penguins-eggs 25.10.19 → 25.10.24

package/scripts/boot-encrypted-root.sh

@@ -0,0 +1,177 @@
+#!/bin/sh
+# /scripts/live-premount/boot-encrypted-root.sh
+# v2.3 - Minimal RAM Copy + Supporto Plymouth + 3 Tentativi
+
+set -e
+
+# --- Logging Setup ---
+LOGFILE="/tmp/eggs-premount-boot.log"; FIFO="/tmp/eggs-boot.fifo"; rm -f "$LOGFILE" "$FIFO"; mkfifo "$FIFO" || exit 1; tee -a "$LOGFILE" < "$FIFO" & TEE_PID=$!; exec > "$FIFO" 2>&1; trap 'echo "EGGS-BOOT: Cleanup trap"; rm -f "$FIFO"; kill "$TEE_PID" 2>/dev/null || true; exit' EXIT INT TERM
+# --- Logging End ---
+
+echo "EGGS-BOOT: =========================================="
+echo "EGGS-BOOT: Script Avvio Root Criptato v2.3 (3 Tentativi)"
+echo "EGGS-BOOT: =========================================="
+
+# Moduli necessari
+echo "EGGS-BOOT: Caricamento moduli..."
+modprobe loop 2>/dev/null || true
+modprobe dm_mod 2>/dev/null || true
+modprobe dm_crypt 2>/dev/null || true
+modprobe overlay 2>/dev/null || true
+modprobe ext4 2>/dev/null || true
+modprobe squashfs 2>/dev/null || true
+sleep 2
+
+# 1. Trova live media originale
+echo "EGGS-BOOT: Ricerca live media originale..."
+mkdir -p /mnt/live-media /mnt/ext4
+ORIG_MEDIA_MNT="/mnt/live-media"
+LIVE_DEV=""
+# ... [Codice ricerca live media] ...
+MAX_WAIT_DEV=20; COUNT_DEV=0
+while [ -z "$LIVE_DEV" ] && [ $COUNT_DEV -lt $MAX_WAIT_DEV ]; do ls /dev > /dev/null; for dev in /dev/sr* /dev/sd* /dev/vd* /dev/nvme*n*; do if [ ! -b "$dev" ]; then continue; fi; if mount -o ro "$dev" "$ORIG_MEDIA_MNT" 2>/dev/null; then if [ -f "${ORIG_MEDIA_MNT}/live/root.img" ]; then echo "EGGS-BOOT: Found Original Live media on $dev"; LIVE_DEV=$dev; break 2; else umount "$ORIG_MEDIA_MNT" 2>/dev/null || true; fi; fi; done; sleep 1; COUNT_DEV=$((COUNT_DEV+1)); done
+if [ -z "$LIVE_DEV" ]; then echo "EGGS-BOOT: ERRORE: Live media originale non trovato!"; ls /dev; exit 1; fi
+
+ROOT_IMG_RO="${ORIG_MEDIA_MNT}/live/root.img"
+RAM_MEDIA_MNT="/run/live/medium" # Destinazione finale in RAM
+
+# 2a. Associa loop device (per definire $LOOP_DEV)
+echo "EGGS-BOOT: Associazione loop device per $ROOT_IMG_RO..."
+LOOP_DEV_OUTPUT=$(/sbin/losetup -f --show "$ROOT_IMG_RO" 2>/dev/null); LOSETUP_EXIT_STATUS=$?
+if [ $LOSETUP_EXIT_STATUS -ne 0 ] || [ -z "$LOOP_DEV_OUTPUT" ] || ! [ -b "$LOOP_DEV_OUTPUT" ]; then echo "EGGS-BOOT: ERRORE: Associazione loop fallita!"; exit 1; fi
+LOOP_DEV="$LOOP_DEV_OUTPUT"
+echo "EGGS-BOOT: Loop device associato: $LOOP_DEV"
+
+# 2b. Sblocca LUKS (con supporto Plymouth e 3 tentativi)
+echo "EGGS-BOOT: Sblocco LUKS $LOOP_DEV (readonly)..."
+
+# Disabilita 'set -e' temporaneamente per gestire i fallimenti della password
+set +e
+MAX_ATTEMPTS=3
+ATTEMPT=1
+UNLOCKED=0
+
+while [ $ATTEMPT -le $MAX_ATTEMPTS ]; do
