penguins-eggs 25.11.29 → 25.12.15

package/dist/classes/ovary.d/luks-home.js

@@ -27,7 +27,7 @@ export async function luksHome(clone = false, homecrypt = false) {
     try {
         /**
          * this.luksMappedName = 'home.img';
-         * this.luksFile = `/tmp/${luksMappedName}`
+         * this.luksFile = `/var/tmp/${luksMappedName}`
          * this.luksDevice = `/dev/mapper/${luksMappedName}`
          * this.luksMountpoint = `/tmp/mnt/${luksMappedName}`
          * this.luksPassword = '0'
@@ -42,15 +42,21 @@ export async function luksHome(clone = false, homecrypt = false) {
         // Utils.warning('1. Calculation of space requirements...')
         let sizeString = (await exec('du -sb --exclude=/home/eggs /home', { capture: true })).data.trim().split(/\s+/)[0];
         let size = Number.parseInt(sizeString, 10);
-        const luksSize = Math.ceil(size * 2);
-        /**
-         * E' più precisa ma equivalente grazie
-         * al truncate
-         */
-        // const fsOverhead = Math.max(size * 0.1, 100 * 1024 * 1024)
-        // const luksSize = size * 1.25 + fsOverhead // +25% 
-        warning(`homes size: ${bytesToGB(size)}`);
-        warning(`partition LUKS ${this.luksFile} size: ${bytesToGB(luksSize)}`);
+        const fsOverhead = Math.ceil(size * 0.05);
+        const luksHeader = 32 * 1024 * 1024;
+        const safetyBuffer = 100 * 1024 * 1024;
+        let calculatedSize = size + fsOverhead + luksHeader + safetyBuffer;
+        const minSize = 64 * 1024 * 1024;
+        if (calculatedSize < minSize)
+            calculatedSize = minSize;
+        const alignment = 4 * 1024 * 1024;
+        const luksSize = Math.ceil(calculatedSize / alignment) * alignment;
+        warning(`------------------------------------------`);
+        warning(`HOME CRYPT CALCULATION (Read-Only):`);
+        warning(`  Data Payload:   ${bytesToGB(size)}`);
+        warning(`  Overhead+Buf:   ${bytesToGB(luksSize - size)}`);
+        warning(`  TOTAL SIZE:     ${bytesToGB(luksSize)}`);
+        warning(`------------------------------------------`);
         warning(`creating partition LUKS: ${this.luksFile}`);
         await this.luksExecuteCommand('truncate', ['--size', `${luksSize}`, this.luksFile]);
         warning(`formatting ${this.luksFile} as a LUKS volume...`);
@@ -59,7 +65,7 @@ export async function luksHome(clone = false, homecrypt = false) {
         await this.luksExecuteCommand('cryptsetup', luksFormatArgs, `${this.luksPassword}\n`);
         warning(`opening the LUKS volume. It will be mapped to ${this.luksDevice}`);
         await this.luksExecuteCommand('cryptsetup', ['luksOpen', this.luksFile, this.luksMappedName], `${this.luksPassword}\n`);
-        warning(`formatting c ext4 `);
+        warning(`formatting ext4 `);
         await exec(`mkfs.ext4 -L live-home ${this.luksDevice}`, this.echo);
         warning(`mounting ${this.luksDevice} on ${this.luksMountpoint}`);
         if (fs.existsSync(this.luksMountpoint)) {
@@ -74,17 +80,21 @@ export async function luksHome(clone = false, homecrypt = false) {
