getch 0.1.9 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +35 -29
- data/bin/getch +8 -6
- data/lib/clean.rb +149 -0
- data/lib/cryptsetup.rb +132 -0
- data/lib/devs.rb +199 -0
- data/lib/dracut/encrypt.rb +36 -0
- data/lib/dracut/hybrid.rb +15 -0
- data/lib/dracut/lvm.rb +14 -0
- data/lib/dracut/minimal.rb +11 -0
- data/lib/dracut/root.rb +45 -0
- data/lib/dracut/zfs.rb +35 -0
- data/lib/dracut.rb +11 -0
- data/lib/fstab/encrypt.rb +44 -0
- data/lib/fstab/hybrid.rb +34 -0
- data/lib/fstab/lvm.rb +25 -0
- data/lib/fstab/minimal.rb +6 -0
- data/lib/fstab/root.rb +93 -0
- data/lib/fstab/zfs.rb +23 -0
- data/lib/fstab.rb +11 -0
- data/lib/getch/assembly.rb +150 -0
- data/lib/getch/command.rb +88 -128
- data/lib/getch/config/account.rb +39 -0
- data/lib/getch/config/dhcp.rb +104 -0
- data/lib/getch/config/grub.rb +42 -0
- data/lib/getch/config/iwd.rb +60 -0
- data/lib/getch/config/keymap.rb +78 -0
- data/lib/getch/config/locale.rb +96 -0
- data/lib/getch/config/portage.rb +90 -0
- data/lib/getch/config/pre_network.rb +37 -0
- data/lib/getch/config/timezone.rb +52 -0
- data/lib/getch/config/void.rb +0 -36
- data/lib/getch/config.rb +16 -37
- data/lib/getch/device.rb +67 -0
- data/lib/getch/filesystem/ext4/encrypt/config.rb +9 -71
- data/lib/getch/filesystem/ext4/encrypt/deps.rb +15 -25
- data/lib/getch/filesystem/ext4/encrypt/device.rb +11 -5
- data/lib/getch/filesystem/ext4/encrypt/format.rb +6 -15
- data/lib/getch/filesystem/ext4/encrypt/mount.rb +7 -11
- data/lib/getch/filesystem/ext4/encrypt/partition.rb +10 -76
- data/lib/getch/filesystem/ext4/encrypt/void.rb +0 -38
- data/lib/getch/filesystem/ext4/encrypt.rb +2 -1
- data/lib/getch/filesystem/ext4/hybrid/config.rb +27 -0
- data/lib/getch/filesystem/ext4/hybrid/deps.rb +55 -0
- data/lib/getch/filesystem/ext4/hybrid/device.rb +24 -0
- data/lib/getch/filesystem/ext4/hybrid/format.rb +23 -0
- data/lib/getch/filesystem/ext4/hybrid/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/hybrid/partition.rb +27 -0
- data/lib/getch/filesystem/{lvm/encrypt → ext4/hybrid}/void.rb +0 -39
- data/lib/getch/filesystem/ext4/hybrid.rb +19 -0
- data/lib/getch/filesystem/ext4/lvm/config.rb +25 -0
- data/lib/getch/filesystem/ext4/lvm/deps.rb +56 -0
- data/lib/getch/filesystem/ext4/lvm/device.rb +28 -0
- data/lib/getch/filesystem/ext4/lvm/format.rb +21 -0
- data/lib/getch/filesystem/ext4/lvm/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/lvm/partition.rb +28 -0
- data/lib/getch/filesystem/{lvm.rb → ext4/lvm.rb} +6 -4
- data/lib/getch/filesystem/ext4/minimal/config.rb +25 -0
- data/lib/getch/filesystem/ext4/{device.rb → minimal/deps.rb} +3 -1
- data/lib/getch/filesystem/ext4/minimal/device.rb +22 -0
- data/lib/getch/filesystem/ext4/minimal/format.rb +23 -0
- data/lib/getch/filesystem/ext4/minimal/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/minimal/partition.rb +28 -0
- data/lib/getch/filesystem/ext4/minimal.rb +19 -0
- data/lib/getch/filesystem/ext4.rb +7 -7
- data/lib/getch/filesystem/zfs/encrypt/config.rb +10 -39
- data/lib/getch/filesystem/zfs/encrypt/deps.rb +4 -55
- data/lib/getch/filesystem/zfs/encrypt/device.rb +7 -51
- data/lib/getch/filesystem/zfs/encrypt/format.rb +6 -90
- data/lib/getch/filesystem/zfs/encrypt/mount.rb +16 -35
- data/lib/getch/filesystem/zfs/encrypt/partition.rb +6 -54
- data/lib/getch/filesystem/zfs/encrypt.rb +2 -1
- data/lib/getch/filesystem/zfs/minimal/config.rb +37 -0
- data/lib/getch/filesystem/zfs/minimal/deps.rb +126 -0
- data/lib/getch/filesystem/zfs/minimal/device.rb +24 -0
- data/lib/getch/filesystem/zfs/minimal/format.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal/mount.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal/partition.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal.rb +19 -0
