penguins-eggs 25.11.29 → 25.12.7

package/dist/classes/ovary.d/users-remove.js

@@ -1,38 +1,68 @@
 /**
- * ./src/classes/ovary.d/users-remove.ts
+ * src/classes/ovary.d/users-remove.ts
  * penguins-eggs v.25.7.x / ecmascript 2020
- * author: Piero Proietti
- * email: piero.proietti@gmail.com
- * license: MIT
+ * * REFACTORED: Uses "The SysUser Master" class.
+ * Cleans up host users from the ISO filesystem safely.
  */
-// packages
-import path from 'node:path';
-// backup
-// interfaces
-// libraries
+import fs from 'fs';
+import path from 'path';
 import { exec } from '../../lib/utils.js';
-import rexec from './rexec.js';
-import Diversions from './../diversions.js';
-// _dirname
-const __dirname = path.dirname(new URL(import.meta.url).pathname);
-//async cleanUsersAccounts() {
-export async function usersRemove() {
-    if (this.verbose) {
-        console.log('Ovary: cleanUsersAccounts');
+import SysUsers from '../sys-users.js';
+export default async function usersRemove() {
+    // Il target corretto in Ovary è la directory "merged" dell'overlayfs
+    let target = this.settings.work_dir.merged;
+    // Assicuriamoci che il target esista per sicurezza
+    if (!target || !fs.existsSync(target)) {
+        console.error(`SysUsers Error: Merged target directory not found at: ${target}`);
+        return;
     }
-    /**
-     * delete all user in chroot
-     */
-    const cmds = [];
-    const cmd = `chroot ${this.settings.work_dir.merged} getent passwd {1000..60000} |awk -F: '{print $1}'`;
-    const result = await exec(cmd, {
-        capture: true,
-        echo: this.verbose,
-        ignore: false
-    });
-    const users = result.data.split('\n');
-    let deluser = Diversions.deluser(this.familyId);
-    for (let i = 0; i < users.length - 1; i++) {
-        cmds.push(await rexec(`chroot ${this.settings.work_dir.merged} ${deluser} ${users[i]}`, this.verbose));
+    // Nota: verifica se in Ovary hai 'this.familyId' diretto o 'this.distro.familyId'.
+    // Solitamente è this.distro.familyId, ma se hai un getter va bene così.
+    const familyId = this.distro?.familyId || this.familyId;
+    console.log(`Cleaning host users from ISO snapshot at ${target} (Family: ${familyId})...`);
+    // 2. CARICAMENTO CONFIGURAZIONE
+    const sysUsers = new SysUsers(target, familyId);
+    sysUsers.load();
+    // 3. IDENTIFICAZIONE UTENTI DA RIMUOVERE
+    // Dobbiamo leggere il file passwd raw per decidere chi rimuovere
+    // (rimuoviamo UID >= 1000 tranne 'nobody' e 'root')
+    const usersToDelete = [];
+    const passwdPath = path.join(target, 'etc/passwd');
+    if (fs.existsSync(passwdPath)) {
+        const lines = fs.readFileSync(passwdPath, 'utf8').split('\n');
+        for (const line of lines) {
+            const parts = line.split(':');
+            if (parts.length > 2) {
+                const uid = parseInt(parts[2]);
+                const username = parts[0];
+                // Logica di rimozione standard di eggs
+                if (uid >= 1000 && username !== 'nobody') {
+                    usersToDelete.push(username);
+                }
+            }
+        }
+    }
+    // 4. ESECUZIONE RIMOZIONE (IN MEMORIA)
+    for (const username of usersToDelete) {
+        console.log(`- Removing user: ${username}`);
+        sysUsers.removeUser(username);
+        // Pulizia File Fisici (Home, Mail) - Operazioni FS dirette
+        const homeDir = path.join(target, 'home', username);
+        if (fs.existsSync(homeDir)) {
+            await exec(`rm -rf ${homeDir}`, this.echo);
+        }
+        const mailFile = path.join(target, 'var/mail', username);
+        if (fs.existsSync(mailFile)) {
+            fs.unlinkSync(mailFile);
+        }
+    }
+    // 5. SALVATAGGIO ATOMICO SU DISCO
+    if (usersToDelete.length > 0) {
+        // Scrive passwd, shadow, group, gshadow, subuid... e ripara SELinux
+        await sysUsers.save();
+        console.log("User cleanup completed via SysUsers Master.");
+    }
+    else {
+        console.log("No users needed to be removed.");
     }
 }