         await exec(`mount /dev/mapper/${this.luksMappedName} ${this.luksMountpoint}`, this.echo);
         warning(`copying /home on  ${this.luksMountpoint}`);
         await exec(`rsync -ah --exclude='eggs' /home/ ${this.luksMountpoint}`, this.echo);
+        /**
+         * utenti e gruppi in .system-backup
+         */
         warning(`saving user accounts info...`);
-        // Crea directory per backup system files
         await exec(`mkdir -p ${this.luksMountpoint}/.system-backup`, this.echo);
-        // Filtra solo utenti con UID >= 1000
+        // passwd/shadow: solo utenti con UID >= 1000
         await exec(`awk -F: '$3 >= 1000 {print}' /etc/passwd > ${this.luksMountpoint}/.system-backup/passwd`, this.echo);
         await exec(`awk -F: '$3 >= 1000 {print}' /etc/shadow > ${this.luksMountpoint}/.system-backup/shadow`, this.echo);
-        // Per i gruppi: salva TUTTI (non filtrare per GID)
+        // group/gshadow TUTTI
         // Gli utenti possono appartenere a gruppi di sistema (sudo, audio, video, etc.)
         await exec(`cp /etc/group ${this.luksMountpoint}/.system-backup/group`, this.echo);
         await exec(`cp /etc/gshadow ${this.luksMountpoint}/.system-backup/gshadow`, this.echo);
-        // saving display manager (autologin) configs...
+        /**
+         * saving display manager (autologin) configs...
+         */
         warning(`saving display manager configuration...`);
         // GDM (gdm3 è comune su Debian/Ubuntu)
         await exec(`[ -e /etc/gdm3 ] && cp -a /etc/gdm3 ${this.luksMountpoint}/.system-backup/`, this.echo);
@@ -95,10 +105,10 @@ export async function luksHome(clone = false, homecrypt = false) {
         // SDDM (sia file .conf che directory .conf.d)
         await exec(`[ -e /etc/sddm.conf ] && cp -a /etc/sddm.conf ${this.luksMountpoint}/.system-backup/`, this.echo);
         await exec(`[ -e /etc/sddm.conf.d ] && cp -a /etc/sddm.conf.d ${this.luksMountpoint}/.system-backup/`, this.echo);
-        warning(`unmount ${this.luksDevice}`);
-        await exec(`umount ${this.luksMountpoint}`, this.echo);
-        warning(`closing LUKS volume ${this.luksMappedName}.`);
-        await this.luksExecuteCommand('cryptsetup', ['close', this.luksMappedName]);
+        warning(`Syncing filesystem on ${this.luksMountpoint}...`);
+        await exec('sync', this.echo); // Forza scrittura dati su disco
+        // Shrink()
+        await this.luksShrink();
         warning(`moving ${this.luksMappedName}  to (ISO)/live/.`);
         await exec(`mv ${this.luksFile} ${this.settings.iso_work}/live`, this.echo);
         warning('encryption process successfully completed!');
@@ -117,6 +127,10 @@ export async function luksHome(clone = false, homecrypt = false) {
         if (fs.existsSync(this.luksDevice)) {
             await this.luksExecuteCommand('cryptsetup', ['close', this.luksMappedName]).catch(() => { });
         }
+        if (fs.existsSync(this.luksFile)) {
+            Utils.warning(`Removing temporary container: ${this.luksFile}`);
+            fs.unlinkSync(this.luksFile);
+        }
         await Utils.pressKeyToExit();
         process.exit(1);
     }