- data/lib/getch/filesystem/zfs.rb +1 -7
- data/lib/getch/filesystem.rb +0 -6
- data/lib/getch/gentoo/bootloader.rb +23 -44
- data/lib/getch/gentoo/finalize.rb +25 -0
- data/lib/getch/gentoo/post_config.rb +75 -0
- data/lib/getch/gentoo/pre_config.rb +37 -0
- data/lib/getch/gentoo/services.rb +18 -0
- data/lib/getch/gentoo/sources.rb +39 -33
- data/lib/getch/gentoo/tarball.rb +91 -0
- data/lib/getch/gentoo/terraform.rb +34 -0
- data/lib/getch/gentoo/update.rb +54 -0
- data/lib/getch/gentoo/use.rb +9 -6
- data/lib/getch/gentoo/use_flag.rb +17 -20
- data/lib/getch/gentoo.rb +9 -75
- data/lib/getch/guard.rb +2 -2
- data/lib/getch/helpers.rb +63 -115
- data/lib/getch/log.rb +87 -25
- data/lib/getch/options.rb +41 -11
- data/lib/getch/states.rb +28 -8
- data/lib/getch/tree.rb +56 -0
- data/lib/getch/version.rb +1 -1
- data/lib/getch/void/bootloader.rb +18 -0
- data/lib/getch/void/finalize.rb +31 -0
- data/lib/getch/void/post_config.rb +19 -0
- data/lib/getch/void/pre_config.rb +18 -0
- data/lib/getch/void/services.rb +18 -0
- data/lib/getch/void/{stage.rb → tarball.rb} +34 -14
- data/lib/getch/void/terraform.rb +28 -0
- data/lib/getch/void/update.rb +33 -0
- data/lib/getch/void.rb +9 -59
- data/lib/getch.rb +58 -90
- data/lib/luks.rb +239 -0
- data/lib/lvm2.rb +112 -0
- data/lib/mkfs/zfs.rb +167 -0
- data/lib/mkfs.rb +140 -0
- data/lib/mountfs.rb +154 -0
- data/lib/nito.rb +131 -0
- data/lib/sgdisk.rb +160 -0
- data.tar.gz.sig +0 -0
- metadata +83 -47
- metadata.gz.sig +0 -0
- data/lib/getch/config/gentoo.rb +0 -58
- data/lib/getch/filesystem/clean.rb +0 -58
- data/lib/getch/filesystem/device.rb +0 -63
- data/lib/getch/filesystem/ext4/config.rb +0 -62
- data/lib/getch/filesystem/ext4/deps.rb +0 -24
- data/lib/getch/filesystem/ext4/format.rb +0 -31
- data/lib/getch/filesystem/ext4/mount.rb +0 -26
- data/lib/getch/filesystem/ext4/partition.rb +0 -55
- data/lib/getch/filesystem/ext4/void.rb +0 -44
- data/lib/getch/filesystem/lvm/config.rb +0 -44
- data/lib/getch/filesystem/lvm/deps.rb +0 -44
- data/lib/getch/filesystem/lvm/device.rb +0 -45
- data/lib/getch/filesystem/lvm/encrypt/config.rb +0 -74
- data/lib/getch/filesystem/lvm/encrypt/deps.rb +0 -49
- data/lib/getch/filesystem/lvm/encrypt/device.rb +0 -48
- data/lib/getch/filesystem/lvm/encrypt/format.rb +0 -35
- data/lib/getch/filesystem/lvm/encrypt/mount.rb +0 -27
- data/lib/getch/filesystem/lvm/encrypt/partition.rb +0 -84
- data/lib/getch/filesystem/lvm/encrypt.rb +0 -18
- data/lib/getch/filesystem/lvm/format.rb +0 -32
- data/lib/getch/filesystem/lvm/mount.rb +0 -26
- data/lib/getch/filesystem/lvm/partition.rb +0 -72
- data/lib/getch/filesystem/lvm/void.rb +0 -46
- data/lib/getch/filesystem/mount.rb +0 -63
- data/lib/getch/filesystem/partition.rb +0 -85
- data/lib/getch/filesystem/zfs/config.rb +0 -43
- data/lib/getch/filesystem/zfs/deps.rb +0 -67
- data/lib/getch/filesystem/zfs/device.rb +0 -66
- data/lib/getch/filesystem/zfs/encrypt/void.rb +0 -97
- data/lib/getch/filesystem/zfs/format.rb +0 -117
- data/lib/getch/filesystem/zfs/mount.rb +0 -47
- data/lib/getch/filesystem/zfs/partition.rb +0 -69
- data/lib/getch/filesystem/zfs/void.rb +0 -81
- data/lib/getch/gentoo/boot.rb +0 -64
- data/lib/getch/gentoo/chroot.rb +0 -75
- data/lib/getch/gentoo/config.rb +0 -167
- data/lib/getch/gentoo/stage.rb +0 -73
- data/lib/getch/void/boot.rb +0 -84
- data/lib/getch/void/chroot.rb +0 -56
- data/lib/getch/void/config.rb +0 -90
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c43bba03495a77a22b582c84f7e044383bc432fb8c8ca676d093673e836362af
|
4
|
+
data.tar.gz: 762dd43c65c336df63176b7945d75600153503c3ccdf7d899228cd18443bbda7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1f5a90d17518469533bfdcafd14b3e3ad155717c722182fca194bfd81fced2dc37ff0093af2da778cf53cadb5c4e23ae3fa7fe16d7809155f21f1e127c5bbc89
