AniNIX/ShadowArch
AniNIX/ShadowArch
3
0
Fork 0
Code Issues 1 Pull Requests 1 Releases Wiki Activity

Fixes

Browse Source
This commit is contained in:
DarkFeather 2016-11-29 15:00:15 -06:00
parent 4cb91f09f0
commit 92d4293efe
2 changed files with 75 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ShadowArch/Makefile
View File

@ -17,7 +17,8 @@ checkperm:
chown ${HTTPUSER} ${HTTPROOT}/shadowarch chown ${HTTPUSER} ${HTTPROOT}/shadowarch
test: test:
./shadowarch -h bash -n shadowarch
bash ./shadowarch -h || echo Success.
reverse: ${HTTPROOT}/shadowarch /root/bin/shadowarch-tar-gen reverse: ${HTTPROOT}/shadowarch /root/bin/shadowarch-tar-gen
cp ${HTTPROOT}/shadowarch . cp ${HTTPROOT}/shadowarch .

144
ShadowArch/shadowarch
View File

@ -9,15 +9,15 @@ function header () {
} }
function help() { function help() {
echo Usage: ${0} '[OPTIONS]' echo Usage: ${0} '[OPTIONS]'
echo '\-d DISK -- Use the disk.' echo '-d DISK -- Use the disk.'
echo '\-e -- Encrypt the root partition' echo '-e -- Encrypt the root partition'
echo '\-g -- GUI packages and setup' echo '-g -- GUI packages and setup'
echo '\-h -- This helptext' echo '-h -- This helptext'
echo '\-k -- Kali Linux-like package additions' echo '-k -- Kali Linux-like package additions'
echo '\-p -- Productivity package additions' echo '-p -- Productivity package additions'
echo '\-s -- Create a layout for an AniNIX::Spartacus' echo '-s -- Create a layout for an AniNIX::Spartacus'
echo '\-m -- Skip disk operations and assume storage is mounted on /mnt' echo '-m -- Skip disk operations and assume storage is mounted on /mnt'
echo '\-z -- Try to add all the packages on AniNIX::Core' echo '-z -- Try to add all the packages on AniNIX::Core'
exit 1; exit 1;
} }
@ -33,15 +33,16 @@ bootpart=1;
rootpart=2; rootpart=2;
datapart=99; datapart=99;
# TODO Add LVM as an argument # TODO Add LVM as an argument
while getopts "ed:gps" OPTION while getopts "d:eghkmpsz" OPTION
do do
case $OPTION in case $OPTION in
d) disk=${OPTARG} ;; d) disk=${OPTARG} ;;
e) encrypt=1 ;; e) encrypt=1 ;;
g) gui=1 ;; g) gui=1 ;;
h) help ;;
k) kali=1 ;; k) kali=1 ;;
p) productivity=1; gui=1 ;;
m) nodiskbuild=1 ;; m) nodiskbuild=1 ;;
p) productivity=1; gui=1 ;;
s) spartacus=1 ;; s) spartacus=1 ;;
z) kitchensink=1 ;; z) kitchensink=1 ;;
*) help *) help
@ -64,57 +65,58 @@ if [ "$answer" != "YES" ]; then
fi fi
pacman -Syy pacman -Syy
if [ "$nodiskbuild" -eq 0 ]; then if [ "$nodiskbuild" -eq 0 ]; then
header Allocating space header Allocating space
dd if=/dev/zero of="$disk" bs=1 count=2000000 # "$(fdisk -l "$disk" | head -n 1 | cut -f 5 -d ' ')" dd if=/dev/zero of="$disk" bs=1 count=2000000 # "$(fdisk -l "$disk" | head -n 1 | cut -f 5 -d ' ')"
if [ "$spartacus" -eq 1 ]; then if [ "$spartacus" -eq 1 ]; then
# Insert an ExFAT data partition ahead of the rest. # Insert an ExFAT data partition ahead of the rest.
export datapart=1; export datapart=1;
export bootpart=$((bootpart+1)) export bootpart=$((bootpart+1))
export rootpart=$(($rootpart+1)) export rootpart=$(($rootpart+1))
# Break the disk up into 4ths -- 2/4 go to data, 1/4 go to boot, and 1/4 to root # Break the disk up into 4ths -- 2/4 go to data, 1/4 go to boot, and 1/4 to root
export disksize=$(($(fdisk -l $disk | head -n 1 | cut -f 5 -d ' ') / 1048576)) # Return disk size in MB export disksize=$(($(fdisk -l $disk | head -n 1 | cut -f 5 -d ' ') / 1048576)) # Return disk size in MB
if [ "$disksize" == "" ]; then echo "Can't identify disk size"; exit 1; fi if [ "$disksize" == "" ]; then echo "Can't identify disk size"; exit 1; fi
if [ "$disksize" -lt 7788 ]; then echo "This drive is too small to be a Spartacus."; exit 1; fi # Must be 8GB or more to have 2GB root. if [ "$disksize" -lt 7788 ]; then echo "This drive is too small to be a Spartacus."; exit 1; fi # Must be 8GB or more to have 2GB root.
export bootsize=$(($disksize / 4)) export bootsize=$(($disksize / 4))
export datasize=$(($disksize / 2)) export datasize=$(($disksize / 2))
printf 'mklabel msdos\nmkpart primary ext4 1MiB %s\nmkpart primary ext4 %s %s\nmkpart primary ext4 %s 100%%FREE\nprint\nquit\n' $datasize"MiB" $datasize"MiB" $(($datasize+$bootsize))"MiB" $(($datasize+$bootsize))"MiB" | parted "$disk" printf 'mklabel msdos\nmkpart primary ext4 1MiB %s\nmkpart primary ext4 %s %s\nmkpart primary ext4 %s 100%%FREE\nprint\nquit\n' $datasize"MiB" $datasize"MiB" $(($datasize+$bootsize))"MiB" $(($datasize+$bootsize))"MiB" | parted "$disk"
