penguins-eggs 25.11.29 → 25.12.7

package/scripts/mount-encrypted-home.sh

@@ -0,0 +1,324 @@
+#!/bin/bash
+# This Bash script is used to unlock and mount a LUKS-encrypted home.img
+# file for use as a /home directory, typically in a “live”
+# operating system environment (booted from USB or DVD).
+# v1.4 - Fixed 3-attempt loop by checking PIPESTATUS instead of pipe exit code.
+#      - Replaced non-breaking spaces with regular spaces.
+
+# enable echo
+set -e
+
+# configuration
+HOME_IMG="__HOME_IMG_PATH__"
+LUKS_NAME="live-home"
+MOUNT_POINT="/home"
+
+# define path OverlayFS
+# we will use /run che è un tmpfs (in RAM)
+LOWER_DIR="/run/live-home-lower"
+UPPER_DIR="/run/live-home-upper"
+WORK_DIR="/run/live-home-work"
+
+LOG_FILE="/var/log/mount-encrypted-home.log"
+
+# logging
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
+}
+
+log_error() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] ERROR: $1" | tee -a "$LOG_FILE" >&2
+}
+
+# Cleanup in caso di errore
+cleanup() {
+    log "Cleanup in progress..."
+    if mountpoint -q "$MOUNT_POINT" 2>/dev/null; then
+        umount "$MOUNT_POINT" 2>/dev/null || true
+    fi
+    if mountpoint -q "$LOWER_DIR" 2>/dev/null; then
+        umount "$LOWER_DIR" 2>/dev/null || true
+    fi
+    if [ -e "/dev/mapper/$LUKS_NAME" ]; then
+        cryptsetup close "$LUKS_NAME" 2>/dev/null || true
+    fi
+    rmdir "$LOWER_DIR" "$UPPER_DIR" "$WORK_DIR" 2>/dev/null || true
+}
+
+trap cleanup EXIT
+
+log "=== Starting encrypted home mount process (v1.4) ==="
+
+# Check available memory
+AVAILABLE_MEM=$(free -m | awk '/^Mem:/{print $7}')
+log "Available memory: ${AVAILABLE_MEM}MB"
+
+if [ "$AVAILABLE_MEM" -lt 1024 ]; then
+    log_error "Low memory warning: only ${AVAILABLE_MEM}MB available"
+    log "This might cause issues with LUKS operations"
+fi
+
+# Wait for the media to become available (max 30 seconds)
+log "Waiting for live media to be available..."
+COUNTER=0
+while [ ! -f "$HOME_IMG" ] && [ $COUNTER -lt 30 ]; do
+    sleep 1
+    COUNTER=$((COUNTER + 1))
+done
+
+if [ ! -f "$HOME_IMG" ]; then
+    log_error "home.img not found at $HOME_IMG after 30 seconds"
+    log "Available mounts:"
+    mount | grep live | tee -a "$LOG_FILE"
+    exit 0
+fi
+
+log "Found home.img at $HOME_IMG"
+
+# Check file size
+IMG_SIZE=$(stat -c %s "$HOME_IMG")
+log "home.img size: $((IMG_SIZE / 1024 / 1024))MB"
+
+# Check if it is a LUKS volume
+if ! cryptsetup isLuks "$HOME_IMG" 2>&1 | tee -a "$LOG_FILE"; then
+    log_error "$HOME_IMG is not a valid LUKS volume"
+    exit 1
+fi
+
+log "Verified: home.img is a valid LUKS volume"
+
+# Wait until the TTY is fully initialized
+sleep 2
+
+# Clean up any previous device mappers
+if [ -e "/dev/mapper/$LUKS_NAME" ]; then
+    log "LUKS device already exists, closing it first..."
+    cryptsetup close "$LUKS_NAME" 2>&1 | tee -a "$LOG_FILE" || true
+fi
+
+# PASSWORD REQUEST
+# disable 'set -e' to let 3 tempts
+set +e
+
+MAX_ATTEMPTS=3
+ATTEMPT=1
+UNLOCKED=0 # Flag per sapere se abbiamo sbloccato
+
+while [ $ATTEMPT -le $MAX_ATTEMPTS ]; do
+    log "Unlock attempt $ATTEMPT of $MAX_ATTEMPTS"
+    
+    # Check if Plymouth is active
+    if plymouth --ping 2>/dev/null; then
+        log "Plymouth active. Asking for password via Plymouth..."
+        
+        # Execute the command and check PIPESTATUS.
+        plymouth ask-for-password --prompt="Enter passphrase for /home ($ATTEMPT/$MAX_ATTEMPTS)" | cryptsetup open "$HOME_IMG" "$LUKS_NAME" --key-file - 2>&1 | tee -a "$LOG_FILE"
+        
+        # Check the status of cryptsetup (index 1), not tee (index 2)
+        # PIPESTATUS[0] = plymouth, [1] = cryptsetup, [2] = tee
+        if [ ${PIPESTATUS[1]} -eq 0 ]; then
