🧹 move luks into gucc

This commit is contained in:
Vladislav Nepogodin 2024-06-26 21:14:24 +04:00
parent 51a6f7897a
commit 5ff8b590fc
No known key found for this signature in database
GPG Key ID: B62C3D10C54D5DA9
6 changed files with 66 additions and 13 deletions

View File

@ -16,6 +16,7 @@ add_library(${PROJECT_NAME} SHARED
src/cpu.cpp include/gucc/cpu.hpp src/cpu.cpp include/gucc/cpu.hpp
src/pacmanconf_repo.cpp include/gucc/pacmanconf_repo.hpp src/pacmanconf_repo.cpp include/gucc/pacmanconf_repo.hpp
src/initcpio.cpp include/gucc/initcpio.hpp src/initcpio.cpp include/gucc/initcpio.hpp
src/luks.cpp include/gucc/luks.hpp
#src/chwd_profiles.cpp src/chwd_profiles.hpp #src/chwd_profiles.cpp src/chwd_profiles.hpp
#src/disk.cpp src/disk.hpp #src/disk.cpp src/disk.hpp
) )

View File

@ -0,0 +1,14 @@
#ifndef LUKS_HPP
#define LUKS_HPP
#include <string_view> // for string_view
namespace gucc::crypto {
auto luks1_open(std::string_view luks_pass, std::string_view partition, std::string_view luks_name) noexcept -> bool;
auto luks1_format(std::string_view luks_pass, std::string_view partition, std::string_view additional_flags = {}) noexcept -> bool;
auto luks1_add_key(std::string_view dest_file, std::string_view partition, std::string_view additional_flags = {}) noexcept -> bool;
} // namespace gucc::crypto
#endif // LUKS_HPP

View File

@ -6,6 +6,7 @@ gucc_lib = library('gucc',
'src/cpu.cpp', 'src/cpu.cpp',
'src/pacmanconf_repo.cpp', 'src/pacmanconf_repo.cpp',
'src/initcpio.cpp', 'src/initcpio.cpp',
'src/luks.cpp',
], ],
include_directories : [include_directories('include')], include_directories : [include_directories('include')],
dependencies: deps dependencies: deps

24
gucc/src/luks.cpp Normal file
View File

@ -0,0 +1,24 @@
#include "gucc/luks.hpp"
#include "gucc/io_utils.hpp"
#include <fmt/compile.h>
#include <fmt/format.h>
namespace gucc::crypto {
auto luks1_open(std::string_view luks_pass, std::string_view partition, std::string_view luks_name) noexcept -> bool {
auto cmd = fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup open --type luks1 {} {} &>/dev/null"), luks_pass, partition, luks_name);
return utils::exec(cmd, true) == "0";
}
auto luks1_format(std::string_view luks_pass, std::string_view partition, std::string_view additional_flags) noexcept -> bool {
auto cmd = fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup -q {} --type luks1 luksFormat {} &>/dev/null"), luks_pass, additional_flags, partition);
return utils::exec(cmd, true) == "0";
}
auto luks1_add_key(std::string_view dest_file, std::string_view partition, std::string_view additional_flags) noexcept -> bool {
auto cmd = fmt::format(FMT_COMPILE("cryptsetup -q {} luksAddKey {} {} &>/dev/null"), additional_flags, partition, dest_file);
return utils::exec(cmd, true) == "0";
}
} // namespace gucc::crypto

