Merge pull request #11 from darrenldl/dev

Updated README, fixing disk partitioning code

Author: darrenldl

.travis.yml

@@ -22,7 +22,7 @@ script:
   - docker exec installer_builder bash -c 'cd ~; echo $(pwd)'
   - docker exec installer_builder bash -c 'cd ~; ls'
   - docker exec installer_builder bash -c 'cp -r ~/oali-master ~/oali'
-  - docker exec installer_builder bash -c 'chmod u=rwx ~/llsh'
+  - docker exec installer_builder bash -c 'chmod u=rwx ~/oali'
   - docker exec installer_builder bash -c 'eval $(opam env); cd ~/oali/installer_ml; make'
   - docker cp installer_builder:/home/opam/oali/installer_ml/_build/default/src/installer.exe ./installer
   - strip installer

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Darren Ldl
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,56 +1,84 @@
 # OCaml Arch Linux Installer
 [![Build Status](https://travis-ci.org/darrenldl/oali.svg?branch=master)](https://travis-ci.org/darrenldl/oali)
 
-### Description
+## Warning
+Oali is still extremely early in development, and still WIP
+
+It is difficult to test an installer targeting a live CD automatically, so right now it's still a lot of manual testing
+
+Please do **NOT** use it for anything serious yet
+
+## Description
 Oali is an installer written in OCaml which sets up a Arch Linux installation with following variations
 - 3 disk layouts
   - Single system disk (installer does partitioning for you)
-  - You pick the partitions for `/boot` `/` etc manually 
+  - You pick the partitions for `/boot`, `/` etc manually 
   - Single system partition (you pick an existing partition on a disk) + USB key (partitioned by installer)
 - Optional full disk encryption
 - Optional `linux-hardened` kernel installation
 
 Oali aims to be smart and hassle free, so following features are included as a result
 - Automatic adjustment of dialogues and settings based on whether the live CD is running in UEFI or BIOS mode
 
-### Encryption specifics
-In all disk layouts, system partition (i.e. `/`) is protected by a keyfile
-
-The keyfile is stored in within the initramfs in boot partition, which is protected by a user provided passphrase
-
-LUKS setup is used for all encrypted partitions.
-
-If in UEFI mode, the ESP partition will be present but is not (and cannot be) encrypted.
-
-### Post-install notes
-After installation, several files will be present in `/root/llsh_pack` (all of the files are to be accessed/executed by root)
-- `salt_exec.sh` allows you start the saltstack setup, present only if you answered yes to using saltstack for your further setup
-- `oli_setup_note` contains description of the files
-- `usb_key_mount.sh` allows you to mount your USB key easily and reliably
-- `usb_key_umount.sh` allows you to unmount your USB key easily and reliably
-- `useradd_helper_restructed.sh` and `useradd_helper_as_powerful.sh` allow you to add more users in the same manner as used by setup.sh
-
-### Misc. notes
-Saltstack files related
-- currently linux-lts is enabled in the salt state files as a measure to avoid lock out due to kernel updates
-
-### Prerequisites
+## Prerequisites
 - Working internet connection
 - Partitioning done for system partition
 - USB key (data will be lost)
 
-### Space requirement
+## Space requirement
 - USB key (if you intend to use disk layout that utilises a USB key)
   - 1 GiB USB drive will be very sufficient
 - System drive
   - Current salt states download/install around 10 GiB of data
 
-### Instructions
+## Instructions
 The OCaml code is not self contained, thus if you choose to compile it yourself, you will need to install various dependencies.
 
 For deployment purposes, it is recommended that you use the static binaries provided, which you can download via [GitHub releases](https://github.com/darrenldl/ocaml-linux-installer/releases)
 
 The static binaries of the installer are built via Travis CI using `ocaml/opam2:alpine` Docker image, and should be able to run on Arch Linux live CD without any further setup
 
