getch 0.1.9 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 46439ee6483306d467923074b461ad5df9d9f7a9a32981936952b586e85173f9
-  data.tar.gz: e4232a6832086eafb46e9f29da73b461762c65c6232071cf2854c9ddb7680e2f
+  metadata.gz: c43bba03495a77a22b582c84f7e044383bc432fb8c8ca676d093673e836362af
+  data.tar.gz: 762dd43c65c336df63176b7945d75600153503c3ccdf7d899228cd18443bbda7
 SHA512:
-  metadata.gz: 8689b833a86f39c1b5a310ed193e588399fed86384012015f04251d39175e3bd6121a7f65540086fc1556f831017a6d56467a3325ec29f78651295adcdd3ed23
-  data.tar.gz: ac28be3804fddb3f995a8b86c438d447216547078855ca103ac4151a038934a9e7369a8a96500165b14ca38fdcac6ece31bbb5a1324e036b553ad76a0f456621
+  metadata.gz: 1f5a90d17518469533bfdcafd14b3e3ad155717c722182fca194bfd81fced2dc37ff0093af2da778cf53cadb5c4e23ae3fa7fe16d7809155f21f1e127c5bbc89
+  data.tar.gz: c533dbe161df1f6b72c3d690218547e926b219ff6bb19240f46bb040ccb2e86318cc5259b69b7692416c412e109fb5eb22fd424f9bca5d6dc1ae0ff70adc4cd0

data/README.md

@@ -6,7 +6,7 @@
 [![Gem Version](https://badge.fury.io/rb/getch.svg)](https://badge.fury.io/rb/getch)
 ![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/getch/Rubocop/develop)
 [![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
-![GitHub](https://img.shields.io/github/license/szorfein/ardecy)
+![GitHub](https://img.shields.io/github/license/szorfein/getch)
 
 </div>
 
@@ -22,11 +22,12 @@ Hardened System:
 + sysctl.conf with TCP/IP stack hardening and more [Arch](https://wiki.archlinux.org/title/Sysctl)
 + Kernel parameters enforced (dmesg restricted, kexec disabled, etc)
 + Kernel source (Gentoo) patched with [bask](https://github.com/szorfein/bask).
++ Musl optionnal
 
 ## Description
-Actually, Getch support only the `x86_64` architecture and only with the following archives:
-+ **Gentoo**: `stage3-amd64-systemd` [Gentoo](https://www.gentoo.org/downloads/).
-+ **Void**: `rootfs glibc` [Void](https://voidlinux.org/download/).
+Actually, Getch support only the `x86_64` architecture with the following archives:
++ **Gentoo**: `stage3-amd64-systemd` or `stage3-amd64-musl` [Gentoo](https://www.gentoo.org/downloads/).
++ **Void**: `rootfs tarball glibc` or `rootfs tarball musl` [Void](https://voidlinux.org/download/).
 
 Filesystem supported (with or without encryption)
 + Ext4
@@ -34,13 +35,15 @@ Filesystem supported (with or without encryption)
 + ZFS
 
 Boot Manager:
-+ **Gentoo**: `BIOS` will use `Grub2` and `systemd-boot` for `UEFI`.
-+ **Void**: use only Grub2, encryption for the root fs use luks1.
++ **Gentoo**: `BIOS` and `musl` will use `Grub2` and `systemd-boot` for `UEFI`.
++ **Void**: use only Grub2.
 
 The ISO images i was able to test and that works:
 + [Archlinux](https://www.archlinux.org/download/)
 + [Archaeidae](https://github.com/szorfein/archaeidae): Custom Archiso that includes ZFS support.
 
+You can also use your current `linux` host, just pay attention to the disk that will be used.  
+
 ## Dependencies
 Getch is build without external libs, so it only require `ruby >= 2.5`.
 
