getch 0.1.9 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +35 -29
- data/bin/getch +8 -6
- data/lib/clean.rb +149 -0
- data/lib/cryptsetup.rb +132 -0
- data/lib/devs.rb +199 -0
- data/lib/dracut/encrypt.rb +36 -0
- data/lib/dracut/hybrid.rb +15 -0
- data/lib/dracut/lvm.rb +14 -0
- data/lib/dracut/minimal.rb +11 -0
- data/lib/dracut/root.rb +45 -0
- data/lib/dracut/zfs.rb +35 -0
- data/lib/dracut.rb +11 -0
- data/lib/fstab/encrypt.rb +44 -0
- data/lib/fstab/hybrid.rb +34 -0
- data/lib/fstab/lvm.rb +25 -0
- data/lib/fstab/minimal.rb +6 -0
- data/lib/fstab/root.rb +93 -0
- data/lib/fstab/zfs.rb +23 -0
- data/lib/fstab.rb +11 -0
- data/lib/getch/assembly.rb +150 -0
- data/lib/getch/command.rb +88 -128
- data/lib/getch/config/account.rb +39 -0
- data/lib/getch/config/dhcp.rb +104 -0
- data/lib/getch/config/grub.rb +42 -0
- data/lib/getch/config/iwd.rb +60 -0
- data/lib/getch/config/keymap.rb +78 -0
- data/lib/getch/config/locale.rb +96 -0
- data/lib/getch/config/portage.rb +90 -0
- data/lib/getch/config/pre_network.rb +37 -0
- data/lib/getch/config/timezone.rb +52 -0
- data/lib/getch/config/void.rb +0 -36
- data/lib/getch/config.rb +16 -37
- data/lib/getch/device.rb +67 -0
- data/lib/getch/filesystem/ext4/encrypt/config.rb +9 -71
- data/lib/getch/filesystem/ext4/encrypt/deps.rb +15 -25
- data/lib/getch/filesystem/ext4/encrypt/device.rb +11 -5
- data/lib/getch/filesystem/ext4/encrypt/format.rb +6 -15
- data/lib/getch/filesystem/ext4/encrypt/mount.rb +7 -11
- data/lib/getch/filesystem/ext4/encrypt/partition.rb +10 -76
- data/lib/getch/filesystem/ext4/encrypt/void.rb +0 -38
- data/lib/getch/filesystem/ext4/encrypt.rb +2 -1
- data/lib/getch/filesystem/ext4/hybrid/config.rb +27 -0
- data/lib/getch/filesystem/ext4/hybrid/deps.rb +55 -0
- data/lib/getch/filesystem/ext4/hybrid/device.rb +24 -0
- data/lib/getch/filesystem/ext4/hybrid/format.rb +23 -0
- data/lib/getch/filesystem/ext4/hybrid/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/hybrid/partition.rb +27 -0
- data/lib/getch/filesystem/{lvm/encrypt → ext4/hybrid}/void.rb +0 -39
- data/lib/getch/filesystem/ext4/hybrid.rb +19 -0
- data/lib/getch/filesystem/ext4/lvm/config.rb +25 -0
- data/lib/getch/filesystem/ext4/lvm/deps.rb +56 -0
- data/lib/getch/filesystem/ext4/lvm/device.rb +28 -0
- data/lib/getch/filesystem/ext4/lvm/format.rb +21 -0
- data/lib/getch/filesystem/ext4/lvm/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/lvm/partition.rb +28 -0
- data/lib/getch/filesystem/{lvm.rb → ext4/lvm.rb} +6 -4
- data/lib/getch/filesystem/ext4/minimal/config.rb +25 -0
- data/lib/getch/filesystem/ext4/{device.rb → minimal/deps.rb} +3 -1
- data/lib/getch/filesystem/ext4/minimal/device.rb +22 -0
- data/lib/getch/filesystem/ext4/minimal/format.rb +23 -0
- data/lib/getch/filesystem/ext4/minimal/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/minimal/partition.rb +28 -0
- data/lib/getch/filesystem/ext4/minimal.rb +19 -0
- data/lib/getch/filesystem/ext4.rb +7 -7
- data/lib/getch/filesystem/zfs/encrypt/config.rb +10 -39
- data/lib/getch/filesystem/zfs/encrypt/deps.rb +4 -55
- data/lib/getch/filesystem/zfs/encrypt/device.rb +7 -51
