Working partition and encryption+mount phase. Now to the installer and re-work that.

2020-06-30 21:22:28 +00:00 · 2020-06-30 21:22:28 +00:00 · 0399df8c25
commit 0399df8c25
parent 5ae18b80fd
5 changed files with 163 additions and 85 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 SAFETY_LOCK
 **/**old.*
 **/**.img
+**/**pwfile
--- a/helpers/disk.py
+++ b/helpers/disk.py
@ -1,6 +1,7 @@
 import glob, re, os, json
 from collections import OrderedDict
 from helpers.general import sys_command
+from exceptions import *

 ROOT_DIR_PATTERN = re.compile('^.*?/devices')
 GPT = 0b00000001
@ -9,76 +10,164 @@ class BlockDevice():
 	def __init__(self, path, info):
 		self.path = path
 		self.info = info
-		if not 'backplane' in self.info:
-			self.info['backplane'] = self.find_backplane(self.info)

-	def find_backplane(self, info):
-		if not 'type' in info: raise DiskError(f'Could not locate backplane info for "{self.path}"')
+	@property
+	def device(self):
+		"""
+		Returns the actual device-endpoint of the BlockDevice.
+		If it's a loop-back-device it returns the back-file,
+		If it's a ATA-drive it returns the /dev/X device
+		And if it's a crypto-device it returns the parent device
+		"""
+		if not 'type' in self.info: raise DiskError(f'Could not locate backplane info for "{self.path}"')

-		if info['type'] == 'loop':
+		if self.info['type'] == 'loop':
 			for drive in json.loads(b''.join(sys_command(f'losetup --json', hide_from_log=True)).decode('UTF_8'))['loopdevices']:
 				if not drive['name'] == self.path: continue

 				return drive['back-file']
-		elif info['type'] == 'disk':
+		elif self.info['type'] == 'disk':
 			return self.path
-		elif info['type'] == 'crypt':
-			if not 'pkname' in info: raise DiskError(f'A crypt device ({self.path}) without a parent kernel device name.')
-			return f"/dev/{info['pkname']}"
+		elif self.info['type'] == 'crypt':
+			if not 'pkname' in self.info: raise DiskError(f'A crypt device ({self.path}) without a parent kernel device name.')
+			return f"/dev/{self.info['pkname']}"
+
+	@property
+	def partitions(self):
+		o = b''.join(sys_command(f'partprobe {self.path}'))
+
+		parts = OrderedDict()
+		#o = b''.join(sys_command('/usr/bin/lsblk -o name -J -b {dev}'.format(dev=dev)))
+		o = b''.join(sys_command(f'/usr/bin/lsblk -J {self.path}'))
+		if b'not a block device' in o:
+			raise DiskError(f'Can not read partitions off something that isn\'t a block device: {self.path}')
+
+		if not o[:1] == b'{':
+			raise DiskError(f'Error getting JSON output from:', f'/usr/bin/lsblk -J {self.path}')
+
+		r = json.loads(o.decode('UTF-8'))
+		if len(r['blockdevices']) and 'children' in r['blockdevices'][0]:
+			root_path = f"/dev/{r['blockdevices'][0]['name']}"
+			for part in r['blockdevices'][0]['children']:
+				part_id = part['name'][len(os.path.basename(self.path)):]
+				parts[part_id] = {
+					'size' : part['size'],
+					'id' : part_id,
+					'path' : root_path + part_id
+				}
+
+		return {k: parts[k] for k in sorted(parts)}
+
+	@property
+	def partition(self):
+		all_partitions = self.partitions
+		return [all_partitions[k] for k in all_partitions]

 	def __repr__(self, *args, **kwargs):
-		return f'BlockDevice(path={self.path})'
+		return f"BlockDevice({self.device})"

 	def __getitem__(self, key, *args, **kwargs):
 		if not key in self.info:
 			raise KeyError(f'{self} does not contain information: "{key}"')
 		return self.info[key]

-#	def __enter__(self, *args, **kwargs):
-#		return self
-#
-#	def __exit__(self, *args, **kwargs):
-#		print('Exit:', args, kwargs)
-#		b''.join(sys_command(f'sync', *args, **kwargs, hide_from_log=True))
+class luks2():
+	def __init__(self, filesystem):
+		self.filesystem = filesystem