package/dist/classes/ovary.d.ts

@@ -21,9 +21,9 @@ import { createXdgAutostart } from './ovary.d/create-xdg-autostart.js';
 import { copied, merged, mergedAndOverlay } from './ovary.d/merged.js';
 import { makeIso } from './ovary.d/make-iso.js';
 import { initrdAlpine, initrdArch, initrdDebian, initrdDracut } from './ovary.d/initrd.js';
-import { userCreateLive } from './ovary.d/user-create-live.js';
+import userCreateLive from './ovary.d/user-create-live.js';
 import { syslinux } from './ovary.d/syslinux.js';
-import { usersRemove } from './ovary.d/users-remove.js';
+import usersRemove from './ovary.d/users-remove.js';
 import { makeDotDisk } from './ovary.d/make-dot-disk.js';
 import { kernelCopy } from './ovary.d/kernel-copy.js';
 import { liveCreateStructure } from './ovary.d/live-create-structure.js';

package/dist/classes/ovary.js

@@ -22,9 +22,9 @@ import { createXdgAutostart } from './ovary.d/create-xdg-autostart.js';
 import { copied, merged, mergedAndOverlay } from './ovary.d/merged.js';
 import { makeIso } from './ovary.d/make-iso.js';
 import { initrdAlpine, initrdArch, initrdDebian, initrdDracut } from './ovary.d/initrd.js';
-import { userCreateLive } from './ovary.d/user-create-live.js';
+import userCreateLive from './ovary.d/user-create-live.js';
 import { syslinux } from './ovary.d/syslinux.js';
-import { usersRemove } from './ovary.d/users-remove.js';
+import usersRemove from './ovary.d/users-remove.js';
 import { makeDotDisk } from './ovary.d/make-dot-disk.js';
 import { kernelCopy } from './ovary.d/kernel-copy.js';
 import { liveCreateStructure } from './ovary.d/live-create-structure.js';

package/dist/classes/pacman.d/alpine.js

@@ -5,7 +5,7 @@
  * email: piero.proietti@gmail.com
  * license: MIT
  */
-import shx from 'shelljs';
+import { shx } from '../../lib/utils.js';
 import { exec } from '../../lib/utils.js';
 import Utils from '../utils.js';
 /**
@@ -131,7 +131,7 @@ export default class Alpine {
      */
     static async packageInstall(packageName) {
         let retVal = false;
-        if (shx.exec(`/sbin/apk add ${packageName}`, { silent: true }) === '0') {
+        if (shx.exec('/sbin/apk add ' + packageName, { silent: true }).code === 0) {
             retVal = true;
         }
         return retVal;

package/dist/classes/pacman.d/archlinux.js

@@ -6,7 +6,7 @@
  * license: MIT
  */
 import fs from 'node:fs';
-import shx from 'shelljs';
+import { shx } from '../../lib/utils.js';
 import { exec } from '../../lib/utils.js';
 import Utils from '../utils.js';
 /**
@@ -77,7 +77,7 @@ export default class Archlinux {
      */
     static async packageInstall(packageName) {
         let retVal = false;
-        if (shx.exec(`/usr/bin/pacman -Si ${packageName}`, { silent: true }) === '0') {
+        if (shx.exec('/usr/bin/pacman -Si ' + packageName, { silent: true }).code === 0) {
             retVal = true;
         }
         return retVal;

package/dist/classes/pacman.d/debian.js

@@ -6,8 +6,7 @@
  * license: MIT
  */
 import fs from 'node:fs';
-import shx from 'shelljs';
-import { exec } from '../../lib/utils.js';
+import { exec, shx } from '../../lib/utils.js';
 import Utils from '../utils.js';
 /**
  * Debian
@@ -116,7 +115,7 @@ export default class Debian {
      */
     static async packageInstall(packageName) {
         let retVal = false;
-        if (shx.exec(`/usr/bin/apt-get install -y ${packageName}`, { silent: true }) === '0') {
+        if (shx.exec('/usr/bin/apt-get install -y ' + packageName, { silent: true }).code === 0) {
             retVal = true;
         }
         return retVal;

