#!/bin/bash # Set VAR KVER='6.6.15-hardened1' #KVER='5.10.145-hardened1' #KVER='5.15.74-hardened1' # Dependencies xbps-install -Sy make gcc xz elfutils elfutils-devel flex ncurses-devel openssl openssl-devel argp-standalone gcc-ada mpc libmpc-devel gmp-devel perl # Staging w/ error handling if [[ ! -f /usr/src/"$KVER".tar.gz ]]; then /usr/bin/curl --verbose --tlsv1.3 --proto =https -L -O --url "https://github.com/anthraxx/linux-hardened/archive/refs/tags/$KVER.tar.gz" fi if [[ ! -d /usr/src/linux-hardened-"$KVER" ]]; then tar -xf "$KVER".tar.gz -C /usr/src/ fi cd /usr/src/linux-hardened-"$KVER" wget https://0xacab.org/optout/plague-kernel/-/raw/main/5.10-hardened.config -O .config # Address system and file timing for clock skew runtime compilation error plague-time-sync find . -type f | xargs -n 5 touch make clean # Compilation make oldconfig make menuconfig echo "Compiling "$KVER"" make --jobs=$(nproc) make modules_install # Ensure /boot is rw mount -o remount,rw /boot cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-"$KVER"_1 dracut --kver "$KVER"_1 --force grub-mkconfig -o /boot/grub/grub.cfg # remove sysmap/signing keys rm /lib/modules/"$KVER"_1/source/certs/signing_key* rm /lib/modules/"$KVER"_1/source/System.map rm /lib/modules/"$KVER"_1/source rm /lib/modules/"$KVER"_1/build