getch 0.1.9 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +35 -29
- data/bin/getch +8 -6
- data/lib/clean.rb +149 -0
- data/lib/cryptsetup.rb +132 -0
- data/lib/devs.rb +199 -0
- data/lib/dracut/encrypt.rb +36 -0
- data/lib/dracut/hybrid.rb +15 -0
- data/lib/dracut/lvm.rb +14 -0
- data/lib/dracut/minimal.rb +11 -0
- data/lib/dracut/root.rb +45 -0
- data/lib/dracut/zfs.rb +35 -0
- data/lib/dracut.rb +11 -0
- data/lib/fstab/encrypt.rb +44 -0
- data/lib/fstab/hybrid.rb +34 -0
- data/lib/fstab/lvm.rb +25 -0
- data/lib/fstab/minimal.rb +6 -0
- data/lib/fstab/root.rb +93 -0
- data/lib/fstab/zfs.rb +23 -0
- data/lib/fstab.rb +11 -0
- data/lib/getch/assembly.rb +150 -0
- data/lib/getch/command.rb +88 -128
- data/lib/getch/config/account.rb +39 -0
- data/lib/getch/config/dhcp.rb +104 -0
- data/lib/getch/config/grub.rb +42 -0
- data/lib/getch/config/iwd.rb +60 -0
- data/lib/getch/config/keymap.rb +78 -0
- data/lib/getch/config/locale.rb +96 -0
- data/lib/getch/config/portage.rb +90 -0
- data/lib/getch/config/pre_network.rb +37 -0
- data/lib/getch/config/timezone.rb +52 -0
- data/lib/getch/config/void.rb +0 -36
- data/lib/getch/config.rb +16 -37
- data/lib/getch/device.rb +67 -0
- data/lib/getch/filesystem/ext4/encrypt/config.rb +9 -71
- data/lib/getch/filesystem/ext4/encrypt/deps.rb +15 -25
- data/lib/getch/filesystem/ext4/encrypt/device.rb +11 -5
- data/lib/getch/filesystem/ext4/encrypt/format.rb +6 -15
- data/lib/getch/filesystem/ext4/encrypt/mount.rb +7 -11
- data/lib/getch/filesystem/ext4/encrypt/partition.rb +10 -76
- data/lib/getch/filesystem/ext4/encrypt/void.rb +0 -38
- data/lib/getch/filesystem/ext4/encrypt.rb +2 -1
- data/lib/getch/filesystem/ext4/hybrid/config.rb +27 -0
- data/lib/getch/filesystem/ext4/hybrid/deps.rb +55 -0
- data/lib/getch/filesystem/ext4/hybrid/device.rb +24 -0
- data/lib/getch/filesystem/ext4/hybrid/format.rb +23 -0
- data/lib/getch/filesystem/ext4/hybrid/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/hybrid/partition.rb +27 -0
- data/lib/getch/filesystem/{lvm/encrypt → ext4/hybrid}/void.rb +0 -39
- data/lib/getch/filesystem/ext4/hybrid.rb +19 -0
- data/lib/getch/filesystem/ext4/lvm/config.rb +25 -0
- data/lib/getch/filesystem/ext4/lvm/deps.rb +56 -0
- data/lib/getch/filesystem/ext4/lvm/device.rb +28 -0
- data/lib/getch/filesystem/ext4/lvm/format.rb +21 -0
- data/lib/getch/filesystem/ext4/lvm/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/lvm/partition.rb +28 -0
- data/lib/getch/filesystem/{lvm.rb → ext4/lvm.rb} +6 -4
- data/lib/getch/filesystem/ext4/minimal/config.rb +25 -0
- data/lib/getch/filesystem/ext4/{device.rb → minimal/deps.rb} +3 -1
- data/lib/getch/filesystem/ext4/minimal/device.rb +22 -0
- data/lib/getch/filesystem/ext4/minimal/format.rb +23 -0
- data/lib/getch/filesystem/ext4/minimal/mount.rb +21 -0
- data/lib/getch/filesystem/ext4/minimal/partition.rb +28 -0
- data/lib/getch/filesystem/ext4/minimal.rb +19 -0
- data/lib/getch/filesystem/ext4.rb +7 -7
