penguins-eggs 25.10.6 → 25.10.19

package/dist/classes/ovary.d/luks-root-bootstrap-builder.d.ts

@@ -0,0 +1,11 @@
+/**
+ * luks-root-bootstrap-builder.ts
+ *
+ * Crea un filesystem.squashfs bootstrap completo con Debian
+ * per sbloccare il sistema principale cifrato
+ */
+import Ovary from '../ovary.js';
+/**
+ * Crea il filesystem bootstrap completo
+ */
+export declare function createBootstrapFilesystem(this: Ovary, outputSquashfs: string): Promise<void>;

package/dist/classes/ovary.d/luks-root-bootstrap-builder.js

@@ -0,0 +1,45 @@
+/**
+ * luks-root-bootstrap-builder.ts
+ *
+ * Crea un filesystem.squashfs bootstrap completo con Debian
+ * per sbloccare il sistema principale cifrato
+ */
+import fs from 'fs';
+import path from 'path';
+import Utils from '../utils.js';
+import { exec } from '../../lib/utils.js';
+const __dirname = path.dirname(new URL(import.meta.url).pathname);
+/**
+ * Crea il filesystem bootstrap completo
+ */
+export async function createBootstrapFilesystem(outputSquashfs) {
+    Utils.warning('Creating full Debian bootstrap filesystem...');
+    Utils.warning('This will take several minutes...');
+    const scriptsDir = path.join(__dirname, '../../../scripts');
+    const createScript = path.join(scriptsDir, 'luks-root-bootstrap-create.sh');
+    const unlockScript = path.join(scriptsDir, 'luks-root-unlock.sh');
+    // Verifica che gli script esistano
+    if (!fs.existsSync(createScript)) {
+        throw new Error(`Build script not found: ${createScript}`);
+    }
+    if (!fs.existsSync(unlockScript)) {
+        throw new Error(`Unlock script not found: ${unlockScript}`);
+    }
+    try {
+        // Esegui lo script di creazione bash
+        Utils.warning('Executing bootstrap creation script...');
+        await exec(`bash ${createScript} ${outputSquashfs} ${unlockScript}`, { echo: true });
+        // Verifica che il file sia stato creato
+        if (!fs.existsSync(outputSquashfs)) {
+            throw new Error('Bootstrap filesystem was not created');
+        }
+        const stats = fs.statSync(outputSquashfs);
+        const sizeMB = (stats.size / 1024 / 1024).toFixed(2);
+        Utils.success(`✓ Bootstrap filesystem created: ${sizeMB} MB`);
+        Utils.success('  Full Debian system with systemd and encrypted root unlock');
+    }
+    catch (error) {
+        Utils.error(`Failed to create bootstrap filesystem: ${error}`);
+        throw error;
+    }
+}

package/dist/classes/ovary.d/luks-root.d.ts

@@ -0,0 +1,15 @@
+/**
+ * ./src/classes/ovary.d/encrypt-live-fs.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+import Ovary from '../ovary.js';
+/**
+ * luksRoot()
+ *
+ * create a container LUKS with the entire
+ * filesystem.squashfs
+ */
+export declare function luksRoot(this: Ovary): Promise<void>;

