ShadowArch updates

This commit is contained in:
DarkFeather 2018-02-14 03:20:12 -06:00
parent 93a757a586
commit 2398d69139
3 changed files with 88 additions and 53 deletions

View File

@ -1,16 +1,17 @@
HTTPROOT = /srv/http/aninix.net HTTPROOT = ${pkgbuild}/srv/http/aninix.net
HTTPUSER = http HTTPUSER = http
SYNCLIST = /etc/vimrc /etc/bashrc /etc/tmux.conf /etc/profile SYNCLIST = ${pkgbuild}/etc/vimrc ${pkgbuild}/etc/bashrc ${pkgbuild}/etc/tmux.conf ${pkgbuild}/etc/profile
INSTALLER != curl -s https://aninix.net/foundation/installer-test.bash | /bin/bash INSTALLER != curl -s https://aninix.net/foundation/installer-test.bash | ${pkgbuild}/bin/bash
compile: ./shadowarch compile: ./shadowarch
@echo Nothing to compile @echo Nothing to compile
install: compile install: compile
for i in ${SYNCLIST}; do rsync -avz -r `echo $$i | sed 's#^/etc/##'` $$i; done for i in ${SYNCLIST}; do rsync -avz -r `echo $$i | sed 's#^/etc/##'` ${pkgbuild}$$i; done
rm -Rf /etc/skel; cp -pr ./skel /etc mkdir -p ${pkgbuild}/etc
rm -Rf ${pkgbuild}/etc/skel; cp -pr ./skel ${pkgbuild}/etc
# This is a nicety. # This is a nicety.
if [ -f /root/shadowarch* ]; then sed -i 's/`uname -o`/ShadowArch/g' /etc/bashrc; fi if [ -f ${pkgbuild}/root/shadowarch* ]; then sed -i 's/`uname -o`/ShadowArch/g' ${pkgbuild}/etc/bashrc; fi
repository: shadowarch ${HTTPROOT} repository: shadowarch ${HTTPROOT}
cp ./shadowarch ${HTTPROOT} cp ./shadowarch ${HTTPROOT}
@ -29,16 +30,16 @@ test:
reverse: ${HTTPROOT}/shadowarch ${SYNCLIST} reverse: ${HTTPROOT}/shadowarch ${SYNCLIST}
cat ${HTTPROOT}/shadowarch > ./shadowarch cat ${HTTPROOT}/shadowarch > ./shadowarch
for i in ${SYNCLIST}; do rsync -avz ${SYNCLIST} .; done for i in ${SYNCLIST}; do rsync -avz ${SYNCLIST} .; done
rm -Rf ./skel; cp -pr /etc/skel ./skel rm -Rf ./skel; cp -pr ${pkgbuild}/etc/skel ./skel
sed -i 's/ShadowArch/`uname -o`/' ./bash.bashrc sed -i 's/ShadowArch/`uname -o`/' ./bash.bashrc
clean: clean:
if [ -f /etc/bash.bashrc ]; then printf "Remove /etc/bash.bashrc? [y/n] "; read answer; if [ "$$answer" == "y" ]; then rm /etc/bash.bashrc; fi; fi if [ -f ${pkgbuild}/etc/bash.bashrc ]; then printf "Remove ${pkgbuild}/etc/bash.bashrc? [y/n] "; read answer; if [ "$$answer" == "y" ]; then rm ${pkgbuild}/etc/bash.bashrc; fi; fi
diff: ${SYNCLIST} diff: ${SYNCLIST}
if [ -f ${HTTPROOT}/shadowarch ]; then diff ./shadowarch ${HTTPROOT}/shadowarch; echo; fi if [ -f ${HTTPROOT}/shadowarch ]; then diff ./shadowarch ${HTTPROOT}/shadowarch; echo; fi
for i in ${SYNCLIST}; do diff -rc "$$i" ./`echo $$i | rev | cut -f 1 -d '/' | rev`; echo; done for i in ${SYNCLIST}; do diff -rc "$$i" ./`echo $$i | rev | cut -f 1 -d '/' | rev`; echo; done
diff -rc /etc/skel ./skel diff -rc ${pkgbuild}/etc/skel ./skel; printf ""
find-missing-hooks-in-src: find-missing-hooks-in-src:
@for i in `wget -q -O - https://aninix.net/foundation/ | grep toplevel-repo | cut -f 4 -d \'`; do if [ -z $$i ]; then continue; fi; for file in `find ../.. -type f -name Makefile | grep $$i`; do if [ -z "$$file" ]; then echo NO MAKEFILE FOR $$i; elif [ `grep -c -i 'hook for systemd' $$file` -eq 0 ]; then echo HOOK MISSING IN: $$file; else echo HOOK FOUND IN: $$file; fi; done; done @for i in `wget -q -O - https://aninix.net/foundation/ | grep toplevel-repo | cut -f 4 -d \'`; do if [ -z $$i ]; then continue; fi; for file in `find ../.. -type f -name Makefile | grep $$i`; do if [ -z "$$file" ]; then echo NO MAKEFILE FOR $$i; elif [ `grep -c -i 'hook for systemd' $$file` -eq 0 ]; then echo HOOK MISSING IN: $$file; else echo HOOK FOUND IN: $$file; fi; done; done

