getch 0.1.3 → 0.3.0

data/lib/getch/gentoo/sources.rb

@@ -1,86 +1,116 @@
+# frozen_string_literal: true
+
+require 'cmdline'
+require 'nito'
+
 module Getch
   module Gentoo
     class Sources
+      include NiTo
+
       def initialize
+        @log = Log.new
         @lsmod = `lsmod`.chomp
-        @filesystem = Getch.class_fs::Deps.new()
+        x
       end
 
-      def build_others
-        cryptsetup
-        virtualbox_guest
-        qemu_guest
-        install_wifi
-        install_audio
+      protected
+
+      def x
+        bask
+        gen_cmdline
+        grub_mkconfig
+        use_flags
+        make
       end
 
-      def build_kspp
-        puts "Adding KSPP to the kernel source"
-        bask("-b -a systemd")
+      def bask
+        @log.info "Kernel hardening...\n"
+        #Getch::Bask.new('10_kspp.config').cp
+        Getch::Bask.new('11-kspp-gcc.config').cp
+        Getch::Bask.new('12-kspp-x86_64.config').cp
+        #Getch::Bask.new('20-clipos.config').cp
+        Getch::Bask.new('30-grsecurity.config').cp
+        #Getch::Bask.new('40-kconfig-hardened.config').cp
+        Getch::Bask.new('50-blacklist.config').cp
+        Getch::Bask.new('51-blacklist-madaidans.config').cp
       end
 
-      def make
-        if DEFAULT_OPTIONS[:fs] == 'lvm' || DEFAULT_OPTIONS[:fs] == 'zfs' || DEFAULT_OPTIONS[:encrypt]
-          @filesystem.make
-        else
-          make_kernel
-        end
+      def gen_cmdline
+        cmdline = CmdLine::Kernel.new(workdir: "#{MOUNTPOINT}/etc/kernel")
+        cmdline.main
       end
 
-      private
+      def grub_mkconfig
+        return if Helpers.systemd? and Helpers.efi?
 
-      def make_kernel
-        puts "Compiling kernel sources"
-        cmd = "make -j$(nproc) && make modules_install && make install"
-        Getch::Make.new(cmd).run!
-        is_kernel = Dir.glob("#{MOUNTPOINT}/boot/vmlinuz-*")
-        raise "No kernel installed, compiling source fail..." if is_kernel == []
-      end
+        file = "#{OPTIONS[:mountpoint]}/etc/kernel/postinst.d/90-mkconfig.install"
+        content = <<~SHELL
+#!/usr/bin/env sh
+set -o errexit
 
-      def cryptsetup
-        return unless DEFAULT_OPTIONS[:encrypt]
-        make_conf = "#{MOUNTPOINT}/etc/portage/make.conf"
+if ! hash grub-mkconfig ; then
+ exit 0
+fi
+grub-mkconfig -o /boot/grub/grub.cfg
+SHELL
+        mkdir "#{OPTIONS[:mountpoint]}/etc/kernel/postinst.d"
+        File.write file, content
+        File.chmod 0755, file
+      end
 
-        puts "Adding support for cryptsetup."
-        bask("-a cryptsetup")
-        Getch::Chroot.new("euse -E cryptsetup").run! unless Helpers::grep?(make_conf, /cryptsetup/)
-        Getch::Emerge.new("sys-fs/cryptsetup").pkg!
+      def use_flags
+        use = Getch::Gentoo::Use.new('sys-kernel/gentoo-kernel')
+        use.add('hardened')
       end
 
-      def virtualbox_guest
-        systemd=`systemd-detect-virt`.chomp
-        return if ! ismatch?('vmwgfx') || systemd.match(/none/)
-        bask("-a virtualbox-guest")
-        Getch::Emerge.new("app-emulation/virtualbox-guest-additions").pkg!
+      # https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Kernel#Alternative:_Using_distribution_kernels
+      def make
+        Helpers.systemd? ?
+          Install.new('sys-kernel/installkernel-systemd-boot') :
+          Install.new('sys-kernel/installkernel-gentoo')
+
+        #Install.new 'sys-kernel/gentoo-kernel'
+        Install.new 'sys-kernel/gentoo-kernel-bin'
       end
 