package/dist/classes/ovary.d/luks-root.js

@@ -0,0 +1,126 @@
+/**
+ * ./src/classes/ovary.d/encrypt-live-fs.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+// packages
+import fs from 'fs';
+import { spawn } from 'node:child_process';
+import Utils from '../utils.js';
+import { exec } from '../../lib/utils.js';
+/**
+ * luksRoot()
+ *
+ * create a container LUKS with the entire
+ * filesystem.squashfs
+ */
+export async function luksRoot() {
+    // filesystem.squashfs.real
+    const live_fs = `${this.settings.iso_work}live/filesystem.squashfs.real`;
+    try {
+        /**
+         * this.luksName = 'luks.img';
+         * this.luksFile = `/tmp/${luksName}`
+         * this.luksDevice = `/dev/mapper/${luksName}`
+         * this.luksMappedName = this.luksName
+         * this.luksMountpoint = `/tmp/mnt/${luksName}`
+         * this.luksPassword = 'evolution'
+         */
+        console.log();
+        console.log('====================================');
+        console.log(` Creating ${this.luksName}`);
+        console.log('====================================');
+        // Utils.warning('1. Calculation of space requirements...')
+        const sizeString = (await exec(`unsquashfs -s ${live_fs} | grep "Filesystem size" | sed -e 's/.*size //' -e 's/ .*//'`, { capture: true, echo: false })).data;
+        let size = Number.parseInt(sizeString); // Dimensione in Byte
+        // Add overhead * 1.20
+        const luksSize = Math.ceil(size * 1.20);
+        Utils.warning(`filesystem.squashfs size: ${bytesToGB(size)}`);
+        Utils.warning(`partition LUKS ${this.luksFile} size: ${bytesToGB(luksSize)}`);
+        Utils.warning(`creating partition LUKS: ${this.luksFile}`);
+        await executeCommand('truncate', ['--size', `${luksSize}`, this.luksFile]);
+        Utils.warning(`formatting ${this.luksFile} as a LUKS volume...`);
+        await executeCommand('cryptsetup', ['--batch-mode', 'luksFormat', this.luksFile], `${this.luksPassword}\n`);
+        this.luksUuid = (await exec(`cryptsetup luksUUID ${this.luksFile}`, { capture: true, echo: false })).data.trim();
+        Utils.warning(`LUKS uuid: ${this.luksUuid}`);
+        Utils.warning(`opening the LUKS volume. It will be mapped to ${this.luksDevice}`);
+        await executeCommand('cryptsetup', ['luksOpen', this.luksFile, this.luksMappedName], `${this.luksPassword}\n`);
+        Utils.warning(`formatting ext4`);
+        await exec(`mkfs.ext4 -L live-root ${this.luksDevice}`, this.echo);
+        Utils.warning(`mounting ${this.luksDevice} on ${this.luksMountpoint}`);
+        if (fs.existsSync(this.luksMountpoint)) {
+            if (!Utils.isMountpoint(this.luksMountpoint)) {
+                await exec(`rm -rf ${this.luksMountpoint}`, this.echo);
+            }
+            else {
+                throw new Error(`${this.luksMountpoint} is already mounted, process will abort!`);
+            }
+        }
+        await exec(`mkdir -p ${this.luksMountpoint}`, this.echo);
+        await exec(`mount /dev/mapper/${this.luksName} ${this.luksMountpoint}`, this.echo);
+        Utils.warning(`moving ${live_fs} ${this.luksMountpoint}/filesystem.squashfs`);
+        await exec(`mv  ${live_fs} ${this.luksMountpoint}/filesystem.squashfs`, this.echo);
+        Utils.warning(`unmount ${this.luksMountpoint} `);
+        await exec(`umount ${this.luksMountpoint}`, this.echo);
+        Utils.warning(`closing LUKS volume ${this.luksFile}.`);
+        await executeCommand('cryptsetup', ['close', this.luksMappedName]);
+        Utils.warning(`moving ${this.luksMappedName} on (ISO)/live.`);
+        await exec(`mv ${this.luksFile} ${this.settings.iso_work}/live`, this.echo);
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            Utils.error(`ERROR: ${error.message}`);
+        }
+        else {
+            Utils.error(`An unknown error has occurred.`);
+        }
+        Utils.warning('Cleaning performed following the error...');
+        if (fs.existsSync(this.luksMountpoint)) {
+            await exec(`umount -lf ${this.luksMountpoint}`).catch(() => { });
+        }
+        if (fs.existsSync(this.luksDevice)) {
+            await executeCommand('cryptsetup', ['luksClose', this.luksName]).catch(() => { });
+        }
+        await Utils.pressKeyToExit();
+        process.exit(1);
+    }
+}
+/**
+ * Funzione helper per eseguire comandi esterni in modo asincrono,
+ * gestendo lo standard input per passare le password.
+ * Restituisce una Promise che si risolve al successo o si rigetta in caso di errore.
+ */
+function executeCommand(command, args, stdinData) {
+    return new Promise((resolve, reject) => {
+        // Se passiamo dati a stdin, dobbiamo usare 'pipe'. Altrimenti, 'inherit'.
+        const stdioConfig = stdinData ? ['pipe', 'inherit', 'inherit'] : 'inherit';
+        const process = spawn(command, args, { stdio: stdioConfig });
+        // Se fornito, scriviamo i dati (es. la password) nello stdin del processo.
+        if (stdinData && process.stdin) {
+            process.stdin.write(stdinData);
+            process.stdin.end();
+        }
+        process.on('error', (err) => {
+            reject(new Error(`Error starting command "${command}": ${err.message}`));
+        });
+        process.on('close', (code) => {
+            if (code === 0) {
+                resolve(); // Success
+            }
+            else {
+                reject(new Error(`Command "${command} ${args.join(' ')}" ended with error code ${code}`));
+            }
+        });
+    });
+}
+/**
+ * Converte bytes in gigabytes per la visualizzazione.
+ */
+function bytesToGB(bytes) {
+    if (bytes === 0)
+        return '0.00 GB';
+    const gigabytes = bytes / (1024 * 1024 * 1024);
+    return gigabytes.toFixed(2) + ' GB';
+}

