getch 0.0.8 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d697434a5e8a44edb8027582ece052145c440247524597afe5ad28118115154
-  data.tar.gz: 42eb9e224e6581752f28d6997a9e10feb0e65c432e0dd80bc87236d7e597d828
+  metadata.gz: 05f332c1aa466828838d7968874705953bba34c2179426f4931a355d5c13963c
+  data.tar.gz: 47fa91c9b9086013db895772f4faece39afe9f4377ad96a53c4b6aee3822f79b
 SHA512:
-  metadata.gz: 2e17128164b81b58d59f296e360197a2b9fbb33fd2b1cbd58128b1b04885eef4480d067c5588d40802c889e5a80861b63c37454b685bdb6263e9806b2e99b208
-  data.tar.gz: f8eee6f6b37fb036a05003d109672615cc7439dcc5277f2d4604d58e66b2407fa648bdccb850269545f2aef5441777a0d936842326cecb7410b05dfb6dbcee64
+  metadata.gz: 0450bc2fbc6e7b3835802dae660ee878da6890bb2181826057442d3de3c580ff0d68d1348ca1d395c0820ce8d9fa5770fdaaee384e67b2619c0fc37c72190f28
+  data.tar.gz: 961a9019de0dc20e67da6042c2c61d2052cff31299f07c796fec71cb1b9a84e3db92cb1df276a5dd8de896faed53c967871e2d959fc3a317a7d2eccb9ba1622c

data/CHANGELOG.md

@@ -1,6 +1,14 @@
+## 0.0.9, release 2020-10-03
+* Add encryption on ext4 and lvm (BIOS,UEFI)
+* Correct KEYMAP="yes" with genkernel
+* Renaming option keyboard with keymap
+* GPG verification for ebuild
+
+## 0.0.8, release 2020-09-30
 * Adding LVM via the option fs, `--fs lvm`.
 * Systemd-boot use the value of PARTUUID without initramfs.
 * Include lib logger.
+* Enhance functions to call program system Emerge, Make, ...
 
 ## 0.0.7, release 2020-09-22
 * Correct fstab.

data/README.md

@@ -5,8 +5,9 @@ A CLI tool to install Gentoo.
 Actually, Getch support only the [AMD64 handbook](https://wiki.gentoo.org/wiki/Handbook:AMD64) and only with the last `stage3-amd64-systemd`.  
 It also require a disk (only one for now) with a minimum of 20G.  
 
-Filesystem supported by Getch are: (the list will evolve...)
-+ ext4 with GRUB2 for BIOS based system and systemd-boot for UEFI systems.
+BIOS system will use Grub2 and UEFI, systemd-boot. Filesystem supported by Getch are for now:
++ ext4
++ lvm
 
 I would also add disk encryption soon.
 
@@ -33,7 +34,7 @@ When you boot from an `iso`, you can install `ruby`, `getch` and correct your `P
 ## Examples
 For a french user:
 
-    # getch --username ninja --zoneinfo "Europe/Paris" --language fr_FR --keyboard fr
+    # getch --username ninja --zoneinfo "Europe/Paris" --language fr_FR --keymap fr
 
 After an install by Getch, take a look on the [wiki](https://github.com/szorfein/getch/wiki).
 
@@ -41,6 +42,11 @@ Install Gentoo on LVM:
 
     # getch --format lvm --disk sda
 
+## Troubleshooting
+
+#### LVM
+Unless than your older LVM volume group is named `vg0`, `getch` may fail to partition your disk, you have to clean your device before proceed with `vgremove` and `pvremove`.
+
 ## Issues
 If need more support for your hardware (network, sound card, ...), you can submit a [new issue](https://github.com/szorfein/getch/issues/new) and post the output of the following command:
 + lspci

data/lib/getch.rb

@@ -11,7 +11,7 @@ module Getch
   DEFAULT_OPTIONS = {
     language: 'en_US',
     zoneinfo: 'US/Eastern',
-    keyboard: 'us',
+    keymap: 'us',
     disk: 'sda',
     fs: 'ext4',
     username: nil,
@@ -30,16 +30,28 @@ module Getch
   }
 
   MOUNTPOINT = "/mnt/gentoo".freeze
-  OPTIONS_FS = {
-    'ext4' => DEFAULT_OPTIONS[:encrypt] ? Getch::FileSystem::Ext4::Encrypt : Getch::FileSystem::Ext4,
-    'lvm' => DEFAULT_OPTIONS[:encrypt] ? Getch::FileSystem::Lvm::Encrypt : Getch::FileSystem::Lvm
+  DEFAULT_FS = {
+    true => {
+      ext4: Getch::FileSystem::Ext4::Encrypt,
+      lvm: Getch::FileSystem::Lvm::Encrypt
+    },
+    false => {
+      ext4: Getch::FileSystem::Ext4,
+      lvm: Getch::FileSystem::Lvm
+    }
   }.freeze
 