+    log "EGGS-BOOT: Tentativo sblocco $ATTEMPT di $MAX_ATTEMPTS"
+    
+    # Controlla se Plymouth è attivo
+    if plymouth --ping 2>/dev/null; then
+        log "EGGS-BOOT: Plymouth attivo. Chiedo password via Plymouth..."
+        
+        # Chiedi la password a Plymouth e passala a cryptsetup via stdin (--key-file -)
+        if plymouth ask-for-password --prompt="Enter passphrase ($ATTEMPT/$MAX_ATTEMPTS)" | cryptsetup open --readonly --key-file - "$LOOP_DEV" live-root; then
+            log "EGGS-BOOT: Sblocco LUKS via Plymouth riuscito."
+            UNLOCKED=1
+            break
+        else
+            log "EGGS-BOOT: ERRORE: Sblocco LUKS via Plymouth fallito (Tentativo $ATTEMPT)."
+            if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                 plymouth display-message --text="Incorrect passphrase. Try again..."
+                 sleep 2 # Dà tempo di leggere il messaggio
+            fi
+        fi
+    else
+        # Fallback: Plymouth non attivo
+        log "EGGS-BOOT: Plymouth non attivo. Chiedo password via console..."
+        echo "Please enter passphrase for $LOOP_DEV ($ATTEMPT/$MAX_ATTEMPTS):"
+        
+        if cryptsetup open --readonly "$LOOP_DEV" live-root; then
+            log "EGGS-BOOT: Sblocco LUKS (console) riuscito."
+            UNLOCKED=1
+            break
+        else
+            log "EGGS-BOOT: ERRORE: Sblocco LUKS (console) fallito (Tentativo $ATTEMPT)."
+            if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                echo "Incorrect passphrase. Please try again."
+            fi
+        fi
+    fi
+
+    ATTEMPT=$((ATTEMPT + 1))
+    sleep 1
+done
+
+# Riabilita 'set -e'
+set -e
+
+# Controlla se tutti i tentativi sono falliti
+if [ $UNLOCKED -eq 0 ]; then
+    log "EGGS-BOOT: ERRORE: Numero massimo tentativi raggiunto."
+    if plymouth --ping 2>/dev/null; then
+        plymouth display-message --text="LUKS Unlock Failed: Max attempts reached"
+        sleep 5
+    fi
+    /sbin/losetup -d "$LOOP_DEV" || true
+    exit 1
+fi
+
+echo "EGGS-BOOT: LUKS sbloccato ($LOOP_DEV -> live-root) [readonly]. Attesa mapper..."
+
+# ... (Resto dello script v2.1: 2c, 2d, 3, 4, 5, 6, 7 - come prima) ...
+# 2c. Attesa mapper
+MAX_WAIT_MAP=10; COUNT_MAP=0; while [ ! -b /dev/mapper/live-root ] && [ $COUNT_MAP -lt $MAX_WAIT_MAP ]; do sleep 1; COUNT_MAP=$((COUNT_MAP+1)); done
+if [ ! -b /dev/mapper/live-root ]; then echo "EGGS-BOOT: ERRORE: Mapper non apparso."; cryptsetup close live-root || true; /sbin/losetup -d "$LOOP_DEV" || true; exit 1; fi
+
+# 2d. Montaggio ext4
+echo "EGGS-BOOT: Montaggio ext4..."
+mount -t ext4 -o ro /dev/mapper/live-root /mnt/ext4
+
+SQFS_SRC="/mnt/ext4/filesystem.squashfs"
