb +132 -0
- data/lib/devs.rb +199 -0
- data/lib/dracut/encrypt.rb +36 -0
- data/lib/dracut/hybrid.rb +15 -0
- data/lib/dracut/lvm.rb +14 -0
- data/lib/dracut/minimal.rb +11 -0
- data/lib/dracut/root.rb +45 -0
- data/lib/dracut/zfs.rb +35 -0
- data/lib/dracut.rb +11 -0
- data/lib/fstab/encrypt.rb +44 -0
- data/lib/fstab/hybrid.rb +34 -0
- data/lib/fstab/lvm.rb +25 -0
- data/lib/fstab/minimal.rb +6 -0
- data/lib/fstab/root.rb +93 -0
- data/lib/fstab/zfs.rb +23 -0
- data/lib/fstab.rb +11 -0
- data/lib/getch/assembly.rb +150 -0
- data/lib/getch/command.rb +94 -124
- data/lib/getch/config/account.rb +39 -0
- data/lib/getch/config/dhcp.rb +104 -0
- data/lib/getch/config/grub.rb +42 -0
- data/lib/getch/config/iwd.rb +60 -0
- data/lib/getch/config/keymap.rb +78 -0
- data/lib/getch/config/locale.rb +96 -0
- data/lib/getch/config/portage.rb +90 -0
- data/lib/getch/config/pre_network.rb +37 -0
- data/lib/getch/config/timezone.rb +52 -0
- data/lib/getch/config/void.rb +11 -0
- data/lib/getch/config.rb +19 -53
- data/lib/getch/device.rb +67 -0
- data/lib/getch/filesystem/ext4/encrypt/config.rb +11 -68
- data/lib/getch/filesystem/ext4/encrypt/deps.rb +17 -25
- data/lib/getch/filesystem/ext4/encrypt/device.rb +13 -5
- data/lib/getch/filesystem/ext4/encrypt/format.rb +8 -15
- data/lib/getch/filesystem/ext4/encrypt/mount.rb +9 -13
- data/lib/getch/filesystem/ext4/encrypt/partition.rb +10 -82
- data/lib/getch/filesystem/ext4/encrypt/void.rb +63 -0
- data/lib/getch/filesystem/ext4/encrypt.rb +4 -0
- data/lib/getch/filesystem/ext4/hybrid/config.rb +27 -0
- data/lib/getch/filesystem/ext4/hybrid/deps.rb +55 -0
- data/lib/getch/filesystem/ext4/hybrid/device.rb +24 -0
- data/lib/getch/filesystem/ext4/hybrid/format.rb +23 -0
- data/lib/getch/filesystem/ext4/hybrid/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/hybrid/partition.rb +27 -0
- data/lib/getch/filesystem/ext4/hybrid/void.rb +62 -0
- data/lib/getch/filesystem/ext4/hybrid.rb +19 -0
- data/lib/getch/filesystem/ext4/lvm/config.rb +25 -0
- data/lib/getch/filesystem/ext4/lvm/deps.rb +56 -0
- data/lib/getch/filesystem/ext4/lvm/device.rb +28 -0
- data/lib/getch/filesystem/ext4/lvm/format.rb +21 -0
- data/lib/getch/filesystem/ext4/lvm/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/lvm/partition.rb +28 -0
- data/lib/getch/filesystem/{lvm.rb → ext4/lvm.rb} +8 -3
- data/lib/getch/filesystem/ext4/minimal/config.rb +25 -0
- data/lib/getch/filesystem/ext4/{device.rb → minimal/deps.rb} +4 -3
- data/lib/getch/filesystem/ext4/minimal/device.rb +22 -0
- data/lib/getch/filesystem/ext4/minimal/format.rb +23 -0
- data/lib/getch/filesystem/ext4/minimal/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/minimal/partition.rb +28 -0
- data/lib/getch/filesystem/ext4/minimal.rb +19 -0
- data/lib/getch/filesystem/ext4.rb +9 -6
- data/lib/getch/filesystem/zfs/encrypt/config.rb +12 -57
- data/lib/getch/filesystem/zfs/encrypt/deps.rb +7 -86
- data/lib/getch/filesystem/zfs/encrypt/device.rb +9 -45
- data/lib/getch/filesystem/zfs/encrypt/format.rb +8 -90
