getch 0.1.9 → 0.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 46439ee6483306d467923074b461ad5df9d9f7a9a32981936952b586e85173f9
-  data.tar.gz: e4232a6832086eafb46e9f29da73b461762c65c6232071cf2854c9ddb7680e2f
+  metadata.gz: 6e6d53101249982f83b05a372decd08d8967c52fc952b930dff7bf4d6c31634f
+  data.tar.gz: 3410eab0dff20d434691e6ddb7e5f8279c6a2eb70e4d675ac5791932638cb614
 SHA512:
-  metadata.gz: 8689b833a86f39c1b5a310ed193e588399fed86384012015f04251d39175e3bd6121a7f65540086fc1556f831017a6d56467a3325ec29f78651295adcdd3ed23
-  data.tar.gz: ac28be3804fddb3f995a8b86c438d447216547078855ca103ac4151a038934a9e7369a8a96500165b14ca38fdcac6ece31bbb5a1324e036b553ad76a0f456621
+  metadata.gz: d96be1666a606ef3eacd482bc539e75612844cf83406095113566901c42834e3e604d23908bbd87ab41b830c6fd1d6381a3ae36f04122c0b184dbebba192f0f8
+  data.tar.gz: 9ff7cb0caa78084a6bc04a6e72acec5c582e17191473583ffd0fcf9401e9275b9ae8ed9e59f68e49be0a4477f78b941348bba550c7b3d6e99b7181725b08bad9