package/dist/classes/ovary.d/luks-root.d.ts

@@ -8,8 +8,7 @@
 import Ovary from '../ovary.js';
 /**
  * luksRoot()
- *
- * create a container LUKS with the entire
+ * * create a container LUKS with the entire
  * filesystem.squashfs
  */
 export declare function luksRoot(this: Ovary): Promise<void>;

package/dist/classes/ovary.d/luks-root.js

@@ -12,8 +12,7 @@ import { exec } from '../../lib/utils.js';
 const noop = () => { };
 /**
  * luksRoot()
- *
- * create a container LUKS with the entire
+ * * create a container LUKS with the entire
  * filesystem.squashfs
  */
 export async function luksRoot() {
@@ -29,7 +28,7 @@ export async function luksRoot() {
     try {
         /**
          * this.luksMappedName = 'root.img';
-         * this.luksFile = `/tmp/${luksMappedName}`
+         * this.luksFile = `/var/tmp/${luksMappedName}`
          * this.luksDevice = `/dev/mapper/${luksMappedName}`
          * this.luksMountpoint = `/tmp/mnt/${luksMappedName}`
          * this.luksPassword = '0'
@@ -45,11 +44,29 @@ export async function luksRoot() {
             throw new Error(`filesystem.squashfs not found at: ${live_fs}`);
         }
         const stats = fs.statSync(live_fs);
-        let size = stats.size; // Dimensione REALE del file in Byte
-        // Add overhead * 1.25 per più sicurezza con file grandi
-        const luksSize = Math.ceil(size * 1.25);
-        warning(`filesystem.squashfs size: ${bytesToGB(size)}`);
-        warning(`partition LUKS ${this.luksFile} size: ${bytesToGB(luksSize)}`);
+        const size = stats.size; // Dimensione REALE del file in Byte
+        // -------------------------------------------------------------
+        // CALCOLO DIMENSIONE OTTIMIZZATA (No shrink, safe allocation)
+        // -------------------------------------------------------------
+        // 1. Overhead Ext4: Inode, bitmap, superblocchi. ~3-4% è standard senza journal.
+        const fsOverhead = Math.ceil(size * 0.04);
+        // 2. Header LUKS: Solitamente 16MB per LUKS2, usiamo 32MB per sicurezza.
+        const luksHeader = 32 * 1024 * 1024;
+        // 3. Margine di sicurezza (Buffer): 120MB fissi.
+        // Questo spazio evita errori di "Disk full" durante la copia dei metadati.
+        // Viene compensato dall'uso di "-m 0" nella formattazione.
+        const safetyBuffer = 120 * 1024 * 1024;
+        // 4. Somma totale
+        let calculatedSize = size + fsOverhead + luksHeader + safetyBuffer;
+        // 5. Allineamento a 4MB (Performance storage)
+        const alignment = 4 * 1024 * 1024;
+        const luksSize = Math.ceil(calculatedSize / alignment) * alignment;
+        warning(`------------------------------------------`);
+        warning(`SAFE SIZE CALCULATION (No Shrink):`);
+        warning(`  Payload (SquashFS): ${bytesToGB(size)}`);
+        warning(`  Calc. Overhead:     ${bytesToGB(luksSize - size)}`);
+        warning(`  TOTAL CONTAINER:    ${bytesToGB(luksSize)}`);
+        warning(`------------------------------------------`);
         warning(`creating partition LUKS: ${this.luksFile}`);
         await this.luksExecuteCommand('truncate', ['--size', `${luksSize}`, this.luksFile]);
         warning(`formatting ${this.luksFile} as a LUKS volume...`);
@@ -57,8 +74,13 @@ export async function luksRoot() {
         await this.luksExecuteCommand('cryptsetup', luksFormatArgs, `${this.luksPassword}\n`);
         warning(`opening the LUKS volume. It will be mapped to ${this.luksDevice}`);
