npm - penguins-eggs - Versions diffs - 25.10.6 → 25.10.19 - Mend

penguins-eggs 25.10.6 → 25.10.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

package/.oclif.manifest.json +51 -145
package/README.md +3 -829
package/addons/eggs/theme/livecd/isolinux.main.simple.cfg +3 -3
package/conf/distros/trixie/calamares/modules/shellprocess@boot_deploy.yml +3 -4
package/conf/love.yaml +1 -1
package/dist/classes/distro.js +9 -2
package/dist/classes/diversions.d.ts +1 -1
package/dist/classes/diversions.js +27 -8
package/dist/classes/incubation/incubator.d/archlinux.js +1 -0
package/dist/classes/incubation/incubator.d/trixie.js +7 -10
package/dist/classes/ovary.d/edit-live-fs.d.ts +1 -1
package/dist/classes/ovary.d/edit-live-fs.js +1 -7
package/dist/classes/ovary.d/fertilization.js +1 -0
package/dist/classes/ovary.d/finished.js +1 -5
package/dist/classes/ovary.d/initrd.d.ts +1 -1
package/dist/classes/ovary.d/initrd.js +17 -19
package/dist/classes/ovary.d/live-create-structure.js +1 -4
package/dist/classes/ovary.d/luks-get-password.d.ts +12 -0
package/dist/classes/ovary.d/luks-get-password.js +57 -0
package/dist/classes/ovary.d/luks-home-support.d.ts +12 -0
package/dist/classes/ovary.d/luks-home-support.js +75 -0
package/dist/classes/ovary.d/luks-home.d.ts +15 -0
package/dist/classes/ovary.d/luks-home.js +140 -0
package/dist/classes/ovary.d/luks-root-bootstrap-builder.d.ts +11 -0
package/dist/classes/ovary.d/luks-root-bootstrap-builder.js +45 -0
package/dist/classes/ovary.d/luks-root.d.ts +15 -0
package/dist/classes/ovary.d/luks-root.js +126 -0
package/dist/classes/ovary.d/make-efi.js +1 -1
package/dist/classes/ovary.d/make-squashfs.d.ts +1 -1
package/dist/classes/ovary.d/make-squashfs.js +7 -3
package/dist/classes/ovary.d/produce.d.ts +3 -3
package/dist/classes/ovary.d/produce.js +76 -48
package/dist/classes/ovary.d/syslinux.js +1 -1
package/dist/classes/ovary.d/xorriso-command.d.ts +2 -2
package/dist/classes/ovary.d/xorriso-command.js +27 -29
package/dist/classes/ovary.d.ts +35 -16
package/dist/classes/ovary.js +42 -16
package/dist/classes/utils.d.ts +1 -0
package/dist/classes/utils.js +3 -0
package/dist/commands/config.d.ts +1 -1
package/dist/commands/config.js +2 -2
package/dist/commands/love.d.ts +3 -0
package/dist/commands/love.js +40 -2
package/dist/commands/produce.d.ts +3 -2
package/dist/commands/produce.js +14 -17
package/dist/commands/tools/{ppa.d.ts → repo.d.ts} +2 -2
package/dist/commands/tools/{ppa.js → repo.js} +69 -67
package/dracut/create-symlink +71 -0
package/dracut/dracut-log.txt +3 -0
package/dracut/dracut.conf.d/50-live.conf +24 -6
package/dracut/dracut.conf.d/README.md +10 -0
package/dracut/export +4 -0
package/dracut/export-dracut-analysis +51 -0
package/dracut/export-dracut-log +2 -0
package/dracut/mkisofs +10 -0
package/dracut/modules.d/00debug-shell/debug-hook.sh +13 -0
package/dracut/modules.d/00debug-shell/module-setup.sh +20 -0
package/dracut/modules.d/90block/README.md +7 -0
package/dracut/modules.d/90block/block-cmdline.sh +3 -0
package/dracut/modules.d/90block/module-setup.sh +15 -0