+if [ ! -f "$SQFS_SRC" ]; then echo "EGGS-BOOT: ERRORE: $SQFS_SRC non trovato!"; exit 1; fi
+
+# 3. Prepara Destinazione RAM (ORA calcoliamo la dimensione GIUSTA)
+echo "EGGS-BOOT: Preparazione RAM disk ${RAM_MEDIA_MNT}..."
+SQFS_SIZE_BYTES=$(stat -c%s "$SQFS_SRC")
+NEEDED_SIZE_MB=$(( $SQFS_SIZE_BYTES / 1024 / 1024 + 500 )) # Aggiunge 500MB buffer
+echo "EGGS-BOOT: Spazio stimato necessario in /run: ${NEEDED_SIZE_MB} MB"
+echo "EGGS-BOOT: Aumento dimensione /run (tmpfs)..."
+if ! mount -o remount,size=${NEEDED_SIZE_MB}M /run; then
+    echo "EGGS-BOOT: WARN: Remount /run fallito, spazio potrebbe essere insufficiente."
+    df -h /run
+fi
+mkdir -p "${RAM_MEDIA_MNT}/live"
+
+# 4. Copia SOLO filesystem.squashfs in RAM
+SQFS_DEST="${RAM_MEDIA_MNT}/live/filesystem.squashfs"
+echo "EGGS-BOOT: Copia $SQFS_SRC -> $SQFS_DEST..."
+if command -v rsync >/dev/null; then
+    rsync -a --info=progress2 "$SQFS_SRC" "$SQFS_DEST"
+else
+    cp "$SQFS_SRC" "$SQFS_DEST"
+fi
+SQFS_SIZE=$(du -h "$SQFS_DEST" | cut -f1)
+echo "EGGS-BOOT: filesystem.squashfs ($SQFS_SIZE) copiato in RAM."
+
+# 5. Copia i metadati essenziali del medium in RAM
+echo "EGGS-BOOT: Copia metadati (.disk, kernel, initrd) da ${ORIG_MEDIA_MNT}..."
+
+# Copia .disk (essenziale per live-boot)
+if [ -d "${ORIG_MEDIA_MNT}/.disk" ]; then
+    cp -a "${ORIG_MEDIA_MNT}/.disk" "${RAM_MEDIA_MNT}/"
+    echo "EGGS-BOOT: .disk copiato."
+else
+    echo "EGGS-BOOT: WARN: Directory .disk non trovata sul media originale."
+fi
+
+# Copia kernel e initrd (utili per l'installer)
+echo "EGGS-BOOT: Copia vmlinuz* e initrd*..."
+cp -a "${ORIG_MEDIA_MNT}/live/vmlinuz"* "${RAM_MEDIA_MNT}/live/" 2>/dev/null || true
+cp -a "${ORIG_MEDIA_MNT}/live/initrd"* "${RAM_MEDIA_MNT}/live/" 2>/dev/null || true
+echo "EGGS-BOOT: Copia kernel/initrd tentata (eventuali errori ignorati)."
+
+# 6. Pulizia Mount/Device Intermedi
+echo "EGGS-BOOT: Pulizia mount/device intermedi..."
+umount /mnt/ext4 || echo "EGGS-BOOT: WARN: umount /mnt/ext4 failed ($?)"
+cryptsetup close live-root || echo "EGGS-BOOT: WARN: cryptsetup close live-root failed ($?)"
+/sbin/losetup -d "$LOOP_DEV" || echo "EGGS-BOOT: WARN: losetup -d $LOOP_DEV failed ($?)"
+umount "$ORIG_MEDIA_MNT" || echo "EGGS-BOOT: WARN: umount ${ORIG_MEDIA_MNT} failed ($?)"
+echo "EGGS-BOOT: Pulizia completata."
+
+# 7. Passa il Testimone a live-boot
+echo "EGGS-BOOT: =========================================="
+echo "EGGS-BOOT: Medium live MINIMALE ricostruito in RAM su ${RAM_MEDIA_MNT}"
+ls -l "$RAM_MEDIA_MNT"
+ls -l "${RAM_MEDIA_MNT}/live"
+echo "EGGS-BOOT: Lascio che live-boot continui (con 'live-media=/run/live/medium')..."
+echo "EGGS-BOOT: =========================================="
+exit 0

