penguins-eggs 25.11.29 → 25.12.7

package/dist/lib/utils.js

@@ -5,34 +5,239 @@
  * email: piero.proietti@gmail.com
  * license: MIT
  */
-import { spawn } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+// Importiamo con alias per poter wrappare
+import { spawn as nodeSpawn, spawnSync as nodeSpawnSync } from 'child_process';
 /**
- *
- * @param command
- * @param param1
- * @returns
+ * Pulizia AppImage
+ * Variabili d'ambiente da rimuovere per evitare conflitti quando si eseguono
+ * comandi di sistema dall'interno di una AppImage.
+ */
+const APPIMAGE_ENV_BLACKLIST = [
+    'LD_LIBRARY_PATH', 'LD_PRELOAD', 'PYTHONPATH', 'PERLLIB',
+    'GSETTINGS_SCHEMA_DIR', 'QT_PLUGIN_PATH', 'XDG_DATA_DIRS',
+    'LIBRARY_PATH', 'PKG_CONFIG_PATH', 'GIO_MODULE_DIR', 'APPIMAGE', 'APPDIR'
+];
+/**
+ * Ottiene un ambiente pulito dalle variabili AppImage
+ * @returns Oggetto process.env sanificato
+ */
+function getCleanEnv() {
+    const env = { ...process.env };
+    if (process.env.APPIMAGE) {
+        APPIMAGE_ENV_BLACKLIST.forEach((key) => delete env[key]);
+    }
+    return env;
+}
+/**
+ * spawnSync (WRAPPER INTELLIGENTE)
+ * Supporta:
+ * 1. (command, args, options)
+ * 2. (command, options) -> args diventa []
+ * Pulisce automaticamente l'ambiente.
+ */
+export function spawnSync(command, arg2, arg3) {
+    let args = [];
+    let options = {};
+    // Rilevamento argomenti (Polimorfismo)
+    if (Array.isArray(arg2)) {
+        args = arg2;
+        options = arg3 || {};
+    }
+    else if (arg2 && typeof arg2 === 'object') {
+        // TypeScript fix: cast esplicito per evitare errori di tipo union
+        options = arg2;
+    }
+    const env = getCleanEnv();
+    const finalEnv = { ...env, ...(options.env || {}) };
+    return nodeSpawnSync(command, args, {
+        ...options,
+        env: finalEnv
+    });
+}
+/**
+ * spawn (WRAPPER INTELLIGENTE)
+ * Supporta:
+ * 1. (command, args, options)
+ * 2. (command, options) -> args diventa []
+ * Pulisce automaticamente l'ambiente.
+ */
+export function spawn(command, arg2, arg3) {
+    let args = [];
+    let options = {};
+    // Rilevamento argomenti (Polimorfismo)
+    if (Array.isArray(arg2)) {
+        args = arg2;
+        options = arg3 || {};
+    }
+    else if (arg2 && typeof arg2 === 'object') {
+        // TypeScript fix: cast esplicito
+        options = arg2;
+    }
+    const env = getCleanEnv();
+    const finalEnv = { ...env, ...(options.env || {}) };
+    return nodeSpawn(command, args, {
+        ...options,
+        env: finalEnv
+    });
+}
+/**
+ * shx
+ * Sostituto drop-in per shelljs che usa API native e ambiente pulito.
+ */
+export const shx = {
+    sed: (flag, regex, replacement, file) => {
+        if (!fs.existsSync(file))
+            return;
+        const content = fs.readFileSync(file, 'utf8');
+        const searchRegex = typeof regex === 'string' ? new RegExp(regex, 'g') : regex;
+        const newContent = content.replace(searchRegex, replacement);
+        fs.writeFileSync(file, newContent, 'utf8');
+    },
+    touch: (file) => {
+        const time = new Date();
+        try {
+            fs.utimesSync(file, time, time);
+        }
+        catch (err) {
+            fs.closeSync(fs.openSync(file, 'w'));
+        }
+    },
+    cp: (arg1, arg2, arg3) => {
+        const src = arg3 ? arg2 : arg1;
+        const dest = arg3 ? arg3 : arg2;
+        // --- GESTIONE WILDCARD (*) ---
+        if (src.endsWith('*')) {
+            const srcDir = path.dirname(src);
+            if (!fs.existsSync(srcDir))
+                return;
+            if (!fs.existsSync(dest))
+                fs.mkdirSync(dest, { recursive: true });
+            const items = fs.readdirSync(srcDir);
+            items.forEach(item => {
+                const s = path.join(srcDir, item);
+                const d = path.join(dest, item);
+                fs.cpSync(s, d, { recursive: true, force: true });
+            });
+            return;
+        }
+        // ----------------------------
+        let finalDest = dest;
+        if (fs.existsSync(dest) && fs.statSync(dest).isDirectory()) {
+            finalDest = path.join(dest, path.basename(src));
+        }
+        if (fs.existsSync(src)) {
