100 lines
3.4 KiB
Bash
100 lines
3.4 KiB
Bash
|
#!/bin/bash
|
||
|
## Script is designed to streamline the self-compilation process for the end-user.
|
||
|
## This entails staging linux-hardened, pulling PlagueOS kernel configuration, fingerprinting hardware, then compiling the minimalist kernel.
|
||
|
## Main benefit of self-compilation is you are not reliant on the upstream hardened configuration that must support various classes of hardware.
|
||
|
### This kernel is your own.
|
||
|
|
||
|
# Ensure /boot is writeable
|
||
|
mount -o remount,rw /boot
|
||
|
|
||
|
# Set Kernel Version (KVER)
|
||
|
function set_kver() {
|
||
|
echo "Enter the kernel version to use (e.g., '6.6.18-hardened1'):"
|
||
|
while true; do
|
||
|
read -e -i "${KVER:-}" -p "" KVER
|
||
|
if [[ $(echo $KVER | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-hardened1)$') == '' ]]; then
|
||
|
echo "Invalid format.";
|
||
|
else
|
||
|
break;
|
||
|
fi
|
||
|
done
|
||
|
}
|
||
|
|
||
|
# Invoke function to prompt end-user for desired version (must be an active release in the Anthraxx Linux-Hardened repository)
|
||
|
set_kver
|
||
|
|
||
|
# Dependencies
|
||
|
declare -A osInfo
|
||
|
osInfo[/etc/void-release]="xbps"
|
||
|
osInfo[/etc/fedora-release]="dnf"
|
||
|
osInfo[/etc/debian_version]="apt-get"
|
||
|
|
||
|
echo "Package manager: $package_manager"
|
||
|
|
||
|
for f in ${!osInfo[@]}
|
||
|
do
|
||
|
if [[ -f $f ]]; then
|
||
|
package_manager=${osInfo[$f]}
|
||
|
if [[ $package_manager == "xbps" ]]; then
|
||
|
xbps-install -Sy make gcc xz elfutils elfutils-devel flex ncurses-devel openssl openssl-devel argp-standalone gcc-ada mpc libmpc-devel gmp-devel perl
|
||
|
elif [[ $package_manager == "dnf" ]]; then
|
||
|
sudo dnf install binutils /usr/include/{libelf.h,openssl/pkcs7.h} \
|
||
|
/usr/bin/{bc,bison,flex,gcc,git,openssl,make,perl,pahole,zstd}
|
||
|
elif [[ $package_manager == "apt-get" ]]; then
|
||
|
sudo apt-get install build-essential linux-source bc kmod cpio flex libncurses5-dev libelf-dev libssl-dev dwarves bison
|
||
|
fi
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
|
||
|
# Staging w/ error handling
|
||
|
# Pull down Anthraxx linux-hardened upstream
|
||
|
if [[ ! -f /usr/src/"$KVER".tar.gz ]]; then
|
||
|
/usr/bin/curl --verbose --tlsv1.3 --proto =https -L -O --url "https://github.com/anthraxx/linux-hardened/archive/refs/tags/$KVER.tar.gz"
|
||
|
fi
|
||
|
|
||
|
if [[ ! -d /usr/src/linux-hardened-"$KVER" ]]; then
|
||
|
tar -xf "$KVER".tar.gz -C /usr/src/
|
||
|
fi
|
||
|
|
||
|
cd /usr/src/linux-hardened-"$KVER"
|
||
|
|
||
|
# Pull down plague kconfig
|
||
|
wget https://0xacab.org/optout/plague-kernel/-/raw/main/6.6.18-hardened1.config -O .config
|
||
|
make localmodconfig
|
||
|
# make menuconfig # if tweaks are desired
|
||
|
|
||
|
# compile
|
||
|
make -j $(nproc --all)
|
||
|
make modules_install INSTALL_MOD_STRIP=1 install
|
||
|
|
||
|
# Re-determine via osInfo commands needed
|
||
|
for f in ${!osInfo[@]}
|
||
|
do
|
||
|
if [[ -f $f ]]; then
|
||
|
package_manager=${osInfo[$f]}
|
||
|
if [[ $package_manager == "xbps" ]]; then
|
||
|
cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-"$KVER"
|
||
|
dracut --kver "$KVER" --force
|
||
|
grub-mkconfig -o /boot/grub/grub.cfg
|
||
|
xbps-reconfigure -fa
|
||
|
/usr/bin/update-grub
|
||
|
elif [[ $package_manager == "dnf" ]]; then
|
||
|
command -v installkernel
|
||
|
elif [[ $package_manager == "apt-get" ]]; then
|
||
|
cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-"$KVER"
|
||
|
dracut --kver "$KVER" --force
|
||
|
update-grub2
|
||
|
fi
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
echo "Congrats! Your custom kernel based on the PlagueOS kernel configuration has been installed."
|
||
|
echo "Reboot now? (y/N): "
|
||
|
read reboot_opt
|
||
|
|
||
|
if [[ "$reboot_opt" == "Y" ]]; then
|
||
|
reboot
|
||
|
else
|
||
|
exit
|
||
|
fi
|