penguins-eggs 25.10.19 → 25.10.24

package/dist/classes/ovary.d/luks-root-initrd.js

@@ -0,0 +1,213 @@
+/**
+ * ./src/classes/ovary.d/initrd-luks.ts
+ * penguins-eggs v.25.7.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+// packages
+import fs from 'fs';
+import path from 'node:path';
+// classes
+import { exec } from '../../lib/utils.js';
+import Utils from '../utils.js';
+// _dirname
+const __dirname = path.dirname(new URL(import.meta.url).pathname);
+const noop = () => { };
+/**
+ * Creates a streamlined initrd image for Debian/Ubuntu with LUKS support using mkinitramfs within a temporary chroot.
+ * Copies the necessary unlock script, ensures losetup is included via a hook, and wraps /scripts/live for debugging.
+ * Assumes live-boot and cryptsetup packages are installed in the chroot.
+ * No cleanup of /etc modifications is performed as the chroot is temporary.
+ * @param this - Ovary instance context
+ * @param verbose - Whether to show verbose output
+ */
+export async function luksRootInitrd(verbose = false) {
+    const loggers = {
+        log: this.hidden ? noop : console.log,
+        warning: this.hidden ? noop : Utils.warning,
+        success: this.hidden ? noop : Utils.success,
+        info: this.hidden ? noop : Utils.info,
+    };
+    const { log, warning, success, info } = loggers;
+    if (this.hidden) {
+        Utils.warning("intentionally blank. System is working, please wait");
+    }
+    log();
+    log('===========================================================================');
+    log(`Creating ${this.initrd} for LUKS using mkinitramfs`);
+    log('===========================================================================');
+    // --- Core Paths & Config ---
+    const chrootPath = path.join(this.dotMnt, 'filesystem.squashfs');
+    const kernelVersion = this.kernel;
+    const initrdBaseName = path.basename(this.initrd);
+    const logBaseName = `${this.settings.config.snapshot_prefix}mkinitramfs.log.txt`;
+    const finalInitrdDestPath = path.join(this.settings.iso_work, 'live', initrdBaseName); // Define final destination early for logging
+    try {
+        // --- 2. Prepare Chroot Environment ---
+        warning("Preparing chroot environment...");
+        // --- 2.1 Copy boot-encrypted-root.sh
+        {
+            const bootEncryptedRootName = 'boot-encrypted-root.sh'; // Corrected to lowercase zz-
+            const srcbootEncryptedRootPath = path.join(__dirname, '../../../scripts', bootEncryptedRootName);
+            const chrootbootEncryptedRootDir = '/etc/initramfs-tools/scripts/live-premount';
+            const chrootbootEncryptedRootPath = path.join(chrootbootEncryptedRootDir, bootEncryptedRootName);
+            const hostDestbootEncryptedRootDir = path.join(chrootPath, chrootbootEncryptedRootDir);
+            const hostDestbootEncryptedRootPath = path.join(chrootPath, chrootbootEncryptedRootPath);
+            if (!fs.existsSync(srcbootEncryptedRootPath)) {
+                throw new Error(`Unlock script source not found: ${srcbootEncryptedRootPath}`);
+            }
+            await exec(`mkdir -p "${hostDestbootEncryptedRootDir}"`);
+            await exec(`cp "${srcbootEncryptedRootPath}" "${hostDestbootEncryptedRootPath}"`);
+            await exec(`chmod +x "${hostDestbootEncryptedRootPath}"`);
+            success(`Copied ${bootEncryptedRootName} script to ${hostDestbootEncryptedRootDir}`);
+        }
+        // --- 2.2 Create dummy /etc/crypttab if needed ---
+        {
+            const chrootCrypttabPath = '/etc/crypttab';
+            const hostCrypttabPath = path.join(chrootPath, chrootCrypttabPath);
+            if (!fs.existsSync(hostCrypttabPath)) {
+                const crypttabContent = "# Dummy entry to ensure cryptsetup is included\ncryptroot UUID=none none luks\n";
+                fs.writeFileSync(hostCrypttabPath, crypttabContent, 'utf-8');
+                success(`Created crypttab on ${path.dirname(hostCrypttabPath)}`);
+            }
+            else {
+                info(`${hostCrypttabPath} already exists.`);
+            }
+        }
+        // --- 2.3 Add hook ---
+        // Utils.warning(`Generating required hook scripts`)
+        await addHook('/usr/sbin/losetup', chrootPath, loggers);
+        await addHook('/usr/bin/rsync', chrootPath, loggers);
+        // --- 2.4 Add modules ---
+        // addModules('overlay', chrootPath)
+        // --- 3. Execute mkinitramfs INSIDE Chroot ---
+        {
+            warning(`Running mkinitramfs for kernel ${kernelVersion} inside chroot...`);
+            const chrootTmpInitrdPath = `/tmp/${initrdBaseName}`;
+            let logFilePath = path.join(this.settings.iso_work, logBaseName);
+            if (this.hidden) {
+                logFilePath = '/dev/null';
+            }
+            const mkinitramfsCmd = `mkinitramfs -v -o "${chrootTmpInitrdPath}" ${kernelVersion}`;
+            const chrootCmd = `chroot "${chrootPath}" /bin/bash -c "${mkinitramfsCmd}" > "${logFilePath}" 2>&1`;