+            log "LUKS volume unlocked successfully via Plymouth"
+            UNLOCKED=1
+            break
+        else
+            log_error "Failed to unlock LUKS volume via Plymouth (attempt $ATTEMPT)"
+            if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                plymouth display-message --text="Incorrect passphrase. Try again..."
+                sleep 2 # Gives time to read the message
+            fi
+        fi
+    else
+        # Fallback: Plymouth not active. asking for password via console
+        log "Plymouth not active. Asking for password via console..."
+        
+        echo ""
+        echo "╔════════════════════════════════════════╗"
+        echo "║  Encrypted Home Directory Detected     ║"
+        echo "╚════════════════════════════════════════╝"
+        echo ""
+        echo "Please enter your passphrase to unlock your data ($ATTEMPT/$MAX_ATTEMPTS)"
+        echo "(Press Ctrl+C to skip and continue with temporary home)"
+        echo ""
+
+        # Run the command and check PIPESTATUS
+        cryptsetup open "$HOME_IMG" "$LUKS_NAME" 2>&1 | tee -a "$LOG_FILE"
+        
+        # Check the status of cryptsetup (index 0), not tee (index 1).
+        # PIPESTATUS[0] = cryptsetup, [1] = tee
+        if [ ${PIPESTATUS[0]} -eq 0 ]; then
+            log "LUKS volume unlocked successfully via console"
+            UNLOCKED=1
+            break
+        else
+            log_error "Failed to unlock LUKS volume (attempt $ATTEMPT)"
+            if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+                echo "Incorrect passphrase. Please try again."
+            fi
+        fi
+    fi
+
+    ATTEMPT=$((ATTEMPT + 1))
+done
+
+
+# Check if unlocking failed after all attempts
+# Enable echo
+set -e
+
+if [ $UNLOCKED -eq 0 ]; then
+    log_error "Maximum attempts reached. Continuing without encrypted home."
+    echo ""
+    echo "╔════════════════════════════════════════╗"
+    echo "║  Failed to unlock encrypted home       ║"
+    echo "║  System will continue with default     ║"
+    echo "╚════════════════════════════════════════╝"
+    echo ""
+    
+    if plymouth --ping 2>/dev/null; then
+        plymouth display-message --text="Failed to unlock. Continuing with temporary home..."
+        sleep 3
+        plymouth quit
+    fi
+    
+    sleep 3
+    exit 0 # Exits without error, allowing the system to continue
+fi
+
+
+# Verify that the device mapper exists
+if [ ! -e "/dev/mapper/$LUKS_NAME" ]; then
+    log_error "Device /dev/mapper/$LUKS_NAME not found after unlock"
+    exit 1
+fi
+
+log "LUKS device available at /dev/mapper/$LUKS_NAME"
+
+# Implementing OverlayFS
+# 1. Create all necessary mount points and directories
+log "Creating overlay directories..."
+mkdir -p "$LOWER_DIR" "$UPPER_DIR" "$WORK_DIR" "$MOUNT_POINT"
+
+# 2. Mount the decrypted volume as read-only as 'lowerdir'
+log "Mounting decrypted volume to $LOWER_DIR (read-only base)"
+if ! mount -o ro "/dev/mapper/$LUKS_NAME" "$LOWER_DIR" 2>&1 | tee -a "$LOG_FILE"; then
+    log_error "Failed to mount decrypted volume (read-only) to $LOWER_DIR"
+    exit 1
+fi
+log "Read-only base mounted successfully."
+
+# 3. create overlay read-write for /home
+log "Mounting overlay filesystem to $MOUNT_POINT"
+OVERLAY_OPTS="lowerdir=$LOWER_DIR,upperdir=$UPPER_DIR,workdir=$WORK_DIR"
+# Add “index=off” and “metacopy=off” for compatibility
+OVERLAY_OPTS="$OVERLAY_OPTS,index=off,metacopy=off"
+
+if ! mount -t overlay -o "$OVERLAY_OPTS" overlay "$MOUNT_POINT" 2>&1 | tee -a "$LOG_FILE"; then
+    log_error "Failed to mount overlay filesystem to $MOUNT_POINT"
+    # Try without extra options if it fails