package/dracut/modules.d/95iso-scan/README.md +3 -0
package/dracut/modules.d/95iso-scan/iso-scan-fallback.sh +12 -0
package/dracut/modules.d/95iso-scan/iso-scan.sh +92 -0
package/dracut/modules.d/95iso-scan/module-setup.sh +18 -0
package/dracut/modules.d/95luks-loop/README.md +9 -0
package/dracut/modules.d/95luks-loop/luks-loop.sh +90 -0
package/dracut/modules.d/95luks-loop/module-setup.sh +17 -0
package/dracut/renew-initramfs +17 -0
package/dracut/sbin2bin +10 -0
package/dracut/update-dracut-conf-d +2 -0
package/dracut/update-dracut-modules +62 -0
package/manpages/doc/man/eggs.1.gz +0 -0
package/manpages/doc/man/eggs.html +7 -661
package/package.json +9 -8
package/perrisbrewery/template/dependencies.yaml +6 -5
package/scripts/_eggs +16 -31
package/scripts/eggs.bash +4 -6
package/scripts/luks-root-bootstrap-create.sh +235 -0
package/scripts/luks-root-unlock.sh +172 -0
package/scripts/mount-encrypted-home.sh +223 -0
package/dist/commands/syncfrom.d.ts +0 -45
package/dist/commands/syncfrom.js +0 -152
package/dist/commands/syncto.d.ts +0 -40
package/dist/commands/syncto.js +0 -175

package/package.json CHANGED Viewed

@@ -2,17 +2,17 @@
     "name": "penguins-eggs",
     "shortName": "eggs",
     "description": "A remaster system tool, compatible with Arch, Debian, Devuan, Ubuntu and others",
-    "version": "25.10.6",
+    "version": "25.10.19",
     "author": "Piero Proietti",
     "bin": {
         "eggs": "./bin/run.js"
     },
     "bugs": "https://github.com/pieroproietti/penguins-eggs/issues",
     "dependencies": {
-        "@oclif/core": "^4.5.3",
-        "@oclif/plugin-autocomplete": "^3.2.34",
+        "@oclif/core": "^4.5.6",
+        "@oclif/plugin-autocomplete": "^3.2.37",
         "@oclif/plugin-help": "^6.2.33",
-        "@oclif/plugin-version": "^2.2.33",
+        "@oclif/plugin-version": "^2.2.34",
         "@types/express": "^5.0.3",
         "ansis": "^4.2.0",
         "axios": "^1.12.2",
@@ -23,7 +23,7 @@
         "ink": "^5",
         "ink-progress-bar": "^3.0.0",
         "ink-spinner": "^5.0.0",
-        "inquirer": "^12.9.6",
+        "inquirer": "^12.10.0",
         "js-yaml": "^4.1.0",
         "mustache": "^4.2.0",
         "netmask": "^2.0.2",
@@ -51,12 +51,12 @@
         "@types/shelljs": "^0.8.17",
         "@types/ws": "^8.18.1",
         "chai": "^6.2.0",
-        "eslint": "^9.37.0",
-        "eslint-config-oclif": "^6.0.108",
+        "eslint": "^9.38.0",
+        "eslint-config-oclif": "^6.0.110",
         "eslint-config-prettier": "^10.1.8",
         "glob": "^11.0.3",
         "mocha": "^11.7.4",
-        "oclif": "^4.22.29",
+        "oclif": "^4.22.32",
         "perrisbrewery": "^25.9.16",
         "prettier": "^3.6.2",
         "shx": "^0.4.0",
@@ -76,6 +76,7 @@
         "/dist",
         "/dracut",
         "/eui",
+        "/initramfs-tools",
         "/manpages",
         "/mkinitcpio",
         "/mkinitfs",

package/perrisbrewery/template/dependencies.yaml CHANGED Viewed

@@ -5,6 +5,7 @@
 common:
   - coreutils
   - cryptsetup
+  - cryptsetup-bin
