penguins-eggs 25.10.6 → 25.10.19

package/addons/eggs/theme/livecd/isolinux.main.simple.cfg

@@ -13,20 +13,20 @@ label Live
   say "Booting {{{fullname}}} GNU/Linux (kernel {{{kernel}}})"
   linux {{{vmlinuz}}}
   append initrd={{{initrdImg}}} {{{kernel_parameters}}}
-  
+  # RIMUOVERE O CONTROLLARE evm=off per overlayfs
   
 label Safe
   menu label {{{fullname}}} Safe Mode
   say "Booting {{{fullname}}} GNU/Linux (kernel {{{kernel}}})"
   linux {{{vmlinuz}}} 
-  append initrd={{{initrdImg}}} {{{kernel_parameters}}}
+  append initrd={{{initrdImg}}} {{{kernel_parameters}}} 
  
 
 label Text
   menu label {{{fullname}}} Text Mode
   say "Booting {{{fullname}}} GNU/Linux (kernel {{{kernel}}})"
   linux {{{vmlinuz}}} 
-  append initrd={{{initrdImg}}} {{{kernel_parameters}}}
+  append initrd={{{initrdImg}}} {{{kernel_parameters}}} 
   
 label local
   menu label Boot from local disk

package/conf/distros/trixie/calamares/modules/shellprocess@boot_deploy.yml

@@ -17,8 +17,7 @@ script:
     # Riconfigureremo il kernel nel modulo boot_reconfigure per garantire che gli hook
     # vengano eseguiti secondo necessità.
 
-    # ubuntu
-    # cp --preserve=timestamps /lib/live/mount/medium/live/vmlinuz-`uname -r` ${ROOT}/boot/vmlinuz-`uname -r`
-
-    # debian
+    # INITRAMFS = '/run/live/medium/'
+    # DRACUT    = '/run/initramfs/live/'
     - cp --preserve=timestamps /run/live/medium/live/vmlinuz-`uname -r` ${ROOT}/boot/vmlinuz-`uname -r`
+    #- cp --preserve=timestamps /run/initramfs/live/live/vmlinuz-`uname -r` ${ROOT}/boot/vmlinuz-`uname -r`

package/conf/love.yaml

@@ -4,5 +4,5 @@
 - eggs kill
 - eggs dad --default
 - eggs tools clean
-- eggs produce --pendrive --addons adapt
+- eggs produce --addons adapt
 

package/dist/classes/distro.js

@@ -101,7 +101,7 @@ class Distro {
         }
         else if (this.distroId === 'Openmamba') {
             this.familyId = 'openmamba';
-            this.distroLike = 'openmamba';
+            this.distroLike = 'Openmamba';
             this.codenameId = 'rolling'; // viene rimosso dal nome
             this.distroUniqueId = this.familyId; // per krill
             this.liveMediumPath = '/run/initramfs/live/';
@@ -176,7 +176,14 @@ class Distro {
             else if (this.codenameId === 'trixie') {
                 this.distroLike = 'Debian';
                 this.distroUniqueId = 'trixie';
-                this.liveMediumPath = '/run/live/medium/';
+                this.liveMediumPath = '/run/live/medium/'; //initramfs
+                // this.liveMediumPath = '/run/initramfs/live/'  // dracut
+                /**
+                 * dracut su trixie
+                 if (Pacman.packageIsInstalled('dracut')) {
+                   this.liveMediumPath = '/run/initramfs/live/'
+                 }
+                 */
                 /**
                  * Debian 14 forky
                  */

package/dist/classes/diversions.d.ts

@@ -39,7 +39,7 @@ export default class Diversions {
      * @param volid
      * @returns
      */
-    static kernelParameters(familyId: string, volid: string): string;
+    static kernelParameters(familyId: string, volid: string, luksUuid?: string): string;
     /**
        *
        * @returns