+            await exec(chrootCmd, this.echo);
+            success(`mkinitramfs completed. Log: ${logFilePath}`);
+        }
+        // --- 4. Move Result ---
+        {
+            const chrootTmpInitrdPath = `/tmp/${initrdBaseName}`; // Re-declare for scope
+            const hostTmpInitrdPath = path.join(chrootPath, chrootTmpInitrdPath);
+            if (fs.existsSync(hostTmpInitrdPath)) {
+                info(`Moving generated initrd to ${finalInitrdDestPath}`);
+                await exec(`mv "${hostTmpInitrdPath}" "${finalInitrdDestPath}"`);
+                success(`Initrd moved successfully.`);
+            }
+            else {
+                Utils.error(`Generated initrd not found at ${hostTmpInitrdPath}. Build failed!`);
+                throw new Error("mkinitramfs did not produce the expected output file.");
+            }
+            // process.exit()
+        }
+    }
+    catch (error) {
+        Utils.error(`Error during LUKS initrd generation: ${error}`);
+        const logFilePath = path.join(this.settings.iso_work, logBaseName); // Re-declare for scope
+        if (error instanceof Error && error.message.includes('mkinitramfs inside chroot failed')) {
+            Utils.warning(`Check mkinitramfs log: ${logFilePath}`);
+        }
+        throw error; // Re-throw error
+    }
+    success(`Finished creating LUKS initrd: ${finalInitrdDestPath}`);
+}
+/**
+ * Genera e installa uno script hook di initramfs-tools nel chroot.
+ * Copia il comando specificato nella sua directory di destinazione
+ * standard (/bin o /sbin) all'interno dell'initramfs.
+ * @param cmdPath Path assoluto del comando da copiare *nel chroot* (es. '/usr/sbin/losetup')
+ * @param chrootPath Path assoluto alla radice del chroot
+ */
+async function addHook(cmdPath, chrootPath, loggers) {
+    const { log, warning, success, info } = loggers;
+    const chrootHooksDirPath = '/etc/initramfs-tools/hooks';
+    const hostHooksDirPath = path.join(chrootPath, chrootHooksDirPath);
+    const cmd = path.basename(cmdPath); // es. 'losetup'
+    const hookScriptName = `add-${cmd}-hook.sh`; // es. 'add-losetup-hook.sh'
+    const hostHookPath = path.join(hostHooksDirPath, hookScriptName);
+    if (!fs.existsSync(cmdPath)) {
+        Utils.error(`Dont' exists ${cmdPath}`);
+        process.exit();
+    }
+    let destDir = "/sbin"; // Default a /sbin per i comandi di amministrazione
+    // Determina la destinazione corretta
+    if (cmdPath.includes('/usr/bin') || cmdPath.includes('/bin')) {
+        destDir = "/bin"; // Comandi utente
+    }
+    else if (cmdPath.includes('/usr/sbin') || cmdPath.includes('/sbin')) {
+        destDir = "/sbin"; // Comandi amministrativi
+    }
+    // Crea la riga di comando per l'hook
+    const copyLine = `copy_exec ${cmdPath} ${destDir} || echo "WARNING: Failed to copy ${cmdPath} to ${destDir}" >&2`;
+    // Crea il contenuto boilerplate dello script hook
+    const hookContent = `#!/bin/sh
+# Hook: ${hookScriptName}
+# Generato automaticamente da penguins-eggs
+# Copia ${cmdPath} in ${destDir}
+
+PREREQ=""
+case $1 in prereqs) echo "\${PREREQ}"; exit 0;; esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+echo "EGGS-HOOK: Esecuzione hook ${hookScriptName}..."
+${copyLine}
+
+exit 0
+`;
+    try {
+        await exec(`mkdir -p "${hostHooksDirPath}"`);
+        // Scrive il file e lo rende eseguibile (mode 0o755)
+        fs.writeFileSync(hostHookPath, hookContent, { mode: 0o755, encoding: 'utf-8' });
+        // console.log(hookContent)
+        success(`Generated and set executable hook: ${hookScriptName}`);
+    }
+    catch (err) {
+        Utils.error(`Failed to write hook script ${hostHookPath}: ${err.message}`);
+        process.exit(1);
+        throw err; // Lancia l'errore per fermare il processo
+    }
+}
+/**
+ *
+ * @param module
+ * @param chrootPath
+ */
+function addModules(module, chrootPath, loggers) {
+    const { log, warning, success, info } = loggers;
+    const chrootModulesFilePath = '/etc/initramfs-tools/modules'; // Relative inside chroot
+    const hostModulesFilePath = path.join(chrootPath, chrootModulesFilePath); // Absolute on host fs
+    let modulesContent = '';
+    let needsUpdate = false;
+    if (fs.existsSync(hostModulesFilePath)) {
+        modulesContent = fs.readFileSync(hostModulesFilePath, 'utf-8');
+    }
+    else {
+        // inizializzazione modules
+        modulesContent = '\n';
+    }
+    if (modulesContent.includes(`\n${module}\n`)) {
+        info(`'${module}' module already present.`);
+    }
+    else {
+        info(`Added '${module}' module on ${hostModulesFilePath}`);
+        if (!modulesContent.endsWith('\n')) {
+            modulesContent += '\n';
+        }
+        modulesContent += `${module}\n`;
+        needsUpdate = true;
+    }
+    if (needsUpdate) {
+        fs.writeFileSync(hostModulesFilePath, modulesContent, 'utf-8');
+        success(`Updated ${hostModulesFilePath} with 'overlay'.`);
+    }
+}