+    OVERLAY_OPTS="lowerdir=$LOWER_DIR,upperdir=$UPPER_DIR,workdir=$WORK_DIR"
+    log "Retrying overlay mount with basic options..."
+    if ! mount -t overlay -o "$OVERLAY_OPTS" overlay "$MOUNT_POINT" 2>&1 | tee -a "$LOG_FILE"; then
+         log_error "Failed to mount overlay filesystem to $MOUNT_POINT (retry failed)"
+         exit 1
+    fi
+fi
+log "Writable overlay for /home mounted successfully."
+
+
+# Restore users if they exists
+if [ -d "$MOUNT_POINT/.system-backup" ]; then
+    log "Restoring user accounts..."
+    
+    # Remove temporary live user
+    if id live >/dev/null 2>&1; then
+        log "Removing temporary 'live' user"
+        userdel -r live 2>&1 | tee -a "$LOG_FILE" || true
+    fi
+    
+    # Restore users
+    if [ -f "$MOUNT_POINT/.system-backup/passwd" ]; then
+        cat "$MOUNT_POINT/.system-backup/passwd" >> /etc/passwd
+        log "Restored $(wc -l < "$MOUNT_POINT/.system-backup/passwd") user entries"
+    fi
+    
+    if [ -f "$MOUNT_POINT/.system-backup/shadow" ]; then
+        cat "$MOUNT_POINT/.system-backup/shadow" >> /etc/shadow
+    fi
+
+    # Restore groups (replace completely)
+    if [ -f "$MOUNT_POINT/.system-backup/group" ]; then
+        cp "$MOUNT_POINT/.system-backup/group" /etc/group
+        log "Restored group memberships"
+    fi
+
+    if [ -f "$MOUNT_POINT/.system-backup/gshadow" ]; then
+        cp "$MOUNT_POINT/.system-backup/gshadow" /etc/gshadow
+    fi
+
+    # Restore Display Manager configs for autologin
+    log "Restoring display manager configurations (for autologin)..."
+    
+    # GDM (gdm3)
+    if [ -d "$MOUNT_POINT/.system-backup/gdm3" ]; then
+        log "Restoring GDM3 config..."
+        # Remove the default live configuration before copying
+        rm -rf /etc/gdm3 2>/dev/null
+        cp -a "$MOUNT_POINT/.system-backup/gdm3" /etc/
+    fi
+
+    # GDM (gdm)
+    if [ -d "$MOUNT_POINT/.system-backup/gdm" ]; then
+        log "Restoring GDM config..."
+        rm -rf /etc/gdm 2>/dev/null
+        cp -a "$MOUNT_POINT/.system-backup/gdm" /etc/
+    fi
+
+    # LightDM
+    if [ -d "$MOUNT_POINT/.system-backup/lightdm" ]; then
+        log "Restoring LightDM config..."
+        rm -rf /etc/lightdm 2>/dev/null
+        cp -a "$MOUNT_POINT/.system-backup/lightdm" /etc/
+    fi
+
+    # SDDM
+    if [ -f "$MOUNT_POINT/.system-backup/sddm.conf" ]; then
+        log "Restoring SDDM config (sddm.conf)..."
+        cp -a "$MOUNT_POINT/.system-backup/sddm.conf" /etc/
+    fi
+    if [ -d "$MOUNT_POINT/.system-backup/sddm.conf.d" ]; then
+        log "Restoring SDDM config (sddm.conf.d)..."
+        rm -rf /etc/sddm.conf.d 2>/dev/null
+        cp -a "$MOUNT_POINT/.system-backup/sddm.conf.d" /etc/
+    fi
+    
+    log "User accounts and DM configs restored successfully"
+    
+    # Restart the display manager to reload users
+    log "Restarting display manager..."
+    if systemctl is-active --quiet gdm; then
+        systemctl restart gdm 2>&1 | tee -a "$LOG_FILE"
+        log "GDM restarted"
+    elif systemctl is-active --quiet lightdm; then
+        systemctl restart lightdm 2>&1 | tee -a "$LOG_FILE"
+        log "LightDM restarted"
+    elif systemctl is-active --quiet sddm; then
+        systemctl restart sddm 2>&1 | tee -a "$LOG_FILE"
+        log "SDDM restarted"
+    else
+        log "No active display manager found to restart"
+    fi
+else
+    log "No .system-backup directory found. Assuming /home is just data."
+fi
+
+log "=== Encrypted home mount completed successfully ==="
+
+# Notify Plymouth (if active) that we are done
+if plymouth --ping 2>/dev/null; then
+    plymouth quit
+fi
+
+# Don't clean up success
+trap - EXIT
+
+exit 0