package/dist/classes/diversions.js

@@ -6,6 +6,7 @@
  * license: MIT
  */
 import Distro from './distro.js';
+import Pacman from './pacman.js';
 export default class Diversions {
     /**
      *
@@ -66,14 +67,10 @@ export default class Diversions {
      * @param volid
      * @returns
      */
-    static kernelParameters(familyId, volid) {
+    static kernelParameters(familyId, volid, luksUuid = '') {
         // GRUB_CMDLINE_LINUX='ipv6.disable=1'
         let kp = "";
-        if (familyId === 'aldos') {
-            kp += `root=live:CDLABEL=${volid} rd.live.image rd.live.dir=/live rd.live.squashimg=filesystem.squashfs selinux=0 rootfstype=auto rd.locale.LANG=en_US.UTF-8 KEYBOARDTYPE=pc rd.vconsole.keymap=us rootflags=defaults,relatime,commit=60 nmi_watchdog=0 rhgb rd_NO_LUKS rd_NO_MD rd_NO_DM`;
-            //     root=live:CDLABEL=ALDOS6420241128 rootfstype=auto ro liveimg quiet rd.locale.LANG=es_MX.UTF-8 KEYBOARDTYPE=pc SYSFONT=latarcyrheb-sun16 rd.vconsole.keymap=es  rootflags=defaults,relatime,commit=60 selinux=0 nmi_watchdog=0 rhgb rd_NO_LUKS rd_NO_MD rd_NO_DM  
-        }
-        else if (familyId === 'alpine') {
+        if (familyId === 'alpine') {
             kp += `alpinelivelabel=${volid} alpinelivesquashfs=/mnt/live/filesystem.squashfs`;
         }
         else if (familyId === 'archlinux') {
@@ -81,14 +78,36 @@ export default class Diversions {
             const distroId = this.distro().distroId;
             if (this.isManjaroBased(distroId)) {
                 kp += ` misobasedir=manjaro misolabel=${volid}`;
-                // shx.exec(`mkdir -p ${this.settings.iso_work}.miso`)
             }
             else {
                 kp += ` archisobasedir=arch archisolabel=${volid}`;
             }
         }
         else if (familyId === 'debian') {
-            kp += `boot=live components locales=${process.env.LANG} cow_spacesize=2G`;
+            /**
+             * da rivedere dracut/initramfs
+             */
+            if (Pacman.packageIsInstalled('dracut')) {
+                if (luksUuid !== '') {
+                    let append = `boot=live \
+                  root=live:LABEL=${volid} \
+                  rd.luks.loop=/live/luks.img \
+                  eggs.luks.uuid=${luksUuid} \
+                  rd.live.squashimg=filesystem.squashfs \
+                  rd.live.overlay.overlayfs=1 \
+                  nomodeset \
+                  rd.break=pre-mount \
+                  rd.shell`;
+                    kp += append.replaceAll(/\s\s+/g, ' ');
+                }
+                else {
+                    // dracut: rd.live.squashimg
+                    kp += `root=live:CDLABEL=${volid} rd.live.image rd.live.dir=/live rd.live.squashimg=filesystem.squashfs`;
+                }
+            }
+            else {
+                kp += `boot=live components locales=${process.env.LANG} cow_spacesize=2G`;
+            }
         }
         else if (familyId === 'fedora') {
             kp += `root=live:CDLABEL=${volid} rd.live.image rd.live.dir=/live rd.live.squashimg=filesystem.squashfs selinux=0`;

package/dist/classes/incubation/incubator.d/archlinux.js

@@ -59,6 +59,7 @@ export class Archlinux {
         await fisherman.buildModule('users', this.theme);
         await fisherman.buildModule('displaymanager');
         await fisherman.buildModule('hwclock');
+        await fisherman.shellprocess('disable-grub-btrfs');
         await fisherman.buildModule('grubcfg');
         await fisherman.buildModule('bootloader');
         await fisherman.buildModulePackages(this.distro, this.release);