+  def self.class_fs
+    encrypt = DEFAULT_OPTIONS[:encrypt]
+    fs = DEFAULT_OPTIONS[:fs].to_sym
+    DEFAULT_FS[encrypt][fs]
+  end
+
   def self.resume_options(opts)
     puts "\nBuild Gentoo with the following args:\n"
     puts "lang: #{DEFAULT_OPTIONS[:language]}"
     puts "zoneinfo: #{DEFAULT_OPTIONS[:zoneinfo]}"
-    puts "keyboard: #{DEFAULT_OPTIONS[:keyboard]}"
+    puts "keymap: #{DEFAULT_OPTIONS[:keymap]}"
     puts "disk: #{DEFAULT_OPTIONS[:disk]}"
     puts "fs: #{DEFAULT_OPTIONS[:fs]}"
     puts "username: #{DEFAULT_OPTIONS[:username]}"
@@ -62,8 +74,8 @@ module Getch
     case gets.chomp
     when /^y|^Y/
       log.info("Partition start")
-      OPTIONS_FS[fs]::Partition.new
-      OPTIONS_FS[fs]::Format.new
+      class_fs::Partition.new
+      class_fs::Format.new
     else
       exit 1
     end
@@ -84,7 +96,7 @@ module Getch
     resume_options(options)
     Getch::States.new # Update States
     format(options.disk, options.fs, options.username)
-    OPTIONS_FS[DEFAULT_OPTIONS[:fs]]::Mount.new.run
+    class_fs::Mount.new.run
     init_gentoo(options)
   end
 end

data/lib/getch/command.rb

@@ -17,7 +17,7 @@ module Getch
 
         # only stderr
         begin
-          @log.error stderr.readline until stderr.eof.nil?
+          @log.debug stderr.readline until stderr.eof.nil?
         rescue EOFError
         end
 

data/lib/getch/filesystem/ext4.rb

@@ -11,3 +11,4 @@ require_relative 'ext4/format'
 require_relative 'ext4/mount'
 require_relative 'ext4/config'
 require_relative 'ext4/deps'
+require_relative 'ext4/encrypt'

data/lib/getch/filesystem/ext4/config.rb

@@ -30,7 +30,7 @@ module Getch
         def grub
           return if Helpers::efi?
           file = "#{@root_dir}/etc/default/grub"
-          cmdline = "GRUB_CMDLINE_LINUX=\"resume=#{@dev_swap} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force\"\n"
+          cmdline = "GRUB_CMDLINE_LINUX=\"resume=#{@dev_swap} root=#{@dev_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force\"\n"
           File.write(file, cmdline, mode: 'a')
         end
 

data/lib/getch/filesystem/ext4/encrypt/config.rb

@@ -1,60 +1,83 @@
+require 'fileutils'
+
 module Getch
   module FileSystem
     module Ext4
-      class Config < Getch::FileSystem::Ext4::Encrypt::Device
-        def initialize
-          super
-          gen_uuid
-          @root_dir = MOUNTPOINT
-          @init = '/usr/lib/systemd/systemd'
-        end
+      module Encrypt
+        class Config < Getch::FileSystem::Ext4::Encrypt::Device
+          def initialize
+            super
+            gen_uuid
+            @root_dir = MOUNTPOINT
+            @init = '/usr/lib/systemd/systemd'
+            move_secret_keys
+            crypttab
+          end
 
-        def fstab
-          file = "#{@root_dir}/etc/fstab"
-          datas = data_fstab
-          File.write(file, datas.join("\n"))
-        end
+          def fstab
+            file = "#{@root_dir}/etc/fstab"
+            datas = data_fstab
+            File.write(file, datas.join("\n"))
+          end
 
-        def systemd_boot
-          return if ! Helpers::efi? 
-          esp = '/boot/efi'
-          dir = "#{@root_dir}/#{esp}/loader/entries/"
-          datas_gentoo = [
-            'title Gentoo Linux',
-            'linux /vmlinuz',
-            "options crypt_root=UUID=#{uuid_dev_root} root=/dev/mapper/#{@vg}-root init=#{@init} dolvm rw"
-          ]
-          File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
-        end
+          def systemd_boot
+            return if ! Helpers::efi?
+            esp = '/boot/efi'
+            dir = "#{@root_dir}/#{esp}/loader/entries/"
+            datas_gentoo = [
+              'title Gentoo Linux',
+              'linux /vmlinuz',
+              'initrd /initramfs',
+              "options crypt_root=UUID=#{@uuid_root} root=/dev/mapper/root init=#{@init} keymap=#{DEFAULT_OPTIONS[:keymap]} rw"
+            ]
+            File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
+          end
 
-        def grub
-          return if Helpers::efi?
-          file = "#{@root_dir}/etc/default/grub"
-          cmdline = [ 
-            "GRUB_CMDLINE_LINUX=\"resume=UUID=#{@uuid_swap} crypt_root=UUID=#{@uuid_dev_root} root=/dev/mapper/#{@vg}-root init=#{@init} dolvm rw\"",
-            "GRUB_ENABLE_CRYPTODISK=y"
-          ]
-          File.write("#{file}", cmdline.join("\n"), mode: 'a')
-        end
+          def crypttab
+            home = @dev_home ? "crypthome UUID=#{@uuid_home} /root/secretkeys/crypto_keyfile.bin luks" : ''
+            datas = [
+              "cryptswap UUID=#{@uuid_swap} /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=256",
+              home
+            ]
+            File.write("#{@root_dir}/etc/crypttab", datas.join("\n"))
+          end
 
-        private
+          def grub
+            return if Helpers::efi?
+            file = "#{@root_dir}/etc/default/grub"
+            cmdline = [
+              "GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{DEFAULT_OPTIONS[:keymap]}\"",
+              "GRUB_ENABLE_CRYPTODISK=y"
+            ]
+            File.write(file, cmdline.join("\n"), mode: 'a')
+          end
 
