🧹 move luks into gucc

gucc/CMakeLists.txt

@@ -16,6 +16,7 @@ add_library(${PROJECT_NAME} SHARED
    src/cpu.cpp include/gucc/cpu.hpp
    src/pacmanconf_repo.cpp include/gucc/pacmanconf_repo.hpp
    src/initcpio.cpp include/gucc/initcpio.hpp
+   src/luks.cpp include/gucc/luks.hpp
    #src/chwd_profiles.cpp src/chwd_profiles.hpp
    #src/disk.cpp src/disk.hpp
    )

gucc/include/gucc/luks.hpp

@@ -0,0 +1,14 @@
+#ifndef LUKS_HPP
+#define LUKS_HPP
+
+#include <string_view>  // for string_view
+
+namespace gucc::crypto {
+
+auto luks1_open(std::string_view luks_pass, std::string_view partition, std::string_view luks_name) noexcept -> bool;
+auto luks1_format(std::string_view luks_pass, std::string_view partition, std::string_view additional_flags = {}) noexcept -> bool;
+auto luks1_add_key(std::string_view dest_file, std::string_view partition, std::string_view additional_flags = {}) noexcept -> bool;
+
+}  // namespace gucc::crypto
+
+#endif  // LUKS_HPP

gucc/meson.build

@@ -6,6 +6,7 @@ gucc_lib = library('gucc',
         'src/cpu.cpp',
         'src/pacmanconf_repo.cpp',
         'src/initcpio.cpp',
+        'src/luks.cpp',
     ],
     include_directories : [include_directories('include')],
     dependencies: deps

gucc/src/luks.cpp

@@ -0,0 +1,24 @@
+#include "gucc/luks.hpp"
+#include "gucc/io_utils.hpp"
+
+#include <fmt/compile.h>
+#include <fmt/format.h>
+
+namespace gucc::crypto {
+
+auto luks1_open(std::string_view luks_pass, std::string_view partition, std::string_view luks_name) noexcept -> bool {
+    auto cmd = fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup open --type luks1 {} {} &>/dev/null"), luks_pass, partition, luks_name);
+    return utils::exec(cmd, true) == "0";
+}
+
+auto luks1_format(std::string_view luks_pass, std::string_view partition, std::string_view additional_flags) noexcept -> bool {
+    auto cmd = fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup -q {} --type luks1 luksFormat {} &>/dev/null"), luks_pass, additional_flags, partition);
+    return utils::exec(cmd, true) == "0";
+}
+
+auto luks1_add_key(std::string_view dest_file, std::string_view partition, std::string_view additional_flags) noexcept -> bool {
+    auto cmd = fmt::format(FMT_COMPILE("cryptsetup -q {} luksAddKey {} {} &>/dev/null"), additional_flags, partition, dest_file);
+    return utils::exec(cmd, true) == "0";
+}
+
+}  // namespace gucc::crypto

src/crypto.cpp

@@ -5,6 +5,7 @@
 
 // import gucc
 #include "gucc/io_utils.hpp"
+#include "gucc/luks.hpp"
 #include "gucc/string_utils.hpp"
 
 #include <fmt/compile.h>
@@ -112,7 +113,11 @@ bool luks_open() noexcept {
     // show the error
     detail::infobox_widget("\nPlease wait...\n");
 #ifdef NDEVENV
-    detail::follow_process_log_widget({"/bin/sh", "-c", fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup open --type luks {} {}"), luks_password, partition, luks_root_name)});
+    if (!gucc::crypto::luks1_open(luks_password, partition, luks_root_name)) {
+        spdlog::error("Failed to open luks1 partition {} with name {}", partition, luks_root_name);
+        detail::msgbox_widget("\nFailed to open luks1 partition\n");
+        return false;
+    }
 #endif
 
     const auto& devlist = gucc::utils::exec(fmt::format(FMT_COMPILE("lsblk -o NAME,TYPE,FSTYPE,SIZE,MOUNTPOINT {} | grep \"crypt\\|NAME\\|MODEL\\|TYPE\\|FSTYPE\\|SIZE\""), partition));
@@ -160,15 +165,21 @@ void luks_encrypt([[maybe_unused]] const std::string_view& command) noexcept {
     const auto& luks_root_name = std::get<std::string>(config_data["LUKS_ROOT_NAME"]);
     const auto& luks_password  = std::get<std::string>(config_data["PASSWD"]);
 
-    detail::follow_process_log_widget({"/bin/sh", "-c", fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup -q {} {}"), luks_password, command, partition)});
+    if (!gucc::crypto::luks1_format(luks_password, partition, command)) {
+        spdlog::error("Failed to format luks1 partition {} with additional flags {}", partition, command);
+        detail::msgbox_widget("\nFailed to format luks1 partition\n");
+    }
 