-class Formatter():
+	def __enter__(self):
+		return self
+
+	def __exit__(self, *args, **kwargs):
+		# TODO: https://stackoverflow.com/questions/28157929/how-to-safely-handle-an-exception-inside-a-context-manager
+		if len(args):
+			raise args[1]
+		return True
+
+	def encrypt(self, partition, password, key_size=512, hash_type='sha512', iter_time=10000, key_file=None):
+		if not key_file: key_file = f'/tmp/{os.path.basename(self.filesystem.blockdevice.device)}.disk_pw' #TODO: Make disk-pw-file randomly unique?
+		if type(password) != bytes: password = bytes(password, 'UTF-8')
+
+		with open(key_file, 'wb') as fh:
+			fh.write(password)
+
+		o = b''.join(sys_command(f'/usr/bin/cryptsetup -q -v --type luks2 --pbkdf argon2i --hash {hash_type} --key-size {key_size} --iter-time {iter_time} --key-file {os.path.abspath(key_file)} --use-urandom luksFormat {partition["path"]}'))
+		if not b'Command successful.' in o:
+			raise DiskError(f'Could not encrypt volume "{partition["path"]}": {o}')
+	
+		return key_file
+
+	def mount(self, partition, mountpoint, key_file):
+		"""
+		Mounts a lukts2 compatible partition to a certain mountpoint.
+		Keyfile must be specified as there's no way to interact with the pw-prompt atm.
+
+		:param mountpoint: The name without absolute path, for instance "luksdev" will point to /dev/mapper/luksdev
+		:type mountpoint: str
+		"""
+		if '/' in mountpoint: os.path.basename(mountpoint) # TODO: Raise exception instead?
+		sys_command(f'/usr/bin/cryptsetup open {partition["path"]} {mountpoint} --key-file {os.path.abspath(key_file)} --type luks2')
+		return os.path.islink(f'/dev/mapper/{mountpoint}')
+
+	def close(self, mountpoint):
+		sys_command(f'cryptsetup close /dev/mapper/{mountpoint}')
+		return os.path.islink(f'/dev/mapper/{mountpoint}') is False
+		
+class Filesystem():
+	# TODO:
+	#   When instance of a HDD is selected, check all usages and gracefully unmount them
+	#   as well as close any crypto handles.
 	def __init__(self, blockdevice, mode=GPT):
 		self.blockdevice = blockdevice
 		self.mode = mode

 	def __enter__(self, *args, **kwargs):
-		print(f'Formatting {self.blockdevice} as {self.mode}:', args, kwargs)
-		return self
+		if self.mode == GPT:
+			if sys_command(f'/usr/bin/parted -s {self.blockdevice.device} mklabel gpt',).exit_code == 0:
+				return self
+			else:
+				raise DiskError(f'Problem setting the partition format to GPT:', f'/usr/bin/parted -s {self.blockdevice.device} mklabel gpt')
+		else:
+			raise DiskError(f'Unknown mode selected to format in: {self.mode}')

 	def __exit__(self, *args, **kwargs):
-		print('Exit:', args, kwargs)
-		b''.join(sys_command(f'sync', *args, **kwargs, hide_from_log=True))
+		b''.join(sys_command(f'sync'))

-	def format_disk(drive='drive', start='start', end='size', emulate=False, *positionals, **kwargs):
-		drive = args[drive]
-		start = args[start]
-		end = args[end]
-		if not drive:
-			raise ValueError('Need to supply a drive path, for instance: /dev/sdx')
+	def raw_parted(self, string:str):
+		x = sys_command(f'/usr/bin/parted -s {string}')
+		o = b''.join(x)
+		return x

-		if not SAFETY_LOCK:
-			# dd if=/dev/random of=args['drive'] bs=4096 status=progress
-			# https://github.com/dcantrell/pyparted	would be nice, but isn't officially in the repo's #SadPanda
-			#if sys_command(f'/usr/bin/parted -s {drive} mklabel gpt', emulate=emulate, *positionals, **kwargs).exit_code != 0:
-			#	return None
-			if sys_command(f'/usr/bin/parted -s {drive} mklabel gpt', emulate=emulate, *positionals, **kwargs).exit_code != 0:
-				return None
-			if sys_command(f'/usr/bin/parted -s {drive} mkpart primary FAT32 1MiB {start}', emulate=emulate, *positionals, **kwargs).exit_code != 0:
-				return None
-			if sys_command(f'/usr/bin/parted -s {drive} name 1 "EFI"', emulate=emulate, *positionals, **kwargs).exit_code != 0:
-				return None
-			if sys_command(f'/usr/bin/parted -s {drive} set 1 esp on', emulate=emulate, *positionals, **kwargs).exit_code != 0:
-				return None
-			if sys_command(f'/usr/bin/parted -s {drive} set 1 boot on', emulate=emulate, *positionals, **kwargs).exit_code != 0:
-				return None
-			if sys_command(f'/usr/bin/parted -s {drive} mkpart primary {start} {end}', emulate=emulate, *positionals, **kwargs).exit_code != 0:
-				return None
+	def parted(self, string:str):
+		"""
+		Performs a parted execution of the given string