-        def gen_uuid
-          @uuid_swap = `lsblk -o "UUID" #{@lv_swap} | tail -1`.chomp() if @lv_swap
-          @uuid_root = `lsblk -o "UUID" #{@lv_root} | tail -1`.chomp() if @lv_root
-          @uuid_dev_root = `lsblk -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
-          @uuid_boot = `lsblk -o "UUID" #{@dev_boot} | tail -1`.chomp() if @dev_boot
-          @uuid_boot_efi = `lsblk -o "UUID" #{@dev_boot_efi} | tail -1`.chomp() if @dev_boot_efi
-          @uuid_home = `lsblk -o "UUID" #{@lv_home} | tail -1`.chomp() if @lv_home
-        end
+          private
+
+          def gen_uuid
+            @partuuid_root = `lsblk -o "PARTUUID" #{@dev_root} | tail -1`.chomp() if @dev_root
+            @uuid_swap = `lsblk -o "UUID" #{@dev_swap} | tail -1`.chomp() if @dev_swap
+            @uuid_dev_root = `lsblk -d -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
+            @uuid_boot_efi = `lsblk -o "UUID" #{@dev_boot_efi} | tail -1`.chomp() if @dev_boot_efi
+            @uuid_root = `lsblk -d -o "UUID" #{@luks_root} | tail -1`.chomp() if @dev_root
+            @uuid_home = `lsblk -d -o "UUID" #{@dev_home} | tail -1`.chomp() if @luks_home
+          end
+
+          def data_fstab
+            boot_efi = @dev_boot_efi ? "UUID=#{@uuid_boot_efi} /boot/efi vfat noauto,noatime 1 2" : ''
+            swap = @dev_swap ? "#{@luks_swap} none swap discard 0 0 " : ''
+            root = @dev_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
+            home = @dev_home ? "#{@luks_home} /home/#{@user} ext4 defaults 0 2" : ''
 
-        def data_fstab
-          boot_efi = @lv_boot_efi ? "UUID=#{@uuid_boot_efi} /boot/efi vfat noauto,noatime 1 2" : ''
-          swap = @lv_swap ? "UUID=#{@uuid_swap} none swap discard 0 0" : ''
-          root = @lv_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
-          home = @lv_home ? "UUID=#{@uuid_home} /home/#{@user} ext4 defaults 0 2" : ''
+            [ boot_efi, swap, root, home ]
+          end
 
-          [ boot_efi, swap, root, home ]
+          def move_secret_keys
+            return if ! @luks_home
+            puts "Moving secret keys"
+            keys_path = "#{@root_dir}/root/secretkeys"
+            FileUtils.mv("/root/secretkeys", keys_path) if ! Dir.exist?(keys_path)
+          end
         end
       end
     end

data/lib/getch/filesystem/ext4/encrypt/deps.rb

@@ -12,19 +12,41 @@ module Getch
             install_deps
           end
 
+          def make
+            genkernel
+            Getch::Make.new("genkernel --kernel-config=/usr/src/linux/.config all").run!
+          end
+
           private
           def install_efi
           end
 
+          def genkernel
+            grub = Helpers::efi? ? 'BOOTLOADER="no"' : 'BOOTLOADER="grub2"'
+            datas = [
+              '',
+              grub,
+              'INSTALL="yes"',
+              'MENUCONFIG="no"',
+              'CLEAN="yes"',
+              'KEYMAP="yes"',
+              'SAVE_CONFIG="yes"',
+              'MOUNTBOOT="yes"',
+              'MRPROPER="no"',
+              'LUKS="yes"',
+            ]
+            file = "#{MOUNTPOINT}/etc/genkernel.conf"
+            File.write(file, datas.join("\n"), mode: 'a')
+          end
+
           def install_bios
             exec("euse -p sys-boot/grub -E device-mapper")
+            exec("euse -p sys-fs/cryptsetup -E luks1_default")
           end
 
           def install_deps
-            exec("euse -p sys-apps/systemd -E cryptsetup")
-            Getch::Emerge.new('genkernel cryptsetup lvm2').pkg!
-            exec("genkernel --install --luks --keymap #{DEFAULT_OPTIONS[:keyboard]} --lvm --kernel-config=/usr/src/linux/.config initramfs")
-            exec("systemctl enable lvm2-monitor")
+            exec("euse -E cryptsetup") if ! Helpers::grep?("#{MOUNTPOINT}/etc/portage/make.conf", /cryptsetup/)
+            Getch::Emerge.new('genkernel sys-apps/systemd sys-fs/cryptsetup').pkg!
           end
 
           def exec(cmd)

data/lib/getch/filesystem/ext4/encrypt/device.rb

@@ -8,10 +8,11 @@ module Getch
             @user = DEFAULT_OPTIONS[:username]
             @dev_boot_efi = Helpers::efi? ? "/dev/#{@disk}1" : nil
             @dev_root = "/dev/#{@disk}2"
-            @vg = 'vg0'
-            @lv_root = "/dev/mapper/#{@vg}-root"
-            @lv_swap = "/dev/mapper/#{@vg}-swap"
-            @lv_home = @user ? "/dev/mapper/#{@vg}-home" : nil
+            @dev_swap = "/dev/#{@disk}3"
+            @dev_home = @user ? "/dev/#{@disk}4" : nil
+            @luks_root = "/dev/mapper/cryptroot"
+            @luks_home = @user ? "/dev/mapper/crypthome" : nil
+            @luks_swap = "/dev/mapper/cryptswap"
           end
         end
       end

data/lib/getch/filesystem/ext4/encrypt/format.rb

@@ -13,12 +13,18 @@ module Getch
           def format
             return if STATES[:format]
             puts "Format #{@disk} with #{@fs}"
-            system("mkfs.fat -F32 #{@dev_boot_efi}") if Helpers::efi?
-            system("mkswap #{@lv_swap}")
-            system("mkfs.#{@fs} #{@lv_root}")
-            system("mkfs.#{@fs} #{@lv_home}") if @lv_home
+            exec("mkfs.fat -F32 #{@dev_boot_efi}") if Helpers::efi?
+            exec("mkfs.#{@fs} -F #{@luks_root}")
+            exec("mkswap -f #{@dev_swap}")
+            exec("mkfs.#{@fs} -F #{@luks_home}") if @dev_home
             @state.format
           end
+
+          private
+
+          def exec(cmd)
+            Getch::Command.new(cmd).run!
+          end
         end
       end
     end

