getch 0.1.5 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +64 -24
- data/assets/network-stack.conf +63 -0
- data/bin/getch +12 -4
- data/lib/getch.rb +113 -78
- data/lib/getch/command.rb +1 -1
- data/lib/getch/config.rb +33 -49
- data/lib/getch/config/gentoo.rb +59 -0
- data/lib/getch/config/void.rb +49 -0
- data/lib/getch/filesystem/.mount.rb.swp +0 -0
- data/lib/getch/filesystem/device.rb +5 -5
- data/lib/getch/filesystem/ext4.rb +1 -0
- data/lib/getch/filesystem/ext4/encrypt.rb +1 -0
- data/lib/getch/filesystem/ext4/encrypt/config.rb +2 -2
- data/lib/getch/filesystem/ext4/encrypt/format.rb +0 -1
- data/lib/getch/filesystem/ext4/encrypt/mount.rb +0 -1
- data/lib/getch/filesystem/ext4/encrypt/partition.rb +10 -16
- data/lib/getch/filesystem/ext4/encrypt/void.rb +100 -0
- data/lib/getch/filesystem/ext4/format.rb +1 -1
- data/lib/getch/filesystem/ext4/void.rb +43 -0
- data/lib/getch/filesystem/lvm.rb +1 -0
- data/lib/getch/filesystem/lvm/encrypt.rb +1 -0
- data/lib/getch/filesystem/lvm/encrypt/config.rb +2 -2
- data/lib/getch/filesystem/lvm/encrypt/format.rb +1 -2
- data/lib/getch/filesystem/lvm/encrypt/mount.rb +1 -2
- data/lib/getch/filesystem/lvm/encrypt/partition.rb +10 -7
- data/lib/getch/filesystem/lvm/encrypt/void.rb +100 -0
- data/lib/getch/filesystem/lvm/format.rb +1 -1
- data/lib/getch/filesystem/lvm/void.rb +45 -0
- data/lib/getch/filesystem/partition.rb +4 -4
- data/lib/getch/filesystem/zfs.rb +1 -0
- data/lib/getch/filesystem/zfs/config.rb +3 -3
- data/lib/getch/filesystem/zfs/deps.rb +11 -4
- data/lib/getch/filesystem/zfs/device.rb +6 -0
- data/lib/getch/filesystem/zfs/encrypt.rb +1 -0
- data/lib/getch/filesystem/zfs/encrypt/.mount.rb.swp +0 -0
- data/lib/getch/filesystem/zfs/encrypt/config.rb +5 -5
- data/lib/getch/filesystem/zfs/encrypt/deps.rb +11 -4
- data/lib/getch/filesystem/zfs/encrypt/device.rb +6 -0
- data/lib/getch/filesystem/zfs/encrypt/format.rb +9 -10
- data/lib/getch/filesystem/zfs/encrypt/mount.rb +5 -9
- data/lib/getch/filesystem/zfs/encrypt/partition.rb +3 -1
- data/lib/getch/filesystem/zfs/encrypt/void.rb +96 -0
- data/lib/getch/filesystem/zfs/format.rb +9 -9
- data/lib/getch/filesystem/zfs/mount.rb +5 -8
- data/lib/getch/filesystem/zfs/partition.rb +2 -1
- data/lib/getch/filesystem/zfs/void.rb +81 -0
- data/lib/getch/gentoo.rb +12 -15
- data/lib/getch/gentoo/boot.rb +7 -4
- data/lib/getch/gentoo/config.rb +8 -8
- data/lib/getch/gentoo/sources.rb +6 -3
- data/lib/getch/gentoo/stage.rb +0 -1
- data/lib/getch/gentoo/use_flag.rb +6 -7
- data/lib/getch/guard.rb +3 -1
- data/lib/getch/helpers.rb +107 -1
- data/lib/getch/log.rb +3 -2
- data/lib/getch/options.rb +41 -34
- data/lib/getch/version.rb +1 -1
- data/lib/getch/void.rb +59 -0
- data/lib/getch/void/boot.rb +80 -0
- data/lib/getch/void/chroot.rb +55 -0
- data/lib/getch/void/config.rb +87 -0
- data/lib/getch/void/stage.rb +70 -0
- metadata +22 -9
- metadata.gz.sig +0 -0
- data/.gitignore +0 -2
- data/CHANGELOG.md +0 -99
- data/Rakefile +0 -21
- data/bin/setup.sh +0 -90
- data/getch.gemspec +0 -25
data/lib/getch/command.rb
CHANGED
data/lib/getch/config.rb
CHANGED
@@ -1,58 +1,42 @@
|
|
1
|
+
require_relative 'config/gentoo'
|
2
|
+
require_relative 'config/void'
|
3
|
+
|
4
|
+
CONFIG_LOAD = {
|
5
|
+
gentoo: Getch::Config::Gentoo,
|
6
|
+
void: Getch::Config::Void
|
7
|
+
}.freeze
|
8
|
+
|
1
9
|
module Getch
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
10
|
+
module Config
|
11
|
+
class Main
|
12
|
+
def initialize
|
13
|
+
os = OPTIONS[:os].to_sym
|
14
|
+
@load = CONFIG_LOAD[os].new
|
15
|
+
end
|
6
16
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
resolved
|
11
|
-
Getch::Chroot.new('systemctl enable systemd-networkd').run!