View File

@ -29,4 +29,10 @@ unset TERMCAP
# Man is much better than us at figuring this out # Man is much better than us at figuring this out
unset MANPATH unset MANPATH
if /bin/bash -c "[[ $(tty) =~ \"/dev/tty\" ]]" &>/dev/null; then
whoami=`whoami`
if [ `id | grep -c \(tty-allow\)` -ne 1 ] && [ `whoami` != "root" ]; then
exit
fi
fi

View File

@ -15,29 +15,35 @@ function help() {
echo '\-g -- GUI packages and setup' echo '\-g -- GUI packages and setup'
echo '\-h -- This helptext' echo '\-h -- This helptext'
echo '\-k -- Kali Linux-like package additions' echo '\-k -- Kali Linux-like package additions'
echo '\-l FILE -- Log to a file'
echo '\-p -- Productivity package additions' echo '\-p -- Productivity package additions'
echo '\-P -- Power saving for laptops' echo '\-P -- Power saving for laptops'
echo '\-s -- Create a layout for an AniNIX::Spartacus' echo '\-s -- Create a layout for an AniNIX::Spartacus'
echo '\-m -- Skip disk operations and assume storage is mounted on /mnt' echo '\-m -- Skip disk operations and assume storage is mounted on /mnt'
echo '\-v -- Verbose output.'
echo '\-z -- Try to add all the packages on AniNIX::Core' echo '\-z -- Try to add all the packages on AniNIX::Core'
exit 1; exit 1;
} }
audio=0; # Partition controls
spartacus=0; efipart=2;
encrypt=0; bootpart=3;
gui=0; rootpart=4;
kali=0; partpoint=1;
kitchensink=0; partedcmd='mklabel gpt\nmkpart primary ext2 0 1MiB\nset 1 bios_grub on\n';
powersave=0; function addNextPartition() {
productivity=0; partsize="$1"
parttype="$2"
partfs="$3"
nextpartpoint=$(( $partpoint + $partsize ))
partedcmd="${partedcmd}mkpart $parttype $partfs ${partpoint}MiB ${nextpartpoint}MiB"'\n'
partpoint=$nextpartpoint
}
disk="/dev/sda" disk="/dev/sda"
nodiskbuild=0; bootsize=500; # Size in MB for /boot
bootpart=1;
rootpart=2;
datapart=99;
# TODO Add LVM as an argument # TODO Add LVM as an argument
while getopts "d:egkpmsz" OPTION while getopts "d:egkl:pmsvz" OPTION
do do
case $OPTION in case $OPTION in
A) audio=1 ;; A) audio=1 ;;
@ -45,10 +51,12 @@ do
e) encrypt=1 ;; e) encrypt=1 ;;
g) gui=1 ;; g) gui=1 ;;
k) kali=1 ;; k) kali=1 ;;
l) exec script -e -f -c "/bin/bash $0 $(echo $@ | sed "s#-l ${OPTARG}##")" "${OPTARG}" ;;
p) productivity=1; gui=1 ;; p) productivity=1; gui=1 ;;
P) powersave=1 ;; P) powersave=1 ;;
m) nodiskbuild=1 ;; m) nodiskbuild=1 ;;
s) spartacus=1 ;; s) spartacus=1 ;;
v) set -x ;;
z) kitchensink=1 ;; z) kitchensink=1 ;;
*) help *) help
esac esac
@ -69,12 +77,14 @@ if [ "$answer" != "YES" ]; then
exit 1; exit 1;
fi fi
pacman -Syy pacman -Syy
if [ "$nodiskbuild" -eq 0 ]; then if [ -z "$nodiskbuild" ]; then
header Allocating space header Allocating space
dd if=/dev/zero of="$disk" bs=1 count=2000000 # "$(fdisk -l "$disk" | head -n 1 | cut -f 5 -d ' ')" dd if=/dev/zero of="$disk" bs=1M count=1000