   - cryptsetup-initramfs
   - curl # wardrobe
   - dbus-bin | uuidgen-runtime # uuid-runtime per devuan
@@ -13,11 +14,11 @@ common:
   - git # wardrobe
   - gpg # eggs
   - jq # mom
-  - live-boot # eggs
-  - live-boot-doc # eggs
-  - live-boot-initramfs-tools # eggs
-  - live-config-systemd | live-config-sysvinit
-  - live-tools # eggs
+  - live-boot | dracut
+  - live-boot-doc | dracut
+  - live-boot-initramfs-tools | dracut
+  - live-config-systemd | live-config-sysvinit | dracut
+  - live-tools | dracut-live
   - lvm2  # pvdisplay in krill
   - nodejs (>= 18)
   - parted

package/scripts/_eggs CHANGED Viewed

@@ -59,7 +59,7 @@ _eggs_tools() {
     cmds)
 _values "completions" \
 "clean[clean system log, apt, etc]" \
-"ppa[add/remove repo]" \
+"repo[add/remove penguins-eggs-repo]" \
 "skel[update skel from home configuration]" \
 "stat[get statistics from sourceforge]" \
 "yolk[configure eggs to install without internet]" \
@@ -75,12 +75,12 @@ _values "completions" \
 --help"[Show help for command]" \
 "*: :_files"
         ;;
-        "ppa")
+        "repo")
           _arguments -S \
-"(-a --add)"{-a,--add}"[add penguins-eggs PPA repository]" \
+"(-a --add)"{-a,--add}"[add penguins-eggs-repo]" \
 "(-h --help)"{-h,--help}"[Show CLI help.]" \
 "(-n --nointeractive)"{-n,--nointeractive}"[no user interaction]" \
-"(-r --remove)"{-r,--remove}"[remove penguins-eggs PPA repository]" \
+"(-r --remove)"{-r,--remove}"[remove penguins-eggs-repo]" \
 "(-v --verbose)"{-v,--verbose}"[verbose]" \
 --help"[Show help for command]" \
 "*: :_files"
@@ -198,11 +198,9 @@ _eggs() {
 "pods[eggs pods: build ISOs from containers]" \
 "produce[produce a live image from your system whithout your data]" \
 "status[informations about eggs status]" \
-"syncfrom[restore users and user data from a LUKS volumes]" \
-"syncto[Save users and users' data ENCRYPTED]" \
 "update[update the Penguins' eggs tool]" \
-"help[Display help for eggs.]" \
 "autocomplete[Display autocomplete installation instructions.]" \
+"help[Display help for eggs.]" \
 "version[]" \
     ;;
@@ -320,6 +318,9 @@ _arguments -S \
 "(-h --help)"{-h,--help}"[Show CLI help.]" \
 "(-v --verbose)"{-v,--verbose}"[]" \
 "(-n --nointeractive)"{-n,--nointeractive}"[no user interaction]" \
+"(-c --clone)"{-c,--clone}"[clone (uncrypted)]" \
+"(-k --homecrypt)"{-k,--homecrypt}"[clone crypted home]" \
+"(-f --fullcrypt)"{-f,--fullcrypt}"[clone crypted full]" \
 --help"[Show help for command]" \
 "*: :_files" ;;
 mom)
@@ -336,11 +337,12 @@ produce)
 _arguments -S \
 "*"--addons"[addons to be used: adapt, pve, rsupport]:file:_files" \
 --basename"[basename]:file:_files" \
-"(-c --clone)"{-c,--clone}"[clone]" \
-"(-C --cryptedclone)"{-C,--cryptedclone}"[crypted clone]" \
+"(-c --clone)"{-c,--clone}"[clone (uncrypted)]" \
+"(-k --homecrypt)"{-k,--homecrypt}"[clone crypted home]" \
+"(-f --fullcrypt)"{-f,--fullcrypt}"[clone crypted full]" \
 "*"--excludes"[use: static, homes, home]:file:_files" \
 "(-h --help)"{-h,--help}"[Show CLI help.]" \
-"(-k --kernel)"{-k,--kernel}"[kernel version]:file:_files" \