|
12
|
-
Getch::Chroot.new('systemctl enable systemd-resolved').run!
|
13
|
-
end
|
17
|
+
def ethernet
|
18
|
+
@load.ethernet
|
19
|
+
end
|
14
20
|
|
15
|
-
|
21
|
+
def dns
|
22
|
+
@load.dns
|
23
|
+
end
|
16
24
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
"[Match]",
|
21
|
-
"Name=en*",
|
22
|
-
"Name=eth*",
|
23
|
-
"[Network]",
|
24
|
-
"DHCP=yes",
|
25
|
-
"IPv6PrivacyExtensions=yes",
|
26
|
-
"[DHCP]",
|
27
|
-
"RouteMetric=512"
|
28
|
-
]
|
29
|
-
File.write(conf, datas.join("\n"), mode: 'w')
|
30
|
-
end
|
25
|
+
def wifi
|
26
|
+
@load.wifi
|
27
|
+
end
|
31
28
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
"[Match]",
|
36
|
-
"Name=wlp*",
|
37
|
-
"Name=wlan*",
|
38
|
-
"[Network]",
|
39
|
-
"DHCP=yes",
|
40
|
-
"IPv6PrivacyExtensions=yes",
|
41
|
-
"[DHCP]",
|
42
|
-
"RouteMetric=1024",
|
43
|
-
]
|
44
|
-
File.write(conf, datas.join("\n"), mode: 'w')
|
45
|
-
end
|
29
|
+
def sysctl
|
30
|
+
pwd = File.expand_path(File.dirname(__FILE__))
|
31
|
+
dest = "#{Getch::MOUNTPOINT}/etc/sysctl.d/"
|
46
32
|
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
Helpers::create_dir("#{@systemd_net_dir}/resolved.conf.d")
|
55
|
-
File.write(conf, datas.join("\n"), mode: 'w')
|
33
|
+
Helpers::mkdir dest
|
34
|
+
Helpers::cp("#{pwd}/../../assets/network-stack.conf", dest)
|
35
|
+
end
|
36
|
+
|
37
|
+
def shell
|
38
|
+
@load.shell
|
39
|
+
end
|
56
40
|
end
|
57
41
|
end
|
58
42
|
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
module Getch
|
2
|
+
module Config
|
3
|
+
class Gentoo
|
4
|
+
def initialize
|
5
|
+
@systemd_net_dir = "#{MOUNTPOINT}/etc/systemd"
|
6
|
+
end
|
7
|
+
|
8
|
+
def ethernet
|
9
|
+
conf = "#{@systemd_net_dir}/network/20-ethernet.network"
|
10
|
+
datas = [
|
11
|
+
"[Match]",
|
12
|
+
"Name=en*",
|
13
|
+
"Name=eth*",
|
14
|
+
"[Network]",
|
15
|
+
"DHCP=yes",
|
16
|
+
"IPv6PrivacyExtensions=yes",
|
17
|
+
"[DHCP]",
|
18
|
+
"RouteMetric=512",
|
19
|
+
"",
|
20
|
+
]
|
21
|
+
File.write(conf, datas.join("\n"), mode: 'w')
|
22
|
+
end
|
23
|
+
|
24
|
+
def wifi
|
25
|
+
conf = "#{@systemd_net_dir}/network/20-wireless.network"
|
26
|
+
datas = [
|
27
|
+
"[Match]",
|
28
|
+
"Name=wlp*",
|
29
|
+
"Name=wlan*",
|
30
|
+
"[Network]",
|
31
|
+
"DHCP=yes",
|
32
|
+
"IPv6PrivacyExtensions=yes",
|
33
|
+
"[DHCP]",
|
34
|
+
"RouteMetric=1024",
|
35
|
+
"",
|
36
|
+
]
|
37
|
+
File.write(conf, datas.join("\n"), mode: 'w')
|
38
|
+
end
|
39
|
+
|
40
|
+
def dns
|
41
|
+
conf = "#{@systemd_net_dir}/resolved.conf.d/dns_over_tls.conf"
|
42
|
+
datas = [
|
43
|
+
"[Resolve]",
|
44
|
+
"DNS=9.9.9.9#dns.quad9.net",
|
45
|
+
"DNSOverTLS=yes",
|
46
|
+
"",
|
47
|
+
]
|
48
|
+
Helpers::create_dir("#{@systemd_net_dir}/resolved.conf.d")
