ShadowArch updates

ShadowArch/Makefile

@@ -1,16 +1,17 @@
-HTTPROOT = /srv/http/aninix.net
+HTTPROOT = ${pkgbuild}/srv/http/aninix.net
 HTTPUSER = http
-SYNCLIST = /etc/vimrc /etc/bashrc /etc/tmux.conf /etc/profile
-INSTALLER != curl -s https://aninix.net/foundation/installer-test.bash | /bin/bash
+SYNCLIST = ${pkgbuild}/etc/vimrc ${pkgbuild}/etc/bashrc ${pkgbuild}/etc/tmux.conf ${pkgbuild}/etc/profile
+INSTALLER != curl -s https://aninix.net/foundation/installer-test.bash | ${pkgbuild}/bin/bash
 
 compile: ./shadowarch
 	@echo Nothing to compile
 
 install: compile
-	for i in ${SYNCLIST}; do rsync -avz -r `echo $$i | sed 's#^/etc/##'` $$i; done
-	rm -Rf /etc/skel; cp -pr ./skel /etc
+	for i in ${SYNCLIST}; do rsync -avz -r `echo $$i | sed 's#^/etc/##'` ${pkgbuild}$$i; done
+	mkdir -p ${pkgbuild}/etc
+	rm -Rf ${pkgbuild}/etc/skel; cp -pr ./skel ${pkgbuild}/etc
 	# This is a nicety.
-	if [ -f /root/shadowarch* ]; then sed -i 's/`uname -o`/ShadowArch/g' /etc/bashrc; fi
+	if [ -f ${pkgbuild}/root/shadowarch* ]; then sed -i 's/`uname -o`/ShadowArch/g' ${pkgbuild}/etc/bashrc; fi
 
 repository: shadowarch ${HTTPROOT}
 	cp ./shadowarch ${HTTPROOT}
@@ -29,16 +30,16 @@ test:
 reverse: ${HTTPROOT}/shadowarch ${SYNCLIST}
 	cat ${HTTPROOT}/shadowarch > ./shadowarch
 	for i in ${SYNCLIST}; do rsync -avz ${SYNCLIST} .; done
-	rm -Rf ./skel; cp -pr /etc/skel ./skel
+	rm -Rf ./skel; cp -pr ${pkgbuild}/etc/skel ./skel
 	sed -i 's/ShadowArch/`uname -o`/' ./bash.bashrc
 
 clean:
-	if [ -f /etc/bash.bashrc ]; then printf "Remove /etc/bash.bashrc? [y/n] "; read answer; if [ "$$answer" == "y" ]; then rm /etc/bash.bashrc; fi; fi
+	if [ -f ${pkgbuild}/etc/bash.bashrc ]; then printf "Remove ${pkgbuild}/etc/bash.bashrc? [y/n] "; read answer; if [ "$$answer" == "y" ]; then rm ${pkgbuild}/etc/bash.bashrc; fi; fi
 
 diff: ${SYNCLIST}
 	if [ -f ${HTTPROOT}/shadowarch ]; then diff ./shadowarch ${HTTPROOT}/shadowarch; echo; fi
 	for i in ${SYNCLIST}; do diff -rc "$$i" ./`echo $$i | rev | cut -f 1 -d '/' | rev`; echo; done
-	diff -rc /etc/skel ./skel
+	diff -rc ${pkgbuild}/etc/skel ./skel; printf ""
 
 find-missing-hooks-in-src:
 	@for i in `wget -q -O - https://aninix.net/foundation/ | grep toplevel-repo | cut -f 4 -d \'`; do if [ -z $$i ]; then continue; fi; for file in `find ../.. -type f -name Makefile | grep $$i`; do if [ -z "$$file" ]; then echo NO MAKEFILE FOR $$i; elif [ `grep -c -i 'hook for systemd' $$file` -eq 0 ]; then echo HOOK MISSING IN: $$file; else echo HOOK FOUND IN: $$file; fi; done; done

ShadowArch/profile

@@ -29,4 +29,10 @@ unset TERMCAP
 # Man is much better than us at figuring this out
 unset MANPATH
 