- data/lib/getch/filesystem/zfs/encrypt/format.rb +6 -90
- data/lib/getch/filesystem/zfs/encrypt/mount.rb +16 -35
- data/lib/getch/filesystem/zfs/encrypt/partition.rb +6 -54
- data/lib/getch/filesystem/zfs/encrypt.rb +2 -1
- data/lib/getch/filesystem/zfs/minimal/config.rb +37 -0
- data/lib/getch/filesystem/zfs/minimal/deps.rb +126 -0
- data/lib/getch/filesystem/zfs/minimal/device.rb +24 -0
- data/lib/getch/filesystem/zfs/minimal/format.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal/mount.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal/partition.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal.rb +19 -0
- data/lib/getch/filesystem/zfs.rb +1 -7
- data/lib/getch/filesystem.rb +0 -6
- data/lib/getch/gentoo/bootloader.rb +23 -44
- data/lib/getch/gentoo/finalize.rb +25 -0
- data/lib/getch/gentoo/post_config.rb +75 -0
- data/lib/getch/gentoo/pre_config.rb +37 -0
- data/lib/getch/gentoo/services.rb +18 -0
- data/lib/getch/gentoo/sources.rb +39 -33
- data/lib/getch/gentoo/tarball.rb +91 -0
- data/lib/getch/gentoo/terraform.rb +34 -0
- data/lib/getch/gentoo/update.rb +54 -0
- data/lib/getch/gentoo/use.rb +9 -6
- data/lib/getch/gentoo/use_flag.rb +17 -20
- data/lib/getch/gentoo.rb +9 -75
- data/lib/getch/guard.rb +2 -2
- data/lib/getch/helpers.rb +63 -115
- data/lib/getch/log.rb +87 -25
- data/lib/getch/options.rb +41 -11
- data/lib/getch/states.rb +28 -8
- data/lib/getch/tree.rb +56 -0
- data/lib/getch/version.rb +1 -1
- data/lib/getch/void/bootloader.rb +18 -0
- data/lib/getch/void/finalize.rb +31 -0
- data/lib/getch/void/post_config.rb +19 -0
- data/lib/getch/void/pre_config.rb +18 -0
- data/lib/getch/void/services.rb +18 -0
- data/lib/getch/void/{stage.rb → tarball.rb} +34 -14
- data/lib/getch/void/terraform.rb +28 -0
- data/lib/getch/void/update.rb +33 -0
- data/lib/getch/void.rb +9 -59
- data/lib/getch.rb +58 -90
- data/lib/luks.rb +239 -0
- data/lib/lvm2.rb +112 -0
- data/lib/mkfs/zfs.rb +167 -0
- data/lib/mkfs.rb +140 -0
- data/lib/mountfs.rb +154 -0
- data/lib/nito.rb +131 -0
- data/lib/sgdisk.rb +160 -0
- data.tar.gz.sig +0 -0
- metadata +83 -47
- metadata.gz.sig +0 -0
- data/lib/getch/config/gentoo.rb +0 -58
- data/lib/getch/filesystem/clean.rb +0 -58
- data/lib/getch/filesystem/device.rb +0 -63
- data/lib/getch/filesystem/ext4/config.rb +0 -62
- data/lib/getch/filesystem/ext4/deps.rb +0 -24
- data/lib/getch/filesystem/ext4/format.rb +0 -31
- data/lib/getch/filesystem/ext4/mount.rb +0 -26
- data/lib/getch/filesystem/ext4/partition.rb +0 -55
- data/lib/getch/filesystem/ext4/void.rb +0 -44
- data/lib/getch/filesystem/lvm/config.rb +0 -44
- data/lib/getch/filesystem/lvm/deps.rb +0 -44
- data/lib/getch/filesystem/lvm/device.rb +0 -45
- data/lib/getch/filesystem/lvm/encrypt/config.rb +0 -74
- data/lib/getch/filesystem/lvm/encrypt/deps.rb +0 -49
- data/lib/getch/filesystem/lvm/encrypt/device.rb +0 -48
- data/lib/getch/filesystem/lvm/encrypt/format.rb +0 -35
- data/lib/getch/filesystem/lvm/encrypt/mount.rb +0 -27
- data/lib/getch/filesystem/lvm/encrypt/partition.rb +0 -84
- data/lib/getch/filesystem/lvm/encrypt.rb +0 -18
- data/lib/getch/filesystem/lvm/format.rb +0 -32
- data/lib/getch/filesystem/lvm/mount.rb +0 -26