|
7
|
+
data.tar.gz: c533dbe161df1f6b72c3d690218547e926b219ff6bb19240f46bb040ccb2e86318cc5259b69b7692416c412e109fb5eb22fd424f9bca5d6dc1ae0ff70adc4cd0
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/README.md
CHANGED
@@ -6,7 +6,7 @@
|
|
6
6
|
[![Gem Version](https://badge.fury.io/rb/getch.svg)](https://badge.fury.io/rb/getch)
|
7
7
|
![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/getch/Rubocop/develop)
|
8
8
|
[![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
|
9
|
-
![GitHub](https://img.shields.io/github/license/szorfein/
|
9
|
+
![GitHub](https://img.shields.io/github/license/szorfein/getch)
|
10
10
|
|
11
11
|
</div>
|
12
12
|
|
@@ -22,11 +22,12 @@ Hardened System:
|
|
22
22
|
+ sysctl.conf with TCP/IP stack hardening and more [Arch](https://wiki.archlinux.org/title/Sysctl)
|
23
23
|
+ Kernel parameters enforced (dmesg restricted, kexec disabled, etc)
|
24
24
|
+ Kernel source (Gentoo) patched with [bask](https://github.com/szorfein/bask).
|
25
|
+
+ Musl optionnal
|
25
26
|
|
26
27
|
## Description
|
27
|
-
Actually, Getch support only the `x86_64` architecture
|
28
|
-
+ **Gentoo**: `stage3-amd64-systemd` [Gentoo](https://www.gentoo.org/downloads/).
|
29
|
-
+ **Void**: `rootfs glibc` [Void](https://voidlinux.org/download/).
|
28
|
+
Actually, Getch support only the `x86_64` architecture with the following archives:
|
29
|
+
+ **Gentoo**: `stage3-amd64-systemd` or `stage3-amd64-musl` [Gentoo](https://www.gentoo.org/downloads/).
|
30
|
+
+ **Void**: `rootfs tarball glibc` or `rootfs tarball musl` [Void](https://voidlinux.org/download/).
|
30
31
|
|
31
32
|
Filesystem supported (with or without encryption)
|
32
33
|
+ Ext4
|
@@ -34,13 +35,15 @@ Filesystem supported (with or without encryption)
|
|
34
35
|
+ ZFS
|
35
36
|
|
36
37
|
Boot Manager:
|
37
|
-
+ **Gentoo**: `BIOS` will use `Grub2` and `systemd-boot` for `UEFI`.
|
38
|
-
+ **Void**: use only Grub2
|
38
|
+
+ **Gentoo**: `BIOS` and `musl` will use `Grub2` and `systemd-boot` for `UEFI`.
|
39
|
+
+ **Void**: use only Grub2.
|
39
40
|
|
40
41
|
The ISO images i was able to test and that works:
|
41
42
|
+ [Archlinux](https://www.archlinux.org/download/)
|
42
43
|
+ [Archaeidae](https://github.com/szorfein/archaeidae): Custom Archiso that includes ZFS support.
|
43
44
|
|
45
|
+
You can also use your current `linux` host, just pay attention to the disk that will be used.
|
46
|
+
|
44
47
|
## Dependencies
|
45
48
|
Getch is build without external libs, so it only require `ruby >= 2.5`.
|
46
49
|
|
@@ -71,11 +74,11 @@ For a french user:
|
|
71
74
|
|
72
75
|
Install Gentoo on LVM and use a different root disk `/dev/sdc`
|
73
76
|
|
74
|
-
# getch --format lvm --disk sdc
|
77
|
+
# getch --format ext4 --lvm --disk sdc
|
75
78
|
|
76
79
|
Encrypt your disk with LVM with a french keymap
|
77
80
|
|
78
|
-
# getch --format lvm --encrypt --keymap fr
|
81
|
+
# getch --format ext4 --lvm --encrypt --keymap fr
|
79
82
|
|
80
83
|
Encrypt with ext4 and create a new user `ninja`:
|
81
84
|
|
@@ -85,9 +88,9 @@ With ZFS, if used with `--encrypt`, it use the native ZFS encryption:
|
|
85
88
|
|
86
89
|
# getch --format zfs
|
87
90
|
|
88
|
-
With `Void Linux
|
91
|
+
With `Void Linux` and `Musl` enable:
|
89
92
|
|
90
|
-
# getch --os void --encrypt -k fr
|
93
|
+
# getch --os void --encrypt -k fr --musl
|
91
94
|
|
92
95
|
## Troubleshooting
|
93
96
|
|
@@ -98,33 +101,36 @@ If a old volume group exist, `getch` may fail to partition your disk. You have t
|
|
98
101
|
# vgremove -f vg0
|
99
102
|
# pvremove -f /dev/sdb
|
100
103
|
|
101
|
-
#### Encryption
|
102
|
-
To decrypt your disk on
|
103
|
-
Also with GRUB, only a `us` keymap is working.