package/dist/classes/ovary.d/make-efi.js

@@ -218,7 +218,7 @@ export async function makeEfi(theme = 'eggs') {
         Utils.error(`error: ${grubTemplate} does not exist`);
         process.exit(1);
     }
-    const kernel_parameters = Diversions.kernelParameters(this.familyId, this.volid); // this.kernelParameters()
+    const kernel_parameters = Diversions.kernelParameters(this.familyId, this.volid, this.luksUuid); // this.kernelParameters()
     const cfgMain = path.join(isoDir, '/boot/grub/grub.cfg');
     const template = fs.readFileSync(grubTemplate, 'utf8');
     const view = {

package/dist/classes/ovary.d/make-squashfs.d.ts

@@ -9,7 +9,7 @@ import Ovary from '../ovary.js';
 /**
  * squashFs: crea in live filesystem.squashfs
  */
-export declare function makeSquashfs(this: Ovary, scriptOnly?: boolean, unsecure?: boolean): Promise<string>;
+export declare function makeSquashfs(this: Ovary, scriptOnly?: boolean, includeRoot?: boolean): Promise<string>;
 /**
  * Add or remove exclusion
  * @param add {boolean} true = add, false remove

package/dist/classes/ovary.d/make-squashfs.js

@@ -16,7 +16,7 @@ const __dirname = path.dirname(new URL(import.meta.url).pathname);
 /**
  * squashFs: crea in live filesystem.squashfs
  */
-export async function makeSquashfs(scriptOnly = false, unsecure = false) {
+export async function makeSquashfs(scriptOnly = false, includeRoot = false) {
     if (this.verbose) {
         console.log('Ovary: makeSquashfs');
     }
@@ -57,7 +57,7 @@ export async function makeSquashfs(scriptOnly = false, unsecure = false) {
     /**
      * secure
      */
-    if (!unsecure) {
+    if (!includeRoot) {
         this.addExclusion(`root/*`);
         this.addExclusion(`root/.*`);
     }
@@ -81,7 +81,11 @@ export async function makeSquashfs(scriptOnly = false, unsecure = false) {
      * [-ef exclude.list]
      * [-e list of exclude dirs/files]
      */
-    let cmd = `mksquashfs ${this.settings.work_dir.merged} ${this.settings.iso_work}live/filesystem.squashfs ${compression} ${limit} -no-xattrs -wildcards -ef ${this.settings.config.snapshot_excludes} ${this.settings.session_excludes}`;
+    let sfsName = "filesystem.squashfs";
+    if (this.fullcrypt) {
+        sfsName = "filesystem.squashfs.real";
+    }
+    let cmd = `mksquashfs ${this.settings.work_dir.merged} ${this.settings.iso_work}live/${sfsName} ${compression} ${limit} -no-xattrs -wildcards -ef ${this.settings.config.snapshot_excludes} ${this.settings.session_excludes}`;
     cmd = cmd.replaceAll(/\s\s+/g, ' ');
     Utils.writeX(`${this.settings.work_dir.ovarium}mksquashfs`, cmd);
     if (!scriptOnly) {