- data/lib/getch/filesystem/lvm/partition.rb +0 -72
- data/lib/getch/filesystem/lvm/void.rb +0 -46
- data/lib/getch/filesystem/mount.rb +0 -63
- data/lib/getch/filesystem/partition.rb +0 -85
- data/lib/getch/filesystem/zfs/config.rb +0 -43
- data/lib/getch/filesystem/zfs/deps.rb +0 -67
- data/lib/getch/filesystem/zfs/device.rb +0 -66
- data/lib/getch/filesystem/zfs/encrypt/void.rb +0 -97
- data/lib/getch/filesystem/zfs/format.rb +0 -117
- data/lib/getch/filesystem/zfs/mount.rb +0 -47
- data/lib/getch/filesystem/zfs/partition.rb +0 -69
- data/lib/getch/filesystem/zfs/void.rb +0 -81
- data/lib/getch/gentoo/boot.rb +0 -64
- data/lib/getch/gentoo/chroot.rb +0 -75
- data/lib/getch/gentoo/config.rb +0 -167
- data/lib/getch/gentoo/stage.rb +0 -73
- data/lib/getch/void/boot.rb +0 -84
- data/lib/getch/void/chroot.rb +0 -56
- data/lib/getch/void/config.rb +0 -90
data/lib/getch/void.rb
CHANGED
@@ -1,65 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require_relative 'void/stage'
|
4
|
-
require_relative 'void/config'
|
5
|
-
require_relative 'void/chroot'
|
6
|
-
#require_relative 'void/sources'
|
7
|
-
require_relative 'void/boot'
|
8
|
-
|
9
3
|
module Getch
|
10
4
|
module Void
|
11
|
-
class Main
|
12
|
-
def initialize
|
13
|
-
@state = Getch::States.new
|
14
|
-
end
|
15
|
-
|
16
|
-
def root_fs
|
17
|
-
return if STATES[:gentoo_base]
|
18
|
-
|
19
|
-
xbps = Getch::Void::RootFS.new
|
20
|
-
xbps.search_archive
|
21
|
-
xbps.download
|
22
|
-
xbps.checksum
|
23
|
-
@state.stage3
|
24
|
-
end
|
25
|
-
|
26
|
-
def config
|
27
|
-
return if STATES[:gentoo_config]
|
28
|
-
|
29
|
-
config = Getch::Void::Config.new
|
30
|
-
config.host
|
31
|
-
config.network
|
32
|
-
config.system
|
33
|
-
config.locale
|
34
|
-
@state.config
|
35
|
-
end
|
36
|
-
|
37
|
-
def chroot
|
38
|
-
return if STATES[:gentoo_kernel]
|
39
|
-
|
40
|
-
chroot = Getch::Void::Chroot.new
|
41
|
-
chroot.update
|
42
|
-
chroot.fs
|
43
|
-
chroot.extras
|
44
|
-
chroot.install_pkgs
|
45
|
-
end
|
46
|
-
|
47
|
-
def kernel
|
48
|
-
return if STATES[:gentoo_kernel]
|
49
|
-
|
50
|
-
Getch::Void::Sources.new
|
51
|
-
@state.kernel
|
52
|
-
end
|
53
|
-
|
54
|
-
def boot
|
55
|
-
boot = Getch::Void::Boot.new
|
56
|
-
boot.new_user
|
57
|
-
boot.fstab
|
58
|
-
boot.dracut
|
59
|
-
boot.grub
|
60
|
-
boot.initramfs
|
61
|
-
boot.finish
|
62
|
-
end
|
63
|
-
end
|
64
5
|
end
|
65
6
|
end
|
7
|
+
|
8
|
+
require_relative 'void/tarball'
|
9
|
+
require_relative 'void/pre_config'
|
10
|
+
require_relative 'void/update'
|
11
|
+
require_relative 'void/post_config'
|
12
|
+
require_relative 'void/terraform'
|
13
|
+
require_relative 'void/services'
|
14
|
+
require_relative 'void/bootloader'
|
15
|
+
require_relative 'void/finalize'
|
data/lib/getch.rb
CHANGED
@@ -5,7 +5,10 @@ require_relative 'getch/options'
|
|
5
5
|
require_relative 'getch/states'
|
6
6
|
require_relative 'getch/gentoo'
|
7
7
|
require_relative 'getch/void'
|
8
|
+
require_relative 'getch/device'
|
8
9
|
require_relative 'getch/filesystem'
|
10
|
+
require_relative 'getch/tree'
|
11
|
+
require_relative 'getch/assembly'
|
9
12
|
require_relative 'getch/command'
|
10
13
