warding 0.2.7 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80f1a448f9e2dca165d0ae31d4d745b2bd6641a768d2455d64086bb04132a098
-  data.tar.gz: d6afdd80c3497c2a6fd39dda60ebdcedb63d02483116c8ee68b0861f079f93a1
+  metadata.gz: 0e583d6fd634faea6fc3c02764e74d6ecaa11a1d0c12799fe0aa2138c3a9ed8b
+  data.tar.gz: 616f5c4f6878b89faa1de8f694ed982eb53302677e9a17d7ed92da2a3b684f77
 SHA512:
-  metadata.gz: 3baef4c001d534fc9dcb595fb10b4b222121e2a161980c153856bee1365db895055b29b644f14739bba69b59535b9cf84359c7c3df69f52be676f8648916b10f
-  data.tar.gz: 5acd8f21a504566276ad9e54a6407307bca3ea3b9e16f7d2001dadc8f80b60f62615f7fc4fac49f77caec34c6f1cf9c8563d13c80b1d0caed57e8f7301f7f22c
+  metadata.gz: 915cb9da2438da92acaeb61e5457fd837d0606897691ef4b4106bd1c03b9041c20d390eeea2b6539699d079aa55521101062974481d9572d5da8b896efcd332e
+  data.tar.gz: 349f376ce8339dc37d9dd32d4985b26c1fe7fbd7ca23cd1895339ae846b279bd4cfa9b731805e8855bbf0766130216600d9549df6d85d8bb7af97c26561a0c3c

data/README.md

@@ -20,14 +20,9 @@ gem install warding
 
 ## Tasklist
 
-* Add sddm and gdm extra confs.
 * Refactor.
 * Suppress outputs.
-* Add AUR support.
-* Code missing features.
 * Add extra checks.
-* Add GitHub actions.
-* Publish gem/package on GitHub.
 
 ## Contributing
 

data/bin/warding

@@ -12,4 +12,8 @@ warding.check
 # gather inputs from the user
 user_input = warding.gather
 # install warding
-warding.install(user_input)
+if user_input[:system_settings][:encrypted]
+  warding.install(user_input, true)
+else
+  warding.install(user_input)
+end

data/debug/install.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+pacman -R man-pages --noconfirm
+pacman -S ruby glibc libxcrypt --noconfirm
+gem install bundle rake
+export PATH="`ruby -e 'puts Gem.user_dir'`/bin:$PATH"
+bundle
+rake install
+warding

data/lib/warding.rb

@@ -53,29 +53,11 @@ module Warding
         key(:root_password).mask("Insert new root password:", required: true)
 
         key(:system_settings) do
-          bootloader = key(:bootloader).select("Which bootloader to use?", %w[systemd-boot grub])
-          partitions = key(:partitions).select(
-            "Select partition scheme to use:", ["/boot and /root", "/boot, /root and /home"]
-          )
-
           key(:boot_size).slider("Boot drive partition size (MiB):", min: 512, max: 4096, default: 1024, step: 128)
-
-          if partitions == "/boot, /root and /home"
-            key(:home_size).slider("Home partition size (MiB):", min: 2048, max: 8192, default: 4096, step: 256)
-          end
-
           key(:swap_size).slider("Swap partition size (MiB):", min: 1024, max: 8192, default: 2048, step: 256)
 
-          if @@prompt.yes?("Enable encryption?", default: false)
+          if key(:encrypted).yes?("Enable encryption?", default: false)
             key(:encryption_settings) do
-              key(:encryption_mode).expand("Which cryptic setup to use?") do |q|
-                if partitions == "/boot, /root and /home"
-                  q.choice key: "m", name: "minimal (/home only)" do :minimal end
-                  q.choice key: "s", name: "safe (/home, /var, /tmp and swap)", value: :safe
-                end
-                q.choice key: "p", name: "paranoid (full disk encryption, except /boot)", value: :paranoid
-                q.choice key: "i", name: "insane (full disk encryption)", value: :insane if bootloader == "grub"
-              end
               key(:encryption_key).mask("Insert the encryption key:", required: true)
             end
           end
@@ -87,7 +69,7 @@ module Warding
       parsed_input
     end
 
-    def install(data)
+    def install(data, encrypted=false)
       if @@prompt.yes?("Confirm settings and continue?")
 