package/scripts/eggs.bash

@@ -23,10 +23,10 @@ export:tarballs --clean --help --verbose
 install --btrfs --chroot --crypted --domain --halt --help --ip --nointeractive --none --pve --random --replace --small --suspend --testing --unattended --verbose
 krill --btrfs --chroot --crypted --domain --halt --help --ip --nointeractive --none --pve --random --replace --small --suspend --testing --unattended --verbose
 kill --help --isos --nointeractive --verbose
-love --help --verbose --nointeractive --clone --homecrypt --fullcrypt
+love --help --verbose --hidden --nointeractive --clone --homecrypt --fullcrypt
 mom --help
 pods --help
-produce --addons --basename --clone --homecrypt --fullcrypt --excludes --help --kernel --links --max --noicon --nointeractive --pendrive --prefix --release --script --standard --theme --includeRoot --verbose --yolk
+produce --addons --basename --clone --homecrypt --fullcrypt --excludes --help --hidden --kernel --links --max --noicon --nointeractive --pendrive --prefix --release --script --standard --theme --includeRootHome --verbose --yolk
 status --help --verbose
 tools:clean --help --nointeractive --verbose
 tools:repo --add --help --nointeractive --remove --verbose

package/scripts/mount-encrypted-home.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 # Script per sbloccare e montare home.img LUKS cifrato
+# v1.1 - Aggiunto supporto Plymouth
 # Con logging robusto e gestione errori
 
 set -e
@@ -28,11 +29,16 @@ cleanup() {
     if [ -e "/dev/mapper/$LUKS_NAME" ]; then
         cryptsetup close "$LUKS_NAME" 2>/dev/null || true
     fi
+    # Se abbiamo copiato in RAM, rimuoviamo la copia
+    if [ "$HOME_IMG" = "/var/tmp/home.img" ]; then
+        rm -f /var/tmp/home.img 2>/dev/null || true
+        log "Removed temporary home.img from /var/tmp"
+    fi
 }
 
 trap cleanup EXIT
 
-log "=== Starting encrypted home mount process ==="
+log "=== Starting encrypted home mount process (v1.1) ==="
 
 # Verifica memoria disponibile
 AVAILABLE_MEM=$(free -m | awk '/^Mem:/{print $7}')
@@ -45,36 +51,34 @@ fi
 
 # Attendi che il media sia disponibile (max 30 secondi)
 log "Waiting for live media to be available..."
+ORIG_HOME_IMG="$HOME_IMG" # Salva il path originale
 COUNTER=0
-while [ ! -f "$HOME_IMG" ] && [ $COUNTER -lt 30 ]; do
+while [ ! -f "$ORIG_HOME_IMG" ] && [ $COUNTER -lt 30 ]; do
     sleep 1
     COUNTER=$((COUNTER + 1))
 done
 
-if [ ! -f "$HOME_IMG" ]; then
-    log_error "home.img not found at $HOME_IMG after 30 seconds"
+if [ ! -f "$ORIG_HOME_IMG" ]; then
+    log_error "home.img not found at $ORIG_HOME_IMG after 30 seconds"
     log "Available mounts:"
     mount | grep live | tee -a "$LOG_FILE"
     exit 0
 fi
 
-log "Found home.img at $HOME_IMG"
+log "Found home.img at $ORIG_HOME_IMG"
 
