getch 0.3.6 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +17 -2
- data/README.md +2 -2
- data/lib/cryptsetup.rb +11 -7
- data/lib/dracut/encrypt.rb +7 -1
- data/lib/dracut/root.rb +4 -5
- data/lib/fstab/encrypt.rb +4 -3
- data/lib/fstab/minimal.rb +1 -1
- data/lib/fstab/root.rb +7 -6
- data/lib/getch/assembly.rb +13 -12
- data/lib/getch/config/grub.rb +7 -2
- data/lib/getch/config/iwd.rb +10 -7
- data/lib/getch/config/portage.rb +2 -14
- data/lib/getch/config.rb +2 -1
- data/lib/getch/filesystem/ext4/encrypt/config.rb +1 -1
- data/lib/getch/filesystem/ext4/encrypt/void.rb +2 -2
- data/lib/getch/gentoo/bootloader.rb +12 -8
- data/lib/getch/gentoo/post_config.rb +2 -35
- data/lib/getch/gentoo/sources.rb +16 -21
- data/lib/getch/gentoo/tarball.rb +5 -1
- data/lib/getch/gentoo/terraform.rb +1 -0
- data/lib/getch/gentoo/use_flag.rb +8 -3
- data/lib/getch/gentoo.rb +1 -0
- data/lib/getch/guard.rb +13 -1
- data/lib/getch/helpers.rb +28 -17
- data/lib/getch/log.rb +9 -9
- data/lib/getch/tree.rb +8 -7
- data/lib/getch/version.rb +3 -1
- data/lib/getch/void/tarball.rb +8 -5
- data/lib/getch/void/terraform.rb +6 -2
- data/lib/getch/void.rb +1 -0
- data/lib/luks.rb +26 -24
- data.tar.gz.sig +0 -0
- metadata +24 -24
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c1d270a72b4141203d4c87045fb8cd7a3e8b69d82c498aabbce515ff0239113b
|
4
|
+
data.tar.gz: 4ccd0dd4ed00188edf5437541697de6164f9271142cd0aa30a40f18e7e9699b0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f3f97b45d1ff7dcc133581e52fc649700113965c489ff4e5a3fa68288ee9e639f6c83257792be80d50e0e1108e0e4aaba4e2ca6a8dc7009a597125ccb6fc0bd6
|
7
|
+
data.tar.gz: 51918b85d93dcc829faa8555eac990fe79a2eb0793df04b2d862a8b5aa6847ea175f5534eaf04ebb3534093d4a8a4b7db41d1c78fa9ec1a08f17db9dae89ff99
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/CHANGELOG.md
CHANGED
@@ -1,14 +1,29 @@
|
|
1
|
+
## 0.7.0, release 2023-12
|
2
|
+
* Add support for ssd disk `/dev/nvme*` #5
|
3
|
+
* System with systemd may need `systemd-machine-id-setup && systemctl restart systemd-networkd` after the first boot to make the dhcp works.
|
4
|
+
* Install of systemd/encrypt for Gentoo use GRUB instead of bootctl.
|
5
|
+
* Luks key if `--encrypt` are created earlier.
|
6
|
+
* Remove `noauto` and update arguments of fstab, this make futur system updates more easy.
|
7
|
+
* Correct lvm `OPTIONS[:lvm]`instead of the old `OPTIONS[:fs] == 'lvm'`.
|
8
|
+
|
9
|
+
## 0.5.0, release 2023-12
|
10
|
+
* Update Voidlinux url https://repo-default.voidlinux.org.
|
11
|
+
* Add global use="modules-sign" for Gentoo.
|
12
|
+
* makeopts on Gentoo use the value of `nproc`.
|
13
|
+
* Correct the install on Gentoo with systemd (kernel name and more).
|
14
|
+
* More rubocop style.
|
15
|
+
|
1
16
|
## 0.3.5, release 2022-11-21
|
2
17
|
* Tested on a live Ubuntu 22.10.
|
3
18
|
* Ensure `dracut.conf.d` exist before writing to it.
|
4
19
|
* Display the version with `-v`, `--version`.
|
5
20
|
|
6
21
|
## 0.3.4, release 2022-10-10
|
7
|
-
* Can work on a Live image of Voidlinux
|
22
|
+
* Can work on a Live image of Voidlinux.
|
8
23
|
|
9
24
|
## 0.3.3, release 2022-10-01
|
10
25
|
* Support disk with a sector size of 512.
|
11
|
-
* Support vdx disk.
|
26
|
+
* Support vdx disk (disk on virtualization).
|
12
27
|
|
13
28
|
## 0.3.0, release 2022-02-17
|
14
29
|
* Gentoo with musl use an additional repo https://github.com/gentoo/musl.git.
|
data/README.md
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
<br/>
|
5
5
|
|
6
6
|
[![Gem Version](https://badge.fury.io/rb/getch.svg)](https://badge.fury.io/rb/getch)
|
7
|
-
![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/getch/
|
7
|
+
![GitHub Workflow Status (branch)](https://img.shields.io/github/actions/workflow/status/szorfein/getch/rubocop-analysis.yml?branch=main)
|
8
8
|
[![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
|
9
9
|
![GitHub](https://img.shields.io/github/license/szorfein/getch)
|
10
10
|
|
@@ -35,7 +35,7 @@ Filesystem supported (with or without encryption)
|
|
35
35
|
+ ZFS
|
36
36
|
|
37
37
|
Boot Manager:
|
38
|
-
+ **Gentoo**: `BIOS` and `musl` will use `Grub2` and `systemd-boot` for `UEFI`.
|
38
|
+
+ **Gentoo**: `BIOS`, `crypted disk` and `musl` will use `Grub2` and `systemd-boot` for `UEFI`.
|
39
39
|
+ **Void**: use only Grub2.