package/dist/classes/ovary.d/luks-root.js

@@ -10,6 +10,7 @@ import fs from 'fs';
 import { spawn } from 'node:child_process';
 import Utils from '../utils.js';
 import { exec } from '../../lib/utils.js';
+const noop = () => { };
 /**
  * luksRoot()
  *
@@ -17,39 +18,48 @@ import { exec } from '../../lib/utils.js';
  * filesystem.squashfs
  */
 export async function luksRoot() {
-    // filesystem.squashfs.real
-    const live_fs = `${this.settings.iso_work}live/filesystem.squashfs.real`;
+    const loggers = {
+        log: this.hidden ? noop : console.log,
+        warning: this.hidden ? noop : Utils.warning,
+        success: this.hidden ? noop : Utils.success,
+        info: this.hidden ? noop : Utils.info,
+    };
+    const { log, warning, success, info } = loggers;
+    // filesystem.squashfs
+    const live_fs = `${this.settings.iso_work}live/filesystem.squashfs`;
     try {
         /**
-         * this.luksName = 'luks.img';
-         * this.luksFile = `/tmp/${luksName}`
-         * this.luksDevice = `/dev/mapper/${luksName}`
-         * this.luksMappedName = this.luksName
-         * this.luksMountpoint = `/tmp/mnt/${luksName}`
-         * this.luksPassword = 'evolution'
+         * this.luksMappedName = 'luks.img';
+         * this.luksFile = `/tmp/${luksMappedName}`
+         * this.luksDevice = `/dev/mapper/${luksMappedName}`
+         * this.luksMountpoint = `/tmp/mnt/${luksMappedName}`
+         * this.luksPassword = '0'
          */
-        console.log();
-        console.log('====================================');
-        console.log(` Creating ${this.luksName}`);
-        console.log('====================================');
-        // Utils.warning('1. Calculation of space requirements...')
-        const sizeString = (await exec(`unsquashfs -s ${live_fs} | grep "Filesystem size" | sed -e 's/.*size //' -e 's/ .*//'`, { capture: true, echo: false })).data;
-        let size = Number.parseInt(sizeString); // Dimensione in Byte
-        // Add overhead * 1.20
-        const luksSize = Math.ceil(size * 1.20);
-        Utils.warning(`filesystem.squashfs size: ${bytesToGB(size)}`);
-        Utils.warning(`partition LUKS ${this.luksFile} size: ${bytesToGB(luksSize)}`);
-        Utils.warning(`creating partition LUKS: ${this.luksFile}`);
+        if (this.hidden) {
+            Utils.warning("intentionally blank. System is working, please wait");
+        }
+        log();
+        log('====================================');
+        log(` Creating ${this.luksMappedName}`);
+        log('====================================');
+        if (!fs.existsSync(live_fs)) {
+            throw new Error(`filesystem.squashfs not found at: ${live_fs}`);
+        }
+        const stats = fs.statSync(live_fs);
+        let size = stats.size; // Dimensione REALE del file in Byte
+        // Add overhead * 1.25 per più sicurezza con file grandi
+        const luksSize = Math.ceil(size * 1.25);
+        warning(`filesystem.squashfs size: ${bytesToGB(size)}`);
+        warning(`partition LUKS ${this.luksFile} size: ${bytesToGB(luksSize)}`);
+        warning(`creating partition LUKS: ${this.luksFile}`);
         await executeCommand('truncate', ['--size', `${luksSize}`, this.luksFile]);
-        Utils.warning(`formatting ${this.luksFile} as a LUKS volume...`);
+        warning(`formatting ${this.luksFile} as a LUKS volume...`);
         await executeCommand('cryptsetup', ['--batch-mode', 'luksFormat', this.luksFile], `${this.luksPassword}\n`);
-        this.luksUuid = (await exec(`cryptsetup luksUUID ${this.luksFile}`, { capture: true, echo: false })).data.trim();