data/CHANGELOG.md

@@ -0,0 +1,132 @@
+## 0.3.2, release 2022-10-01
+* Support disk with a sector size of 512.
+* Support vdx disk.
+
+## 0.3.0, release 2022-02-17
+* Gentoo with musl use an additional repo https://github.com/gentoo/musl.git.
+* Gentoo use the kernel `sys-kernel/gentoo-kernel-bin` to install more quickly.
+* No more need to enter password twice with Grub and encrypted system.
+* Can restart the whole installation from scratch with the option `--restart`
+* ZFS create pool with disk id `/dev/disk/by-id`.
+* New option `--lvm` instead of `-f lvm`.
+* Rename option `-z | --zoneinfo` for `-t | --timezone`. Default use `UTC`.
+* Use a generic hostname `host` rather than '{os}-hatch-{randomID}'
+* Musl can be installed with the `--musl` option.
+* Use colors in the script, look better.
+
+## 0.1.9, release 2022-01-26
+* Gentoo use now the kernel `sys-kernel/gentoo-kernel` [project](https://wiki.gentoo.org/wiki/Project:Distribution_Kernel), updates are automatic.
+* Correct the download of the `rootfs tarball` for VoidLinux.
+* ZFS now import pool by ID.
+* ZFS use the cmdline `zfs_arc_max` to limit the max Memory used.
+* Gentoo and Void use `Dracut`, remove `Genkernel`.
+* Gentoo use PAM sha512 with `libpwquality` for the authentication.
+* Add the code linter Rubocop, correct around 1.5k lines of code.
+
+## 0.1.6, release 2021-06-30
++ Getch can also install [Void Linux](https://voidlinux.org/).
++ New option `-o|--os NAME`, work only with NAME = gentoo | void.
++ ZFS write the hostid with `zgenhostid $(hostid)`
++ Add a systctl.conf to enforce TCP/IP stack hardened.
++ README improved.
++ More close of the community standard [github](https://github.com/szorfein/getch/community).
+
+## 0.1.4, release 2021-06-20
+* Install `iptables` by default.
+* Control input for options `--disk`, `--format`, `--zoneinfo`, `--keymap`.
+* Add a `/etc/portage/bashrc` to automatically signing kernel modules with `emerge`.
+* Now clean properly another disk used with option `--separate-x DISK`.
+* For ZFS, use `blockdev --getpbsz` to find correct bloc (sector) size.
+* Populate `/etc/modules-load.d/` with modules found with `lsmod` (only few wifi's, flash usb related (ehci, ohci, xhci, etc)).
+* Remove the package `dev-util/dwarves`.
+
+## 0.1.3, release 2021-05-17
+* LVM use the format /dev/vg_name/lv_name for mount/format/fstab.
+* Stop using `euse` from `gentoolkit`, use native Ruby code here.
+* Optimization on package installation, they shouln't be installed more than once.
+* Regroup use flags under Getch::Gentoo::UseFlag.
+* Upd Bask v0.5 (zstd compression, better support for wifi...)
+* Config for systemd-resolved, enable DNS over TLS with Quad9 (9.9.9.9)
+* Add configs for systemd-network with DHCP for wifi and ethernet.
+* Correct permissions (/home/[user] and /etc/portage)
+
+## 0.1.2, release 2021-05-12
+* DOCS update.
+* Keep Nano for those who need :)
+* ZFS use the last version >=2.0 with kernel stable =5.10
+* ZFS create a Log device and Cache device if getch is used with `--separate-cache`.
+* GRUB or Systemd-boot can now be installed on separate disk with `--separate-boot`.
+* Adding flag for ZFS `-o autotrim=on` (used with `zpool create`).
+* Encrypted swap use: `cipher=aes-xts-plain64:sha256,size=512` by default.
+* In the make.conf: add `-fomit-frame-pointer`, designed to reduce generated code size.
+
+## 0.1.1, release 2020-11-01
+* Change mountpoint for the esp at /efi rather than /boot/efi
+* Replace Garden by Bask https://github.com/szorfein/bask
+* Correct option --username USERNAME, do not create a new partition.
+* New set of options --separate-{boot,cache,home} to install them on another disk
+* Refactor codes
+* Add cpu name to COMMON_FLAGS
+* Add cpuflags with app-portage/cpuid2cpuflags
++ Use the whole disk space available for / when option --username is unset
+
+## 0.1.0, release 2020-10-15
+* Add the (Zeta) filesystem ZFS
+* `emerge --depclean` to save space.
+* Add a message when getch have finish, keep /mnt/gentoo if you need to add something.
+* Use systemd-detect-virt to detect a Virtual Guest.
+
+## 0.0.9, release 2020-10-03
+* Add encryption on ext4 and lvm (BIOS,UEFI)
+* Correct KEYMAP="yes" with genkernel
+* Renaming option keyboard with keymap
+* GPG verification for ebuild
+
+## 0.0.8, release 2020-09-30
+* Adding LVM via the option fs, `--fs lvm`.
+* Systemd-boot use the value of PARTUUID without initramfs.
+* Include lib logger.
+* Enhance functions to call program system Emerge, Make, ...
+
+## 0.0.7, release 2020-09-22
+* Correct fstab.
+* Repair GRUB/fstab for BIOS system, add secure cmdline.
+* Create a swap volume equal to the memory installed.
+* Add vim and sudo
+
+## 0.0.6, release 2020-09-19
+* Add support for QEMU guest with KVM and Virtio driver
+* Kernel compilation, initialize a config file with `make localyesconfig`.
+* More modular codes to start with encryption and other filesystems.
+* Add the new option --verbose to display output of compilation, etc...
+
+## 0.0.5, release 2020-09-17
+* Generate a hostname
+* Configure systemd-boot for UEFI system
+
+## 0.0.4, release 2020-09-16
+* Boot on a BIOS system with VirtualBox
+* Install Grub
+* Create user
+* Create passwd for root and user
+* Check lsmod to install deps (like wpa_supplicant) and patch the kernel
+
+## 0.0.3, release 2020-09-14
+* Add dhcpcd, gentoo-sources, linux-firmware
+* Kernel build by using https://github.com/szorfein/garden
+* Populate /etc/portage (/etc/portage/package.{use,unmask,accept_keywords}/zzz_via_autounmask)
+* Download all the lastest ebuild via emerge-webrsync
+* Update gentoo via emerge -uDN @world
+
+## 0.0.2, release 2020-09-12
+* Getch genere a file /tmp/install_gentoo to avoid to remake same task over and over
+* Support for ext4
+* Mount partition on /mnt/gentoo during the install
+* Download, verify the checksum and decompress the last stage3-amd64-systemd
+
+## 0.0.1, release 2020-09-10
+* Partition disk (at least 15G required) with sgdisk (create /boot, /, /home, and swap)
+* Support for one disk with -d|--disk
+* Add few options for the CLI
+* Add bin/setup.sh to install ruby when boot on a ISO file
+* Init project