|
40
40
|
|
41
41
|
The ISO images i was able to test and that works:
|
data/lib/cryptsetup.rb
CHANGED
@@ -1,5 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'luks'
|
2
4
|
|
5
|
+
# Used to interact with dmcrypt
|
3
6
|
class CryptSetup
|
4
7
|
def initialize(devs, options)
|
5
8
|
@boot = devs[:boot]
|
@@ -82,7 +85,7 @@ class CryptSetup
|
|
82
85
|
end
|
83
86
|
|
84
87
|
def config_boot
|
85
|
-
return if
|
88
|
+
return if !@boot || @options[:fs] == 'zfs'
|
86
89
|
|
87
90
|
Luks::Boot.new(@boot, @options).write_config
|
88
91
|
end
|
@@ -100,13 +103,14 @@ class CryptSetup
|
|
100
103
|
end
|
101
104
|
|
102
105
|
def config_swap
|
103
|
-
|
106
|
+
id = @options[:lvm] ? '' : Getch::Helpers.id(@swap)
|
104
107
|
line = "swap-#{@luks}"
|
105
|
-
@options[:lvm]
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
108
|
+
line << if @options[:lvm]
|
109
|
+
" /dev/#{@vg}/swap"
|
110
|
+
else
|
111
|
+
" /dev/disk/by-id/#{id}"
|
112
|
+
end
|
113
|
+
line << ' /dev/urandom swap,discard,cipher=aes-xts-plain64:sha256,size=512'
|
110
114
|
NiTo.echo_a "#{@mountpoint}/etc/crypttab", line
|
111
115
|
end
|
112
116
|
|
data/lib/dracut/encrypt.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Dracut
|
4
|
+
# configure dracut for encypted system
|
4
5
|
class Encrypt < Root
|
5
6
|
def initialize(devs, options)
|
6
7
|
@luks = options[:luks_name]
|
@@ -26,6 +27,11 @@ module Dracut
|
|
26
27
|
echo file, 'install_items+=" /boot/boot.key /boot/root.key /etc/crypttab "'
|
27
28
|
end
|
28
29
|
|
30
|
+
def others
|
31
|
+
file = "#{@mountpoint}/etc/dracut.conf.d/mods.conf"
|
32
|
+
echo file, 'add_dracutmodules+=" crypt "'
|
33
|
+
end
|
34
|
+
|
29
35
|
private
|
30
36
|
|
31
37
|
def get_dm_uuid(name)
|
data/lib/dracut/root.rb
CHANGED
@@ -1,9 +1,10 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'nito'
|
4
4
|
require_relative '../getch/log'
|
5
5
|
|
6
6
|
module Dracut
|
7
|
+
# base for other dracut child
|
7
8
|
class Root
|
8
9
|
include NiTo
|
9
10
|
|
@@ -37,10 +38,8 @@ module Dracut
|
|
37
38
|
echo file, "kernel_cmdline=\"#{line}\""
|
38
39
|
end
|
39
40
|
|
40
|
-
def get_line
|
41
|
-
end
|
41
|
+
def get_line; end
|
42
42
|
|
43
|
-
def others
|
44
|
-
end
|
43
|
+
def others; end
|
45
44
|
end
|
46
45
|
end
|
data/lib/fstab/encrypt.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Fstab
|
4
|
+
# configure fstab for encrypt
|
4
5
|
class Encrypt < Root
|
5
6
|
def initialize(devs, options)
|
6
7
|
super
|
@@ -12,7 +13,7 @@ module Fstab
|
|
12
13
|
|
13
14
|
dm = Getch::Helpers.get_dm "boot-#{@luks}"
|
14
15
|
uuid = gen_uuid dm
|
15
|
-
line = "UUID=#{uuid} /boot #{@fs}
|
16
|
+
line = "UUID=#{uuid} /boot #{@fs} defaults,nosuid,noexec,nodev 0 2"
|
16
17
|
echo_a @conf, line
|
17
18
|
end
|
18
19
|
|
@@ -28,7 +29,7 @@ module Fstab
|
|
28
29
|
|
29
30
|
dm = Getch::Helpers.get_dm "root-#{@luks}"
|
30
31
|
uuid = gen_uuid dm
|
31
|
-
line = "UUID=#{uuid} / #{@fs}
|
32
|
+
line = "UUID=#{uuid} / #{@fs} defaults 1 1"
|
32
33
|
echo_a @conf, line
|
33
34
|
end
|
34
35
|
|
@@ -37,7 +38,7 @@ module Fstab
|
|
37
38
|
|
38
39
|
dm = Getch::Helpers.get_dm "home-#{@luks}"
|
39
40
|
uuid = gen_uuid dm
|
40
|
-
line = "UUID=#{uuid} /home #{@fs}
|
41
|
+
line = "UUID=#{uuid} /home #{@fs} defaults,nosuid,nodev 0 2"
|
41
42
|
echo_a @conf, line
|
42
43
|
end
|
43
44
|
end
|
data/lib/fstab/minimal.rb
CHANGED
data/lib/fstab/root.rb
CHANGED
@@ -1,9 +1,10 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'nito'
|
4
4
|
require_relative '../getch/log'
|
5
5
|
|
6
6
|
module Fstab
|
7
|
+
# Generating /etc/fstab
|
7
8
|
class Root
|
8
9
|
include NiTo
|
9
10
|
|
@@ -36,7 +37,7 @@ module Fstab
|
|
36
37
|
@efi || return
|
37
38
|
|
38
39
|
uuid = gen_uuid @efi
|
39
|
-
line = "UUID=#{uuid} /efi vfat
|
40
|
+
line = "UUID=#{uuid} /efi vfat defaults,nosuid,nodev 0 0"
|
40
41
|
echo_a @conf, line
|
41
42
|
end
|
42
43
|
|
@@ -44,7 +45,7 @@ module Fstab
|
|
44
45
|
@boot || return
|
45
46
|
|
46
47
|
uuid = gen_uuid @boot
|
47
|
-
line = "UUID=#{uuid} /boot #{@fs}
|
48
|
+
line = "UUID=#{uuid} /boot #{@fs} defaults,nosuid,noexec,nodev 0 2"
|
48
49
|
echo_a @conf, line
|
49
50
|
end
|
50
51
|
|
@@ -60,7 +61,7 @@ module Fstab
|
|
60
61
|
@root || return
|
61
62
|
|
62
63
|
uuid = gen_uuid @root
|
63
|
-
line = "UUID=#{uuid} / #{@fs}
|
64
|
+
line = "UUID=#{uuid} / #{@fs} defaults 1 1"
|
64
65
|
echo_a @conf, line
|
65
66
|
end
|
66
67
|
|
@@ -68,14 +69,14 @@ module Fstab
|
|
68
69
|
@home || return
|
69
70
|
|
70
71
|
uuid = gen_uuid @home
|
71
|
-
line = "UUID=#{uuid} /home #{@fs}
|
72
|
+
line = "UUID=#{uuid} /home #{@fs} defaults,nosuid,nodev 0 2"
|
72
73
|
echo_a @conf, line
|
73
74
|
end
|
74
75
|
|
75
76
|
def write_tmp
|
76
77
|
Getch::Helpers.systemd? && return
|
77
78
|
|
78
|
-
line = 'tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0'
|
79
|
+
line = 'tmpfs /tmp tmpfs defaults,nosuid,noexec,nodev 0 0'
|
79
80
|
echo_a @conf, line
|
80
81
|
end
|
81
82
|
|
data/lib/getch/assembly.rb
CHANGED
@@ -5,6 +5,7 @@ require 'nito'
|
|
5
5
|
require 'cryptsetup'
|
6
6
|
|
7
7
|
module Getch
|
8
|
+
# define steps/order for getch
|
8
9
|
class Assembly
|
9
10
|
include NiTo
|
10
11
|
|
@@ -91,13 +92,24 @@ module Getch
|
|
91
92
|
@state.post_config
|
92
93
|
end
|
93
94
|
|
95
|
+
# Luks_keys
|
96
|
+
# Install external keys to avoid enter password multiple times
|
97
|
+
def luks_keys
|
98
|
+
return unless OPTIONS[:encrypt] && OPTIONS[:fs] != 'zfs'
|
99
|
+
|
100
|
