62 lines
1.8 KiB
Bash
62 lines
1.8 KiB
Bash
#!/bin/bash
|
|
|
|
# Set Kernel Version Variable
|
|
#KVER='6.6.15-hardened1'
|
|
#KVER='5.10.145-hardened1'
|
|
|
|
# Dependencies
|
|
xbps-install -Sy make gcc xz elfutils elfutils-devel flex ncurses-devel openssl openssl-devel argp-standalone gcc-ada mpc libmpc-devel gmp-devel perl
|
|
|
|
function set_kver() {
|
|
echo "Enter the kernel version to use (e.g., '6.6.15-hardened1'):"
|
|
while true; do
|
|
read -e -i "${KVER:-}" -p "" KVER
|
|
if [[ $(echo $KVER | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-hardened1)$') == '' ]]; then
|
|
echo "Invalid format.";
|
|
else
|
|
break;
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Invoke function to prompt end-user for desired version (must be an active release in the Anthraxx Linux-Hardened repository)
|
|
set_kver
|
|
|
|
# Staging w/ error handling
|
|
if [[ ! -f /usr/src/"$KVER".tar.gz ]]; then
|
|
/usr/bin/curl --verbose --tlsv1.3 --proto =https -L -O --url "https://github.com/anthraxx/linux-hardened/archive/refs/tags/$KVER.tar.gz"
|
|
fi
|
|
|
|
if [[ ! -d /usr/src/linux-hardened-"$KVER" ]]; then
|
|
tar -xf "$KVER".tar.gz -C /usr/src/
|
|
fi
|
|
|
|
cd /usr/src/linux-hardened-"$KVER"
|
|
wget https://0xacab.org/optout/plague-kernel/-/raw/main/6.6.15-hardened1.config -O .config
|
|
|
|
|
|
# Address system and file timing for clock skew runtime compilation error
|
|
plague-time-sync
|
|
find . -type f | xargs -n 5 touch
|
|
make clean
|
|
|
|
# Compilation
|
|
make oldconfig
|
|
make menuconfig
|
|
|
|
echo "Compiling "$KVER""
|
|
make -j $(nproc --all)
|
|
make modules_install INSTALL_MOD_STRIP=1 install
|
|
|
|
# Ensure /boot is rw
|
|
mount -o remount,rw /boot
|
|
cp ./arch/x86_64/boot/bzImage /boot/vmlinuz-"$KVER"_1
|
|
dracut --kver "$KVER"_1 --force
|
|
grub-mkconfig -o /boot/grub/grub.cfg
|
|
|
|
# remove sysmap/signing keys
|
|
rm /lib/modules/"$KVER"_1/source/certs/signing_key*
|
|
rm /lib/modules/"$KVER"_1/source/System.map
|
|
rm /lib/modules/"$KVER"_1/source
|
|
rm /lib/modules/"$KVER"_1/build
|