getch 0.1.9 → 0.3.0

data/lib/getch/filesystem/zfs/minimal/deps.rb

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+require 'nito'
+
+module Getch
+  module FileSystem
+    module Zfs
+      module Minimal
+        class Deps
+          include NiTo
+
+          def initialize
+            @mountpoint = OPTIONS[:mountpoint]
+            @zfs = OPTIONS[:zfs_name] ||= 'pool'
+            @os = OPTIONS[:os]
+            x
+          end
+
+          protected
+
+          def x
+            unstable_zfs
+            install_deps
+            hostid
+            zfs_mountpoint
+            sleep 6
+            zfs_set
+            zed_update_path
+            Log.new.fatal('zed - no pool') unless grep?("#{@mountpoint}/etc/zfs/zfs-list.cache/r#{@zfs}", "r#{@zfs}")
+          end
+
+          private
+
+          def zfs_set
+            Command.new("zfs set canmount=noauto b#{@zfs}/BOOT/#{@os}") if DEVS[:boot]
+            Command.new("zfs set canmount=noauto r#{@zfs}/ROOT/#{@os}")
+            Command.new("zpool set bootfs=r#{@zfs}/ROOT/#{@os} r#{@zfs}")
+          end
+
+          def unstable_zfs
+            return unless OPTIONS[:os] == 'gentoo'
+
+            conf = "#{@mountpoint}/etc/portage/package.accept_keywords/zfs"
+            data = [
+              'sys-fs/zfs-kmod',
+              'sys-fs/zfs'
+            ]
+            File.write(conf, data.join("\n"), mode: 'w')
+          end
+
+          def install_deps
+            case OPTIONS[:os]
+            when 'gentoo' then Install.new('sys-fs/zfs')
+            when 'void' then Install.new('zfs')
+            end
+          end
+
+          # See: https://wiki.archlinux.org/index.php/ZFS#Using_zfs-mount-generator
+          def zfs_mountpoint
+            exec("zpool set cachefile=/etc/zfs/zpool.cache r#{@zfs}")
+            exec("zpool set cachefile=/etc/zfs/zpool.cache b#{@zfs}") if DEVS[:boot]
+            exec('ln -fs /usr/libexec/zfs/zed.d/history_event-zfs-list-cacher.sh /etc/zfs/zed.d/')
+            add_service
+            mkdir "#{@mountpoint}/etc/zfs/zfs-list.cache"
+            touch "#{@mountpoint}/etc/zfs/zfs-list.cache/b#{@zfs}" if DEVS[:boot]
+            touch "#{@mountpoint}/etc/zfs/zfs-list.cache/r#{@zfs}"
+          end
+
+          def zed_update_path
+            Dir.glob("#{@mountpoint}/etc/zfs/zfs-list.cache/*").each do |f|
+              Command.new('sed', '-Ei', "\"s|#{@mountpoint}/?|/|\"", f)
+            end
+          end
+
+          def hostid
+            exec 'zgenhostid -f $(hostid)'
+          end
+
+          def add_service
+            systemd
+            openrc
+            runit
+          end
+
+          def systemd
+            Helpers.systemd? || return
+
+            exec('systemctl enable zfs-import-cache')
+            exec('systemctl enable zfs-import.target')
+            exec('systemctl enable zfs-zed.service')
+            exec('systemctl enable zfs.target')
+            fork_d('zed -F')
+          end
+
+          def openrc
+            Helpers.openrc? || return
+
+            exec('rc-update add zfs-import boot')
+            exec('rc-update add zfs-mount boot')
+            exec('rc-update add zfs-zed default')
+            fork_d('zed -F')
+          end
+
+          def runit
+            Helpers.runit? || return
+
+            exec('ln -fs /etc/sv/zed /etc/runit/runsvdir/default/')
+            fork_d('/etc/sv/zed/run')
+          end
+
+          def fork_d(cmd)
+            job = fork do
+              Getch::Chroot.new(cmd)
+            end
+            Process.detach(job)
+            puts
+          end
+
+          def exec(cmd)
+            Getch::Chroot.new(cmd)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/zfs/minimal/device.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'devs'
+
+module Getch
+  module FileSystem
+    module Zfs
+      module Minimal
+        class Device
+          def initialize
+            @args = { start: true, boot: true, swap: true, root: true }
+            x
+          end
+
+          private
+
+          def x
+            Devs::Settings.new(@args, OPTIONS)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/zfs/minimal/format.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'mkfs'
+
+module Getch
+  module FileSystem
+    module Zfs
+      module Minimal
+        class Format
+          def initialize
+            x
+          end
+
+          private
+
+          def x
+            Mkfs::Zfs.new(DEVS, OPTIONS)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/zfs/minimal/mount.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'mountfs'
+
+module Getch
+  module FileSystem
+    module Zfs
+      module Minimal
+        class Mount
+          def initialize
+            x
+          end
+
+          def x
+            MountFs::Zfs.new(DEVS, OPTIONS)
+            #exec("zpool import -N -d #{@import} -R #{MOUNTPOINT} #{@pool_name}")
+            #exec("zpool import -f -N -d #{@import} -R #{MOUNTPOINT} #{@boot_pool_name}") if @dev_boot
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/zfs/minimal/partition.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'sgdisk'
+
+module Getch
+  module FileSystem
+    module Zfs
+      module Minimal
+        class Partition
+          def initialize
+            x
+          end
+
+          private
+
+          def x
+            Sgdisk::Zfs.new(DEVS)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/zfs/minimal.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Getch
+  module FileSystem
+    module Zfs
+      module Minimal
+        def self.end
+        end
+      end
+    end
+  end
+end
+
+require_relative 'minimal/device'
+require_relative 'minimal/partition'
+require_relative 'minimal/format'
+require_relative 'minimal/mount'
+require_relative 'minimal/config'
+require_relative 'minimal/deps'