package/dist/classes/ovary.d/produce.d.ts

@@ -10,14 +10,14 @@ import Ovary from './../ovary.js';
 /**
  * produce
  * @param clone
- * @param cryptedclone
+ * @param homecrypt
  * @param scriptOnly
  * @param yolkRenew
  * @param release
  * @param myAddons
  * @param nointeractive
  * @param noicons
- * @param unsecure
+ * @param includeRoot
  * @param verbose
  */
-export declare function produce(this: Ovary, kernel: string | undefined, clone: boolean | undefined, cryptedclone: boolean | undefined, scriptOnly: boolean | undefined, yolkRenew: boolean | undefined, release: boolean | undefined, myAddons: IAddons, myLinks: string[], excludes: IExcludes, nointeractive?: boolean, noicons?: boolean, unsecure?: boolean, verbose?: boolean): Promise<void>;
+export declare function produce(this: Ovary, kernel: string | undefined, clone: boolean | undefined, homecrypt: boolean | undefined, fullcrypt: boolean | undefined, scriptOnly: boolean | undefined, yolkRenew: boolean | undefined, release: boolean | undefined, myAddons: IAddons, myLinks: string[], excludes: IExcludes, nointeractive?: boolean, noicons?: boolean, includeRoot?: boolean, verbose?: boolean): Promise<void>;