package/dist/classes/incubation/incubator.d/trixie.js

@@ -62,24 +62,21 @@ export class Trixie {
         await fisherman.buildModule('networkcfg');
         await fisherman.buildModule('hwclock');
         await fisherman.buildModule('services-systemd');
+        await fisherman.buildModule('luksbootkeyfile');
+        await fisherman.shellprocess('boot_deploy'); // contiene this.liveMediumPath
         await fisherman.buildCalamaresModule('bootloader-config', true);
         await fisherman.buildModule('grubcfg');
         await fisherman.buildModule('bootloader');
-        await fisherman.buildModulePackages(this.distro, this.release);
-        await fisherman.buildModule('luksbootkeyfile');
-        await fisherman.buildModule('plymouthcfg');
+        await fisherman.shellprocess('boot_reconfigure');
         await fisherman.buildModule('initramfscfg');
-        await fisherman.buildModule('initramfs');
+        await fisherman.shellprocess('mkinitramfs');
+        await fisherman.buildModule('plymouthcfg');
+        await fisherman.buildModulePackages(this.distro, this.release);
         await fisherman.buildCalamaresModule('dpkg-unsafe-io-undo', false);
         await fisherman.buildModuleRemoveuser(this.user_opt);
         await fisherman.buildCalamaresModule('sources-yolk-undo', false);
         await fisherman.buildCalamaresModule('cleanup', true);
-        // contextualprocess
-        // await fisherman.contextualprocess('before_bootloader_context')
-        // shellprocess
-        await fisherman.shellprocess('mkinitramfs');
-        await fisherman.shellprocess('boot_deploy');
-        await fisherman.shellprocess('boot_reconfigure');
+        // await fisherman.buildModule('initramfs')
         // libexec recreate
         await exec(`rm -rf /usr/libexec/calamares`);
         await exec(`mkdir -p /usr/libexec/calamares`);

package/dist/classes/ovary.d/edit-live-fs.d.ts

@@ -17,4 +17,4 @@ import Ovary from '../ovary.js';
  * - Add some basic files to /dev
  * - Clear configs from /etc/network/interfaces, wicd and NetworkManager and netman
  */
-export declare function editLiveFs(this: Ovary, clone?: boolean, cryptedclone?: boolean): Promise<void>;
+export declare function editLiveFs(this: Ovary, clone?: boolean): Promise<void>;

package/dist/classes/ovary.d/edit-live-fs.js

@@ -27,7 +27,7 @@ const __dirname = path.dirname(new URL(import.meta.url).pathname);
  * - Add some basic files to /dev
  * - Clear configs from /etc/network/interfaces, wicd and NetworkManager and netman
  */
-export async function editLiveFs(clone = false, cryptedclone = false) {
+export async function editLiveFs(clone = false) {
     if (this.verbose) {
         console.log('Ovary: editLiveFs');
     }
@@ -37,12 +37,6 @@ export async function editLiveFs(clone = false, cryptedclone = false) {
     if (clone) {
         await exec(`touch ${this.settings.work_dir.merged}/etc/penguins-eggs.d/is_clone`, this.echo);
     }
-    /**
-     * /etc/penguins-eggs.d/is_crypted_clone file created on live
-     */
-    if (cryptedclone) {
-        await exec(`touch ${this.settings.work_dir.merged}/etc/penguins-eggs.d/is_crypted_clone`, this.echo);
-    }
     /**
      * /etc/default/epoptes-client created on live
      */

package/dist/classes/ovary.d/fertilization.js

@@ -21,6 +21,7 @@ export async function fertilization(snapshot_prefix = '', snapshot_basename = ''
     this.familyId = distro.familyId;
     this.distroId = distro.distroId;
     this.distroLike = distro.distroLike;
+    this.distroLliveMediumPath = distro.liveMediumPath;
     this.settings = new Settings();
     if (await this.settings.load()) {
         await this.settings.loadRemix(this.theme);