data/lib/getch/filesystem/zfs.rb

@@ -7,11 +7,5 @@ module Getch
   end
 end
 
-require_relative 'zfs/device'
-require_relative 'zfs/partition'
-require_relative 'zfs/format'
-require_relative 'zfs/mount'
-require_relative 'zfs/config'
-require_relative 'zfs/deps'
-require_relative 'zfs/void'
+require_relative 'zfs/minimal'
 require_relative 'zfs/encrypt'

data/lib/getch/filesystem.rb

@@ -5,11 +5,5 @@ module Getch
   end
 end
 
-require_relative 'filesystem/device'
-require_relative 'filesystem/clean'
-require_relative 'filesystem/partition'
-require_relative 'filesystem/mount'
-
 require_relative 'filesystem/ext4'
-require_relative 'filesystem/lvm'
 require_relative 'filesystem/zfs'

data/lib/getch/gentoo/bootloader.rb

@@ -1,67 +1,46 @@
-# frozen_strin_literal: true
+# frozen_string_literal: true
 
 module Getch
   module Gentoo
     class Bootloader
       def initialize
-        @pkgs = []
-        @class_fs = Getch.select_fs
-        @config = @class_fs::Config.new
-        @disk = Getch::OPTIONS[:boot_disk] ?
-          Getch::OPTIONS[:boot_disk] :
-          Getch::OPTIONS[:disk]
         @esp = '/efi'
-      end
-
-      def start
-        @config.fstab
-        config_useflag
-        dependencies
-        install
-        @config.cmdline
-      end
-
-      def config_useflag
+        @boot = DEVS[:boot] ||= nil
+        @encrypt = OPTIONS[:encrypt] ||= false
       end
 
       # Dracut is used by sys-kernel/gentoo-kernel
       def dependencies
-        @pkgs << 'app-shells/dash'
-        @pkgs << 'sys-kernel/dracut'
-        if Helpers.efi?
-          @pkgs << 'efivar'
-          @pkgs << 'sys-kernel/installkernel-systemd-boot'
+        Install.new('app-shells/dash')
+        if Helpers.systemd? and Helpers.efi?
+          Log.new.info "Systemd-boot alrealy installed...\n"
         else
-          @pkgs << 'sys-boot/grub:2'
-          @pkgs << 'sys-kernel/installkernel-gentoo' # for Grub
+          ChrootOutput.new('emerge --update --newuse sys-boot/grub')
         end
       end
 
       def install
-        all_pkgs = @pkgs.join(' ')
-        Getch::Emerge.new(all_pkgs).pkg!
-      end
+        Helpers.grub? ?
+          Config::Grub.new :
+          bootctl
 
-      def setup
-        if Helpers.efi?
-          Getch::Chroot.new("bootctl --path #{@esp} install").run!
-        else
-          Getch::Chroot.new("grub-install /dev/#{@disk}").run!
-        end
+        #ChrootOutput.new('emerge --config sys-kernel/gentoo-kernel')
+        ChrootOutput.new('emerge --config sys-kernel/gentoo-kernel-bin')
       end
 
-      def update
-        Getch::Emerge.new('--config sys-kernel/gentoo-kernel').pkg!
-        if Helpers.efi?
-          puts ' => Updating systemd-boot...'
-          Getch::Chroot.new("bootctl --path #{@esp} update").run!
-        else
-          puts ' => Updating grub...'
-          Getch::Chroot.new('grub-mkconfig -o /boot/grub/grub.cfg').run!
-        end
+      def bootctl
+        @boot ?
+          with_boot :
+          Chroot.new("bootctl --path #{@esp} install")
       end
 
