From 0c6179c92234ec4adb2c26a491e268322b028302 Mon Sep 17 00:00:00 2001
From: Captain ALM <captainalm@captainalm.com>
Date: Sun, 18 Aug 2024 14:52:03 +0100
Subject: [PATCH] Add lib-rust copy to bash_aliases for kernel build. Add
 hibernation activation script. Fix up grub security installation. Fix up
 local mydebs repo installation.

---
 activate-hibernate-support.sh                 | 33 +++++++++++++++++++
 bash_aliases                                  |  1 +
 hibernate-source-files/enable-hibernate.pkla  |  5 +++
 .../hibernate_image_size.service.p1           |  6 ++++
 .../hibernate_image_size.service.p2           |  6 ++++
 .../hibernation_image_size.conf               |  2 ++
 install-grub-security.sh                      | 14 ++++++--
 install-local-mydebs-repo.sh                  |  5 ++-
 stop_timeout.conf                             |  3 ++
 9 files changed, 71 insertions(+), 4 deletions(-)
 create mode 100755 activate-hibernate-support.sh
 create mode 100644 hibernate-source-files/enable-hibernate.pkla
 create mode 100644 hibernate-source-files/hibernate_image_size.service.p1
 create mode 100644 hibernate-source-files/hibernate_image_size.service.p2
 create mode 100644 hibernate-source-files/hibernation_image_size.conf
 create mode 100644 stop_timeout.conf

diff --git a/activate-hibernate-support.sh b/activate-hibernate-support.sh
new file mode 100755
index 0000000..133e3ed
--- /dev/null
+++ b/activate-hibernate-support.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+echo "[+] Activating hibernate support!";
+echo "[i] Pass the reserved swap size in bytes to reserve some swap space for non-hibernate image usage.";
+szresv=1073741824;
+if [[ "$1" =~ ^[0-9]+$ ]] && [ "$1" -gt 0 ]; then
+  szresv=$1;
+fi;
+szmem=$(free -b | awk '{print NR==1?$1:$1$2}' | grep 'Mem:' | sed -e "s/Mem://")
+szswap=$(free -b | awk '{print NR==1?$1:$1$2}' | grep 'Swap:' | sed -e "s/Swap://");
+if [ -z $szswap ]; then
+  echo "[-] No Swap Partition!";
+  exit 2;
+fi;
+szhiber=$(echo "$szswap - $szresv" | bc);
+if [ $szmem -gt $szhiber ]; then
+  echo "[-] Not enough swap space to hibernate!"
+  exit 1;
+fi;
+echo "[*] Hibernate image is $szhiber bytes!";
+sudo cp -f hibernate-source-files/enable-hibernate.pkla /etc/polkit-1/localauthority/90-mandatory.d/enable-hibernate.pkla;
+sudo rm -f /etc/systemd/system/hibernate_image_size.service;
+cat hibernate-source-files/hibernate_image_size.service.p1 | head -c -1 | sudo tee /etc/systemd/system/hibernate_image_size.service > /dev/null;
+echo -n "$szhiber" | sudo tee -a /etc/systemd/system/hibernate_image_size.service > /dev/null;
+cat hibernate-source-files/hibernate_image_size.service.p2 | head -c -1 | sudo tee -a /etc/systemd/system/hibernate_image_size.service > /dev/null;
+sudo rm -f /etc/tmpfiles.d/hibernation_image_size.conf;
+cat hibernate-source-files/hibernation_image_size.conf | head -c -1 | sudo tee /etc/tmpfiles.d/hibernation_image_size.conf > /dev/null;
+echo "$szhiber" | sudo tee -a /etc/tmpfiles.d/hibernation_image_size.conf > /dev/null;
+sudo systemctl daemon-reload;
+sudo systemctl enable --now hibernate_image_size.service;
+echo -n "$szhiber" | sudo tee /sys/power/image_size > /dev/null;
+echo "[+] Finished Hibernate Activation!";
+echo "[i] Check the grub file for linux kernel command line info for hibernating with a patched kernel under lockdown.";
+echo "[i] This file corresponds to /etc/default/grub";
diff --git a/bash_aliases b/bash_aliases
index b088f62..e068e0a 100644
--- a/bash_aliases
+++ b/bash_aliases
@@ -85,6 +85,7 @@ function kernel-build() {
   sudo cp linux-headers-* /usr/local/mydebs/;
   sudo cp linux-libc-dev* /usr/local/mydebs/;
   sudo cp linux-modules* /usr/local/mydebs/;
+  sudo cp linux-lib-rust* /usr/local/mydebs/;
   sudo update-mydebs;