data/lib/getch/filesystem/ext4/encrypt/mount.rb

@@ -16,7 +16,7 @@ module Getch
 
           def run
             return if STATES[:mount]
-            mount_swap
+            #mount_swap
             mount_root
             mount_boot
             mount_home
@@ -27,14 +27,14 @@ module Getch
           private
 
           def mount_swap
-            return if ! @lv_swap
-            system("swapon #{@lv_swap}")
+            return if ! @dev_swap
+            system("swapon #{@dev_swap}")
           end
 
           def mount_root
-            return if ! @lv_root
+            return if ! @dev_root
             Dir.mkdir(@root_dir, 0700) if ! Dir.exist?(@root_dir)
-            system("mount #{@lv_root} #{@root_dir}")
+            system("mount #{@luks_root} #{@root_dir}")
           end
 
           def mount_boot_efi
@@ -50,10 +50,10 @@ module Getch
           end
 
           def mount_home
-            return if ! @lv_home
+            return if ! @dev_home
             if @user != nil then
               FileUtils.mkdir_p @home_dir, mode: 0700 if ! Dir.exist?(@home_dir)
-              system("mount #{@lv_home} #{@home_dir}")
+              system("mount #{@luks_home} #{@home_dir}")
             end
             @state.mount
           end

data/lib/getch/filesystem/ext4/encrypt/partition.rb

@@ -6,6 +6,7 @@ module Getch
           def initialize
             super
             @state = Getch::States.new()
+            @log = Log.new
             run_partition
           end
 
@@ -13,10 +14,13 @@ module Getch
             return if STATES[:partition ]
             clear_struct
             cleaning
-            boot
-            others
-            luks
-            lvm
+            if Helpers::efi?
+              partition_efi
+              encrypt_efi
+            else
+              partition_bios
+              encrypt_bios
+            end
             @state.partition
           end
 
@@ -39,51 +43,68 @@ module Getch
             end
           end
 
-          def boot
-            if Helpers::efi?
-              exec("sgdisk -n1:1M:+260M -t1:EF00 /dev/#{@disk}}")
-            else
-              exec("sgdisk -n1:1MiB:+1MiB -t1:EF02 /dev/#{@disk}")
-            end
+          # Follow https://wiki.archlinux.org/index.php/Partitioning
+          def partition_efi
+            # /boot/efi - EFI system partition - 260MB
+            # /         - Root
+            # swap      - Linux Swap - size of the ram
+            # /home     - Home
+            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
+
+            exec("sgdisk -n1:1M:+260M -t1:EF00 /dev/#{@disk}")
+            exec("sgdisk -n2:0:+15G -t2:8309 /dev/#{@disk}")
+            exec("sgdisk -n3:0:+#{mem} -t3:8200 /dev/#{@disk}")
+            exec("sgdisk -n4:0:0 -t4:8309 /dev/#{@disk}") if @dev_home
           end
 
-          def others
-            exec("sgdisk -n2:0:+0 -t2:8309 /dev/#{@disk}")
+          def encrypt_efi
+            @log.info("Format root")
+            Helpers::sys("cryptsetup luksFormat #{@dev_root}")
+            @log.debug("Opening root")
+            Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
+            encrypt_home
           end
 
-          def luks
-            if Helpers::efi?
-              exec("cryptsetup --use-random luksFormat /dev/#{@disk}2")
-              exec("cryptsetup open --type luks /dev/#{@disk}2 crypt-lvm")
-            else
-              # GRUB do not support LUKS2
-              exec("cryptsetup --use-random luksFormat --type luks1 /dev/#{@disk}2")
-              exec("cryptsetup open --type luks1 /dev/#{@disk}2 crypt-lvm")
-            end
+          def encrypt_bios
+            @log.info("Format root for bios")
+            Helpers::sys("cryptsetup luksFormat --type luks1 #{@dev_root}")
+            @log.debug("Opening root")
+            Helpers::sys("cryptsetup open --type luks1 #{@dev_root} cryptroot")
+            encrypt_home
           end
 
-          def lvm
-            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
-            exec("pvcreate /dev/mapper/crypt-lvm")
-            exec("vgcreate #{@vg} /dev/mapper/crypt-lvm")
-            exec("lvcreate -L 15G -n root #{@vg}")
-            exec("lvcreate -L #{mem} -n swap #{@vg}")
-            exec("lvcreate -l 100%FREE -n home #{@vg}") if @user
-            exec("vgchange --available y")
+          def encrypt_home
+            if @dev_home then
+              create_secret_keys
+              @log.info("Format home with #{@key_path}")
+              Helpers::sys("cryptsetup luksFormat #{@dev_home} #{@key_path}")
+              @log.debug("Open home with key #{@key_path}")
+              exec("cryptsetup open --type luks -d #{@key_path} #{@dev_home} crypthome")
+            end
           end
 
-          # Follow https://wiki.archlinux.org/index.php/Partitioning
-          # Partition_efi
-            # /boot/efi - EFI system partition - 260MB
-            # /         - Root
-            # swap      - Linux Swap - size of the ram
-            # /home     - Home
+          def create_secret_keys
+            return if ! @dev_home
+            @log.info("Creating secret keys")
+            keys_dir = "/root/secretkeys"
+            key_name = "crypto_keyfile.bin"
+            @key_path = "#{keys_dir}/#{key_name}"
+            FileUtils.mkdir keys_dir, mode: 0700 if ! Dir.exist?(keys_dir)
+            Getch::Command.new("dd bs=512 count=4 if=/dev/urandom of=#{@key_path}").run!
+          end
 