|
104
|
+
#### Encryption with GRUB
|
105
|
+
To decrypt your disk on GRUB, only the `us` keymap is working for now.
|
104
106
|
|
105
|
-
#### ZFS
|
106
|
-
|
107
|
-
By default, your /boot is empty because your boot pool is not imported...
|
107
|
+
#### ZFS with Grub
|
108
|
+
By default, if you use ZFS with `musl` or `voidlinux` the `/boot` partition is not mounted automatically, so before an update, mout the partition.
|
108
109
|
|
109
|
-
# zpool
|
110
|
-
# zfs mount bpool
|
110
|
+
# zpool status
|
111
|
+
# zfs mount bpool/BOOT/void
|
111
112
|
# ls /boot
|
112
113
|
|
113
|
-
|
114
|
-
|
115
|
-
# xbps-reconfigure -fa
|
116
|
-
|
117
|
-
Make the `bpool` available at the boot:
|
118
|
-
|
119
|
-
# zfs set canmount=on bpool-150ed/BOOT/void
|
114
|
+
#### ZFS with and without encryption
|
115
|
+
First time on ZFS after 5min
|
120
116
|
|
121
|
-
|
117
|
+
```txt
|
118
|
+
dracut Warning: /dev/disk/by-uuid/<DISK> does not exist
|
119
|
+
```
|
122
120
|
|
123
|
-
|
124
|
-
Well, another weird issue, the first time you boot on your encrypted pool, nothing append. Dracut try to mount inexistent device. Just wait for enter in the shell:
|
121
|
+
Dracut try to mount inexistent device. Just wait for enter in the shell and remove the disk uuid from `/lib/dracut/hooks/initqueue/finished/`
|
125
122
|
|
126
123
|
# ls /lib/dracut/hooks/initqueue/finished/*
|
127
124
|
# rm /lib/dracut/hooks/initqueue/finished/dev*
|
128
125
|
# exit
|
129
126
|
|
130
|
-
Dracut should finally start `mount-zfs.sh` and ask for
|
127
|
+
Dracut should finally start `mount-zfs.sh` and ask for a password if encrypted. After you first login, mount the `/boot` partition and recompile the initramfs and your good.
|
128
|
+
|
129
|
+
+ For Gentoo: `emerge --config sys-kernel/gentoo-kernel-bin`
|
130
|
+
+ For Voidlinux: `xbps-reconfigure -fa`
|
131
|
+
|
132
|
+
If it doesn't work, try to start script manually (always in the shell):
|
133
|
+
|
134
|
+
# . /lib/dracut/hooks/mount/98-mount-zsh.sh
|
135
|
+
# . /lib/dracut/hooks/mount/99-mount-root.sh
|
136
|
+
# exit
|
data/bin/getch
CHANGED
@@ -3,15 +3,17 @@
|
|
3
3
|
require 'getch'
|
4
4
|
|
5
5
|
getch = Getch::Main.new(
|
6
|
-
:
|
6
|
+
cli: Getch::Options.new(ARGV)
|
7
7
|
)
|
8
8
|
|
9
9
|
getch.resume
|
10
10
|
|
11
|
-
getch.
|
12
|
-
getch.format
|
13
|
-
getch.mount
|
11
|
+
getch.prepare_disk
|
14
12
|
|
15
|
-
getch.
|
13
|
+
getch.install_system
|
16
14
|
|
17
|
-
getch.