View File

@ -5,6 +5,7 @@
// import gucc // import gucc
#include "gucc/io_utils.hpp" #include "gucc/io_utils.hpp"
#include "gucc/luks.hpp"
#include "gucc/string_utils.hpp" #include "gucc/string_utils.hpp"
#include <fmt/compile.h> #include <fmt/compile.h>
@ -112,7 +113,11 @@ bool luks_open() noexcept {
// show the error // show the error
detail::infobox_widget("\nPlease wait...\n"); detail::infobox_widget("\nPlease wait...\n");
#ifdef NDEVENV #ifdef NDEVENV
detail::follow_process_log_widget({"/bin/sh", "-c", fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup open --type luks {} {}"), luks_password, partition, luks_root_name)}); if (!gucc::crypto::luks1_open(luks_password, partition, luks_root_name)) {
spdlog::error("Failed to open luks1 partition {} with name {}", partition, luks_root_name);
detail::msgbox_widget("\nFailed to open luks1 partition\n");
return false;
}
#endif #endif
const auto& devlist = gucc::utils::exec(fmt::format(FMT_COMPILE("lsblk -o NAME,TYPE,FSTYPE,SIZE,MOUNTPOINT {} | grep \"crypt\\|NAME\\|MODEL\\|TYPE\\|FSTYPE\\|SIZE\""), partition)); const auto& devlist = gucc::utils::exec(fmt::format(FMT_COMPILE("lsblk -o NAME,TYPE,FSTYPE,SIZE,MOUNTPOINT {} | grep \"crypt\\|NAME\\|MODEL\\|TYPE\\|FSTYPE\\|SIZE\""), partition));
@ -160,15 +165,21 @@ void luks_encrypt([[maybe_unused]] const std::string_view& command) noexcept {
const auto& luks_root_name = std::get<std::string>(config_data["LUKS_ROOT_NAME"]); const auto& luks_root_name = std::get<std::string>(config_data["LUKS_ROOT_NAME"]);
const auto& luks_password = std::get<std::string>(config_data["PASSWD"]); const auto& luks_password = std::get<std::string>(config_data["PASSWD"]);
detail::follow_process_log_widget({"/bin/sh", "-c", fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup -q {} {}"), luks_password, command, partition)}); if (!gucc::crypto::luks1_format(luks_password, partition, command)) {
spdlog::error("Failed to format luks1 partition {} with additional flags {}", partition, command);
detail::msgbox_widget("\nFailed to format luks1 partition\n");
}
// Now open the encrypted partition or LV // Now open the encrypted partition or LV
detail::follow_process_log_widget({"/bin/sh", "-c", fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup open {} {}"), luks_password, partition, luks_root_name)}); if (!gucc::crypto::luks1_open(luks_password, partition, luks_root_name)) {
spdlog::error("Failed to open luks1 partition {} with name {}", partition, luks_root_name);
detail::msgbox_widget("\nFailed to open luks1 partition\n");
}
#endif #endif
} }
void luks_default() noexcept { void luks_default() noexcept {
tui::luks_encrypt("--type luks1 luksFormat"); tui::luks_encrypt("");
} }
bool luks_key_define() noexcept { bool luks_key_define() noexcept {
@ -183,7 +194,7 @@ bool luks_key_define() noexcept {
} }
void luks_express() noexcept { void luks_express() noexcept {
tui::luks_encrypt("--pbkdf-force-iterations 200000 --type luks1 luksFormat"); tui::luks_encrypt("--pbkdf-force-iterations 200000");
} }
void luks_show() noexcept { void luks_show() noexcept {