+"(-K --kernel)"{-K,--kernel}"[kernel version]:file:_files" \
 "*"--links"[desktop links]:file:_files" \
 "(-m --max)"{-m,--max}"[max compression: xz -Xbcj ...]" \
 "(-N --noicon)"{-N,--noicon}"[no icon eggs on desktop]" \
@@ -351,7 +353,7 @@ _arguments -S \
 "(-s --script)"{-s,--script}"[script mode. Generate scripts to manage iso build]" \
 "(-S --standard)"{-S,--standard}"[standard compression: xz -b 1M]" \
 --theme"[theme for livecd, calamares branding and partitions]:file:_files" \
-"(-u --unsecure)"{-u,--unsecure}"[/root contents are included on live]" \
+"(-i --includeRoot)"{-i,--includeRoot}"[folder /root is included on live]" \
 "(-v --verbose)"{-v,--verbose}"[verbose]" \
 "(-y --yolk)"{-y,--yolk}"[force yolk renew]" \
 --help"[Show help for command]" \
@@ -362,27 +364,15 @@ _arguments -S \
 "(-v --verbose)"{-v,--verbose}"[]" \
 --help"[Show help for command]" \
 "*: :_files" ;;
-syncfrom)
-_arguments -S \
---delete"[rsync --delete delete extraneous files from dest dirs]:file:_files" \
-"(-f --file)"{-f,--file}"[file containing luks-volume encrypted]:file:_files" \
-"(-h --help)"{-h,--help}"[Show CLI help.]" \
-"(-r --rootdir)"{-r,--rootdir}"[rootdir of the installed system, when used from live]:file:_files" \
-"(-v --verbose)"{-v,--verbose}"[verbose]" \
---help"[Show help for command]" \
-"*: :_files" ;;
-syncto)
+update)
 _arguments -S \
-"(-e --excludes)"{-e,--excludes}"[use: exclude.list.d/home.list]" \
-"(-f --file)"{-f,--file}"[file luks-volume encrypted]:file:_files" \
 "(-h --help)"{-h,--help}"[Show CLI help.]" \
 "(-v --verbose)"{-v,--verbose}"[verbose]" \
 --help"[Show help for command]" \
 "*: :_files" ;;
-update)
+autocomplete)
 _arguments -S \
-"(-h --help)"{-h,--help}"[Show CLI help.]" \
-"(-v --verbose)"{-v,--verbose}"[verbose]" \
+"(-r --refresh-cache)"{-r,--refresh-cache}"[Refresh cache (ignores displaying instructions)]" \
 --help"[Show help for command]" \
 "*: :_files" ;;
 help)
@@ -390,11 +380,6 @@ _arguments -S \
 "(-n --nested-commands)"{-n,--nested-commands}"[Include all nested commands in the output.]" \
 --help"[Show help for command]" \
 "*: :_files" ;;
-autocomplete)
-_arguments -S \
-"(-r --refresh-cache)"{-r,--refresh-cache}"[Refresh cache (ignores displaying instructions)]" \
---help"[Show help for command]" \
-"*: :_files" ;;
 version)
 _arguments -S \
 --json"[Format output as json.]" \

package/scripts/eggs.bash CHANGED Viewed

@@ -23,15 +23,13 @@ export:tarballs --clean --help --verbose
 install --btrfs --chroot --crypted --domain --halt --help --ip --nointeractive --none --pve --random --replace --small --suspend --testing --unattended --verbose
 krill --btrfs --chroot --crypted --domain --halt --help --ip --nointeractive --none --pve --random --replace --small --suspend --testing --unattended --verbose
 kill --help --isos --nointeractive --verbose
-love --help --verbose --nointeractive
+love --help --verbose --nointeractive --clone --homecrypt --fullcrypt
 mom --help
 pods --help