         @@prompt.say("Installing, please wait...")
@@ -125,56 +107,56 @@ module Warding
 
         setup_partitions(data[:system_settings][:boot_size])
 
-        def setup_lvm(scheme, swap_size, home_size = false)
-          # create physical volume
-          `pvcreate /dev/sda2`
-          # create virtual group
-          `vgcreate vg0 /dev/sda2`
+        def setup_lvm(swap_size, key=false)
+          # setup encryption
+          if key
+            # create an encrypted volume
+            `echo "#{key}" | cryptsetup -q luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 512 /dev/sda2`
+            # open the volume
+            `echo "#{key}" | cryptsetup open /dev/sda2 cryptlvm -`
+            # setup lvm
+            `pvcreate /dev/mapper/cryptlvm`
+            # create virtual group
+            `vgcreate vg0 /dev/mapper/cryptlvm`
+          else
+            # create physical volume
+            `pvcreate /dev/sda2`
+            # create virtual group
+            `vgcreate vg0 /dev/sda2`
+          end
           # create logical volumes
           `lvcreate -L #{swap_size}Mib vg0 -n swap`
-          if scheme == "/boot, /root and /home"
-            `lvcreate -L #{home_size}Mib vg0 -n home`
-          end
           `lvcreate -l 100%FREE vg0 -n root`
-          # make and mount root fs
+          # make and mount rootfs
           `mkfs.ext4 /dev/vg0/root`
           `mount /dev/vg0/root /mnt`
-          # make and mount home folder
-          if scheme == "/boot, /root and /home"
-            `mkfs.ext4 /dev/vg0/home`
-            `mount /dev/vg0/home /mnt/home`
-          end
           # make and mount boot partition
           `mkfs.fat -F32 /dev/sda1`
           `mkdir /mnt/boot`
-          if data[:system_settings][:bootloader] == "systemd-boot"
-            `mount /dev/sda1 /mnt/boot`
-          else
-            `mount /dev/sda1 /mnt/boot/efi`
-          end
+          `mount /dev/sda1 /mnt/boot`
           # setup swap
           `mkswap /dev/vg0/swap`
           `swapon /dev/vg0/swap`
         end
 
-        if data[:system_settings][:partition] == "/boot, /root and /home"
-          setup_lvm(data[:system_settings][:partition], data[:system_settings][:swap_size], data[:system_settings[:home_size]])
+        if encrypted
+          setup_lvm(data[:system_settings][:swap_size], data[:system_settings][:encryption_settings][:encryption_key])
         else
-          setup_lvm(data[:system_settings][:partition], data[:system_settings][:swap_size])
+          setup_lvm(data[:system_settings][:swap_size])
         end
 
         def setup_packages
           # update packages list
           `pacman -Syy`
           # install base system
-          `pacstrap /mnt base base-devel linux linux-firmware lvm2 mkinitcpio dmidecode reflector networkmanager cronie man-db nano vi fuse wget openbsd-netcat dhcpcd samba openssh openvpn unzip vim git zsh`
+          `pacstrap /mnt base base-devel linux linux-firmware linux-headers lvm2 mkinitcpio dmidecode reflector networkmanager cronie man-db nano vi fuse wget openbsd-netcat dhcpcd samba openssh openvpn unzip vim git zsh`
           # generate fstab
           `genfstab -U /mnt >> /mnt/etc/fstab`
         end
 
         setup_packages
 
-        def setup_chroot(lang, keymap, password)
+        def setup_chroot(lang, keymap, password, encrypted=false)
           # set timezone
           `arch-chroot /mnt ln -sf /usr/share/zoneinfo/"$(curl -s https://ipapi.co/timezone)" /etc/localtime`
           # update clock
@@ -192,33 +174,43 @@ module Warding
           # update root password
           `echo -e "#{password}\n#{password}" | arch-chroot /mnt passwd`
           # update hooks
-          `sed -i "/^HOOK/s/filesystems/lvm2 filesystems/" /mnt/etc/mkinitcpio.conf`
+          if encrypted
+            `sed -i "/^HOOK/s/modconf/keyboard keymap modconf/" /mnt/etc/mkinitcpio.conf`
+            `sed -i "/^HOOK/s/filesystems/encrypt lvm2 filesystems/" /mnt/etc/mkinitcpio.conf`
+          else
+            `sed -i "/^HOOK/s/filesystems/lvm2 filesystems/" /mnt/etc/mkinitcpio.conf`
+          end
           # recompile initramfs
-          `arch-chroot /mnt mkinitcpio -p linux`
+          `arch-chroot /mnt mkinitcpio -P`
           # add intel microcode
           `arch-chroot /mnt pacman -S intel-ucode --noconfirm`
         end
 
-        setup_chroot(data[:system_language], data[:keyboard_keymap], data[:root_password])
+        if encrypted
+          setup_chroot(data[:system_language], data[:keyboard_keymap], data[:root_password], true)
+        else
+          setup_chroot(data[:system_language], data[:keyboard_keymap], data[:root_password])
+        end
 