+            fs.cpSync(src, finalDest, { recursive: true, force: true });
+        }
+    },
+    rm: (arg1, arg2) => {
+        const target = arg2 ? arg2 : arg1;
+        fs.rmSync(target, { recursive: true, force: true });
+    },
+    mkdir: (arg1, arg2) => {
+        const dir = arg2 ? arg2 : arg1;
+        fs.mkdirSync(dir, { recursive: true });
+    },
+    mv: (src, dest) => {
+        if (!fs.existsSync(src))
+            return;
+        fs.renameSync(src, dest);
+    },
+    chmod: (mode, file) => {
+        if (!fs.existsSync(file))
+            return;
+        let finalMode = mode;
+        if (mode === '+x')
+            finalMode = 0o755;
+        if (typeof mode === 'string' && !isNaN(parseInt(mode, 8))) {
+            finalMode = parseInt(mode, 8);
+        }
+        fs.chmodSync(file, finalMode);
+    },
+    test: (flag, pathToCheck) => {
+        try {
+            const stats = fs.statSync(pathToCheck);
+            if (flag === '-f')
+                return stats.isFile();
+            if (flag === '-d')
+                return stats.isDirectory();
+            return true; // -e
+        }
+        catch (e) {
+            return false;
+        }
+    },
+    which: (cmd) => {
+        const result = shx.exec(`command -v ${cmd}`, { silent: true });
+        return result.code === 0 ? result.stdout.trim() : null;
+    },
+    ln: (flag, target, link) => {
+        if (fs.existsSync(link) || fs.lstatSync(link, { throwIfNoEntry: false })) {
+            fs.rmSync(link, { force: true });
+        }
+        fs.symlinkSync(target, link);
+    },
+    exec: (command, options = {}) => {
+        const env = getCleanEnv();
+        const spawnOpts = {
+            stdio: options.silent ? 'pipe' : 'inherit',
+            env: env,
+            shell: '/bin/bash',
+            encoding: 'utf-8'
+        };
+        // Usiamo nodeSpawnSync perché calcoliamo l'env qui sopra
+        const result = nodeSpawnSync(command, [], spawnOpts);
+        return {
+            code: result.status ?? 1,
+            stdout: result.stdout ? result.stdout.toString() : '',
+            stderr: result.stderr ? result.stderr.toString() : ''
+        };
+    }
+};
+/**
+ * execSync
+ */
+export function execSync(command, options = {}) {
+    const { echo = false, ignore = false, stdio } = options;
+    if (echo)
+        console.log(command);
+    const isSilent = ignore || stdio === 'ignore';
+    const result = shx.exec(command, { silent: isSilent });
+    if (result.code !== 0) {
+        throw new Error(`Command failed: ${command}\nExit Code: ${result.code}\nStderr: ${result.stderr}`);
+    }
+    return result.stdout.trim();
+}
+/**
+ * exec (Async)
  */
 export async function exec(command, { echo = false, ignore = false, capture = false } = {}) {
     return new Promise((resolve, reject) => {
-        if (echo) {
+        if (echo)
             console.log(command);
-        }
-        // Opzioni di base per spawn
-        const spawnOptions = {
-            stdio: ignore ? 'ignore' : capture ? 'pipe' : 'inherit'
-        };
-        const child = spawn('bash', ['-c', command], spawnOptions);
+        const env = getCleanEnv();
+        // Usiamo nodeSpawn direttamente qui per coerenza
+        const child = nodeSpawn(command, [], {
+            stdio: ignore ? 'ignore' : (capture ? 'pipe' : 'inherit'),
+            env: env,
+            shell: '/bin/bash'
+        });
         let stdout = '';
-        if (capture) {
-            child.stdout?.on('data', (data) => {
-                stdout += data;
-            });
-        }
+        let stderr = '';
+        if (capture && child.stdout)
+            child.stdout.on('data', d => stdout += d.toString());
+        if (capture && child.stderr)
+            child.stderr.on('data', d => stderr += d.toString());
         child.on('error', (error) => {
-            reject({ code: 1, error });
+            reject({ code: 1, error, stderr });
         });
-        child.on('exit', (code) => {
-            resolve({ code, data: stdout });
+        child.on('close', (code) => {
+            resolve({
+                code: code || 0,
+                data: stdout.trim(),
+                error: code !== 0 ? stderr.trim() : undefined
+            });
         });
     });
 }