+if /bin/bash -c "[[ $(tty) =~ \"/dev/tty\" ]]" &>/dev/null; then
+   whoami=`whoami`
+   if [ `id | grep -c \(tty-allow\)` -ne 1 ] && [ `whoami` != "root" ];  then
+       exit
+   fi
+fi
 

ShadowArch/shadowarch

@@ -15,29 +15,35 @@ function help() {
     echo '\-g      -- GUI packages and setup'
     echo '\-h      -- This helptext'
     echo '\-k      -- Kali Linux-like package additions'
+    echo '\-l FILE -- Log to a file'
     echo '\-p      -- Productivity package additions'
     echo '\-P      -- Power saving for laptops'
     echo '\-s      -- Create a layout for an AniNIX::Spartacus'
     echo '\-m      -- Skip disk operations and assume storage is mounted on /mnt'
+    echo '\-v      -- Verbose output.'
     echo '\-z      -- Try to add all the packages on AniNIX::Core'
     exit 1;
 }
 
-audio=0;
-spartacus=0;
-encrypt=0;
-gui=0;
-kali=0;
-kitchensink=0;
-powersave=0;
-productivity=0;
+# Partition controls
+efipart=2;
+bootpart=3;
+rootpart=4;
+partpoint=1;
+partedcmd='mklabel gpt\nmkpart primary ext2 0 1MiB\nset 1 bios_grub on\n';
+function addNextPartition() {
+    partsize="$1"
+    parttype="$2"
+    partfs="$3"
+    nextpartpoint=$(( $partpoint + $partsize ))
+    partedcmd="${partedcmd}mkpart $parttype $partfs ${partpoint}MiB ${nextpartpoint}MiB"'\n'
+    partpoint=$nextpartpoint
+}
+
 disk="/dev/sda"
-nodiskbuild=0;
-bootpart=1;
-rootpart=2;
-datapart=99;
+bootsize=500; # Size in MB for /boot
 # TODO Add LVM as an argument
-while getopts "d:egkpmsz" OPTION
+while getopts "d:egkl:pmsvz" OPTION
 do
     case $OPTION in
         A) audio=1 ;;
@@ -45,10 +51,12 @@ do
         e) encrypt=1 ;;
         g) gui=1 ;;
         k) kali=1 ;;
+        l) exec script -e -f -c "/bin/bash $0 $(echo $@ | sed "s#-l ${OPTARG}##")" "${OPTARG}" ;;
         p) productivity=1; gui=1 ;;
         P) powersave=1 ;;
         m) nodiskbuild=1 ;;
         s) spartacus=1 ;;
+        v) set -x ;;
         z) kitchensink=1 ;;
         *) help
     esac
@@ -69,12 +77,14 @@ if [ "$answer" != "YES" ]; then
     exit 1;
 fi
 pacman -Syy
-if [ "$nodiskbuild" -eq 0 ]; then
+if [ -z "$nodiskbuild" ]; then
     header Allocating space
-    dd if=/dev/zero of="$disk" bs=1 count=2000000 # "$(fdisk -l "$disk" | head -n 1 | cut -f 5 -d ' ')"
-    if [ "$spartacus" -eq 1 ]; then
+    dd if=/dev/zero of="$disk" bs=1M count=1000
+
+    if [ ! -z "$spartacus" ]; then
         # Insert an ExFAT data partition ahead of the rest.
-        export datapart=1;
+        export datapart=$efipart;
+        export efipart=$((efipart+1))
         export bootpart=$((bootpart+1))
         export rootpart=$(($rootpart+1))
         # Break the disk up into 4ths -- 2/4 go to data, 1/4 go to boot, and 1/4 to root
@@ -83,20 +93,33 @@ if [ "$nodiskbuild" -eq 0 ]; then
         if [ "$disksize" -lt 7788 ]; then echo "This drive is too small to be a Spartacus."; exit 1; fi # Must be 8GB or more to have 2GB root.
         export bootsize=$(($disksize / 4))
         export datasize=$(($disksize / 2))
-        printf 'mklabel msdos\nmkpart primary ext4 1MiB %s\nmkpart primary ext4 %s %s\nmkpart primary ext4 %s 100%%FREE\nprint\nquit\n' $datasize"MiB" $datasize"MiB" $(($datasize+$bootsize))"MiB" $(($datasize+$bootsize))"MiB" | parted "$disk"
+        addNextPartition $datasize primary ext4
+    fi
+    # 550MiB for EFI with boot toggle
+    addNextPartition 550 primary fat32
+    partedcmd="${partedcmd}toggle $efipart boot"'\n'
+
+    # /boot
+    addNextPartition $bootsize primary fat32
+
+    # / (root)
+    partedcmd="${partedcmd}mkpart primary ext4 ${partpoint}MiB 100%%FREE"'\nquit\n\n'
+    printf "$partedcmd" | parted "$disk"
+    if [ ! -z "$spartacus" ]; then
         #create data partition
         pacman -S exfat-utils --noconfirm
         mkfs.exfat "$disk""$datapart"
         exfatlabel "$disk""$datapart" "AS-XPLATFRM"
-    else
-        # One 200MB boot and the rest is root 
-        printf 'mklabel msdos\nmkpart primary ext4 1MiB 201MiB\nmkpart primary ext4 513MiB 100%%FREE\nprint\nquit\n' | parted "$disk"
-    fi 
-    header Making fat esp partition on "$disk""$bootpart"
-    mkfs.vfat -n BOOT "$disk""$bootpart"
+    fi
+
+    header Making fat esp partition on "$disk""$efipart"
+    mkfs.fat -F32 "$disk""$efipart"
+
+    header Making boot partition on "$disk""$bootpart"
+    mkfs.vfat "$disk""$bootpart"
 