package/dist/classes/ovary.d/produce.js

@@ -26,31 +26,47 @@ const __dirname = path.dirname(new URL(import.meta.url).pathname);
 /**
  * produce
  * @param clone
- * @param cryptedclone
+ * @param homecrypt
  * @param scriptOnly
  * @param yolkRenew
  * @param release
  * @param myAddons
  * @param nointeractive
  * @param noicons
- * @param unsecure
+ * @param includeRoot
  * @param verbose
  */
-export async function produce(kernel = '', clone = false, cryptedclone = false, scriptOnly = false, yolkRenew = false, release = false, myAddons, myLinks, excludes, nointeractive = false, noicons = false, unsecure = false, verbose = false) {
+export async function produce(kernel = '', clone = false, homecrypt = false, fullcrypt = false, scriptOnly = false, yolkRenew = false, release = false, myAddons, myLinks, excludes, nointeractive = false, noicons = false, includeRoot = false, verbose = false) {
     this.verbose = verbose;
     this.echo = Utils.setEcho(verbose);
     if (this.verbose) {
         this.toNull = ' > /dev/null 2>&1';
     }
     this.kernel = kernel;
-    this.clone = clone;
-    this.cryptedclone = cryptedclone;
-    const luksName = 'luks-volume';
-    const luksFile = `/tmp/${luksName}`;
     this.nest = this.settings.config.snapshot_dir;
     this.dotMnt = `${this.nest}.mnt`;
     this.dotOverlay = this.settings.work_dir;
     this.dotLivefs = this.settings.work_dir.merged;
+    this.clone = clone;
+    this.homecrypt = homecrypt;
+    this.fullcrypt = fullcrypt;
+    // Crittografia
+    if (this.homecrypt || this.fullcrypt) {
+        if (this.homecrypt) {
+            this.luksName = 'home.img';
+        }
+        else if (this.fullcrypt) {
+            this.luksName = 'root.img';
+        }
+        this.luksUuid = '';
+        this.luksFile = `/tmp/${this.luksName}`;
+        this.luksMappedName = this.luksName;
+        this.luksMountpoint = `/tmp/mnt/${this.luksName}`;
+        this.luksDevice = `/dev/mapper/${this.luksName}`;
+        this.luksPassword = '0'; // USARE UNA PASSWORD SICURA IN PRODUZIONE!
+        Utils.warning("You choose an encrypted eggs");
+        await this.luksGetPassword();
+    }
     /**
      * define kernel
      */
@@ -59,15 +75,9 @@ export async function produce(kernel = '', clone = false, cryptedclone = false,
             const moduleDirs = fs.readdirSync('/lib/modules');
             this.kernel = moduleDirs[0];
         }
-        else if (this.familyId === 'archlinux') {
+        else if (this.familyId === 'archlinux') { // arch, manjaro
             const moduleDirs = fs.readdirSync('/usr/lib/modules');
             this.kernel = moduleDirs[0];
-            /**
-             * no need more
-             */
-            if (Diversions.isManjaroBased(this.distroId)) {
-                // this.kernel += '-MANJARO'
-            }
         }
         else { // debian, fedora, openmamba, opensuse, voidlinux
             let vmlinuz = path.basename(Utils.vmlinuz());
@@ -120,25 +130,22 @@ export async function produce(kernel = '', clone = false, cryptedclone = false,
             const bleach = new Bleach();
             await bleach.clean(verbose);
         }
-        if (cryptedclone) {
-            /**
-             * cryptedclone
-             */
-            console.log("eggs will SAVE users and users' data ENCRYPTED");
+        /**
+         * homecrypt/fullcrypt/clone/standard
+         */
+        if (this.homecrypt) {
+            Utils.warning("eggs will SAVE users and users' data ENCRYPTED on the live (ISO)/live/home.img");
+        }
+        else if (this.fullcrypt) {
+            Utils.warning("eggs will SAVE full system ENCRYPTED on the live (ISO)/live/root.img");
         }
         else if (this.clone) {
-            /**
-             * clone
-             */
             this.settings.config.user_opt = 'live'; // patch for humans
             this.settings.config.user_opt_passwd = 'evolution';
             this.settings.config.root_passwd = 'evolution';
-            Utils.warning("eggs will SAVE users and users' data UNCRYPTED on the live");
+            Utils.warning("eggs will SAVE users and users' data on CLEAR on the live (ISO)/live/filesystem.squashfs");
         }
         else {
-            /**
-             * normal
-             */
             Utils.warning("eggs will REMOVE users and users' data from live");
         }
         /**