+
return if STATES[:luks_keys]
|
101
|
+
|
102
|
+
CryptSetup.new(DEVS, OPTIONS).keys
|
103
|
+
@state.luks_keys
|
104
|
+
end
|
105
|
+
|
94
106
|
# terraform
|
95
107
|
# Install all the required packages
|
96
108
|
# Also add services
|
97
109
|
def terraform
|
98
110
|
return if STATES[:terraform]
|
99
111
|
|
100
|
-
|
112
|
+
# @fs::PreDeps.new
|
101
113
|
@os::Terraform.new
|
102
114
|
@fs::Deps.new
|
103
115
|
@state.terraform
|
@@ -110,17 +122,6 @@ module Getch
|
|
110
122
|
@state.services
|
111
123
|
end
|
112
124
|
|
113
|
-
# Luks_keys
|
114
|
-
# Install external keys to avoid enter password multiple times
|
115
|
-
def luks_keys
|
116
|
-
return if not OPTIONS[:encrypt] or OPTIONS[:fs] == 'zfs'
|
117
|
-
|
118
|
-
return if STATES[:luks_keys]
|
119
|
-
|
120
|
-
CryptSetup.new(DEVS, OPTIONS).keys
|
121
|
-
@state.luks_keys
|
122
|
-
end
|
123
|
-
|
124
125
|
# bootloader
|
125
126
|
# Install and configure Grub2 or Systemd-boot with Dracut
|
126
127
|
# Adding keys for Luks
|
data/lib/getch/config/grub.rb
CHANGED
@@ -4,7 +4,10 @@ require 'nito'
|
|
4
4
|
|
5
5
|
module Getch
|
6
6
|
module Config
|
7
|
+
# install grub
|
7
8
|
class Grub
|
9
|
+
include NiTo
|
10
|
+
|
8
11
|
def initialize
|
9
12
|
@log = Log.new
|
10
13
|
@disk = OPTIONS[:boot_disk] ||= OPTIONS[:disk]
|
@@ -14,10 +17,12 @@ module Getch
|
|
14
17
|
x
|
15
18
|
end
|
16
19
|
|
20
|
+
protected
|
21
|
+
|
17
22
|
def x
|
18
23
|
@log.info "Installing Grub on #{@disk}...\n"
|
19
24
|
Helpers.efi? ? grub_efi : grub_bios
|
20
|
-
end
|
25
|
+
end
|
21
26
|
|
22
27
|
private
|
23
28
|
|
@@ -35,7 +40,7 @@ module Getch
|
|
35
40
|
# In case where efivars is not mounted
|
36
41
|
# avoid error with grub
|
37
42
|
def mount_efivars
|
38
|
-
|
43
|
+
mount '-t efivarfs', 'efivarfs', '/sys/firmware/efi/efivars'
|
39
44
|
end
|
40
45
|
end
|
41
46
|
end
|
data/lib/getch/config/iwd.rb
CHANGED
@@ -1,9 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module Config
|
5
|
+
# Configure iwd if wifi is detected
|
3
6
|
class Iwd
|
4
7
|
include NiTo
|
5
8
|
|
6
9
|
def initialize
|
10
|
+
@options = "[General]\nUseDefaultInterface=true\n"
|
7
11
|
x
|
8
12
|
end
|
9
13
|
|
@@ -44,14 +48,13 @@ module Getch
|
|
44
48
|
# https://docs.voidlinux.org/config/network/iwd.html#troubleshooting
|
45
49
|
def iwd_conf
|
46
50
|
conf = "#{OPTIONS[:mountpoint]}/etc/iwd/main.conf"
|
47
|
-
content =
|
48
|
-
content << "UseDefaultInterface=true\n"
|
51
|
+
content = @options.dup
|
49
52
|
content << "[Network]\n"
|
50
|
-
Helpers.systemd?
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
53
|
+
content << if Helpers.systemd?
|
54
|
+
"NameResolvingService=systemd\n"
|
55
|
+
else
|
56
|
+
"NameResolvingService=resolvconf\n"
|
57
|
+
end
|
55
58
|
mkdir "#{OPTIONS[:mountpoint]}/etc/iwd"
|
56
59
|
echo conf, "#{content}\n"
|
57
60
|
end
|
data/lib/getch/config/portage.rb
CHANGED
@@ -52,12 +52,11 @@ module Getch
|
|
52
52
|
|
53
53
|
# https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Stage#MAKEOPTS
|
54
54
|
def make_conf
|
55
|
-
|
56
|
-
makeopts = mem[0].to_i / 2
|
55
|
+
nproc = `nproc`.chomp
|
57
56
|
|
58
57
|
echo_a "#{@dest}/make.conf", 'ACCEPT_KEYWORDS="amd64"'
|
59
58
|
echo_a "#{@dest}/make.conf", 'INPUT_DEVICES="libinput"'
|
60
|
-
echo_a "#{@dest}/make.conf", "MAKEOPTS=\"-j#{
|
59
|
+
echo_a "#{@dest}/make.conf", "MAKEOPTS=\"-j#{nproc} -l#{nproc}\""
|
61
60
|
end
|
62
61
|
|
63
62
|
# https://www.gentoo.org/downloads/mirrors/
|
@@ -74,17 +73,6 @@ module Getch
|
|
74
73
|
echo conf, 'sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE'
|
75
74
|
echo_a conf, 'sys-firmware/intel-microcode intel-ucode'
|
76
75
|
end
|
77
|
-
|
78
|
-
private
|
79
|
-
|
80
|
-
def get_memory
|
81
|
-
mem = '2048'
|
82
|
-
File.open('/proc/meminfo').each do |l|
|
83
|
-
t = l.split(' ') if l =~ /memtotal/i
|
84
|
-
t && mem = t[1]
|
85
|
-
end
|
86
|
-
mem
|
87
|
-
end
|
88
76
|
end
|
89
77
|
end
|
90
78
|
end
|
data/lib/getch/config.rb
CHANGED
@@ -21,7 +21,7 @@ module Getch
|
|
21
21
|
puts " => Creating a key for #{dev}, password required:"
|
22
22
|
chroot "cryptsetup luksAddKey #{dev} /boot/#{name}"
|
23
23
|
command "chmod 000 /boot/#{name}"
|
24
|
-
#command "chmod -R g-rwx,o-rwx /boot"
|
24
|
+
# command "chmod -R g-rwx,o-rwx /boot"
|
25
25
|
end
|
26
26
|
|
27
27
|
def crypttab
|
@@ -52,7 +52,7 @@ module Getch
|
|
52
52
|
conf = "#{MOUNTPOINT}/etc/crypttab"
|
53
53
|
device = s_uuid(dev)
|
54
54
|
raise "No partuuid for #{dev} #{device}" unless device
|
55
|
-
raise "Bad partuuid for #{dev} #{device}" if device.
|
55
|
+
raise "Bad partuuid for #{dev} #{device}" if device.is_a?(Array)
|
56
56
|
|
57
57
|
add_line(conf, "#{mapname} PARTUUID=#{device} #{point} #{rest}")
|
58
58
|
end
|
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
module Getch
|
4
4
|
module Gentoo
|
5
|
+
# install grub or bootctl
|
5
6
|
class Bootloader
|
6
7
|
def initialize
|
7
8
|
@esp = '/efi'
|
@@ -11,8 +12,7 @@ module Getch
|
|
11
12
|
|
12
13
|
# Dracut is used by sys-kernel/gentoo-kernel
|
13
14
|
def dependencies
|
14
|
-
|
15
|
-
if Helpers.systemd? and Helpers.efi?
|
15
|
+
if Helpers.systemd_minimal?
|
16
16
|
Log.new.info "Systemd-boot alrealy installed...\n"
|
17
17
|
else
|
18
18
|
ChrootOutput.new('emerge --update --newuse sys-boot/grub')
|
@@ -20,18 +20,22 @@ module Getch
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def install
|
23
|
-
Helpers.grub?
|
24
|
-
Config::Grub.new
|
23
|
+
if Helpers.grub?