package/dist/classes/ovary.d/finished.js

@@ -8,17 +8,13 @@
 import chalk from 'chalk';
 // packages
 import path from 'path';
-// interfaces
-// libraries
-// classes
-import Utils from './../utils.js';
 // _dirname
 /**
    * finished = show the results
    * @param scriptOnly
    */
 export function finished(scriptOnly = false) {
-    Utils.titles('produce');
+    // Utils.titles('produce')
     if (scriptOnly) {
         const pathOvarium = path.join(this.settings.config.snapshot_dir, 'ovarium');
         console.log('eggs is finished!\n\nYou can find the scripts to build iso: ' + chalk.cyanBright(this.settings.isoFilename) + '\nin the ovarium: ' + chalk.cyanBright(pathOvarium) + '.');

package/dist/classes/ovary.d/initrd.d.ts

@@ -1,5 +1,5 @@
 /**
- * ./src/classes/ovary.d/initrd-arch.ts
+ * ./src/classes/ovary.d/initrd.ts
  * penguins-eggs v.25.7.x / ecmascript 2020
  * author: Piero Proietti
  * email: piero.proietti@gmail.com

package/dist/classes/ovary.d/initrd.js

@@ -1,5 +1,5 @@
 /**
- * ./src/classes/ovary.d/initrd-arch.ts
+ * ./src/classes/ovary.d/initrd.ts
  * penguins-eggs v.25.7.x / ecmascript 2020
  * author: Piero Proietti
  * email: piero.proietti@gmail.com
@@ -21,7 +21,10 @@ export async function initrdAlpine() {
     let initrdImg = Utils.initrdImg();
     initrdImg = initrdImg.slice(Math.max(0, initrdImg.lastIndexOf('/') + 1));
     const pathConf = path.resolve(__dirname, `../../../mkinitfs/live.conf`);
-    await exec(`mkinitfs -c ${pathConf} -o ${this.settings.iso_work}live/${initrdImg} ${this.kernel}`, this.echo);
+    const prefix = this.settings.config.snapshot_prefix;
+    const log = `> ${this.settings.iso_work}${prefix}mkinitfs.log.txt 2>&1`;
+    const cmd = `mkinitfs -c ${pathConf} -o ${this.settings.iso_work}live/${initrdImg} ${this.kernel} ${log}`;
+    await exec(cmd, this.echo);
 }
 /**
  * initrdArch
@@ -52,7 +55,9 @@ export async function initrdArch() {
     }
     await exec(`cp ${hookSrc} ${hookSaved}`);
     await exec(edit, this.echo);
-    let cmd = `mkinitcpio -c ${fileConf} -g ${this.settings.iso_work}live/${path.basename(this.initrd)} -k ${this.kernel}`;
+    const prefix = this.settings.config.snapshot_prefix;
+    const log = `> ${this.settings.iso_work}${prefix}mkinitcpio.log.txt 2>&1`;
+    let cmd = `mkinitcpio -c ${fileConf} -g ${this.settings.iso_work}live/${path.basename(this.initrd)} -k ${this.kernel} ${log}`;
     await exec(cmd, this.echo);
     await exec(`rm -f ${hookDest}`);
     if (restore) {
@@ -65,30 +70,23 @@ export async function initrdArch() {
  */
 export async function initrdDebian(verbose = false) {
     Utils.warning(`creating ${this.initrd} using mkinitramfs on (ISO)/live`);
-    let isCrypted = false;
-    if (fs.existsSync('/etc/crypttab')) {
-        isCrypted = true;
-        await exec('mv /etc/crypttab /etc/crypttab.saved', this.echo);
-    }
-    await exec(`mkinitramfs -o ${this.settings.iso_work}live/${path.basename(this.initrd)} ${this.kernel} ${this.toNull}`, this.echo);
-    if (isCrypted) {
-        await exec('mv /etc/crypttab.saved /etc/crypttab', this.echo);
-    }
+    const prefix = this.settings.config.snapshot_prefix;
+    const dest = `${this.settings.iso_work}live/${path.basename(this.initrd)}`;
+    const log = `> ${this.settings.iso_work}${prefix}mkinitramfs.log.txt 2>&1`;
+    const cmd = `mkinitramfs -o ${dest} ${this.kernel} ${log}`;
+    await exec(cmd, this.echo);
 }
 /*
-* initrdDracut) Almalinux/Fedora/Openmamba/Opensuse/Rocky/Voidlinux
+* initrdDracut) Almalinux/Fedora/Openmamba/Opensuse/Rocky/
 */
 export async function initrdDracut() {
     Utils.warning(`creating ${path.basename(this.initrd)} using dracut on (ISO)/live`);
     const prefix = this.settings.config.snapshot_prefix;
-    const confdir = '--confdir ' + path.resolve(__dirname, `../../../dracut/dracut.conf.d`);
-    // const dracutdir='--dracutdir /opt/penguins-eggs/dracut'
-    const dracutdir = '';
-    const dest = `${this.settings.iso_work}live/${path.basename(this.initrd)}`;
     const log = `> ${this.settings.iso_work}${prefix}dracut.log.txt 2>&1`;
+    const confdir = '--confdir ' + path.resolve(__dirname, `../../../dracut/dracut.conf.d`);
     const kmoddir = `--kmoddir /lib/modules/${this.kernel}`;
-    const cmd = `dracut --force --debug --no-hostonly ${confdir} ${kmoddir} ${dest} ${this.kernel} ${log}`;
-    //const cmd=`ls -la /lib /lib/modules ${log}`
+    const initramfs = `${this.settings.iso_work}live/${path.basename(this.initrd)}`;
+    const cmd = `dracut --force ${confdir} ${kmoddir} ${initramfs} ${this.kernel} ${log}`;
     console.log(cmd);
     await exec(cmd, this.echo);
     // clean per btrfs

