getch 0.1.5 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +64 -24
- data/assets/network-stack.conf +63 -0
- data/bin/getch +12 -4
- data/lib/getch.rb +113 -78
- data/lib/getch/command.rb +1 -1
- data/lib/getch/config.rb +33 -49
- data/lib/getch/config/gentoo.rb +59 -0
- data/lib/getch/config/void.rb +49 -0
- data/lib/getch/filesystem/.mount.rb.swp +0 -0
- data/lib/getch/filesystem/device.rb +5 -5
- data/lib/getch/filesystem/ext4.rb +1 -0
- data/lib/getch/filesystem/ext4/encrypt.rb +1 -0
- data/lib/getch/filesystem/ext4/encrypt/config.rb +2 -2
- data/lib/getch/filesystem/ext4/encrypt/format.rb +0 -1
- data/lib/getch/filesystem/ext4/encrypt/mount.rb +0 -1
- data/lib/getch/filesystem/ext4/encrypt/partition.rb +10 -16
- data/lib/getch/filesystem/ext4/encrypt/void.rb +100 -0
- data/lib/getch/filesystem/ext4/format.rb +1 -1
- data/lib/getch/filesystem/ext4/void.rb +43 -0
- data/lib/getch/filesystem/lvm.rb +1 -0
- data/lib/getch/filesystem/lvm/encrypt.rb +1 -0
- data/lib/getch/filesystem/lvm/encrypt/config.rb +2 -2
- data/lib/getch/filesystem/lvm/encrypt/format.rb +1 -2
- data/lib/getch/filesystem/lvm/encrypt/mount.rb +1 -2
- data/lib/getch/filesystem/lvm/encrypt/partition.rb +10 -7
- data/lib/getch/filesystem/lvm/encrypt/void.rb +100 -0
- data/lib/getch/filesystem/lvm/format.rb +1 -1
- data/lib/getch/filesystem/lvm/void.rb +45 -0
- data/lib/getch/filesystem/partition.rb +4 -4
- data/lib/getch/filesystem/zfs.rb +1 -0
- data/lib/getch/filesystem/zfs/config.rb +3 -3
- data/lib/getch/filesystem/zfs/deps.rb +11 -4
- data/lib/getch/filesystem/zfs/device.rb +6 -0
- data/lib/getch/filesystem/zfs/encrypt.rb +1 -0
- data/lib/getch/filesystem/zfs/encrypt/.mount.rb.swp +0 -0
- data/lib/getch/filesystem/zfs/encrypt/config.rb +5 -5
- data/lib/getch/filesystem/zfs/encrypt/deps.rb +11 -4
- data/lib/getch/filesystem/zfs/encrypt/device.rb +6 -0
- data/lib/getch/filesystem/zfs/encrypt/format.rb +9 -10
- data/lib/getch/filesystem/zfs/encrypt/mount.rb +5 -9
- data/lib/getch/filesystem/zfs/encrypt/partition.rb +3 -1
- data/lib/getch/filesystem/zfs/encrypt/void.rb +96 -0
- data/lib/getch/filesystem/zfs/format.rb +9 -9
- data/lib/getch/filesystem/zfs/mount.rb +5 -8
- data/lib/getch/filesystem/zfs/partition.rb +2 -1
- data/lib/getch/filesystem/zfs/void.rb +81 -0
- data/lib/getch/gentoo.rb +12 -15
- data/lib/getch/gentoo/boot.rb +7 -4
- data/lib/getch/gentoo/config.rb +8 -8
- data/lib/getch/gentoo/sources.rb +6 -3
- data/lib/getch/gentoo/stage.rb +0 -1
- data/lib/getch/gentoo/use_flag.rb +6 -7
- data/lib/getch/guard.rb +3 -1
- data/lib/getch/helpers.rb +107 -1
- data/lib/getch/log.rb +3 -2
- data/lib/getch/options.rb +41 -34
- data/lib/getch/version.rb +1 -1
- data/lib/getch/void.rb +59 -0
- data/lib/getch/void/boot.rb +80 -0
- data/lib/getch/void/chroot.rb +55 -0
- data/lib/getch/void/config.rb +87 -0
- data/lib/getch/void/stage.rb +70 -0
- metadata +22 -9
- metadata.gz.sig +0 -0
- data/.gitignore +0 -2
- data/CHANGELOG.md +0 -99
- data/Rakefile +0 -21
- data/bin/setup.sh +0 -90
- data/getch.gemspec +0 -25
data/lib/getch/command.rb
CHANGED
data/lib/getch/config.rb
CHANGED
@@ -1,58 +1,42 @@
|
|
1
|
+
require_relative 'config/gentoo'
|
2
|
+
require_relative 'config/void'
|
3
|
+
|
4
|
+
CONFIG_LOAD = {
|
5
|
+
gentoo: Getch::Config::Gentoo,
|
6
|
+
void: Getch::Config::Void
|
7
|
+
}.freeze
|
8
|
+
|
1
9
|
module Getch
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
10
|
+
module Config
|
11
|
+
class Main
|
12
|
+
def initialize
|
13
|
+
os = OPTIONS[:os].to_sym
|
14
|
+
@load = CONFIG_LOAD[os].new
|
15
|
+
end
|
6
16
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
resolved
|
11
|
-
Getch::Chroot.new('systemctl enable systemd-networkd').run!