 # Copia in RAM se è su media read-only
-TEMP_HOME_IMG="/var/tmp/home.img"  # /var/tmp è su overlay, non tmpfs
+# Nota: /var/tmp è su overlay (tmpfs), quindi è in RAM.
+TEMP_HOME_IMG="/var/tmp/home.img"
 log "Copying home.img to RAM..."
-cp "$HOME_IMG" "$TEMP_HOME_IMG"
-HOME_IMG="$TEMP_HOME_IMG"
+cp "$ORIG_HOME_IMG" "$TEMP_HOME_IMG"
+HOME_IMG="$TEMP_HOME_IMG" # Da ora in poi usiamo la copia in RAM
 log "home.img copied to $HOME_IMG"
 
 # Verifica dimensione file
 IMG_SIZE=$(stat -c %s "$HOME_IMG")
 log "home.img size: $((IMG_SIZE / 1024 / 1024))MB"
 
-# Verifica dimensione file
-IMG_SIZE=$(stat -c %s "$HOME_IMG")
-log "home.img size: $((IMG_SIZE / 1024 / 1024))MB"
-
 # Verifica se è un volume LUKS
 if ! cryptsetup isLuks "$HOME_IMG" 2>&1 | tee -a "$LOG_FILE"; then
     log_error "$HOME_IMG is not a valid LUKS volume"
@@ -83,58 +87,89 @@ fi
 
 log "Verified: home.img is a valid LUKS volume"
 
-# Mostra prompt per la passphrase
-echo ""
-echo "╔════════════════════════════════════════╗"
-echo "║  Encrypted Home Directory Detected     ║"
-echo "╚════════════════════════════════════════╝"
-echo ""
-echo "Please enter your passphrase to unlock your home directory"
-echo "(Press Ctrl+C to skip and continue with temporary home)"
-echo ""
-
-echo "(Press Ctrl+C to skip and continue with temporary home)"
-echo ""
-
 # Aspetta che il TTY sia completamente inizializzato
 sleep 2
 
-# Prima del while loop dei tentativi
+# Pulisci eventuale device mapper precedente
 if [ -e "/dev/mapper/$LUKS_NAME" ]; then
     log "LUKS device already exists, closing it first..."
     cryptsetup close "$LUKS_NAME" 2>&1 | tee -a "$LOG_FILE" || true
 fi
 
-# Tentativi multipli per la passphrase
+# --- LOGICA RICHIESTA PASSWORD (CON PLYMOUTH) ---
 MAX_ATTEMPTS=3
 ATTEMPT=1
+UNLOCKED=0 # Flag per sapere se abbiamo sbloccato
 
 while [ $ATTEMPT -le $MAX_ATTEMPTS ]; do
     log "Unlock attempt $ATTEMPT of $MAX_ATTEMPTS"
     
-    if cryptsetup open "$HOME_IMG" "$LUKS_NAME" 2>&1 | tee -a "$LOG_FILE"; then
-        log "LUKS volume unlocked successfully"
-        break
-    else
-        log_error "Failed to unlock LUKS volume (attempt $ATTEMPT)"
+    # Controlla se Plymouth è attivo
+    if plymouth --ping 2>/dev/null; then
+        log "Plymouth active. Asking for password via Plymouth..."
         
-        if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then
-            log_error "Maximum attempts reached. Continuing without encrypted home."
-            echo ""
-            echo "╔════════════════════════════════════════╗"
-            echo "║  Failed to unlock encrypted home       ║"
-            echo "║  System will continue with default     ║"
-            echo "╚════════════════════════════════════════╝"
-            echo ""
-            sleep 3
-            exit 0
+        # Chiede a Plymouth, passa la password a cryptsetup via stdin
+        if plymouth ask-for-password --prompt="Enter passphrase for /home ($ATTEMPT/$MAX_ATTEMPTS)" | cryptsetup open "$HOME_IMG" "$LUKS_NAME" --key-file - 2>&1 | tee -a "$LOG_FILE"; then
+            log "LUKS volume unlocked successfully via Plymouth"
+            UNLOCKED=1
+            break
+        else
+            log_error "Failed to unlock LUKS volume via Plymouth (attempt $ATTEMPT)"
+            if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                 plymouth display-message --text="Incorrect passphrase. Try again..."
+                 sleep 2 # Dà tempo di leggere il messaggio
+            fi
         fi
+    else
+        # Fallback: Plymouth non attivo (o fallito)
+        log "Plymouth not active. Asking for password via console..."
         