package/dist/classes/ovary.d/live-create-structure.js

@@ -17,10 +17,7 @@ const __dirname = path.dirname(new URL(import.meta.url).pathname);
    * Crea la struttura della workdir
    */
 export async function liveCreateStructure() {
-    if (this.verbose) {
-        console.log('Ovary: liveCreateStructure');
-    }
-    Utils.warning(`creating egg in ${this.nest}`);
+    Utils.warning(`creating live structure on ${this.nest}`);
     let cmd = '';
     cmd = `# create nest\n`;
     cmd += `mkdir -p ${this.nest}\n`;

package/dist/classes/ovary.d/luks-get-password.d.ts

@@ -0,0 +1,12 @@
+/**
+ * ./src/classes/ovary.d/luks-home.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+import Ovary from '../ovary.js';
+/**
+ * Ottiene la password LUKS dall'utente
+ */
+export declare function luksGetPassword(this: Ovary): Promise<void>;

package/dist/classes/ovary.d/luks-get-password.js

@@ -0,0 +1,57 @@
+/**
+ * ./src/classes/ovary.d/luks-home.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+import Utils from '../utils.js';
+/**
+ * Ottiene la password LUKS dall'utente
+ */
+export async function luksGetPassword() {
+    const inquirer = (await import('inquirer')).default;
+    // Chiedi se usare password di default
+    const useDefault = await inquirer.prompt([{
+            type: 'confirm',
+            name: 'useDefault',
+            message: `Use default password "${this.luksPassword}" for LUKS encryption?`,
+            default: false
+        }]);
+    if (useDefault.useDefault) {
+        Utils.warning(`Using default password: ${this.luksPassword}`);
+        return;
+    }
+    // Chiedi password personalizzata con conferma
+    let password = '';
+    let confirmed = false;
+    while (!confirmed) {
+        const answers = await inquirer.prompt([
+            {
+                type: 'password',
+                name: 'password',
+                message: 'Enter LUKS encryption password:',
+                validate: (input) => {
+                    if (input.length < 8) {
+                        return 'Password must be at least 8 characters';
+                    }
+                    return true;
+                }
+            },
+            {
+                type: 'password',
+                name: 'confirm',
+                message: 'Confirm password:'
+            }
+        ]);
+        if (answers.password === answers.confirm) {
+            password = answers.password;
+            confirmed = true;
+            Utils.success('Password confirmed!');
+        }
+        else {
+            Utils.error('Passwords do not match. Please try again.');
+        }
+    }
+    this.luksPassword = password;
+}