+		:param string: A raw string passed to /usr/bin/parted -s <string>
+		:type string: str
+		"""
+		return self.raw_parted(string).exit_code
+
+	def use_entire_disk(self, prep_mode=None):
+		self.add_partition('primary', start='1MiB', end='513MiB', format='fat32')
+		self.set_name(0, 'EFI')
+		self.set(0, 'boot on')
+		self.set(0, 'esp on') # TODO: Redundant, as in GPT mode it's an alias for "boot on"? https://www.gnu.org/software/parted/manual/html_node/set.html
+		if prep_mode == 'luks2':
+			self.add_partition('primary', start='513MiB', end='100%')
+		else:
+			self.add_partition('primary', start='1MiB', end='513MiB', format='ext4')
+
+	def add_partition(self, type, start, end, format=None):
+		if format:
+			return self.parted(f'{self.blockdevice.device} mkpart {type} {format} {start} {end}') == 0
+		else:
+			return self.parted(f'{self.blockdevice.device} mkpart {type} {start} {end}') == 0
+
+	def set_name(self, partition:int, name:str):
+		return self.parted(f'{self.blockdevice.device} name {partition+1} "{name}"') == 0
+
+	def set(self, partition:int, string:str):
+		return self.parted(f'{self.blockdevice.device} set {partition+1} {string}') == 0

 def device_state(name, *args, **kwargs):
 	# Based out of: https://askubuntu.com/questions/528690/how-to-get-list-of-all-non-removable-disk-device-names-ssd-hdd-and-sata-ide-onl/528709#528709
--- a/helpers/general.py
+++ b/helpers/general.py
@ -16,9 +16,9 @@ class sys_command():#Thread):
 	def __init__(self, cmd, callback=None, start_callback=None, *args, **kwargs):
 		if not 'worker_id' in kwargs: kwargs['worker_id'] = gen_uid()
 		if not 'emulate' in kwargs: kwargs['emulate'] = False
-		#Thread.__init__(self)
 		if kwargs['emulate']:
 			log(f"Starting command '{cmd}' in emulation mode.")
+		self.raw_cmd = cmd
 		self.cmd = shlex.split(cmd)
 		self.args = args
 		self.kwargs = kwargs
@ -37,22 +37,15 @@ class sys_command():#Thread):
 		self.exec_dir = f'{self.cwd}/{os.path.basename(self.cmd[0])}_workingdir'

 		if not self.cmd[0][0] == '/':
-			log('Worker command is not executed with absolute path, trying to find: {}'.format(self.cmd[0]), origin='spawn', level=5)
+			#log('Worker command is not executed with absolute path, trying to find: {}'.format(self.cmd[0]), origin='spawn', level=5)
 			o = check_output(['/usr/bin/which', self.cmd[0]])
-			log('This is the binary {} for {}'.format(o.decode('UTF-8'), self.cmd[0]), origin='spawn', level=5)
+			#log('This is the binary {} for {}'.format(o.decode('UTF-8'), self.cmd[0]), origin='spawn', level=5)
 			self.cmd[0] = o.decode('UTF-8').strip()

 		if not os.path.isdir(self.exec_dir):
 			os.makedirs(self.exec_dir)

-		if self.kwargs['emulate']:
-			commandlog.append(cmd + ' # (emulated)')
-		elif 'hide_from_log' in self.kwargs and self.kwargs['hide_from_log']:
-			pass
-		else:
-			commandlog.append(cmd)
 		if start_callback: start_callback(self, *args, **kwargs)
-		#self.start()
 		self.run()

 	def __iter__(self, *args, **kwargs):
@ -78,16 +71,6 @@ class sys_command():#Thread):
 		}