- data/lib/getch/filesystem/zfs/encrypt/mount.rb +16 -34
- data/lib/getch/filesystem/zfs/encrypt/partition.rb +8 -50
- data/lib/getch/filesystem/zfs/encrypt.rb +4 -0
- data/lib/getch/filesystem/zfs/minimal/config.rb +37 -0
- data/lib/getch/filesystem/zfs/minimal/deps.rb +126 -0
- data/lib/getch/filesystem/zfs/minimal/device.rb +24 -0
- data/lib/getch/filesystem/zfs/minimal/format.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal/mount.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal/partition.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal.rb +19 -0
- data/lib/getch/filesystem/zfs.rb +3 -6
- data/lib/getch/filesystem.rb +2 -6
- data/lib/getch/gentoo/bootloader.rb +47 -0
- data/lib/getch/gentoo/finalize.rb +25 -0
- data/lib/getch/gentoo/post_config.rb +75 -0
- data/lib/getch/gentoo/pre_config.rb +37 -0
- data/lib/getch/gentoo/services.rb +18 -0
- data/lib/getch/gentoo/sources.rb +82 -52
- data/lib/getch/gentoo/tarball.rb +91 -0
- data/lib/getch/gentoo/terraform.rb +34 -0
- data/lib/getch/gentoo/update.rb +54 -0
- data/lib/getch/gentoo/use.rb +11 -12
- data/lib/getch/gentoo/use_flag.rb +74 -52
- data/lib/getch/gentoo.rb +11 -63
- data/lib/getch/guard.rb +71 -0
- data/lib/getch/helpers.rb +128 -48
- data/lib/getch/log.rb +91 -26
- data/lib/getch/options.rb +79 -40
- data/lib/getch/states.rb +37 -10
- data/lib/getch/tree.rb +56 -0
- data/lib/getch/version.rb +1 -1
- data/lib/getch/void/bootloader.rb +18 -0
- data/lib/getch/void/finalize.rb +31 -0
- data/lib/getch/void/post_config.rb +19 -0
- data/lib/getch/void/pre_config.rb +18 -0
- data/lib/getch/void/services.rb +18 -0
- data/lib/getch/void/tarball.rb +89 -0
- data/lib/getch/void/terraform.rb +28 -0
- data/lib/getch/void/update.rb +33 -0
- data/lib/getch/void.rb +15 -0
- data/lib/getch.rb +104 -92
- data/lib/luks.rb +239 -0
- data/lib/lvm2.rb +112 -0
- data/lib/mkfs/zfs.rb +167 -0
- data/lib/mkfs.rb +140 -0
- data/lib/mountfs.rb +154 -0
- data/lib/nito.rb +131 -0
- data/lib/sgdisk.rb +160 -0
- data.tar.gz.sig +0 -0
- metadata +96 -45
- metadata.gz.sig +0 -0
- data/.gitignore +0 -2
- data/CHANGELOG.md +0 -90
- data/Rakefile +0 -21
- data/bin/setup.sh +0 -90
- data/getch.gemspec +0 -25
- data/lib/getch/filesystem/clean.rb +0 -51
- data/lib/getch/filesystem/device.rb +0 -61
- data/lib/getch/filesystem/ext4/config.rb +0 -58
- data/lib/getch/filesystem/ext4/deps.rb +0 -22
- data/lib/getch/filesystem/ext4/format.rb +0 -28
- data/lib/getch/filesystem/ext4/mount.rb +0 -23
- data/lib/getch/filesystem/ext4/partition.rb +0 -52
- data/lib/getch/filesystem/lvm/config.rb +0 -59
- data/lib/getch/filesystem/lvm/deps.rb +0 -42
- data/lib/getch/filesystem/lvm/device.rb +0 -43
- data/lib/getch/filesystem/lvm/encrypt/config.rb +0 -71
- data/lib/getch/filesystem/lvm/encrypt/deps.rb +0 -46
- data/lib/getch/filesystem/lvm/encrypt/device.rb +0 -46
- data/lib/getch/filesystem/lvm/encrypt/format.rb +0 -32
- data/lib/getch/filesystem/lvm/encrypt/mount.rb +0 -25
- data/lib/getch/filesystem/lvm/encrypt/partition.rb +0 -80