package/dist/classes/ovary.d/luks-home-support.d.ts

@@ -0,0 +1,12 @@
+/**
+ * ./src/classes/ovary.d/luks-home-support.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+import Ovary from '../ovary.js';
+/**
+ * Installa i file necessari per sbloccare home.img LUKS durante il boot
+ */
+export declare function installHomecryptSupport(this: Ovary, squashfsRoot: string, homeImgPath: string): void;

package/dist/classes/ovary.d/luks-home-support.js

@@ -0,0 +1,75 @@
+/**
+ * ./src/classes/ovary.d/luks-home-support.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+// packages
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { dirname } from 'path';
+import Utils from '../utils.js';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Installa i file necessari per sbloccare home.img LUKS durante il boot
+ */
+export function installHomecryptSupport(squashfsRoot, homeImgPath) {
+    Utils.warning('installing encrypted home support...');
+    // console.log("squashfsRoot:", squashfsRoot)
+    // console.log("homeImgPath:", homeImgPath)
+    // Leggi il template bash
+    const templatePath = path.join(__dirname, '../../../scripts/mount-encrypted-home.sh');
+    let bashScript = fs.readFileSync(templatePath, 'utf8');
+    // Sostituisci il placeholder con il path reale
+    bashScript = bashScript.replace('__HOME_IMG_PATH__', homeImgPath);
+    // Systemd service
+    const systemdService = `[Unit]
+Description=Unlock and mount encrypted home.img
+DefaultDependencies=no
+After=systemd-udev-settle.service local-fs-pre.target
+Before=local-fs.target display-manager.service
+ConditionPathExists=${homeImgPath}
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+StandardInput=tty
+StandardOutput=journal+console
+StandardError=journal+console
+TTYPath=/dev/console
+TTYReset=yes
+TTYVHangup=yes
+ExecStart=/usr/local/bin/mount-encrypted-home.sh
+ExecStop=/bin/bash -c 'umount /home && cryptsetup close live-home'
+
+[Install]
+WantedBy=local-fs.target
+`;
+    // Percorsi di destinazione
+    const scriptPath = path.join(squashfsRoot, 'usr/local/bin/mount-encrypted-home.sh');
+    const servicePath = path.join(squashfsRoot, 'etc/systemd/system/mount-encrypted-home.service');
+    const symlinkDir = path.join(squashfsRoot, 'etc/systemd/system/local-fs.target.wants');
+    const symlinkPath = path.join(symlinkDir, 'mount-encrypted-home.service');
+    // Crea le directory necessarie
+    fs.mkdirSync(path.dirname(scriptPath), { recursive: true });
+    fs.mkdirSync(path.dirname(servicePath), { recursive: true });
+    fs.mkdirSync(symlinkDir, { recursive: true });
+    // Scrivi lo script
+    fs.writeFileSync(scriptPath, bashScript);
+    fs.chmodSync(scriptPath, 0o755);
+    // console.log(`✓ Created: ${scriptPath}`)
+    // Scrivi il service
+    fs.writeFileSync(servicePath, systemdService);
+    // console.log(`✓ Created: ${servicePath}`)
+    // Crea il symlink per abilitare il service
+    if (fs.existsSync(symlinkPath)) {
+        fs.unlinkSync(symlinkPath);
+    }
+    fs.symlinkSync('../mount-encrypted-home.service', symlinkPath);
+    // console.log(`✓ Enabled: mount-encrypted-home.service`)
+    // console.log('Encrypted home support installed successfully')
+    // console.log('Logs will be available at: /var/log/mount-encrypted-home.log')
+}