-        Utils.warning(`LUKS uuid: ${this.luksUuid}`);
-        Utils.warning(`opening the LUKS volume. It will be mapped to ${this.luksDevice}`);
+        warning(`opening the LUKS volume. It will be mapped to ${this.luksDevice}`);
         await executeCommand('cryptsetup', ['luksOpen', this.luksFile, this.luksMappedName], `${this.luksPassword}\n`);
-        Utils.warning(`formatting ext4`);
-        await exec(`mkfs.ext4 -L live-root ${this.luksDevice}`, this.echo);
-        Utils.warning(`mounting ${this.luksDevice} on ${this.luksMountpoint}`);
+        warning(`formatting ext4 (without journal)...`);
+        await exec(`mkfs.ext4 -O ^has_journal -L live-root ${this.luksDevice}`, this.echo);
+        warning(`mounting ${this.luksDevice} on ${this.luksMountpoint}`);
         if (fs.existsSync(this.luksMountpoint)) {
             if (!Utils.isMountpoint(this.luksMountpoint)) {
                 await exec(`rm -rf ${this.luksMountpoint}`, this.echo);
@@ -59,14 +69,29 @@ export async function luksRoot() {
             }
         }
         await exec(`mkdir -p ${this.luksMountpoint}`, this.echo);
-        await exec(`mount /dev/mapper/${this.luksName} ${this.luksMountpoint}`, this.echo);
-        Utils.warning(`moving ${live_fs} ${this.luksMountpoint}/filesystem.squashfs`);
-        await exec(`mv  ${live_fs} ${this.luksMountpoint}/filesystem.squashfs`, this.echo);
-        Utils.warning(`unmount ${this.luksMountpoint} `);
-        await exec(`umount ${this.luksMountpoint}`, this.echo);
-        Utils.warning(`closing LUKS volume ${this.luksFile}.`);
+        await exec(`mount /dev/mapper/${this.luksMappedName} ${this.luksMountpoint}`, this.echo);
+        warning(`moving ${live_fs} ${this.luksMountpoint}/filesystem.squashfs`);
+        await exec(`mv ${live_fs} ${this.luksMountpoint}/filesystem.squashfs`, this.echo);
+        warning(`Syncing filesystem on ${this.luksMountpoint}...`);
+        await exec('sync', this.echo); // Forza scrittura dati su disco
+        warning(`Attempting unmount ${this.luksMountpoint}...`);
+        try {
+            await exec(`umount ${this.luksMountpoint}`, this.echo);
+            success(`Unmounted ${this.luksMountpoint} successfully.`);
+        }
+        catch (umountError) {
+            Utils.error(`Failed to unmount ${this.luksMountpoint}! Trying force unmount...`);
+            // Tenta un unmount forzato/lazy come ultima risorsa
+            await exec(`umount -lf ${this.luksMountpoint}`).catch((forceError) => {
+                Utils.error(`Force unmount also failed: ${forceError}`);
+                // Considera se lanciare un errore qui per fermare il processo
+            });
+            // Lancia comunque l'errore originale per segnalare il problema
+            throw umountError;
+        }
+        warning(`closing LUKS volume ${this.luksFile}.`);
         await executeCommand('cryptsetup', ['close', this.luksMappedName]);
-        Utils.warning(`moving ${this.luksMappedName} on (ISO)/live.`);
+        warning(`moving ${this.luksMappedName} on (ISO)/live.`);
         await exec(`mv ${this.luksFile} ${this.settings.iso_work}/live`, this.echo);
     }
     catch (error) {
@@ -81,7 +106,7 @@ export async function luksRoot() {
             await exec(`umount -lf ${this.luksMountpoint}`).catch(() => { });
         }
         if (fs.existsSync(this.luksDevice)) {
-            await executeCommand('cryptsetup', ['luksClose', this.luksName]).catch(() => { });
+            await executeCommand('cryptsetup', ['close', this.luksMappedName]).catch(() => { });
         }
         await Utils.pressKeyToExit();
         process.exit(1);