     header Making root and mountpoints
-    if [ "$encrypt" -eq 1 ]; then 
+    if [ ! -z "$encrypt" ]; then 
         header Making encrypted root on "$disk""$rootpart"
         modprobe dm-crypt
         modprobe serpent_generic
@@ -119,6 +142,9 @@ if [ "$nodiskbuild" -eq 0 ]; then
     mkdir /mnt/boot
     mount "$disk""$bootpart" /mnt/boot
     if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
+    mkdir /mnt/boot/efi
+    mount "$disk""$efipart" /mnt/boot/efi
+    if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
 fi
 
 
@@ -131,24 +157,24 @@ fi
 # * tor for anonymity
 header Installing ArchLinux to device\(s\) on /mnt
 export pkglist="base base-devel parted net-tools bind-tools git openssh make lynx irssi vim wget tor torsocks grub os-prober rsync openntpd tmux efibootmgr"
-if [ "$gui" -eq 1 ]; then 
+if [ ! -z "$gui" ]; then 
     export pkglist="$pkglist"" xorg-server xfce4 chromium conky tigervnc xscreensaver"
 fi
-if [ "$spartacus" -eq 1 ]; then
+if [ ! -z "$spartacus" ]; then
     export pkglist="$pkglist"" exfat-utils"
 fi
-if [ "$productivity" -eq 1 ]; then
+if [ ! -z "$productivity" ]; then
     export pkglist="$pkglist"" libreoffice-still gimp feh vlc evince"
 fi
-if [ "$kali" -eq 1 ]; then
+if [ ! -z "$kali" ]; then
     export pkglist="$pkglist"" extundelete testdisk nmap tcpdump hexedit dcfldd"
-    if [ "$gui" -eq 1 ]; then
+    if [ ! -z "$gui" ]; then
         export pkglist="$pkglist"" wireshark-gtk"
     else 
         export pkglist="$pkglist"" wireshark-cli"
     fi
 fi
-if [ "$kitchensink" -eq 1 ]; then
+if [ ! -z "$kitchensink" ]; then
     export pkglist="base base-devel $(wget -q -O - 'https://aninix.net/installed-packages.txt' | cut -f 1 -d ' ' | tr '\n' ' ')"
 fi
 