- data/lib/getch/filesystem/zfs/encrypt/config.rb +10 -39
- data/lib/getch/filesystem/zfs/encrypt/deps.rb +4 -55
- data/lib/getch/filesystem/zfs/encrypt/device.rb +7 -51
- data/lib/getch/filesystem/zfs/encrypt/format.rb +6 -90
- data/lib/getch/filesystem/zfs/encrypt/mount.rb +16 -35
- data/lib/getch/filesystem/zfs/encrypt/partition.rb +6 -54
- data/lib/getch/filesystem/zfs/encrypt.rb +2 -1
- data/lib/getch/filesystem/zfs/minimal/config.rb +37 -0
- data/lib/getch/filesystem/zfs/minimal/deps.rb +126 -0
- data/lib/getch/filesystem/zfs/minimal/device.rb +24 -0
- data/lib/getch/filesystem/zfs/minimal/format.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal/mount.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal/partition.rb +23 -0
- data/lib/getch/filesystem/zfs/minimal.rb +19 -0
- data/lib/getch/filesystem/zfs.rb +1 -7
- data/lib/getch/filesystem.rb +0 -6
- data/lib/getch/gentoo/bootloader.rb +23 -44
- data/lib/getch/gentoo/finalize.rb +25 -0
- data/lib/getch/gentoo/post_config.rb +75 -0
- data/lib/getch/gentoo/pre_config.rb +37 -0
- data/lib/getch/gentoo/services.rb +18 -0
- data/lib/getch/gentoo/sources.rb +39 -33
- data/lib/getch/gentoo/tarball.rb +91 -0
- data/lib/getch/gentoo/terraform.rb +34 -0
- data/lib/getch/gentoo/update.rb +54 -0
- data/lib/getch/gentoo/use.rb +9 -6
- data/lib/getch/gentoo/use_flag.rb +17 -20
- data/lib/getch/gentoo.rb +9 -75
- data/lib/getch/guard.rb +2 -2
- data/lib/getch/helpers.rb +63 -115
- data/lib/getch/log.rb +87 -25
- data/lib/getch/options.rb +41 -11
- data/lib/getch/states.rb +28 -8
- data/lib/getch/tree.rb +56 -0
- data/lib/getch/version.rb +1 -1
- data/lib/getch/void/bootloader.rb +18 -0
- data/lib/getch/void/finalize.rb +31 -0
- data/lib/getch/void/post_config.rb +19 -0
- data/lib/getch/void/pre_config.rb +18 -0
- data/lib/getch/void/services.rb +18 -0
- data/lib/getch/void/{stage.rb → tarball.rb} +34 -14
- data/lib/getch/void/terraform.rb +28 -0
- data/lib/getch/void/update.rb +33 -0
- data/lib/getch/void.rb +9 -59
- data/lib/getch.rb +58 -90
- data/lib/luks.rb +239 -0
- data/lib/lvm2.rb +112 -0
- data/lib/mkfs/zfs.rb +167 -0
- data/lib/mkfs.rb +140 -0
- data/lib/mountfs.rb +154 -0
- data/lib/nito.rb +131 -0
- data/lib/sgdisk.rb +160 -0
- data.tar.gz.sig +0 -0
- metadata +83 -47
- metadata.gz.sig +0 -0
- data/lib/getch/config/gentoo.rb +0 -58
- data/lib/getch/filesystem/clean.rb +0 -58
- data/lib/getch/filesystem/device.rb +0 -63
- data/lib/getch/filesystem/ext4/config.rb +0 -62
- data/lib/getch/filesystem/ext4/deps.rb +0 -24
- data/lib/getch/filesystem/ext4/format.rb +0 -31
- data/lib/getch/filesystem/ext4/mount.rb +0 -26
- data/lib/getch/filesystem/ext4/partition.rb +0 -55
- data/lib/getch/filesystem/ext4/void.rb +0 -44
- data/lib/getch/filesystem/lvm/config.rb +0 -44
- data/lib/getch/filesystem/lvm/deps.rb +0 -44
- data/lib/getch/filesystem/lvm/device.rb +0 -45
- data/lib/getch/filesystem/lvm/encrypt/config.rb +0 -74
- data/lib/getch/filesystem/lvm/encrypt/deps.rb +0 -49