|
15
|
+
getch.terraform
|
16
|
+
|
17
|
+
getch.bootloader
|
18
|
+
|
19
|
+
getch.finalize
|
data/lib/clean.rb
ADDED
@@ -0,0 +1,149 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'nito'
|
4
|
+
require_relative 'getch/command'
|
5
|
+
require_relative 'getch/log'
|
6
|
+
|
7
|
+
class Clean
|
8
|
+
include NiTo
|
9
|
+
|
10
|
+
def initialize(args)
|
11
|
+
@root = args[:disk] ||= nil
|
12
|
+
@boot = args[:boot_disk] ||= nil
|
13
|
+
@home = args[:home_disk] ||= nil
|
14
|
+
@cache = args[:cache_disk] ||= nil
|
15
|
+
@vg = args[:vg_name] ||= nil
|
16
|
+
@luks = args[:luks_name] ||= nil
|
17
|
+
@zfs = args[:zfs_name] ||= 'pool'
|
18
|
+
@log = Getch::Log.new
|
19
|
+
@mountpoint = args[:mountpoint] ||= '/mnt/getch'
|
20
|
+
end
|
21
|
+
|
22
|
+
def x
|
23
|
+
umount_all
|
24
|
+
swap_off
|
25
|
+
disable_lvs
|
26
|
+
cryptsetup_close
|
27
|
+
old_zfs
|
28
|
+
old_lvm
|
29
|
+
zap_all @root, @boot, @home, @cache
|
30
|
+
wipe_all @root, @boot, @home, @cache
|
31
|
+
dd
|
32
|
+
end
|
33
|
+
|
34
|
+
protected
|
35
|
+
|
36
|
+
def umount_all
|
37
|
+
paths = []
|
38
|
+
File.open('/proc/mounts').each do |l|
|
39
|
+
tmp = l.split(' ') if l =~ /#{@mountpoint}/
|
40
|
+
tmp && paths << tmp[1]
|
41
|
+
end
|
42
|
+
paths.each { |p| umount_r p }
|
43
|
+
umount '/tmp/boot'
|
44
|
+
end
|
45
|
+
|
46
|
+
def swap_off
|
47
|
+
swapoff @root
|
48
|
+
File.exist?("/dev/#{@vg}/swap") && swapoff_dm("#{@vg}-swap")
|
49
|
+
end
|
50
|
+
|
51
|
+
def disable_lvs
|
52
|
+
lvchange_n 'home'
|
53
|
+
lvchange_n 'swap'
|
54
|
+
lvchange_n 'root'
|
55
|
+
end
|
56
|
+
|
57
|
+
def cryptsetup_close
|
58
|
+
close "boot-#{@luks}"
|
59
|
+
close "root-#{@luks}"
|
60
|
+
close "home-#{@luks}"
|
61
|
+
end
|
62
|
+
|
63
|
+
def old_zfs
|
64
|
+
return unless File.exist? '/usr/bin/zpool'
|
65
|
+
|
66
|
+
destroy_zpool "b#{@zfs}"
|
67
|
+
destroy_zpool "r#{@zfs}"
|
68
|
+
cmd "rm -rf #{@mountpoint}/*" if Dir.exist? @mountpoint
|
69
|
+
end
|
70
|
+
|
71
|
+
def destroy_zpool(name)
|
72
|
+
if system("zpool list | grep #{name}")
|
73
|
+
cmd "zpool destroy -f #{name}"
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
def old_lvm
|
78
|
+
lvm = `lvs | grep #{@vg}`
|
79
|
+
lvm.match?(/#{@vg}/) || return
|
80
|
+
|
81
|
+
vgremove
|
82
|
+
pvremove @root, @home, @cache
|
83
|
+
end
|
84
|
+
|
85
|
+
def zap_all(*devs)
|
86
|
+
devs.each { |d| zap(d) }
|
87
|
+
end
|
88
|
+
|
89
|
+
def wipe_all(*devs)
|
90
|
+
devs.each { |d| wipe(d) }
|
91
|
+
end
|
92
|
+
|
93
|
+
def dd
|
94
|
+
cmd "dd if=/dev/zero of=/dev/#{@root} bs=1M count=100"
|
95
|
+
end
|
96
|
+
|
97
|
+
private
|
98
|
+
|
99
|
+
def wipe(dev)
|
100
|
+
dev || return
|
101
|
+
|
102
|
+
cmd "wipefs --all /dev/#{dev}"
|
103
|
+
end
|
104
|
+
|
105
|
+
def umount_r(dir)
|
106
|
+
dir || return
|
107
|
+
|
108
|
+
cmd 'umount', '-R', dir if mount? dir
|
109
|
+
end
|
110
|
+
|
111
|
+
def zap(dev)
|
112
|
+
dev || return
|
113
|
+
|
114
|
+
cmd 'sgdisk', '-Z', "/dev/#{dev}"
|
115
|
+
end
|
116
|
+
|
117
|
+
def lvchange_n(name)
|
118
|
+
return unless File.exist? "/dev/#{@vg}/#{name}"
|
119
|
+
|
120
|
+
cmd 'lvchange', '-an', "/dev/#{@vg}/#{name}"
|
121
|
+
end
|
122
|
+
|
123
|
+
def close(name)
|
124
|
+