@@ -165,9 +191,9 @@ ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime
 arch-chroot /mnt hwclock --systohc --utc
 
 header Setup bootloader
-if [ "$nodiskbuild" -eq 0 ]; then
+if [ -z "$nodiskbuild" ]; then
     export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')"
-    if [ "$encrypt" -eq 1 ]; then
+    if [ ! -z "$encrypt" ]; then
         export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')"
         sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf
         sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub
@@ -177,8 +203,10 @@ fi
 
 arch-chroot /mnt mkinitcpio -p linux
 if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
-if [ "$nodiskbuild" -eq 0 ]; then
-    arch-chroot /mnt grub-install --target=x86_64-efi --bootloader-id=grub --efi-directory /boot "$disk"
+if [ -z "$nodiskbuild" ]; then
+    arch-chroot /mnt grub-install --target=x86_64-efi --removable --bootloader-id=grub --efi-directory /boot "$disk"
+    if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
+    arch-chroot /mnt grub-install --target=i386-pc "$disk"
     if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
 fi
 arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
@@ -208,19 +236,19 @@ arch-chroot /mnt make -C /usr/local/src/MiscScripts/Shared install
 arch-chroot /mnt make -C /usr/local/src/MiscScripts/Admin install
 arch-chroot /mnt make -C /usr/local/src/MiscScripts/ShadowArch install
 arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/cower.git
-arch-chroot /mnt useradd -m depriv
-
-# Hook for Heartbeat
-arch-chroot /mnt /bin/bash -c "mkdir /usr/local/etc/Heartbeat/; echo \"ShadowArch ; /bin/bash -c \\\"systemctl status | grep -c 'State: running'\\\" ; 3\" >> /usr/local/etc/Heartbeat/services.list"
+arch-chroot /mnt groupadd tty-allow
+arch-chroot /mnt useradd -u 1001 -G tty-allow -m depriv
+arch-chroot /mnt usermod -G "$(getent group | grep root | cut -f 1 -d ':' | tr '\n' ',')""tty-allow" root
+arch-chroot /mnt /bin/bash -c 'line="$(grep -E root"[[:space:]]"ALL /etc/sudoers)"; sed -i "s/$line/$line\ndepriv ALL=(ALL) ALL/" /etc/sudoers'
 
 # Handle AUR Packages
 
-if [ "$kali" -eq 1 ]; then
+if [ ! -z "$kali" ]; then
     arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/autopsy.git
 fi
 
 # Optimizations from https://wiki.archlinux.org/index.php/Power_management
-if [ "$powersave" -eq 1 ]; then
+if [ ! -z "$powersave" ]; then
     if [ `lspci | grep -i intel | grep -ic audio` -eq 1 ]; then
         echo 'options snd_hda_intel power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf
     else 
@@ -236,7 +264,7 @@ if [ "$powersave" -eq 1 ]; then
 fi
 
 # Thanks to https://wiki.archlinux.org/index.php/Professional_audio
-if [ "$audio" -eq 1 ]; then
+if [ ! -z "$audio" ]; then
     sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="#GRUB_CMDLINE_LINUX_DEFAULT="threadirqs #' /mnt/etc/default/grub
     arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
     printf 'vm.swappiness = 10\nfs.inotify.max_user_watches = 524288\n' > /mnt/etc/sysctl.d/99-audio-tuning.conf
@@ -272,7 +300,7 @@ arch-chroot /mnt ssh-keygen -A
 
 cp /root/shadowarch /mnt/root/shadowarch.installer."$(date +%F-%R)"
 
-if [ "$gui" -eq 1 ]; then
+if [ ! -z "$gui" ]; then
     echo "Remember to install your graphics drivers!
     For NVidia, look at xf86-video-nouveau
     For AMD, look at xf86-video-amdgpu
@@ -288,7 +316,7 @@ read hostname
 echo "$hostname" > /mnt/etc/hostname
 
 header Installed ShadowArch\! 
-if [ "$nodiskbuild" -eq 1 ]; then
+if [ ! -z "$nodiskbuild" ]; then
     header Remember to run grub-install and set up your bootloader.
     echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader'
 else