- data/lib/getch/filesystem/lvm/encrypt/device.rb +0 -48
- data/lib/getch/filesystem/lvm/encrypt/format.rb +0 -35
- data/lib/getch/filesystem/lvm/encrypt/mount.rb +0 -27
- data/lib/getch/filesystem/lvm/encrypt/partition.rb +0 -84
- data/lib/getch/filesystem/lvm/encrypt.rb +0 -18
- data/lib/getch/filesystem/lvm/format.rb +0 -32
- data/lib/getch/filesystem/lvm/mount.rb +0 -26
- data/lib/getch/filesystem/lvm/partition.rb +0 -72
- data/lib/getch/filesystem/lvm/void.rb +0 -46
- data/lib/getch/filesystem/mount.rb +0 -63
- data/lib/getch/filesystem/partition.rb +0 -85
- data/lib/getch/filesystem/zfs/config.rb +0 -43
- data/lib/getch/filesystem/zfs/deps.rb +0 -67
- data/lib/getch/filesystem/zfs/device.rb +0 -66
- data/lib/getch/filesystem/zfs/encrypt/void.rb +0 -97
- data/lib/getch/filesystem/zfs/format.rb +0 -117
- data/lib/getch/filesystem/zfs/mount.rb +0 -47
- data/lib/getch/filesystem/zfs/partition.rb +0 -69
- data/lib/getch/filesystem/zfs/void.rb +0 -81
- data/lib/getch/gentoo/boot.rb +0 -64
- data/lib/getch/gentoo/chroot.rb +0 -75
- data/lib/getch/gentoo/config.rb +0 -167
- data/lib/getch/gentoo/stage.rb +0 -73
- data/lib/getch/void/boot.rb +0 -84
- data/lib/getch/void/chroot.rb +0 -56
- data/lib/getch/void/config.rb +0 -90
@@ -0,0 +1,126 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'nito'
|
4
|
+
|
5
|
+
module Getch
|
6
|
+
module FileSystem
|
7
|
+
module Zfs
|
8
|
+
module Minimal
|
9
|
+
class Deps
|
10
|
+
include NiTo
|
11
|
+
|
12
|
+
def initialize
|
13
|
+
@mountpoint = OPTIONS[:mountpoint]
|
14
|
+
@zfs = OPTIONS[:zfs_name] ||= 'pool'
|
15
|
+
@os = OPTIONS[:os]
|
16
|
+
x
|
17
|
+
end
|
18
|
+
|
19
|
+
protected
|
20
|
+
|
21
|
+
def x
|
22
|
+
unstable_zfs
|
23
|
+
install_deps
|
24
|
+
hostid
|
25
|
+
zfs_mountpoint
|
26
|
+
sleep 6
|
27
|
+
zfs_set
|
28
|
+
zed_update_path
|
29
|
+
Log.new.fatal('zed - no pool') unless grep?("#{@mountpoint}/etc/zfs/zfs-list.cache/r#{@zfs}", "r#{@zfs}")
|
30
|
+
end
|
31
|
+
|
32
|
+
private
|
33
|
+
|
34
|
+
def zfs_set
|
35
|
+
Command.new("zfs set canmount=noauto b#{@zfs}/BOOT/#{@os}") if DEVS[:boot]
|
36
|
+
Command.new("zfs set canmount=noauto r#{@zfs}/ROOT/#{@os}")
|
37
|
+
Command.new("zpool set bootfs=r#{@zfs}/ROOT/#{@os} r#{@zfs}")
|
38
|
+
end
|
39
|
+
|
40
|
+
def unstable_zfs
|
41
|
+
return unless OPTIONS[:os] == 'gentoo'
|
42
|
+
|
43
|
+
conf = "#{@mountpoint}/etc/portage/package.accept_keywords/zfs"
|
44
|
+
data = [
|
45
|
+
'sys-fs/zfs-kmod',
|
46
|
+
'sys-fs/zfs'
|
47
|
+
]
|
48
|
+
File.write(conf, data.join("\n"), mode: 'w')
|
49
|
+
end
|
50
|
+
|
51
|
+
def install_deps
|
52
|
+
case OPTIONS[:os]
|
53
|
+
when 'gentoo' then Install.new('sys-fs/zfs')
|
54
|
+
when 'void' then Install.new('zfs')
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
# See: https://wiki.archlinux.org/index.php/ZFS#Using_zfs-mount-generator
|
59
|
+
def zfs_mountpoint
|
60
|
+
exec("zpool set cachefile=/etc/zfs/zpool.cache r#{@zfs}")