- data/lib/getch/filesystem/lvm/encrypt.rb +0 -15
- data/lib/getch/filesystem/lvm/format.rb +0 -29
- data/lib/getch/filesystem/lvm/mount.rb +0 -23
- data/lib/getch/filesystem/lvm/partition.rb +0 -69
- data/lib/getch/filesystem/mount.rb +0 -56
- data/lib/getch/filesystem/partition.rb +0 -77
- data/lib/getch/filesystem/zfs/config.rb +0 -57
- data/lib/getch/filesystem/zfs/deps.rb +0 -95
- data/lib/getch/filesystem/zfs/device.rb +0 -58
- data/lib/getch/filesystem/zfs/format.rb +0 -114
- data/lib/getch/filesystem/zfs/mount.rb +0 -48
- data/lib/getch/filesystem/zfs/partition.rb +0 -64
- data/lib/getch/gentoo/boot.rb +0 -109
- data/lib/getch/gentoo/chroot.rb +0 -77
- data/lib/getch/gentoo/config.rb +0 -129
- data/lib/getch/gentoo/stage.rb +0 -74
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module Void
|
5
|
+
class PostConfig
|
6
|
+
def initialize
|
7
|
+
x
|
8
|
+
end
|
9
|
+
|
10
|
+
protected
|
11
|
+
|
12
|
+
def x
|
13
|
+
Getch::Config::Locale.new
|
14
|
+
Getch::Config::Keymap.new
|
15
|
+
Getch::Config::TimeZone.new
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,89 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'open-uri'
|
4
|
+
require 'open3'
|
5
|
+
|
6
|
+
module Getch
|
7
|
+
module Void
|
8
|
+
class Tarball
|
9
|
+
def initialize
|
10
|
+
@log = Log.new
|
11
|
+
@url = 'https://alpha.de.repo.voidlinux.org/live/current'
|
12
|
+
@file = 'sha256sum.txt'
|
13
|
+
@xbps = false
|
14
|
+
Dir.chdir OPTIONS[:mountpoint]
|
15
|
+
end
|
16
|
+
|
17
|
+
def x
|
18
|
+
search_archive
|
19
|
+
download
|
20
|
+
checksum
|
21
|
+
install
|
22
|
+
end
|
23
|
+
|
24
|
+
protected
|
25
|
+
|
26
|
+
def tarball
|
27
|
+
OPTIONS[:musl] ?
|
28
|
+
/void-x86_64-musl-ROOTFS-[\d._]+.tar.xz/ :
|
29
|
+
/void-x86_64-ROOTFS-[\d._]+.tar.xz/
|
30
|
+
end
|
31
|
+
|
32
|
+
# Search only the glibc x86_64 for now
|
33
|
+
def search_archive
|
34
|
+
yurl = "#{@url}/#{@file}"
|
35
|
+
@log.info "Opening #{yurl}...\n"
|
36
|
+
Helpers.get_file_online(yurl, @file)
|
37
|
+
File.open(@file).each do |l|
|
38
|
+
@xbps = l.tr('()', '').split(' ') if l.match(tarball)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def download
|
43
|
+
@log.fatal 'No file found, retry later.' unless @xbps
|
44
|
+
return if File.exist? @xbps[1]
|
45
|
+
|
46
|
+
@log.info "Downloading #{@xbps[1]}..."
|
47
|
+
Helpers.get_file_online("#{@url}/#{@xbps[1]}", @xbps[1])
|
48
|
+
@log.result_ok
|
49
|
+
end
|
50
|
+
|
51
|
+
def checksum
|
52
|
+
@log.info 'Checking SHA256 checksum...'
|
53
|
+
# Should contain 2 spaces...
|
54
|
+
command = "echo #{@xbps[3]} #{@xbps[1]} | sha256sum --check"
|
55
|
+
_, stderr, status = Open3.capture3(command)
|
56
|
+
if status.success? then
|
57
|
+
@log.result_ok
|
58
|
+
return
|
59
|
+
end
|
60
|
+
cleaning
|
61
|
+
@log.fatal "Problem with the checksum, stderr\n#{stderr}"
|
62
|
+
end
|
63
|
+
|
64
|
+
def install
|
65
|
+
decompress
|
66
|
+
cleaning
|
67
|
+
end
|
68
|
+
|
69
|
+
private
|
70
|
+
|
71
|
+
def decompress
|
72
|
+
@log.info "Decompressing #{@xbps[1]}..."