View File

@ -10,6 +10,7 @@
#include "gucc/file_utils.hpp" #include "gucc/file_utils.hpp"
#include "gucc/initcpio.hpp" #include "gucc/initcpio.hpp"
#include "gucc/io_utils.hpp" #include "gucc/io_utils.hpp"
#include "gucc/luks.hpp"
#include "gucc/pacmanconf_repo.hpp" #include "gucc/pacmanconf_repo.hpp"
#include "gucc/string_utils.hpp" #include "gucc/string_utils.hpp"
@ -2031,25 +2032,26 @@ void setup_luks_keyfile() noexcept {
// Add keyfile to luks // Add keyfile to luks
const auto& root_name = gucc::utils::exec("mount | awk '/\\/mnt / {print $1}' | sed s~/dev/mapper/~~g | sed s~/dev/~~g"); const auto& root_name = gucc::utils::exec("mount | awk '/\\/mnt / {print $1}' | sed s~/dev/mapper/~~g | sed s~/dev/~~g");
const auto& root_part = gucc::utils::exec(fmt::format(FMT_COMPILE("lsblk -i | tac | sed -r 's/^[^[:alnum:]]+//' | sed -n -e \"/{}/,/part/p\" | {} | tr -cd '[:alnum:]'"), root_name, "awk '/part/ {print $1}'")); const auto& root_part = gucc::utils::exec(fmt::format(FMT_COMPILE("lsblk -i | tac | sed -r 's/^[^[:alnum:]]+//' | sed -n -e \"/{}/,/part/p\" | {} | tr -cd '[:alnum:]'"), root_name, "awk '/part/ {print $1}'"));
const auto& number_of_lukskeys = utils::to_int(gucc::utils::exec(fmt::format(FMT_COMPILE("cryptsetup luksDump /dev/\"{}\" | grep \"ENABLED\" | wc -l"), root_part))); const auto& partition = fmt::format(FMT_COMPILE("/dev/{}"), root_part);
const auto& number_of_lukskeys = utils::to_int(gucc::utils::exec(fmt::format(FMT_COMPILE("cryptsetup luksDump \"{}\" | grep \"ENABLED\" | wc -l"), partition)));
if (number_of_lukskeys < 4) { if (number_of_lukskeys < 4) {
// Create a keyfile // Create a keyfile
#ifdef NDEVENV #ifdef NDEVENV
if (!fs::exists("/mnt/crypto_keyfile.bin")) { const std::string_view keyfile_path{"/mnt/crypto_keyfile.bin"};
if (!fs::exists(keyfile_path)) {
const auto& ret_status = gucc::utils::exec("dd bs=512 count=4 if=/dev/urandom of=/mnt/crypto_keyfile.bin", true); const auto& ret_status = gucc::utils::exec("dd bs=512 count=4 if=/dev/urandom of=/mnt/crypto_keyfile.bin", true);
/* clang-format off */ /* clang-format off */
if (ret_status == "0") { spdlog::info("Generating a keyfile"); } if (ret_status == "0") { spdlog::info("Generating a keyfile"); }
/* clang-format on */ /* clang-format on */
} }
gucc::utils::exec("chmod 000 /mnt/crypto_keyfile.bin"); gucc::utils::exec("chmod 600 /mnt/crypto_keyfile.bin");
spdlog::info("Adding the keyfile to the LUKS configuration"); spdlog::info("Adding the keyfile to the LUKS configuration");
auto ret_status = gucc::utils::exec(fmt::format(FMT_COMPILE("cryptsetup --pbkdf-force-iterations 200000 luksAddKey /dev/\"{}\" /mnt/crypto_keyfile.bin"), root_part), true); if (!gucc::crypto::luks1_add_key(keyfile_path, partition, "--pbkdf-force-iterations 200000")) {
/* clang-format off */ spdlog::error("Something went wrong with adding the LUKS key. Is {} the right partition?", partition);
if (ret_status != "0") { spdlog::info("Something went wrong with adding the LUKS key. Is /dev/{} the right partition?", root_part); } }
/* clang-format on */
// Add keyfile to initcpio // Add keyfile to initcpio
ret_status = gucc::utils::exec("grep -q '/crypto_keyfile.bin' /mnt/etc/mkinitcpio.conf || sed -i '/FILES/ s~)~/crypto_keyfile.bin)~' /mnt/etc/mkinitcpio.conf", true); auto ret_status = gucc::utils::exec("grep -q '/crypto_keyfile.bin' /mnt/etc/mkinitcpio.conf || sed -i '/FILES/ s~)~/crypto_keyfile.bin)~' /mnt/etc/mkinitcpio.conf", true);
/* clang-format off */ /* clang-format off */
if (ret_status == "0") { spdlog::info("Adding keyfile to the initcpio"); } if (ret_status == "0") { spdlog::info("Adding keyfile to the initcpio"); }
/* clang-format on */ /* clang-format on */