package/manpages/doc/man/eggs.html

@@ -6,12 +6,12 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
   </head>
   <body>
-    <h1>eggs(1) -- the reproductive system of penguins: eggs v25.11.29</h1>
+    <h1>eggs(1) -- the reproductive system of penguins: eggs v25.12.7</h1>
     <h1>SYNOPSIS</h1>
     <p>eggs is a console utility, in active development, who let you to remaster your system and redistribuite it as live ISO image.</p>
     <h1>INSTALL</h1>
     <p>penguins-eggs as an AppImage, it can be installed on all supported distributions. Download it from https://github.com/pieroproietti/penguins-eggs/releases, then run the following commands:</p>
-    <pre><code>$ chmod +x penguins-eggs_25.11.29-1_amd64-x86_64.AppImage
+    <pre><code>$ chmod +x penguins-eggs_25.12.7-1_amd64-x86_64.AppImage
 $ sudo mv /usr/local/bin
 $ sudo eggs setup
 </code></pre>
@@ -19,30 +19,30 @@ $ sudo eggs setup
     <pre><code>$ doas apk add penguins-eggs@testing
 </code></pre>
     <p>AlmaLinux/RockyLinux</p>
-    <pre><code>$ sudo dnf install ./penguins-eggs_25.11.29-1_amd64-1rocky9.5..x86_64.rpm
+    <pre><code>$ sudo dnf install ./penguins-eggs_25.12.7-1_amd64-1rocky9.5..x86_64.rpm
 
 </code></pre>
     <p>Arch</p>
     <pre><code>$ sudo pacman -S penguins-eggs
-$ sudo pacman -U penguins-eggs_25.11.29-1_amd64-1-x86_64.pkg.tar.zst
+$ sudo pacman -U penguins-eggs_25.12.7-1_amd64-1-x86_64.pkg.tar.zst
 </code></pre>
     <p>Debian/Devuan/Ubuntu</p>
     <pre><code>$ sudo apt install penguins-eggs
-$ sudo dpkg -i penguins-eggs_25.11.29-1_amd64.deb
+$ sudo dpkg -i penguins-eggs_25.12.7-1_amd64.deb
 </code></pre>
     <p>Fedora</p>
-    <pre><code>$ sudo dnf install ./penguins-eggs_25.11.29-1_amd64-1fedora.x86_64.rpm
+    <pre><code>$ sudo dnf install ./penguins-eggs_25.12.7-1_amd64-1fedora.x86_64.rpm
 </code></pre>
     <p>Manjaro</p>
     <pre><code>$ sudo pamac install penguins-eggs
 </code></pre>
     <p>OpenMamba</p>
-    <pre><code>$ sudo dnf install ./penguins-eggs_25.11.29-1_amd64-1mamba.x86_64.rpm
+    <pre><code>$ sudo dnf install ./penguins-eggs_25.12.7-1_amd64-1mamba.x86_64.rpm
 </code></pre>
     <h1>USAGE</h1>
     <pre><code>$ eggs (-v|--version|version)
 
-penguins-eggs/25.11.29  
+penguins-eggs/25.12.7  
 $ eggs --help [COMMAND]
 