package/dist/classes/ovary.d/luks-home.d.ts

@@ -0,0 +1,15 @@
+/**
+ * ./src/classes/ovary.d/luks-home.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+import Ovary from '../ovary.js';
+/**
+ * luksHome()
+ *
+ * create a container LUKS with the entire
+ * filesystem.squashfs
+ */
+export declare function luksHome(this: Ovary, clone?: boolean, homecrypt?: boolean): Promise<void>;

package/dist/classes/ovary.d/luks-home.js

@@ -0,0 +1,140 @@
+/**
+ * ./src/classes/ovary.d/luks-home.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+// packages
+import fs from 'fs';
+import { spawn } from 'node:child_process';
+import Utils from '../utils.js';
+import { exec } from '../../lib/utils.js';
+/**
+ * luksHome()
+ *
+ * create a container LUKS with the entire
+ * filesystem.squashfs
+ */
+export async function luksHome(clone = false, homecrypt = false) {
+    try {
+        /**
+         * this.luksName = 'home.img';
+         * this.luksFile = `/tmp/${luksName}`
+         * this.luksDevice = `/dev/mapper/${luksName}`
+         * this.luksMappedName = this.luksName
+         * this.luksMountpoint = `/tmp/mnt/${luksName}`
+         * this.luksPassword = 'evolution'
+         */
+        console.log();
+        console.log('====================================');
+        console.log(` Creating ${this.luksName}`);
+        console.log('====================================');
+        // Utils.warning('1. Calculation of space requirements...')
+        let sizeString = (await exec('du -sb --exclude=/home/eggs /home', { capture: true })).data.trim().split(/\s+/)[0];
+        let size = Number.parseInt(sizeString, 10);
+        // const fsOverhead = Math.max(size * 0.1, 100 * 1024 * 1024)
+        // const luksSize = size + fsOverhead + (size * 0.2) // +20% di sicurezza
+        const luksSize = Math.ceil(size * 2);
+        Utils.warning(`homes size: ${bytesToGB(size)}`);
+        Utils.warning(`partition LUKS ${this.luksFile} size: ${bytesToGB(luksSize)}`);
+        Utils.warning(`creating partition LUKS: ${this.luksFile}`);
+        await executeCommand('truncate', ['--size', `${luksSize}`, this.luksFile]);
+        Utils.warning(`formatting ${this.luksFile} as a LUKS volume...`);
+        await executeCommand('cryptsetup', ['--batch-mode', 'luksFormat', this.luksFile], `${this.luksPassword}\n`);
+        this.luksUuid = (await exec(`cryptsetup luksUUID ${this.luksFile}`, { capture: true, echo: false })).data.trim();
+        Utils.warning(`LUKS uuid: ${this.luksUuid}`);
+        Utils.warning(`opening the LUKS volume. It will be mapped to ${this.luksDevice}`);
+        await executeCommand('cryptsetup', ['luksOpen', this.luksFile, this.luksMappedName], `${this.luksPassword}\n`);
+        Utils.warning(`formatting c ext4 `);
+        await exec(`mkfs.ext4 -L live-home ${this.luksDevice}`, this.echo);
+        Utils.warning(`mounting ${this.luksDevice} on ${this.luksMountpoint}`);
+        if (fs.existsSync(this.luksMountpoint)) {
+            if (!Utils.isMountpoint(this.luksMountpoint)) {
+                await exec(`rm -rf ${this.luksMountpoint}`, this.echo);
+            }
+            else {
+                throw new Error(`${this.luksMountpoint} is already mounted, process will abort!`);
+            }
+        }
+        await exec(`mkdir -p ${this.luksMountpoint}`, this.echo);
+        await exec(`mount /dev/mapper/${this.luksName} ${this.luksMountpoint}`, this.echo);
+        Utils.warning(`copying /home on  ${this.luksMountpoint}`);
+        await exec(`rsync -ah --exclude='eggs' /home/ ${this.luksMountpoint}`, this.echo);