|
73
|
+
cmd = "tar xpf #{@xbps[1]} --xattrs-include=\'*.*\' --numeric-owner"
|
74
|
+
_, stderr, status = Open3.capture3(cmd)
|
75
|
+
if status.success? then
|
76
|
+
@log.result_ok
|
77
|
+
return
|
78
|
+
end
|
79
|
+
cleaning
|
80
|
+
@log.fatal "Fail to decompressing #{@xbps[1]} - #{stderr}."
|
81
|
+
end
|
82
|
+
|
83
|
+
def cleaning
|
84
|
+
Dir.glob('void-x86_64*.tar.xz').each { |f| File.delete(f) }
|
85
|
+
Dir.glob('sha256*').each { |f| File.delete(f) }
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Getch
|
2
|
+
module Void
|
3
|
+
class Terraform
|
4
|
+
def initialize
|
5
|
+
x
|
6
|
+
end
|
7
|
+
|
8
|
+
protected
|
9
|
+
|
10
|
+
def x
|
11
|
+
install_pkgs
|
12
|
+
end
|
13
|
+
|
14
|
+
def install_pkgs
|
15
|
+
@pkgs = 'sudo'
|
16
|
+
@pkgs << ' vim'
|
17
|
+
@pkgs << ' iptables'
|
18
|
+
@pkgs << ' runit-iptables'
|
19
|
+
@pkgs << ' iwd'
|
20
|
+
@pkgs << ' dhcpcd'
|
21
|
+
@pkgs << ' lvm2' if OPTIONS[:fs] == 'lvm'
|
22
|
+
@pkgs << ' zfs' if OPTIONS[:fs] == 'zfs'
|
23
|
+
@pkgs << ' cryptsetup' if OPTIONS[:encrypt]
|
24
|
+
Install.new(@pkgs)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module Void
|
5
|
+
class Update
|
6
|
+
def initialize
|
7
|
+
@log = Log.new
|
8
|
+
x
|
9
|
+
end
|
10
|
+
|
11
|
+
protected
|
12
|
+
|
13
|
+
# https://docs.voidlinux.org/installation/guides/chroot.html#install-base-system-rootfs-method-only
|
14
|
+
def x
|
15
|
+
sync
|
16
|
+
update
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def sync
|
22
|
+
@log.info "Synchronize index...\n"
|
23
|
+
ChrootOutput.new '/usr/bin/xbps-install', '-Suy', 'xbps'
|
24
|
+
end
|
25
|
+
|
26
|
+
def update
|
27
|
+
ChrootOutput.new '/usr/bin/xbps-install -uy'
|
28
|
+
ChrootOutput.new '/usr/bin/xbps-install -y base-system'
|
29
|
+
ChrootOutput.new '/usr/bin/xbps-remove -y base-voidstrap'
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
data/lib/getch/void.rb
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module Void
|
5
|
+
end
|
6
|
+
end
|
7
|
+
|
8
|
+
require_relative 'void/tarball'
|
9
|
+
require_relative 'void/pre_config'
|
10
|
+
require_relative 'void/update'
|
11
|
+
require_relative 'void/post_config'
|
12
|
+
require_relative 'void/terraform'
|
13
|
+
require_relative 'void/services'
|
14
|
+
require_relative 'void/bootloader'
|
15
|
+
require_relative 'void/finalize'
|
data/lib/getch.rb
CHANGED
@@ -1,118 +1,130 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'getch/helpers'
|
1
4
|
require_relative 'getch/options'
|
2
5
|
require_relative 'getch/states'
|
3
6
|
require_relative 'getch/gentoo'
|
7
|
+
require_relative 'getch/void'
|
8
|
+
require_relative 'getch/device'
|
4
9
|
require_relative 'getch/filesystem'
|
10
|
+
require_relative 'getch/tree'
|
11
|
+
require_relative 'getch/assembly'
|
5
12
|
require_relative 'getch/command'
|
6
|
-
require_relative 'getch/helpers'
|
7
13
|
require_relative 'getch/log'
|
8
14
|
require_relative 'getch/config'