|
12
|
-
Getch::Chroot.new('systemctl enable systemd-resolved').run!
|
13
|
-
end
|
17
|
+
def ethernet
|
18
|
+
@load.ethernet
|
19
|
+
end
|
14
20
|
|
15
|
-
|
21
|
+
def dns
|
22
|
+
@load.dns
|
23
|
+
end
|
16
24
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
"[Match]",
|
21
|
-
"Name=en*",
|
22
|
-
"Name=eth*",
|
23
|
-
"[Network]",
|
24
|
-
"DHCP=yes",
|
25
|
-
"IPv6PrivacyExtensions=yes",
|
26
|
-
"[DHCP]",
|
27
|
-
"RouteMetric=512"
|
28
|
-
]
|
29
|
-
File.write(conf, datas.join("\n"), mode: 'w')
|
30
|
-
end
|
25
|
+
def wifi
|
26
|
+
@load.wifi
|
27
|
+
end
|
31
28
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
"[Match]",
|
36
|
-
"Name=wlp*",
|
37
|
-
"Name=wlan*",
|
38
|
-
"[Network]",
|
39
|
-
"DHCP=yes",
|
40
|
-
"IPv6PrivacyExtensions=yes",
|
41
|
-
"[DHCP]",
|
42
|
-
"RouteMetric=1024",
|
43
|
-
]
|
44
|
-
File.write(conf, datas.join("\n"), mode: 'w')
|
45
|
-
end
|
29
|
+
def sysctl
|
30
|
+
pwd = File.expand_path(File.dirname(__FILE__))
|
31
|
+
dest = "#{Getch::MOUNTPOINT}/etc/sysctl.d/"
|
46
32
|
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
Helpers::create_dir("#{@systemd_net_dir}/resolved.conf.d")
|
55
|
-
File.write(conf, datas.join("\n"), mode: 'w')
|
33
|
+
Helpers::mkdir dest
|
34
|
+
Helpers::cp("#{pwd}/../../assets/network-stack.conf", dest)
|
35
|
+
end
|
36
|
+
|
37
|
+
def shell
|
38
|
+
@load.shell
|
39
|
+
end
|
56
40
|
end
|
57
41
|
end
|
58
42
|
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
module Getch
|
2
|
+
module Config
|
3
|
+
class Gentoo
|
4
|
+
def initialize
|
5
|
+
@systemd_net_dir = "#{MOUNTPOINT}/etc/systemd"
|
6
|
+
end
|
7
|
+
|
8
|
+
def ethernet
|
9
|
+
conf = "#{@systemd_net_dir}/network/20-ethernet.network"
|
10
|
+
datas = [
|
11
|
+
"[Match]",
|
12
|
+
"Name=en*",
|
13
|
+
"Name=eth*",
|
14
|
+
"[Network]",
|
15
|
+
"DHCP=yes",
|
16
|
+
"IPv6PrivacyExtensions=yes",
|
17
|
+
"[DHCP]",
|
18
|
+
"RouteMetric=512",
|
19
|
+
"",
|
20
|
+
]
|
21
|
+
File.write(conf, datas.join("\n"), mode: 'w')
|
22
|
+
end
|
23
|
+
|
24
|
+
def wifi
|
25
|
+
conf = "#{@systemd_net_dir}/network/20-wireless.network"
|
26
|
+
datas = [
|
27
|
+
"[Match]",
|
28
|
+
"Name=wlp*",
|
29
|
+
"Name=wlan*",
|
30
|
+
"[Network]",
|
31
|
+
"DHCP=yes",
|
32
|
+
"IPv6PrivacyExtensions=yes",
|
33
|
+
"[DHCP]",
|
34
|
+
"RouteMetric=1024",
|
35
|
+
"",
|
36
|
+
]
|
37
|
+
File.write(conf, datas.join("\n"), mode: 'w')
|
38
|
+
end
|
39
|
+
|
40
|
+
def dns
|
41
|
+
conf = "#{@systemd_net_dir}/resolved.conf.d/dns_over_tls.conf"
|
42
|
+
datas = [
|
43
|
+
"[Resolve]",
|
44
|
+
"DNS=9.9.9.9#dns.quad9.net",
|
45
|
+
"DNSOverTLS=yes",
|
46
|
+
"",
|
47
|
+
]
|
48
|
+
Helpers::create_dir("#{@systemd_net_dir}/resolved.conf.d")