data/LICENSE

@@ -0,0 +1,10 @@
+MIT License
+
+Copyright (c) 2022 szorfein
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.md

@@ -6,7 +6,7 @@
 [![Gem Version](https://badge.fury.io/rb/getch.svg)](https://badge.fury.io/rb/getch)
 ![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/getch/Rubocop/develop)
 [![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
-![GitHub](https://img.shields.io/github/license/szorfein/ardecy)
+![GitHub](https://img.shields.io/github/license/szorfein/getch)
 
 </div>
 
@@ -22,11 +22,12 @@ Hardened System:
 + sysctl.conf with TCP/IP stack hardening and more [Arch](https://wiki.archlinux.org/title/Sysctl)
 + Kernel parameters enforced (dmesg restricted, kexec disabled, etc)
 + Kernel source (Gentoo) patched with [bask](https://github.com/szorfein/bask).
++ Musl optionnal
 
 ## Description
-Actually, Getch support only the `x86_64` architecture and only with the following archives:
-+ **Gentoo**: `stage3-amd64-systemd` [Gentoo](https://www.gentoo.org/downloads/).
-+ **Void**: `rootfs glibc` [Void](https://voidlinux.org/download/).
+Actually, Getch support only the `x86_64` architecture with the following archives:
++ **Gentoo**: `stage3-amd64-systemd` or `stage3-amd64-musl` [Gentoo](https://www.gentoo.org/downloads/).
++ **Void**: `rootfs tarball glibc` or `rootfs tarball musl` [Void](https://voidlinux.org/download/).
 
 Filesystem supported (with or without encryption)
 + Ext4
@@ -34,13 +35,15 @@ Filesystem supported (with or without encryption)
 + ZFS
 
 Boot Manager:
-+ **Gentoo**: `BIOS` will use `Grub2` and `systemd-boot` for `UEFI`.
-+ **Void**: use only Grub2, encryption for the root fs use luks1.
++ **Gentoo**: `BIOS` and `musl` will use `Grub2` and `systemd-boot` for `UEFI`.
++ **Void**: use only Grub2.
 
 The ISO images i was able to test and that works:
 + [Archlinux](https://www.archlinux.org/download/)
 + [Archaeidae](https://github.com/szorfein/archaeidae): Custom Archiso that includes ZFS support.
 
+You can also use your current `linux` host, just pay attention to the disk that will be used.  
+
 ## Dependencies
 Getch is build without external libs, so it only require `ruby >= 2.5`.
 
@@ -71,11 +74,11 @@ For a french user:
 
 Install Gentoo on LVM and use a different root disk `/dev/sdc`
 
-    # getch --format lvm --disk sdc
+    # getch --format ext4 --lvm --disk sdc
 
 Encrypt your disk with LVM with a french keymap
 
-    # getch --format lvm --encrypt --keymap fr
+    # getch --format ext4 --lvm --encrypt --keymap fr
 
 Encrypt with ext4 and create a new user `ninja`:
 
@@ -85,9 +88,9 @@ With ZFS, if used with `--encrypt`, it use the native ZFS encryption:
 
     # getch --format zfs
 
-With `Void Linux`:
+With `Void Linux` and `Musl` enable:
 
-    # getch --os void --encrypt -k fr
+    # getch --os void --encrypt -k fr --musl
 
 ## Troubleshooting
 
@@ -98,33 +101,36 @@ If a old volume group exist, `getch` may fail to partition your disk. You have t
     # vgremove -f vg0
     # pvremove -f /dev/sdb
 
-#### Encryption enable on BIOS with ext4
-To decrypt your disk on BIOS system, you have to enter your password twice. One time for Grub and another time for Genkernel. [post](https://wiki.archlinux.org/index.php/GRUB#Encrypted_/boot).  
-Also with GRUB, only a `us` keymap is working.
+#### Encryption with GRUB
+To decrypt your disk on GRUB, only the `us` keymap is working for now.
 
