Kezdőlap Felfedezés Súgó
Bejelentkezés
noah
/
videopc-infra
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: dc9a51949b
Branch-ok Tag-ek
videopc-infra
/
chroot.sh

chroot.sh 2.0 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. #!/bin/bash
    2. 

  2. 

  3. error_exit() {
    4. 

  4.     echo "$1"
    5. 

  5.     exit 1
    6. 

  6. }
    7. 

  7. 

  8. mkdir /etc/systemd/system/getty@tty1.service.d
    9. 

  9. echo '[Service]
    10. 

  10. ExecStart=
    11. 

  11. ExecStart=-/sbin/agetty -o "-p -f -- \\u" --noclear --autologin root %I $TERM' > /etc/systemd/system/getty@tty1.service.d/autologin.conf
    12. 

  12. 

  13. DRIVE=$(cat drive)
    14. 

  14. 

  15. ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
    16. 

  16. 

  17. hwclock --systohc
    18. 

  18. 

  19. echo "LANG=en_GB.UTF-8" >> /etc/locale.conf
    20. 

  20. echo "en_GB.UTF-8 UTF-8" >> /etc/locale.gen
    21. 

  21. locale-gen
    22. 

  22. 

  23. systemctl enable NetworkManager
    24. 

  24. 

  25. mkdir -p /efi/EFI/Linux
    26. 

  26. test -d /efi/EFI || error_exit "Error: EFI partition could not be mounted correctly."
    27. 

  27. 

  28. sed -i 's/block filesystems/block encrypt filesystems/' /etc/mkinitcpio.conf
    29. 

  29. 

  30. root_uuid="$(grep ext4 /etc/fstab | sed 's/^UUID=//; s/\s\/.*$//')"
    31. 

  31. drive2_uuid="$(blkid | grep "$DRIVE"2 | tr ' ' '\n' | grep ^UUID= | sed 's/^UUID="//; s/"//')"
    32. 

  32. 

  33. echo "pti=on page_alloc.shuffle=1 BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=$root_uuid rw cryptdevice=UUID=$drive2_uuid:cryptroot loglevel=7" > /etc/kernel/cmdline
    34. 

  34. chmod +w /etc/kernel/cmdline
    35. 

  35. 

  36. sb_status="$(sbctl status)"
    37. 

  37. echo "$sb_status" | grep "^Setup Mode:" | grep -q "Enabled" || error_exit "Error: Secure Boot not in Setup Mode. Please change UEFI settings."
    38. 

  38. echo "$sb_status" | grep "^Secure Boot:" | grep -q "Disabled" || error_exit "Error: Secure Boot enabled. Please change UEFI settings."
    39. 

  39. echo "$sb_status" | grep "^Vendor Keys:" | grep -q "none" || error_exit "Error: Vendor Keys present. Please change UEFI settings."
    40. 

  40. 

  41. sbctl bundle -s \
    42. 

  42.     -a /boot/amd-ucode.img \
    43. 

  43.     -k /boot/vmlinuz-linux \
    44. 

  44.     -f /boot/initramfs-linux.img \
    45. 

  45.     -c /etc/kernel/cmdline \
    46. 

  46.     /efi/EFI/Linux/ArchBundle.efi
    47. 

  47. 

  48. sbctl create-keys
    49. 

  49. sbctl generate-bundles --sign
    50. 

  50. sbctl enroll-keys -m || error_exit "Error: Could not enroll secure boot keys to UEFI."
    51. 

  51. 

  52. efibootmgr --create \
    53. 

  53.     --disk /dev/"$DRIVE" \
    54. 

  54.     --part 1 \
    55. 

  55.     --label "videopc signed efi bundle" \
    56. 

  56.     --loader /EFI/Linux/ArchBundle.efi || error_exit "Error: Could not create efi boot entry."
    57. 

  57. 

  58. mkinitcpio -P
    59. 

  59. 

  60. sbctl ls
    61. 

  61. error_exit "Error: Test Error."
    62. 

  62. 

  63. rm drive
    64.