|
require_relative 'getch/log'
|
11
14
|
require_relative 'getch/config'
|
@@ -15,72 +18,65 @@ require_relative 'getch/version'
|
|
15
18
|
module Getch
|
16
19
|
|
17
20
|
OPTIONS = {
|
18
|
-
:
|
19
|
-
:
|
20
|
-
:
|
21
|
-
:
|
22
|
-
:
|
23
|
-
:
|
24
|
-
:
|
25
|
-
:
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
29
|
-
:
|
21
|
+
boot_disk: false,
|
22
|
+
disk: false,
|
23
|
+
cache_disk: false,
|
24
|
+
encrypt: false,
|
25
|
+
fs: 'ext4',
|
26
|
+
home_disk: false,
|
27
|
+
keymap: 'us',
|
28
|
+
language: 'en_US',
|
29
|
+
luks_name: 'luks',
|
30
|
+
lvm: false,
|
31
|
+
mountpoint: '/mnt/getch',
|
32
|
+
musl: false,
|
33
|
+
os: 'gentoo',
|
34
|
+
timezone: 'UTC',
|
35
|
+
username: false,
|
36
|
+
verbose: false,
|
37
|
+
vg_name: 'vg4',
|
38
|
+
zfs_name: 'pool'
|
30
39
|
}
|
31
40
|
|
32
41
|
STATES = {
|
33
|
-
:
|
34
|
-
:
|
35
|
-
:
|
36
|
-
:
|
37
|
-
:
|
38
|
-
:
|
39
|
-
:
|
40
|
-
:
|
42
|
+
partition: false,
|
43
|
+
format: false,
|
44
|
+
mount: false,
|
45
|
+
tarball: false,
|
46
|
+
pre_config: false,
|
47
|
+
update: false,
|
48
|
+
post_config: false,
|
49
|
+
terraform: false,
|
50
|
+
bootloader: false,
|
51
|
+
services: false,
|
52
|
+
finalize: false,
|
41
53
|
}
|
42
54
|
|
43
|
-
MOUNTPOINT = '/mnt/
|
44
|
-
|
45
|
-
DEFAULT_FS = {
|
46
|
-
true => {
|
47
|
-
ext4: FileSystem::Ext4::Encrypt,
|
48
|
-
lvm: FileSystem::Lvm::Encrypt,
|
49
|
-
zfs: FileSystem::Zfs::Encrypt
|
50
|
-
},
|
51
|
-
false => {
|
52
|
-
ext4: FileSystem::Ext4,
|
53
|
-
lvm: FileSystem::Lvm,
|
54
|
-
zfs: FileSystem::Zfs,
|
55
|
-
}
|
56
|
-
}.freeze
|
57
|
-
|
58
|
-
def self.select_fs
|
59
|
-
encrypt = OPTIONS[:encrypt]
|
60
|
-
fs_sym = OPTIONS[:fs].to_sym
|
61
|
-
DEFAULT_FS[encrypt][fs_sym]
|
62
|
-
end
|
55
|
+
MOUNTPOINT = '/mnt/getch'
|
56
|
+
DEVS = {}
|
63
57
|
|
64
58
|
class Main
|
65
59
|
def initialize(argv)
|
66
60
|
argv[:cli]
|
67
|
-
@class_fs = Getch::select_fs
|
68
61
|
@log = Log.new
|
69
|
-
|
62
|
+
@assembly = Assembly.new
|
70
63
|
end
|
71
64
|
|
72
65
|
def resume
|
73
|
-
|
66
|
+
STATES[:partition] && return
|
67
|
+
|
68
|
+
@log.fatal 'No disk, use at least getch with -d DISK' unless OPTIONS[:disk]
|
74
69
|
|
75
70
|
puts "\nBuild " + OPTIONS[:os].capitalize + " Linux with the following args:\n"
|
76
71
|
puts
|
77
72
|
puts "\tLang: #{OPTIONS[:language]}"
|
78
|
-
puts "\
|
73
|
+
puts "\tTimezone: #{OPTIONS[:timezone]}"
|
79
74
|
puts "\tKeymap: #{OPTIONS[:keymap]}"
|
80
75
|
puts "\tDisk: #{OPTIONS[:disk]}"
|
81
76
|
puts "\tFilesystem: #{OPTIONS[:fs]}"
|
82
77
|
puts "\tUsername: #{OPTIONS[:username]}"
|
83
78
|
puts "\tEncrypt: #{OPTIONS[:encrypt]}"
|
79
|
+
puts "\tMusl: #{OPTIONS[:musl]}"
|
84
80
|
puts
|
85
81
|
puts "\tseparate-boot disk: #{OPTIONS[:boot_disk]}"
|
86
82
|
puts "\tseparate-cache disk: #{OPTIONS[:cache_disk]}"
|
@@ -89,67 +85,39 @@ module Getch
|
|
89
85
|
print 'Continue? (y,N) '
|
90
86
|
case gets.chomp
|
91
87
|
when /^y|^Y/
|
92
|
-
return
|
93
88
|
else
|
94
89
|
exit
|
95
90
|
end
|
96
91
|
end
|
97
92
|
|
98
|
-
def
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
case gets.chomp
|
104
|
-
when /^y|^Y/
|
105
|
-
