2022-10-27 16:16:22 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# Set VAR
|
2024-02-12 18:11:48 +00:00
|
|
|
#KVER='6.6.15-hardened1'
|
2022-10-27 16:16:22 +00:00
|
|
|
#KVER='5.10.145-hardened1'
|
|
|
|
|
|
|
|
# Dependencies
|
2024-01-25 19:44:24 +00:00
|
|
|
sudo dnf install binutils /usr/include/{libelf.h,openssl/pkcs7.h} \
|
|
|
|
/usr/bin/{bc,bison,flex,gcc,git,openssl,make,perl,pahole,zstd}
|
2022-10-27 16:16:22 +00:00
|
|
|
|
2024-02-12 18:11:48 +00:00
|
|
|
function set_kver() {
|
|
|
|
echo "Enter the kernel version to use (e.g., '6.6.15-hardened1'):"
|
|
|
|
while true; do
|
|
|
|
read -e -i "${KVER:-}" -p "" KVER
|
|
|
|
if [[ $(echo $KVER | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-hardened1)$') == '' ]]; then
|
|
|
|
echo "Invalid format.";
|
|
|
|
else
|
|
|
|
break;
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
# Invoke function to prompt end-user for desired version (must be an active release in the Anthraxx Linux-Hardened repository)
|
|
|
|
set_kver
|
|
|
|
|
2022-10-27 16:16:22 +00:00
|
|
|
# Staging w/ error handling
|
|
|
|
if [[ ! -f /usr/src/"$KVER".tar.gz ]]; then
|
2024-02-01 14:59:50 +00:00
|
|
|
/usr/bin/curl --verbose --tlsv1.3 --proto =https -L -O --url "https://github.com/anthraxx/linux-hardened/archive/refs/tags/"$KVER".tar.gz"
|
2022-10-27 16:16:22 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ! -d /usr/src/linux-hardened-"$KVER" ]]; then
|
|
|
|
tar -xf "$KVER".tar.gz -C /usr/src/
|
|
|
|
fi
|
|
|
|
|
|
|
|
cd /usr/src/linux-hardened-"$KVER"
|
2024-02-01 14:59:50 +00:00
|
|
|
wget https://0xacab.org/optout/plague-kernel/-/raw/main/"$KVER".config -O .config
|
2022-10-27 16:16:22 +00:00
|
|
|
|
|
|
|
|
|
|
|
# Compilation
|
2024-01-25 19:44:24 +00:00
|
|
|
yes "" | make olddefconfig
|
2022-10-27 16:16:22 +00:00
|
|
|
make menuconfig
|
2024-01-25 19:44:24 +00:00
|
|
|
# Exit if making no changes
|
|
|
|
|
2022-10-27 16:16:22 +00:00
|
|
|
echo "Compiling "$KVER""
|
2024-01-25 19:44:24 +00:00
|
|
|
make -j $(nproc --all)
|
2022-10-27 16:16:22 +00:00
|
|
|
|
2024-01-25 19:44:24 +00:00
|
|
|
# Installing kernel
|
|
|
|
## Ensure /boot is rw
|
2022-10-27 16:16:22 +00:00
|
|
|
mount -o remount,rw /boot
|
2024-02-01 14:59:50 +00:00
|
|
|
make -j $(nproc --all)
|
|
|
|
command -v installkernel && make modules_install INSTALL_MOD_STRIP=1 install
|
2022-10-27 16:16:22 +00:00
|
|
|
|
|
|
|
# remove sysmap/signing keys
|
|
|
|
rm /lib/modules/"$KVER"_1/source/certs/signing_key*
|
2024-02-01 14:59:50 +00:00
|
|
|
rm /lib/modules/"$KVER"_1/source/System.map
|