package/dist/classes/pacman.d/fedora.js

@@ -6,8 +6,7 @@
  * license: MIT
  */
 import fs from 'node:fs';
-import shx from 'shelljs';
-import { exec } from '../../lib/utils.js';
+import { exec, shx } from '../../lib/utils.js';
 import Utils from '../utils.js';
 /**
  * Utils: general porpourse utils
@@ -86,7 +85,7 @@ export default class Fedora {
      */
     static async packageInstall(packageName) {
         let retVal = false;
-        if (shx.exec(`/usr/bin/dnf install ${packageName}`, { silent: true }) === '0') {
+        if (shx.exec('/usr/bin/dnf install ' + packageName, { silent: true }).code === 0) {
             retVal = true;
         }
         return retVal;

package/dist/classes/pacman.d/openmamba.js

@@ -6,8 +6,7 @@
  * license: MIT
  */
 import fs from 'node:fs';
-import shx from 'shelljs';
-import { exec } from '../../lib/utils.js';
+import { exec, shx } from '../../lib/utils.js';
 import Utils from '../utils.js';
 /**
  * Utils: general porpourse utils
@@ -85,7 +84,7 @@ export default class Openmamba {
      */
     static async packageInstall(packageName) {
         let retVal = false;
-        if (shx.exec(`/usr/bin/dnf install ${packageName}`, { silent: false }) === '0') {
+        if (shx.exec('/usr/bin/dnf install ' + packageName, { silent: false }).code === 0) {
             retVal = true;
         }
         return retVal;

package/dist/classes/pacman.d/opensuse.js

@@ -6,8 +6,7 @@
  * license: MIT
  */
 import fs from 'node:fs';
-import shx from 'shelljs';
-import { exec } from '../../lib/utils.js';
+import { exec, shx } from '../../lib/utils.js';
 import Utils from '../utils.js';
 /**
  * Utils: general porpourse utils
@@ -88,7 +87,7 @@ export default class Opensuse {
      */
     static async packageInstall(packageName) {
         let retVal = false;
-        if (shx.exec(`/usr/bin/zypper install ${packageName}`, { silent: true }) === '0') {
+        if (shx.exec('/usr/bin/zypper install ' + packageName, { silent: true }).code === 0) {
             retVal = true;
         }
         return retVal;

package/dist/classes/pacman.d.ts

@@ -40,11 +40,6 @@ export default class Pacman {
      *
      */
     static calamaresRemove(verbose?: boolean): Promise<boolean>;
-    /**
-     *
-     * @param cmd
-     */
-    static commandIsInstalled(cmd: string): boolean;
     /**
      * Restituisce VERO se i file di configurazione SONO presenti
      */

package/dist/classes/pacman.js

@@ -5,11 +5,10 @@
  * email: piero.proietti@gmail.com
  * license: MIT
  */
-import { execSync } from 'node:child_process';
+import { shx, execSync } from '../lib/utils.js';
 import fs from 'node:fs';
 // _dirname
 import path from 'node:path';
-import shx from 'shelljs';
 import { exec } from '../lib/utils.js';
 import Distro from './distro.js';
 import Diversions from './diversions.js';
@@ -61,7 +60,7 @@ export default class Pacman {
      * return true if calamares is installed
      */
     static calamaresExists() {
-        return this.commandIsInstalled('calamares');
+        return Utils.commandExists('calamares');
     }
     /**
      *
@@ -144,17 +143,6 @@ export default class Pacman {
         }
         return retVal;
     }
-    /**
-     *
-     * @param cmd
-     */
-    static commandIsInstalled(cmd) {
-        let installed = false;
-        if (shx.exec(`command -V ${cmd} >/dev/null 2>&1`).code == 0) {
-            installed = true;
-        }
-        return installed;
-    }
     /**
      * Restituisce VERO se i file di configurazione SONO presenti
      */
@@ -195,7 +183,7 @@ export default class Pacman {
         /**
          * Salvo la configurazione di eggs.yaml
          */
-        config.machine_id = Utils.machineId();
+        config.machine_id = ''; //Utils.machineId()
         config.vmlinuz = Utils.vmlinuz();
         config.initrd_img = Utils.initrdImg();
         const settings = new Settings();
@@ -231,7 +219,6 @@ export default class Pacman {
             execSync(`rm -rf ${init}`);
         }
         execSync(`mkdir -p ${init}`);
-        // shx.ln('-s', path.resolve(__dirname, '../../addons'), addons)
         shx.cp(path.resolve(__dirname, '../../conf/README.md'), confRoot);
         shx.cp(path.resolve(__dirname, '../../conf/derivatives.yaml'), confRoot);
         shx.cp(path.resolve(__dirname, '../../conf/derivatives_fedora.yaml'), confRoot);