-        def setup_bootloader(loader)
+        def setup_bootloader(encrypted=false)
           # setup systemd-boot
-          if loader == "systemd-boot"
-            `arch-chroot /mnt bootctl install`
-            `echo "title Warding Linux
-            linux /vmlinuz-linux
-            initrd /intel-ucode.img
-            initrd /initramfs-linux.img
-            options root=/dev/vg0/root rw" > /mnt/boot/loader/entries/warding.conf`
+          `arch-chroot /mnt bootctl install`
+          `echo "title Warding Linux
+          linux /vmlinuz-linux
+          initrd /intel-ucode.img
+          initrd /initramfs-linux.img" > /mnt/boot/loader/entries/warding.conf`
+          if encrypted
+            `echo "options cryptdevice=UUID=$(blkid -s UUID -o value /dev/sda2):cryptlvm:allow-discards root=/dev/vg0/root quiet rw" >> /mnt/boot/loader/entries/warding.conf`
           else
-            # setup grub
-            `arch-chroot /mnt pacman -S grub efibootmgr --noconfirm`
-            `arch-chroot /mnt grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB`
-            `arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg`
+            `echo "options root=/dev/vg0/root rw" >> /mnt/boot/loader/entries/warding.conf`
           end
         end
 
-        setup_bootloader(data[:system_settings][:bootloader])
+        if encrypted
+          setup_bootloader(true)
+        else
+          setup_bootloader
+        end
 
         def setup_usability
           # enable internet
@@ -230,19 +222,22 @@ module Warding
           # enable cron jobs
           `arch-chroot /mnt systemctl enable cronie`
           # change default shell
-          `arch-chroot /mnt chsh -s $(which zsh)"`
+          `arch-chroot /mnt chsh -s /usr/bin/zsh`
           # setup blackarch's keyring
-          `wget -q https://blackarch.org/keyring/blackarch-keyring.pkg.tar.xz{,.sig}`
-          `gpg --keyserver hkp://pgp.mit.edu --recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3 > /dev/null 2>&1`
-          `gpg --keyserver-options no-auto-key-retrieve --with-fingerprint blackarch-keyring.pkg.tar.xz.sig > /dev/null 2>&1`
-          `rm blackarch-keyring.pkg.tar.xz.sig`
-          `pacman-key --init`
-          `pacman --config /dev/null --noconfirm -U blackarch-keyring.pkg.tar.xz`
-          `pacman-key --populate`
+          `arch-chroot /mnt curl -s -O https://blackarch.org/keyring/blackarch-keyring.pkg.tar.xz{,.sig}`
+          `arch-chroot /mnt gpg --keyserver hkp://pgp.mit.edu --recv-keys 4345771566D76038C7FEB43863EC0ADBEA87E4E3`
+          `arch-chroot /mnt gpg --keyserver-options no-auto-key-retrieve --with-fingerprint blackarch-keyring.pkg.tar.xz.sig`
+          `arch-chroot /mnt pacman-key --init`
+          `arch-chroot /mnt rm blackarch-keyring.pkg.tar.xz.sig`
+          `arch-chroot /mnt pacman --noconfirm -U blackarch-keyring.pkg.tar.xz`
+          `arch-chroot /mnt pacman-key --populate`
+          `arch-chroot /mnt rm blackarch-keyring.pkg.tar.xz`
+          `arch-chroot /mnt curl -s https://blackarch.org/blackarch-mirrorlist -o /etc/pacman.d/blackarch-mirrorlist`
+          `echo "[blackarch]\nInclude = /etc/pacman.d/blackarch-mirrorlist" >> /mnt/etc/pacman.conf`
           # update package list
-          `pacman -Syy`
+          `arch-chroot /mnt pacman -Syy`
           # check if on VM
-          if `dmidecode -s system-manufacturer`.include?("VMware, Inc.")
+          if `arch-chroot /mnt dmidecode -s system-manufacturer`.include?("VMware, Inc.")
             # install and enable VMware utils
             `arch-chroot /mnt pacman -S openvpn-vm-tools --noconfirm`
             `arch-chroot /mnt systemctl enable vmtoolsd`
@@ -253,7 +248,7 @@ module Warding
 
         def setup_visuals(theme = "none")
           if theme == "none"
-            break
+            nil
           elsif theme == "kde"
             # install packages
             `arch-chroot /mnt pacman -S xorg-server xf86-video-intel plasma konsole dolphin kmix sddm kvantum-qt5`

data/lib/warding/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Warding
-  VERSION = "0.2.7"
+  VERSION = "1.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: warding
 version: !ruby/object:Gem::Version
-  version: 0.2.7
+  version: 1.0.0
 platform: ruby
 authors:
 - Marlos Pomin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-28 00:00:00.000000000 Z
+date: 2020-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: tty-prompt
@@ -41,6 +41,7 @@ files:
 - README.md
 - Rakefile
 - bin/warding
+- debug/install.sh
 - lib/warding.rb
 - lib/warding/version.rb
 - warding.gemspec