-      def qemu_guest
-        bask("-a kvm-host") if ismatch?('kvm')
-        bask("-a kvm-guest") if ismatch?('virtio')
+      def load_modules
+        wifi
+        flash_mod
       end
 
+      private
+
       def ismatch?(arg)
         @lsmod.match?(/#{arg}/)
       end
 
-      def bask(cmd)
-        Getch::Bask.new(cmd).run!
-      end
+      def wifi
+        return unless ismatch?('cfg80211')
+
+        conf = "#{MOUNTPOINT}/etc/modules-load.d/wifi.conf"
+        File.delete(conf) if File.exist? conf
 
-      def install_wifi
-        return if ! ismatch?('cfg80211')
-        bask("-a wifi")
-        wifi_drivers
-        Getch::Emerge.new("net-wireless/iw wpa_supplicant net-wireless/iwd").pkg!
+        module_load('iwlmvm', conf)
+        module_load('ath9k', conf)
       end
 
-      def install_audio
-        return if ! ismatch?('snd_pcm')
-        bask("-a sound")
+      def flash_mod
+        conf = "#{MOUNTPOINT}/etc/modules-load.d/usb.conf"
+        File.delete(conf) if File.exist? conf
+
+        module_load('ehci_pci', conf)
+        module_load('rtsx_pci_sdmmc', conf)
+        module_load('sdhci_pci', conf)
+        module_load('uas', conf)
+        module_load('uhci_hcd', conf)
+        module_load('xhci_pci', conf)
       end
 
-      def wifi_drivers
-        bask("-a ath9k-driver") if ismatch?('ath9k')
+      def module_load(name, file)
+        return unless ismatch?(name)
+
+        File.write(file, "#{name}\n", mode: 'a')
       end
     end
   end

data/lib/getch/gentoo/tarball.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require 'open-uri'
+require 'open3'
+
+module Getch
+  module Gentoo
+    class Tarball
+      def initialize
+        @log = Log.new
+        @mirror = 'https://mirror.rackspace.com/gentoo'
+        @release = release
+        @stage_file = OPTIONS[:musl] ?
+          "stage3-amd64-musl-#{@release}.tar.xz" :
+          "stage3-amd64-systemd-#{@release}.tar.xz"
+      end
+
+      def x
+        get_stage3
+        control_files
+        checksum
+        install
+      end
+
+      protected
+
+      def stage3
+        OPTIONS[:musl] ?
+          @mirror + '/releases/amd64/autobuilds/latest-stage3-amd64-musl.txt' :
+          @mirror + '/releases/amd64/autobuilds/latest-stage3-amd64-systemd.txt'
+      end
+
+      def release
+        URI.open(stage3) do |file|
+          file.read.match(/^[[:alnum:]]+/)
+        end
+      rescue Net::OpenTimeout => e
+        @log.fatal "Problem with DNS? #{e}"
+      end
+
+      def file
+        "#{@release}/#{@stage_file}"
+      end
+
+      def get_stage3
+        Dir.chdir OPTIONS[:mountpoint]
+        return if File.exist? @stage_file
+
+        @log.info "wget #{@stage_file}, please wait...\n"
+        Helpers.get_file_online(@mirror + '/releases/amd64/autobuilds/' + file, @stage_file)
+      end
+
+      def control_files
+        @log.info "Download other files..."
+        ['DIGESTS', 'asc', 'CONTENTS.gz'].each do |f|
+          Helpers.get_file_online("#{@mirror}/releases/amd64/autobuilds/#{file}.#{f}", "#{@stage_file}.#{f}")
+        end
+        @log.result_ok
+      end
+
+      def checksum
+        @log.info 'Checking SHA512 checksum...'
+        command = "awk '/SHA512 HASH/{getline;print}' #{@stage_file}.DIGESTS | sha512sum --check"
+        _, stderr, status = Open3.capture3(command)
+        if status.success? then
+          @log.result_ok
+        else
+          cleaning
+          @log.fatal "Problem with the checksum, stderr\n#{stderr}"
+        end
+      end
+
+      def install
+        decompress
+        cleaning
+      end
+
+      private
+
+      # https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Stage
+      def decompress
+        cmd = "tar xpf #{@stage_file} --xattrs-include=\'*.*\' --numeric-owner"
+        Getch::Command.new(cmd)
+      end
+
+      def cleaning
+        Dir.glob('stage3-amd64-*').each { |f| File.delete(f) }
+      end
+    end
+  end
+end