+        Utils.warning(`saving user accounts info...`);
+        // Crea directory per backup system files
+        await exec(`mkdir -p ${this.luksMountpoint}/.system-backup`, this.echo);
+        // Filtra solo utenti con UID >= 1000
+        await exec(`awk -F: '$3 >= 1000 {print}' /etc/passwd > ${this.luksMountpoint}/.system-backup/passwd`, this.echo);
+        await exec(`awk -F: '$3 >= 1000 {print}' /etc/shadow > ${this.luksMountpoint}/.system-backup/shadow`, this.echo);
+        // Per i gruppi: salva TUTTI (non filtrare per GID)
+        // Gli utenti possono appartenere a gruppi di sistema (sudo, audio, video, etc.)
+        await exec(`cp /etc/group ${this.luksMountpoint}/.system-backup/group`, this.echo);
+        await exec(`cp /etc/gshadow ${this.luksMountpoint}/.system-backup/gshadow`, this.echo);
+        Utils.warning(`unmount ${this.luksDevice}`);
+        await exec(`umount ${this.luksMountpoint}`, this.echo);
+        Utils.warning(`closing LUKS volume ${this.luksMappedName}.`);
+        await executeCommand('cryptsetup', ['close', this.luksMappedName]);
+        Utils.warning(`moving ${this.luksName}  to (ISO)/live/.`);
+        await exec(`mv ${this.luksFile} ${this.settings.iso_work}/live`, this.echo);
+        Utils.warning('encryption process successfully completed!');
+        /**
+         * YOU MUST! unlink the key on production
+         */
+        // fs.unlinkSync(`${this.settings.iso_work}/live/home.key`)
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            Utils.error(`ERROR: ${error.message}`);
+        }
+        else {
+            Utils.error(`An unknown error has occurred.`);
+        }
+        Utils.warning('Cleaning performed following the error...');
+        if (fs.existsSync(this.luksMountpoint)) {
+            await exec(`umount -lf ${this.luksMountpoint}`).catch(() => { });
+        }
+        if (fs.existsSync(this.luksDevice)) {
+            await executeCommand('cryptsetup', ['luksClose', this.luksName]).catch(() => { });
+        }
+        await Utils.pressKeyToExit();
+        process.exit(1);
+    }
+}
+/**
+ * Funzione helper per eseguire comandi esterni in modo asincrono,
+ * gestendo lo standard input per passare le password.
+ * Restituisce una Promise che si risolve al successo o si rigetta in caso di errore.
+ */
+function executeCommand(command, args, stdinData) {
+    return new Promise((resolve, reject) => {
+        // Se passiamo dati a stdin, dobbiamo usare 'pipe'. Altrimenti, 'inherit'.
+        const stdioConfig = stdinData ? ['pipe', 'inherit', 'inherit'] : 'inherit';
+        const process = spawn(command, args, { stdio: stdioConfig });
+        // Se fornito, scriviamo i dati (es. la password) nello stdin del processo.
+        if (stdinData && process.stdin) {
+            process.stdin.write(stdinData);
+            process.stdin.end();
+        }
+        process.on('error', (err) => {
+            reject(new Error(`Error starting command "${command}": ${err.message}`));
+        });
+        process.on('close', (code) => {
+            if (code === 0) {
+                resolve(); // Success
+            }
+            else {
+                reject(new Error(`Command "${command} ${args.join(' ')}" ended with error code ${code}`));
+            }
+        });
+    });
+}
+/**
+ * Converte bytes in gigabytes per la visualizzazione.
+ */
+function bytesToGB(bytes) {
+    if (bytes === 0)
+        return '0.00 GB';
+    const gigabytes = bytes / (1024 * 1024 * 1024);
+    return gigabytes.toFixed(2) + ' GB';
+}