-produce --addons --basename --clone --cryptedclone --excludes --help --kernel --links --max --noicon --nointeractive --pendrive --prefix --release --script --standard --theme --unsecure --verbose --yolk
+produce --addons --basename --clone --homecrypt --fullcrypt --excludes --help --kernel --links --max --noicon --nointeractive --pendrive --prefix --release --script --standard --theme --includeRoot --verbose --yolk
 status --help --verbose
-syncfrom --delete --file --help --rootdir --verbose
-syncto --excludes --file --help --verbose
 tools:clean --help --nointeractive --verbose
-tools:ppa --add --help --nointeractive --remove --verbose
+tools:repo --add --help --nointeractive --remove --verbose
 tools:skel --help --user --verbose
 tools:stat --help --month --year
 tools:yolk --help --verbose
@@ -40,8 +38,8 @@ wardrobe:get --help --verbose
 wardrobe:list --distro --help --verbose
 wardrobe:show --help --json --verbose --wardrobe
 wardrobe:wear --help --no_accessories --no_firmwares --verbose --wardrobe
-help --nested-commands
 autocomplete --refresh-cache
+help --nested-commands
 version --json --verbose
 "

package/scripts/luks-root-bootstrap-create.sh ADDED Viewed

@@ -0,0 +1,235 @@
+#!/bin/bash
+# luks-root-bootstrap-create.sh
+# Crea un filesystem.squashfs Debian completo per bootstrap
+set -e
+OUTPUT_SQUASHFS="$1"
+UNLOCK_SCRIPT="$2"
+# Usa /root per avere sicuramente spazio
+WORK_DIR="/root/bootstrap-filesystem-$$"
+if [ -z "$OUTPUT_SQUASHFS" ] || [ -z "$UNLOCK_SCRIPT" ]; then
+    echo "Usage: $0 <output.squashfs> <unlock-script.sh>"
+    exit 1
+fi
+if [ ! -f "$UNLOCK_SCRIPT" ]; then
+    echo "Error: Unlock script not found: $UNLOCK_SCRIPT"
+    exit 1
+fi
+BUILD_SUCCESS=0
+echo "=========================================="
+echo "  Creating Bootstrap Filesystem"
+echo "=========================================="
+echo ""
+echo "Output: $OUTPUT_SQUASHFS"
+echo "Work dir: $WORK_DIR"
+echo ""
+# Cleanup function
+cleanup() {
+    if [ -d "$WORK_DIR" ]; then
+        echo "Cleaning up work directory..."
+        umount "$WORK_DIR/proc" 2>/dev/null || true
+        umount "$WORK_DIR/sys" 2>/dev/null || true
+        umount "$WORK_DIR/dev/pts" 2>/dev/null || true
+        umount "$WORK_DIR/dev" 2>/dev/null || true
+        if [ $BUILD_SUCCESS -eq 1 ]; then
+            rm -rf "$WORK_DIR"
+            echo "Work directory cleaned"
+        else
+            echo "Work directory preserved for debugging: $WORK_DIR"
+        fi
+    fi
+}
+trap cleanup EXIT
+# Crea directory di lavoro
+mkdir -p "$WORK_DIR"
+# 1. Debootstrap - CON kmod e bash-completion
+echo "Step 1/6: Running debootstrap (this takes 5-10 minutes)..."
+debootstrap \
+    --variant=minbase \
+    --include=systemd,systemd-sysv,cryptsetup,kmod,bash-completion,nano,less,vim-tiny \
+    trixie \
+    "$WORK_DIR" \
+    http://deb.debian.org/debian
+echo "✓ Debootstrap completed"
+# 1.5. Copia moduli kernel
+echo ""
+echo "Step 1.5/6: Copying kernel modules..."
+KERNEL_VERSION=$(uname -r)
+if [ -d "/lib/modules/$KERNEL_VERSION" ]; then
+    echo "Copying kernel modules for $KERNEL_VERSION..."