package/dist/classes/ovary.d/make-dot-disk.js

@@ -28,7 +28,16 @@ export function makeDotDisk(info = '', mksquashfs = '', mkisofs = '') {
      * write volid .disk/info
      * Required
      */
-    let volidContent = this.settings.isoFilename;
+    let volidContent = "Linux live";
+    if (this.hidden) {
+        fs.writeFileSync(path.join(dotDisk, 'info'), volidContent, 'utf-8');
+        return;
+    }
+    /**
+     * write volid .disk/info
+     * Complete
+     */
+    volidContent = this.settings.isoFilename;
     fs.writeFileSync(path.join(dotDisk, 'info'), volidContent, 'utf-8');
     /**
      * A readme now replace the old .disk/info

package/dist/classes/ovary.d/make-efi.js

@@ -172,53 +172,67 @@ export async function makeEfi(theme = 'eggs') {
      * creating grub.cfg (4) on (ISO)/boot/grub
      */
     Utils.warning("creating grub.cfg main on (ISO)/boot/grub");
-    // copy splash to efiWorkDir
+    // splash.png
+    let splashSrc = '';
     const splashDest = `${efiWorkDir}/boot/grub/splash.png`;
-    let splashSrc = path.resolve(__dirname, `../../../addons/${theme}/theme/livecd/splash.png`);
-    if (this.theme.includes('/')) {
-        splashSrc = `${theme}/theme/livecd/splash.png`;
+    let themeSrc = '';
+    const themeDest = `${isoDir}/boot/grub/theme.cfg`;
+    let grubTemplate = '';
+    if (this.hidden) {
+        splashSrc = path.resolve(__dirname, `../../../addons/${theme}/theme/livecd/generic-splash.png`);
+        grubTemplate = path.resolve(__dirname, '../../../addons/eggs/theme/livecd/generic.grub.main.cfg');
+        themeSrc = path.resolve(__dirname, '../../../addons/eggs/theme/livecd/generic.grub.theme.cfg');
     }
-    if (!fs.existsSync(splashSrc)) {
-        Utils.warning(`warning: ${splashSrc} does not exists`);
-        process.exit(1);
+    else {
+        // copy splash to efiWorkDir
+        splashSrc = path.resolve(__dirname, `../../../addons/${theme}/theme/livecd/splash.png`);
+        if (this.theme.includes('/')) {
+            splashSrc = `${theme}/theme/livecd/splash.png`;
+        }
+        if (!fs.existsSync(splashSrc)) {
+            Utils.warning(`warning: ${splashSrc} does not exists`);
+            process.exit(1);
+        }
+        // select themeSrc
+        themeSrc = path.resolve(__dirname, `../../../addons/${theme}/theme/livecd/grub.theme.cfg`);
+        if (this.theme.includes('/')) {
+            themeSrc = `${theme}/theme/livecd/grub.theme.cfg`;
+        }
+        // copy theme
+        if (!fs.existsSync(themeSrc)) {
+            Utils.error(`error: ${themeSrc} does not exist`);
+            process.exit(1);
+        }
+        // selecting available fonts
+        if (fs.existsSync('/usr/share/grub/font.pf2')) {
+            await exec(`cp /usr/share/grub/font.pf2 ${efiWorkDir}boot/grub/font.pf2`, this.echo);
+        }
+        else if (fs.existsSync('/usr/share/grub/unicode.pf2')) {
+            await exec(`cp /usr/share/grub/unicode.pf2 ${efiWorkDir}boot/grub/font.pf2`, this.echo);
+        }
+        else if (fs.existsSync('/usr/share/grub/ascii.pf2')) {