|
24
|
+
Config::Grub.new
|
25
|
+
else
|
25
26
|
bootctl
|
27
|
+
end
|
26
28
|
|
27
|
-
#ChrootOutput.new('emerge --config sys-kernel/gentoo-kernel')
|
28
|
-
ChrootOutput.new('emerge --config sys-kernel/gentoo-kernel-bin')
|
29
|
+
# ChrootOutput.new('emerge --config sys-kernel/gentoo-kernel')
|
30
|
+
ChrootOutput.new('emerge --config sys-kernel/gentoo-kernel-bin') # should also reload grub-mkconfig
|
29
31
|
end
|
30
32
|
|
31
33
|
def bootctl
|
32
|
-
@boot
|
33
|
-
with_boot
|
34
|
+
if @boot
|
35
|
+
with_boot
|
36
|
+
else
|
34
37
|
Chroot.new("bootctl --esp-path=#{@esp} install")
|
38
|
+
end
|
35
39
|
end
|
36
40
|
|
37
41
|
# We need to umount the encrypted /boot first
|
@@ -4,6 +4,7 @@ require 'nito'
|
|
4
4
|
|
5
5
|
module Getch
|
6
6
|
module Gentoo
|
7
|
+
# Configure system after install the base system (when chroot is available)
|
7
8
|
class PostConfig
|
8
9
|
include NiTo
|
9
10
|
|
@@ -23,7 +24,7 @@ module Getch
|
|
23
24
|
grub
|
24
25
|
end
|
25
26
|
|
26
|
-
|
27
|
+
private
|
27
28
|
|
28
29
|
def cpuflags
|
29
30
|
conf = "#{OPTIONS[:mountpoint]}/etc/portage/package.use/00cpuflags"
|
@@ -36,40 +37,6 @@ module Getch
|
|
36
37
|
grub_pc = Helpers.efi? ? 'GRUB_PLATFORMS="efi-64"' : 'GRUB_PLATFORMS="pc"'
|
37
38
|
echo_a "#{OPTIONS[:mountpoint]}/etc/portage/make.conf", grub_pc
|
38
39
|
end
|
39
|
-
|
40
|
-
# https://wiki.gentoo.org/wiki/Signed_kernel_module_support
|
41
|
-
def portage_bashrc
|
42
|
-
conf = "#{MOUNTPOINT}/etc/portage/bashrc"
|
43
|
-
content = %q{
|
44
|
-
function pre_pkg_preinst() {
|
45
|
-
# This hook signs any out-of-tree kernel modules.
|
46
|
-
if [[ "$(type -t linux-mod_pkg_preinst)" != "function" ]]; then
|
47
|
-
# The package does not seem to install any kernel modules.
|
48
|
-
return
|
49
|
-
fi
|
50
|
-
# Get the signature algorithm used by the kernel.
|
51
|
-
local module_sig_hash="$(grep -Po '(?<=CONFIG_MODULE_SIG_HASH=").*(?=")' "${KERNEL_DIR}/.config")"
|
52
|
-
# Get the key file used by the kernel.
|
53
|
-
local module_sig_key="$(grep -Po '(?<=CONFIG_MODULE_SIG_KEY=").*(?=")' "${KERNEL_DIR}/.config")"
|
54
|
-
module_sig_key="${module_sig_key:-certs/signing_key.pem}"
|
55
|
-
# Path to the key file or PKCS11 URI
|
56
|
-
if [[ "${module_sig_key#pkcs11:}" == "${module_sig_key}" && "${module_sig_key#/}" == "${module_sig_key}" ]]; then
|
57
|
-
local key_path="${KERNEL_DIR}/${module_sig_key}"
|
58
|
-
else
|
59
|
-
local key_path="${module_sig_key}"
|
60
|
-
fi
|
61
|
-
# Certificate path
|
62
|
-
local cert_path="${KERNEL_DIR}/certs/signing_key.x509"
|
63
|
-
# Sign all installed modules before merging.
|
64
|
-
find "${D%/}/${INSDESTTREE#/}/" -name "*.ko" -exec "${KERNEL_DIR}/scripts/sign-file" "${module_sig_hash}" "${key_path}" "${cert_path}" '{}' \;
|
65
|
-
}
|
66
|
-
}
|
67
|
-
|
68
|
-
f = File.new(conf, 'w')
|
69
|
-
f.write("#{content}\n")
|
70
|
-
f.chmod(0700)
|
71
|
-
f.close
|
72
|
-
end
|
73
40
|
end
|
74
41
|
end
|
75
42
|
end
|
data/lib/getch/gentoo/sources.rb
CHANGED
@@ -5,6 +5,8 @@ require 'nito'
|
|
5
5
|
|
6
6
|
module Getch
|
7
7
|
module Gentoo
|
8
|
+
# Here we install the kernel linux.
|
9
|
+
# We compile source, enable and disable few modules for the new system.
|
8
10
|
class Sources
|
9
11
|
include NiTo
|
10
12
|
|
@@ -26,12 +28,12 @@ module Getch
|
|
26
28
|
|
27
29
|
def bask
|
28
30
|
@log.info "Kernel hardening...\n"
|
29
|
-
#Getch::Bask.new('10_kspp.config').cp
|
31
|
+
# Getch::Bask.new('10_kspp.config').cp
|
30
32
|
Getch::Bask.new('11-kspp-gcc.config').cp
|
31
33
|
Getch::Bask.new('12-kspp-x86_64.config').cp
|
32
|
-
#Getch::Bask.new('20-clipos.config').cp
|
34
|
+
# Getch::Bask.new('20-clipos.config').cp
|
33
35
|
Getch::Bask.new('30-grsecurity.config').cp
|
34
|
-
#Getch::Bask.new('40-kconfig-hardened.config').cp
|
36
|
+
# Getch::Bask.new('40-kconfig-hardened.config').cp
|
35
37
|
Getch::Bask.new('50-blacklist.config').cp
|
36
38
|
Getch::Bask.new('51-blacklist-madaidans.config').cp
|
37
39
|
end
|
@@ -42,21 +44,11 @@ module Getch
|
|
42
44
|
end
|
43
45
|
|
44
46
|
def grub_mkconfig
|
45
|
-
return if Helpers.
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
set -o errexit
|
51
|
-
|
52
|
-
if ! hash grub-mkconfig ; then
|
53
|
-
exit 0
|
54
|
-
fi
|
55
|
-
grub-mkconfig -o /boot/grub/grub.cfg
|
56
|
-
SHELL
|
57
|
-
mkdir "#{OPTIONS[:mountpoint]}/etc/kernel/postinst.d"
|
58
|
-
File.write file, content
|
59
|
-
File.chmod 0755, file
|
47
|
+
return if Helpers.systemd_minimal?
|
48
|
+
|
49
|
+
# https://wiki.gentoo.org/wiki/Project:Distribution_Kernel
|
50
|
+
use = Getch::Gentoo::Use.new('sys-kernel/installkernel-gentoo')
|
51
|
+
use.add('grub')
|
60
52
|
end
|
61
53
|
|
62
54
|
def use_flags
|
@@ -66,11 +58,13 @@ SHELL
|
|
66
58
|
|
67
59
|
# https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Kernel#Alternative:_Using_distribution_kernels
|
68
60
|
def make
|
69
|
-
Helpers.
|
70
|
-
Install.new('sys-kernel/installkernel-systemd
|
61
|
+
if Helpers.systemd_minimal?