|
61
|
+
exec("zpool set cachefile=/etc/zfs/zpool.cache b#{@zfs}") if DEVS[:boot]
|
62
|
+
exec('ln -fs /usr/libexec/zfs/zed.d/history_event-zfs-list-cacher.sh /etc/zfs/zed.d/')
|
63
|
+
add_service
|
64
|
+
mkdir "#{@mountpoint}/etc/zfs/zfs-list.cache"
|
65
|
+
touch "#{@mountpoint}/etc/zfs/zfs-list.cache/b#{@zfs}" if DEVS[:boot]
|
66
|
+
touch "#{@mountpoint}/etc/zfs/zfs-list.cache/r#{@zfs}"
|
67
|
+
end
|
68
|
+
|
69
|
+
def zed_update_path
|
70
|
+
Dir.glob("#{@mountpoint}/etc/zfs/zfs-list.cache/*").each do |f|
|
71
|
+
Command.new('sed', '-Ei', "\"s|#{@mountpoint}/?|/|\"", f)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
def hostid
|
76
|
+
exec 'zgenhostid -f $(hostid)'
|
77
|
+
end
|
78
|
+
|
79
|
+
def add_service
|
80
|
+
systemd
|
81
|
+
openrc
|
82
|
+
runit
|
83
|
+
end
|
84
|
+
|
85
|
+
def systemd
|
86
|
+
Helpers.systemd? || return
|
87
|
+
|
88
|
+
exec('systemctl enable zfs-import-cache')
|
89
|
+
exec('systemctl enable zfs-import.target')
|
90
|
+
exec('systemctl enable zfs-zed.service')
|
91
|
+
exec('systemctl enable zfs.target')
|
92
|
+
fork_d('zed -F')
|
93
|
+
end
|
94
|
+
|
95
|
+
def openrc
|
96
|
+
Helpers.openrc? || return
|
97
|
+
|
98
|
+
exec('rc-update add zfs-import boot')
|
99
|
+
exec('rc-update add zfs-mount boot')
|
100
|
+
exec('rc-update add zfs-zed default')
|
101
|
+
fork_d('zed -F')
|
102
|
+
end
|
103
|
+
|
104
|
+
def runit
|
105
|
+
Helpers.runit? || return
|
106
|
+
|
107
|
+
exec('ln -fs /etc/sv/zed /etc/runit/runsvdir/default/')
|
108
|
+
fork_d('/etc/sv/zed/run')
|
109
|
+
end
|
110
|
+
|
111
|
+
def fork_d(cmd)
|
112
|
+
job = fork do
|
113
|
+
Getch::Chroot.new(cmd)
|
114
|
+
end
|
115
|
+
Process.detach(job)
|
116
|
+
puts
|
117
|
+
end
|
118
|
+
|
119
|
+
def exec(cmd)
|
120
|
+
Getch::Chroot.new(cmd)
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'devs'
|
4
|
+
|
5
|
+
module Getch
|
6
|
+
module FileSystem
|
7
|
+
module Zfs
|
8
|
+
module Minimal
|
9
|
+
class Device
|
10
|
+
def initialize
|
11
|
+
@args = { start: true, boot: true, swap: true, root: true }
|
12
|
+
x
|
13
|
+
end
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def x
|
18
|
+
Devs::Settings.new(@args, OPTIONS)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'mkfs'
|
4
|
+
|
5
|
+
module Getch
|
6
|
+
module FileSystem
|
7
|
+
module Zfs
|
8
|
+
module Minimal
|
9
|
+
class Format
|
10
|
+
def initialize
|
11
|
+
x
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def x
|
17
|
+
Mkfs::Zfs.new(DEVS, OPTIONS)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'mountfs'
|
4
|
+
|
5
|
+
module Getch
|
6
|
+
module FileSystem
|
7
|
+
module Zfs
|
8
|
+
module Minimal
|
9
|
+
class Mount
|
10
|
+
def initialize
|
11
|
+
x
|
12
|
+
end
|
13
|
+
|
14
|
+
def x
|
15
|
+
MountFs::Zfs.new(DEVS, OPTIONS)
|
16
|
+
#exec("zpool import -N -d #{@import} -R #{MOUNTPOINT} #{@pool_name}")
|
17
|
+
#exec("zpool import -f -N -d #{@import} -R #{MOUNTPOINT} #{@boot_pool_name}") if @dev_boot