package/dist/classes/pve-live.js

@@ -14,7 +14,7 @@
  * This will remove the symbolic link that indicated that the service should be started automatically.
  */
 import path from 'node:path';
-import shx from 'shelljs';
+import { shx } from '../lib/utils.js';
 import Systemctl from './systemctl.js';
 // _dirname
 const __dirname = path.dirname(new URL(import.meta.url).pathname);

package/dist/classes/settings.js

@@ -10,7 +10,7 @@ import yaml from 'js-yaml';
 // packages
 import fs from 'node:fs';
 import os from 'node:os';
-import shx from 'shelljs';
+import { shx } from '../lib/utils.js';
 // pjson
 import { createRequire } from 'node:module';
 const require = createRequire(import.meta.url);

package/dist/classes/sys-users.d.ts

@@ -0,0 +1,76 @@
+/**
+ * src/classes/sys-users.ts
+ * penguins-eggs v.25.7.x / ecmascript 2020
+ * * "THE SYSUSER MASTER"
+ * Gestione pura Node.js per utenti e gruppi di sistema.
+ * Sostituisce i binari (useradd/usermod/deluser) per garantire operazioni atomiche
+ * e compatibilità SELinux (Fedora/RHEL) scrivendo file puliti.
+ */
+export interface IPasswdEntry {
+    username: string;
+    password: string;
+    uid: string;
+    gid: string;
+    gecos: string;
+    home: string;
+    shell: string;
+}
+export interface IShadowEntry {
+    username: string;
+    hash: string;
+    lastChange: string;
+    min: string;
+    max: string;
+    warn: string;
+    inactive: string;
+    expire: string;
+}
+export interface IGroupEntry {
+    groupName: string;
+    password: string;
+    gid: string;
+    members: string[];
+}
+export default class SysUsers {
+    private targetRoot;
+    private distroFamily;
+    private passwd;
+    private shadow;
+    private group;
+    private gshadowLines;
+    private subuidLines;
+    private subgidLines;
+    constructor(targetRoot: string, distroFamily: string);
+    /**
+     * Carica tutti i file di configurazione in memoria
+     */
+    load(): void;
+    /**
+     * Salva lo stato della memoria su disco e applica SELinux fix
+     */
+    save(): Promise<void>;
+    /**
+     * Crea un nuovo utente completo
+     */
+    addUser(user: IPasswdEntry, cleanPassword: string): void;
+    /**
+     * Rimuove completamente un utente
+     */
+    removeUser(username: string): void;
+    /**
+     * Aggiunge utente a un gruppo supplementare
+     */
+    addUserToGroup(username: string, groupName: string): void;
+    /**
+     * Cambia password utente
+     */
+    setPassword(username: string, password: string): void;
+    private readFile;
+    private writeFile;
+    private parsePasswd;
+    private serializePasswd;
+    private parseShadow;
+    private serializeShadow;
+    private parseGroup;
+    private serializeGroup;
+}