@@ -71,11 +74,11 @@ For a french user:
 
 Install Gentoo on LVM and use a different root disk `/dev/sdc`
 
-    # getch --format lvm --disk sdc
+    # getch --format ext4 --lvm --disk sdc
 
 Encrypt your disk with LVM with a french keymap
 
-    # getch --format lvm --encrypt --keymap fr
+    # getch --format ext4 --lvm --encrypt --keymap fr
 
 Encrypt with ext4 and create a new user `ninja`:
 
@@ -85,9 +88,9 @@ With ZFS, if used with `--encrypt`, it use the native ZFS encryption:
 
     # getch --format zfs
 
-With `Void Linux`:
+With `Void Linux` and `Musl` enable:
 
-    # getch --os void --encrypt -k fr
+    # getch --os void --encrypt -k fr --musl
 
 ## Troubleshooting
 
@@ -98,33 +101,36 @@ If a old volume group exist, `getch` may fail to partition your disk. You have t
     # vgremove -f vg0
     # pvremove -f /dev/sdb
 
-#### Encryption enable on BIOS with ext4
-To decrypt your disk on BIOS system, you have to enter your password twice. One time for Grub and another time for Genkernel. [post](https://wiki.archlinux.org/index.php/GRUB#Encrypted_/boot).  
-Also with GRUB, only a `us` keymap is working.
+#### Encryption with GRUB
+To decrypt your disk on GRUB, only the `us` keymap is working for now.
 
-#### ZFS for Void Linux - Enable the boot pool
-You have some extras step to do after booting to enable the boot pool, you need this pool when you update your system. It's used mainly by Grub and Dracut.
-By default, your /boot is empty because your boot pool is not imported...
+#### ZFS with Grub
+By default, if you use ZFS with `musl` or `voidlinux` the `/boot` partition is not mounted automatically, so before an update, mout the partition.
 
-    # zpool import -f -d /dev/disk/by-id -N bpool-150ed
-    # zfs mount bpool-150ed/BOOT/void
+    # zpool status
+    # zfs mount bpool/BOOT/void
     # ls /boot
 
-You should see something in the boot (initramfs, vmlinuz).. Recreate the initramfs.
-
-    # xbps-reconfigure -fa
-
-Make the `bpool` available at the boot:
-
-    # zfs set canmount=on bpool-150ed/BOOT/void
+#### ZFS with and without encryption
+First time on ZFS after 5min
 
-And reboot, the `/boot` partition should be mounted automatically after that.
+```txt
+dracut Warning: /dev/disk/by-uuid/<DISK> does not exist
+```
 
-#### ZFS Encrypted with Void
-Well, another weird issue, the first time you boot on your encrypted pool, nothing append. Dracut try to mount inexistent device. Just wait for enter in the shell:
+Dracut try to mount inexistent device. Just wait for enter in the shell and remove the disk uuid from `/lib/dracut/hooks/initqueue/finished/`
 
     # ls /lib/dracut/hooks/initqueue/finished/*
     # rm /lib/dracut/hooks/initqueue/finished/dev*
     # exit
 
-Dracut should finally start `mount-zfs.sh` and ask for your password. After you first login, follow instructions above for recompile the initramfs and mount the boot pool and your good.
+Dracut should finally start `mount-zfs.sh` and ask for a password if encrypted. After you first login, mount the `/boot` partition and recompile the initramfs and your good.
+
++ For Gentoo: `emerge --config sys-kernel/gentoo-kernel-bin`
++ For Voidlinux: `xbps-reconfigure -fa`
+
+If it doesn't work, try to start script manually (always in the shell):
+
+    # . /lib/dracut/hooks/mount/98-mount-zsh.sh
+    # . /lib/dracut/hooks/mount/99-mount-root.sh
+    # exit

data/bin/getch

@@ -3,15 +3,17 @@
 require 'getch'
 
 getch = Getch::Main.new(
-  :cli => Getch::Options.new(ARGV)
+  cli: Getch::Options.new(ARGV)
 )
 