+            await exec(`cp /usr/share/grub/ascii.pf2 ${efiWorkDir}boot/grub/font.pf2`, this.echo);
+        }
+        // Copy workdir files to ISO/boot
+        await exec(`rsync -avx  ${efiWorkDir}/boot ${isoDir}/`, this.echo);
+        /**
+         * prepare main grub.cfg from grub.main.cfg
+         */
+        grubTemplate = `${theme}/theme/livecd/grub.main.cfg`;
+        if (!fs.existsSync(grubTemplate)) {
+            grubTemplate = path.resolve(__dirname, '../../../addons/eggs/theme/livecd/grub.main.cfg');
+        }
+        if (!fs.existsSync(grubTemplate)) {
+            Utils.error(`error: ${grubTemplate} does not exist`);
+            process.exit(1);
+        }
     }
+    // splash.png
     await exec(`cp ${splashSrc} ${splashDest}`, this.echo);
-    // select themeSrc
-    let themeSrc = path.resolve(__dirname, `../../../addons/${theme}/theme/livecd/grub.theme.cfg`);
-    if (this.theme.includes('/')) {
-        themeSrc = `${theme}/theme/livecd/grub.theme.cfg`;
-    }
-    // copy theme
-    const themeDest = `${isoDir}/boot/grub/theme.cfg`;
-    if (!fs.existsSync(themeSrc)) {
-        Utils.error(`error: ${themeSrc} does not exist`);
-        process.exit(1);
-    }
+    // grub.theme.png
     fs.copyFileSync(themeSrc, themeDest);
-    // selecting available fonts
-    if (fs.existsSync('/usr/share/grub/font.pf2')) {
-        await exec(`cp /usr/share/grub/font.pf2 ${efiWorkDir}boot/grub/font.pf2`, this.echo);
-    }
-    else if (fs.existsSync('/usr/share/grub/unicode.pf2')) {
-        await exec(`cp /usr/share/grub/unicode.pf2 ${efiWorkDir}boot/grub/font.pf2`, this.echo);
-    }
-    else if (fs.existsSync('/usr/share/grub/ascii.pf2')) {
-        await exec(`cp /usr/share/grub/ascii.pf2 ${efiWorkDir}boot/grub/font.pf2`, this.echo);
-    }
-    // Copy workdir files to ISO/boot
-    await exec(`rsync -avx  ${efiWorkDir}/boot ${isoDir}/`, this.echo);
-    /**
-     * prepare main grub.cfg from grub.main.cfg
-     */
-    let grubTemplate = `${theme}/theme/livecd/grub.main.cfg`;
-    if (!fs.existsSync(grubTemplate)) {
-        grubTemplate = path.resolve(__dirname, '../../../addons/eggs/theme/livecd/grub.main.cfg');
-    }
-    if (!fs.existsSync(grubTemplate)) {
-        Utils.error(`error: ${grubTemplate} does not exist`);
-        process.exit(1);
-    }
-    const kernel_parameters = Diversions.kernelParameters(this.familyId, this.volid, this.luksUuid); // this.kernelParameters()
+    // grub.main.png
+    const kernel_parameters = Diversions.kernelParameters(this.familyId, this.volid, this.fullcrypt);
     const cfgMain = path.join(isoDir, '/boot/grub/grub.cfg');
     const template = fs.readFileSync(grubTemplate, 'utf8');
     const view = {
@@ -230,7 +244,9 @@ export async function makeEfi(theme = 'eggs') {
     };
     let cfgMainText = '';
     cfgMainText += `# grub.cfg (4) main\n`;
-    cfgMainText += `# created on ${cfgMain}`;
+    if (!this.hidden) {
+        cfgMainText += `# created on ${cfgMain}`;
+    }
     cfgMainText += `\n`;
     cfgMainText += mustache.render(template, view);
     fs.writeFileSync(cfgMain, cfgMainText);