-#### ZFS for Void Linux - Enable the boot pool
-You have some extras step to do after booting to enable the boot pool, you need this pool when you update your system. It's used mainly by Grub and Dracut.
-By default, your /boot is empty because your boot pool is not imported...
+#### ZFS with Grub
+By default, if you use ZFS with `musl` or `voidlinux` the `/boot` partition is not mounted automatically, so before an update, mout the partition.
 
-    # zpool import -f -d /dev/disk/by-id -N bpool-150ed
-    # zfs mount bpool-150ed/BOOT/void
+    # zpool status
+    # zfs mount bpool/BOOT/void
     # ls /boot
 
-You should see something in the boot (initramfs, vmlinuz).. Recreate the initramfs.
-
-    # xbps-reconfigure -fa
-
-Make the `bpool` available at the boot:
-
-    # zfs set canmount=on bpool-150ed/BOOT/void
+#### ZFS with and without encryption
+First time on ZFS after 5min
 
-And reboot, the `/boot` partition should be mounted automatically after that.
+```txt
+dracut Warning: /dev/disk/by-uuid/<DISK> does not exist
+```
 
-#### ZFS Encrypted with Void
-Well, another weird issue, the first time you boot on your encrypted pool, nothing append. Dracut try to mount inexistent device. Just wait for enter in the shell:
+Dracut try to mount inexistent device. Just wait for enter in the shell and remove the disk uuid from `/lib/dracut/hooks/initqueue/finished/`
 
     # ls /lib/dracut/hooks/initqueue/finished/*
     # rm /lib/dracut/hooks/initqueue/finished/dev*
     # exit
 
-Dracut should finally start `mount-zfs.sh` and ask for your password. After you first login, follow instructions above for recompile the initramfs and mount the boot pool and your good.
+Dracut should finally start `mount-zfs.sh` and ask for a password if encrypted. After you first login, mount the `/boot` partition and recompile the initramfs and your good.
+
++ For Gentoo: `emerge --config sys-kernel/gentoo-kernel-bin`
++ For Voidlinux: `xbps-reconfigure -fa`
+
+If it doesn't work, try to start script manually (always in the shell):
+
+    # . /lib/dracut/hooks/mount/98-mount-zsh.sh
+    # . /lib/dracut/hooks/mount/99-mount-root.sh
+    # exit

data/bin/getch

@@ -3,15 +3,17 @@
 require 'getch'
 
 getch = Getch::Main.new(
-  :cli => Getch::Options.new(ARGV)
+  cli: Getch::Options.new(ARGV)
 )
 