package/dracut/create-symlink

@@ -1,71 +0,0 @@
-#!/bin/bash
-#
-# Script per creare symlink dei moduli Penguins-Eggs in /usr/lib/dracut/modules.d
-# Questo è necessario perché Dracut 106 su Debian non legge dracutmodules_dirs con --confdir
-#
-
-set -e
-
-CUSTOM_DIR="/usr/lib/penguins-eggs/dracut/modules.d"
-SYSTEM_DIR="/usr/lib/dracut/modules.d"
-
-echo "=== Creazione Symlink Moduli Dracut ==="
-echo ""
-
-# Verifica di essere root
-if [ "$EUID" -ne 0 ]; then 
-    echo "ERRORE: Esegui come root (sudo)"
-    exit 1
-fi
-
-# Verifica directory
-if [ ! -d "$CUSTOM_DIR" ]; then
-    echo "ERRORE: $CUSTOM_DIR non esiste"
-    exit 1
-fi
-
-if [ ! -d "$SYSTEM_DIR" ]; then
-    echo "ERRORE: $SYSTEM_DIR non esiste"
-    exit 1
-fi
-
-# Lista moduli
-MODULES=(
-    "00debug-shell"
-    "90block"
-    "95iso-scan"
-    "95luks"
-    "95luks-loop"
-)
-
-echo "Creazione symlink..."
-for module in "${MODULES[@]}"; do
-    SOURCE="$CUSTOM_DIR/$module"
-    TARGET="$SYSTEM_DIR/$module"
-    
-    if [ ! -d "$SOURCE" ]; then
-        echo "  [SKIP] $module - non trovato"
-        continue
-    fi
-    
-    # Rimuovi esistente
-    if [ -e "$TARGET" ] || [ -L "$TARGET" ]; then
-        rm -rf "$TARGET"
-    fi
-    
-    # Crea symlink
-    ln -sf "$SOURCE" "$TARGET"
-    echo "  [OK] $module"
-done
-
-echo ""
-echo "Verifica symlink creati:"
-ls -la "$SYSTEM_DIR" | grep -E "(debug-shell|90block|iso-scan|95luks)"
-
-echo ""
-echo "Test dracut --list-modules:"
-dracut --list-modules 2>&1 | grep -E "(debug-shell|90block|iso-scan|95luks)" || echo "  ATTENZIONE: moduli non ancora visibili"
-
-echo ""
-echo "=== Completato ==="
-

package/dracut/dracut-log.txt

@@ -1,3 +0,0 @@
-dracut[I]: Executing: /usr/bin/dracut --force --confdir /usr/lib/penguins-eggs/dracut/dracut.conf.d --kmoddir /lib/modules/6.12.48+deb13-amd64 /home/eggs/iso/live/initrd.img-6.12.48+deb13-amd64 6.12.48+deb13-amd64
-dracut[I]: 62bluetooth: Could not find any command of '/usr/lib/bluetooth/bluetoothd /usr/libexec/bluetooth/bluetoothd'!
-dracut[E]: Module '90block' cannot be found.