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'sgdisk'
|
4
|
+
|
5
|
+
module Getch
|
6
|
+
module FileSystem
|
7
|
+
module Zfs
|
8
|
+
module Minimal
|
9
|
+
class Partition
|
10
|
+
def initialize
|
11
|
+
x
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def x
|
17
|
+
Sgdisk::Zfs.new(DEVS)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module FileSystem
|
5
|
+
module Zfs
|
6
|
+
module Minimal
|
7
|
+
def self.end
|
8
|
+
end
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
require_relative 'minimal/device'
|
15
|
+
require_relative 'minimal/partition'
|
16
|
+
require_relative 'minimal/format'
|
17
|
+
require_relative 'minimal/mount'
|
18
|
+
require_relative 'minimal/config'
|
19
|
+
require_relative 'minimal/deps'
|
data/lib/getch/filesystem/zfs.rb
CHANGED
@@ -7,11 +7,5 @@ module Getch
|
|
7
7
|
end
|
8
8
|
end
|
9
9
|
|
10
|
-
require_relative 'zfs/
|
11
|
-
require_relative 'zfs/partition'
|
12
|
-
require_relative 'zfs/format'
|
13
|
-
require_relative 'zfs/mount'
|
14
|
-
require_relative 'zfs/config'
|
15
|
-
require_relative 'zfs/deps'
|
16
|
-
require_relative 'zfs/void'
|
10
|
+
require_relative 'zfs/minimal'
|
17
11
|
require_relative 'zfs/encrypt'
|
data/lib/getch/filesystem.rb
CHANGED
@@ -5,11 +5,5 @@ module Getch
|
|
5
5
|
end
|
6
6
|
end
|
7
7
|
|
8
|
-
require_relative 'filesystem/device'
|
9
|
-
require_relative 'filesystem/clean'
|
10
|
-
require_relative 'filesystem/partition'
|
11
|
-
require_relative 'filesystem/mount'
|
12
|
-
|
13
8
|
require_relative 'filesystem/ext4'
|
14
|
-
require_relative 'filesystem/lvm'
|
15
9
|
require_relative 'filesystem/zfs'
|
@@ -1,67 +1,46 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Getch
|
4
4
|
module Gentoo
|
5
5
|
class Bootloader
|
6
6
|
def initialize
|
7
|
-
@pkgs = []
|
8
|
-
@class_fs = Getch.select_fs
|
9
|
-
@config = @class_fs::Config.new
|
10
|
-
@disk = Getch::OPTIONS[:boot_disk] ?
|
11
|
-
Getch::OPTIONS[:boot_disk] :
|
12
|
-
Getch::OPTIONS[:disk]
|
13
7
|
@esp = '/efi'
|
14
|
-
|
15
|
-
|
16
|
-
def start
|
17
|
-
@config.fstab
|
18
|
-
config_useflag
|
19
|
-
dependencies
|
20
|
-
install
|
21
|
-
@config.cmdline
|
22
|
-
end
|
23
|
-
|
24
|
-
def config_useflag
|
8
|
+
@boot = DEVS[:boot] ||= nil
|
9
|
+
@encrypt = OPTIONS[:encrypt] ||= false
|
25
10
|
end
|
26
11
|
|
27
12
|
# Dracut is used by sys-kernel/gentoo-kernel
|
28
13
|
def dependencies
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
@pkgs << 'efivar'
|
33
|
-
@pkgs << 'sys-kernel/installkernel-systemd-boot'
|
14
|
+
Install.new('app-shells/dash')
|
15
|
+
if Helpers.systemd? and Helpers.efi?
|
16
|
+
Log.new.info "Systemd-boot alrealy installed...\n"
|
34
17
|
else
|
35
|
-
|
36
|
-
@pkgs << 'sys-kernel/installkernel-gentoo' # for Grub
|
18
|
+
ChrootOutput.new('emerge --update --newuse sys-boot/grub')
|
37
19
|
end
|
38
20
|
end
|
39
21
|
|
40
22
|
def install
|
41
|
-
|
42
|
-
|
43
|
-
|
23
|
+
Helpers.grub? ?
