penguins-eggs 25.12.15 → 25.12.16

package/dist/classes/ovary.d/luks-home-support-systemd.d.ts

@@ -0,0 +1,12 @@
+/**
+ * ./src/classes/ovary.d/luks-home-support.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+import Ovary from '../ovary.js';
+/**
+ * Installa i file necessari per sbloccare home.img LUKS durante il boot
+ */
+export declare function installHomecryptSupport(this: Ovary, squashfsRoot: string, homeImgPath: string): void;

package/dist/classes/ovary.d/luks-home-support-systemd.js

@@ -0,0 +1,70 @@
+/**
+ * ./src/classes/ovary.d/luks-home-support.ts
+ * penguins-eggs v.25.10.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ */
+// packages
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { dirname } from 'path';
+import Utils from '../utils.js';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Installa i file necessari per sbloccare home.img LUKS durante il boot
+ */
+export function installHomecryptSupport(squashfsRoot, homeImgPath) {
+    Utils.warning('installing encrypted home support...');
+    // console.log("squashfsRoot:", squashfsRoot)
+    // console.log("homeImgPath:", homeImgPath)
+    // Leggi il template bash
+    const templatePath = path.join(__dirname, '../../../scripts/mount-encrypted-home.sh');
+    let bashScript = fs.readFileSync(templatePath, 'utf8');
+    // Sostituisci il placeholder con il path reale
+    bashScript = bashScript.replace('__HOME_IMG_PATH__', homeImgPath);
+    // Systemd service
+    const systemdService = `[Unit]
+Description=Unlock and mount encrypted home.img
+DefaultDependencies=no
+After=systemd-udev-settle.service local-fs-pre.target
+Before=local-fs.target display-manager.service
+ConditionPathExists=${homeImgPath}
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+StandardInput=tty
+StandardOutput=journal+console
+StandardError=journal+console
+TTYPath=/dev/console
+TTYReset=yes
+TTYVHangup=yes
+ExecStart=/usr/local/bin/mount-encrypted-home.sh
+ExecStop=/bin/bash -c 'umount /home && cryptsetup close live-home'
+
+[Install]
+WantedBy=local-fs.target
+`;
+    // Percorsi di destinazione
+    const scriptPath = path.join(squashfsRoot, 'usr/local/bin/mount-encrypted-home.sh');
+    const servicePath = path.join(squashfsRoot, 'etc/systemd/system/mount-encrypted-home.service');
+    const symlinkDir = path.join(squashfsRoot, 'etc/systemd/system/local-fs.target.wants');
+    const symlinkPath = path.join(symlinkDir, 'mount-encrypted-home.service');
+    // Create dirs
+    fs.mkdirSync(path.dirname(scriptPath), { recursive: true });
+    fs.mkdirSync(path.dirname(servicePath), { recursive: true });
+    fs.mkdirSync(symlinkDir, { recursive: true });
+    // Scrivi lo script
+    fs.writeFileSync(scriptPath, bashScript);
+    fs.chmodSync(scriptPath, 0o755);
+    // Scrivi il service
+    fs.writeFileSync(servicePath, systemdService);
+    // Crea il symlink per abilitare il service
+    if (fs.existsSync(symlinkPath)) {
+        fs.unlinkSync(symlinkPath);
+    }
+    fs.symlinkSync('../mount-encrypted-home.service', symlinkPath);
+}

package/dist/classes/ovary.d/luks-home-support.d.ts

@@ -8,5 +8,6 @@
 import Ovary from '../ovary.js';
 /**
  * Installa i file necessari per sbloccare home.img LUKS durante il boot
+ * Supporta sia Systemd (Debian/Ubuntu) che SysVinit (Devuan)
  */
 export declare function installHomecryptSupport(this: Ovary, squashfsRoot: string, homeImgPath: string): void;