 USAGE

package/package.json

@@ -2,7 +2,7 @@
   "name": "penguins-eggs",
   "shortName": "eggs",
   "description": "A remaster system tool, compatible with Almalinux, Alpine, Arch, Debian, Devuan, Fedora, Manjaro, Opensuse, Ubuntu and derivatives",
-  "version": "25.11.29",
+  "version": "25.12.7",
   "author": "Piero Proietti",
   "bin": {
     "eggs": "./bin/run.js"
@@ -13,13 +13,14 @@
     "@oclif/plugin-autocomplete": "^3.2.39",
     "@oclif/plugin-help": "^6.2.36",
     "@oclif/plugin-version": "^2.2.36",
-    "@types/express": "^5.0.5",
+    "@types/express": "^5.0.6",
     "ansis": "^4.2.0",
     "axios": "^1.13.2",
+    "bcryptjs": "^3.0.3",
     "chalk": "^5.6.2",
     "cli-cursor": "^5.0.0",
     "debug": "^4.4.3",
-    "express": "^5.1.0",
+    "express": "^5.2.1",
     "ink": "^5",
     "ink-progress-bar": "^3.0.0",
     "ink-spinner": "^5.0.0",
@@ -29,7 +30,6 @@
     "netmask": "^2.0.2",
     "react": "^18.3.1",
     "read": "^4.1.0",
-    "shelljs": "^0.10.0",
     "systeminformation": "^5.27.11",
     "tftp": "^0.1.2",
     "ws": "^8.18.3"
@@ -37,6 +37,7 @@
   "devDependencies": {
     "@oclif/prettier-config": "^0.2.1",
     "@oclif/test": "^4.1.15",
+    "@types/bcryptjs": "^3.0.0",
     "@types/chai": "^5.2.3",
     "@types/debug": "^4.1.12",
     "@types/glob": "^9.0.0",
@@ -48,24 +49,23 @@
     "@types/node": "^22.15.30",
     "@types/react": "^18.3.18",
     "@types/read": "^0.0.32",
-    "@types/shelljs": "^0.8.17",
     "@types/ws": "^8.18.1",
     "chai": "^6.2.1",
     "eslint": "^9.39.1",
-    "eslint-config-oclif": "^6.0.119",
+    "eslint-config-oclif": "^6.0.124",
     "eslint-config-prettier": "^10.1.8",
     "glob": "^13.0.0",
     "mocha": "^11.7.5",
-    "oclif": "^4.22.50",
+    "oclif": "^4.22.54",
     "perrisbrewery": "^25.9.16",
-    "prettier": "^3.7.2",
+    "prettier": "^3.7.4",
     "shx": "^0.4.0",
     "ts-node": "10.9.2",
     "ts-prune": "^0.10.3",
     "typescript": "^5.9.3"
   },
   "engines": {
-    "node": ">=16.0.0"
+    "node": ">=22.0.0"
   },
   "files": [
     ".oclif.manifest.json",

package/perrisbrewery/template/dependencies.yaml

@@ -22,6 +22,7 @@ common:
   - lvm2  # pvdisplay in krill
   - nodejs (>= 18)
   - parted 
+  - pxelinux
   - policykit-1 | pkexec # calamares
   - rsync
   - squashfs-tools