|
62
|
+
Install.new('sys-kernel/installkernel-systemd')
|
63
|
+
else
|
71
64
|
Install.new('sys-kernel/installkernel-gentoo')
|
65
|
+
end
|
72
66
|
|
73
|
-
#Install.new 'sys-kernel/gentoo-kernel'
|
67
|
+
# Install.new 'sys-kernel/gentoo-kernel'
|
74
68
|
Install.new 'sys-kernel/gentoo-kernel-bin'
|
75
69
|
end
|
76
70
|
|
@@ -93,6 +87,7 @@ SHELL
|
|
93
87
|
|
94
88
|
module_load('iwlmvm', conf)
|
95
89
|
module_load('ath9k', conf)
|
90
|
+
module_load('rt73usb', conf)
|
96
91
|
end
|
97
92
|
|
98
93
|
def flash_mod
|
data/lib/getch/gentoo/tarball.rb
CHANGED
@@ -30,9 +30,13 @@ module Getch
|
|
30
30
|
@mirror + '/releases/amd64/autobuilds/latest-stage3-amd64-systemd.txt'
|
31
31
|
end
|
32
32
|
|
33
|
+
# release check line like bellow and return 20231126T163200Z:
|
34
|
+
# 20231126T163200Z/stage3-amd64-systemd-20231126T163200Z.tar.xz 276223256
|
33
35
|
def release
|
34
36
|
URI.open(stage3) do |file|
|
35
|
-
file.
|
37
|
+
file.each do |line|
|
38
|
+
return line.split('/')[0] if line.match(%r{^[\w]+[/](.*)tar.xz})
|
39
|
+
end
|
36
40
|
end
|
37
41
|
rescue Net::OpenTimeout => e
|
38
42
|
@log.fatal "Problem with DNS? #{e}"
|
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
module Getch
|
4
4
|
module Gentoo
|
5
|
+
# Configure use flag before compiling all the packages
|
5
6
|
class UseFlag
|
6
7
|
def initialize
|
7
8
|
x
|
@@ -23,9 +24,11 @@ module Getch
|
|
23
24
|
private
|
24
25
|
|
25
26
|
# https://wiki.gentoo.org/wiki/Project:Distribution_Kernel#Trying_it_out
|
27
|
+
# https://wiki.gentoo.org/wiki/Signed_kernel_module_support
|
26
28
|
def dist_kernel
|
27
29
|
use = Getch::Gentoo::Use.new
|
28
30
|
use.add_global('dist-kernel')
|
31
|
+
use.add_global('modules-sign')
|
29
32
|
end
|
30
33
|
|
31
34
|
def systemd
|
@@ -33,8 +36,10 @@ module Getch
|
|
33
36
|
|
34
37
|
flags = []
|
35
38
|
use = Getch::Gentoo::Use.new('sys-apps/systemd')
|
36
|
-
flags << '
|
39
|
+
flags << 'boot'
|
37
40
|
flags << 'gnuefi' if Helpers.efi?
|
41
|
+
flags << 'kernel-install'
|
42
|
+
flags << 'dns-over-tls'
|
38
43
|
use.add(flags)
|
39
44
|
end
|
40
45
|
|
@@ -55,7 +60,7 @@ module Getch
|
|
55
60
|
use = Getch::Gentoo::Use.new('sys-boot/grub')
|
56
61
|
flags << '-grub_platforms_efi-64' unless Helpers.efi?
|
57
62
|
flags << 'libzfs' if OPTIONS[:fs] == 'zfs'
|
58
|
-
flags << 'device-mapper' if OPTIONS[:
|
63
|
+
flags << 'device-mapper' if OPTIONS[:lvm] || OPTIONS[:encrypt]
|
59
64
|
use.add(flags)
|
60
65
|
end
|
61
66
|
|
@@ -69,7 +74,7 @@ module Getch
|
|
69
74
|
end
|
70
75
|
|
71
76
|
def lvm
|
72
|
-
return unless Getch::OPTIONS[:
|
77
|
+
return unless Getch::OPTIONS[:lvm]
|
73
78
|
|
74
79
|
use = Getch::Gentoo::Use.new
|
75
80
|
use.add_global('lvm', 'device-mapper')
|
data/lib/getch/gentoo.rb
CHANGED
data/lib/getch/guard.rb
CHANGED
@@ -12,11 +12,23 @@ end
|
|
12
12
|
class InvalidKeymap < StandardError
|
13
13
|
end
|
14
14
|
|
15
|
+
def valid_disk(name)
|
16
|
+
case name
|
17
|
+
when /^sd|^hd|^vd/
|
18
|
+
true
|
19
|
+
when /^nvm/
|
20
|
+
true
|
21
|
+
else
|
22
|
+
false
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
15
26
|
module Getch
|
27
|
+
# various guard
|
16
28
|
module Guard
|
17
29
|
def self.disk(name)
|
18
30
|
raise InvalidDisk, 'No disk.' unless name
|
19
|
-
raise InvalidDisk, "Bad device name #{name}." unless name
|
31
|
+
raise InvalidDisk, "Bad device name #{name}." unless valid_disk(name)
|
20
32
|
raise InvalidDisk, "Disk /dev/#{name} no found." unless File.exist? "/dev/#{name}"
|
21
33
|
|
22
34
|
name
|
data/lib/getch/helpers.rb
CHANGED
@@ -6,6 +6,7 @@ require 'fileutils'
|
|
6
6
|
require 'nito'
|
7
7
|
|
8
8
|
module Getch
|
9
|
+
# Various helpers function defined here
|
9
10
|
module Helpers
|
10
11
|
def self.efi?
|
11
12
|
Dir.exist? '/sys/firmware/efi/efivars'
|
@@ -27,6 +28,11 @@ module Getch
|
|
27
28
|
File.exist? "#{OPTIONS[:mountpoint]}/etc/default/grub"
|
28
29
|
end
|
29
30
|
|
31
|
+
# if systemd without encryption
|
32
|
+
def self.systemd_minimal?
|
33
|
+
systemd? && efi? && !OPTIONS[:encrypt]
|
34
|
+
end
|
35
|
+
|
30
36
|
def self.get_file_online(url, dest)
|
31
37
|
URI.open(url) do |l|
|
32
38
|
File.open(dest, 'wb') { |f| f.write(l.read) }
|
@@ -37,9 +43,9 @@ module Getch
|
|
37
43
|
|
38
44
|
def self.exec_or_die(cmd)
|
39
45
|
_, stderr, status = Open3.capture3(cmd)
|
40
|
-
|
41
|
-
|
42
|
-
|
46
|
+
return if status.success?
|
47
|
+
|
48
|
+
abort "Problem running #{cmd}, stderr was:\n#{stderr}"
|
43
49
|
end
|
44
50
|
|
45
51
|
def self.sys(cmd)
|
@@ -53,13 +59,20 @@ module Getch
|
|
53
59
|
|
54
60
|
def self.uuid(dev)
|
55
61
|
Dir.glob('/dev/disk/by-uuid/*').each do |f|
|
56
|
-
|
57
|
-
|
58
|
-
end
|
62
|
+
p = File.readlink(f)
|
63
|
+
return f.delete_prefix('/dev/disk/by-uuid/') if p.match?(/#{dev}/)
|
59
64
|
end
|
60
65
|
Log.new.fatal("UUID on #{dev} is no found")
|
61
66
|
end
|
62
67
|
|
68
|
+
def self.id(dev)
|
69
|
+
Dir.glob('/dev/disk/by-id/*').each do |f|
|
70
|
+
p = File.readlink(f)
|
71
|
+
return f.delete_prefix('/dev/disk/by-id/') if p.match?(/#{dev}/)
|
72
|
+
end
|
73
|
+
Log.new.fatal("ID on #{dev} is no found")
|
74
|
+
end
|
75
|
+
|
63
76
|
def self.get_dm(name)
|
64
77
|
Dir.glob('/dev/mapper/*').each do |f|
|
65
78
|
if f =~ /#{name}/ && f != '/dev/mapper/control'
|
@@ -74,9 +87,8 @@ module Getch
|
|
74
87
|
def self.get_id(dev)
|
75
88
|
sleep 3
|
76
89
|
Dir.glob('/dev/disk/by-id/*').each do |f|
|
77
|
-
|
78
|
-
|
79
|
-
end
|
90
|
+
p = File.readlink(f)
|
91
|
+
return f.delete_prefix('/dev/disk/by-id/') if p.match?(/#{dev}/)
|
80
92
|
end
|
81
93
|
Log.new.fatal("ID on #{dev} is no found")
|
82
94
|
end
|
@@ -85,7 +97,7 @@ module Getch
|
|
85
97
|
def self.mount_all
|
86
98
|
dest = OPTIONS[:mountpoint]
|
87
99
|
NiTo.mount '--types proc /proc', "#{dest}/proc"
|
88
|
-
[
|
100
|
+
%w[dev sys run].each do |d|
|
89
101
|
NiTo.mount '--rbind', "/#{d}", "#{dest}/#{d}"
|
90
102
|
NiTo.mount '--make-rslave', "#{dest}/#{d}"
|
91
103
|
end
|
@@ -108,6 +120,7 @@ module Getch
|
|
108
120
|
cmd.res
|
109
121
|
end
|
110
122
|
|
123
|
+
# Helpers specific to void
|
111
124
|
module Void
|
112
125
|
def command_output(args)
|
113
126
|
print " => Exec: #{args}..."