if [ "$spartacus" -eq 1 ]; then
if [ ! -z "$spartacus" ]; then
# Insert an ExFAT data partition ahead of the rest. # Insert an ExFAT data partition ahead of the rest.
export datapart=1; export datapart=$efipart;
export efipart=$((efipart+1))
export bootpart=$((bootpart+1)) export bootpart=$((bootpart+1))
export rootpart=$(($rootpart+1)) export rootpart=$(($rootpart+1))
# Break the disk up into 4ths -- 2/4 go to data, 1/4 go to boot, and 1/4 to root # Break the disk up into 4ths -- 2/4 go to data, 1/4 go to boot, and 1/4 to root
@ -83,20 +93,33 @@ if [ "$nodiskbuild" -eq 0 ]; then
if [ "$disksize" -lt 7788 ]; then echo "This drive is too small to be a Spartacus."; exit 1; fi # Must be 8GB or more to have 2GB root. if [ "$disksize" -lt 7788 ]; then echo "This drive is too small to be a Spartacus."; exit 1; fi # Must be 8GB or more to have 2GB root.
export bootsize=$(($disksize / 4)) export bootsize=$(($disksize / 4))
export datasize=$(($disksize / 2)) export datasize=$(($disksize / 2))
printf 'mklabel msdos\nmkpart primary ext4 1MiB %s\nmkpart primary ext4 %s %s\nmkpart primary ext4 %s 100%%FREE\nprint\nquit\n' $datasize"MiB" $datasize"MiB" $(($datasize+$bootsize))"MiB" $(($datasize+$bootsize))"MiB" | parted "$disk" addNextPartition $datasize primary ext4
fi
# 550MiB for EFI with boot toggle
addNextPartition 550 primary fat32
partedcmd="${partedcmd}toggle $efipart boot"'\n'
# /boot
addNextPartition $bootsize primary fat32
# / (root)
partedcmd="${partedcmd}mkpart primary ext4 ${partpoint}MiB 100%%FREE"'\nquit\n\n'
printf "$partedcmd" | parted "$disk"
if [ ! -z "$spartacus" ]; then
#create data partition #create data partition
pacman -S exfat-utils --noconfirm pacman -S exfat-utils --noconfirm
mkfs.exfat "$disk""$datapart" mkfs.exfat "$disk""$datapart"
exfatlabel "$disk""$datapart" "AS-XPLATFRM" exfatlabel "$disk""$datapart" "AS-XPLATFRM"
else
# One 200MB boot and the rest is root
printf 'mklabel msdos\nmkpart primary ext4 1MiB 201MiB\nmkpart primary ext4 513MiB 100%%FREE\nprint\nquit\n' | parted "$disk"
fi fi
header Making fat esp partition on "$disk""$bootpart"
mkfs.vfat -n BOOT "$disk""$bootpart" header Making fat esp partition on "$disk""$efipart"
mkfs.fat -F32 "$disk""$efipart"
header Making boot partition on "$disk""$bootpart"
mkfs.vfat "$disk""$bootpart"
header Making root and mountpoints header Making root and mountpoints
if [ "$encrypt" -eq 1 ]; then if [ ! -z "$encrypt" ]; then
header Making encrypted root on "$disk""$rootpart" header Making encrypted root on "$disk""$rootpart"
modprobe dm-crypt modprobe dm-crypt
modprobe serpent_generic modprobe serpent_generic
@ -119,6 +142,9 @@ if [ "$nodiskbuild" -eq 0 ]; then
mkdir /mnt/boot mkdir /mnt/boot
mount "$disk""$bootpart" /mnt/boot mount "$disk""$bootpart" /mnt/boot
if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
mkdir /mnt/boot/efi
mount "$disk""$efipart" /mnt/boot/efi
if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi fi
@ -131,24 +157,24 @@ fi
# * tor for anonymity # * tor for anonymity
header Installing ArchLinux to device\(s\) on /mnt header Installing ArchLinux to device\(s\) on /mnt