package/dist/classes/ovary.d/luks-home-support.js

@@ -15,18 +15,23 @@ const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 /**
  * Installa i file necessari per sbloccare home.img LUKS durante il boot
+ * Supporta sia Systemd (Debian/Ubuntu) che SysVinit (Devuan)
  */
 export function installHomecryptSupport(squashfsRoot, homeImgPath) {
     Utils.warning('installing encrypted home support...');
-    // console.log("squashfsRoot:", squashfsRoot)
-    // console.log("homeImgPath:", homeImgPath)
-    // Leggi il template bash
+    // 1. PREPARAZIONE SCRIPT DI MONTAGGIO (Il "Motore")
     const templatePath = path.join(__dirname, '../../../scripts/mount-encrypted-home.sh');
     let bashScript = fs.readFileSync(templatePath, 'utf8');
-    // Sostituisci il placeholder con il path reale
     bashScript = bashScript.replace('__HOME_IMG_PATH__', homeImgPath);
-    // Systemd service
-    const systemdService = `[Unit]
+    const mountScriptPath = path.join(squashfsRoot, 'usr/local/bin/mount-encrypted-home.sh');
+    fs.mkdirSync(path.dirname(mountScriptPath), { recursive: true });
+    fs.writeFileSync(mountScriptPath, bashScript);
+    fs.chmodSync(mountScriptPath, 0o755);
+    // ---------------------------------------------------------
+    // RAMO SYSTEMD (Invariato - funziona bene con i .service)
+    // ---------------------------------------------------------
+    if (Utils.isSystemd()) {
+        const systemdService = `[Unit]
 Description=Unlock and mount encrypted home.img
 DefaultDependencies=no
 After=systemd-udev-settle.service local-fs-pre.target
@@ -48,23 +53,95 @@ ExecStop=/bin/bash -c 'umount /home && cryptsetup close live-home'
 [Install]
 WantedBy=local-fs.target
 `;
-    // Percorsi di destinazione
-    const scriptPath = path.join(squashfsRoot, 'usr/local/bin/mount-encrypted-home.sh');
-    const servicePath = path.join(squashfsRoot, 'etc/systemd/system/mount-encrypted-home.service');
-    const symlinkDir = path.join(squashfsRoot, 'etc/systemd/system/local-fs.target.wants');
-    const symlinkPath = path.join(symlinkDir, 'mount-encrypted-home.service');
-    // Create dirs
-    fs.mkdirSync(path.dirname(scriptPath), { recursive: true });
-    fs.mkdirSync(path.dirname(servicePath), { recursive: true });
-    fs.mkdirSync(symlinkDir, { recursive: true });
-    // Scrivi lo script
-    fs.writeFileSync(scriptPath, bashScript);
-    fs.chmodSync(scriptPath, 0o755);
-    // Scrivi il service
-    fs.writeFileSync(servicePath, systemdService);
-    // Crea il symlink per abilitare il service
-    if (fs.existsSync(symlinkPath)) {
-        fs.unlinkSync(symlinkPath);
+        const servicePath = path.join(squashfsRoot, 'etc/systemd/system/mount-encrypted-home.service');
+        const symlinkDir = path.join(squashfsRoot, 'etc/systemd/system/local-fs.target.wants');
+        const symlinkPath = path.join(symlinkDir, 'mount-encrypted-home.service');
+        fs.mkdirSync(path.dirname(servicePath), { recursive: true });
+        fs.mkdirSync(symlinkDir, { recursive: true });
+        fs.writeFileSync(servicePath, systemdService);
+        if (fs.existsSync(symlinkPath))
+            fs.unlinkSync(symlinkPath);
+        fs.symlinkSync('../mount-encrypted-home.service', symlinkPath);
+    }
+    // ---------------------------------------------------------
+    // RAMO SYSVINIT (DEVUAN) - METODO INITTAB HIJACK
+    // ---------------------------------------------------------
+    else if (Utils.isSysvinit()) {
+        Utils.warning('Configuring SysVinit via /etc/inittab hijacking (Persistent Method)...');
+        // A. Creiamo un Wrapper Script che fa: Sblocco -> Poi lancia Login
+        // Questo script prenderà il posto di 'agetty' su tty1
+        const wrapperScript = `#!/bin/sh
+# Wrapper per sbloccare la home prima del login su TTY1
+
+# 1. Setup ambiente minimale
+export TERM=linux
+export PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+# 2. Pulizia schermo e stop Plymouth
+clear
+if [ -x /bin/plymouth ] && /bin/plymouth --ping; then
+    /bin/plymouth quit
+fi
+
+# 3. Attesa dispositivi (importante per USB)
+echo "Waiting for devices..."
+/sbin/udevadm settle
+
+# 4. Esecuzione script di sblocco
+echo "------------------------------------------------"
+echo " CHECKING ENCRYPTED HOME STORAGE"
+echo "------------------------------------------------"
+/usr/local/bin/mount-encrypted-home.sh
+
+# 5. Controllo esito (visivo)
+if mountpoint -q /home; then
+    echo ">> Home mounted successfully."
+    sleep 1
+else
+    echo ">> Home NOT mounted. Continuing unencrypted..."
+    sleep 2
+fi
+
+# 6. LANCIO DEL VERO LOGIN (Sostituisce questo processo)
+# Nota: --noclear evita di cancellare i messaggi di errore precedenti
+exec /sbin/agetty --noclear tty1 linux
+`;
+        const wrapperPath = path.join(squashfsRoot, 'usr/local/bin/tty1-unlock-wrapper.sh');
+        fs.writeFileSync(wrapperPath, wrapperScript);
+        fs.chmodSync(wrapperPath, 0o755);
+        // B. Modifichiamo /etc/inittab per usare il nostro wrapper
+        const inittabPath = path.join(squashfsRoot, 'etc/inittab');
+        if (fs.existsSync(inittabPath)) {
+            let content = fs.readFileSync(inittabPath, 'utf8');
+            // La riga standard è solitamente: 1:2345:respawn:/sbin/getty 38400 tty1
+            // Oppure su Devuan: 1:2345:respawn:/sbin/agetty --noclear tty1 linux
+            // Cerchiamo qualsiasi riga che inizia con "1:" (tty1)
+            const regexTTY1 = /^1:.*$/m;
+            // La nuova riga che lancia il nostro wrapper invece di agetty diretto
+            const newLine = `1:2345:respawn:/usr/local/bin/tty1-unlock-wrapper.sh`;
+            if (regexTTY1.test(content)) {
+                content = content.replace(regexTTY1, newLine);
+                Utils.warning('Patched /etc/inittab to run home unlock on TTY1');
+            }
+            else {
+                // Se non la trova, la aggiungiamo in fondo (caso raro ma possibile)
+                content += `\n${newLine}\n`;
+            }
+            fs.writeFileSync(inittabPath, content);
+        }
+        // C. Pulizia vecchi tentativi (Rimuoviamo script init.d se presenti per evitare conflitti)
+        const badSymlinks = [
+            path.join(squashfsRoot, 'etc/rcS.d/S05mount-encrypted-home'),
+            path.join(squashfsRoot, 'etc/rcS.d/S20mount-encrypted-home'),
+            path.join(squashfsRoot, 'etc/rc2.d/S02mount-encrypted-home')
+        ];
+        badSymlinks.forEach(link => {
+            if (fs.existsSync(link))
+                fs.unlinkSync(link);
+        });
+        // Rimuoviamo anche lo script init.d stesso se esiste, non serve più
+        const initdFile = path.join(squashfsRoot, 'etc/init.d/mount-encrypted-home');
+        if (fs.existsSync(initdFile))
+            fs.unlinkSync(initdFile);
     }
-    fs.symlinkSync('../mount-encrypted-home.service', symlinkPath);
 }