-          # Partition_bios
+          def partition_bios
             # None      - Bios Boot Partition - 1MiB
             # /         - Root
             # swap      - Linux Swap - size of the ram
             # /home     - Home
+            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
+
+            exec("sgdisk -n1:1MiB:+1MiB -t1:EF02 /dev/#{@disk}")
+            exec("sgdisk -n2:0:+15G -t2:8309 /dev/#{@disk}")
+            exec("sgdisk -n3:0:+#{mem} -t3:8200 /dev/#{@disk}")
+            exec("sgdisk -n4:0:0 -t4:8309 /dev/#{@disk}") if @dev_home
+          end
 
           def exec(cmd)
             Getch::Command.new(cmd).run!

data/lib/getch/filesystem/lvm.rb

@@ -11,3 +11,4 @@ require_relative 'lvm/format'
 require_relative 'lvm/mount'
 require_relative 'lvm/config'
 require_relative 'lvm/deps'
+require_relative 'lvm/encrypt'

data/lib/getch/filesystem/lvm/config.rb

@@ -50,11 +50,12 @@ module Getch
 
         def data_fstab
           boot_efi = @dev_boot_efi ? "UUID=#{@uuid_boot_efi} /boot/efi vfat noauto,noatime 1 2" : ''
+          boot = @dev_boot ? "UUID=#{@uuid_boot} /boot ext4 noauto,noatime 1 2" : ''
           swap = @lv_swap ? "UUID=#{@uuid_swap} none swap discard 0 0" : ''
           root = @lv_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
           home = @lv_home ? "UUID=#{@uuid_home} /home/#{@user} ext4 defaults 0 2" : ''
 
-          [ boot_efi, swap, root, home ]
+          [ boot_efi, boot, swap, root, home ]
         end
       end
     end

data/lib/getch/filesystem/lvm/encrypt.rb

@@ -0,0 +1,15 @@
+module Getch
+  module FileSystem
+    module Lvm
+      module Encrypt
+      end
+    end
+  end
+end
+
+require_relative 'encrypt/device'
+require_relative 'encrypt/partition'
+require_relative 'encrypt/format'
+require_relative 'encrypt/mount'
+require_relative 'encrypt/config'
+require_relative 'encrypt/deps'

data/lib/getch/filesystem/lvm/encrypt/config.rb

@@ -0,0 +1,74 @@
+module Getch
+  module FileSystem
+    module Lvm
+      module Encrypt
+        class Config < Getch::FileSystem::Lvm::Encrypt::Device
+          def initialize
+            super
+            gen_uuid
+            @root_dir = MOUNTPOINT
+            @init = '/usr/lib/systemd/systemd'
+            crypttab
+          end
+
+          def fstab
+            file = "#{@root_dir}/etc/fstab"
+            datas = data_fstab
+            File.write(file, datas.join("\n"))
+          end
+
+          def systemd_boot
+            return if ! Helpers::efi? 
+            esp = '/boot/efi'
+            dir = "#{@root_dir}/#{esp}/loader/entries/"
+            datas_gentoo = [
+              'title Gentoo Linux',
+              'linux /vmlinuz',
+              'initrd /initramfs',
+              "options crypt_root=UUID=#{@uuid_dev_root} root=#{@lv_root} init=#{@init} keymap=#{DEFAULT_OPTIONS[:keymap]} dolvm rw"
+            ]
+            File.write("#{dir}/gentoo.conf", datas_gentoo.join("\n"))
+          end
+
+          def crypttab
+            datas = [
+              "cryptswap #{@lv_swap} /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=256"
+            ]
+            File.write("#{@root_dir}/etc/crypttab", datas.join("\n"))
+          end
+
+          def grub
+            return if Helpers::efi?
+            file = "#{@root_dir}/etc/default/grub"
+            cmdline = [ 
+              "GRUB_CMDLINE_LINUX=\"crypt_root=UUID=#{@uuid_dev_root} root=#{@lv_root} init=#{@init} dolvm rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force keymap=#{DEFAULT_OPTIONS[:keymap]}\"",
+              "GRUB_ENABLE_CRYPTODISK=y"
+            ]
+            File.write("#{file}", cmdline.join("\n"), mode: 'a')
+          end
+
+          private
+
+          def gen_uuid
+            @uuid_swap = `lsblk -o "UUID" #{@lv_swap} | tail -1`.chomp() if @lv_swap
+            @uuid_root = `lsblk -d -o "UUID" #{@lv_root} | tail -1`.chomp() if @lv_root
+            @uuid_dev_root = `lsblk -d -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
+            @uuid_boot = `lsblk -o "UUID" #{@dev_boot} | tail -1`.chomp() if @dev_boot
+            @uuid_boot_efi = `lsblk -o "UUID" #{@dev_boot_efi} | tail -1`.chomp() if @dev_boot_efi
+            @uuid_home = `lsblk -o "UUID" #{@lv_home} | tail -1`.chomp() if @lv_home
+          end
+
+          def data_fstab
+            boot_efi = @dev_boot_efi ? "UUID=#{@uuid_boot_efi} /boot/efi vfat noauto,noatime 1 2" : ''
+            boot = @dev_boot ? "UUID=#{@uuid_boot} /boot ext4 noauto,noatime 1 2" : ''
+            swap = @lv_swap ? "/dev/mapper/cryptswap none swap discard 0 0" : ''
+            root = @lv_root ? "UUID=#{@uuid_root} / ext4 defaults 0 1" : ''
+            home = @lv_home ? "UUID=#{@uuid_home} /home/#{@user} ext4 defaults 0 2" : ''
+
+            [ boot_efi, boot, swap, root, home ]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/lvm/encrypt/deps.rb