|
15
|
+
require_relative 'getch/guard'
|
16
|
+
require_relative 'getch/version'
|
9
17
|
|
10
18
|
module Getch
|
11
19
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
disk: 'sda',
|
17
|
-
fs: 'ext4',
|
18
|
-
username: nil,
|
19
|
-
boot_disk: nil,
|
20
|
-
cache_disk: nil,
|
21
|
-
home_disk: nil,
|
20
|
+
OPTIONS = {
|
21
|
+
boot_disk: false,
|
22
|
+
disk: false,
|
23
|
+
cache_disk: false,
|
22
24
|
encrypt: false,
|
23
|
-
|
25
|
+
fs: 'ext4',
|
26
|
+
home_disk: false,
|
27
|
+
keymap: 'us',
|
28
|
+
language: 'en_US',
|
29
|
+
luks_name: 'luks',
|
30
|
+
lvm: false,
|
31
|
+
mountpoint: '/mnt/getch',
|
32
|
+
musl: false,
|
33
|
+
os: 'gentoo',
|
34
|
+
timezone: 'UTC',
|
35
|
+
username: false,
|
36
|
+
verbose: false,
|
37
|
+
vg_name: 'vg4',
|
38
|
+
zfs_name: 'pool'
|
24
39
|
}
|
25
40
|
|
26
41
|
STATES = {
|
27
|
-
:
|
28
|
-
:
|
29
|
-
:
|
30
|
-
:
|
31
|
-
:
|
32
|
-
:
|
33
|
-
:
|
42
|
+
partition: false,
|
43
|
+
format: false,
|
44
|
+
mount: false,
|
45
|
+
tarball: false,
|
46
|
+
pre_config: false,
|
47
|
+
update: false,
|
48
|
+
post_config: false,
|
49
|
+
terraform: false,
|
50
|
+
bootloader: false,
|
51
|
+
services: false,
|
52
|
+
finalize: false,
|
34
53
|
}
|
35
54
|
|
36
|
-
MOUNTPOINT =
|
37
|
-
|
38
|
-
true => {
|
39
|
-
ext4: Getch::FileSystem::Ext4::Encrypt,
|
40
|
-
lvm: Getch::FileSystem::Lvm::Encrypt,
|
41
|
-
zfs: Getch::FileSystem::Zfs::Encrypt
|
42
|
-
},
|
43
|
-
false => {
|
44
|
-
ext4: Getch::FileSystem::Ext4,
|
45
|
-
lvm: Getch::FileSystem::Lvm,
|
46
|
-
zfs: Getch::FileSystem::Zfs,
|
47
|
-
}
|
48
|
-
}.freeze
|
55
|
+
MOUNTPOINT = '/mnt/getch'
|
56
|
+
DEVS = {}
|
49
57
|
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
58
|
+
class Main
|
59
|
+
def initialize(argv)
|
60
|
+
argv[:cli]
|
61
|
+
@log = Log.new
|
62
|
+
@assembly = Assembly.new
|
63
|
+
end
|
64
|
+
|
65
|
+
def resume
|
66
|
+
STATES[:partition] && return
|
55
67
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
68
|
+
@log.fatal 'No disk, use at least getch with -d DISK' unless OPTIONS[:disk]
|
69
|
+
|
70
|
+
puts "\nBuild " + OPTIONS[:os].capitalize + " Linux with the following args:\n"
|
71
|
+
puts
|
72
|
+
puts "\tLang: #{OPTIONS[:language]}"
|
73
|
+
puts "\tTimezone: #{OPTIONS[:timezone]}"
|
74
|
+
puts "\tKeymap: #{OPTIONS[:keymap]}"
|
75
|
+
puts "\tDisk: #{OPTIONS[:disk]}"
|
76
|
+
puts "\tFilesystem: #{OPTIONS[:fs]}"
|
77
|
+
puts "\tUsername: #{OPTIONS[:username]}"
|
78
|
+
puts "\tEncrypt: #{OPTIONS[:encrypt]}"
|
79
|
+
puts "\tMusl: #{OPTIONS[:musl]}"
|
80
|
+
puts
|
81
|
+
puts "\tseparate-boot disk: #{OPTIONS[:boot_disk]}"
|
82
|
+
puts "\tseparate-cache disk: #{OPTIONS[:cache_disk]}"
|
83
|
+
puts "\tseparate-home disk: #{OPTIONS[:home_disk]}"
|
84
|
+
puts
|
85
|
+
print 'Continue? (y,N) '
|
86
|
+
case gets.chomp
|
87
|
+
when /^y|^Y/
|
88
|
+
else
|
89
|
+
exit
|
90
|
+
end
|
76
91
|
end
|
77
|
-
end
|
78