 getch.resume
 
-getch.partition
-getch.format
-getch.mount
+getch.prepare_disk
 
-getch.install
+getch.install_system
 
-getch.configure
+getch.terraform
+
+getch.bootloader
+
+getch.finalize

data/getch.gemspec

@@ -0,0 +1,31 @@
+require File.dirname(__FILE__) + '/lib/getch/version'
+
+Gem::Specification.new do |s|
+  s.name = 'getch'
+  s.version = Getch::VERSION
+  s.platform = Gem::Platform::RUBY
+  s.summary = 'A CLI tool to install Gentoo or VoidLinux.'
+  s.author = 'szorfein'
+  s.email = ['szorfein@protonmail.com']
+  s.homepage = 'https://github.com/szorfein/getch'
+  s.metadata = {
+    'source_code_uri' => 'https://github.com/szorfein/getch',
+    'changelog_uri' => 'https://github.com/szorfein/getch/blob/master/CHANGELOG.md',
+    'bug_tracker_uri' => 'https://github.com/szorfein/getch/issues',
+    'wiki_uri' => 'https://github.com/szorfein/getch'
+  }
+  s.license = 'MIT'
+  s.required_ruby_version = '>= 2.5.0'
+
+  s.files = Dir.glob('{assets,lib}/**/*', File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
+
+  s.files += %w[CHANGELOG.md LICENSE README.md]
+  s.files += %w[getch.gemspec]
+
+  s.bindir = 'bin'
+  s.executables << 'getch'
+  s.require_paths = ['lib']
+
+  s.cert_chain  = ['certs/szorfein.pem']
+  s.signing_key = File.expand_path('~/.ssh/gem-private_key.pem')
+end

data/lib/clean.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+require 'nito'
+require_relative 'getch/command'
+require_relative 'getch/log'
+
+class Clean
+  include NiTo
+
+  def initialize(args)
+    @root = args[:disk] ||= nil
+    @boot = args[:boot_disk] ||= nil
+    @home = args[:home_disk] ||= nil
+    @cache = args[:cache_disk] ||= nil
+    @vg = args[:vg_name] ||= nil
+    @luks = args[:luks_name] ||= nil
+    @zfs = args[:zfs_name] ||= 'pool'
+    @log = Getch::Log.new
+    @mountpoint = args[:mountpoint] ||= '/mnt/getch'
+  end
+
+  def x
+    umount_all
+    swap_off
+    disable_lvs
+    cryptsetup_close
+    old_zfs
+    old_lvm
+    zap_all @root, @boot, @home, @cache
+    wipe_all @root, @boot, @home, @cache
+    dd
+  end
+
+  protected
+
+  def umount_all
+    paths = []
+    File.open('/proc/mounts').each do |l|
+      tmp = l.split(' ') if l =~ /#{@mountpoint}/
+      tmp && paths << tmp[1]
+    end
+    paths.each { |p| umount_r p }
+    umount '/tmp/boot'
+  end
+
+  def swap_off
+    swapoff @root
+    File.exist?("/dev/#{@vg}/swap") && swapoff_dm("#{@vg}-swap")
+  end
+
+  def disable_lvs
+    lvchange_n 'home'
+    lvchange_n 'swap'
+    lvchange_n 'root'
+  end
+
+  def cryptsetup_close
+    close "boot-#{@luks}"
+    close "root-#{@luks}"
+    close "home-#{@luks}"
+  end
+
+  def old_zfs
+    return unless File.exist? '/usr/bin/zpool'
+
+    destroy_zpool "b#{@zfs}"
+    destroy_zpool "r#{@zfs}"
+    cmd "rm -rf #{@mountpoint}/*" if Dir.exist? @mountpoint
+  end
+
+  def destroy_zpool(name)
+    if system("zpool list | grep #{name}")
+      cmd "zpool destroy -f #{name}"
+    end
+  end
+
+  def old_lvm
+    lvm = `lvs | grep #{@vg}`
+    lvm.match?(/#{@vg}/) || return
+
+    vgremove
+    pvremove @root, @home, @cache
+  end
+
+  def zap_all(*devs)
+    devs.each { |d| zap(d) }
+  end
+
+  def wipe_all(*devs)
+    devs.each { |d| wipe(d) }
+  end
+
+  def dd
+    cmd "dd if=/dev/zero of=/dev/#{@root} bs=1M count=100"
+  end
+
+  private
+
+  def wipe(dev)
+    dev || return
+
+    cmd "wipefs --all /dev/#{dev}"
+  end
+
+  def umount_r(dir)
+    dir || return
+
+    cmd 'umount', '-R', dir if mount? dir
+  end
+
+  def zap(dev)
+    dev || return
+
+    cmd 'sgdisk', '-Z', "/dev/#{dev}"
+  end
+
+  def lvchange_n(name)
+    return unless File.exist? "/dev/#{@vg}/#{name}"
+
+    cmd 'lvchange', '-an', "/dev/#{@vg}/#{name}"
+  end
+
+  def close(name)
+    return unless File.exist? "/dev/mapper/#{name}"
+
+    cmd 'cryptsetup', 'close', name
+  end
+
+  def vgremove
+    cmd 'vgremove', '-y', @vg
+  end
+
+  def pvremove(*devs)
+    devs.each { |d| pvdel(d) }
+  end
+
+  def pvdel(dev)
+    dev || return
+
+    disk = dev[/[a-z]*/]
+    disk.match?(/[a-z]{3}/) || @log.fatal("pvdel - No disk #{dev} - #{disk}")
+
+    cmd 'pvremove', '-f', "/dev/#{disk}*"
+  end
+
+  def cmd(*args)
+    Getch::Command.new(args)
+  end
+end