|
49
|
+
File.write(conf, datas.join("\n"), mode: 'w')
|
50
|
+
|
51
|
+
Getch::Chroot.new('systemctl enable systemd-networkd').run!
|
52
|
+
Getch::Chroot.new('systemctl enable systemd-resolved').run!
|
53
|
+
end
|
54
|
+
|
55
|
+
def shell
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require_relative '../helpers'
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module Config
|
5
|
+
class Void
|
6
|
+
include Helpers::Void
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
@service_dir = "/etc/runit/runsvdir/default/"
|
10
|
+
end
|
11
|
+
|
12
|
+
# Enable dhcpcd service
|
13
|
+
def ethernet
|
14
|
+
command "ln -fs /etc/sv/dhcpcd #{@service_dir}"
|
15
|
+
end
|
16
|
+
|
17
|
+
# with Quad9
|
18
|
+
# https://www.dnsknowledge.com/tutorials/how-to-setup-quad9-dns-on-a-linux/
|
19
|
+
def dns
|
20
|
+
conf = "#{MOUNTPOINT}/etc/resolv.conf"
|
21
|
+
content = [
|
22
|
+
"nameserver 9.9.9.9",
|
23
|
+
"nameserver 2620:fe::fe",
|
24
|
+
"options rotate",
|
25
|
+
"",
|
26
|
+
]
|
27
|
+
File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
|
28
|
+
end
|
29
|
+
|
30
|
+
# https://docs.voidlinux.org/config/network/iwd.html
|
31
|
+
def wifi
|
32
|
+
conf = "#{MOUNTPOINT}/etc/iwd/main.conf"
|
33
|
+
content = [
|
34
|
+
"[General]",
|
35
|
+
"UseDefaultInterface=true",
|
36
|
+
"",
|
37
|
+
]
|
38
|
+
File.write(conf, content.join("\n"), mode: 'a', chmod: 0644)
|
39
|
+
# Enabling dbus and iwd
|
40
|
+
command "ln -fs /etc/sv/dbus #{@service_dir}"
|
41
|
+
command "ln -fs /etc/sv/iwd #{@service_dir}"
|
42
|
+
end
|
43
|
+
|
44
|
+
def shell
|
45
|
+
command "chsh -s /bin/bash"
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
Binary file
|
@@ -4,12 +4,12 @@ module Getch
|
|
4
4
|
def initialize
|
5
5
|
@efi = Helpers::efi?
|
6
6
|
@root_part = 1
|
7
|
-
@user =
|
7
|
+
@user = Getch::OPTIONS[:username]
|
8
8
|
|
9
|
-
@disk =
|
10
|
-
@boot_disk =
|
11
|
-
@cache_disk =
|
12
|
-
@home_disk =
|
9
|
+
@disk = Getch::OPTIONS[:disk]
|
10
|
+
@boot_disk = Getch::OPTIONS[:boot_disk]
|
11
|
+
@cache_disk = Getch::OPTIONS[:cache_disk]
|
12
|
+
@home_disk = Getch::OPTIONS[:home_disk]
|
13
13
|
|
14
14
|
search_boot
|
15
15
|
search_swap
|
@@ -28,7 +28,7 @@ module Getch
|
|
28
28
|
'title Gentoo Linux',
|
29
29
|
'linux /vmlinuz',
|
30
30
|
'initrd /initramfs',
|
31
|
-
"options crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} keymap=#{
|
31
|
+
"options crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} keymap=#{Getch::OPTIONS[:keymap]} rw"
|
32
32
|
]
|
33
33
|
File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
|
34
34
|
end
|
@@ -46,7 +46,7 @@ module Getch
|
|
46
46
|
return if Helpers::efi?