     // Now open the encrypted partition or LV
-    detail::follow_process_log_widget({"/bin/sh", "-c", fmt::format(FMT_COMPILE("echo \"{}\" | cryptsetup open {} {}"), luks_password, partition, luks_root_name)});
+    if (!gucc::crypto::luks1_open(luks_password, partition, luks_root_name)) {
+        spdlog::error("Failed to open luks1 partition {} with name {}", partition, luks_root_name);
+        detail::msgbox_widget("\nFailed to open luks1 partition\n");
+    }
 #endif
 }
 
 void luks_default() noexcept {
-    tui::luks_encrypt("--type luks1 luksFormat");
+    tui::luks_encrypt("");
 }
 
 bool luks_key_define() noexcept {
@@ -183,7 +194,7 @@ bool luks_key_define() noexcept {
 }
 
 void luks_express() noexcept {
-    tui::luks_encrypt("--pbkdf-force-iterations 200000 --type luks1 luksFormat");
+    tui::luks_encrypt("--pbkdf-force-iterations 200000");
 }
 
 void luks_show() noexcept {

src/utils.cpp

@@ -10,6 +10,7 @@
 #include "gucc/file_utils.hpp"
 #include "gucc/initcpio.hpp"
 #include "gucc/io_utils.hpp"
+#include "gucc/luks.hpp"
 #include "gucc/pacmanconf_repo.hpp"
 #include "gucc/string_utils.hpp"
 
@@ -2031,25 +2032,26 @@ void setup_luks_keyfile() noexcept {
     // Add keyfile to luks
     const auto& root_name          = gucc::utils::exec("mount | awk '/\\/mnt / {print $1}' | sed s~/dev/mapper/~~g | sed s~/dev/~~g");
     const auto& root_part          = gucc::utils::exec(fmt::format(FMT_COMPILE("lsblk -i | tac | sed -r 's/^[^[:alnum:]]+//' | sed -n -e \"/{}/,/part/p\" | {} | tr -cd '[:alnum:]'"), root_name, "awk '/part/ {print $1}'"));
-    const auto& number_of_lukskeys = utils::to_int(gucc::utils::exec(fmt::format(FMT_COMPILE("cryptsetup luksDump /dev/\"{}\" | grep \"ENABLED\" | wc -l"), root_part)));
+    const auto& partition          = fmt::format(FMT_COMPILE("/dev/{}"), root_part);
+    const auto& number_of_lukskeys = utils::to_int(gucc::utils::exec(fmt::format(FMT_COMPILE("cryptsetup luksDump \"{}\" | grep \"ENABLED\" | wc -l"), partition)));
     if (number_of_lukskeys < 4) {
         // Create a keyfile
 #ifdef NDEVENV
-        if (!fs::exists("/mnt/crypto_keyfile.bin")) {
+        const std::string_view keyfile_path{"/mnt/crypto_keyfile.bin"};
+        if (!fs::exists(keyfile_path)) {
             const auto& ret_status = gucc::utils::exec("dd bs=512 count=4 if=/dev/urandom of=/mnt/crypto_keyfile.bin", true);
             /* clang-format off */
             if (ret_status == "0") { spdlog::info("Generating a keyfile"); }
             /* clang-format on */
         }
-        gucc::utils::exec("chmod 000 /mnt/crypto_keyfile.bin");
+        gucc::utils::exec("chmod 600 /mnt/crypto_keyfile.bin");
         spdlog::info("Adding the keyfile to the LUKS configuration");
-        auto ret_status = gucc::utils::exec(fmt::format(FMT_COMPILE("cryptsetup --pbkdf-force-iterations 200000 luksAddKey /dev/\"{}\" /mnt/crypto_keyfile.bin"), root_part), true);
-        /* clang-format off */
-        if (ret_status != "0") { spdlog::info("Something went wrong with adding the LUKS key. Is /dev/{} the right partition?", root_part); }
-        /* clang-format on */
+        if (!gucc::crypto::luks1_add_key(keyfile_path, partition, "--pbkdf-force-iterations 200000")) {
+            spdlog::error("Something went wrong with adding the LUKS key. Is {} the right partition?", partition);
+        }
 
         // Add keyfile to initcpio
-        ret_status = gucc::utils::exec("grep -q '/crypto_keyfile.bin' /mnt/etc/mkinitcpio.conf || sed -i '/FILES/ s~)~/crypto_keyfile.bin)~' /mnt/etc/mkinitcpio.conf", true);
+        auto ret_status = gucc::utils::exec("grep -q '/crypto_keyfile.bin' /mnt/etc/mkinitcpio.conf || sed -i '/FILES/ s~)~/crypto_keyfile.bin)~' /mnt/etc/mkinitcpio.conf", true);
         /* clang-format off */
         if (ret_status == "0") { spdlog::info("Adding keyfile to the initcpio"); }
         /* clang-format on */