@log.info('Partition start')
|
106
|
-
@class_fs::Partition.new
|
107
|
-
else
|
108
|
-
exit
|
109
|
-
end
|
93
|
+
def prepare_disk
|
94
|
+
@assembly.clean
|
95
|
+
@assembly.partition
|
96
|
+
@assembly.format
|
97
|
+
@assembly.mount
|
110
98
|
end
|
111
99
|
|
112
|
-
def
|
113
|
-
|
114
|
-
|
115
|
-
@
|
100
|
+
def install_system
|
101
|
+
@assembly.tarball
|
102
|
+
@assembly.pre_config
|
103
|
+
@assembly.update
|
104
|
+
@assembly.post_config
|
116
105
|
end
|
117
106
|
|
118
|
-
def
|
119
|
-
|
120
|
-
|
121
|
-
@class_fs::Mount.new.run
|
107
|
+
def terraform
|
108
|
+
@assembly.terraform
|
109
|
+
@assembly.services
|
122
110
|
end
|
123
111
|
|
124
|
-
def
|
125
|
-
|
126
|
-
|
127
|
-
elsif OPTIONS[:os] == 'void'
|
128
|
-
install_void
|
129
|
-
else
|
130
|
-
puts "Options #{OPTIONS[:os]} not supported...."
|
131
|
-
exit 1
|
132
|
-
end
|
112
|
+
def bootloader
|
113
|
+
@assembly.luks_keys
|
114
|
+
@assembly.bootloader
|
133
115
|
end
|
134
116
|
|
135
|
-
def
|
136
|
-
|
137
|
-
gentoo.stage3
|
138
|
-
gentoo.config
|
139
|
-
gentoo.chroot
|
140
|
-
gentoo.bootloader
|
141
|
-
gentoo.kernel
|
142
|
-
gentoo.boot
|
117
|
+
def finalize
|
118
|
+
@assembly.finalize
|
143
119
|
end
|
144
120
|
|
145
|
-
def install_void
|
146
|
-
void = Getch::Void::Main.new
|
147
|
-
void.root_fs
|
148
|
-
void.config
|
149
|
-
void.chroot
|
150
|
-
void.boot
|
151
|
-
end
|
152
|
-
|
153
121
|
def configure
|
154
122
|
config = Getch::Config::Main.new
|
155
123
|
config.ethernet
|
data/lib/luks.rb
ADDED
@@ -0,0 +1,239 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'nito'
|
4
|
+
require 'getch/log'
|
5
|
+
require 'getch/command'
|
6
|
+
|
7
|
+
module Luks
|
8
|
+
class Main
|
9
|
+
include Luks
|
10
|
+
include NiTo
|
11
|
+
|
12
|
+
Permission = Class.new(StandardError)
|
13
|
+
|
14
|
+
def initialize(disk, options)
|
15
|
+
@disk = disk
|
16
|
+
@format = options[:fs]
|
17
|
+
@mountpoint = options[:mountpoint]
|
18
|
+
@luks_type = nil
|
19
|
+
@key_dir = nil
|
20
|
+
@key_name = nil
|
21
|
+
@mount = nil
|
22
|
+
@bootloader = false
|
23
|
+
@log = Getch::Log.new
|
24
|
+
@bs = get_bs
|
25
|
+
end
|
26
|
+
|
27
|
+
def encrypt
|
28
|
+
args = @luks_type == 'luks2' ? "#{@command_args} --sector-size #{@bs}" : @command_args
|
29
|
+
@log.info "Encrypting #{@luks_name} > #{@disk}...\n"
|
30
|
+
cmd_crypt 'cryptsetup', 'luksFormat', args, "/dev/#{@disk}"
|
31
|
+
end
|
32
|
+
|
33
|
+
def encrypt_with_key
|
34
|
+
make_key
|
35
|
+
args = @luks_type == 'luks2' ?
|
36
|
+
"#{@command_args} -q --sector-size #{@bs} -d #{@full_key_path}" :
|
37
|
+
"#{@command_args} -q -d #{@full_key_path}"
|
38
|
+
@log.info "Encrypting #{@luks_name} with #{@full_key_path}...\n"
|
39
|
+
cmd_crypt 'cryptsetup', 'luksFormat', args, "/dev/#{@disk}"
|
40
|
+
end
|
41
|
+
|
42
|
+
def open
|
43
|
+
return if File.exist? "/dev/mapper/#{@luks_name}"
|
44
|
+
|
45
|
+
@log.info "Opening #{@luks_name} > #{@disk}...\n"
|
46
|
+
cmd_crypt 'cryptsetup', 'open', @command_args, "/dev/#{@disk}", @luks_name
|
47
|
+
unless File.exist? "/dev/mapper/#{@luks_name}"
|
48
|
+
raise "No dev /dev/mapper/#{@luks_name}, open it first..."