return unless File.exist? "/dev/mapper/#{name}"
|
125
|
+
|
126
|
+
cmd 'cryptsetup', 'close', name
|
127
|
+
end
|
128
|
+
|
129
|
+
def vgremove
|
130
|
+
cmd 'vgremove', '-y', @vg
|
131
|
+
end
|
132
|
+
|
133
|
+
def pvremove(*devs)
|
134
|
+
devs.each { |d| pvdel(d) }
|
135
|
+
end
|
136
|
+
|
137
|
+
def pvdel(dev)
|
138
|
+
dev || return
|
139
|
+
|
140
|
+
disk = dev[/[a-z]*/]
|
141
|
+
disk.match?(/[a-z]{3}/) || @log.fatal("pvdel - No disk #{dev} - #{disk}")
|
142
|
+
|
143
|
+
cmd 'pvremove', '-f', "/dev/#{disk}*"
|
144
|
+
end
|
145
|
+
|
146
|
+
def cmd(*args)
|
147
|
+
Getch::Command.new(args)
|
148
|
+
end
|
149
|
+
end
|
data/lib/cryptsetup.rb
ADDED
@@ -0,0 +1,132 @@
|
|
1
|
+
require 'luks'
|
2
|
+
|
3
|
+
class CryptSetup
|
4
|
+
def initialize(devs, options)
|
5
|
+
@boot = devs[:boot]
|
6
|
+
@root = devs[:root]
|
7
|
+
@home = devs[:home]
|
8
|
+
@swap = devs[:swap] ||= nil
|
9
|
+
@options = options
|
10
|
+
@luks = options[:luks_name]
|
11
|
+
@vg = options[:vg_name]
|
12
|
+
@fs = options[:fs] ||= 'ext4'
|
13
|
+
@mountpoint = options[:mountpoint] ||= '/mnt/getch'
|
14
|
+
end
|
15
|
+
|
16
|
+
def format
|
17
|
+
format_boot
|
18
|
+
format_root
|
19
|
+
format_home
|
20
|
+
end
|
21
|
+
|
22
|
+
def keys
|
23
|
+
add_boot_key
|
24
|
+
add_root_key
|
25
|
+
add_home_key
|
26
|
+
end
|
27
|
+
|
28
|
+
def configs
|
29
|
+
config_boot
|
30
|
+
config_root
|
31
|
+
config_home
|
32
|
+
config_swap
|
33
|
+
end
|
34
|
+
|
35
|
+
def swap_conf
|
36
|
+
config_swap
|
37
|
+
end
|
38
|
+
|
39
|
+
protected
|
40
|
+
|
41
|
+
def format_boot
|
42
|
+
luks = Luks::Boot.new(@boot, @options)
|
43
|
+
luks.encrypt
|
44
|
+
luks.open
|
45
|
+
luks.format
|
46
|
+
luks.mount
|
47
|
+
end
|
48
|
+
|
49
|
+
# if boot and root are on the same device, we encrypt root with a key
|
50
|
+
def format_root
|
51
|
+
if @boot.split(/[0-9]/) == @root.split(/[0-9]/)
|
52
|
+
root_with_key
|
53
|
+
else
|
54
|
+
root_with_pass
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
def format_home
|
59
|
+
@home || return
|
60
|
+
|
61
|
+
home_with_pass
|
62
|
+
end
|
63
|
+
|
64
|
+
def add_boot_key
|
65
|
+
luks = Luks::Boot.new(@boot, @options)
|
66
|
+
luks.external_key
|
67
|
+
end
|
68
|
+
|
69
|
+
# Alrealy used key if they have same disk
|
70
|
+
def add_root_key
|
71
|
+
return if @boot.split(/[0-9]/) == @root.split(/[0-9]/)
|
72
|
+
|
73
|
+
luks = Luks::Root.new(@root, @options)
|
74
|
+
luks.external_key
|
75
|
+
end
|
76
|
+
|
77
|
+
def add_home_key
|
78
|
+
@home || return
|
79
|
+
|
80
|
+
luks = Luks::Home.new(@home, @options)
|
81
|
+
luks.external_key
|
82
|
+
end
|
83
|
+
|
84
|
+
def config_boot
|
85
|
+
return if not @boot or @options[:fs] == 'zfs'
|
86
|
+
|
87
|
+
Luks::Boot.new(@boot, @options).write_config
|
88
|
+
end
|
89
|
+
|
90
|
+
def config_root
|
91
|
+
@root || return
|
92
|
+
|
93
|
+
Luks::Root.new(@root, @options).write_config
|
94
|
+
end
|
95
|
+
|
96
|
+
def config_home
|
97
|
+
@home || return
|
98
|
+
|
99
|
+
Luks::Home.new(@home, @options).write_config
|
100
|
+
end
|
101
|
+
|
102
|
+
def config_swap
|
103
|
+
uuid = @options[:lvm] ? '' : Getch::Helpers.uuid(@swap)
|
104
|
+
line = "swap-#{@luks}"
|
105
|
+
@options[:lvm] ?