-        ATTEMPT=$((ATTEMPT + 1))
-        echo "Incorrect passphrase. Please try again ($ATTEMPT/$MAX_ATTEMPTS)"
+        # Stampa il prompt (già presente nel tuo script originale)
+        echo ""
+        echo "╔════════════════════════════════════════╗"
+        echo "║  Encrypted Home Directory Detected     ║"
+        echo "╚════════════════════════════════════════╝"
         echo ""
+        echo "Please enter your passphrase to unlock your home directory ($ATTEMPT/$MAX_ATTEMPTS)"
+        echo "(Press Ctrl+C to skip and continue with temporary home)"
+        echo ""
+
+        if cryptsetup open "$HOME_IMG" "$LUKS_NAME" 2>&1 | tee -a "$LOG_FILE"; then
+            log "LUKS volume unlocked successfully via console"
+            UNLOCKED=1
+            break
+        else
+            log_error "Failed to unlock LUKS volume (attempt $ATTEMPT)"
+            if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                echo "Incorrect passphrase. Please try again."
+            fi
+        fi
     fi
+
+    ATTEMPT=$((ATTEMPT + 1))
 done
+# --- FINE LOGICA RICHIESTA PASSWORD ---
+
+
+# Controlla se lo sblocco è fallito dopo tutti i tentativi
+if [ $UNLOCKED -eq 0 ]; then
+    log_error "Maximum attempts reached. Continuing without encrypted home."
+    echo ""
+    echo "╔════════════════════════════════════════╗"
+    echo "║  Failed to unlock encrypted home       ║"
+    echo "║  System will continue with default     ║"
+    echo "╚════════════════════════════════════════╝"
+    echo ""
+    
+    if plymouth --ping 2>/dev/null; then
+        plymouth display-message --text="Failed to unlock. Continuing with temporary home..."
+        sleep 3
+        plymouth quit
+    fi
+    
+    sleep 3
+    exit 0 # Esce senza errore, per permettere al sistema di continuare
+fi
 
 # Verifica che il device mapper esista
 if [ ! -e "/dev/mapper/$LUKS_NAME" ]; then
@@ -153,10 +188,14 @@ if mount "/dev/mapper/$LUKS_NAME" "$MOUNT_POINT" 2>&1 | tee -a "$LOG_FILE"; then
     log "Home directory mounted successfully"
 else
     log_error "Failed to mount decrypted volume"
-    cryptsetup close "$LUKS_NAME"
+    # cryptsetup close è gestito dalla trap 'cleanup'
     exit 1
 fi
 
+# Rimuovi la copia in RAM, non serve più
+log "Cleaning up temporary copy: $HOME_IMG"
+rm -f "$HOME_IMG" 2>/dev/null || true
+
 # Ripristina gli utenti se esistono
 if [ -d "$MOUNT_POINT/.system-backup" ]; then
     log "Restoring user accounts..."
@@ -167,22 +206,12 @@ if [ -d "$MOUNT_POINT/.system-backup" ]; then
         userdel -r live 2>&1 | tee -a "$LOG_FILE" || true
     fi
     
-    # Ripristina gli utenti
+    # Ripristina gli utenti (NOTA: hai duplicato questo blocco nel tuo script originale, l'ho corretto)
     if [ -f "$MOUNT_POINT/.system-backup/passwd" ]; then
         cat "$MOUNT_POINT/.system-backup/passwd" >> /etc/passwd
         log "Restored $(wc -l < "$MOUNT_POINT/.system-backup/passwd") user entries"
     fi
     