|
@@ -117,17 +130,15 @@ module Getch
|
|
117
130
|
stdout_err.each { |l| puts l }
|
118
131
|
|
119
132
|
exit_status = wait_thr.value
|
120
|
-
unless exit_status.success?
|
121
|
-
raise "\n[-] Fail cmd #{args} - #{stdout_err}."
|
122
|
-
end
|
133
|
+
raise("\n[-] Fail cmd #{args} - #{stdout_err}.") unless exit_status.success?
|
123
134
|
end
|
124
135
|
end
|
125
136
|
|
126
137
|
# Used only when need password
|
127
138
|
def chroot(cmd)
|
128
|
-
|
129
|
-
|
130
|
-
|
139
|
+
return if system('chroot', Getch::MOUNTPOINT, '/bin/bash', '-c', cmd)
|
140
|
+
|
141
|
+
raise "[-] Error with: #{cmd}"
|
131
142
|
end
|
132
143
|
|
133
144
|
def s_uuid(dev)
|
@@ -142,7 +153,7 @@ module Getch
|
|
142
153
|
conf = "#{Getch::MOUNTPOINT}/etc/fstab"
|
143
154
|
device = s_uuid(dev)
|
144
155
|
raise "No partuuid for #{dev} #{device}" unless device
|
145
|
-
raise "Bad partuuid for #{dev} #{device}" if device.
|
156
|
+
raise "Bad partuuid for #{dev} #{device}" if device.is_a?(Array)
|
146
157
|
|
147
158
|
add_line(conf, "PARTUUID=#{device} #{rest}")
|
148
159
|
end
|
data/lib/getch/log.rb
CHANGED
@@ -3,8 +3,8 @@
|
|
3
3
|
require 'logger'
|
4
4
|
|
5
5
|
module Getch
|
6
|
+
# Display message to stdout and write in a log file.
|
6
7
|
class Log
|
7
|
-
|
8
8
|
WHITE = "\033[37m"
|
9
9
|
CYAN = "\033[36m"
|
10
10
|
MAGENTA = "\033[35m"
|
@@ -16,13 +16,13 @@ module Getch
|
|
16
16
|
BOLD = "\033[1m"
|
17
17
|
CLEAR = "\033[0m"
|
18
18
|
|
19
|
-
def initialize(verbose
|
19
|
+
def initialize(verbose: false)
|
20
20
|
@log_file = '/tmp/log_install.txt'
|
21
21
|
@verbose = verbose
|
22
22
|
init
|
23
23
|
end
|
24
24
|
|
25
|
-
# TODO remove length
|
25
|
+
# TODO, remove length
|
26
26
|
def info(msg)
|
27
27
|
tab = msg.match("\n") ? '' : add_tab(msg)
|
28
28
|
l = msg.length
|
@@ -62,32 +62,32 @@ module Getch
|
|
62
62
|
|
63
63
|
def init_res
|
64
64
|
@result = Logger.new $stdout, level: 'INFO'
|
65
|
-
@result.formatter = proc do |
|
65
|
+
@result.formatter = proc do |_, _, _, msg| msg end
|
66
66
|
end
|
67
67
|
|
68
68
|
def init_debug
|
69
69
|
@debug = Logger.new $stdout
|
70
|
-
@debug.formatter = proc do |
|
70
|
+
@debug.formatter = proc do |severity, _, _, msg|
|
71
71
|
"\n#{BLUE}#{BOLD}#{severity[0]}#{CLEAR} [#{Process.pid}]#{CLEAR}#{msg}"
|
72
72
|
end
|
73
73
|
end
|
74
74
|
|
75
75
|
def init_error
|
76
76
|
@error = Logger.new $stdout
|
77
|
-
@error.formatter = proc do |
|
77
|
+
@error.formatter = proc do |severity, _, _, msg|
|
78
78
|
"#{RED}#{BOLD}#{severity[0]}#{CLEAR}#{msg}\t"
|
79
79
|
end
|
80
80
|
end
|
81
81
|
|
82
82
|
def init_fatal
|
83
83
|
@fatal = Logger.new $stdout
|
84
|
-
@fatal.formatter = proc do |
|
84
|
+
@fatal.formatter = proc do |severity, _, _, msg|
|
85
85
|
"\n#{YELLOW}#{BOLD}#{severity[0]}#{CLEAR}#{msg}"
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
89
89
|
def init_save
|
90
|
-
File.exist?
|
90
|
+
File.exist?(@log_file) || puts("Creating log at #{@log_file}")
|
91
91
|
@save = Logger.new(@log_file, 1)
|
92
92
|
@save.level = Logger::DEBUG
|
93
93
|
@save.formatter = proc { |severity, datetime, _, msg|
|
@@ -108,7 +108,7 @@ module Getch
|
|
108
108
|
|
109
109
|
def add_tab(text)
|
110
110
|
case text.length
|
111
|
-
when 39..
|
111
|
+
when 39..46 then "\t\t"
|
112
112
|
when 31..38 then "\t\t\t"
|
113
113
|
when 23..30 then "\t\t\t\t"
|
114
114
|
when 16..22 then "\t\t\t\t\t"
|
data/lib/getch/tree.rb
CHANGED
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
module Getch
|
4
4
|
module Tree
|
5
|
+
# call class depend of the os choosen
|
5
6
|
class Os
|
6
|
-
|
7
7
|
OS_TREE = {
|
8
8
|
gentoo: Gentoo,
|
9
9
|
void: Void
|
@@ -18,26 +18,27 @@ module Getch
|
|
18
18
|
OS_TREE[@os.to_sym] || @log.fatal('OS no found')
