#!/bin/bash # Set Kernel Version Variable #KVER='6.6.15-hardened1' #KVER='5.10.145-hardened1' # Dependencies xbps-install -Sy make gcc xz elfutils elfutils-devel flex ncurses-devel openssl openssl-devel argp-standalone gcc-ada mpc libmpc-devel gmp-devel perl function set_kver() { echo "Enter the kernel version to use (e.g., '6.6.15-hardened1'):" while true; do read -e -i "${KVER:-}" -p "" KVER if [[ $(echo $KVER | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-hardened1)$') == '' ]]; then echo "Invalid format."; else break; fi done } # Invoke function to prompt end-user for desired version (must be an active release in the Anthraxx Linux-Hardened repository) set_kver # Staging w/ error handling if [[ ! -f /usr/src/"$KVER".tar.gz ]]; then /usr/bin/curl --verbose --tlsv1.3 --proto =https -L -O --url "https://github.com/anthraxx/linux-hardened/archive/refs/tags/$KVER.tar.gz" fi if [[ ! -d /usr/src/linux-hardened-"$KVER" ]]; then tar -xf "$KVER".tar.gz -C /usr/src/ fi cd /usr/src/linux-hardened-"$KVER" wget https://0xacab.org/optout/plague-kernel/-/raw/main/5.10-hardened.config -O .config # Address system and file timing for clock skew runtime compilation error plague-time-sync find . -type f | xargs -n 5 touch make clean # Compilation make oldconfig make menuconfig echo "Compiling "$KVER"" make -j $(nproc --all) make modules_install INSTALL_MOD_STRIP=1 install # Ensure /boot is rw mount -o remount,rw /boot cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-"$KVER"_1 dracut --kver "$KVER"_1 --force grub-mkconfig -o /boot/grub/grub.cfg # remove sysmap/signing keys rm /lib/modules/"$KVER"_1/source/certs/signing_key* rm /lib/modules/"$KVER"_1/source/System.map rm /lib/modules/"$KVER"_1/source rm /lib/modules/"$KVER"_1/build