         await this.luksExecuteCommand('cryptsetup', ['luksOpen', this.luksFile, this.luksMappedName], `${this.luksPassword}\n`);
-        warning(`formatting ext4 (without journal)...`);
-        await exec(`mkfs.ext4 -O ^has_journal -L live-root ${this.luksDevice}`, this.echo);
+        // -------------------------------------------------------------
+        // FORMATTAZIONE EXT4
+        // -m 0 : Imposta i blocchi riservati a 0% (recupera spazio)
+        // -O ^has_journal : Disabilita il journal (risparmia spazio e scritture)
+        // -------------------------------------------------------------
+        warning(`formatting ext4 (without journal, 0% reserved)...`);
+        await exec(`mkfs.ext4 -m 0 -O ^has_journal -L live-root ${this.luksDevice}`, this.echo);
         warning(`mounting ${this.luksDevice} on ${this.luksMountpoint}`);
         if (fs.existsSync(this.luksMountpoint)) {
             if (!Utils.isMountpoint(this.luksMountpoint)) {
@@ -74,25 +96,18 @@ export async function luksRoot() {
         await exec(`mv ${live_fs} ${this.luksMountpoint}/filesystem.squashfs`, this.echo);
         warning(`Syncing filesystem on ${this.luksMountpoint}...`);
         await exec('sync', this.echo); // Forza scrittura dati su disco
-        warning(`Attempting unmount ${this.luksMountpoint}...`);
-        try {
-            await exec(`umount ${this.luksMountpoint}`, this.echo);
-            success(`Unmounted ${this.luksMountpoint} successfully.`);
-        }
-        catch (umountError) {
-            Utils.error(`Failed to unmount ${this.luksMountpoint}! Trying force unmount...`);
-            // Tenta un unmount forzato/lazy come ultima risorsa
-            await exec(`umount -lf ${this.luksMountpoint}`).catch((forceError) => {
-                Utils.error(`Force unmount also failed: ${forceError}`);
-                // Considera se lanciare un errore qui per fermare il processo
-            });
-            // Lancia comunque l'errore originale per segnalare il problema
-            throw umountError;
-        }
-        warning(`closing LUKS volume ${this.luksFile}.`);
+        /**
+         * SHRINK DISABILITATO
+         * Non eseguiamo this.luksShrink() per evitare corruzione dati.
+         * Abbiamo calcolato la dimensione corretta all'inizio.
+         */
+        // Procedura di chiusura manuale (sostituisce quella dentro shrink)
+        warning(`Unmounting ${this.luksMountpoint}...`);
+        await exec(`umount ${this.luksMountpoint}`, this.echo);
+        warning(`Closing LUKS volume ${this.luksMappedName}...`);
         await this.luksExecuteCommand('cryptsetup', ['close', this.luksMappedName]);
         warning(`moving ${this.luksMappedName} on (ISO)/live.`);
-        await exec(`mv ${this.luksFile} ${this.settings.iso_work}/live`, this.echo);
+        await exec(`mv ${this.luksFile} ${this.settings.iso_work}/live/root.img`, this.echo);
     }
     catch (error) {
         if (error instanceof Error) {
@@ -108,6 +123,10 @@ export async function luksRoot() {
         if (fs.existsSync(this.luksDevice)) {
             await this.luksExecuteCommand('cryptsetup', ['close', this.luksMappedName]).catch(() => { });
         }
+        if (fs.existsSync(this.luksFile)) {
+            Utils.warning(`Removing temporary container: ${this.luksFile}`);
+            fs.unlinkSync(this.luksFile);
+        }
         await Utils.pressKeyToExit();
         process.exit(1);
     }