|
24
|
+
Config::Grub.new :
|
25
|
+
bootctl
|
44
26
|
|
45
|
-
|
46
|
-
|
47
|
-
Getch::Chroot.new("bootctl --path #{@esp} install").run!
|
48
|
-
else
|
49
|
-
Getch::Chroot.new("grub-install /dev/#{@disk}").run!
|
50
|
-
end
|
27
|
+
#ChrootOutput.new('emerge --config sys-kernel/gentoo-kernel')
|
28
|
+
ChrootOutput.new('emerge --config sys-kernel/gentoo-kernel-bin')
|
51
29
|
end
|
52
30
|
|
53
|
-
def
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
Getch::Chroot.new("bootctl --path #{@esp} update").run!
|
58
|
-
else
|
59
|
-
puts ' => Updating grub...'
|
60
|
-
Getch::Chroot.new('grub-mkconfig -o /boot/grub/grub.cfg').run!
|
61
|
-
end
|
31
|
+
def bootctl
|
32
|
+
@boot ?
|
33
|
+
with_boot :
|
34
|
+
Chroot.new("bootctl --path #{@esp} install")
|
62
35
|
end
|
63
36
|
|
64
|
-
|
37
|
+
# We need to umount the encrypted /boot first
|
38
|
+
# https://github.com/systemd/systemd/issues/16151
|
39
|
+
def with_boot
|
40
|
+
boot = @encrypt ? '/dev/mapper/boot-luks' : "/dev/#{DEVS[:boot]}"
|
41
|
+
NiTo.umount "#{OPTIONS[:mountpoint]}/boot"
|
42
|
+
Chroot.new("bootctl --path #{@esp} install")
|
43
|
+
NiTo.mount boot, "#{OPTIONS[:mountpoint]}/boot"
|
65
44
|
end
|
66
45
|
end
|
67
46
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Getch
|
4
|
+
module Gentoo
|
5
|
+
class Finalize
|
6
|
+
def initialize
|
7
|
+
x
|
8
|
+
end
|
9
|
+
|
10
|
+
protected
|
11
|
+
|
12
|
+
def x
|
13
|
+
accounts
|
14
|
+
end
|
15
|
+
|
16
|
+
private
|
17
|
+
|
18
|
+
def accounts
|
19
|
+
account = Config::Account.new
|
20
|
+
account.root
|
21
|
+
account.new_user
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'nito'
|
4
|
+
|
5
|
+
module Getch
|
6
|
+
module Gentoo
|
7
|
+
class PostConfig
|
8
|
+
include NiTo
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
@make = "#{OPTIONS[:mountpoint]}/etc/portage/make.conf"
|
12
|
+
x
|
13
|
+
end
|
14
|
+
|
15
|
+
protected
|
16
|
+
|
17
|
+
def x
|
18
|
+
Getch::Config::Locale.new
|
19
|
+
Getch::Config::Keymap.new
|
20
|
+
Getch::Config::TimeZone.new
|
21
|
+
cpuflags
|
22
|
+
Gentoo::UseFlag.new
|
23
|
+
grub
|
24
|
+
end
|
25
|
+
|
26
|
+
protected
|
27
|
+
|
28
|
+
def cpuflags
|
29
|
+
conf = "#{OPTIONS[:mountpoint]}/etc/portage/package.use/00cpuflags"
|
30
|
+
Install.new('app-portage/cpuid2cpuflags')
|
31
|
+
cpuflags = Chroot.new('cpuid2cpuflags')
|
32
|
+
File.write(conf, "*/* #{cpuflags}\n")
|
33
|
+
end
|
34
|
+
|
35
|
+
def grub
|
36
|
+
grub_pc = Helpers.efi? ? 'GRUB_PLATFORMS="efi-64"' : 'GRUB_PLATFORMS="pc"'
|
37
|
+
echo_a "#{OPTIONS[:mountpoint]}/etc/portage/make.conf", grub_pc
|
38
|
+
end
|
39
|
+
|
40
|
+
# https://wiki.gentoo.org/wiki/Signed_kernel_module_support
|
41
|
+
def portage_bashrc
|
42
|
+
conf = "#{MOUNTPOINT}/etc/portage/bashrc"