 getch.resume
 
-getch.partition
-getch.format
-getch.mount
+getch.prepare_disk
 
-getch.install
+getch.install_system
 
-getch.configure
+getch.terraform
+
+getch.bootloader
+
+getch.finalize

data/lib/clean.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+require 'nito'
+require_relative 'getch/command'
+require_relative 'getch/log'
+
+class Clean
+  include NiTo
+
+  def initialize(args)
+    @root = args[:disk] ||= nil
+    @boot = args[:boot_disk] ||= nil
+    @home = args[:home_disk] ||= nil
+    @cache = args[:cache_disk] ||= nil
+    @vg = args[:vg_name] ||= nil
+    @luks = args[:luks_name] ||= nil
+    @zfs = args[:zfs_name] ||= 'pool'
+    @log = Getch::Log.new
+    @mountpoint = args[:mountpoint] ||= '/mnt/getch'
+  end
+
+  def x
+    umount_all
+    swap_off
+    disable_lvs
+    cryptsetup_close
+    old_zfs
+    old_lvm
+    zap_all @root, @boot, @home, @cache
+    wipe_all @root, @boot, @home, @cache
+    dd
+  end
+
+  protected
+
+  def umount_all
+    paths = []
+    File.open('/proc/mounts').each do |l|
+      tmp = l.split(' ') if l =~ /#{@mountpoint}/
+      tmp && paths << tmp[1]
+    end
+    paths.each { |p| umount_r p }
+    umount '/tmp/boot'
+  end
+
+  def swap_off
+    swapoff @root
+    File.exist?("/dev/#{@vg}/swap") && swapoff_dm("#{@vg}-swap")
+  end
+
+  def disable_lvs
+    lvchange_n 'home'
+    lvchange_n 'swap'
+    lvchange_n 'root'
+  end
+
+  def cryptsetup_close
+    close "boot-#{@luks}"
+    close "root-#{@luks}"
+    close "home-#{@luks}"
+  end
+
+  def old_zfs
+    return unless File.exist? '/usr/bin/zpool'
+
+    destroy_zpool "b#{@zfs}"
+    destroy_zpool "r#{@zfs}"
+    cmd "rm -rf #{@mountpoint}/*" if Dir.exist? @mountpoint
+  end
+
+  def destroy_zpool(name)
+    if system("zpool list | grep #{name}")
+      cmd "zpool destroy -f #{name}"
+    end
+  end
+
+  def old_lvm
+    lvm = `lvs | grep #{@vg}`
+    lvm.match?(/#{@vg}/) || return
+
+    vgremove
+    pvremove @root, @home, @cache
+  end
+
+  def zap_all(*devs)
+    devs.each { |d| zap(d) }
+  end
+
+  def wipe_all(*devs)
+    devs.each { |d| wipe(d) }
+  end
+
+  def dd
+    cmd "dd if=/dev/zero of=/dev/#{@root} bs=1M count=100"
+  end
+
+  private
+
+  def wipe(dev)
+    dev || return
+
+    cmd "wipefs --all /dev/#{dev}"
+  end
+
+  def umount_r(dir)
+    dir || return
+
+    cmd 'umount', '-R', dir if mount? dir
+  end
+
+  def zap(dev)
+    dev || return
+
+    cmd 'sgdisk', '-Z', "/dev/#{dev}"
+  end
+
+  def lvchange_n(name)
+    return unless File.exist? "/dev/#{@vg}/#{name}"
+
+    cmd 'lvchange', '-an', "/dev/#{@vg}/#{name}"
+  end
+
+  def close(name)
+    return unless File.exist? "/dev/mapper/#{name}"
+
+    cmd 'cryptsetup', 'close', name
+  end
+
+  def vgremove
+    cmd 'vgremove', '-y', @vg
+  end
+
+  def pvremove(*devs)
+    devs.each { |d| pvdel(d) }
+  end
+
+  def pvdel(dev)
+    dev || return
+
+    disk = dev[/[a-z]*/]
+    disk.match?(/[a-z]{3}/) || @log.fatal("pvdel - No disk #{dev} - #{disk}")
+
+    cmd 'pvremove', '-f', "/dev/#{disk}*"
+  end
+
+  def cmd(*args)
+    Getch::Command.new(args)
+  end
+end