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def open_with_key(file = nil)
|
53
|
+
return if File.exist? "/dev/mapper/#{@luks_name}"
|
54
|
+
|
55
|
+
@full_key_path = "#{@mountpoint}#{@key_path}"
|
56
|
+
key = file ? file : @full_key_path
|
57
|
+
@log.info "Opening #{@luks_name} disk #{@disk} with #{key}...\n"
|
58
|
+
cmd_crypt 'cryptsetup', 'open', @command_args, '-d', key, "/dev/#{@disk}", @luks_name
|
59
|
+
end
|
60
|
+
|
61
|
+
def format
|
62
|
+
case @format
|
63
|
+
when 'ext4'
|
64
|
+
format_ext4
|
65
|
+
when 'xfs'
|
66
|
+
format_xfs
|
67
|
+
when 'fat'
|
68
|
+
format_fat
|
69
|
+
else
|
70
|
+
@log.fatal "#{@format} not yet supported."
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def external_key
|
75
|
+
make_key
|
76
|
+
@log.info "Adding key for #{@luks_name}...\n"
|
77
|
+
cmd_crypt 'cryptsetup', 'luksAddKey', "/dev/#{@disk}", @full_key_path
|
78
|
+
end
|
79
|
+
|
80
|
+
def write_config
|
81
|
+
config
|
82
|
+
perm
|
83
|
+
end
|
84
|
+
|
85
|
+
def mount
|
86
|
+
mountpoint = @luks_name =~ /^root/ ? @mountpoint : "#{@mountpoint}#{@mount}"
|
87
|
+
NiTo.mount "/dev/mapper/#{@luks_name}", mountpoint
|
88
|
+
end
|
89
|
+
|
90
|
+
def close
|
91
|
+
return unless File.exist? "/dev/mapper/#{@luks_name}"
|
92
|
+
|
93
|
+
@log.info "Closing #{@luks_name}...\n"
|
94
|
+
cmd_crypt 'cryptsetup', 'close', @luks_name
|
95
|
+
end
|
96
|
+
|
97
|
+
def gen_datas
|
98
|
+
end
|
99
|
+
|
100
|
+
protected
|
101
|
+
|
102
|
+
def make_key
|
103
|
+
@key_path = "#{@key_dir}/#{@key_name}"
|
104
|
+
@full_key_path = "#{@mountpoint}#{@key_path}"
|
105
|
+
@log.info "Generating key...\n"
|
106
|
+
mkdir "#{@mountpoint}#{@key_dir}"
|
107
|
+
sh 'dd', 'bs=512', 'count=8', 'iflag=fullblock', 'if=/dev/urandom', "of=#{@full_key_path}"
|
108
|
+
end
|
109
|
+
|
110
|
+
# https://wiki.archlinux.org/title/Advanced_Format#File_systems
|
111
|
+
def format_ext4
|
112
|
+
@log.info "Formating disk with #{@format}...\n"
|
113
|
+
sh 'mkfs.ext4', '-F', '-b', @bs, "/dev/mapper/#{@luks_name}"
|
114
|
+
end
|
115
|
+
|
116
|
+
# https://wiki.archlinux.org/title/Advanced_Format#File_systems
|
117
|
+
def format_xfs
|
118
|
+
@log.info "Formating disk with #{@format}...\n"
|
119
|
+
sh 'mkfs.xfs', '-f', '-s', "size=#{@bs}", "/dev/mapper/#{@luks_name}"
|
120
|
+
end
|
121
|
+
|
122
|
+
def config
|
123
|
+
@key_path = "#{@key_dir}/#{@key_name}"
|
124
|
+
uuid = Getch::Helpers.uuid @disk
|
125
|
+
@log.info "Writing configs for #{@luks_name}...\n"
|
126
|
+
|
127
|
+
@log.info " * Writing #{@mountpoint}/etc/crypttab..."