|
49
|
+
File.write(conf, datas.join("\n"), mode: 'w')
|
50
|
+
|
51
|
+
Getch::Chroot.new('systemctl enable systemd-networkd').run!
|
52
|
+
Getch::Chroot.new('systemctl enable systemd-resolved').run!
|
53
|
+
end
|
54
|
+
|
55
|
+
def shell
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require_relative '../helpers'
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module Config
|
5
|
+
class Void
|
6
|
+
include Helpers::Void
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
@service_dir = "/etc/runit/runsvdir/default/"
|
10
|
+
end
|
11
|
+
|
12
|
+
# Enable dhcpcd service
|
13
|
+
def ethernet
|
14
|
+
command "ln -fs /etc/sv/dhcpcd #{@service_dir}"
|
15
|
+
end
|
16
|
+
|
17
|
+
# with Quad9
|
18
|
+
# https://www.dnsknowledge.com/tutorials/how-to-setup-quad9-dns-on-a-linux/
|
19
|
+
def dns
|
20
|
+
conf = "#{MOUNTPOINT}/etc/resolv.conf"
|
21
|
+
content = [
|
22
|
+
"nameserver 9.9.9.9",
|
23
|
+
"nameserver 2620:fe::fe",
|
24
|
+
"options rotate",
|
25
|
+
"",
|
26
|
+
]
|
27
|
+
File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
|
28
|
+
end
|
29
|
+
|
30
|
+
# https://docs.voidlinux.org/config/network/iwd.html
|
31
|
+
def wifi
|
32
|
+
conf = "#{MOUNTPOINT}/etc/iwd/main.conf"
|
33
|
+
content = [
|
34
|
+
"[General]",
|
35
|
+
"UseDefaultInterface=true",
|
36
|
+
"",
|
37
|
+
]
|
38
|
+
File.write(conf, content.join("\n"), mode: 'a', chmod: 0644)
|
39
|
+
# Enabling dbus and iwd
|
40
|
+
command "ln -fs /etc/sv/dbus #{@service_dir}"
|
41
|
+
command "ln -fs /etc/sv/iwd #{@service_dir}"
|
42
|
+
end
|
43
|
+
|
44
|
+
def shell
|
45
|
+
command "chsh -s /bin/bash"
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
Binary file
|
@@ -4,12 +4,12 @@ module Getch
|
|
4
4
|
def initialize
|
5
5
|
@efi = Helpers::efi?
|
6
6
|
@root_part = 1
|
7
|
-
@user =
|
7
|
+
@user = Getch::OPTIONS[:username]
|
8
8
|
|
9
|
-
@disk =
|
10
|
-
@boot_disk =
|
11
|
-
@cache_disk =
|
12
|
-
@home_disk =
|
9
|
+
@disk = Getch::OPTIONS[:disk]
|
10
|
+
@boot_disk = Getch::OPTIONS[:boot_disk]
|
11
|
+
@cache_disk = Getch::OPTIONS[:cache_disk]
|
12
|
+
@home_disk = Getch::OPTIONS[:home_disk]
|
13
13
|
|
14
14
|
search_boot
|
15
15
|
search_swap
|
@@ -28,7 +28,7 @@ module Getch
|
|
28
28
|
'title Gentoo Linux',
|
29
29
|
'linux /vmlinuz',
|
30
30
|
'initrd /initramfs',
|
31
|
-
"options crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} keymap=#{
|
31
|
+
"options crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} keymap=#{Getch::OPTIONS[:keymap]} rw"
|
32
32
|
]
|
33
33
|
File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
|
34
34
|
end
|
@@ -46,7 +46,7 @@ module Getch
|
|
46
46
|
return if Helpers::efi?