package/dist/krill/classes/prepare.js

@@ -231,11 +231,15 @@ export default class Krill {
             oPartitions.installationMode = InstallationMode.Luks;
         // Set default installation device if empty
         if (oPartitions.installationDevice === '') {
-            const drives = shx.exec('lsblk |grep disk|cut -f 1 "-d "', { silent: true }).stdout.trim().split('\n');
+            const cmd = `lsblk -d -n -p -o NAME,RM,RO,TYPE | awk '$2 == 0 && $3 == 0 && $4 == "disk" {print $1}'`;
+            const result = shx.exec(cmd, { silent: true }).stdout.trim();
+            const drives = result ? result.split('\n') : [];
             if (drives.length > 0) {
-                oPartitions.installationDevice = `/dev/` + drives[0];
+                oPartitions.installationDevice = drives[0];
             }
             else {
+                console.error("[Krll] No suitable disc found for installation. Debug info:");
+                shx.exec('lsblk -o NAME,RM,RO,TYPE,SIZE,MODEL', { silent: false });
                 throw new Error("Unable to find installation drive");
             }
         }

package/dist/krill/classes/sequence.d/remove-homecrypt-hack.d.ts

@@ -0,0 +1,13 @@
+/**
+ * ./src/krill/modules/remove-installer-link.ts
+ * penguins-eggs v.25.7.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ * https://stackoverflow.com/questions/23876782/how-do-i-split-a-typescript-class-into-multiple-files
+ */
+import Sequence from '../sequence.js';
+/**
+ * removeHomecryptHack
+ */
+export default function removeHomecryptHack(this: Sequence): Promise<void>;