|
43
|
+
content = %q{
|
44
|
+
function pre_pkg_preinst() {
|
45
|
+
# This hook signs any out-of-tree kernel modules.
|
46
|
+
if [[ "$(type -t linux-mod_pkg_preinst)" != "function" ]]; then
|
47
|
+
# The package does not seem to install any kernel modules.
|
48
|
+
return
|
49
|
+
fi
|
50
|
+
# Get the signature algorithm used by the kernel.
|
51
|
+
local module_sig_hash="$(grep -Po '(?<=CONFIG_MODULE_SIG_HASH=").*(?=")' "${KERNEL_DIR}/.config")"
|
52
|
+
# Get the key file used by the kernel.
|
53
|
+
local module_sig_key="$(grep -Po '(?<=CONFIG_MODULE_SIG_KEY=").*(?=")' "${KERNEL_DIR}/.config")"
|
54
|
+
module_sig_key="${module_sig_key:-certs/signing_key.pem}"
|
55
|
+
# Path to the key file or PKCS11 URI
|
56
|
+
if [[ "${module_sig_key#pkcs11:}" == "${module_sig_key}" && "${module_sig_key#/}" == "${module_sig_key}" ]]; then
|
57
|
+
local key_path="${KERNEL_DIR}/${module_sig_key}"
|
58
|
+
else
|
59
|
+
local key_path="${module_sig_key}"
|
60
|
+
fi
|
61
|
+
# Certificate path
|
62
|
+
local cert_path="${KERNEL_DIR}/certs/signing_key.x509"
|
63
|
+
# Sign all installed modules before merging.
|
64
|
+
find "${D%/}/${INSDESTTREE#/}/" -name "*.ko" -exec "${KERNEL_DIR}/scripts/sign-file" "${module_sig_hash}" "${key_path}" "${cert_path}" '{}' \;
|
65
|
+
}
|
66
|
+
}
|
67
|
+
|
68
|
+
f = File.new(conf, 'w')
|
69
|
+
f.write("#{content}\n")
|
70
|
+
f.chmod(0700)
|
71
|
+
f.close
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'nito'
|
4
|
+
|
5
|
+
module Getch
|
6
|
+
module Gentoo
|
7
|
+
class PreConfig
|
8
|
+
include NiTo
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
x
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def x
|
17
|
+
Getch::Config::Portage.new
|
18
|
+
Getch::Config::Locale.new
|
19
|
+
Getch::Config::PreNetwork.new
|
20
|
+
github
|
21
|
+
end
|
22
|
+
|
23
|
+
# Trouble to find host github
|
24
|
+
def github
|
25
|
+
github = check_ip 'github.com'
|
26
|
+
codeload = check_ip 'codeload.github.com'
|
27
|
+
echo_a "#{OPTIONS[:mountpoint]}/etc/hosts", "#{github} github.com"
|
28
|
+
echo_a "#{OPTIONS[:mountpoint]}/etc/hosts", "#{codeload} codeload.github.com"
|
29
|
+
end
|
30
|
+
|
31
|
+
def check_ip(host)
|
32
|
+
ip = `ping -c1 #{host}`.match(/\([0-9]*.[0-9]*.[0-9]*.[0-9]*\)/)
|
33
|
+
ip[0].tr('()','')
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/lib/getch/gentoo/sources.rb
CHANGED
@@ -1,86 +1,93 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'cmdline'
|
4
|
+
require 'nito'
|
4
5
|
|
5
6
|
module Getch
|
6
7
|
module Gentoo
|
7
8
|
class Sources
|
9
|
+
include NiTo
|
10
|
+
|
8
11
|
def initialize
|
12
|
+
@log = Log.new
|
9
13
|
@lsmod = `lsmod`.chomp
|
10
|
-
|
11
|
-
|
14
|
+
x
|
15
|
+
end
|
16
|
+
|
17
|
+
protected
|
18
|
+
|
19
|
+
def x
|
20
|
+
bask
|
21
|
+
gen_cmdline
|
22
|
+
grub_mkconfig
|
23
|
+
use_flags
|
24
|
+
make
|
12
25
|
end
|
13
26
|
|
14
27
|
def bask
|
15
|
-
|
28
|
+
@log.info "Kernel hardening...\n"
|
16
29
|
#Getch::Bask.new('10_kspp.config').cp
|
17
30
|
Getch::Bask.new('11-kspp-gcc.config').cp
|
18
31
|
Getch::Bask.new('12-kspp-x86_64.config').cp
|
19
32
|
#Getch::Bask.new('20-clipos.config').cp
|
20
|
-
|
33
|
+
Getch::Bask.new('30-grsecurity.config').cp
|
21
34
|
#Getch::Bask.new('40-kconfig-hardened.config').cp
|
22
35
|
Getch::Bask.new('50-blacklist.config').cp
|
23
36
|
Getch::Bask.new('51-blacklist-madaidans.config').cp
|
24
37
|
end
|
25
38
|
|
26
|
-
def configs
|
27
|
-
gen_cmdline
|
28
|
-
grub_mkconfig unless Helpers.efi?