|
128
|
+
line = "#{@luks_name} UUID=#{uuid} #{@key_path} luks"
|
129
|
+
echo_a "#{@mountpoint}/etc/crypttab", line
|
130
|
+
@log.result_ok
|
131
|
+
|
132
|
+
config_openrc
|
133
|
+
config_grub
|
134
|
+
end
|
135
|
+
|
136
|
+
# https://wiki.gentoo.org/wiki/Dm-crypt#Configuring_dm-crypt
|
137
|
+
def config_openrc
|
138
|
+
Getch::Helpers.openrc? || return
|
139
|
+
|
140
|
+
conf = "#{@mountpoint}/etc/conf.d/dmcrypt"
|
141
|
+
uuid = Getch::Helpers.uuid @disk
|
142
|
+
echo_a conf, "target=#{@luks_name}"
|
143
|
+
echo_a conf, "source=UUID=\"#{uuid}\""
|
144
|
+
echo_a conf, "key=#{@key_path}"
|
145
|
+
end
|
146
|
+
|
147
|
+
def config_grub
|
148
|
+
return unless @bootloader
|
149
|
+
|
150
|
+
if Getch::Helpers.grub?
|
151
|
+
@log.info ' * Writing to /etc/default/grub...'
|
152
|
+
line = 'GRUB_ENABLE_CRYPTODISK=y'
|
153
|
+
echo_a "#{@mountpoint}/etc/default/grub", line
|
154
|
+
@log.result_ok
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
def perm
|
159
|
+
@key_path = "#{@key_dir}/#{@key_name}"
|
160
|
+
@full_key_path = "#{@mountpoint}#{@key_path}"
|
161
|
+
@log.info "Enforcing permission on #{@full_key_path}..."
|
162
|
+
File.chmod 0400, "#{@mountpoint}#{@key_dir}"
|
163
|
+
File.chmod 0000, @full_key_path
|
164
|
+
File.chown 0, 0, @full_key_path
|
165
|
+
@log.result_ok
|
166
|
+
end
|
167
|
+
|
168
|
+
private
|
169
|
+
|
170
|
+
def get_bs
|
171
|
+
@disk || @log.fatal("No disk for #{@luks_name}.")
|
172
|
+
|
173
|
+
sh 'blockdev', '--getpbsz', "/dev/#{@disk}"
|
174
|
+
end
|
175
|
+
|
176
|
+
def cmd_crypt_raw(*args)
|
177
|
+
system args.join(' ')
|
178
|
+
return if $?.exitstatus == 0
|
179
|
+
|
180
|
+
@log.dbg args.join(' ')
|
181
|
+
@log.dbg $?
|
182
|
+
@log.fatal 'die'
|
183
|
+
end
|
184
|
+
|
185
|
+
def cmd_crypt(*args)
|
186
|
+
cmd_crypt_raw args
|
187
|
+
rescue => e
|
188
|
+
@log.fatal e
|
189
|
+
end
|
190
|
+
|
191
|
+
def sh(*args)
|
192
|
+
Getch::Command.new(args)
|
193
|
+
end
|
194
|
+
end
|
195
|
+
|
196
|
+
# Boot can decrypt the root (/)
|
197
|
+
class Boot < Main
|
198
|
+
def initialize(disk, options)
|
199
|
+
super
|
200
|
+
@luks_type = 'luks1'
|
201
|
+
@key_dir = '/boot'
|
202
|
+
@key_name = 'boot.key'
|
203
|
+
@bootloader = true
|
204
|
+
@mount = '/boot'
|
205
|
+
@luks = options[:luks_name]
|
206
|
+
@luks_name = "boot-#{@luks}"
|
207
|
+
@command_args = "--type #{@luks_type}"
|
208
|
+
end
|
209
|
+
end
|
210
|
+
|
211
|
+
# Root can decrypt the /home or other devs
|
212
|
+
class Root < Main
|
213
|
+
def initialize(disk, options)
|
214
|
+
super
|
215
|
+
@luks_type = 'luks2'
|
216
|
+
@key_dir = '/boot'
|
217
|
+
@key_name = 'root.key'
|
218
|
+
@luks = options[:luks_name]
|
219
|
+
@luks_name = "root-#{@luks}"
|
220
|
+
@mount = '/'
|
221
|
+
@command_args = "--type #{@luks_type}"
|
222
|
+
@bootloader = false
|
223
|
+
end
|
224
|
+
end
|
225
|
+
|
226
|
+
class Home < Main
|
227
|
+
def initialize(disk, options)
|
228
|
+
super
|
229
|
+
@luks_type = 'luks2'
|
230
|
+
@key_dir = '/root/keys'
|
231
|
+
@key_name = 'home.key'
|
232
|
+
@mount = '/home'
|
233
|
+
@command_args = "--type #{@luks_type}"
|
234
|
+
@luks = options[:luks_name]
|
235
|
+