data/lib/cryptsetup.rb

@@ -0,0 +1,132 @@
+require 'luks'
+
+class CryptSetup
+  def initialize(devs, options)
+    @boot = devs[:boot]
+    @root = devs[:root]
+    @home = devs[:home]
+    @swap = devs[:swap] ||= nil
+    @options = options
+    @luks = options[:luks_name]
+    @vg = options[:vg_name]
+    @fs = options[:fs] ||= 'ext4'
+    @mountpoint = options[:mountpoint] ||= '/mnt/getch'
+  end
+
+  def format
+    format_boot
+    format_root
+    format_home
+  end
+
+  def keys
+    add_boot_key
+    add_root_key
+    add_home_key
+  end
+
+  def configs
+    config_boot
+    config_root
+    config_home
+    config_swap
+  end
+
+  def swap_conf
+    config_swap
+  end
+
+  protected
+
+  def format_boot
+    luks = Luks::Boot.new(@boot, @options)
+    luks.encrypt
+    luks.open
+    luks.format
+    luks.mount
+  end
+
+  # if boot and root are on the same device, we encrypt root with a key
+  def format_root
+    if @boot.split(/[0-9]/) == @root.split(/[0-9]/)
+      root_with_key
+    else
+      root_with_pass
+    end
+  end
+
+  def format_home
+    @home || return
+
+    home_with_pass
+  end
+
+  def add_boot_key
+    luks = Luks::Boot.new(@boot, @options)
+    luks.external_key
+  end
+
+  # Alrealy used key if they have same disk
+  def add_root_key
+    return if @boot.split(/[0-9]/) == @root.split(/[0-9]/)
+
+    luks = Luks::Root.new(@root, @options)
+    luks.external_key
+  end
+
+  def add_home_key
+    @home || return
+
+    luks = Luks::Home.new(@home, @options)
+    luks.external_key
+  end
+
+  def config_boot
+    return if not @boot or @options[:fs] == 'zfs'
+
+    Luks::Boot.new(@boot, @options).write_config
+  end
+
+  def config_root
+    @root || return
+
+    Luks::Root.new(@root, @options).write_config
+  end
+
+  def config_home
+    @home || return
+
+    Luks::Home.new(@home, @options).write_config
+  end
+
+  def config_swap
+    uuid = @options[:lvm] ? '' : Getch::Helpers.uuid(@swap)
+    line = "swap-#{@luks}"
+    @options[:lvm] ?
+      line << " /dev/#{@vg}/swap" :
+      line << " UUID=#{uuid}"
+
+    line << " /dev/urandom swap,discard,cipher=aes-xts-plain64:sha256,size=512"
+    NiTo.echo_a "#{@mountpoint}/etc/crypttab", line
+  end
+
+  private
+
+  def root_with_key
+    luks = Luks::Root.new(@root, @options)
+    luks.encrypt_with_key
+    luks.open_with_key
+  end
+
+  def root_with_pass
+    luks = CryptSetup::Root.new(@root, @options)
+    luks.encrypt
+    luks.open
+  end
+
+  def home_with_pass
+    luks = CryptSetup::Home.new(@home, @options)
+    luks.encrypt
+    luks.open
+  end
+end