@@ -191,14 +198,12 @@ export async function produce(kernel = '', clone = false, cryptedclone = false,
              */
             this.incubator = new Incubator(this.settings.remix, this.settings.distro, this.settings.config.user_opt, this.theme, this.clone, verbose);
             await this.incubator.config(release);
-            // need syslinux?
-            const arch = process.arch;
-            if (arch === 'ia32' || arch === 'x64') {
-                await this.syslinux(this.theme);
-            }
+            /**
+             * kernelCopu
+             */
             await this.kernelCopy();
             /**
-             * spostare alla fine per dracut
+             * initrd creation
              */
             if (this.familyId === 'alpine') {
                 await this.initrdAlpine();
@@ -215,16 +220,13 @@ export async function produce(kernel = '', clone = false, cryptedclone = false,
                 this.familyId === 'voidlinux') {
                 await this.initrdDracut();
             }
-            if (this.settings.config.make_efi) {
-                await this.makeEfi(this.theme);
-            }
             await this.bindLiveFs();
             // We run them just to have scripts
             await this.bindVfs();
             await this.ubindVfs();
             if (!this.clone) {
                 /**
-                 * ANCHE per cryptedclone
+                 * SOLO per clone no per homecrypt, ne per fullcrypt
                  */
                 await this.usersRemove();
                 await this.userCreateLive();
@@ -242,20 +244,46 @@ export async function produce(kernel = '', clone = false, cryptedclone = false,
                     this.cliAutologin.add(this.settings.distro.distroId, this.settings.distro.codenameId, this.settings.config.user_opt, this.settings.config.user_opt_passwd, this.settings.config.root_passwd, this.settings.work_dir.merged);
                 }
             }
-            await this.editLiveFs(clone, cryptedclone);
-            mksquashfsCmd = await this.makeSquashfs(scriptOnly, unsecure);
-            await this.uBindLiveFs(); // Lo smonto prima della fase di backup
-        }
-        if (cryptedclone) {
-            let synctoCmd = `eggs syncto  -f ${luksFile}`;
-            if (excludes.home) {
-                synctoCmd += ' --excludes'; // from Marco, usa home.list
+            await this.editLiveFs(clone);
+            if (this.homecrypt) {
+                /**
+                 * homecrypt: installa il supporto
+                 */
+                const squashfsRoot = this.settings.work_dir.merged;
+                const homeImgPath = this.distroLliveMediumPath + 'live/home.img';
+                this.installHomecryptSupport(squashfsRoot, homeImgPath);
             }
-            await exec(synctoCmd, Utils.setEcho(true));
-            Utils.warning(`moving ${luksFile} in ${this.nest}(ISO)/live`);
-            await exec(`mv ${luksFile} ${this.nest}(ISO)/live`, this.echo);
+            mksquashfsCmd = await this.makeSquashfs(scriptOnly, includeRoot);
+            await this.uBindLiveFs(); // smonto tutto prima della fase di backup
+        }
+        if (homecrypt) {
+            await this.luksHome();
+        }
+        else if (fullcrypt) {
+            await this.luksRoot();
+        }
+        /**
+         * makeEfi and syslinux was moved
+         * after luksRoot
+         * to get luks.uuid
+         */
+        if (this.settings.config.make_efi) {
+            await this.makeEfi(this.theme);
+        }
+        // need syslinux?
+        const arch = process.arch;
+        if (arch === 'ia32' || arch === 'x64') {
+            await this.syslinux(this.theme);
+        }
+        // add the bootstrapt filesystem.squashfs
+        if (fullcrypt) {
+            let bootstrapSfs = path.join(this.settings.iso_work, '/live/filesystem.squashfs');
+            /**
+             * escludo la costruzione di filesystem.squashfs
+             */
+            // await this.createBootstrapFilesystem(bootstrapSfs)
         }
-        const mkIsofsCmd = (await this.xorrisoCommand(clone, cryptedclone)).replaceAll(/\s\s+/g, ' ');
+        const mkIsofsCmd = (await this.xorrisoCommand(clone, homecrypt, fullcrypt)).replaceAll(/\s\s+/g, ' ');
         this.makeDotDisk(this.volid, mksquashfsCmd, mkIsofsCmd);
         /**
          * AntiX/MX LINUX