-    if [ -f "$MOUNT_POINT/.system-backup/shadow" ]; then
-        cat "$MOUNT_POINT/.system-backup/shadow" >> /etc/shadow
-    fi
-        
-    # Ripristina gli utenti
-    if [ -f "$MOUNT_POINT/.system-backup/passwd" ]; then
-        cat "$MOUNT_POINT/.system-backup/passwd" >> /etc/passwd
-        log "Restored $(wc -l < "$MOUNT_POINT/.system-backup/passwd") user entries"
-    fi
-
     if [ -f "$MOUNT_POINT/.system-backup/shadow" ]; then
         cat "$MOUNT_POINT/.system-backup/shadow" >> /etc/shadow
     fi
@@ -213,10 +242,17 @@ if [ -d "$MOUNT_POINT/.system-backup" ]; then
     else
         log "No active display manager found to restart"
     fi
+else
+    log "No .system-backup directory found. Assuming /home is just data."
 fi
 
 log "=== Encrypted home mount completed successfully ==="
 
+# Notifica a Plymouth (se attivo) che abbiamo finito
+if plymouth --ping 2>/dev/null; then
+    plymouth quit
+fi
+
 # Non fare cleanup al successo
 trap - EXIT
 

package/dist/classes/ovary.d/luks-root-bootstrap-builder.d.ts

@@ -1,11 +0,0 @@
-/**
- * luks-root-bootstrap-builder.ts
- *
- * Crea un filesystem.squashfs bootstrap completo con Debian
- * per sbloccare il sistema principale cifrato
- */
-import Ovary from '../ovary.js';
-/**
- * Crea il filesystem bootstrap completo
- */
-export declare function createBootstrapFilesystem(this: Ovary, outputSquashfs: string): Promise<void>;

package/dist/classes/ovary.d/luks-root-bootstrap-builder.js

@@ -1,45 +0,0 @@
-/**
- * luks-root-bootstrap-builder.ts
- *
- * Crea un filesystem.squashfs bootstrap completo con Debian
- * per sbloccare il sistema principale cifrato
- */
-import fs from 'fs';
-import path from 'path';
-import Utils from '../utils.js';
-import { exec } from '../../lib/utils.js';
-const __dirname = path.dirname(new URL(import.meta.url).pathname);
-/**
- * Crea il filesystem bootstrap completo
- */
-export async function createBootstrapFilesystem(outputSquashfs) {
-    Utils.warning('Creating full Debian bootstrap filesystem...');
-    Utils.warning('This will take several minutes...');
-    const scriptsDir = path.join(__dirname, '../../../scripts');
-    const createScript = path.join(scriptsDir, 'luks-root-bootstrap-create.sh');
-    const unlockScript = path.join(scriptsDir, 'luks-root-unlock.sh');
-    // Verifica che gli script esistano
-    if (!fs.existsSync(createScript)) {
-        throw new Error(`Build script not found: ${createScript}`);
-    }
-    if (!fs.existsSync(unlockScript)) {
-        throw new Error(`Unlock script not found: ${unlockScript}`);
-    }
-    try {
-        // Esegui lo script di creazione bash
-        Utils.warning('Executing bootstrap creation script...');
-        await exec(`bash ${createScript} ${outputSquashfs} ${unlockScript}`, { echo: true });
-        // Verifica che il file sia stato creato
-        if (!fs.existsSync(outputSquashfs)) {
-            throw new Error('Bootstrap filesystem was not created');
-        }
-        const stats = fs.statSync(outputSquashfs);
-        const sizeMB = (stats.size / 1024 / 1024).toFixed(2);
-        Utils.success(`✓ Bootstrap filesystem created: ${sizeMB} MB`);
-        Utils.success('  Full Debian system with systemd and encrypted root unlock');
-    }
-    catch (error) {
-        Utils.error(`Failed to create bootstrap filesystem: ${error}`);
-        throw error;
-    }
-}