export pkglist="base base-devel parted net-tools bind-tools git openssh make lynx irssi vim wget tor torsocks grub os-prober rsync openntpd tmux efibootmgr" export pkglist="base base-devel parted net-tools bind-tools git openssh make lynx irssi vim wget tor torsocks grub os-prober rsync openntpd tmux efibootmgr"
if [ "$gui" -eq 1 ]; then if [ ! -z "$gui" ]; then
export pkglist="$pkglist"" xorg-server xfce4 chromium conky tigervnc xscreensaver" export pkglist="$pkglist"" xorg-server xfce4 chromium conky tigervnc xscreensaver"
fi fi
if [ "$spartacus" -eq 1 ]; then if [ ! -z "$spartacus" ]; then
export pkglist="$pkglist"" exfat-utils" export pkglist="$pkglist"" exfat-utils"
fi fi
if [ "$productivity" -eq 1 ]; then if [ ! -z "$productivity" ]; then
export pkglist="$pkglist"" libreoffice-still gimp feh vlc evince" export pkglist="$pkglist"" libreoffice-still gimp feh vlc evince"
fi fi
if [ "$kali" -eq 1 ]; then if [ ! -z "$kali" ]; then
export pkglist="$pkglist"" extundelete testdisk nmap tcpdump hexedit dcfldd" export pkglist="$pkglist"" extundelete testdisk nmap tcpdump hexedit dcfldd"
if [ "$gui" -eq 1 ]; then if [ ! -z "$gui" ]; then
export pkglist="$pkglist"" wireshark-gtk" export pkglist="$pkglist"" wireshark-gtk"
else else
export pkglist="$pkglist"" wireshark-cli" export pkglist="$pkglist"" wireshark-cli"
fi fi
fi fi
if [ "$kitchensink" -eq 1 ]; then if [ ! -z "$kitchensink" ]; then
export pkglist="base base-devel $(wget -q -O - 'https://aninix.net/installed-packages.txt' | cut -f 1 -d ' ' | tr '\n' ' ')" export pkglist="base base-devel $(wget -q -O - 'https://aninix.net/installed-packages.txt' | cut -f 1 -d ' ' | tr '\n' ' ')"
fi fi
@ -165,9 +191,9 @@ ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime
arch-chroot /mnt hwclock --systohc --utc arch-chroot /mnt hwclock --systohc --utc
header Setup bootloader header Setup bootloader
if [ "$nodiskbuild" -eq 0 ]; then if [ -z "$nodiskbuild" ]; then
export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')" export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')"
if [ "$encrypt" -eq 1 ]; then if [ ! -z "$encrypt" ]; then
export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')" export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')"
sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf
sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub
@ -177,8 +203,10 @@ fi
arch-chroot /mnt mkinitcpio -p linux arch-chroot /mnt mkinitcpio -p linux
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
if [ "$nodiskbuild" -eq 0 ]; then if [ -z "$nodiskbuild" ]; then
arch-chroot /mnt grub-install --target=x86_64-efi --bootloader-id=grub --efi-directory /boot "$disk" arch-chroot /mnt grub-install --target=x86_64-efi --removable --bootloader-id=grub --efi-directory /boot "$disk"
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
arch-chroot /mnt grub-install --target=i386-pc "$disk"
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi fi
arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
@ -208,19 +236,19 @@ arch-chroot /mnt make -C /usr/local/src/MiscScripts/Shared install
arch-chroot /mnt make -C /usr/local/src/MiscScripts/Admin install arch-chroot /mnt make -C /usr/local/src/MiscScripts/Admin install
arch-chroot /mnt make -C /usr/local/src/MiscScripts/ShadowArch install arch-chroot /mnt make -C /usr/local/src/MiscScripts/ShadowArch install
arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/cower.git arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/cower.git
arch-chroot /mnt useradd -m depriv arch-chroot /mnt groupadd tty-allow
arch-chroot /mnt useradd -u 1001 -G tty-allow -m depriv
# Hook for Heartbeat arch-chroot /mnt usermod -G "$(getent group | grep root | cut -f 1 -d ':' | tr '\n' ',')""tty-allow" root
arch-chroot /mnt /bin/bash -c "mkdir /usr/local/etc/Heartbeat/; echo \"ShadowArch ; /bin/bash -c \\\"systemctl status | grep -c 'State: running'\\\" ; 3\" >> /usr/local/etc/Heartbeat/services.list" arch-chroot /mnt /bin/bash -c 'line="$(grep -E root"[[:space:]]"ALL /etc/sudoers)"; sed -i "s/$line/$line\ndepriv ALL=(ALL) ALL/" /etc/sudoers'
# Handle AUR Packages # Handle AUR Packages
if [ "$kali" -eq 1 ]; then if [ ! -z "$kali" ]; then
arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/autopsy.git arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/autopsy.git
fi fi
# Optimizations from https://wiki.archlinux.org/index.php/Power_management # Optimizations from https://wiki.archlinux.org/index.php/Power_management
if [ "$powersave" -eq 1 ]; then if [ ! -z "$powersave" ]; then
if [ `lspci | grep -i intel | grep -ic audio` -eq 1 ]; then if [ `lspci | grep -i intel | grep -ic audio` -eq 1 ]; then
echo 'options snd_hda_intel power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf echo 'options snd_hda_intel power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf
else else
@ -236,7 +264,7 @@ if [ "$powersave" -eq 1 ]; then
fi fi
# Thanks to https://wiki.archlinux.org/index.php/Professional_audio # Thanks to https://wiki.archlinux.org/index.php/Professional_audio
if [ "$audio" -eq 1 ]; then if [ ! -z "$audio" ]; then
sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="#GRUB_CMDLINE_LINUX_DEFAULT="threadirqs #' /mnt/etc/default/grub sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="#GRUB_CMDLINE_LINUX_DEFAULT="threadirqs #' /mnt/etc/default/grub
arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
printf 'vm.swappiness = 10\nfs.inotify.max_user_watches = 524288\n' > /mnt/etc/sysctl.d/99-audio-tuning.conf printf 'vm.swappiness = 10\nfs.inotify.max_user_watches = 524288\n' > /mnt/etc/sysctl.d/99-audio-tuning.conf
@ -272,7 +300,7 @@ arch-chroot /mnt ssh-keygen -A
cp /root/shadowarch /mnt/root/shadowarch.installer."$(date +%F-%R)" cp /root/shadowarch /mnt/root/shadowarch.installer."$(date +%F-%R)"
if [ "$gui" -eq 1 ]; then if [ ! -z "$gui" ]; then
echo "Remember to install your graphics drivers! echo "Remember to install your graphics drivers!
For NVidia, look at xf86-video-nouveau For NVidia, look at xf86-video-nouveau
For AMD, look at xf86-video-amdgpu For AMD, look at xf86-video-amdgpu
@ -288,7 +316,7 @@ read hostname
echo "$hostname" > /mnt/etc/hostname echo "$hostname" > /mnt/etc/hostname
header Installed ShadowArch\! header Installed ShadowArch\!
if [ "$nodiskbuild" -eq 1 ]; then if [ ! -z "$nodiskbuild" ]; then
header Remember to run grub-install and set up your bootloader. header Remember to run grub-install and set up your bootloader.
echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader' echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader'
else else