@@ -0,0 +1,63 @@
+module Getch
+  module FileSystem
+    module Lvm
+      module Encrypt
+        class Deps
+          def initialize
+            if Helpers::efi?
+              install_efi
+            else
+              install_bios
+            end
+            install_deps
+          end
+
+          def make
+            options_make
+            Getch::Make.new("genkernel --kernel-config=/usr/src/linux/.config all").run!
+          end
+
+          private
+          def options_make
+            grub = Helpers::efi? ? 'BOOTLOADER="no"' : 'BOOTLOADER="grub2"'
+            datas = [
+              '',
+              grub,
+              'INSTALL="yes"',
+              'MENUCONFIG="no"',
+              'CLEAN="yes"',
+              'KEYMAP="yes"',
+              'SAVE_CONFIG="yes"',
+              'MOUNTBOOT="yes"',
+              'MRPROPER="no"',
+              'LVM="yes"',
+              'LUKS="yes"',
+            ]
+            file = "#{MOUNTPOINT}/etc/genkernel.conf"
+            File.write(file, datas.join("\n"), mode: 'a')
+          end
+
+          def install_efi
+          end
+
+          def install_bios
+            exec("euse -p sys-boot/grub -E device-mapper")
+          end
+
+          def install_deps
+            make_conf = "#{MOUNTPOINT}/etc/portage/make.conf"
+            exec("euse -E lvm") if ! Helpers::grep?(make_conf, /lvm/)
+            exec("euse -E cryptsetup") if ! Helpers::grep?(make_conf, /cryptsetup/)
+            Getch::Emerge.new('genkernel systemd sys-fs/cryptsetup lvm2').pkg!
+            Getch::Garden.new('-a lvm').run!
+            exec("systemctl enable lvm2-monitor")
+          end
+
+          def exec(cmd)
+            Helpers::run_chroot(cmd, MOUNTPOINT)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/lvm/encrypt/device.rb

@@ -0,0 +1,22 @@
+module Getch
+  module FileSystem
+    module Lvm
+      module Encrypt
+        class Device
+          def initialize
+            @disk = DEFAULT_OPTIONS[:disk]
+            @user = DEFAULT_OPTIONS[:username]
+            @dev_boot_efi = Helpers::efi? ? "/dev/#{@disk}1" : nil
+            @dev_boot = Helpers::efi? ? nil : "/dev/#{@disk}2"
+            @dev_root = Helpers::efi? ? "/dev/#{@disk}2" : "/dev/#{@disk}3"
+            @vg = 'vg0'
+            @lv_root = "/dev/mapper/#{@vg}-root"
+            @lv_swap = "/dev/mapper/#{@vg}-swap"
+            @lv_home = @user ? "/dev/mapper/#{@vg}-home" : nil
+            @luks_root = "/dev/mapper/cryptroot"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/lvm/encrypt/format.rb

@@ -0,0 +1,32 @@
+module Getch
+  module FileSystem
+    module Lvm
+      module Encrypt
+        class Format < Getch::FileSystem::Lvm::Encrypt::Device
+          def initialize
+            super
+            @fs = 'ext4'
+            @state = Getch::States.new()
+            format
+          end
+
+          def format
+            return if STATES[:format]
+            puts "Format #{@disk} with #{@fs}"
+            exec("mkfs.fat -F32 #{@dev_boot_efi}") if @dev_boot_efi
+            exec("mkfs.#{@fs} -F #{@dev_boot}") if @dev_boot
+            #exec("mkswap -f #{@lv_swap}")
+            exec("mkfs.#{@fs} -F #{@lv_root}")
+            exec("mkfs.#{@fs} -F #{@lv_home}") if @lv_home
+            @state.format
+          end
+
+          private
+          def exec(cmd)
+            Getch::Command.new(cmd).run!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/lvm/encrypt/mount.rb

@@ -0,0 +1,64 @@
+require 'fileutils'
+
+module Getch
+  module FileSystem
+    module Lvm
+      module Encrypt
+        class Mount < Getch::FileSystem::Lvm::Encrypt::Device
+          def initialize
+            super
+            @root_dir = MOUNTPOINT
+            @boot_dir = "#{@root_dir}/boot"
+            @boot_efi_dir = "#{@root_dir}/boot/efi"
+            @home_dir = @user ? "#{@root_dir}/home/#{@user}" : nil
+            @state = Getch::States.new()
+          end
+
+          def run
+            return if STATES[:mount]
+            mount_swap
+            mount_root
+            mount_boot
+            mount_home
+            mount_boot_efi
+            @state.mount
+          end
+
+          private
+
+          def mount_swap
+            return if ! @lv_swap
+            system("swapon #{@lv_swap}")
+          end
+
+          def mount_root
+            return if ! @lv_root
+            Dir.mkdir(@root_dir, 0700) if ! Dir.exist?(@root_dir)
+            system("mount #{@lv_root} #{@root_dir}")
+          end
+
+          def mount_boot_efi
+            return if ! @dev_boot_efi
+            FileUtils.mkdir_p @boot_efi_dir, mode: 0700 if ! Dir.exist?(@boot_efi_dir)
+            system("mount #{@dev_boot_efi} #{@boot_efi_dir}")
+          end
+
+          def mount_boot
+            return if ! @dev_boot
+            FileUtils.mkdir_p @boot_dir, mode: 0700 if ! Dir.exist?(@boot_dir)
+            system("mount #{@dev_boot} #{@boot_dir}")
+          end
+
+          def mount_home
+            return if ! @lv_home
+            if @user != nil then
+              FileUtils.mkdir_p @home_dir, mode: 0700 if ! Dir.exist?(@home_dir)
+              system("mount #{@lv_home} #{@home_dir}")
+            end
+            @state.mount
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/filesystem/lvm/encrypt/partition.rb

