Skip to content

szorfein/getch

Repository files navigation

Getch


Gem Version GitHub Workflow Status (branch) Ruby Style Guide GitHub

A CLI tool to install Gentoo (by compiling or in binary) or Void Linux with default:

  • DNS over HTTPS (with Quad9).
  • Vim | Nano installed.
  • Iptables installed (not configured).
  • Sudo installed (not configured).
  • iwd installed if wifi is detected.
  • No GUI installed.

Hardened System:

  • sysctl.conf with TCP/IP stack hardening and more Arch
  • Kernel parameters enforced (dmesg restricted, kexec disabled, etc)
  • Kernel source (Gentoo) patched with bask.
  • Musl optionnal

Description

Actually, Getch support only the x86_64 architecture with the following archives:

  • Gentoo: stage3-amd64-systemd or stage3-amd64-musl Gentoo.
  • Void: rootfs tarball glibc or rootfs tarball musl Void.

Filesystem supported (with or without encryption)

  • Ext4
  • Lvm
  • ZFS

Boot Manager:

  • Gentoo: Grub2 except on systemd without encryption.
  • Void: use only Grub2.

The ISO images i was able to test and that works:

You can also use your current linux host, just pay attention to the disk that will be used.

Dependencies

Getch is build without external libs, so it only require ruby >= 2.6.

On a live image of Void, you need to install xbps-install -S ruby xz gptfdisk openssl.

Install

Getch is cryptographically signed, so add my public key (if you haven’t already) as a trusted certificate.
With gem installed:

$ gem cert --add <(curl -Ls https://raw.githubusercontent.com/szorfein/getch/master/certs/szorfein.pem)
$ gem install getch -P HighSecurity

If you want to try from the source:

# git clone https://github.com/szorfein/getch
# cd getch
# ruby -I lib bin/getch -h

Usage

Just ensure than the script is run with a root account.

# getch -h

After an install by Getch, take a look on the wiki.

Examples

For a french user on Gentoo:

# getch --disk sda --zoneinfo "Europe/Paris" --language fr_FR --keymap fr

Install Gentoo on LVM and use a different root disk /dev/vdc

# getch --disk vdc --format ext4 --lvm

Encrypt your disk with LVM with a french keymap and in binary mode:

# getch --disk sda --format ext4 --lvm --encrypt --keymap fr --binary

Encrypt with ext4 and create a new user ninja:

# getch --disk vda --format ext4 --encrypt --username ninja

Change size of root in Gb (default 16 on lvm), swap in Mb (default use your current total ram) with lvm.

# getch --disk sda -o void --lvm --root-size 10 --swap-size 4096

With ZFS, if used with --encrypt, it use the native ZFS encryption:

# getch --disk vda --format zfs

With Void Linux and Musl enable:

# getch --disk sda --os void --encrypt -k fr --musl

Troubleshooting

Old VG for LVM

If a old volume group exist, getch may fail to partition your disk. You have to clean up your device before proceed with vgremove and pvremove. An short example how doing this with a volume group named vg0:

# vgdisplay | grep vg
# vgremove -f vg0
# pvremove -f /dev/sdb

Encryption with GRUB

To decrypt your disk on GRUB, only the us keymap is working for now.

ZFS with Grub

By default, if you use ZFS with musl or voidlinux the /boot partition is not mounted automatically, so before an update, mout the partition.

# zpool status
# zfs mount bpool/BOOT/void
# ls /boot

ZFS with and without encryption

First time on ZFS after 5min

dracut Warning: /dev/disk/by-uuid/<DISK> does not exist

Dracut try to mount inexistent device. Just wait for enter in the shell and remove the disk uuid from /lib/dracut/hooks/initqueue/finished/

# ls /lib/dracut/hooks/initqueue/finished/*
# rm /lib/dracut/hooks/initqueue/finished/dev*
# exit

Dracut should finally start mount-zfs.sh and ask for a password if encrypted. After you first login, mount the /boot partition and recompile the initramfs and your good.

  • For Gentoo: emerge --config sys-kernel/gentoo-kernel-bin
  • For Voidlinux: xbps-reconfigure -fa

If it doesn't work, try to start script manually (always in the shell):

# . /lib/dracut/hooks/mount/98-mount-zsh.sh
# . /lib/dracut/hooks/mount/99-mount-root.sh
# exit