package/dist/classes/ovary.d/luks-shrink.d.ts

@@ -0,0 +1,14 @@
+/**
+ * ./src/classes/ovary.d/luks-shrink.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+import Ovary from '../ovary.js';
+/**
+ * luksShrink
+ * Riduce in sicurezza un volume LUKS (root o home) minimizzando lo spazio
+ * ma garantendo l'integrità dei dati e l'allineamento dei blocchi.
+ */
+export declare function luksShrink(this: Ovary): Promise<void>;

package/dist/classes/ovary.d/luks-shrink.js

@@ -0,0 +1,86 @@
+/**
+ * ./src/classes/ovary.d/luks-shrink.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+import Utils from '../utils.js';
+import { exec } from '../../lib/utils.js';
+const noop = () => { };
+/**
+ * luksShrink
+ * Riduce in sicurezza un volume LUKS (root o home) minimizzando lo spazio
+ * ma garantendo l'integrità dei dati e l'allineamento dei blocchi.
+ */
+export async function luksShrink() {
+    const loggers = {
+        log: this.hidden ? noop : console.log,
+        warning: this.hidden ? noop : Utils.warning,
+        success: this.hidden ? noop : Utils.success,
+        info: this.hidden ? noop : Utils.info,
+    };
+    const { log, warning, success, info } = loggers;
+    warning(`Unmounting ${this.luksMountpoint} to perform shrinking...`);
+    // Usa -l (lazy) se necessario, ma meglio umount pulito
+    await exec(`umount ${this.luksMountpoint}`, this.echo);
+    // 1. Controllo integrità (CRUCIALE per homecrypt: ripara eventuali errori prima di ridimensionare)
+    warning(`Checking filesystem integrity...`);
+    await exec(`e2fsck -f -y ${this.luksDevice}`, this.echo);
+    // 2. Riduzione del filesystem al minimo
+    warning(`Shrinking filesystem to minimum size...`);
+    // resize2fs -M è sicuro se poi lasciamo margine nel contenitore
+    await exec(`resize2fs -M ${this.luksDevice}`, this.echo);
+    // 3. Calcolo della nuova dimensione del filesystem
+    warning(`Calculating new sizes...`);
+    const tuneOutput = (await exec(`tune2fs -l ${this.luksDevice}`, { capture: true })).data;
+    const blockSizeMatch = tuneOutput.match(/Block size:\s+(\d+)/);
+    const blockCountMatch = tuneOutput.match(/Block count:\s+(\d+)/);
+    if (!blockSizeMatch || !blockCountMatch) {
+        throw new Error("Could not determine filesystem size from tune2fs");
+    }
+    const blockSize = parseInt(blockSizeMatch[1], 10);
+    const blockCount = parseInt(blockCountMatch[1], 10);
+    const fsSizeBytes = blockSize * blockCount;
+    warning(`Actual Ext4 payload size: ${bytesToGB(fsSizeBytes)}`);
+    // 4. Calcolo dell'offset LUKS (Header size)
+    const statusOutput = (await exec(`cryptsetup status ${this.luksMappedName}`, { capture: true })).data;
+    const offsetMatch = statusOutput.match(/offset:\s+(\d+)\s+sectors/);
+    let luksHeaderBytes = 0;
+    if (offsetMatch && offsetMatch[1]) {
+        luksHeaderBytes = parseInt(offsetMatch[1], 10) * 512;
+        warning(`Detected LUKS header: ${bytesToGB(luksHeaderBytes)}`);
+    }
+    else {
+        luksHeaderBytes = 32 * 1024 * 1024; // Fallback 32MB
+        warning(`Could not detect LUKS offset, using safe fallback: 32MB`);
+    }
+    // 5. Calcolo dimensione finale SICURA
+    // Usiamo 200MB di margine. Su una ISO da 4GB è il 5%, un prezzo onesto per la stabilità.
+    // Questo spazio extra protegge sia lo squashfs (root) che i metadati sparsi (home).
+    const safetyMargin = 200 * 1024 * 1024;
+    let rawFinalSize = fsSizeBytes + luksHeaderBytes + safetyMargin;
+    // ALLINEAMENTO A 1MB: Fondamentale per evitare errori di I/O su device fisici o loop
+    const alignBlock = 1024 * 1024;
+    const finalFileSize = Math.ceil(rawFinalSize / alignBlock) * alignBlock;
+    warning(`------------------------------------------------`);
+    warning(`SAFE SHRINK CALCULATION:`);
+    warning(`  FS Payload:   ${bytesToGB(fsSizeBytes)}`);
+    warning(`  LUKS Header:  ${bytesToGB(luksHeaderBytes)}`);
+    warning(`  SafetyMargin: ${bytesToGB(safetyMargin)}`);
+    warning(`  Alignment:    1 MB`);
+    warning(`  FINAL SIZE:   ${bytesToGB(finalFileSize)}`);
+    warning(`------------------------------------------------`);
+    // 6. Chiusura volume
+    warning(`Closing LUKS volume ${this.luksMappedName}...`);
+    await this.luksExecuteCommand('cryptsetup', ['close', this.luksMappedName]);
+    // 7. Truncate finale
+    warning(`Truncating ${this.luksFile} to release unused space...`);
+    await exec(`truncate -s ${finalFileSize} ${this.luksFile}`, this.echo);
+}
+function bytesToGB(bytes) {
+    if (bytes === 0)
+        return '0.00 GB';
+    const gigabytes = bytes / (1024 * 1024 * 1024);
+    return gigabytes.toFixed(2) + ' GB';
+}