|
19
19
|
end
|
20
20
|
end
|
21
|
-
class FS
|
22
21
|
|
22
|
+
# call class depend on filesystem choosen.
|
23
|
+
class FS
|
23
24
|
FS_TREE = {
|
24
25
|
true => { # + encrypt
|
25
26
|
true => { # + lvm
|
26
|
-
ext4: FileSystem::Ext4::Hybrid
|
27
|
+
ext4: FileSystem::Ext4::Hybrid
|
27
28
|
},
|
28
29
|
false => { # - lvm
|
29
30
|
ext4: FileSystem::Ext4::Encrypt,
|
30
31
|
zfs: FileSystem::Zfs::Encrypt
|
31
|
-
}
|
32
|
+
}
|
32
33
|
},
|
33
34
|
false => { # - encrypt
|
34
35
|
true => { # + lvm
|
35
|
-
ext4: FileSystem::Ext4::Lvm
|
36
|
+
ext4: FileSystem::Ext4::Lvm
|
36
37
|
},
|
37
38
|
false => { # - lvm
|
38
39
|
ext4: FileSystem::Ext4::Minimal,
|
39
|
-
zfs: FileSystem::Zfs::Minimal
|
40
|
-
}
|
40
|
+
zfs: FileSystem::Zfs::Minimal
|
41
|
+
}
|
41
42
|
}
|
42
43
|
}.freeze
|
43
44
|
|
data/lib/getch/version.rb
CHANGED
data/lib/getch/void/tarball.rb
CHANGED
@@ -4,10 +4,11 @@ require 'open3'
|
|
4
4
|
|
5
5
|
module Getch
|
6
6
|
module Void
|
7
|
+
# Download the last tarball of void
|
7
8
|
class Tarball
|
8
9
|
def initialize
|
9
10
|
@log = Log.new
|
10
|
-
@url = 'https://
|
11
|
+
@url = 'https://repo-default.voidlinux.org/live/current'
|
11
12
|
@file = 'sha256sum.txt'
|
12
13
|
@xbps = false
|
13
14
|
Dir.chdir OPTIONS[:mountpoint]
|
@@ -23,9 +24,11 @@ module Getch
|
|
23
24
|
protected
|
24
25
|
|
25
26
|
def tarball
|
26
|
-
OPTIONS[:musl]
|
27
|
-
/void-x86_64-musl-ROOTFS-[\d._]+.tar.xz/
|
27
|
+
if OPTIONS[:musl]
|
28
|
+
/void-x86_64-musl-ROOTFS-[\d._]+.tar.xz/
|
29
|
+
else
|
28
30
|
/void-x86_64-ROOTFS-[\d._]+.tar.xz/
|
31
|
+
end
|
29
32
|
end
|
30
33
|
|
31
34
|
# Search the name of the last release in @file 'sha256sum.txt'
|
@@ -57,7 +60,7 @@ module Getch
|
|
57
60
|
# Should contain 2 spaces...
|
58
61
|
command = "echo #{@xbps[3]} #{@xbps[1]} | sha256sum --check"
|
59
62
|
_, stderr, status = Open3.capture3(command)
|
60
|
-
if status.success?
|
63
|
+
if status.success?
|
61
64
|
@log.result_ok
|
62
65
|
else
|
63
66
|
cleaning
|
@@ -76,7 +79,7 @@ module Getch
|
|
76
79
|
@log.info "Decompressing #{@xbps[1]}..."
|
77
80
|
cmd = "tar xpf #{@xbps[1]} --xattrs-include=\'*.*\' --numeric-owner"
|
78
81
|
_, stderr, status = Open3.capture3(cmd)
|
79
|
-
if status.success?
|
82
|
+
if status.success?
|
80
83
|
@log.result_ok
|
81
84
|
else
|
82
85
|
@log.fatal "Fail to decompressing #{@xbps[1]} - #{stderr}."
|
data/lib/getch/void/terraform.rb
CHANGED
@@ -1,7 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module Void
|
5
|
+
# install dependencies packages
|
3
6
|
class Terraform
|
4
7
|
def initialize
|
8
|
+
@deps = 'sudo'
|
5
9
|
x
|
6
10
|
end
|
7
11
|
|
@@ -12,13 +16,13 @@ module Getch
|
|
12
16
|
end
|
13
17
|
|
14
18
|
def install_pkgs
|
15
|
-
@pkgs =
|
19
|
+
@pkgs = @deps.dup
|
16
20
|
@pkgs << ' vim'
|
17
21
|
@pkgs << ' iptables'
|
18
22
|
@pkgs << ' runit-iptables'
|
19
23
|
@pkgs << ' iwd'
|
20
24
|
@pkgs << ' dhcpcd'
|
21
|
-
@pkgs << ' lvm2' if OPTIONS[:
|
25
|
+
@pkgs << ' lvm2' if OPTIONS[:lvm]
|
22
26
|
@pkgs << ' zfs' if OPTIONS[:fs] == 'zfs'
|
23
27
|
@pkgs << ' cryptsetup' if OPTIONS[:encrypt]
|
24
28
|
Install.new(@pkgs)
|
data/lib/getch/void.rb
CHANGED
data/lib/luks.rb
CHANGED
@@ -3,8 +3,10 @@
|
|
3
3
|
require 'nito'
|
4
4
|
require 'getch/log'
|
5
5
|
require 'getch/command'
|
6
|
+
require 'English'
|
6
7
|
|
7
8
|
module Luks
|
9
|
+
# define luks name, path, etc...
|
8
10
|
class Main
|
9
11
|
include Luks
|
10
12
|
include NiTo
|
@@ -21,7 +23,7 @@ module Luks
|
|
21
23
|
@mount = nil
|
22
24
|
@bootloader = false
|
23
25
|
@log = Getch::Log.new
|
24
|
-
@bs =
|
26
|
+
@bs = sector_size
|
25
27
|
end
|
26
28
|
|
27
29
|
def encrypt
|
@@ -32,9 +34,11 @@ module Luks
|
|
32
34
|
|
33
35
|
def encrypt_with_key
|
34
36
|
make_key
|
35
|
-
args = @luks_type == 'luks2'
|
36
|
-
|
37
|
-
|
37
|
+
args = if @luks_type == 'luks2'
|
38
|
+
"#{@command_args} -q --sector-size #{@bs} -d #{@full_key_path}"
|
39
|
+
else
|
40
|
+
"#{@command_args} -q -d #{@full_key_path}"
|
41
|
+
end
|
38
42
|
@log.info "Encrypting #{@luks_name} with #{@full_key_path}...\n"
|
39
43
|
cmd_crypt 'cryptsetup', 'luksFormat', args, "/dev/#{@disk}"
|
40
44
|
end
|
@@ -44,9 +48,8 @@ module Luks
|
|
44
48
|
|
45
49
|
@log.info "Opening #{@luks_name} > #{@disk}...\n"
|
46
50
|
cmd_crypt 'cryptsetup', 'open', @command_args, "/dev/#{@disk}", @luks_name
|
47
|
-
|
48
|
-
|
49
|
-
end
|
51
|
+
|
52
|
+
raise "No dev /dev/mapper/#{@luks_name}, open it first..." unless File.exist? "/dev/mapper/#{@luks_name}"
|
50
53
|
end
|
51
54
|
|
52
55
|
def open_with_key(file = nil)
|
@@ -94,8 +97,7 @@ module Luks
|
|
94
97
|
cmd_crypt 'cryptsetup', 'close', @luks_name
|
95
98
|
end
|
96
99
|
|
97
|
-
def gen_datas
|
98
|
-
end
|
100
|
+
def gen_datas; end
|
99
101
|
|
100
102
|
protected
|
101
103
|
|
@@ -145,29 +147,28 @@ module Luks
|
|
145
147
|
end
|
146
148
|
|
147
149
|
def config_grub
|
148
|
-
return unless
|
150
|
+
# return unless Getch::Helpers.grub? && !Getch::Helpers.systemd_minimal?
|
151
|
+
return unless @bootloader && Getch::Helpers.grub?
|
149
152
|
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
@log.result_ok
|
155
|
-
end
|
153
|
+
@log.info ' * Writing to /etc/default/grub...'