package/dist/classes/sys-users.js

@@ -0,0 +1,206 @@
+/**
+ * src/classes/sys-users.ts
+ * penguins-eggs v.25.7.x / ecmascript 2020
+ * * "THE SYSUSER MASTER"
+ * Gestione pura Node.js per utenti e gruppi di sistema.
+ * Sostituisce i binari (useradd/usermod/deluser) per garantire operazioni atomiche
+ * e compatibilità SELinux (Fedora/RHEL) scrivendo file puliti.
+ */
+import fs from 'fs';
+import path from 'path';
+import * as bcrypt from 'bcryptjs';
+import { exec } from '../lib/utils.js';
+export default class SysUsers {
+    targetRoot;
+    distroFamily;
+    // Cache in memoria
+    passwd = [];
+    shadow = [];
+    group = [];
+    // File "minori" gestiti a righe raw per semplicità
+    gshadowLines = [];
+    subuidLines = [];
+    subgidLines = [];
+    constructor(targetRoot, distroFamily) {
+        this.targetRoot = targetRoot;
+        this.distroFamily = distroFamily;
+    }
+    /**
+     * Carica tutti i file di configurazione in memoria
+     */
+    load() {
+        this.passwd = this.parsePasswd(this.readFile('etc/passwd'));
+        this.shadow = this.parseShadow(this.readFile('etc/shadow'));
+        this.group = this.parseGroup(this.readFile('etc/group'));
+        this.gshadowLines = this.readFile('etc/gshadow');
+        this.subuidLines = this.readFile('etc/subuid');
+        this.subgidLines = this.readFile('etc/subgid');
+    }
+    /**
+     * Salva lo stato della memoria su disco e applica SELinux fix
+     */
+    async save() {
+        // Serializzazione
+        const passwdContent = this.serializePasswd(this.passwd);
+        const shadowContent = this.serializeShadow(this.shadow);
+        const groupContent = this.serializeGroup(this.group);
+        // Scrittura Atomica + Fix SELinux
+        await this.writeFile('etc/passwd', passwdContent, 'passwd_file_t');
+        await this.writeFile('etc/shadow', shadowContent, 'shadow_t');
+        await this.writeFile('etc/group', groupContent, 'passwd_file_t');
+        // File raw
+        if (this.gshadowLines.length > 0)
+            await this.writeFile('etc/gshadow', this.gshadowLines.join('\n'), 'shadow_t');
+        if (this.subuidLines.length > 0)
+            await this.writeFile('etc/subuid', this.subuidLines.join('\n'), 'passwd_file_t');
+        if (this.subgidLines.length > 0)
+            await this.writeFile('etc/subgid', this.subgidLines.join('\n'), 'passwd_file_t');
+    }
+    // =========================================================================
+    // API PUBBLICA
+    // =========================================================================
+    /**
+     * Crea un nuovo utente completo
+     */
+    addUser(user, cleanPassword) {
+        // Rimuovi se esiste (idempotenza)
+        this.removeUser(user.username);
+        // 1. Passwd
+        this.passwd.push(user);
+        // 2. Shadow (Hash Password)
+        const salt = bcrypt.genSaltSync(10);
+        const hash = bcrypt.hashSync(cleanPassword, salt);
+        this.shadow.push({
+            username: user.username,
+            hash: hash,
+            lastChange: '19700', // Data approssimativa
+            min: '0',
+            max: '99999',
+            warn: '7',
+            inactive: '',
+            expire: ''
+        });
+        // 3. Gruppo Primario
+        // Solo se non esiste già un gruppo con quel nome
+        if (!this.group.find(g => g.groupName === user.username)) {
+            this.group.push({
+                groupName: user.username,
+                password: 'x',
+                gid: user.gid,
+                members: []
+            });
+        }
+        // 4. GShadow (placeholder)
+        this.gshadowLines.push(`${user.username}:!::`);
+        // 5. SubUID/SubGID (Podman rootless)
+        // Calcolo offset standard: 100000 + (UID-1000)*65536
+        const uidNum = parseInt(user.uid);
+        if (!isNaN(uidNum) && uidNum >= 1000) {
+            const startUid = 100000 + (uidNum - 1000) * 65536;
+            const subEntry = `${user.username}:${startUid}:65536`;
+            this.subuidLines.push(subEntry);
+            this.subgidLines.push(subEntry);
+        }
+    }
+    /**
+     * Rimuove completamente un utente
+     */
+    removeUser(username) {
+        this.passwd = this.passwd.filter(u => u.username !== username);
+        this.shadow = this.shadow.filter(s => s.username !== username);
+        this.group = this.group.filter(g => g.groupName !== username);
+        // Rimuovi dai membri di altri gruppi
+        this.group.forEach(g => {
+            g.members = g.members.filter(m => m !== username);
+        });
+        this.gshadowLines = this.gshadowLines.filter(l => !l.startsWith(`${username}:`));
+        this.subuidLines = this.subuidLines.filter(l => !l.startsWith(`${username}:`));
+        this.subgidLines = this.subgidLines.filter(l => !l.startsWith(`${username}:`));
+    }
+    /**
+     * Aggiunge utente a un gruppo supplementare
+     */
+    addUserToGroup(username, groupName) {
+        const grp = this.group.find(g => g.groupName === groupName);
+        if (grp) {
+            if (!grp.members.includes(username)) {
+                grp.members.push(username);
+            }
+        }
+        // Se il gruppo non esiste, lo ignoriamo silenziosamente o potremmo crearlo
+    }
+    /**
+     * Cambia password utente
+     */
+    setPassword(username, password) {
+        const entry = this.shadow.find(s => s.username === username);
+        if (entry) {
+            const salt = bcrypt.genSaltSync(10);
+            entry.hash = bcrypt.hashSync(password, salt);
+            entry.lastChange = '19700';
+        }
+    }
+    // =========================================================================
+    // IMPLEMENTAZIONE FILE (Privata)
+    // =========================================================================
+    readFile(relativePath) {
+        const fullPath = path.join(this.targetRoot, relativePath);
+        if (fs.existsSync(fullPath)) {
+            return fs.readFileSync(fullPath, 'utf8').split('\n').filter(l => l.trim().length > 0);
+        }
+        return [];
+    }
+    async writeFile(relativePath, content, contextType) {
+        const fullPath = path.join(this.targetRoot, relativePath);
+        // Crea dir se manca (es. /etc/sudoers.d/ o simili)
+        const dir = path.dirname(fullPath);
+        if (!fs.existsSync(dir))
+            fs.mkdirSync(dir, { recursive: true });
+        try {
+            // 1. Scrittura
+            fs.writeFileSync(fullPath, content + '\n');
+            // 2. Fix SELinux (Solo RHEL Family)
+            if (['fedora', 'rhel', 'centos', 'almalinux', 'rocky'].includes(this.distroFamily)) {
+                // await exec, echo false per non sporcare i log
+                await exec(`chcon -t ${contextType} ${fullPath}`, { echo: false }).catch(() => { });
+            }
+        }
+        catch (e) {
+            console.error(`SysUsers Error writing ${relativePath}:`, e);
+        }
+    }
+    // --- PARSERS & SERIALIZERS ---
+    parsePasswd(lines) {
+        return lines.map(line => {
+            const p = line.split(':');
+            if (p.length < 7)
+                return null;
+            return { username: p[0], password: p[1], uid: p[2], gid: p[3], gecos: p[4], home: p[5], shell: p[6] };
+        }).filter((u) => u !== null);
+    }
+    serializePasswd(entries) {
+        return entries.map(u => `${u.username}:${u.password}:${u.uid}:${u.gid}:${u.gecos}:${u.home}:${u.shell}`).join('\n');
+    }
+    parseShadow(lines) {
+        return lines.map(line => {
+            const p = line.split(':');
+            if (p.length < 2)
+                return null;
+            return { username: p[0], hash: p[1], lastChange: p[2] || '', min: p[3] || '', max: p[4] || '', warn: p[5] || '', inactive: p[6] || '', expire: p[7] || '' };
+        }).filter((u) => u !== null);
+    }
+    serializeShadow(entries) {
+        return entries.map(s => `${s.username}:${s.hash}:${s.lastChange}:${s.min}:${s.max}:${s.warn}:${s.inactive}:${s.expire}:`).join('\n');
+    }
+    parseGroup(lines) {
+        return lines.map(line => {
+            const p = line.split(':');
+            if (p.length < 3)
+                return null;
+            return { groupName: p[0], password: p[1], gid: p[2], members: p[3] && p[3].trim() ? p[3].split(',') : [] };
+        }).filter((g) => g !== null);
+    }
+    serializeGroup(entries) {
+        return entries.map(g => `${g.groupName}:${g.password}:${g.gid}:${g.members.join(',')}`).join('\n');
+    }
+}