package/dist/classes/ovary.d/make-dot-disk.js

@@ -7,7 +7,7 @@
  */
 // packages
 import fs from 'node:fs';
-import shx from 'shelljs';
+import { shx } from '../../lib/utils.js';
 import path from 'path';
 // interfaces
 // libraries

package/dist/classes/ovary.d/produce.js

@@ -9,7 +9,7 @@ import chalk from 'chalk';
 import mustache from 'mustache';
 // packages
 import fs from 'node:fs';
-import shx from 'shelljs';
+import { shx } from '../../lib/utils.js';
 import path from 'path';
 // libraries
 import { exec } from '../../lib/utils.js';
@@ -58,7 +58,7 @@ export async function produce(kernel = '', clone = false, homecrypt = false, ful
         else if (this.fullcrypt) {
             this.luksMappedName = 'root.img';
         }
-        this.luksFile = `/tmp/${this.luksMappedName}`;
+        this.luksFile = `/var/tmp/${this.luksMappedName}`;
         this.luksMappedName = this.luksMappedName;
         this.luksMountpoint = `/tmp/mnt/${this.luksMappedName}`;
         this.luksDevice = `/dev/mapper/${this.luksMappedName}`;
@@ -131,8 +131,6 @@ export async function produce(kernel = '', clone = false, homecrypt = false, ful
          * homecrypt/fullcrypt/clone/standard
          */
         if (this.homecrypt) {
-            this.settings.config.user_opt = 'live'; // patch for humans
-            this.settings.config.user_opt_passwd = 'evolution';
             Utils.warning("eggs will SAVE users and users' data ENCRYPTED on the live (ISO)/live/home.img");
         }
         else if (this.fullcrypt) {
@@ -195,10 +193,10 @@ export async function produce(kernel = '', clone = false, homecrypt = false, ful
             /**
              * installer
              */
-            this.incubator = new Incubator(this.settings.remix, this.settings.distro, this.settings.config.user_opt, this.theme, this.clone || this.fullcrypt, verbose);
+            this.incubator = new Incubator(this.settings.remix, this.settings.distro, this.settings.config.user_opt, this.theme, this.clone || this.fullcrypt || this.homecrypt, verbose);
             await this.incubator.config(release);
-            // Qua inseriamo uno sleep di un minuto
-            await Utils.sleep(5000); // 5 secondo
+            // 5 secondi di sleep
+            await Utils.sleep(5000);
             await this.bindLiveFs();
             await this.bindVfs();
             /**
@@ -228,36 +226,80 @@ export async function produce(kernel = '', clone = false, homecrypt = false, ful
                     await this.initrdDracut();
                 }
             }
-            // We dont' need more
+            // We don't need more
             await this.ubindVfs();
-            const cleanSystem = !(this.clone || this.fullcrypt);
-            if (cleanSystem) {
-                /**
-                 * SOLO per homecrypt e standard
-                 */
+            // mistero della Fede
+            await this.editLiveFs();
+            /**
+             * Autologin solse per non clone
+             */
+            if (!(this.clone || this.homecrypt || this.fullcrypt)) {
                 await this.usersRemove();
                 await this.userCreateLive();
                 if (Pacman.isInstalledGui()) {
+                    // add GUI autologin
                     await this.createXdgAutostart(this.settings.config.theme, myAddons, myLinks, noicons);
-                    /**
-                     * GUI installed but NOT Desktop Manager: just create motd and issue
-                     */
-                    // if (displaymanager().length > 0) {
-                    //     this.cliAutologin.addIssue(this.settings.distro.distroId, this.settings.distro.codenameId, this.settings.config.user_opt, this.settings.config.user_opt_passwd, this.settings.config.root_passwd, this.settings.work_dir.merged)
-                    //     this.cliAutologin.addMotd(this.settings.distro.distroId, this.settings.distro.codenameId, this.settings.config.user_opt, this.settings.config.user_opt_passwd, this.settings.config.root_passwd, this.settings.work_dir.merged)
-                    // }
                 }
                 else {
+                    // add cli-autologin
                     this.cliAutologin.add(this.settings.distro.distroId, this.settings.distro.codenameId, this.settings.config.user_opt, this.settings.config.user_opt_passwd, this.settings.config.root_passwd, this.settings.work_dir.merged);