@@ -0,0 +1,92 @@
+module Getch
+  module FileSystem
+    module Lvm
+      module Encrypt
+        class Partition < Getch::FileSystem::Lvm::Encrypt::Device
+          def initialize
+            super
+            @state = Getch::States.new()
+            @log = Log.new
+            run_partition
+          end
+
+          def run_partition
+            return if STATES[:partition ]
+            clear_struct
+            cleaning
+            partition
+            encrypt
+            lvm
+            @state.partition
+          end
+
+          private
+
+          def clear_struct
+            oldvg = `vgdisplay | grep #{@vg}`.chomp
+            exec("vgremove -f #{@vg}") if oldvg != '' # remove older volume group
+            exec("pvremove -f #{@dev_root}") if oldvg != '' and File.exist? @dev_root # remove older volume group
+
+            exec("sgdisk -Z /dev/#{@disk}")
+            exec("wipefs -a /dev/#{@disk}")
+          end
+
+          def cleaning
+            puts
+            print "Cleaning data on #{@disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? (n,y) "
+            case gets.chomp
+            when /^y|^Y/
+              bloc=`blockdev --getbsz /dev/#{@disk}`.chomp
+              exec("dd if=/dev/urandom of=/dev/#{@disk} bs=#{bloc} status=progress")
+            else
+              return
+            end
+          end
+
+          def partition
+            if Helpers::efi?
+              exec("sgdisk -n1:1M:+260M -t1:EF00 /dev/#{@disk}")
+              exec("sgdisk -n2:0:+0 -t2:8e00 /dev/#{@disk}")
+            else
+              exec("sgdisk -n1:1MiB:+1MiB -t1:EF02 /dev/#{@disk}")
+              exec("sgdisk -n2:0:+128MiB -t2:8300 /dev/#{@disk}")
+              exec("sgdisk -n3:0:+0 -t3:8e00 /dev/#{@disk}")
+            end
+          end
+
+          def encrypt
+            @log.info("Format root")
+            Helpers::sys("cryptsetup luksFormat #{@dev_root}")
+            @log.debug("Opening root")
+            Helpers::sys("cryptsetup open --type luks #{@dev_root} cryptroot")
+          end
+
+          def lvm
+            mem=`awk '/MemTotal/ {print $2}' /proc/meminfo`.chomp + 'K'
+            exec("pvcreate -f #{@luks_root}")
+            exec("vgcreate -f #{@vg} #{@luks_root}")
+            # Wipe old signature: https://github.com/chef-cookbooks/lvm/issues/45
+            exec("lvcreate -y -Wy -Zy -L 15G -n root #{@vg}")
+            exec("lvcreate -y -Wy -Zy -L #{mem} -n swap #{@vg}")
+            exec("lvcreate -y -Wy -Zy -l 100%FREE -n home #{@vg}") if @user
+            exec("vgchange --available y")
+          end
+
+          # Follow https://wiki.archlinux.org/index.php/Partitioning
+          # Partition_efi
+          # /boot/efi - EFI system partition - 260MB
+          # /         - Root
+
+          # Partition_bios
+          # None      - Bios Boot Partition - 1MiB
+          # /boot     - Boot - 8300
+          # /         - Root
+
+          def exec(cmd)
+            Getch::Command.new(cmd).run!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/getch/gentoo.rb

@@ -51,8 +51,8 @@ module Getch
         return if STATES[:gentoo_kernel]
         source = Getch::Gentoo::Sources.new()
         new
-        source.init_config
         source.build_kspp
+        source.init_config
         source.build_others
         source.make
         @state.kernel

data/lib/getch/gentoo/boot.rb

@@ -6,7 +6,7 @@ module Getch
       def initialize(opts)
         @disk = opts.disk
         @user = opts.username
-        @config = OPTIONS_FS[DEFAULT_OPTIONS[:fs]]::Config.new()
+        @config = Getch.class_fs::Config.new()
       end
 
       def start

data/lib/getch/gentoo/chroot.rb

@@ -11,7 +11,7 @@ module Getch
         return if STATES[:gentoo_update]
         puts "Downloading the last ebuilds for Gentoo..."
         Helpers::create_dir("#{MOUNTPOINT}/var/db/repos/gentoo")
-        cmd = "emerge-webrsync"
+        cmd = "emaint sync --auto"
         exec_chroot(cmd)
       end
 

data/lib/getch/gentoo/config.rb

@@ -24,18 +24,25 @@ module Getch
         File.write(@make, data.join("\n"), mode: "a")
       end
 
+      # Write a repos.conf/gentoo.conf with the gpg verification
       def repo
         src = "#{MOUNTPOINT}/usr/share/portage/config/repos.conf"
         dest = "#{MOUNTPOINT}/etc/portage/repos.conf"
         FileUtils.mkdir dest, mode: 0644 if ! Dir.exist?(dest)
+        tmp = Tempfile.new('gentoo.conf')
         line_count = 0
-        tmp_file = Tempfile.new('gentoo.conf')
+
         File.open(src).each { |l|
-          File.write(tmp_file, "sync-allow-hardlinks = yes\n", mode: 'a') if line_count == 2
-          File.write(tmp_file, l, mode: 'a')
+          File.write(tmp, "sync-allow-hardlinks = yes\n", mode: 'a') if line_count == 2
+          if l.match(/^sync-type = rsync/)
+            File.write(tmp, "sync-type = webrsync\n", mode: 'a')
+          else
+            File.write(tmp, l, mode: 'a')
+          end
           line_count += 1
         }
-        FileUtils.copy_file(tmp_file, "#{dest}/gentoo.conf", preserve = false)
+
+        FileUtils.copy_file(tmp, "#{dest}/gentoo.conf", preserve = false)
       end
 