package/dracut/export

@@ -1,4 +0,0 @@
-./export-dracut-analysis /usr/lib/penguins-eggs/dracut/modules.d /usr/lib/penguins-eggs/dracut/dracut.conf.d
-scp dracut-analisys.txt artisan@192.168.1.2:/home/artisan
-scp /home/eggs/iso/egg-of_debian-trixie-* artisan@192.168.1.2:/home/artisan/dracut-log.txt
-rm dracut-analisys.txt

package/dracut/export-dracut-analysis

@@ -1,51 +0,0 @@
-#!/bin/bash
-
-# Script per consolidare il contenuto di più directory di configurazione Dracut
-# in un unico file di testo.
-
-# --- Impostazioni ---
-OUTPUT_FILE="dracut-analysis.txt"
-
-# --- Logica dello Script ---
-
-# Controlla se è stato fornito almeno un percorso come argomento
-if [ "$#" -eq 0 ]; then
-  echo "ERRORE: Devi specificare almeno un percorso di directory."
-  echo "Uso: $0 <percorso_dir_1> [<percorso_dir_2> ...]"
-  echo "Esempio: $0 ./modules.d ./dracut.conf.d"
-  exit 1
-fi
-
-# Pulisce il file di output se esiste già e scrive l'intestazione
-echo "--- INIZIO ANALISI CONFIGURAZIONE DRACUT ---" > "$OUTPUT_FILE"
-echo "" >> "$OUTPUT_FILE"
-
-# Itera su tutte le directory passate come argomenti
-for TARGET_DIR in "$@"; do
-  # Controlla se il percorso fornito è una directory valida
-  if [ ! -d "$TARGET_DIR" ]; then
-    echo "ATTENZIONE: '$TARGET_DIR' non è una directory valida o non esiste. Verrà saltata."
-    continue # Salta questo argomento e passa al successivo
-  fi
-
-  # Aggiunge un'intestazione per la directory corrente nel file di output
-  echo "##################################################" >> "$OUTPUT_FILE"
-  echo "### CONTENUTO DIRECTORY: ${TARGET_DIR}" >> "$OUTPUT_FILE"
-  echo "##################################################" >> "$OUTPUT_FILE"
-  echo "" >> "$OUTPUT_FILE"
-
-  # Trova tutti i file nella directory corrente e aggiunge il loro contenuto al file
-  find "$TARGET_DIR" -type f | sort | while read -r filepath; do
-    echo "==================================================" >> "$OUTPUT_FILE"
-    echo "### FILE: ${filepath}" >> "$OUTPUT_FILE"
-    echo "==================================================" >> "$OUTPUT_FILE"
-    echo '```' >> "$OUTPUT_FILE"
-    cat "$filepath" >> "$OUTPUT_FILE"
-    echo '```' >> "$OUTPUT_FILE"
-    echo "" >> "$OUTPUT_FILE"
-  done
-done
-
-echo "--- FINE ANALISI CONFIGURAZIONE DRACUT ---" >> "$OUTPUT_FILE"
-
-echo "✅ Fatto! L'analisi combinata è stata salvata nel file: $OUTPUT_FILE"

package/dracut/export-dracut-log

@@ -1,2 +0,0 @@
-scp /home/eggs/iso/egg-of_debian-trixie-* artisan@192.168.1.2:/home/artisan
-

package/dracut/mkisofs

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-if [[ $(id -u) -ne 0 ]]; then
-    echo "Errore: Questo script deve essere eseguito come root o con sudo." >&2
-    exit 1
-fi
-
-rm /home/eggs/.mnt/*.iso
-/home/eggs/ovarium/mkisofs
-