   cd "$cwd";
   echo "Kernel Build Finished!";
diff --git a/hibernate-source-files/enable-hibernate.pkla b/hibernate-source-files/enable-hibernate.pkla
new file mode 100644
index 0000000..9ea57ea
--- /dev/null
+++ b/hibernate-source-files/enable-hibernate.pkla
@@ -0,0 +1,5 @@
+[Enable hibernate]
+Identity=unix-user:*
+Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.handle-hibernate-key;org.freedesktop.login1;org.freedesktop.login1.hibernate-multiple-sessions
+ResultActive=yes
+
diff --git a/hibernate-source-files/hibernate_image_size.service.p1 b/hibernate-source-files/hibernate_image_size.service.p1
new file mode 100644
index 0000000..46c3091
--- /dev/null
+++ b/hibernate-source-files/hibernate_image_size.service.p1
@@ -0,0 +1,6 @@
+[Unit]
+Description=Set contents of /sys/power/image_size for the hibernate image
+
+[Service]
+Type=oneshot
+ExecStart=bash -c 'echo "
diff --git a/hibernate-source-files/hibernate_image_size.service.p2 b/hibernate-source-files/hibernate_image_size.service.p2
new file mode 100644
index 0000000..cdfca69
--- /dev/null
+++ b/hibernate-source-files/hibernate_image_size.service.p2
@@ -0,0 +1,6 @@
+" > /sys/power/image_size'
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/hibernate-source-files/hibernation_image_size.conf b/hibernate-source-files/hibernation_image_size.conf
new file mode 100644
index 0000000..ca2bc37
--- /dev/null
+++ b/hibernate-source-files/hibernation_image_size.conf
@@ -0,0 +1,2 @@
+#    Path                   Mode UID  GID  Age Argument
+w    /sys/power/image_size  -    -    -    -   
diff --git a/install-grub-security.sh b/install-grub-security.sh
index 080b31d..cef6628 100755
--- a/install-grub-security.sh
+++ b/install-grub-security.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 echo "[+] Installing GRUB 2 Security...";
+echo "[i] Use --force to regenerate the signing key; clears ALL root's GPG keys!"
 echo "[?] WARNING Make sure the current GRUB version does not have any bugs with gpg before installing, use CTRL+C to quit, enter to continue:";
 read;
 sudo cp bin/* /bin/ -f;
@@ -10,13 +11,20 @@ sudo cp lib-systemd-system-sleep/* /usr/lib/systemd/system-sleep/ -f;
 sudo 7za x -o/etc grub.d.my.7z -y;
 sudo chmod +x /etc/grub.d/*;
 sudo cp sbat /root/sbat -f;
-if [ ! -f /root/pubkey ]; then
+sudo cp stop_timeout.conf /etc/systemd/system.conf.d/60_custom.conf -f;
+sudo systemctl daemon-reload;
+if [[ "$1" == "--force" ]]; then
+  echo "[?] WARNING Clearing previous gpg keys in root, use CTRL+C to quit, enter to continue:";
+  read;
+  sudo rm -f /root/pubkey;
+  sudo rm -rf /root/.gnupg;
+fi;
+if sudo [ ! -f /root/pubkey ]; then
   sudo gpg --batch --passphrase '' --quick-gen-key root@localhost rsa3072 default;
   sudo gpg --export -o /root/pubkey;
-fi
+fi;
 sudo cp /root/pubkey /boot/pubkey -f;
 sudo cp gpg.conf /root/.gnupg/gpg.conf -f;
 sudo cp gpg-agent.conf /root/.gnupg/gpg-agent.conf -f;
 sudo grub-update;
 echo "[+] Complete!";
-exit;
diff --git a/install-local-mydebs-repo.sh b/install-local-mydebs-repo.sh
index 922cd34..a49f1f8 100755
--- a/install-local-mydebs-repo.sh
+++ b/install-local-mydebs-repo.sh
@@ -2,6 +2,9 @@
 echo "[+] Installing mydebs repo...";
 sudo mkdir -p /usr/local/mydebs/;
 sudo cp -f a-mydebs-local-repo.list /etc/apt/sources.list.d/;
-sudo update-mydebs;
+sudo cp -f local-sbin/update-mydebs /usr/local/sbin/update-mydebs;
+sudo local-sbin/update-mydebs;
 echo "[+] Finished installing mydebs repo!";
+echo "[i] Install local packages to /usr/local/mydebs/";
 echo "[i] Use update-mydebs to refresh the stored packages in /usr/local/mydebs/";
+exit 0;
diff --git a/stop_timeout.conf b/stop_timeout.conf
new file mode 100644
index 0000000..681ad90
--- /dev/null
+++ b/stop_timeout.conf
@@ -0,0 +1,3 @@
+[Manager]
+
+DefaultTimeoutStopSec=30s