       def network
@@ -50,7 +57,7 @@ module Getch
         File.write("#{MOUNTPOINT}/etc/locale.conf", "LANG=#{@lang}\n")
         File.write("#{MOUNTPOINT}/etc/locale.conf", 'LC_COLLATE=C', mode: 'a')
         File.write("#{MOUNTPOINT}/etc/timezone", "#{options.zoneinfo}")
-        File.write("#{MOUNTPOINT}/etc/vconsole.conf", "KEYMAP=#{options.keyboard}")
+        File.write("#{MOUNTPOINT}/etc/vconsole.conf", "KEYMAP=#{options.keymap}")
       end
 
       def hostname
@@ -74,7 +81,7 @@ module Getch
       def control_options(options)
         search_zone(options.zoneinfo)
         search_utf8(options.language)
-        search_key(options.keyboard)
+        search_key(options.keymap)
       end
 
       def search_key(keys)

data/lib/getch/gentoo/sources.rb

@@ -3,7 +3,7 @@ module Getch
     class Sources
       def initialize
         @lsmod = `lsmod`.chomp
-        @filesystem = OPTIONS_FS[DEFAULT_OPTIONS[:fs]]::Deps.new()
+        @filesystem = Getch.class_fs::Deps.new()
       end
 
       def build_others
@@ -20,7 +20,7 @@ module Getch
       end
 
       def make
-        if DEFAULT_OPTIONS[:fs] == 'lvm'
+        if DEFAULT_OPTIONS[:fs] == 'lvm' or DEFAULT_OPTIONS[:encrypt]
           @filesystem.make
         else
           just_make
@@ -77,6 +77,7 @@ module Getch
       end
 
       def install_zfs
+        return if ! DEFAULT_OPTIONS[:fs] == 'zfs'
         garden("-a zfs")
         only_make # a first 'make' is necessary before emerge zfs
         Getch::Emerge.new("sys-fs/zfs").pkg!

data/lib/getch/helpers.rb

@@ -46,4 +46,22 @@ module Helpers
     \""
     Getch::Command.new(script).run!
   end
+
+  def self.grep?(file, regex)
+    is_found = false
+    return is_found if ! File.exist? file
+    File.open(file) do |f|
+      f.each do |line|
+        is_found = true if line.match(regex)
+      end
+    end
+    is_found
+  end
+
+  def self.sys(cmd)
+    system(cmd)
+    unless $?.success?
+      raise "Error with #{cmd}"
+    end
+  end
 end

data/lib/getch/options.rb

@@ -2,12 +2,12 @@ require 'optparse'
 
 module Getch
   class Options
-    attr_reader :language, :zoneinfo, :keyboard, :disk, :fs, :username, :encrypt, :verbose
+    attr_reader :language, :zoneinfo, :keymap, :disk, :fs, :username, :encrypt, :verbose
 
     def initialize(argv)
       @language = DEFAULT_OPTIONS[:language]
       @zoneinfo = DEFAULT_OPTIONS[:zoneinfo]
-      @keyboard = DEFAULT_OPTIONS[:keyboard]
+      @keymap = DEFAULT_OPTIONS[:keymap]
       @disk = DEFAULT_OPTIONS[:disk]
       @fs = DEFAULT_OPTIONS[:fs]
       @username = DEFAULT_OPTIONS[:username]
@@ -26,8 +26,8 @@ module Getch
         opts.on("-z", "--zoneinfo ZONE", "Default is US/Eastern") do |zone|
           @zoneinfo = zone
         end
-        opts.on("-k", "--keyboard KEY", "Default is us") do |key|
-          @keyboard = key
+        opts.on("-k", "--keymap KEY", "Default is us") do |key|
+          @keymap = key
         end
         opts.on("-d", "--disk DISK", "Disk where install Gentoo (sda,sdb)") do |disk|
           @disk = disk
@@ -39,7 +39,7 @@ module Getch
         opts.on("-u", "--username USERNAME", "Initialize /home/username") do |user|
           @username = user
         end
-        opts.on("--encrypt", "Encrypt your filesystem.!! NOT YET READY !!") do
+        opts.on("--encrypt", "Encrypt your system with Luks2.") do
           @encrypt = true
         end
         opts.on("--verbose", "Write more messages to the standard output.") do

data/lib/getch/version.rb

@@ -1,3 +1,3 @@
 module Getch
-  VERSION = '0.0.8'.freeze
+  VERSION = '0.0.9'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: getch
 version: !ruby/object:Gem::Version
-  version: 0.0.8
+  version: 0.0.9
 platform: ruby
 authors:
 - szorfein
@@ -35,7 +35,7 @@ cert_chain:
   J/zT/q2Ac7BWpSLbv6p9lChBiEnD9j24x463LR5QQjDNS5SsjzRQfFuprsa9Nqf2
   Tw==
   -----END CERTIFICATE-----
-date: 2020-09-30 00:00:00.000000000 Z
+date: 2020-10-03 00:00:00.000000000 Z
 dependencies: []
 description: 
 email:
@@ -73,6 +73,13 @@ files:
 - lib/getch/filesystem/lvm/config.rb
 - lib/getch/filesystem/lvm/deps.rb
 - lib/getch/filesystem/lvm/device.rb
+- lib/getch/filesystem/lvm/encrypt.rb
+- lib/getch/filesystem/lvm/encrypt/config.rb
+- lib/getch/filesystem/lvm/encrypt/deps.rb
+- lib/getch/filesystem/lvm/encrypt/device.rb
+- lib/getch/filesystem/lvm/encrypt/format.rb
+- lib/getch/filesystem/lvm/encrypt/mount.rb
+- lib/getch/filesystem/lvm/encrypt/partition.rb
 - lib/getch/filesystem/lvm/format.rb
 - lib/getch/filesystem/lvm/mount.rb
 - lib/getch/filesystem/lvm/partition.rb