92
|
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
case gets.chomp
|
85
|
-
when /^y|^Y/
|
86
|
-
log.info("Partition start")
|
87
|
-
class_fs::Partition.new
|
88
|
-
class_fs::Format.new
|
89
|
-
else
|
90
|
-
exit 1
|
93
|
+
def prepare_disk
|
94
|
+
@assembly.clean
|
95
|
+
@assembly.partition
|
96
|
+
@assembly.format
|
97
|
+
@assembly.mount
|
91
98
|
end
|
92
|
-
end
|
93
99
|
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
gentoo.boot(options)
|
101
|
-
end
|
100
|
+
def install_system
|
101
|
+
@assembly.tarball
|
102
|
+
@assembly.pre_config
|
103
|
+
@assembly.update
|
104
|
+
@assembly.post_config
|
105
|
+
end
|
102
106
|
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
+
def terraform
|
108
|
+
@assembly.terraform
|
109
|
+
@assembly.services
|
110
|
+
end
|
111
|
+
|
112
|
+
def bootloader
|
113
|
+
@assembly.luks_keys
|
114
|
+
@assembly.bootloader
|
115
|
+
end
|
107
116
|
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
+
def finalize
|
118
|
+
@assembly.finalize
|
119
|
+
end
|
120
|
+
|
121
|
+
def configure
|
122
|
+
config = Getch::Config::Main.new
|
123
|
+
config.ethernet
|
124
|
+
config.wifi
|
125
|
+
config.dns
|
126
|
+
config.sysctl
|
127
|
+
config.shell
|
128
|
+
end
|
117
129
|
end
|
118
130
|
end
|
data/lib/luks.rb
ADDED
@@ -0,0 +1,239 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'nito'
|
4
|
+
require 'getch/log'
|
5
|
+
require 'getch/command'
|
6
|
+
|
7
|
+
module Luks
|
8
|
+
class Main
|
9
|
+
include Luks
|
10
|
+
include NiTo
|
11
|
+
|
12
|
+
Permission = Class.new(StandardError)
|
13
|
+
|
14
|
+
def initialize(disk, options)
|
15
|
+
@disk = disk
|
16
|
+
@format = options[:fs]
|
17
|
+
@mountpoint = options[:mountpoint]
|
18
|
+
@luks_type = nil
|
19
|
+
@key_dir = nil
|
20
|
+
@key_name = nil
|
21
|
+
@mount = nil
|
22
|
+
@bootloader = false
|
23
|
+
@log = Getch::Log.new
|
24
|
+
@bs = get_bs
|
25
|
+
end
|
26
|
+
|
27
|
+
def encrypt
|
28
|
+
args = @luks_type == 'luks2' ? "#{@command_args} --sector-size #{@bs}" : @command_args
|
29
|
+
@log.info "Encrypting #{@luks_name} > #{@disk}...\n"
|
30
|
+
cmd_crypt 'cryptsetup', 'luksFormat', args, "/dev/#{@disk}"
|
31
|
+
end
|
32
|
+
|
33
|
+
def encrypt_with_key
|
34
|
+
make_key
|
35
|
+
args = @luks_type == 'luks2' ?
|
36
|
+
"#{@command_args} -q --sector-size #{@bs} -d #{@full_key_path}" :
|
37
|
+
"#{@command_args} -q -d #{@full_key_path}"
|
38
|
+
@log.info "Encrypting #{@luks_name} with #{@full_key_path}...\n"
|
39
|
+
cmd_crypt 'cryptsetup', 'luksFormat', args, "/dev/#{@disk}"
|
40
|
+
end
|
41
|
+
|
42
|
+
def open
|
43
|
+
return if File.exist? "/dev/mapper/#{@luks_name}"
|
44
|
+
|
45
|
+
@log.info "Opening #{@luks_name} > #{@disk}...\n"
|
46
|
+
cmd_crypt 'cryptsetup', 'open', @command_args, "/dev/#{@disk}", @luks_name
|
47
|
+
unless File.exist? "/dev/mapper/#{@luks_name}"
|
48
|
+
raise "No dev /dev/mapper/#{@luks_name}, open it first..."