data/lib/getch/gentoo/terraform.rb

@@ -0,0 +1,34 @@
+module Getch
+  module Gentoo
+    class Terraform
+      def initialize
+        x
+      end
+
+      protected
+
+      def x
+        Gentoo::Sources.new
+        install_pkgs
+        emerge_deep
+      end
+
+      def install_pkgs
+        @pkgs = 'app-portage/gentoolkit'
+        @pkgs << ' app-admin/sudo'
+        @pkgs << ' app-editors/vim'
+        @pkgs << ' net-firewall/iptables'
+        @pkgs << ' net-wireless/iwd'
+        @pkgs << ' net-misc/dhcpcd' unless Helpers.systemd?
+        @pkgs << ' sys-kernel/linux-firmware'
+        @pkgs << ' sys-firmware/intel-microcode'
+        @pkgs << ' sys-fs/dosfstools' if Helpers.efi?
+        Install.new(@pkgs)
+      end
+
+      def emerge_deep
+        ChrootOutput.new('emerge --deep --newuse @world')
+      end
+    end
+  end
+end

data/lib/getch/gentoo/update.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'nito'
+
+module Getch
+  module Gentoo
+    class Update
+      include NiTo
+
+      def initialize
+        @log = Log.new
+        x
+      end
+
+      protected
+
+      def x
+        sync
+        add_musl_repo if OPTIONS[:musl]
+        update
+      end
+
+      private
+
+      def sync
+        gentoo_conf = "#{OPTIONS[:mountpoint]}/etc/portage/repos.conf/gentoo.conf"
+        @log.info "Synchronize index, please waiting...\n"
+        ChrootOutput.new('emaint sync --auto')
+        sed gentoo_conf, /^sync-type/, 'sync-type = rsync'
+      end
+
+      def add_musl_repo
+        Install.new('dev-vcs/git')
+
+        file = "#{OPTIONS[:mountpoint]}/etc/portage/repos.conf/musl.conf"
+        content = <<~CONF
+        [musl]
+        location = /var/db/repos/musl
+        sync-type = git
+        sync-uri = https://github.com/gentoo/musl.git
+        auto-sync = Yes
+        CONF
+        File.write file, "#{content}\n"
+
+        ChrootOutput.new('emaint sync -r musl')
+      end
+
+      def update
+        cmd = 'emerge --update --deep --newuse @world'
+        ChrootOutput.new(cmd)
+      end
+    end
+  end
+end

data/lib/getch/gentoo/use.rb

@@ -1,11 +1,17 @@
+# frozen_string_literal: true
+
+require 'nito'
+
 module Getch
   module Gentoo
     class Use
+      include NiTo
+
       def initialize(pkg = nil)
-        @use_dir = "#{MOUNTPOINT}/etc/portage/package.use"
+        @use_dir = "#{OPTIONS[:mountpoint]}/etc/portage/package.use"
         @pkg = pkg
         @file = @pkg ? @pkg.match(/[\w]+$/) : nil
-        @make = "#{MOUNTPOINT}/etc/portage/make.conf"
+        @make = "#{OPTIONS[:mountpoint]}/etc/portage/make.conf"
       end
 
       def add(*flags)
@@ -22,21 +28,14 @@ module Getch
 
       def write
         content = "#{@pkg} #{@flags}\n"
-        File.write("#{@use_dir}/#{@file}", content, mode: 'w')
+        echo "#{@use_dir}/#{@file}", content
       end
 
       def write_global
         list = []
-
-        @flags.each { |f|
-          unless Helpers::grep?(@make, /#{f}/)
-            list << f
-          end
-        }
-
+        @flags.each { |f| list << f unless grep?(@make, f) }
         use = list.join(' ')
-        line = "USE=\"${USE} #{use}\"\n"
-        File.write(@make, line, mode: 'a')
+        echo_a @make, "USE=\"${USE} #{use}\""
       end
     end
   end

data/lib/getch/gentoo/use_flag.rb

@@ -1,64 +1,86 @@
-# lib/use_flag.rb
+# frozen_string_literal: true
 
-module Getch::Gentoo
-  class UseFlag
-    def initialize(options)
-      @efi = Helpers::efi?
-      @o = options
-    end
+module Getch
+  module Gentoo
+    class UseFlag
+      def initialize
+        x
+      end
 