data/lib/cryptsetup.rb

@@ -0,0 +1,132 @@
+require 'luks'
+
+class CryptSetup
+  def initialize(devs, options)
+    @boot = devs[:boot]
+    @root = devs[:root]
+    @home = devs[:home]
+    @swap = devs[:swap] ||= nil
+    @options = options
+    @luks = options[:luks_name]
+    @vg = options[:vg_name]
+    @fs = options[:fs] ||= 'ext4'
+    @mountpoint = options[:mountpoint] ||= '/mnt/getch'
+  end
+
+  def format
+    format_boot
+    format_root
+    format_home
+  end
+
+  def keys
+    add_boot_key
+    add_root_key
+    add_home_key
+  end
+
+  def configs
+    config_boot
+    config_root
+    config_home
+    config_swap
+  end
+
+  def swap_conf
+    config_swap
+  end
+
+  protected
+
+  def format_boot
+    luks = Luks::Boot.new(@boot, @options)
+    luks.encrypt
+    luks.open
+    luks.format
+    luks.mount
+  end
+
+  # if boot and root are on the same device, we encrypt root with a key
+  def format_root
+    if @boot.split(/[0-9]/) == @root.split(/[0-9]/)
+      root_with_key
+    else
+      root_with_pass
+    end
+  end
+
+  def format_home
+    @home || return
+
+    home_with_pass
+  end
+
+  def add_boot_key
+    luks = Luks::Boot.new(@boot, @options)
+    luks.external_key
+  end
+
+  # Alrealy used key if they have same disk
+  def add_root_key
+    return if @boot.split(/[0-9]/) == @root.split(/[0-9]/)
+
+    luks = Luks::Root.new(@root, @options)
+    luks.external_key
+  end
+
+  def add_home_key
+    @home || return
+
+    luks = Luks::Home.new(@home, @options)
+    luks.external_key
+  end
+
+  def config_boot
+    return if not @boot or @options[:fs] == 'zfs'
+
+    Luks::Boot.new(@boot, @options).write_config
+  end
+
+  def config_root
+    @root || return
+
+    Luks::Root.new(@root, @options).write_config
+  end
+
+  def config_home
+    @home || return
+
+    Luks::Home.new(@home, @options).write_config
+  end
+
+  def config_swap
+    uuid = @options[:lvm] ? '' : Getch::Helpers.uuid(@swap)
+    line = "swap-#{@luks}"
+    @options[:lvm] ?
+      line << " /dev/#{@vg}/swap" :
+      line << " UUID=#{uuid}"
+
+    line << " /dev/urandom swap,discard,cipher=aes-xts-plain64:sha256,size=512"
+    NiTo.echo_a "#{@mountpoint}/etc/crypttab", line
+  end
+
+  private
+
+  def root_with_key
+    luks = Luks::Root.new(@root, @options)
+    luks.encrypt_with_key
+    luks.open_with_key
+  end
+
+  def root_with_pass
+    luks = CryptSetup::Root.new(@root, @options)
+    luks.encrypt
+    luks.open
+  end
+
+  def home_with_pass
+    luks = CryptSetup::Home.new(@home, @options)
+    luks.encrypt
+    luks.open
+  end
+end