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def open_with_key(file = nil)
|
53
|
+
return if File.exist? "/dev/mapper/#{@luks_name}"
|
54
|
+
|
55
|
+
@full_key_path = "#{@mountpoint}#{@key_path}"
|
56
|
+
key = file ? file : @full_key_path
|
57
|
+
@log.info "Opening #{@luks_name} disk #{@disk} with #{key}...\n"
|
58
|
+
cmd_crypt 'cryptsetup', 'open', @command_args, '-d', key, "/dev/#{@disk}", @luks_name
|
59
|
+
end
|
60
|
+
|
61
|
+
def format
|
62
|
+
case @format
|
63
|
+
when 'ext4'
|
64
|
+
format_ext4
|
65
|
+
when 'xfs'
|
66
|
+
format_xfs
|
67
|
+
when 'fat'
|
68
|
+
format_fat
|
69
|
+
else
|
70
|
+
@log.fatal "#{@format} not yet supported."
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def external_key
|
75
|
+
make_key
|
76
|
+
@log.info "Adding key for #{@luks_name}...\n"
|
77
|
+
cmd_crypt 'cryptsetup', 'luksAddKey', "/dev/#{@disk}", @full_key_path
|
78
|
+
end
|
79
|
+
|
80
|
+
def write_config
|
81
|
+
config
|
82
|
+
perm
|
83
|
+
end
|
84
|
+
|
85
|
+
def mount
|
86
|
+
mountpoint = @luks_name =~ /^root/ ? @mountpoint : "#{@mountpoint}#{@mount}"
|
87
|
+
NiTo.mount "/dev/mapper/#{@luks_name}", mountpoint
|
88
|
+
end
|
89
|
+
|
90
|
+
def close
|
91
|
+
return unless File.exist? "/dev/mapper/#{@luks_name}"
|
92
|
+
|
93
|
+
@log.info "Closing #{@luks_name}...\n"
|
94
|
+
cmd_crypt 'cryptsetup', 'close', @luks_name
|
95
|
+
end
|
96
|
+
|
97
|
+
def gen_datas
|
98
|
+
end
|
99
|
+
|
100
|
+
protected
|
101
|
+
|
102
|
+
def make_key
|
103
|
+
@key_path = "#{@key_dir}/#{@key_name}"
|
104
|
+
@full_key_path = "#{@mountpoint}#{@key_path}"
|
105
|
+
@log.info "Generating key...\n"
|
106
|
+
mkdir "#{@mountpoint}#{@key_dir}"
|
107
|
+
sh 'dd', 'bs=512', 'count=8', 'iflag=fullblock', 'if=/dev/urandom', "of=#{@full_key_path}"
|
108
|
+
end
|
109
|
+
|
110
|
+
# https://wiki.archlinux.org/title/Advanced_Format#File_systems
|
111
|
+
def format_ext4
|
112
|
+
@log.info "Formating disk with #{@format}...\n"
|
113
|
+
sh 'mkfs.ext4', '-F', '-b', @bs, "/dev/mapper/#{@luks_name}"
|
114
|
+
end
|
115
|
+
|
116
|
+
# https://wiki.archlinux.org/title/Advanced_Format#File_systems
|
117
|
+
def format_xfs
|
118
|
+
@log.info "Formating disk with #{@format}...\n"
|
119
|
+
sh 'mkfs.xfs', '-f', '-s', "size=#{@bs}", "/dev/mapper/#{@luks_name}"
|
120
|
+
end
|
121
|
+
|
122
|
+
def config
|
123
|
+
@key_path = "#{@key_dir}/#{@key_name}"
|
124
|
+
uuid = Getch::Helpers.uuid @disk
|
125
|
+
@log.info "Writing configs for #{@luks_name}...\n"
|
126
|
+
|
127
|
+
@log.info " * Writing #{@mountpoint}/etc/crypttab..."
|
128
|
+
line = "#{@luks_name} UUID=#{uuid} #{@key_path} luks"
|
129
|
+
echo_a "#{@mountpoint}/etc/crypttab", line
|
130
|
+
@log.result_ok
|
131
|
+
|
132
|
+
config_openrc
|
133
|
+
config_grub
|
134
|
+
end
|
135
|
+
|
136
|
+
# https://wiki.gentoo.org/wiki/Dm-crypt#Configuring_dm-crypt
|
137
|
+
def config_openrc
|
138
|
+
Getch::Helpers.openrc? || return
|
139
|
+
|
140
|
+
conf = "#{@mountpoint}/etc/conf.d/dmcrypt"
|
141
|
+
uuid = Getch::Helpers.uuid @disk
|
142
|
+
echo_a conf, "target=#{@luks_name}"
|
143
|
+
echo_a conf, "source=UUID=\"#{uuid}\""
|
144
|
+
echo_a conf, "key=#{@key_path}"
|
145
|
+
end
|
146
|
+
|
147
|
+
def config_grub
|
148
|
+
return unless @bootloader
|
149
|
+
|
150
|
+
if Getch::Helpers.grub?