|
47
47
|
file = "#{@root_dir}/etc/default/grub"
|
48
48
|
cmdline = [
|
49
|
-
"GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{
|
49
|
+
"GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/root init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{Getch::OPTIONS[:keymap]}\"",
|
50
50
|
"GRUB_ENABLE_CRYPTODISK=y"
|
51
51
|
]
|
52
52
|
File.write(file, cmdline.join("\n"), mode: 'a')
|
@@ -1,8 +1,12 @@
|
|
1
|
+
require_relative '../../../helpers'
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
4
6
|
module Encrypt
|
5
|
-
class Partition <
|
7
|
+
class Partition < Device
|
8
|
+
include Helpers::Cryptsetup
|
9
|
+
|
6
10
|
def initialize
|
7
11
|
super
|
8
12
|
@state = Getch::States.new
|
@@ -18,11 +22,10 @@ module Getch
|
|
18
22
|
@clean.external_disk(@disk, @boot_disk, @cache_disk, @home_disk)
|
19
23
|
if Helpers::efi?
|
20
24
|
partition_efi
|
21
|
-
encrypt_efi
|
22
25
|
else
|
23
26
|
partition_bios
|
24
|
-
encrypt_bios
|
25
27
|
end
|
28
|
+
encrypting
|
26
29
|
@state.partition
|
27
30
|
end
|
28
31
|
|
@@ -40,19 +43,10 @@ module Getch
|
|
40
43
|
@partition.home(@dev_home, "8309") if @dev_home
|
41
44
|
end
|
42
45
|
|
43
|
-
def
|
44
|
-
@log.info("
|
45
|
-
|
46
|
-
@
|
47
|
-
Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
|
48
|
-
encrypt_home
|
49
|
-
end
|
50
|
-
|
51
|
-
def encrypt_bios
|
52
|
-
@log.info("Format root for bios")
|
53
|
-
Helpers::sys("cryptsetup luksFormat --type luks1 #{@dev_root}")
|
54
|
-
@log.debug("Opening root")
|
55
|
-
Helpers::sys("cryptsetup open --type luks1 #{@dev_root} cryptroot")
|
46
|
+
def encrypting
|
47
|
+
@log.info("Cryptsetup")
|
48
|
+
encrypt(@dev_root)
|
49
|
+
open_crypt(@dev_root, "cryptroot")
|
56
50
|
encrypt_home
|
57
51
|
end
|
58
52
|
|
@@ -0,0 +1,100 @@
|
|
1
|
+
require_relative '../../../helpers'
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module FileSystem
|
5
|
+
module Ext4
|
6
|
+
module Encrypt
|
7
|
+
class Void < Device
|
8
|
+
include Helpers::Void
|
9
|
+
attr_reader :boot_disk
|
10
|
+
|
11
|
+
# Create key to avoid enter password twice
|
12
|
+
def create_key
|
13
|
+
add_key("volume.key", @dev_root)
|
14
|
+
add_key("home.key", @dev_home) if @home_disk
|
15
|
+
end
|
16
|
+
|
17
|
+
# Key need to be added in dracut.conf.d and crypttab
|
18
|
+
def add_key(name, dev)
|
19
|
+
command "dd bs=1 count=64 if=/dev/urandom of=/boot/#{name}"
|
20
|
+
puts " => Creating a key for #{dev}, password required:"
|
21
|
+
chroot "cryptsetup luksAddKey #{dev} /boot/#{name}"
|
22
|
+
command "chmod 000 /boot/#{name}"
|
23
|
+
#command "chmod -R g-rwx,o-rwx /boot"
|
24
|
+
end
|
25
|
+
|
26
|
+
def fstab
|
27
|
+
conf = "#{MOUNTPOINT}/etc/fstab"
|
28
|
+
File.write(conf, "\n", mode: 'w', chmod: 0644)
|
29
|
+
line_fstab(@dev_esp, "/efi vfat noauto,rw,relatime 0 0") if @dev_esp