+    # Assicurati che la directory esista
+    mkdir -p "$WORK_DIR/lib/modules"
+    # Copia TUTTO il kernel
+    cp -a "/lib/modules/$KERNEL_VERSION" "$WORK_DIR/lib/modules/"
+    # Verifica che sia stato copiato
+    if [ -d "$WORK_DIR/lib/modules/$KERNEL_VERSION" ]; then
+        echo "✓ Kernel modules copied for $KERNEL_VERSION"
+        echo "  Module directory size: $(du -sh "$WORK_DIR/lib/modules/$KERNEL_VERSION" | cut -f1)"
+    else
+        echo "ERROR: Failed to copy kernel modules!"
+        exit 1
+    fi
+else
+    echo "ERROR: Kernel modules not found at /lib/modules/$KERNEL_VERSION"
+    exit 1
+fi
+# 2. Configura sistema base
+echo ""
+echo "Step 2/6: Configuring base system..."
+echo "bootstrap" > "$WORK_DIR/etc/hostname"
+cat > "$WORK_DIR/etc/hosts" <<EOF
+127.0.0.1   localhost
+127.0.1.1   bootstrap
+::1         localhost ip6-localhost ip6-loopback
+ff02::1     ip6-allnodes
+ff02::2     ip6-allrouters
+EOF
+cat > "$WORK_DIR/etc/fstab" <<EOF
+# Bootstrap filesystem - no persistent mounts
+EOF
+echo "root:evolution" | chroot "$WORK_DIR" chpasswd
+# Abilita bash-completion per root
+cat >> "$WORK_DIR/root/.bashrc" <<'EOF'
+# Enable bash completion
+if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+fi
+# Useful aliases
+alias ll='ls -lah'
+alias l='ls -lh'
+EOF
+cat > "$WORK_DIR/etc/motd" <<EOF
+╔════════════════════════════════════════╗
+║   Bootstrap System - Debug Shell       ║
+╚════════════════════════════════════════╝
+This is the bootstrap environment for unlocking
+the encrypted root filesystem.
+Root credentials:
+  Username: root
+  Password: evolution
+Manual unlock command:
+  unlock-encrypted-root
+EOF
+echo "✓ Base system configured (root password: evolution)"
+# 3. Copia script di unlock
+echo ""
+echo "Step 3/6: Installing unlock script..."
+mkdir -p "$WORK_DIR/usr/local/bin"
+cp "$UNLOCK_SCRIPT" "$WORK_DIR/usr/local/bin/unlock-encrypted-root"
+chmod 755 "$WORK_DIR/usr/local/bin/unlock-encrypted-root"
+echo "✓ Unlock script installed at /usr/local/bin/unlock-encrypted-root"
+# 4. Fix console getty per stabilità
+echo ""
+echo "Step 4/6: Configuring stable console..."
+mkdir -p "$WORK_DIR/etc/systemd/system/getty@tty1.service.d"
+cat > "$WORK_DIR/etc/systemd/system/getty@tty1.service.d/noclear.conf" <<EOF
+[Service]
+# Mantieni la console pulita e stabile
+TTYVTDisallocate=no
+EOF
+echo "✓ Console configuration applied"
+# 5. Cleanup per ridurre dimensioni (ma NON i moduli kernel!)
+echo ""
+echo "Step 5/6: Cleaning up to reduce size..."
+rm -rf "$WORK_DIR/var/cache/apt/archives/"*
+rm -rf "$WORK_DIR/var/lib/apt/lists/"*
+rm -rf "$WORK_DIR/tmp/"*
+rm -rf "$WORK_DIR/var/tmp/"*
+rm -rf "$WORK_DIR/usr/share/doc/"*
+rm -rf "$WORK_DIR/usr/share/man/"*
+rm -rf "$WORK_DIR/usr/share/info/"*
+# NON cancellare tutte le locale, lascia en_US per bash-completion
+rm -rf "$WORK_DIR/usr/share/locale/"[!e]*
+rm -rf "$WORK_DIR/usr/share/locale/en_"[!U]*
+echo "✓ Cleanup completed"
+# 6. Crea squashfs
+echo ""
+echo "Step 6/6: Creating squashfs (this takes 2-3 minutes)..."