                 }
             }
-            await this.editLiveFs(clone);
+            /**
+             * configurazione homecrytp
+             */
             if (this.homecrypt) {
+                // Occorre forzare il login CLI
+                if (Utils.isSystemd()) {
+                    const systemdDir = `${this.settings.work_dir.merged}/etc/systemd/system`;
+                    // remove eventuali autologin
+                    if (fs.existsSync(`${systemdDir}/getty@tty1.service.d`)) {
+                        await exec(`rm -rf ${systemdDir}/getty@tty1.service.d/*`);
+                    }
+                    else {
+                        await exec(`mkdir -p ${systemdDir}/getty@tty1.service.d`);
+                    }
+                    let content = ``;
+                    content += `[Service]\n`;
+                    content += `ExecStart=\n`;
+                    content += `ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I \$TERM\n`;
+                    fs.writeFileSync(`${systemdDir}/getty@tty1.service.d/no-autologin.conf`, content);
+                }
+                else if (Utils.isSysvinit()) {
+                    const inittabPath = `${this.settings.work_dir.merged}/etc/inittab`;
+                    if (fs.existsSync(inittabPath)) {
+                        // Non funziona per Devuan
+                        let content = fs.readFileSync(inittabPath, 'utf-8');
+                        // La riga standard per Devuan/Debian SysVinit.
+                        // 1: ID
+                        // 2345: Runlevels in cui attivarlo (Nota che il tuo boot è in runlevel 2)
+                        // respawn: Riavvia getty se muore
+                        // /sbin/getty 38400 tty1: Il comando
+                        const tty1Line = '1:2345:respawn:/sbin/agetty --noclear tty1 linux';
+                        // Rimuoviamo vecchie definizioni di tty1 (anche se commentate o diverse)
+                        // Cerca righe che iniziano con "1:"
+                        const regex = /^1:.*$/gm;
+                        if (regex.test(content)) {
+                            // Sostituisce la riga esistente
+                            content = content.replace(regex, tty1Line);
+                            console.log('Fixed tty1 in inittab (replaced)');
+                        }
+                        else {
+                            // Se non c'è, la aggiunge in fondo (dopo i commenti iniziali)
+                            content += `\n${tty1Line}\n`;
+                            console.log('Fixed tty1 in inittab (appended)');
+                        }
+                        // FIX CRITICO PER --cryptedhome / LIVE:
+                        // A volte le live commentano tutte le tty per usare i propri hook.
+                        // Assicurati che non ci siano altre righe strane che confliggono.
+                        fs.writeFileSync(inittabPath, content);
+                    }
+                }
                 /**
                  * homecrypt: installa il supporto
                  */
                 const squashfsRoot = this.settings.work_dir.merged;
-                const homeImgPath = this.distroLliveMediumPath + 'live/home.img';
+                const homeImgPath = this.distroLiveMediumPath + 'live/home.img';
                 this.installHomecryptSupport(squashfsRoot, homeImgPath);
             }
             mksquashfsCmd = await this.makeSquashfs(scriptOnly, includeRootHome);

package/dist/classes/ovary.d/user-create-live.d.ts

@@ -1,14 +1,8 @@
 /**
- * ./src/classes/ovary.d/create-user-live.ts
+ * src/classes/ovary.d/user-create-live.ts
  * penguins-eggs v.25.7.x / ecmascript 2020
- * author: Piero Proietti
- * email: piero.proietti@gmail.com
- * license: MIT
+ * * REFACTORED: Uses "The SysUser Master" class.
+ * Creates the live user directly in the merged filesystem safely.
  */
 import Ovary from '../ovary.js';
-/**
-   * list degli utenti: grep -E 1[0-9]{3}  /etc/passwd | sed s/:/\ / | awk '{print $1}'
-   * create la home per user_opt
-   * @param verbose
-   */
-export declare function userCreateLive(this: Ovary): Promise<void>;
+export default function userCreateLive(this: Ovary): Promise<void>;