package/scripts/boot-encrypted-root.sh

@@ -0,0 +1,220 @@
+#!/bin/sh
+# /scripts/live-premount/boot-encrypted-root.sh
+#
+# This script is designed to Boot Encrypted Linux Live (BELL).
+#
+# Its main purpose is to find an encrypted root image file (root.img) 
+# on a live USB/DVD, ask the user for a passphrase to unlock it, 
+# and then copy the main system filesystem (filesystem.squashfs) 
+# from inside the encrypted image into RAM.
+# 
+# the process continue with standard live-boot 
+
+# enable echo
+# set -e
+
+echo "BELL: Boot Encrypted Linux Live"
+
+#################################################
+# 1. Setup and Find Media
+
+# 1.1 load modules
+echo "BELL: loading modules..."
+modprobe loop 2>/dev/null || true
+modprobe dm_mod 2>/dev/null || true
+modprobe dm_crypt 2>/dev/null || true
+modprobe overlay 2>/dev/null || true
+modprobe ext4 2>/dev/null || true
+modprobe squashfs 2>/dev/null || true
+sleep 2
+
+
+# 1.2 find BELL media drive
+echo "BELL: find BELL media drive..."
+mkdir -p /mnt/live-media /mnt/ext4
+BELL_MEDIA_MNT="/mnt/live-media"
+LIVE_DEV=""
+
+# find to max 20 devices
+MAX_WAIT_DEV=20; COUNT_DEV=0
+while [ -z "$LIVE_DEV" ] && [ $COUNT_DEV -lt $MAX_WAIT_DEV ]; do
+    ls /dev > /dev/null
+    for dev in /dev/sr* /dev/sd* /dev/vd* /dev/nvme*n*; do
+        if [ ! -b "$dev" ]; then continue; fi
+        if mount -o ro "$dev" "$BELL_MEDIA_MNT" 2>/dev/null; then
+            if [ -f "${BELL_MEDIA_MNT}/live/root.img" ]; then
+                echo "BELL: Found BELL media on $dev"
+                LIVE_DEV=$dev
+                break 2
+            else
+                umount "$BELL_MEDIA_MNT" 2>/dev/null || true
+            fi
+        fi
+    done
+    sleep 1
+    COUNT_DEV=$((COUNT_DEV+1))
+done
+
+if [ -z "$LIVE_DEV" ]; then
+    echo "BELL: Error: no live BELL drive found!"
+    ls /dev
+    exit 1
+fi
+
+ROOT_IMG_RO="${BELL_MEDIA_MNT}/live/root.img"
+RAM_MEDIA_MNT="/run/live/medium" # final destination in RAM
+
+
+#################################################
+# 2. Prepare Encrypted Image
+
+# 2.1 loop device
+echo "BELL: loop device association for $ROOT_IMG_RO..."
+LOOP_DEV_OUTPUT=$(/sbin/losetup -f --show "$ROOT_IMG_RO" 2>/dev/null); LOSETUP_EXIT_STATUS=$?
+if [ $LOSETUP_EXIT_STATUS -ne 0 ] || [ -z "$LOOP_DEV_OUTPUT" ] || ! [ -b "$LOOP_DEV_OUTPUT" ]; then
+    echo "BELL: Error: loop association failed!"
+    exit 1
+fi
+LOOP_DEV="$LOOP_DEV_OUTPUT"
+echo "BELL: loop device $ROOT_IMG_RO associated to: $LOOP_DEV"
+
+
+
+#################################################
+# 3. Unlock LUKS (User Interaction)
+
+# disable 'set -e' to let 3 tempts 
+#set +e
+MAX_ATTEMPTS=3
+ATTEMPT=1
+UNLOCKED=0
+
+while [ $ATTEMPT -le $MAX_ATTEMPTS ]; do
+
+    # check if plymouth is active
+    if plymouth --ping 2>/dev/null; then
+
+        # request the password in plymouth and pass it to cryptsetup via stdin (--key-file -)
+        if plymouth ask-for-password --prompt="Enter passphrase ($ATTEMPT/$MAX_ATTEMPTS)" | cryptsetup open --readonly --key-file - "$LOOP_DEV" live-root; then
+            UNLOCKED=1
+            break
+        else
+            if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                plymouth display-message --text="Incorrect passphrase. Try again..."
+                sleep 2 # wait 2 seconds to read message
+            fi
+        fi
+    else
+        # Fallback: Plymouth not active
+        echo "Please enter passphrase for $LOOP_DEV ($ATTEMPT/$MAX_ATTEMPTS):"
+