-      def config
+      # We need to umount the encrypted /boot first
+      # https://github.com/systemd/systemd/issues/16151
+      def with_boot
+        boot = @encrypt ? '/dev/mapper/boot-luks' : "/dev/#{DEVS[:boot]}"
+        NiTo.umount "#{OPTIONS[:mountpoint]}/boot"
+        Chroot.new("bootctl --path #{@esp} install")
+        NiTo.mount boot, "#{OPTIONS[:mountpoint]}/boot"
       end
     end
   end

data/lib/getch/gentoo/finalize.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Getch
+  module Gentoo
+    class Finalize
+      def initialize
+        x
+      end
+
+      protected
+
+      def x
+        accounts
+      end
+
+      private
+
+      def accounts
+        account = Config::Account.new
+        account.root
+        account.new_user
+      end
+    end
+  end
+end

data/lib/getch/gentoo/post_config.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'nito'
+
+module Getch
+  module Gentoo
+    class PostConfig
+      include NiTo
+
+      def initialize
+        @make = "#{OPTIONS[:mountpoint]}/etc/portage/make.conf"
+        x
+      end
+
+      protected
+
+      def x
+        Getch::Config::Locale.new
+        Getch::Config::Keymap.new
+        Getch::Config::TimeZone.new
+        cpuflags
+        Gentoo::UseFlag.new
+        grub
+      end
+
+      protected
+
+      def cpuflags
+        conf = "#{OPTIONS[:mountpoint]}/etc/portage/package.use/00cpuflags"
+        Install.new('app-portage/cpuid2cpuflags')
+        cpuflags = Chroot.new('cpuid2cpuflags')
+        File.write(conf, "*/* #{cpuflags}\n")
+      end
+
+      def grub
+        grub_pc = Helpers.efi? ? 'GRUB_PLATFORMS="efi-64"' : 'GRUB_PLATFORMS="pc"'
+        echo_a "#{OPTIONS[:mountpoint]}/etc/portage/make.conf", grub_pc
+      end
+
+      # https://wiki.gentoo.org/wiki/Signed_kernel_module_support
+      def portage_bashrc
+        conf = "#{MOUNTPOINT}/etc/portage/bashrc"
+        content = %q{
+function pre_pkg_preinst() {
+    # This hook signs any out-of-tree kernel modules.
+    if [[ "$(type -t linux-mod_pkg_preinst)" != "function" ]]; then
+        # The package does not seem to install any kernel modules.
+        return
+    fi
+    # Get the signature algorithm used by the kernel.
+    local module_sig_hash="$(grep -Po '(?<=CONFIG_MODULE_SIG_HASH=").*(?=")' "${KERNEL_DIR}/.config")"
+    # Get the key file used by the kernel.
+    local module_sig_key="$(grep -Po '(?<=CONFIG_MODULE_SIG_KEY=").*(?=")' "${KERNEL_DIR}/.config")"
+    module_sig_key="${module_sig_key:-certs/signing_key.pem}"
+    # Path to the key file or PKCS11 URI
+    if [[ "${module_sig_key#pkcs11:}" == "${module_sig_key}" && "${module_sig_key#/}" == "${module_sig_key}" ]]; then
+        local key_path="${KERNEL_DIR}/${module_sig_key}"
+    else
+        local key_path="${module_sig_key}"
+    fi
+    # Certificate path
+    local cert_path="${KERNEL_DIR}/certs/signing_key.x509"
+    # Sign all installed modules before merging.
+    find "${D%/}/${INSDESTTREE#/}/" -name "*.ko" -exec "${KERNEL_DIR}/scripts/sign-file" "${module_sig_hash}" "${key_path}" "${cert_path}" '{}' \;
+}
+        }
+
+        f = File.new(conf, 'w')
+        f.write("#{content}\n")
+        f.chmod(0700)
+        f.close
+      end
+    end
+  end
+end

data/lib/getch/gentoo/pre_config.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'nito'
+
+module Getch
+  module Gentoo
+    class PreConfig
+      include NiTo
+
+      def initialize
+        x
+      end
+
+      private
+
+      def x
+        Getch::Config::Portage.new
+        Getch::Config::Locale.new
+        Getch::Config::PreNetwork.new
+        github
+      end
+
+      # Trouble to find host github
+      def github
+        github = check_ip 'github.com'
+        codeload = check_ip 'codeload.github.com'
+        echo_a "#{OPTIONS[:mountpoint]}/etc/hosts", "#{github} github.com"
+        echo_a "#{OPTIONS[:mountpoint]}/etc/hosts", "#{codeload} codeload.github.com"
+      end
+
+      def check_ip(host)
+        ip = `ping -c1 #{host}`.match(/\([0-9]*.[0-9]*.[0-9]*.[0-9]*\)/)
+        ip[0].tr('()','')
+      end
+    end
+  end
+end