|
47
47
|
file = "#{@root_dir}/etc/default/grub"
|
48
48
|
cmdline = [
|
49
|
-
"GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{
|
49
|
+
"GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{Getch::OPTIONS[:keymap]}\"",
|
50
50
|
"GRUB_ENABLE_CRYPTODISK=y"
|
51
51
|
]
|
52
52
|
File.write(file, cmdline.join("\n"), mode: 'a')
|
@@ -1,8 +1,12 @@
|
|
1
|
+
require_relative '../../../helpers'
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
4
6
|
module Encrypt
|
5
|
-
class Partition <
|
7
|
+
class Partition < Device
|
8
|
+
include Helpers::Cryptsetup
|
9
|
+
|
6
10
|
def initialize
|
7
11
|
super
|
8
12
|
@state = Getch::States.new
|
@@ -18,11 +22,10 @@ module Getch
|
|
18
22
|
@clean.external_disk(@disk, @boot_disk, @cache_disk, @home_disk)
|
19
23
|
if Helpers::efi?
|
20
24
|
partition_efi
|
21
|
-
encrypt_efi
|
22
25
|
else
|
23
26
|
partition_bios
|
24
|
-
encrypt_bios
|
25
27
|
end
|
28
|
+
encrypting
|
26
29
|
@state.partition
|
27
30
|
end
|
28
31
|
|
@@ -40,19 +43,10 @@ module Getch
|
|
40
43
|
@partition.home(@dev_home, "8309") if @dev_home
|
41
44
|
end
|
42
45
|
|
43
|
-
def
|
44
|
-
@log.info("
|
45
|
-
|
46
|
-
@
|
47
|
-
Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
|
48
|
-
encrypt_home
|
49
|
-
end
|
50
|
-
|
51
|
-
def encrypt_bios
|
52
|
-
@log.info("Format root for bios")
|
53
|
-
Helpers::sys("cryptsetup luksFormat --type luks1 #{@dev_root}")
|
54
|
-
@log.debug("Opening root")
|
55
|
-
Helpers::sys("cryptsetup open --type luks1 #{@dev_root} cryptroot")
|
46
|
+
def encrypting
|
47
|
+
@log.info("Cryptsetup")
|
48
|
+
encrypt(@dev_root)
|
49
|
+
open_crypt(@dev_root, "cryptroot")
|
56
50
|
encrypt_home
|
57
51
|
end
|
58
52
|
|
@@ -0,0 +1,100 @@
|
|
1
|
+
require_relative '../../../helpers'
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module FileSystem
|
5
|
+
module Ext4
|
6
|
+
module Encrypt
|
7
|
+
class Void < Device
|
8
|
+
include Helpers::Void
|
9
|
+
attr_reader :boot_disk
|
10
|
+
|
11
|
+
# Create key to avoid enter password twice
|
12
|
+
def create_key
|
13
|
+
add_key("volume.key", @dev_root)
|
14
|
+
add_key("home.key", @dev_home) if @home_disk
|
15
|
+
end
|
16
|
+
|
17
|
+
# Key need to be added in dracut.conf.d and crypttab
|
18
|
+
def add_key(name, dev)
|
19
|
+
command "dd bs=1 count=64 if=/dev/urandom of=/boot/#{name}"
|
20
|
+
puts " => Creating a key for #{dev}, password required:"
|
21
|
+
chroot "cryptsetup luksAddKey #{dev} /boot/#{name}"
|
22
|
+
command "chmod 000 /boot/#{name}"
|
23
|
+
#command "chmod -R g-rwx,o-rwx /boot"
|
24
|
+
end
|
25
|
+
|
26
|
+
def fstab
|
27
|
+
conf = "#{MOUNTPOINT}/etc/fstab"
|
28
|
+
File.write(conf, "\n", mode: 'w', chmod: 0644)
|
29
|
+
line_fstab(@dev_esp, "/efi vfat noauto,rw,relatime 0 0") if @dev_esp
|
30
|
+
