Add lib-rust copy to bash_aliases for kernel build.

Add hibernation activation script. Fix up grub security installation. Fix up local mydebs repo installation.
2024-08-18 14:52:03 +01:00 · 2024-08-18 14:52:03 +01:00 · 0c6179c922
commit 0c6179c922
parent 722995617c
9 changed files with 71 additions and 4 deletions
--- a/activate-hibernate-support.sh
+++ b/activate-hibernate-support.sh
@ -0,0 +1,33 @@
+#!/bin/bash
+echo "[+] Activating hibernate support!";
+echo "[i] Pass the reserved swap size in bytes to reserve some swap space for non-hibernate image usage.";
+szresv=1073741824;
+if [[ "$1" =~ ^[0-9]+$ ]] && [ "$1" -gt 0 ]; then
+  szresv=$1;
+fi;
+szmem=$(free -b | awk '{print NR==1?$1:$1$2}' | grep 'Mem:' | sed -e "s/Mem://")
+szswap=$(free -b | awk '{print NR==1?$1:$1$2}' | grep 'Swap:' | sed -e "s/Swap://");
+if [ -z $szswap ]; then
+  echo "[-] No Swap Partition!";
+  exit 2;
+fi;
+szhiber=$(echo "$szswap - $szresv" | bc);
+if [ $szmem -gt $szhiber ]; then
+  echo "[-] Not enough swap space to hibernate!"
+  exit 1;
+fi;
+echo "[*] Hibernate image is $szhiber bytes!";
+sudo cp -f hibernate-source-files/enable-hibernate.pkla /etc/polkit-1/localauthority/90-mandatory.d/enable-hibernate.pkla;
+sudo rm -f /etc/systemd/system/hibernate_image_size.service;
+cat hibernate-source-files/hibernate_image_size.service.p1 | head -c -1 | sudo tee /etc/systemd/system/hibernate_image_size.service > /dev/null;
+echo -n "$szhiber" | sudo tee -a /etc/systemd/system/hibernate_image_size.service > /dev/null;
+cat hibernate-source-files/hibernate_image_size.service.p2 | head -c -1 | sudo tee -a /etc/systemd/system/hibernate_image_size.service > /dev/null;
+sudo rm -f /etc/tmpfiles.d/hibernation_image_size.conf;
+cat hibernate-source-files/hibernation_image_size.conf | head -c -1 | sudo tee /etc/tmpfiles.d/hibernation_image_size.conf > /dev/null;
+echo "$szhiber" | sudo tee -a /etc/tmpfiles.d/hibernation_image_size.conf > /dev/null;
+sudo systemctl daemon-reload;
+sudo systemctl enable --now hibernate_image_size.service;
+echo -n "$szhiber" | sudo tee /sys/power/image_size > /dev/null;
+echo "[+] Finished Hibernate Activation!";
+echo "[i] Check the grub file for linux kernel command line info for hibernating with a patched kernel under lockdown.";
+echo "[i] This file corresponds to /etc/default/grub";
--- a/1
+++ b/1
@ -85,6 +85,7 @@ function kernel-build() {
  sudo cp linux-headers-* /usr/local/mydebs/;
  sudo cp linux-libc-dev* /usr/local/mydebs/;
  sudo cp linux-modules* /usr/local/mydebs/;
+  sudo cp linux-lib-rust* /usr/local/mydebs/;
  sudo update-mydebs;
  cd "$cwd";
  echo "Kernel Build Finished!";
--- a/hibernate-source-files/enable-hibernate.pkla
+++ b/hibernate-source-files/enable-hibernate.pkla
@ -0,0 +1,5 @@
+[Enable hibernate]
+Identity=unix-user:*
+Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.handle-hibernate-key;org.freedesktop.login1;org.freedesktop.login1.hibernate-multiple-sessions
+ResultActive=yes
+
--- a/hibernate-source-files/hibernate_image_size.service.p1
+++ b/hibernate-source-files/hibernate_image_size.service.p1
@ -0,0 +1,6 @@
+[Unit]
+Description=Set contents of /sys/power/image_size for the hibernate image
+
+[Service]
+Type=oneshot
+ExecStart=bash -c 'echo "
--- a/hibernate-source-files/hibernate_image_size.service.p2
+++ b/hibernate-source-files/hibernate_image_size.service.p2
@ -0,0 +1,6 @@
+" > /sys/power/image_size'
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target
--- a/hibernate-source-files/hibernation_image_size.conf
+++ b/hibernate-source-files/hibernation_image_size.conf
@ -0,0 +1,2 @@
+#    Path                   Mode UID  GID  Age Argument
+w    /sys/power/image_size  -    -    -    -   
--- a/install-grub-security.sh
+++ b/install-grub-security.sh
@ -1,5 +1,6 @@
 #!/bin/bash
 echo "[+] Installing GRUB 2 Security...";
+echo "[i] Use --force to regenerate the signing key; clears ALL root's GPG keys!"
 echo "[?] WARNING Make sure the current GRUB version does not have any bugs with gpg before installing, use CTRL+C to quit, enter to continue:";
 read;
 sudo cp bin/* /bin/ -f;
@ -10,13 +11,20 @@ sudo cp lib-systemd-system-sleep/* /usr/lib/systemd/system-sleep/ -f;
 sudo 7za x -o/etc grub.d.my.7z -y;
 sudo chmod +x /etc/grub.d/*;
 sudo cp sbat /root/sbat -f;
-if [ ! -f /root/pubkey ]; then
+sudo cp stop_timeout.conf /etc/systemd/system.conf.d/60_custom.conf -f;
+sudo systemctl daemon-reload;
+if [[ "$1" == "--force" ]]; then
+  echo "[?] WARNING Clearing previous gpg keys in root, use CTRL+C to quit, enter to continue:";
+  read;
+  sudo rm -f /root/pubkey;
+  sudo rm -rf /root/.gnupg;
+fi;
+if sudo [ ! -f /root/pubkey ]; then
  sudo gpg --batch --passphrase '' --quick-gen-key root@localhost rsa3072 default;
  sudo gpg --export -o /root/pubkey;
-fi
+fi;
 sudo cp /root/pubkey /boot/pubkey -f;
 sudo cp gpg.conf /root/.gnupg/gpg.conf -f;
 sudo cp gpg-agent.conf /root/.gnupg/gpg-agent.conf -f;
 sudo grub-update;
 echo "[+] Complete!";
-exit;
--- a/install-local-mydebs-repo.sh
+++ b/install-local-mydebs-repo.sh
@ -2,6 +2,9 @@
 echo "[+] Installing mydebs repo...";
 sudo mkdir -p /usr/local/mydebs/;
 sudo cp -f a-mydebs-local-repo.list /etc/apt/sources.list.d/;
-sudo update-mydebs;
+sudo cp -f local-sbin/update-mydebs /usr/local/sbin/update-mydebs;
+sudo local-sbin/update-mydebs;
 echo "[+] Finished installing mydebs repo!";
+echo "[i] Install local packages to /usr/local/mydebs/";
 echo "[i] Use update-mydebs to refresh the stored packages in /usr/local/mydebs/";
+exit 0;
--- a/stop_timeout.conf
+++ b/stop_timeout.conf
@ -0,0 +1,3 @@
+[Manager]
+
+DefaultTimeoutStopSec=30s