|
29
|
-
end
|
30
|
-
|
31
39
|
def gen_cmdline
|
32
40
|
cmdline = CmdLine::Kernel.new(workdir: "#{MOUNTPOINT}/etc/kernel")
|
33
41
|
cmdline.main
|
34
42
|
end
|
35
43
|
|
36
44
|
def grub_mkconfig
|
37
|
-
|
45
|
+
return if Helpers.systemd? and Helpers.efi?
|
46
|
+
|
47
|
+
file = "#{OPTIONS[:mountpoint]}/etc/kernel/postinst.d/90-mkconfig.install"
|
38
48
|
content = <<~SHELL
|
39
49
|
#!/usr/bin/env sh
|
40
50
|
set -o errexit
|
51
|
+
|
52
|
+
if ! hash grub-mkconfig ; then
|
53
|
+
exit 0
|
54
|
+
fi
|
41
55
|
grub-mkconfig -o /boot/grub/grub.cfg
|
42
|
-
exit 0
|
43
56
|
SHELL
|
57
|
+
mkdir "#{OPTIONS[:mountpoint]}/etc/kernel/postinst.d"
|
44
58
|
File.write file, content
|
45
59
|
File.chmod 0755, file
|
46
60
|
end
|
47
61
|
|
62
|
+
def use_flags
|
63
|
+
use = Getch::Gentoo::Use.new('sys-kernel/gentoo-kernel')
|
64
|
+
use.add('hardened')
|
65
|
+
end
|
66
|
+
|
67
|
+
# https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Kernel#Alternative:_Using_distribution_kernels
|
48
68
|
def make
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
end
|
69
|
+
Helpers.systemd? ?
|
70
|
+
Install.new('sys-kernel/installkernel-systemd-boot') :
|
71
|
+
Install.new('sys-kernel/installkernel-gentoo')
|
72
|
+
|
73
|
+
#Install.new 'sys-kernel/gentoo-kernel'
|
74
|
+
Install.new 'sys-kernel/gentoo-kernel-bin'
|
56
75
|
end
|
57
76
|
|
58
77
|
def load_modules
|
59
|
-
|
78
|
+
wifi
|
60
79
|
flash_mod
|
61
80
|
end
|
62
81
|
|
63
82
|
private
|
64
83
|
|
65
|
-
def make_kernel
|
66
|
-
puts 'Compiling kernel sources'
|
67
|
-
Getch::Emerge.new('sys-kernel/gentoo-kernel').pkg!
|
68
|
-
is_kernel = Dir.glob("#{MOUNTPOINT}/boot/vmlinuz-*")
|
69
|
-
raise 'No kernel installed, compiling source fail...' if is_kernel == []
|
70
|
-
end
|
71
|
-
|
72
84
|
def ismatch?(arg)
|
73
85
|
@lsmod.match?(/#{arg}/)
|
74
86
|
end
|
75
87
|
|
76
|
-
def
|
88
|
+
def wifi
|
77
89
|
return unless ismatch?('cfg80211')
|
78
90
|
|
79
|
-
wifi_drivers
|
80
|
-
Getch::Emerge.new('net-wireless/iwd').pkg!
|
81
|
-
end
|
82
|
-
|
83
|
-
def wifi_drivers
|
84
91
|
conf = "#{MOUNTPOINT}/etc/modules-load.d/wifi.conf"
|
85
92
|
File.delete(conf) if File.exist? conf
|
86
93
|
|
@@ -101,7 +108,6 @@ SHELL
|
|
101
108
|
end
|
102
109
|
|
103
110
|
def module_load(name, file)
|
104
|
-
return unless name
|
105
111
|
return unless ismatch?(name)
|
106
112
|
|
107
113
|
File.write(file, "#{name}\n", mode: 'a')
|