|
106
|
+
line << " /dev/#{@vg}/swap" :
|
107
|
+
line << " UUID=#{uuid}"
|
108
|
+
|
109
|
+
line << " /dev/urandom swap,discard,cipher=aes-xts-plain64:sha256,size=512"
|
110
|
+
NiTo.echo_a "#{@mountpoint}/etc/crypttab", line
|
111
|
+
end
|
112
|
+
|
113
|
+
private
|
114
|
+
|
115
|
+
def root_with_key
|
116
|
+
luks = Luks::Root.new(@root, @options)
|
117
|
+
luks.encrypt_with_key
|
118
|
+
luks.open_with_key
|
119
|
+
end
|
120
|
+
|
121
|
+
def root_with_pass
|
122
|
+
luks = CryptSetup::Root.new(@root, @options)
|
123
|
+
luks.encrypt
|
124
|
+
luks.open
|
125
|
+
end
|
126
|
+
|
127
|
+
def home_with_pass
|
128
|
+
luks = CryptSetup::Home.new(@home, @options)
|
129
|
+
luks.encrypt
|
130
|
+
luks.open
|
131
|
+
end
|
132
|
+
end
|
data/lib/devs.rb
ADDED
@@ -0,0 +1,199 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'getch/device'
|
4
|
+
|
5
|
+
module Devs
|
6
|
+
class Settings
|
7
|
+
def initialize(args, options)
|
8
|
+
@args = args
|
9
|
+
@start = args[:start] ||= nil
|
10
|
+
@boot = args[:boot] ||= nil
|
11
|
+
@swap = args[:swap] ||= nil
|
12
|
+
@root = args[:root] ||= nil
|
13
|
+
@options = options
|
14
|
+
@encrypt = options[:encrypt] ||= false
|
15
|
+
@lvm = options[:lvm] ||= false
|
16
|
+
@whole = nil
|
17
|
+
@fs = options[:fs]
|
18
|
+
@tree = TREE[@fs.to_sym]
|
19
|
+
x
|
20
|
+
end
|
21
|
+
|
22
|
+
def x
|
23
|
+
add_boot
|
24
|
+
add_swap
|
25
|
+
add_root
|
26
|
+
add_home
|
27
|
+
end
|
28
|
+
|
29
|
+
protected
|
30
|
+
|
31
|
+
def add_boot
|
32
|
+
@options[:boot_disk] || return
|
33
|
+
|
34
|
+
@fs == 'zfs' ?
|
35
|
+
@tree.new(@options[:boot_disk], start: @start, boot: @boot, systemd_boot: systemd_boot?) :
|
36
|
+
@tree.new(@options[:boot_disk], start: @start, boot: @boot)
|
37
|
+
|
38
|
+
@args.delete :start
|
39
|
+
@args.delete :boot if @boot
|
40
|
+
end
|
41
|
+
|
42
|
+
def add_swap
|
43
|
+
@options[:cache_disk] || return
|
44
|
+
|
45
|
+
@fs == 'zfs' ?
|
46
|
+
@tree.new(@options[:cache_disk], swap: @swap, zfs_cache: true) :
|
47
|
+
@tree.new(@options[:cache_disk], swap: @swap)
|
48
|
+
@args.delete :swap if @swap
|
49
|
+
end
|
50
|
+
|
51
|
+
def add_root
|
52
|
+
if @encrypt or @lvm or @fs == 'zfs' then @whole = true end
|
53
|
+
@args[:whole] = @whole
|
54
|
+
|
55
|
+
if systemd_boot? and @fs == 'zfs' then @args.delete :boot end
|
56
|
+
@tree.new(@options[:disk], @args)
|
57
|
+
end
|
58
|
+
|
59
|
+
def add_home
|
60
|
+
@options[:home_disk] || return
|
61
|
+
|
62
|
+
if @encrypt or @lvm or @fs == 'zfs' then @whole = true end
|
63
|
+
@tree.new(@options[:home_disk], home: true, whole: @whole)
|
64
|
+
end
|
65
|
+
|
66
|
+
private
|
67
|
+
|
68
|
+
def efi?
|
69
|
+
Dir.exist? '/sys/firmware/efi/efivars'
|
70
|
+
end
|
71
|
+
|
72
|
+
def systemd_boot?
|
73
|
+
@options[:os] == 'gentoo' and not @options[:musl] and efi?