+        if cryptsetup open --readonly "$LOOP_DEV" live-root; then
+            UNLOCKED=1
+            break
+        else
+            if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                echo "Incorrect passphrase. Please try again."
+            fi
+        fi
+    fi
+
+    ATTEMPT=$((ATTEMPT + 1))
+    sleep 1
+done
+
+# Enable echo
+# set -e
+
+# check if all attempts have failed
+if [ $UNLOCKED -eq 0 ]; then
+    if plymouth --ping 2>/dev/null; then
+        plymouth display-message --text="LUKS Unlock Failed: Max attempts reached"
+        sleep 5
+    fi
+    /sbin/losetup -d "$LOOP_DEV" || true
+    exit 1
+fi
+
+echo "BELL: LUKS unlocked ($LOOP_DEV -> live-root) [readonly]. Waiting for mapper..."
+
+
+#################################################
+# 4. copy System to RAM
+
+# 4.1 waiting mapper
+MAX_WAIT_MAP=10; COUNT_MAP=0
+while [ ! -b /dev/mapper/live-root ] && [ $COUNT_MAP -lt $MAX_WAIT_MAP ]; do
+    sleep 1
+    COUNT_MAP=$((COUNT_MAP+1))
+done
+
+if [ ! -b /dev/mapper/live-root ]; then
+    echo "BELL: Error: mapper did not appear."
+    cryptsetup close live-root || true
+    /sbin/losetup -d "$LOOP_DEV" || true
+    exit 1
+fi
+
+# 4.2 mount ext4 filesystem
+echo "BELL: mounting ext4 filesystem..."
+mount -t ext4 -o ro /dev/mapper/live-root /mnt/ext4
+
+SQFS_SRC="/mnt/ext4/filesystem.squashfs"
+if [ ! -f "$SQFS_SRC" ]; then
+    echo "BELL: error: $SQFS_SRC not found!"
+    exit 1
+fi
+
+
+# 4.3. Prepare RAM destination /run
+echo "BELL: preparing RAM disk ${RAM_MEDIA_MNT}..."
+SQFS_SIZE_BYTES=$(stat -c%s "$SQFS_SRC")
+NEEDED_SIZE_MB=$(( $SQFS_SIZE_BYTES / 1024 / 1024 + 500 )) # add 500MB buffer
+echo "BELL: Estimated space required in /run: ${NEEDED_SIZE_MB} MB"
+echo "BELL: increase size /run (tmpfs)..."
+if ! mount -o remount,size=${NEEDED_SIZE_MB}M /run; then
+    echo "BELL: WARN: Remount /run failed, space may be insufficient."
+    df -h /run
+fi
+mkdir -p "${RAM_MEDIA_MNT}/live"
+
+# 4.4 copy ONLY filesystem.squashfs to RAM
+SQFS_DEST="${RAM_MEDIA_MNT}/live/filesystem.squashfs"
+echo "BELL: copying $SQFS_SRC -> $SQFS_DEST..."
+if command -v rsync >/dev/null; then
+    rsync -a --info=progress2 "$SQFS_SRC" "$SQFS_DEST"
+else
+    cp "$SQFS_SRC" "$SQFS_DEST"
+fi
+SQFS_SIZE=$(du -h "$SQFS_DEST" | cut -f1)
+echo "BELL: filesystem.squashfs ($SQFS_SIZE) copied to RAM."
+
+# 4.5 copy .disk
+if [ -d "${BELL_MEDIA_MNT}/.disk" ]; then
+    cp -a "${BELL_MEDIA_MNT}/.disk" "${RAM_MEDIA_MNT}/"
+    echo "BELL: .disk copied."
+else
+    echo "BELL: Warning: .disk not found."
+fi
+
+# 4.6 Copy vmlinuz and initrd (we need to install the system)
+cp -a "${BELL_MEDIA_MNT}/live/vmlinuz"* "${RAM_MEDIA_MNT}/live/" 2>/dev/null || true
+cp -a "${BELL_MEDIA_MNT}/live/initrd"* "${RAM_MEDIA_MNT}/live/" 2>/dev/null || true
+echo "BELL: Attempted kernel/initrd copy (any errors ignored)."
+
+
+#################################################
+# 6. Cleanup and Hand-off
+echo "BELL: cleaning used mounts and devices..."
+umount /mnt/ext4 || echo "BELL: WARN: umount /mnt/ext4 failed ($?)"
+cryptsetup close live-root || echo "BELL: WARN: cryptsetup close live-root failed ($?)"
+/sbin/losetup -d "$LOOP_DEV" || echo "BELL: WARN: losetup -d $LOOP_DEV failed ($?)"
+umount "$BELL_MEDIA_MNT" || echo "BELL: WARN: umount ${BELL_MEDIA_MNT} failed ($?)"
+echo "BELL: cleaning complete."
+
+
+# 6.1 switching to live boot
+echo "BELL: live ISO image built in RAM on ${RAM_MEDIA_MNT}"
+# ls -l "$RAM_MEDIA_MNT"
+# ls -l "${RAM_MEDIA_MNT}/live"
+exit 0