#create data partition #create data partition
pacman -S exfat-utils --noconfirm pacman -S exfat-utils --noconfirm
mkfs.exfat "$disk""$datapart" mkfs.exfat "$disk""$datapart"
exfatlabel "$disk""$datapart" "AS-XPLATFRM" exfatlabel "$disk""$datapart" "AS-XPLATFRM"
else else
# One 200MB boot and the rest is root # One 200MB boot and the rest is root
printf 'mklabel msdos\nmkpart primary ext4 1MiB 201MiB\nmkpart primary ext4 513MiB 100%%FREE\nprint\nquit\n' | parted "$disk" printf 'mklabel msdos\nmkpart primary ext4 1MiB 201MiB\nmkpart primary ext4 513MiB 100%%FREE\nprint\nquit\n' | parted "$disk"
fi fi
header Making ext4 boot partition on "$disk""$bootpart" header Making ext4 boot partition on "$disk""$bootpart"
mkfs.ext4 "$disk""$bootpart" mkfs.ext4 "$disk""$bootpart"
tune2fs -L "BOOT" "$disk""$bootpart" tune2fs -L "BOOT" "$disk""$bootpart"
header Making root and mountpoints header Making root and mountpoints
if [ "$encrypt" -eq 1 ]; then if [ "$encrypt" -eq 1 ]; then
header Making encrypted root on "$disk""$rootpart" header Making encrypted root on "$disk""$rootpart"
modprobe dm-crypt modprobe dm-crypt
modprobe serpent_generic modprobe serpent_generic
header Formatting root -- make sure to enter YES followed by a strong passphrase. header Formatting root -- make sure to enter YES followed by a strong passphrase.
cryptsetup luksFormat -c serpent-xts-plain64 -h sha512 --key-size 512 "$disk""$rootpart" cryptsetup luksFormat -c serpent-xts-plain64 -h sha512 --key-size 512 "$disk""$rootpart"
header Unlocking root header Unlocking root
cryptsetup luksOpen "$disk""$rootpart" cryptroot cryptsetup luksOpen "$disk""$rootpart" cryptroot
mkfs.xfs -f /dev/mapper/cryptroot mkfs.xfs -f /dev/mapper/cryptroot
xfs_admin -L ROOT /dev/mapper/cryptroot xfs_admin -L ROOT /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt mount /dev/mapper/cryptroot /mnt
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
else else
header Making root on "$disk""$rootpart" header Making root on "$disk""$rootpart"
mkfs.xfs -f "$disk""$rootpart" mkfs.xfs -f "$disk""$rootpart"
xfs_admin -L ROOT "$disk""$rootpart" xfs_admin -L ROOT "$disk""$rootpart"
mount "$disk""$rootpart" /mnt mount "$disk""$rootpart" /mnt
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi
mkdir /mnt/boot
mount "$disk""$bootpart" /mnt/boot
if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi fi
mkdir /mnt/boot
mount "$disk""$bootpart" /mnt/boot
if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
# Install ArchLinux with basic clients for the AniNIX Services. # Install ArchLinux with basic clients for the AniNIX Services.
# * git for Foundation # * git for Foundation
@ -148,7 +150,7 @@ fi
yes "" | pacstrap -i /mnt $pkglist yes "" | pacstrap -i /mnt $pkglist
if [ $? -ne 0 ]; then header ERROR: Cannot continue -- pacstrap failed; exit 1; fi if [ $? -ne 0 ]; then header ERROR: Cannot continue -- pacstrap failed; exit 1; fi
header Create FSTAB header Create FSTAB
genfstab -U /mnt >> /mnt/etc/fstab genfstab -U /mnt >> /mnt/etc/fstab
@ -160,13 +162,13 @@ arch-chroot /mnt hwclock --systohc --utc
header Setup bootloader header Setup bootloader
if [ "$nodiskbuild" -eq 0 ]; then if [ "$nodiskbuild" -eq 0 ]; then
export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')" export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')"
if [ "$encrypt" -eq 1 ]; then if [ "$encrypt" -eq 1 ]; then
export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')" export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')"
sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf
sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub
sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub # Fix for CVE-2016-4484 sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub # Fix for CVE-2016-4484
fi fi
fi fi
arch-chroot /mnt mkinitcpio -p linux arch-chroot /mnt mkinitcpio -p linux
@ -252,9 +254,9 @@ if [ "$nodiskbuild" -eq 1 ]; then
header Remember to run grub-install and set up your bootloader. header Remember to run grub-install and set up your bootloader.
echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader' echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader'
else else
header Press enter to reboot. header Press enter to reboot.
read read
# Reboot # Reboot
shutdown -r now shutdown -r now
fi fi