-    def apply
-      systemd
-      kmod
-      grub
-      zfs
-      lvm
-      cryptsetup
-    end
+      protected
 
-    private
+      def x
+        dist_kernel
+        systemd
+        pam
+        kmod
+        grub
+        zfs
+        lvm
+        cryptsetup
+      end
 
-    def systemd
-      flags = []
-      use = Getch::Gentoo::Use.new('sys-apps/systemd')
-      flags << 'dns-over-tls'
-      flags << 'gnuefi' if @efi
-      use.add(flags)
-    end
+      private
 
-    def kmod
-      use = Getch::Gentoo::Use.new('sys-apps/kmod')
-      use.add('zstd', 'lzma')
-    end
+      # https://wiki.gentoo.org/wiki/Project:Distribution_Kernel#Trying_it_out
+      def dist_kernel
+        use = Getch::Gentoo::Use.new
+        use.add_global('dist-kernel')
+      end
 
-    def grub
-      return if @efi
-      flags = []
-      use = Getch::Gentoo::Use.new('sys-boot/grub')
-      flags << '-grub_platforms_efi-64'
-      flags << 'libzfs' if @o.fs == 'zfs'
-      flags << 'device-mapper' if @o.fs == 'lvm'
-      use.add(flags)
-    end
+      def systemd
+        return unless Helpers.systemd?
 
-    def zfs
-      return unless @o.fs == 'zfs'
-      use = Getch::Gentoo::Use.new('sys-fs/zfs-kmod')
-      use.add('rootfs')
-      use = Getch::Gentoo::Use.new('sys-fs/zfs')
-      use.add('rootfs')
-    end
+        flags = []
+        use = Getch::Gentoo::Use.new('sys-apps/systemd')
+        flags << 'dns-over-tls'
+        flags << 'gnuefi' if Helpers.efi?
+        use.add(flags)
+      end
 
-    def lvm
-      return unless @o.fs == 'lvm'
-      use = Getch::Gentoo::Use.new
-      use.add_global('lvm', 'device-mapper')
-    end
+      def pam
+        flags = []
+        use = Getch::Gentoo::Use.new('sys-auth/pambase')
+        flags << 'sha512'
+        use.add(flags)
+      end
+
+      def kmod
+        use = Getch::Gentoo::Use.new('sys-apps/kmod')
+        use.add('zstd', 'lzma')
+      end
+
+      def grub
+        flags = []
+        use = Getch::Gentoo::Use.new('sys-boot/grub')
+        flags << '-grub_platforms_efi-64' unless Helpers.efi?
+        flags << 'libzfs' if OPTIONS[:fs] == 'zfs'
+        flags << 'device-mapper' if OPTIONS[:fs] == 'lvm' or OPTIONS[:encrypt]
+        use.add(flags)
+      end
+
+      def zfs
+        return unless Getch::OPTIONS[:fs] == 'zfs'
+
+        use = Getch::Gentoo::Use.new('sys-fs/zfs-kmod')
+        use.add('rootfs')
+        use = Getch::Gentoo::Use.new('sys-fs/zfs')
+        use.add('rootfs')
+      end
+
+      def lvm
+        return unless Getch::OPTIONS[:fs] == 'lvm'
+
+        use = Getch::Gentoo::Use.new
+        use.add_global('lvm', 'device-mapper')
+      end
+
+      def cryptsetup
+        return unless Getch::OPTIONS[:encrypt]
 