package/dist/classes/ovary.d/make-squashfs.d.ts

@@ -9,7 +9,7 @@ import Ovary from '../ovary.js';
 /**
  * squashFs: crea in live filesystem.squashfs
  */
-export declare function makeSquashfs(this: Ovary, scriptOnly?: boolean, includeRoot?: boolean): Promise<string>;
+export declare function makeSquashfs(this: Ovary, scriptOnly?: boolean, includeRootHome?: boolean): Promise<string>;
 /**
  * Add or remove exclusion
  * @param add {boolean} true = add, false remove

package/dist/classes/ovary.d/make-squashfs.js

@@ -16,7 +16,7 @@ const __dirname = path.dirname(new URL(import.meta.url).pathname);
 /**
  * squashFs: crea in live filesystem.squashfs
  */
-export async function makeSquashfs(scriptOnly = false, includeRoot = false) {
+export async function makeSquashfs(scriptOnly = false, includeRootHome = false) {
     if (this.verbose) {
         console.log('Ovary: makeSquashfs');
     }
@@ -57,7 +57,7 @@ export async function makeSquashfs(scriptOnly = false, includeRoot = false) {
     /**
      * secure
      */
-    if (!includeRoot) {
+    if (!includeRootHome) {
         this.addExclusion(`root/*`);
         this.addExclusion(`root/.*`);
     }
@@ -82,9 +82,6 @@ export async function makeSquashfs(scriptOnly = false, includeRoot = false) {
      * [-e list of exclude dirs/files]
      */
     let sfsName = "filesystem.squashfs";
-    if (this.fullcrypt) {
-        sfsName = "filesystem.squashfs.real";
-    }
     let cmd = `mksquashfs ${this.settings.work_dir.merged} ${this.settings.iso_work}live/${sfsName} ${compression} ${limit} -no-xattrs -wildcards -ef ${this.settings.config.snapshot_excludes} ${this.settings.session_excludes}`;
     cmd = cmd.replaceAll(/\s\s+/g, ' ');
     Utils.writeX(`${this.settings.work_dir.ovarium}mksquashfs`, cmd);

package/dist/classes/ovary.d/merged.js

@@ -52,7 +52,7 @@ export function mergedAndOverlay(dir) {
 export function merged(dir) {
     let merged = true;
     if (dir === 'home') {
-        merged = this.clone;
+        merged = this.clone || this.fullcrypt;
     }
     else {
         const onlyFolders = [

package/dist/classes/ovary.d/produce.d.ts

@@ -17,7 +17,7 @@ import Ovary from './../ovary.js';
  * @param myAddons
  * @param nointeractive
  * @param noicons
- * @param includeRoot
+ * @param includeRootHome
  * @param verbose
  */
-export declare function produce(this: Ovary, kernel: string | undefined, clone: boolean | undefined, homecrypt: boolean | undefined, fullcrypt: boolean | undefined, scriptOnly: boolean | undefined, yolkRenew: boolean | undefined, release: boolean | undefined, myAddons: IAddons, myLinks: string[], excludes: IExcludes, nointeractive?: boolean, noicons?: boolean, includeRoot?: boolean, verbose?: boolean): Promise<void>;
+export declare function produce(this: Ovary, kernel: string | undefined, clone: boolean | undefined, homecrypt: boolean | undefined, fullcrypt: boolean | undefined, hidden: boolean | undefined, scriptOnly: boolean | undefined, yolkRenew: boolean | undefined, release: boolean | undefined, myAddons: IAddons, myLinks: string[], excludes: IExcludes, nointeractive?: boolean, noicons?: boolean, includeRootHome?: boolean, verbose?: boolean): Promise<void>;