 	def run(self):
-		#main = None
-		#for t in tenum():
-		#	if t.name == 'MainThread':
-		#		main = t
-		#		break
-
-		#if not main:
-		#	log('Main thread not existing')
-		#	return
-		
 		self.status = 'running'
 		old_dir = os.getcwd()
 		os.chdir(self.exec_dir)
@ -124,8 +107,7 @@ class sys_command():#Thread):
 					break

 				if 'debug' in self.kwargs and self.kwargs['debug'] and len(output):
-					log(self.cmd[0], 'gave:', output.decode('UTF-8'))
-					log(self.cmd[0],'gave:', output.decode('UTF-8'), origin='spawn', level=4)
+					log(self.cmd, 'gave:', output.decode('UTF-8'))

 				if 'on_output' in self.kwargs:
 					self.kwargs['on_output'](self.kwargs['worker'], output)
@ -189,10 +171,10 @@ class sys_command():#Thread):
 			self.exit_code = 0

 		if self.exit_code != 0:
-			log(f"{self.cmd} did not exit gracefully, exit code {self.exit_code}.", origin='spawn', level=3)
+			log(f"'{self.raw_cmd}' did not exit gracefully, exit code {self.exit_code}.", origin='spawn', level=3)
 			log(self.trace_log.decode('UTF-8'), origin='spawn', level=3)
-		else:
-			log(f"{self.cmd[0]} exit nicely.", origin='spawn', level=5)
+		#else:
+			#log(f"{self.cmd[0]} exit nicely.", origin='spawn', level=5)

 		self.ended = time.time()
 		with open(f'{self.cwd}/trace.log', 'wb') as fh:
--- a/helpers/user_interaction.py
+++ b/helpers/user_interaction.py
@ -4,7 +4,7 @@ def select_disk(dict_o_disks):
 	drives = sorted(list(dict_o_disks.keys()))
 	if len(drives) > 1:
 		for index, drive in enumerate(drives):
-			print(f"{index}: {drive} ({dict_o_disks[drive]['size'], dict_o_disks[drive]['backplane'], dict_o_disks[drive]['label']})")
+			print(f"{index}: {drive} ({dict_o_disks[drive]['size'], dict_o_disks[drive].device, dict_o_disks[drive]['label']})")
 		drive = input('Select one of the above disks (by number or full path): ')
 		if drive.isdigit():
 			drive = dict_o_disks[drives[int(drive)]]
--- a/installer.py
+++ b/installer.py
@ -1,22 +1,28 @@
 import archinstall, getpass

-selected_hdd = archinstall.select_disk(archinstall.all_disks())
-disk_password = getpass.getpass(prompt='Disk password (won\'t echo): ')
+archinstall.sys_command(f'cryptsetup close /dev/mapper/luksloop')

-with archinstall.Formatter(selected_hdd, archinstall.GPT) as formatter:
+#selected_hdd = archinstall.select_disk(archinstall.all_disks())
+selected_hdd = archinstall.all_disks()['/dev/loop0']
+disk_password = '1234' # getpass.getpass(prompt='Disk password (won\'t echo): ')
+
+with archinstall.Filesystem(selected_hdd, archinstall.GPT) as fs:
+	fs.use_entire_disk('luks2')
+	with archinstall.luks2(fs) as crypt:
+		if selected_hdd.partition[1]['size'] == '512M':
+			raise OSError('Trying to encrypt the boot partition for petes sake..')
+
+		key_file = crypt.encrypt(selected_hdd.partition[1], password=disk_password, key_size=512, hash_type='sha512', iter_time=10000, key_file='./pwfile')
+		crypt.mount(selected_hdd.partition[1], 'luksloop', key_file)
 	exit(1)
-	disk.encrypt('luks2', password=disk_password, key_size=512, hash_type='sha512', iter_time=10000, key_file='./pwfile')
+	with archinstall.installer(root_partition, hostname='testmachine') as installation:
+		if installation.minimal_installation():
+			installation.add_bootloader()

-	root_partition = disk.partition['/']
+			installation.add_additional_packages(['nano', 'wget', 'git'])
+			installation.install_profile('desktop')

-with archinstall.installer(root_partition, hostname='testmachine') as installation:
-	if installation.minimal_installation():
-		installation.add_bootloader()
+			installation.user_create('anton', 'test')
+			installation.user_set_pw('root', 'toor')

-		installation.add_additional_packages(['nano', 'wget', 'git'])
-		installation.install_profile('desktop')
-
-		installation.user_create('anton', 'test')
-		installation.user_set_pw('root', 'toor')
-
-		installation.add_AUR_support()
+			installation.add_AUR_support()