package/dist/classes/ovary.d/syslinux.js

@@ -56,7 +56,7 @@ export async function syslinux(theme = 'eggs') {
         Utils.warning('Cannot find: ' + isolinuxTemplate);
         process.exit();
     }
-    const kernel_parameters = Diversions.kernelParameters(this.familyId, this.volid);
+    const kernel_parameters = Diversions.kernelParameters(this.familyId, this.volid, this.luksUuid);
     const template = fs.readFileSync(isolinuxTemplate, 'utf8');
     const view = {
         fullname: this.settings.remix.fullname.toUpperCase(),

package/dist/classes/ovary.d/xorriso-command.d.ts

@@ -8,7 +8,7 @@
 import Ovary from '../ovary.js';
 /**
    *
-   * @param cryptedclone
+   * @param fullcrypt
    * @returns cmd 4 mkiso
    */
-export declare function xorrisoCommand(this: Ovary, clone?: boolean, cryptedclone?: boolean): Promise<string>;
+export declare function xorrisoCommand(this: Ovary, clone?: boolean, homecrypt?: boolean, fullcrypt?: boolean): Promise<string>;

package/dist/classes/ovary.d/xorriso-command.js

@@ -15,30 +15,32 @@ import Diversions from '../diversions.js';
 const __dirname = path.dirname(new URL(import.meta.url).pathname);
 /**
    *
-   * @param cryptedclone
+   * @param fullcrypt
    * @returns cmd 4 mkiso
    */
-export async function xorrisoCommand(clone = false, cryptedclone = false) {
-    if (this.verbose) {
-        console.log('Ovary: xorrisoCommand');
-    }
+export async function xorrisoCommand(clone = false, homecrypt = false, fullcrypt = false) {
     const prefix = this.settings.config.snapshot_prefix;
-    let typology = '';
     // typology is applied only with standard egg-of
+    let typology = '';
     if (prefix.slice(0, 7) === 'egg-of_') {
         if (clone) {
             typology = '_clone';
         }
-        else if (cryptedclone) {
-            typology = '_crypted';
+        else if (homecrypt) {
+            typology = '_clone-home-crypted';
+        }
+        else if (fullcrypt) {
+            // filesystem.squashfs.real
+            typology = '_clone-full-crypted';
         }
         if (fs.existsSync('/usr/bin/eui-start.sh')) {
             typology += '_EUI';
         }
     }
+    // postfix (data)
     const postfix = Utils.getPostfix();
     this.settings.isoFilename = prefix + this.volid + '_' + Utils.uefiArch() + typology + postfix;
-    //
+    // node della ISO
     const output = this.settings.config.snapshot_mnt + this.settings.isoFilename;
     let command = '';
     // const appid = `-appid "${this.settings.distro.distroId}" `
@@ -80,6 +82,22 @@ export async function xorrisoCommand(clone = false, cryptedclone = false) {
             uefi_isohybridGptBasdat = '-isohybrid-gpt-basdat';
             uefi_noEmulBoot = '-no-emul-boot';
         }
+        // <<< INIZIO BLOCCO AGGIUNTO >>>
+        let luksPartitionParam = ''; // Inizializziamo la variabile per il parametro LUKS
+        if (fullcrypt) {
+            // Costruiamo il percorso del file luks.img all'interno della directory di build
+            const luksImagePath = path.join(this.settings.iso_work, 'live', this.luksName);
+            // Verifichiamo che il file esista prima di aggiungerlo
+            if (fs.existsSync(luksImagePath)) {
+                // Costruiamo il parametro per aggiungere la partizione 3
+                luksPartitionParam = `-append_partition 3 0x80 ${luksImagePath}`;
+            }
+            else {
+                Utils.warning(`Errore: impossibile creare l'ISO criptata, file non trovato: ${luksImagePath}`);
+                process.exit();
+            }
+        }
+        // <<< FINE BLOCCO AGGIUNTO >>>        
         command = `xorriso -as mkisofs \
                     -J \
                     -joliet-long \
@@ -99,25 +117,5 @@ export async function xorrisoCommand(clone = false, cryptedclone = false) {
                     ${uefi_noEmulBoot} \
                     -o ${output} ${this.settings.iso_work}`;
     }
-    else {
-        this.genisoimage = true;
-        command = `genisoimage \
-        -iso-level 3 \
-        -allow-limited-size \
-        -joliet-long \
-        -r \
-        -V ${this.volid} \
-        -cache-inodes \
-        -J \
-        -l \
-        -b isolinux/isolinux.bin \
-        -c isolinux/boot.cat \
-        -no-emul-boot \
-        -boot-load-size 4 \
-        -boot-info-table \
-        -eltorito-alt-boot \
-        -e boot/grub/efi.img \
-        -o ${output} ${this.settings.iso_work}`;
-    }
     return command;
 }