@luks_name = "home-#{@luks}"
|
236
|
+
@bootloader = false
|
237
|
+
end
|
238
|
+
end
|
239
|
+
end
|
data/lib/lvm2.rb
ADDED
@@ -0,0 +1,112 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'getch/command'
|
4
|
+
|
5
|
+
module Lvm2
|
6
|
+
class Root
|
7
|
+
def initialize(devs, options)
|
8
|
+
@cache = options[:cache_disk] ||= nil
|
9
|
+
@root = devs[:root] ||= nil
|
10
|
+
@home = options[:home_disk] ||= nil
|
11
|
+
@vg = options[:vg_name] ||= 'vg1'
|
12
|
+
end
|
13
|
+
|
14
|
+
def x
|
15
|
+
load_datas
|
16
|
+
pv_create
|
17
|
+
vg_create
|
18
|
+
lv_setup
|
19
|
+
enable_lvs
|
20
|
+
end
|
21
|
+
|
22
|
+
protected
|
23
|
+
|
24
|
+
def load_datas
|
25
|
+
@path_root = "/dev/#{@root}"
|
26
|
+
@path_cache = "/dev/#{@cache}"
|
27
|
+
@path_home = "/dev/#{@home}"
|
28
|
+
end
|
29
|
+
|
30
|
+
def pv_create
|
31
|
+
devs = [ @path_root ]
|
32
|
+
@cache && devs << @path_cache
|
33
|
+
@home && devs << @path_home
|
34
|
+
devs.each { |d| d && add_pv(d) }
|
35
|
+
end
|
36
|
+
|
37
|
+
def vg_create
|
38
|
+
devs = [ @path_root ]
|
39
|
+
@cache && devs << @path_cache
|
40
|
+
@home && devs << @path_home
|
41
|
+
add_vg devs
|
42
|
+
end
|
43
|
+
|
44
|
+
def lv_setup
|
45
|
+
@cache ? add_swap(@path_cache) : add_swap
|
46
|
+
add_lv_root
|
47
|
+
@home ? add_home(@path_home) : add_home
|
48
|
+
end
|
49
|
+
|
50
|
+
def enable_lvs
|
51
|
+
lvchange_y 'home'
|
52
|
+
lvchange_y 'swap'
|
53
|
+
lvchange_y 'root'
|
54
|
+
end
|
55
|
+
|
56
|
+
private
|
57
|
+
|
58
|
+
def add_pv(dev)
|
59
|
+
File.exist? dev || @log.fatal("add_pv - no #{dev} exist.")
|
60
|
+
|
61
|
+
Getch::Command.new('pvcreate', '-f', dev)
|
62
|
+
end
|
63
|
+
|
64
|
+
def add_vg(*devs)
|
65
|
+
Getch::Command.new('vgcreate', '-f', @vg, devs.join(' '))
|
66
|
+
end
|
67
|
+
|
68
|
+
def add_swap(dev = nil)
|
69
|
+
mem = Getch::Helpers.get_memory
|
70
|
+
lvcreate('-L', mem, '-n', 'swap', @vg, dev)
|
71
|
+
end
|
72
|
+
|
73
|
+
# if home is available, we use the whole space.
|
74
|
+
def add_lv_root
|
75
|
+
@home ?
|
76
|
+
@root.match?(/[0-9]/) ? add_root : add_root(nil, @path_root) :
|
77
|
+
@root.match?(/[0-9]/) ? add_root('16G') : add_root('16G', @path_root)
|
78
|
+
end
|
79
|
+
|
80
|
+
def add_root(size = nil, dev = nil)
|
81
|
+
arg_size = size ? "-L #{size}" : '-l 100%FREE'
|
82
|
+
lvcreate(arg_size, '-n', 'root', @vg, dev)
|
83
|
+
end
|
84
|
+
|
85
|
+
def add_home(dev = nil)
|
86
|
+
lvcreate('-l', '100%FREE', '-n', 'home', @vg, dev)
|
87
|
+
end
|
88
|
+
|
89
|
+
def lvcreate(*args)
|
90
|
+
Getch::Command.new('lvcreate', '-y', '-Wy', '-Zy', args)
|
91
|
+
end
|
92
|
+
|
93
|
+
def lvchange_y(name)
|
94
|
+
return if File.exist? "/dev/#{@vg}/#{name}"
|
95
|
+
|
96
|
+
Getch::Command.new('lvchange', '-ay', "/dev/#{@vg}/#{name}")
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
class Hybrid < Root
|
101
|
+
def initialize(devs, options)
|
102
|
+
super
|
103
|
+
@luks = options[:luks_name]
|
104
|
+
end
|
105
|
+
|
106
|
+
def load_datas
|
107
|
+
@path_root = "/dev/mapper/root-#{@luks}"
|
108
|
+
@path_cache = "/dev/mapper/cache-#{@luks}"
|
109
|
+
@path_home = "/dev/mapper/home-#{@luks}"
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|