|
151
|
+
@log.info ' * Writing to /etc/default/grub...'
|
152
|
+
line = 'GRUB_ENABLE_CRYPTODISK=y'
|
153
|
+
echo_a "#{@mountpoint}/etc/default/grub", line
|
154
|
+
@log.result_ok
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
def perm
|
159
|
+
@key_path = "#{@key_dir}/#{@key_name}"
|
160
|
+
@full_key_path = "#{@mountpoint}#{@key_path}"
|
161
|
+
@log.info "Enforcing permission on #{@full_key_path}..."
|
162
|
+
File.chmod 0400, "#{@mountpoint}#{@key_dir}"
|
163
|
+
File.chmod 0000, @full_key_path
|
164
|
+
File.chown 0, 0, @full_key_path
|
165
|
+
@log.result_ok
|
166
|
+
end
|
167
|
+
|
168
|
+
private
|
169
|
+
|
170
|
+
def get_bs
|
171
|
+
@disk || @log.fatal("No disk for #{@luks_name}.")
|
172
|
+
|
173
|
+
sh 'blockdev', '--getpbsz', "/dev/#{@disk}"
|
174
|
+
end
|
175
|
+
|
176
|
+
def cmd_crypt_raw(*args)
|
177
|
+
system args.join(' ')
|
178
|
+
return if $?.exitstatus == 0
|
179
|
+
|
180
|
+
@log.dbg args.join(' ')
|
181
|
+
@log.dbg $?
|
182
|
+
@log.fatal 'die'
|
183
|
+
end
|
184
|
+
|
185
|
+
def cmd_crypt(*args)
|
186
|
+
cmd_crypt_raw args
|
187
|
+
rescue => e
|
188
|
+
@log.fatal e
|
189
|
+
end
|
190
|
+
|
191
|
+
def sh(*args)
|
192
|
+
Getch::Command.new(args)
|
193
|
+
end
|
194
|
+
end
|
195
|
+
|
196
|
+
# Boot can decrypt the root (/)
|
197
|
+
class Boot < Main
|
198
|
+
def initialize(disk, options)
|
199
|
+
super
|
200
|
+
@luks_type = 'luks1'
|
201
|
+
@key_dir = '/boot'
|
202
|
+
@key_name = 'boot.key'
|
203
|
+
@bootloader = true
|
204
|
+
@mount = '/boot'
|
205
|
+
@luks = options[:luks_name]
|
206
|
+
@luks_name = "boot-#{@luks}"
|
207
|
+
@command_args = "--type #{@luks_type}"
|
208
|
+
end
|
209
|
+
end
|
210
|
+
|
211
|
+
# Root can decrypt the /home or other devs
|
212
|
+
class Root < Main
|
213
|
+
def initialize(disk, options)
|
214
|
+
super
|
215
|
+
@luks_type = 'luks2'
|
216
|
+
@key_dir = '/boot'
|
217
|
+
@key_name = 'root.key'
|
218
|
+
@luks = options[:luks_name]
|
219
|
+
@luks_name = "root-#{@luks}"
|
220
|
+
@mount = '/'
|
221
|
+
@command_args = "--type #{@luks_type}"
|
222
|
+
@bootloader = false
|
223
|
+
end
|
224
|
+
end
|
225
|
+
|
226
|
+
class Home < Main
|
227
|
+
def initialize(disk, options)
|
228
|
+
super
|
229
|
+
@luks_type = 'luks2'
|
230
|
+
@key_dir = '/root/keys'
|
231
|
+
@key_name = 'home.key'
|
232
|
+
@mount = '/home'
|
233
|
+
@command_args = "--type #{@luks_type}"
|
234
|
+
@luks = options[:luks_name]
|
235
|
+
@luks_name = "home-#{@luks}"
|
236
|
+
@bootloader = false
|
237
|
+
end
|
238
|
+
end
|
239
|
+
end
|