-    def cryptsetup
-      return unless @o.encrypt
-      use = Getch::Gentoo::Use.new
-      use.add_global('cryptsetup')
+        use = Getch::Gentoo::Use.new
+        use.add_global('cryptsetup')
+      end
     end
   end
 end

data/lib/getch/gentoo.rb

@@ -1,71 +1,19 @@
-require_relative 'gentoo/stage'
-require_relative 'gentoo/config'
-require_relative 'gentoo/chroot'
+# frozen_string_literal: true
+
 require_relative 'gentoo/sources'
-require_relative 'gentoo/boot'
 require_relative 'gentoo/use'
 require_relative 'gentoo/use_flag'
 
 module Getch
   module Gentoo
-    class << self
-      def new
-        @state = Getch::States.new()
-      end
-
-      def stage3
-        return if STATES[:gentoo_base]
-        new
-        stage = Getch::Gentoo::Stage.new()
-        stage.get_stage3
-        stage.control_files
-        stage.checksum
-        @state.stage3
-      end
-
-      def config(options)
-        return if STATES[:gentoo_config]
-        new
-        config = Getch::Gentoo::Config.new()
-        config.portage
-        config.portage_fs
-        config.repo
-        config.network
-        config.systemd(options)
-        config.hostname
-        @state.config
-      end
-
-      def chroot(options)
-        chroot = Getch::Gentoo::Chroot.new()
-        chroot.update
-        chroot.cpuflags
-        chroot.systemd
-
-        flags = Getch::Gentoo::UseFlag.new(options)
-        flags.apply
-
-        chroot.world
-        return if STATES[:gentoo_kernel]
-        chroot.kernel
-        chroot.kernel_deps
-        chroot.install_pkgs
-      end
-
-      def kernel
-        return if STATES[:gentoo_kernel]
-        source = Getch::Gentoo::Sources.new()
-        new
-        source.build_kspp
-        source.build_others
-        source.make
-        @state.kernel
-      end
-
-      def boot(options)
-        boot = Getch::Gentoo::Boot.new(options)
-        boot.start
-      end
-    end
   end
 end
+
+require_relative 'gentoo/tarball'
+require_relative 'gentoo/pre_config'
+require_relative 'gentoo/update'
+require_relative 'gentoo/post_config'
+require_relative 'gentoo/terraform'
+require_relative 'gentoo/services'
+require_relative 'gentoo/bootloader'
+require_relative 'gentoo/finalize'

data/lib/getch/guard.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+class InvalidDisk < StandardError
+end
+
+class InvalidFormat < StandardError
+end
+
+class InvalidZone < StandardError
+end
+
+class InvalidKeymap < StandardError
+end
+
+module Getch
+  module Guard
+    def self.disk(name)
+      raise InvalidDisk, 'No disk.' unless name
+      raise InvalidDisk, "Bad device name #{name}." unless name.match(/^sd[a-z]{1}$/)
+      raise InvalidDisk, "Disk /dev/#{name} no found." unless File.exist? "/dev/#{name}"
+
+      name
+    rescue InvalidDisk => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def self.format(name)
+      raise InvalidFormat, 'No format specified.' unless name
+      raise InvalidFormat, "Format #{name} not yet available." if name.match(/btrfs|xfs/)
+      raise InvalidFormat, "Format #{name} not supported." unless name.match(/zfs|ext4/)
+
+      name
+    rescue InvalidFormat => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def self.zone(name)
+      raise InvalidZone, 'No zoneinfo specified.' unless name
+      raise InvalidZone, 'Directory /usr/share/zoneinfo/ no found on this system...' unless Dir.exist? '/usr/share/zoneinfo/'
+      raise InvalidZone, "Zoneinfo #{name} is no found in /usr/share/zoneinfo/." unless File.exist? "/usr/share/zoneinfo/#{name}"
+
+      name
+    rescue InvalidZone => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+
+    def self.keymap(name)
+      raise InvalidKeymap, 'No keymap specified.' unless name
+
+      key = []
+
+      if Dir.exist? '/usr/share/keymaps'
+        key = Dir.glob("/usr/share/keymaps/**/#{name}.map.gz")
+      elsif Dir.exist? '/usr/share/kbd/keymaps'
+        key = Dir.glob("/usr/share/kbd/keymaps/**/#{name}.map.gz")
+      else
+        raise InvalidKeymap, 'No directory found for keymap.'
+      end
+
+      raise InvalidKeymap, "Keymap #{name} no found." if key == []
+
+      name
+    rescue InvalidKeymap => e
+      puts "#{e.class} => #{e}"
+      exit 1
+    end
+  end
+end