+if [ ! -d "$WORK_DIR" ]; then
+    echo "ERROR: Work directory disappeared!"
+    exit 1
+fi
+if [ -f "$OUTPUT_SQUASHFS" ]; then
+    rm -f "$OUTPUT_SQUASHFS"
+fi
+mksquashfs "$WORK_DIR" "$OUTPUT_SQUASHFS" \
+    -comp zstd \
+    -b 1M \
+    -noappend
+if [ ! -f "$OUTPUT_SQUASHFS" ]; then
+    echo "ERROR: Failed to create squashfs file"
+    exit 1
+fi
+SIZE_MB=$(du -m "$OUTPUT_SQUASHFS" | cut -f1)
+echo ""
+echo "=========================================="
+echo "✓ Bootstrap filesystem created!"
+echo "=========================================="
+echo ""
+echo "  File: $OUTPUT_SQUASHFS"
+echo "  Size: ${SIZE_MB} MB"
+echo ""
+echo "Features:"
+echo "  - Minimal Debian system with systemd"
+echo "  - Kernel modules included (dm_mod, dm_crypt)"
+echo "  - kmod (modprobe, lsmod, etc.)"
+echo "  - bash-completion enabled"
+echo "  - Stable console"
+echo "  - Manual unlock at /usr/local/bin/unlock-encrypted-root"
+echo ""
+echo "Usage:"
+echo "  1. Boot the system"
+echo "  2. Login as root (password: evolution)"
+echo "  3. Run: unlock-encrypted-root"
+echo ""
+BUILD_SUCCESS=1

package/scripts/luks-root-unlock.sh ADDED Viewed

@@ -0,0 +1,172 @@
+#!/bin/bash
+# luks-root-unlock.sh
+# Versione Chroot: Monta l'ISO (ro), l'ext4 (ro), lo squashfs (ro)
+# e crea un overlay scrivibile in RAM.
+set -e
+echo ""
+echo "=========================================="
+echo "  Encrypted Root Unlock (CHROOT MODE)"
+echo "=========================================="
+echo ""
+# Crea mountpoint
+mkdir -p /mnt/live-media
+mkdir -p /mnt/root-img
+mkdir -p /mnt/real-root
+mkdir -p /newroot
+# Trova live media
+echo "Searching for live media..."
+FOUND=0
+for dev in /dev/sr* /dev/sd* /dev/vd* /dev/nvme*n*;
+do
+    [ -b "$dev" ] || continue
+    echo "  Trying $dev..."
+    if mount -o ro "$dev" /mnt/live-media 2>/dev/null;
+    then
+        if [ -f /mnt/live-media/live/root.img ];
+        then
+            echo "  ✓ Found live media on $dev"
+            FOUND=1
+            break
+        fi
+        umount /mnt/live-media 2>/dev/null
+    fi
+done
+if [ $FOUND -eq 0 ]; then
+    echo ""
+    echo "✗ ERROR: Could not find live media"
+    lsblk
+    echo "Dropping to emergency shell..."
+    exec /bin/bash
+fi
+# Usa il root.img originale dall'ISO (read-only)
+ROOT_IMG="/mnt/live-media/live/root.img"
+# Verifica LUKS
+if ! cryptsetup isLuks "$ROOT_IMG"; then
+    echo "✗ ERROR: root.img is not a LUKS volume"
+    file "$ROOT_IMG"
+    exec /bin/bash
+fi
+# Unlock
+echo ""
+echo "Found encrypted root.img"
+MAX_ATTEMPTS=3
+for attempt in $(seq 1 $MAX_ATTEMPTS);
+do
+    echo "Enter passphrase to unlock (attempt $attempt of $MAX_ATTEMPTS):"
+    if cryptsetup open "$ROOT_IMG" live-root;
+    then
+        echo ""
+        echo "✓ Unlocked successfully!"