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
class Matrice
|
78
|
+
def initialize(disk, args)
|
79
|
+
@disk = disk
|
80
|
+
@start = args[:start] ||= nil
|
81
|
+
@boot = args[:boot] ||= nil
|
82
|
+
@swap = args[:swap] ||= nil
|
83
|
+
@root = args[:root] ||= nil
|
84
|
+
@home = args[:home] ||= nil
|
85
|
+
@whole = args[:whole] ||= false
|
86
|
+
@device = Getch::Device.new
|
87
|
+
@@part = 1
|
88
|
+
x
|
89
|
+
end
|
90
|
+
|
91
|
+
def x
|
92
|
+
start
|
93
|
+
boot
|
94
|
+
swap
|
95
|
+
root
|
96
|
+
home
|
97
|
+
end
|
98
|
+
|
99
|
+
protected
|
100
|
+
|
101
|
+
def start
|
102
|
+
@start || return
|
103
|
+
|
104
|
+
efi? ? add_efi : add_gpt
|
105
|
+
end
|
106
|
+
|
107
|
+
def add_efi
|
108
|
+
@device.efi "#{@disk}#{@@part}"
|
109
|
+
@@part += 1
|
110
|
+
end
|
111
|
+
|
112
|
+
def add_gpt
|
113
|
+
@device.gpt "#{@disk}#{@@part}"
|
114
|
+
@@part += 1
|
115
|
+
end
|
116
|
+
|
117
|
+
def boot
|
118
|
+
@boot || return
|
119
|
+
|
120
|
+
@device.boot "#{@disk}#{@@part}"
|
121
|
+
@@part += 1
|
122
|
+
end
|
123
|
+
|
124
|
+
def swap
|
125
|
+
@swap || return
|
126
|
+
|
127
|
+
@device.swap "#{@disk}#{@@part}"
|
128
|
+
@@part += 1
|
129
|
+
end
|
130
|
+
|
131
|
+
def root
|
132
|
+
@root || return
|
133
|
+
|
134
|
+
if @whole && @@part == 1
|
135
|
+
@device.root @disk
|
136
|
+
else
|
137
|
+
@device.root "#{@disk}#{@@part}"
|
138
|
+
@@part += 1
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
|
+
def home
|
143
|
+
@home || return
|
144
|
+
|
145
|
+
if @whole && @@part == 1
|
146
|
+
@device.home @disk
|
147
|
+
else
|
148
|
+
@device.home "#{@disk}#{@@part}"
|
149
|
+
@@part += 1
|
150
|
+
end
|
151
|
+
end
|
152
|
+
|
153
|
+
private
|
154
|
+
|
155
|
+
def efi?
|
156
|
+
Dir.exist? '/sys/firmware/efi/efivars'
|
157
|
+
end
|
158
|
+
end
|
159
|
+
|
160
|
+
class MatExt4 < Matrice
|
161
|
+
end
|
162
|
+
|
163
|
+
class MatZfs < Matrice
|
164
|
+
def initialize(disk, args)
|
165
|
+
@zfs_cache = args[:zfs_cache] ||= nil
|
166
|
+
@systemd_boot = args[:systemd_boot] ||= false
|
167
|
+
super
|
168
|
+
end
|
169
|
+
|
170
|
+
def boot
|
171
|
+
@boot || return
|
172
|
+
|
173
|
+
@systemd_boot && return
|
174
|
+
|
175
|
+
@device.boot "#{@disk}#{@@part}"
|
176
|
+
@@part += 1
|
177
|
+
end
|
178
|
+
|
179
|
+
def swap
|
180
|
+
@swap || return
|
181
|
+
|
182
|
+
if @zfs_cache
|
183
|
+
@device.swap "#{@disk}#{@@part}"
|
184
|
+
@@part += 1
|
185
|
+
@device.zlog "#{@disk}#{@@part}"
|
186
|
+
@@part += 1
|
187
|
+
@device.zcache "#{@disk}#{@@part}"
|
188
|
+
else
|
189
|
+
@device.swap "#{@disk}#{@@part}"
|
190
|
+
@@part += 1
|
191
|
+
end
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
TREE = {
|
196
|
+
ext4: MatExt4,
|
197
|
+
zfs: MatZfs,
|
198
|
+
}
|
199
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# frozen_string_litteral: true
|
2
|
+
|
3
|
+
module Dracut
|
4
|
+
class Encrypt < Root
|
5
|
+
def initialize(devs, options)
|
6
|
+
@luks = options[:luks_name]
|
7
|
+
super
|
8
|
+
end
|
9
|
+
|
10
|
+
def generate
|
11
|
+
host_only
|
12
|
+
cmdline
|
13
|
+
luks_key
|
14
|
+
end
|
15
|
+
|
16
|
+
protected
|
17
|
+
|
18
|
+
def get_line
|
19
|
+
root = Getch::Helpers.uuid @root
|
20
|
+
dm_root = get_dm_uuid "root-#{@luks}"
|
21
|
+
"rd.luks.uuid=#{root} root=UUID=#{dm_root} rootfstype=#{@fs}"
|
22
|
+
end
|
23
|
+
|
24
|
+
def luks_key
|
25
|
+
file = "#{@mountpoint}/etc/dracut.conf.d/luks_key.conf"
|
26
|
+
echo file, 'install_items+=" /boot/boot.key /boot/root.key /etc/crypttab "'
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
def get_dm_uuid(name)
|
32
|
+
dm = Getch::Helpers.get_dm name
|
33
|
+
Getch::Helpers.uuid dm
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dracut
|
4
|
+
class Hybrid < Encrypt
|
5
|
+
def initialize(devs, options)
|
6
|
+
super
|
7
|
+
@vg = options[:vg_name] ||= 'vg0'
|
8
|
+
end
|
9
|
+
|
10
|
+
def get_line
|
11
|
+
root = Getch::Helpers.uuid @root
|
12
|
+
"rd.luks.uuid=#{root} rd.lvm.vg=#{@vg} root=/dev/#{@vg}/root"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|