package/dist/krill/classes/sequence.d/remove-homecrypt-hack.js

@@ -0,0 +1,65 @@
+/**
+ * ./src/krill/modules/remove-installer-link.ts
+ * penguins-eggs v.25.7.x / ecmascript 2020
+ * author: Piero Proietti
+ * email: piero.proietti@gmail.com
+ * license: MIT
+ * https://stackoverflow.com/questions/23876782/how-do-i-split-a-typescript-class-into-multiple-files
+ */
+import fs from 'node:fs';
+import path from 'path';
+/**
+ * removeHomecryptHack
+ */
+export default async function removeHomecryptHack() {
+    const targetRoot = this.installTarget;
+    // -------------------------------------------------------
+    // 1. PULIZIA SYSVINIT (Critica per il boot)
+    // -------------------------------------------------------
+    const inittabPath = path.join(targetRoot, 'etc/inittab');
+    if (fs.existsSync(inittabPath)) {
+        let content = fs.readFileSync(inittabPath, 'utf8');
+        // Cerca la riga modificata dal nostro hack
+        const hackRegex = /^1:.*tty1-unlock-wrapper\.sh.*$/m;
+        // Ripristina la riga standard (adatta questa stringa se usi parametri diversi per agetty)
+        const standardLine = '1:2345:respawn:/sbin/agetty --noclear tty1 linux';
+        if (hackRegex.test(content)) {
+            content = content.replace(hackRegex, standardLine);
+            fs.writeFileSync(inittabPath, content);
+            // console.log('- Restored standard inittab entry')
+        }
+    }
+    // -------------------------------------------------------
+    // 2. PULIZIA SYSTEMD (Cosmetica / Best Practice)
+    // -------------------------------------------------------
+    // Anche se non rompe il boot, rimuoviamo i file inutili
+    const systemdFiles = [
+        'etc/systemd/system/mount-encrypted-home.service',
+        'etc/systemd/system/local-fs.target.wants/mount-encrypted-home.service'
+    ];
+    systemdFiles.forEach(fileRelPath => {
+        const fullPath = path.join(targetRoot, fileRelPath);
+        if (fs.existsSync(fullPath)) {
+            try {
+                fs.unlinkSync(fullPath);
+            }
+            catch (e) { /* ignore */ }
+        }
+    });
+    // -------------------------------------------------------
+    // 3. RIMOZIONE SCRIPT COMUNI
+    // -------------------------------------------------------
+    const scriptFiles = [
+        'usr/local/bin/tty1-unlock-wrapper.sh',
+        'usr/local/bin/mount-encrypted-home.sh'
+    ];
+    scriptFiles.forEach(fileRelPath => {
+        const fullPath = path.join(targetRoot, fileRelPath);
+        if (fs.existsSync(fullPath)) {
+            try {
+                fs.unlinkSync(fullPath);
+            }
+            catch (e) { /* ignore */ }
+        }
+    });
+}

package/dist/krill/classes/sequence.d.ts

@@ -32,6 +32,7 @@ import grubcfg from './sequence.d/grubcfg.js';
 import bootloader from './sequence.d/bootloader.js';
 import packages from './sequence.d/packages.js';
 import removeInstallerLink from './sequence.d/remove_installer_link.js';
+import removeHomecryptHack from './sequence.d/remove-homecrypt-hack.js';
 import initramfsCfg from './sequence.d/initramfs_cfg.js';
 import initramfs from './sequence.d/initramfs.js';
 import delLiveUser from './sequence.d/del_live_user.js';
@@ -63,6 +64,7 @@ export default class Sequence {
     bootloader: typeof bootloader;
     packages: typeof packages;
     removeInstallerLink: typeof removeInstallerLink;
+    removeHomecryptHack: typeof removeHomecryptHack;
     initramfsCfg: typeof initramfsCfg;
     initramfs: typeof initramfs;
     delLiveUser: typeof delLiveUser;

package/dist/krill/classes/sequence.js

@@ -44,6 +44,7 @@ import grubcfg from './sequence.d/grubcfg.js';
 import bootloader from './sequence.d/bootloader.js';
 import packages from './sequence.d/packages.js';
 import removeInstallerLink from './sequence.d/remove_installer_link.js';
+import removeHomecryptHack from './sequence.d/remove-homecrypt-hack.js';
 import initramfsCfg from './sequence.d/initramfs_cfg.js';
 import initramfs from './sequence.d/initramfs.js';
 import delLiveUser from './sequence.d/del_live_user.js';
@@ -79,6 +80,7 @@ export default class Sequence {
     bootloader = bootloader;
     packages = packages;
     removeInstallerLink = removeInstallerLink;
+    removeHomecryptHack = removeHomecryptHack;
     initramfsCfg = initramfsCfg;
     initramfs = initramfs;
     delLiveUser = delLiveUser;
@@ -300,13 +302,16 @@ export default class Sequence {
                 let restoreHomeCrypt = path.resolve(__dirname, '../../../scripts/restore_homecrypt_krill.sh');
                 await exec(`${restoreHomeCrypt} ${this.cryptedHomeDevice} ${this.installTarget}`);
             });
+            await this.executeStep("Remove Homecrypt hack", 91, async () => {
+                await this.removeHomecryptHack();
+            });
         }
         // 13. Custom final steps
         const cfs = new CFS();
         const steps = await cfs.steps();
         if (steps.length > 0) {
             for (const step of steps) {
-                await this.executeStep(`running ${step}`, 91, () => this.execCalamaresModule(step));
+                await this.executeStep(`running ${step}`, 92, () => this.execCalamaresModule(step));
             }
         }
         // 14- Handle chroot if requested