data/lib/devs.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+require 'getch/device'
+
+module Devs
+  class Settings
+    def initialize(args, options)
+      @args = args
+      @start = args[:start] ||= nil
+      @boot = args[:boot] ||= nil
+      @swap = args[:swap] ||= nil
+      @root = args[:root] ||= nil
+      @options = options
+      @encrypt = options[:encrypt] ||= false
+      @lvm = options[:lvm] ||= false
+      @whole = nil
+      @fs = options[:fs]
+      @tree = TREE[@fs.to_sym]
+      x
+    end
+
+    def x
+      add_boot
+      add_swap
+      add_root
+      add_home
+    end
+
+    protected
+
+    def add_boot
+      @options[:boot_disk] || return
+
+      @fs == 'zfs' ?
+        @tree.new(@options[:boot_disk], start: @start, boot: @boot, systemd_boot: systemd_boot?) :
+        @tree.new(@options[:boot_disk], start: @start, boot: @boot)
+
+      @args.delete :start
+      @args.delete :boot if @boot
+    end
+
+    def add_swap
+      @options[:cache_disk] || return
+
+      @fs == 'zfs' ?
+        @tree.new(@options[:cache_disk], swap: @swap, zfs_cache: true) :
+        @tree.new(@options[:cache_disk], swap: @swap)
+      @args.delete :swap if @swap
+    end
+
+    def add_root
+      if @encrypt or @lvm or @fs == 'zfs' then @whole = true end
+      @args[:whole] = @whole
+
+      if systemd_boot? and @fs == 'zfs' then @args.delete :boot end
+      @tree.new(@options[:disk], @args)
+    end
+
+    def add_home
+      @options[:home_disk] || return
+
+      if @encrypt or @lvm or @fs == 'zfs' then @whole = true end
+      @tree.new(@options[:home_disk], home: true, whole: @whole)
+    end
+
+    private
+
+    def efi?
+      Dir.exist? '/sys/firmware/efi/efivars'
+    end
+
+    def systemd_boot?
+      @options[:os] == 'gentoo' and not @options[:musl] and efi?
+    end
+  end
+
+  class Matrice
+    def initialize(disk, args)
+      @disk = disk
+      @start = args[:start] ||= nil
+      @boot = args[:boot] ||= nil
+      @swap = args[:swap] ||= nil
+      @root = args[:root] ||= nil
+      @home = args[:home] ||= nil
+      @whole = args[:whole] ||= false
+      @device = Getch::Device.new
+      @@part = 1
+      x
+    end
+
+    def x
+      start
+      boot
+      swap
+      root
+      home
+    end
+
+    protected
+
+    def start
+      @start || return
+
+      efi? ? add_efi : add_gpt
+    end
+
+    def add_efi
+      @device.efi "#{@disk}#{@@part}"
+      @@part += 1
+    end
+
+    def add_gpt
+      @device.gpt "#{@disk}#{@@part}"
+      @@part += 1
+    end
+
+    def boot
+      @boot || return
+
+      @device.boot "#{@disk}#{@@part}"
+      @@part += 1
+    end
+
+    def swap
+      @swap || return
+
+      @device.swap "#{@disk}#{@@part}"
+      @@part += 1
+    end
+
+    def root
+      @root || return
+
+      if @whole && @@part == 1
+        @device.root @disk
+      else
+        @device.root "#{@disk}#{@@part}"
+        @@part += 1
+      end
+    end
+
+    def home
+      @home || return
+
+      if @whole && @@part == 1
+        @device.home @disk
+      else
+        @device.home "#{@disk}#{@@part}"
+        @@part += 1
+      end
+    end
+
+    private
+
+    def efi?
+      Dir.exist? '/sys/firmware/efi/efivars'
+    end
+  end
+
+  class MatExt4 < Matrice
+  end
+
+  class MatZfs < Matrice
+    def initialize(disk, args)
+      @zfs_cache = args[:zfs_cache] ||= nil
+      @systemd_boot = args[:systemd_boot] ||= false
+      super
+    end
+
+    def boot
+      @boot || return
+
+      @systemd_boot && return
+
+      @device.boot "#{@disk}#{@@part}"
+      @@part += 1
+    end
+
+    def swap
+      @swap || return
+
+      if @zfs_cache
+        @device.swap "#{@disk}#{@@part}"
+        @@part += 1
+        @device.zlog "#{@disk}#{@@part}"
+        @@part += 1
+        @device.zcache "#{@disk}#{@@part}"
+      else
+        @device.swap "#{@disk}#{@@part}"
+        @@part += 1
+      end
+    end
+  end
+
+  TREE = {
+    ext4: MatExt4,
+    zfs: MatZfs,
+  }
+end

data/lib/dracut/encrypt.rb

@@ -0,0 +1,36 @@
+# frozen_string_litteral: true
+
+module Dracut
+  class Encrypt < Root
+    def initialize(devs, options)
+      @luks = options[:luks_name]
+      super
+    end
+
+    def generate
+      host_only
+      cmdline
+      luks_key
+    end
+
+    protected
+
+    def get_line
+      root = Getch::Helpers.uuid @root
+      dm_root = get_dm_uuid "root-#{@luks}"
+      "rd.luks.uuid=#{root} root=UUID=#{dm_root} rootfstype=#{@fs}"
+    end
+
+    def luks_key
+      file = "#{@mountpoint}/etc/dracut.conf.d/luks_key.conf"
+      echo file, 'install_items+=" /boot/boot.key /boot/root.key /etc/crypttab "'
+    end
+
+    private
+
+    def get_dm_uuid(name)
+      dm = Getch::Helpers.get_dm name
+      Getch::Helpers.uuid dm
+    end
+  end
+end

data/lib/dracut/hybrid.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Dracut
+  class Hybrid < Encrypt
+    def initialize(devs, options)
+      super
+      @vg = options[:vg_name] ||= 'vg0'
+    end
+
+    def get_line
+      root = Getch::Helpers.uuid @root
+      "rd.luks.uuid=#{root} rd.lvm.vg=#{@vg} root=/dev/#{@vg}/root"
+    end
+  end
+end