data/lib/getch/gentoo/services.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Getch
+  module Gentoo
+    class Services
+      def initialize
+        x
+      end
+
+      protected
+
+      def x
+        Config::Iwd.new
+        Config::Dhcp.new
+      end
+    end
+  end
+end

data/lib/getch/gentoo/sources.rb

@@ -1,86 +1,93 @@
 # frozen_string_literal: true
 
 require 'cmdline'
+require 'nito'
 
 module Getch
   module Gentoo
     class Sources
+      include NiTo
+
       def initialize
+        @log = Log.new
         @lsmod = `lsmod`.chomp
-        @class_fs = Getch::select_fs
-        @filesystem = @class_fs::Deps.new
+        x
+      end
+
+      protected
+
+      def x
+        bask
+        gen_cmdline
+        grub_mkconfig
+        use_flags
+        make
       end
 
       def bask
-        puts ' ==> Hardening kernel...'
+        @log.info "Kernel hardening...\n"
         #Getch::Bask.new('10_kspp.config').cp
         Getch::Bask.new('11-kspp-gcc.config').cp
         Getch::Bask.new('12-kspp-x86_64.config').cp
         #Getch::Bask.new('20-clipos.config').cp
-        #Getch::Bask.new('30-grsecurity.config').cp
+        Getch::Bask.new('30-grsecurity.config').cp
         #Getch::Bask.new('40-kconfig-hardened.config').cp
         Getch::Bask.new('50-blacklist.config').cp
         Getch::Bask.new('51-blacklist-madaidans.config').cp
       end
 
-      def configs
-        gen_cmdline
-        grub_mkconfig unless Helpers.efi?
-      end
-
       def gen_cmdline
         cmdline = CmdLine::Kernel.new(workdir: "#{MOUNTPOINT}/etc/kernel")
         cmdline.main
       end
 
       def grub_mkconfig
-        file = "#{MOUNTPOINT}/etc/kernel/install.d/90-mkconfig.install"
+        return if Helpers.systemd? and Helpers.efi?
+
+        file = "#{OPTIONS[:mountpoint]}/etc/kernel/postinst.d/90-mkconfig.install"
         content = <<~SHELL
 #!/usr/bin/env sh
 set -o errexit
+
+if ! hash grub-mkconfig ; then
+ exit 0
+fi
 grub-mkconfig -o /boot/grub/grub.cfg
-exit 0
 SHELL
+        mkdir "#{OPTIONS[:mountpoint]}/etc/kernel/postinst.d"
         File.write file, content
         File.chmod 0755, file
       end
 
+      def use_flags
+        use = Getch::Gentoo::Use.new('sys-kernel/gentoo-kernel')
+        use.add('hardened')
+      end
+
+      # https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Kernel#Alternative:_Using_distribution_kernels
       def make
-        if Getch::OPTIONS[:fs] == 'lvm' ||
-            Getch::OPTIONS[:fs] == 'zfs' ||
-            Getch::OPTIONS[:encrypt]
-          @filesystem.make
-        else
-          make_kernel
-        end
+        Helpers.systemd? ?
+          Install.new('sys-kernel/installkernel-systemd-boot') :
+          Install.new('sys-kernel/installkernel-gentoo')
+
+        #Install.new 'sys-kernel/gentoo-kernel'
+        Install.new 'sys-kernel/gentoo-kernel-bin'
       end
 
       def load_modules
-        install_wifi
+        wifi
         flash_mod
       end
 
       private
 
-      def make_kernel
-        puts 'Compiling kernel sources'
-        Getch::Emerge.new('sys-kernel/gentoo-kernel').pkg!
-        is_kernel = Dir.glob("#{MOUNTPOINT}/boot/vmlinuz-*")
-        raise 'No kernel installed, compiling source fail...' if is_kernel == []
-      end
-
       def ismatch?(arg)
         @lsmod.match?(/#{arg}/)
       end
 
-      def install_wifi
+      def wifi
         return unless ismatch?('cfg80211')
 
-        wifi_drivers
-        Getch::Emerge.new('net-wireless/iwd').pkg!
-      end
-
-      def wifi_drivers
         conf = "#{MOUNTPOINT}/etc/modules-load.d/wifi.conf"
         File.delete(conf) if File.exist? conf
 
@@ -101,7 +108,6 @@ SHELL
       end
 
       def module_load(name, file)
-        return unless name
         return unless ismatch?(name)
 
         File.write(file, "#{name}\n", mode: 'a')