package/dracut/renew-initramfs

@@ -1,17 +0,0 @@
-#!/bin/bash
-
-if [[ $(id -u) -ne 0 ]]; then
-    echo "Errore: Questo script deve essere eseguito come root o con sudo." >&2
-    exit 1
-fi
-
-LOG="./dracut-log.txt"
-CONFDIR="/usr/lib/penguins-eggs/dracut/dracut.conf.d"
-LIVE="/home/eggs/iso/live"
-
-dracut --force \
-        --confdir $CONFDIR \
-        --kmoddir /lib/modules/6.12.48+deb13-amd64 \
-        $LIVE/initrd.img-6.12.48+deb13-amd64 6.12.48+deb13-amd64 2>&1| tee $LOG 
-
-scp $LOG artisan@192.168.1.2:/home/artisan

package/dracut/sbin2bin

@@ -1,10 +0,0 @@
-# Crea i collegamenti simbolici
-sudo ln -s /usr/sbin/cryptsetup /usr/bin/cryptsetup
-sudo ln -s /usr/sbin/losetup /usr/bin/losetup
-#sudo ln -s /usr/sbin/lsblk /usr/bin/lsblk già esiste
-
-# Nota: il log mostra anche altri comandi, potrebbero servire anche questi
-#sudo ln -s /bin/mount /usr/bin/mount # mount potrebbe essere in /bin
-#sudo ln -s /bin/umount /usr/bin/umount # umount potrebbe essere in /bin
-#sudo ln -s /usr/bin/find /usr/bin/find # find è già al posto giusto, di solito
-#sudo ln -s /bin/cat /usr/bin/cat # cat è già al posto giusto, di solito

package/dracut/update-dracut-conf-d

@@ -1,2 +0,0 @@
-#!/bin/bash
-sudo cp dracut.conf.d/*.conf /usr/lib/penguins-eggs/dracut/dracut.conf.d/

package/dracut/update-dracut-modules

@@ -1,62 +0,0 @@
-#!/bin/bash
-
-MODULES_TO_REPLACE=("00debug-shell" "90block" "95iso-scan" "95luks" "95luks-loop")
-              
-
-DRACUT_MODULES_DIR="/usr/lib/penguins-eggs/dracut/modules.d"
-SOURCE_MODULES_DIR="$(dirname "$0")/modules.d"
-
-
-# --- FUNZIONE PRINCIPALE ---
-main() {
-    echo "ATTENZIONE: adesso aggiorn $DRACUT_MODULES_DIR"
-
-    # 1. Controllo dei permessi
-    # Lo script deve essere eseguito come root per poter scrivere in /usr/lib
-    if [[ $(id -u) -ne 0 ]]; then
-       echo "Errore: Questo script deve essere eseguito come root o con sudo." >&2
-       exit 1
-    fi
-
-    # 2. Verifica che la cartella di origine esista
-    if [[ ! -d "$SOURCE_MODULES_DIR" ]]; then
-        echo "Errore: La directory di origine '$SOURCE_MODULES_DIR' non è stata trovata." >&2
-        exit 1
-    fi
-
-    echo "Avvio della sostituzione dei moduli Dracut..."
-
-    # 3. Ciclo for per ogni modulo nell'array
-    for module_name in "${MODULES_TO_REPLACE[@]}"; do
-        local dest_path="$DRACUT_MODULES_DIR/$module_name"
-        local source_path="$SOURCE_MODULES_DIR/$module_name"
-
-        echo "--- Elaborazione del modulo: $module_name ---"
-
-        # Controlla se il modulo di origine esiste prima di procedere
-        if [[ ! -d "$source_path" ]]; then
-            echo "Attenzione: Il modulo '$source_path' non esiste nella cartella di origine. Salto."
-            continue
-        fi
-
-        # Rimuovi la vecchia versione del modulo, se esiste
-        if [[ -d "$dest_path" ]]; then
-            echo "Rimuovendo la vecchia versione: $dest_path"
-            rm -rf "$dest_path"
-        fi
-
-        # Copia la nuova versione del modulo
-        echo "Copiando la nuova versione da: $source_path"
-        cp -r "$source_path" "$DRACUT_MODULES_DIR/"
-
-        echo "Modulo '$module_name' aggiornato con successo."
-        echo "------------------------------------"
-    done
-
-
-    echo "Operazione completata."
-    echo "Ricorda di rigenerare l'initramfs con 'dracut -f' o un comando simile."
-}
-
-# Esegui la funzione principale
-main