-### License
+## Specifics
+
+#### Disk layout choices
+**Single system disk** - Oali slices the disks into ESP (if in EFI mode), boot and root partitions automatically
+
+**Manual picking** - Oali just uses the choices you provide
+
+**Single system partition + USB key** - Oali installs ESP (if in EFI mode), boot partitions on USB key, and root partition on the provided system partition
+
+Oali will handle encryption along with other chores automatically with the disk layout you picked in mind, such as
+- `/etc/crypttab` is set up only if the disk layout doesn't involve USB key
+- `/etc/fstab` is adjusted to disable USB key partitions if disk layout uses USB key
+
+#### Encryption specifics
+Oali uses `cryptsetup` for LUKS setup, and allows you to toggle boot and root partition encryption separately
+
+Note that it will ask for confirmation if you choose to encrypt boot but not root (which is a silly setup, but it'll oblige if you insist)
+
+Oali will ask if you want to change the key iteration time (in millisec) and key size
+
+#### Boot partitions
+If in UEFI mode, the ESP partition will be present but is never (and cannot be) encrypted
+
+If boot partition encryption is enabled, then it is protected by a passphrase
+
+#### System partition
+If system/root partition encryption is enabled, then it is protected by a keyfile
+
+The keyfile is stored in within the initramfs in boot partition
+
+#### Post-install notes
+After installation, several files will be present in `/root/oali_pack` (all of the files are to be accessed/executed by root)
+- `salt_exec.sh` allows you start the saltstack setup, present only if you answered yes to using saltstack for your further setup
+- `oli_setup_note` contains description of the files
+- `usb_key_mount.sh` allows you to mount your USB key easily and reliably
+- `usb_key_umount.sh` allows you to unmount your USB key easily and reliably
+- `useradd_helper_restructed.sh` and `useradd_helper_as_powerful.sh` allow you to add more users in the same manner as used by setup.sh
+
+#### Misc. notes
+Saltstack files related
+- currently linux-lts is enabled in the salt state files as a measure to avoid lock out due to kernel updates
+
+## License
 MIT

installer_ml/src/installer.ml

@@ -256,7 +256,7 @@ let () =
           exec
             (Printf.sprintf "parted -a optimal %s mkpart primary %dMB %d%%"
                disk boot_part_end_MB
-               (int_of_float Config.total_disk_usage_frac));
+               (frac_to_perc Config.total_disk_usage_frac));
           exec (Printf.sprintf "parted %s set 1 boot on" disk);
           Disk_utils.sync ();
           let parts = Disk_utils.parts_of_disk disk in
@@ -279,9 +279,9 @@ let () =
             (Printf.sprintf "parted -a optimal %s mkpart primary 0%% %dMB"
                disk boot_part_end_MB);
           exec
-            (Printf.sprintf "parted -a optimal %s mkpart primary %dMB %dMB"
+            (Printf.sprintf "parted -a optimal %s mkpart primary %dMB %d%%"
                disk boot_part_end_MB
-               (int_of_float Config.total_disk_usage_frac));
+               (frac_to_perc Config.total_disk_usage_frac));
           exec (Printf.sprintf "parted %s set 1 boot on" disk);
           Disk_utils.sync ();
           let parts = Disk_utils.parts_of_disk disk in
@@ -891,12 +891,16 @@ let () =
         ask_yn "Do you want to enable SSH server?" = Yes
       in
       {config with enable_ssh_server = Some enable_ssh_server});
-  reg ~name:"Enabling SSH server" (fun config ->
-      Arch_chroot.exec "systemctl enable sshd";
-      config);
+  reg ~name:"Installing SSH server" (fun config ->
+      Arch_chroot.install ["openssh"];
+      config
+    );
   reg ~name:"Copying sshd_config over" (fun config ->
       FileUtil.cp [Config.sshd_config_path_in_repo] Config.etc_ssh_dir_path;
       config);
+  reg ~name:"Enabling SSH server" (fun config ->
+      Arch_chroot.exec "systemctl enable sshd";
+      config);
   reg ~name:"Setting up SSH key directory" (fun config ->
       let user_name = Option.get config.user_name in
       let user_ssh_dir_path =

installer_ml/src/misc_utils.ml

@@ -14,6 +14,8 @@ type yn =
   | Yes
   | No
 
+let not_empty s = s <> ""
+
 let retry (f : unit -> 'a retry) : 'a =
   let rec aux f = match f () with Stop x -> x | Retry -> aux f in
   aux f
@@ -30,7 +32,8 @@ let ask_string ?(is_valid = fun _ -> true) prompt =
 let ask_yn prompt =
   retry (fun () ->
       let s =
-        ask_string (Printf.sprintf "%s y/n" prompt) |> String.lowercase_ascii
+        ask_string ~is_valid:not_empty (Printf.sprintf "%s y/n" prompt)
+        |> String.lowercase_ascii
       in
       let len = String.length s in
       let yes = "yes" in
@@ -124,8 +127,6 @@ let print_boxed_msg s =
   let line = String.concat "" ["+"; String.make (len - 2) '-'; "+"] in
   print_endline line; Printf.printf "| %s |\n" s; print_endline line
 
-let not_empty s = s <> ""
-
 let concat_file_names names =
   let splits =
     names
@@ -144,3 +145,5 @@ let calc_frac ~max_frac ~value ~total =
   assert (max_frac >= 0.0);
   assert (max_frac <= 1.0);
   min (value /. total) max_frac
+
+let frac_to_perc frac : int = int_of_float (Float.round (frac *. 100.0))