package/dist/classes/utils.d/kernel.js

@@ -8,7 +8,7 @@ import fs from 'node:fs';
 import path from 'path';
 import Distro from '../distro.js';
 import Utils from '../utils.js';
-import { execSync } from 'node:child_process';
+import { execSync } from '../../lib/utils.js';
 /**
  * Kernel utilities for managing vmlinuz and initramfs paths
  */
@@ -55,7 +55,7 @@ export default class Kernel {
                 Utils.warning("Non è possibile determinare il kernel in un container.");
                 process.exit(1);
             }
-            targetKernel = execSync('uname -r').toString().trim();
+            targetKernel = (execSync('uname -r', { stdio: 'ignore' }) || '').trim();
         }
         const kernelVersionShort = targetKernel.split('.').slice(0, 2).join('.');
         const bootDir = '/boot';
@@ -138,7 +138,7 @@ export default class Kernel {
      * debian, fedora, opensuse, rasberry
      */
     static vmlinuzFromUname() {
-        let kernelVersion = execSync('uname -r').toString().trim();
+        let kernelVersion = (execSync('uname -r', { stdio: 'ignore' }) || '').trim();
         // Try 1: path standard (es. Debian, Ubuntu, Fedora)
         let standardPath = `/boot/vmlinuz-${kernelVersion}`;
         if (fs.existsSync(standardPath)) {