line_fstab(@dev_boot, "/boot ext4 noauto,rw,relatime 0 0") if @dev_boot
|
31
|
+
add_line(conf, "#{@luks_swap} none swap sw 0 0") if @dev_swap
|
32
|
+
add_line(conf, "#{@luks_home} /home ext4 rw,discard 0 0") if @home_disk
|
33
|
+
add_line(conf, "#{@luks_root} / ext4 rw,relatime 0 1")
|
34
|
+
add_line(conf, "tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0")
|
35
|
+
end
|
36
|
+
|
37
|
+
def crypttab
|
38
|
+
conf = "#{MOUNTPOINT}/etc/crypttab"
|
39
|
+
File.write(conf, "\n", mode: 'w', chmod: 0644)
|
40
|
+
line_crypttab("cryptswap", @dev_swap, "/dev/urandom", "swap,discard,cipher=aes-xts-plain64:sha256,size=512") if @dev_swap
|
41
|
+
line_crypttab("cryptroot", @dev_root, "/boot/volume.key", "luks")
|
42
|
+
line_crypttab("crypthome", @dev_home, "/boot/home.key", "luks") if @home_disk
|
43
|
+
end
|
44
|
+
|
45
|
+
def config_grub
|
46
|
+
conf = "#{MOUNTPOINT}/etc/default/grub"
|
47
|
+
content = "GRUB_ENABLE_CRYPTODISK=y"
|
48
|
+
unless search(conf, content)
|
49
|
+
File.write(conf, "#{content}\n", mode: 'a')
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def config_dracut
|
54
|
+
conf = "#{MOUNTPOINT}/etc/dracut.conf.d/ext4.conf"
|
55
|
+
content = [
|
56
|
+
"hostonly=\"yes\"",
|
57
|
+
"omit_dracutmodules+=\" btrfs lvm \"",
|
58
|
+
"install_items+=\" /boot/volume.key /etc/crypttab \"",
|
59
|
+
""
|
60
|
+
]
|
61
|
+
File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
|
62
|
+
#add_line(conf, "install_items+=\" /boot/home.key \"") if @home_disk
|
63
|
+
end
|
64
|
+
|
65
|
+
def kernel_cmdline_dracut
|
66
|
+
conf = "#{MOUNTPOINT}/etc/dracut.conf.d/cmdline.conf"
|
67
|
+
root_uuid = b_uuid(@dev_root)
|
68
|
+
args = "rd.luks.uuid=#{root_uuid} rootfstype=ext4 rootflags=rw,relatime"
|
69
|
+
line = "kernel_cmdline=\"#{args}\""
|
70
|
+
File.write(conf, "#{line}\n", mode: 'w', chmod: 0644)
|
71
|
+
end
|
72
|
+
|
73
|
+
def finish
|
74
|
+
puts "+ Enter in your system: chroot /mnt /bin/bash"
|
75
|
+
puts "+ Reboot with: shutdown -r now"
|
76
|
+
end
|
77
|
+
|
78
|
+
private
|
79
|
+
|
80
|
+
def b_uuid(dev)
|
81
|
+
device = dev.delete_prefix("/dev/")
|
82
|
+
Dir.glob("/dev/disk/by-uuid/*").each { |f|
|
83
|
+
link = File.readlink(f)
|
84
|
+
return f.delete_prefix("/dev/disk/by-uuid/") if link.match(/#{device}$/)
|
85
|
+
}
|
86
|
+
end
|
87
|
+
|
88
|
+
# line_crypttab("cryptswap", "sda2", "/dev/urandom", "luks")
|
89
|
+
def line_crypttab(mapname, dev, point, rest)
|
90
|
+
conf = "#{MOUNTPOINT}/etc/crypttab"
|
91
|
+
device = s_uuid(dev)
|
92
|
+
raise "No partuuid for #{dev} #{device}" if !device
|
93
|
+
raise "Bad partuuid for #{dev} #{device}" if device.kind_of? Array
|
94
|
+
add_line(conf, "#{mapname} PARTUUID=#{device} #{point} #{rest}")
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|