|
154
|
+
line = 'GRUB_ENABLE_CRYPTODISK=y'
|
155
|
+
echo_a "#{@mountpoint}/etc/default/grub", line
|
156
|
+
@log.result_ok
|
156
157
|
end
|
157
158
|
|
158
159
|
def perm
|
159
160
|
@key_path = "#{@key_dir}/#{@key_name}"
|
160
161
|
@full_key_path = "#{@mountpoint}#{@key_path}"
|
161
162
|
@log.info "Enforcing permission on #{@full_key_path}..."
|
162
|
-
File.chmod
|
163
|
-
File.chmod
|
164
|
-
File.chown
|
163
|
+
File.chmod(0400, "#{@mountpoint}#{@key_dir}")
|
164
|
+
File.chmod(0000, @full_key_path)
|
165
|
+
File.chown(0, 0, @full_key_path)
|
165
166
|
@log.result_ok
|
166
167
|
end
|
167
168
|
|
168
169
|
private
|
169
170
|
|
170
|
-
def
|
171
|
+
def sector_size
|
171
172
|
@disk || @log.fatal("No disk for #{@luks_name}.")
|
172
173
|
|
173
174
|
sh 'blockdev', '--getpbsz', "/dev/#{@disk}"
|
@@ -175,16 +176,16 @@ module Luks
|
|
175
176
|
|
176
177
|
def cmd_crypt_raw(*args)
|
177
178
|
system args.join(' ')
|
178
|
-
return if
|
179
|
+
return if $CHILD_STATUS.success?
|
179
180
|
|
180
181
|
@log.dbg args.join(' ')
|
181
|
-
@log.dbg
|
182
|
+
@log.dbg $CHILD_STATUS.success
|
182
183
|
@log.fatal 'die'
|
183
184
|
end
|
184
185
|
|
185
186
|
def cmd_crypt(*args)
|
186
187
|
cmd_crypt_raw args
|
187
|
-
rescue => e
|
188
|
+
rescue StandardError => e
|
188
189
|
@log.fatal e
|
189
190
|
end
|
190
191
|
|
@@ -193,7 +194,7 @@ module Luks
|
|
193
194
|
end
|
194
195
|
end
|
195
196
|
|
196
|
-
# Boot can decrypt
|
197
|
+
# Boot can decrypt all other partitions.
|
197
198
|
class Boot < Main
|
198
199
|
def initialize(disk, options)
|
199
200
|
super
|
@@ -223,6 +224,7 @@ module Luks
|
|
223
224
|
end
|
224
225
|
end
|
225
226
|
|
227
|
+
# define home partition for luks
|
226
228
|
class Home < Main
|
227
229
|
def initialize(disk, options)
|
228
230
|
super
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: getch
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- szorfein
|
@@ -12,31 +12,31 @@ cert_chain:
|
|
12
12
|
-----BEGIN CERTIFICATE-----
|
13
13
|
MIIEhTCCAu2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMREwDwYDVQQDDAhzem9y
|
14
14
|
ZmVpbjEaMBgGCgmSJomT8ixkARkWCnByb3Rvbm1haWwxEzARBgoJkiaJk/IsZAEZ
|
15
|
-
|
15
|
+
FgNjb20wHhcNMjMxMDIzMTcyMTA4WhcNMjQxMDIyMTcyMTA4WjBEMREwDwYDVQQD
|
16
16
|
DAhzem9yZmVpbjEaMBgGCgmSJomT8ixkARkWCnByb3Rvbm1haWwxEzARBgoJkiaJ
|
17
|
-
k/
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
AaOBgTB/
|
27
|
-
|
17
|
+
k/IsZAEZFgNjb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCqe1yx
|
18
|
+
EG2oM25jeHp08A8zkaDNmbI3MujjrRM/WPEYZX2dVwOxkIS20hQVuxcAsBBA4W/W
|
19
|
+
kuPbqRkvLboaGaxLrllkSEJw9HA/GesTdXLyCFYmNzSFqGh5BafNSkxoiDhTavxp
|
20
|
+
xvYzAkYR/3CzSOWSxJk73wIg+F7w/nWJPTt2tgJE9hgR8uuFY+EzPOlFZhkFTdCV
|
21
|
+
88sBGuZPMjq7ASQVBE3UA+Y1xJeXE3/FhIhYvLnjevkkDLSLFmox0ZQf6nx6abuL
|
22
|
+
KTOGRA1bfLfkW5HMh5X5JwViliwG3RWhqAukJUgHTUk+oKtejlzSDqupwOenKZf0
|
23
|
+
xI2/BnS8zOsS6Te08iLxqZfI/lsG8wcPduekSetRI4VIOZ5QoRK54PiQjrOBhbnD
|
24
|
+
OQBB/XF1C80imZtRtdUqh6bK9WeWI4RYZ2/KwXL1AScEbXkBkkOECWoVrD18WgRm
|
25
|
+
siuX6RkNIelhtb0En7f3bizgPqlO0qPQV+wPi9TSBxdVG12C0OmjCQYMQD0CAwEA
|
26
|
+
AaOBgTB/MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBTlKnQ3qMUF
|
27
|
+
zydvZaKwdP+dnj2uajAiBgNVHREEGzAZgRdzem9yZmVpbkBwcm90b25tYWlsLmNv
|
28
28
|
bTAiBgNVHRIEGzAZgRdzem9yZmVpbkBwcm90b25tYWlsLmNvbTANBgkqhkiG9w0B
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
29
|
+
AQsFAAOCAYEAFjnBWWfaMeA8hP0Q76WmBCFckGN5I42X5RQkVYRRXIaeXIS1td/t
|
30
|
+
O1v1iQLo6ABfASMi6We7T16+ita68xwNOmSkMNHHXBr/fdGbHExxFSX7BXNRbwla
|
31
|
+
SS6Vy0bXKMDJbXcvkrmIolpYhEFm1218FCRCT6ogM1oWAJAfhfF9pMeRxrxjQYFn
|
32
|
+
ko8XgjIHxb83miOILgdq/lgJ4gfD7PsGfJtLCLiCKCcxIb4TtmKAzRwCDVpb6wqM
|
33
|
+
5xJZffAmHI7v8lVer53sPzm3INPu5xFZyfZ/SXYXPKKwln0efH63K5vuXYwEN7NI
|
34
|
+
SBSRTN03Hb65t86m6/r084SrNnLntQjCSqApzFBt1QwJ5cmiVilODN4V7y2hZpyK
|
35
|
+
hSk3b2VOotDPiWIm1p/IPXQDfm5x67Z5fJQPAlBTsse4jKyVyW1lZLmERSBuRZ2O
|
36
|
+
urXgRIzALxd/xazPCnoLSXPzfJSI6Y77S1EBvhPd9RaSO8IyH9RhPDP9mnTvW2Kl
|
37
|
+
NAUnoL+txK5a
|
38
38
|
-----END CERTIFICATE-----
|
39
|
-
date:
|
39
|
+
date: 2023-12-22 00:00:00.000000000 Z
|
40
40
|
dependencies: []
|
41
41
|
description:
|
42
42
|
email:
|
@@ -191,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
191
191
|
- !ruby/object:Gem::Version
|
192
192
|
version: '0'
|
193
193
|
requirements: []
|
194
|
-
rubygems_version: 3.3.
|
194
|
+
rubygems_version: 3.3.25
|
195
195
|
signing_key:
|
196
196
|
specification_version: 4
|
197
197
|
summary: A CLI tool to install Gentoo or VoidLinux.
|
metadata.gz.sig
CHANGED
Binary file
|