Getch
[](https://badge.fury.io/rb/getch)  [](https://github.com/rubocop/rubocop) 
A CLI tool to install Gentoo (by compiling or in binary) or Void Linux with default:
- DNS over HTTPS (with Quad9).
- Vim | Nano installed.
- Iptables installed (not configured).
- Sudo installed (not configured).
- iwd installed if wifi is detected.
- No GUI installed.
Hardened System:
- sysctl.conf with TCP/IP stack hardening and more Arch
- Kernel parameters enforced (dmesg restricted, kexec disabled, etc)
- Kernel source (Gentoo) patched with bask.
- Musl optionnal
Description
Actually, Getch support only the x86_64 architecture with the following archives:
- Gentoo:
stage3-amd64-systemdorstage3-amd64-muslGentoo. - Void:
rootfs tarball glibcorrootfs tarball muslVoid.
Filesystem supported (with or without encryption)
- Ext4
- Lvm
- ZFS
Boot Manager:
- Gentoo: Grub2 except on systemd without encryption.
- Void: use only Grub2.
The ISO images i was able to test and that works:
- Archlinux
- Portia: Custom Archiso that includes ZFS support and Ruby.
- Ubuntu 22.10
- Voidlinux
You can also use your current linux host, just pay attention to the disk that will be used.
Dependencies
Getch is build without external libs, so it only require ruby >= 2.6.
On a live image of Void, you need to install xbps-install -S ruby xz gptfdisk
openssl.
Install
Getch is cryptographically signed, so add my public key (if you haven’t already) as a trusted certificate.
With gem installed:
$ gem cert --add <(curl -Ls https://raw.githubusercontent.com/szorfein/getch/master/certs/szorfein.pem)
$ gem install getch -P HighSecurity
If you want to try from the source:
# git clone https://github.com/szorfein/getch
# cd getch
# ruby -I lib bin/getch -h
Usage
Just ensure than the script is run with a root account.
# getch -h
After an install by Getch, take a look on the wiki.
Examples
For a french user on Gentoo:
# getch --disk sda --zoneinfo "Europe/Paris" --language fr_FR --keymap fr
Install Gentoo on LVM and use a different root disk /dev/vdc
# getch --disk vdc --format ext4 --lvm
Encrypt your disk with LVM with a french keymap and in binary mode:
# getch --disk sda --format ext4 --lvm --encrypt --keymap fr --binary
Encrypt with ext4 and create a new user ninja:
# getch --disk vda --format ext4 --encrypt --username ninja
Change size of root in Gb (default 16 on lvm), swap in Mb (default use your current total ram) with lvm.
# getch --disk sda -o void --lvm --root-size 10 --swap-size 4096
With ZFS, if used with --encrypt, it use the native ZFS encryption:
# getch --disk vda --format zfs
With Void Linux and Musl enable:
# getch --disk sda --os void --encrypt -k fr --musl
Troubleshooting
Old VG for LVM
If a old volume group exist, getch may fail to partition your disk. You have to clean up your device before proceed with vgremove and pvremove. An short example how doing this with a volume group named vg0:
# vgdisplay | grep vg
# vgremove -f vg0
# pvremove -f /dev/sdb
Encryption with GRUB
To decrypt your disk on GRUB, only the us keymap is working for now.
ZFS with Grub
By default, if you use ZFS with musl or voidlinux the /boot partition is not mounted automatically, so before an update, mout the partition.
# zpool status
# zfs mount bpool/BOOT/void
# ls /boot
ZFS with and without encryption
First time on ZFS after 5min
dracut Warning: /dev/disk/by-uuid/<DISK> does not exist
Dracut try to mount inexistent device. Just wait for enter in the shell and remove the disk uuid from /lib/dracut/hooks/initqueue/finished/
# ls /lib/dracut/hooks/initqueue/finished/*
# rm /lib/dracut/hooks/initqueue/finished/dev*
# exit
Dracut should finally start mount-zfs.sh and ask for a password if encrypted. After you first login, mount the /boot partition and recompile the initramfs and your good.
- For Gentoo:
emerge --config sys-kernel/gentoo-kernel-bin - For Voidlinux:
xbps-reconfigure -fa
If it doesn't work, try to start script manually (always in the shell):
# . /lib/dracut/hooks/mount/98-mount-zsh.sh
# . /lib/dracut/hooks/mount/99-mount-root.sh
# exit