|
30
|
+
line_fstab(@dev_boot, "/boot ext4 noauto,rw,relatime 0 0") if @dev_boot
|
31
|
+
add_line(conf, "#{@luks_swap} none swap sw 0 0") if @dev_swap
|
32
|
+
add_line(conf, "#{@luks_home} /home ext4 rw,discard 0 0") if @home_disk
|
33
|
+
add_line(conf, "#{@luks_root} / ext4 rw,relatime 0 1")
|
34
|
+
add_line(conf, "tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0")
|
35
|
+
end
|
36
|
+
|
37
|
+
def crypttab
|
38
|
+
conf = "#{MOUNTPOINT}/etc/crypttab"
|
39
|
+
File.write(conf, "\n", mode: 'w', chmod: 0644)
|
40
|
+
line_crypttab("cryptswap", @dev_swap, "/dev/urandom", "swap,discard,cipher=aes-xts-plain64:sha256,size=512") if @dev_swap
|
41
|
+
line_crypttab("cryptroot", @dev_root, "/boot/volume.key", "luks")
|
42
|
+
line_crypttab("crypthome", @dev_home, "/boot/home.key", "luks") if @home_disk
|
43
|
+
end
|
44
|
+
|
45
|
+
def config_grub
|
46
|
+
conf = "#{MOUNTPOINT}/etc/default/grub"
|
47
|
+
content = "GRUB_ENABLE_CRYPTODISK=y"
|
48
|
+
unless search(conf, content)
|
49
|
+
File.write(conf, "#{content}\n", mode: 'a')
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def config_dracut
|
54
|
+
conf = "#{MOUNTPOINT}/etc/dracut.conf.d/ext4.conf"
|
55
|
+
content = [
|
56
|
+
"hostonly=\"yes\"",
|
57
|
+
"omit_dracutmodules+=\" btrfs lvm \"",
|
58
|
+
"install_items+=\" /boot/volume.key /etc/crypttab \"",
|
59
|
+
""
|
60
|
+
]
|
61
|
+
File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
|
62
|
+
#add_line(conf, "install_items+=\" /boot/home.key \"") if @home_disk
|
63
|
+
end
|
64
|
+
|
65
|
+
def kernel_cmdline_dracut
|
66
|
+
conf = "#{MOUNTPOINT}/etc/dracut.conf.d/cmdline.conf"
|
67
|
+
root_uuid = b_uuid(@dev_root)
|
68
|
+
args = "rd.luks.uuid=#{root_uuid} rootfstype=ext4 rootflags=rw,relatime"
|
69
|
+
line = "kernel_cmdline=\"#{args}\""
|
70
|
+
File.write(conf, "#{line}\n", mode: 'w', chmod: 0644)
|
71
|
+
end
|
72
|
+
|
73
|
+
def finish
|
74
|
+
puts "+ Enter in your system: chroot /mnt /bin/bash"
|
75
|
+
puts "+ Reboot with: shutdown -r now"
|
76
|
+
end
|
77
|
+
|
78
|
+
private
|
79
|
+
|
80
|
+
def b_uuid(dev)
|
81
|
+
device = dev.delete_prefix("/dev/")
|
82
|
+
Dir.glob("/dev/disk/by-uuid/*").each { |f|
|
83
|
+
link = File.readlink(f)
|
84
|
+
return f.delete_prefix("/dev/disk/by-uuid/") if link.match(/#{device}$/)
|
85
|
+
}
|
86
|
+
end
|
87
|
+
|
88
|
+
# line_crypttab("cryptswap", "sda2", "/dev/urandom", "luks")
|
89
|
+
def line_crypttab(mapname, dev, point, rest)
|
90
|
+
conf = "#{MOUNTPOINT}/etc/crypttab"
|
91
|
+
device = s_uuid(dev)
|
92
|
+
raise "No partuuid for #{dev} #{device}" if !device
|
93
|
+
raise "Bad partuuid for #{dev} #{device}" if device.kind_of? Array
|
94
|
+
add_line(conf, "#{mapname} PARTUUID=#{device} #{point} #{rest}")
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|