+        break
+    fi
+    if [ $attempt -eq $MAX_ATTEMPTS ];
+    then
+        echo ""
+        echo "✗ Failed after $MAX_ATTEMPTS attempts"
+        echo "Dropping to shell..."
+        exec /bin/bash
+    fi
+    echo "✗ Wrong passphrase, try again..."
+    echo ""
+done
+# Mount decrypted volume (RO)
+# Il messaggio "skipping orphan cleanup" apparirà, ma è innocuo.
+echo ""
+echo "Mounting decrypted volume (ro)..."
+if ! mount -t ext4 -o ro /dev/mapper/live-root /mnt/root-img; then
+    echo "✗ ERROR: Failed to mount decrypted volume (ro)"
+    cryptsetup close live-root
+    exec /bin/bash
+fi
+# Mount real filesystem
+echo "Mounting real filesystem (ro)..."
+if ! mount -t squashfs -o ro,loop /mnt/root-img/filesystem.squashfs /mnt/real-root; then
+    echo "✗ ERROR: Failed to mount real filesystem"
+    umount /mnt/root-img
+    cryptsetup close live-root
+    exec /bin/bash
+fi
+# Create overlay in RAM
+echo "Creating writable overlay..."
+mkdir -p /run/overlay-upper
+mkdir -p /run/overlay-work
+if ! mount -t overlay overlay \
+    -o lowerdir=/mnt/real-root,upperdir=/run/overlay-upper,workdir=/run/overlay-work \
+    /newroot;
+then
+    echo "✗ ERROR: Failed to mount overlay"
+    umount /mnt/real-root
+    umount /mnt/root-img
+    cryptsetup close live-root
+    exec /bin/bash
+fi
+echo "✓ Overlay mounted successfully on /newroot"
+# =================================================================
+#  BLOCCO CHROOT
+# =================================================================
+echo ""
+echo "Preparing for chroot..."
+# Crea i punti di montaggio per i filesystem speciali
+mkdir -p /newroot/dev
+mkdir -p /newroot/proc
+mkdir -p /newroot/sys
+mkdir -p /newroot/run
+# Bind-mount dei filesystem speciali (FONDAMENTALE)
+echo "Binding kernel filesystems..."
+mount --bind /dev /newroot/dev
+mount --bind /dev/pts /newroot/dev/pts
+mount --bind /proc /newroot/proc
+mount --bind /sys /newroot/sys
+mount --bind /run /newroot/run
+echo "✓ Bind mounts completed."
+echo ""
+echo "=========================================================="
+echo "  ENTERING CHROOT"
+echo "  Sei ora DENTRO il sistema sbloccato."
+echo "  Esegui 'exit' per uscire e tornare alla shell live."
+echo "----------------------------------------------------------"
+echo "  Per avviare i servizi (XFCE), prova a eseguire:"
+echo "  # systemctl start lightdm.service"
+echo "  (o gdm.service, sddm.service, etc.)"
+echo "=========================================================="
+echo ""
+sleep 2
+# Entra nel chroot con una shell di root completa
+chroot /newroot /bin/su - root
+# --- ESECUZIONE SOSPESA FINO A 'exit' ---
+# DOPO L'USCITA DALLO CHROOT
+echo ""
+echo "=========================================================="
+echo "  EXITED CHROOT"
+echo "  Pulizia dei mount..."
+echo "=========================================================="
+# Esegui la pulizia finale
+umount -R /newroot/dev     2>/dev/null || true
+umount -R /newroot/proc    2>/dev/null || true
+umount -R /newroot/sys     2>/dev/null || true
+umount -R /newroot/run     2>/dev/null || true
+umount /newroot            2>/dev/null || true
+umount /mnt/real-root      2>/dev/null || true
+umount /mnt/root-img       2>/dev/null || true
+cryptsetup close live-root 2>/dev/null || true
+echo "✓ Cleanup completo. Ritorno alla shell live."