From 40c32b1ad9e6d72a8b44ef45f961bce5048267f2 Mon Sep 17 00:00:00 2001 From: Captain ALM Date: Wed, 21 Aug 2024 14:31:35 +0100 Subject: [PATCH] Fix kernel build functionality + add features to detect failures and react. --- bash_aliases | 164 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 96 insertions(+), 68 deletions(-) diff --git a/bash_aliases b/bash_aliases index e068e0a..f4e6ee0 100644 --- a/bash_aliases +++ b/bash_aliases @@ -21,74 +21,102 @@ function kernel-build() { cwd=$(pwd); mkdir -p ~/kernel; cd ~/kernel; - for _dir in *"linux"*; do - [ -d "${_dir}" ] && linuxdir="${_dir}" && break; - done; - echo "[-] Removing Sources..."; - rm -rf "$linuxdir"; - sudo rm -rf deb-contents; - rm -f *.gz; - rm -f *.dsc; - echo "[*] Archiving old packages..."; - mkdir -p old-debs; - touch dummy.deb; - mv *.deb old-debs/; - echo "[+] Obtaining Sources..."; - apt-get source linux-image-unsigned-$(uname -r); - for _dir in *"linux"*; do - [ -d "${_dir}" ] && linuxdir="${_dir}" && break; - done; - cd "$linuxdir"; - echo "[*] Patching source and configuration..."; - sed -i "s/.*CONFIG_MODULE_SIG_FORCE.*/CONFIG_MODULE_SIG_FORCE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>/" debian.master/config/annotations; - git apply --verbose ~/Downloads/patches/hibernate/0001-Hibernate-Patch.patch; - echo "[*] Cleaning kernel build..."; - chmod a+x debian/rules; - chmod a+x debian/scripts/*; - chmod a+x debian/scripts/misc/*; - fakeroot debian/rules clean; - mkdir -p debian/build/build-generic/certs; - sudo cp /cert/mok/signing_key.pem ../; - sudo chmod u=rw,g=rw,o=rw ../signing_key.pem; - (((until [ -f debian/build/build-generic/certs/signing_key.pem ]; do sleep 0.1; done) && while lsof debian/build/build-generic/certs/signing_key.pem; do sleep 0.1; done) && mv -f ../signing_key.pem debian/build/build-generic/certs/signing_key.pem) & - echo "[*] Building kernel..."; - fakeroot debian/rules binary; - echo "[*] Build Complete!"; - rm -f debian/build/build-generic/certs/signing_key.pem; - rm -f ../signing_key.pem; - echo "[+] Extracting kernel package..."; - cd ~/kernel; - mkdir -p deb-contents; - dpkg-deb -R $(ls linux-image-unsigned-* | head -1) deb-contents; - cd "$linuxdir"; - echo "[*] Making kernel signed..."; - pkgarch=$(dpkg-architecture -qDEB_HOST_ARCH); - pkgver=$(dpkg-parsechangelog --show-field Version); - cd ~/kernel/deb-contents; - pkgunom=$(head -1 DEBIAN/control | sed -e 's/Package: //'); - find ./ -type f -exec sed -i -e 's/-unsigned//g' {} \; - find ./ -type f -exec sed -i -e 's/ unsigned//g' {} \; - pkgnom=$(head -1 DEBIAN/control | sed -e 's/Package: //'); - sudo mv usr/share/doc/$pkgunom usr/share/doc/$pkgnom; - tlinuz=$(ls boot/vmlinuz-* | head -1); - sudo sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $tlinuz --output $tlinuz; - sed -i "s/.*Conflicts: .*/Conflicts: $pkgunom/" DEBIAN/control; - pkgisz=$(du -ks * | grep -v DEBIAN | cut -f1 | xargs | sed -e 's/\ /+/g' | bc); - find ./ -path '*/DEBIAN' -prune -o -type f -exec md5sum {} \; | awk '{ print $1 " " substr($2, 10) }' > DEBIAN/md5sums; - sed -i "s/.*Installed-Size: .*/Installed-Size: $pkgisz/" DEBIAN/control; - echo "[+] Packing signed kernel..."; - cd ~/kernel; - dpkg-deb -b deb-contents ${pkgnom}_${pkgver}_${pkgarch}.deb; - sudo rm -rf deb-contents; - echo "[+] Deploying Packages Locally..."; - sudo cp ${pkgnom}_${pkgver}_${pkgarch}.deb /usr/local/mydebs/; - sudo cp linux-headers-* /usr/local/mydebs/; - sudo cp linux-libc-dev* /usr/local/mydebs/; - sudo cp linux-modules* /usr/local/mydebs/; - sudo cp linux-lib-rust* /usr/local/mydebs/; - sudo update-mydebs; - cd "$cwd"; - echo "Kernel Build Finished!"; + doNotContinueKernelBuild=0; + if [ -f last-build-failed ]; then + echo "[*] Resuming last build; delete last-build-failed in the kernel directory before starting a kernel build to re-obtain sources."; + rm -f last-build-failed; + for _dir in *"linux"*; do + [ -d "${_dir}" ] && linuxdir="${_dir}" && break; + done; + cd "$linuxdir"; + else + for _dir in *"linux"*; do + [ -d "${_dir}" ] && linuxdir="${_dir}" && break; + done; + echo "[-] Removing Sources..."; + rm -rf "$linuxdir"; + sudo rm -rf deb-contents; + rm -f *.gz; + rm -f *.dsc; + echo "[*] Archiving old packages..."; + mkdir -p old-debs; + touch dummy.deb; + mv *.deb old-debs/; + echo "[+] Obtaining Sources..."; + apt-get source linux-image-unsigned-$(uname -r); + if [ $? -eq 0 ]; then + for _dir in *"linux"*; do + [ -d "${_dir}" ] && linuxdir="${_dir}" && break; + done; + cd "$linuxdir"; + echo "[*] Patching source and configuration..."; + sed -i "s/.*CONFIG_MODULE_SIG_FORCE.*/CONFIG_MODULE_SIG_FORCE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>/" debian.master/config/annotations; + git apply --verbose ~/Downloads/patches/hibernate/0001-Hibernate-Patch.patch; + echo "[*] Cleaning kernel build..."; + chmod a+x debian/rules; + chmod a+x debian/scripts/*; + chmod a+x debian/scripts/misc/*; + fakeroot debian/rules clean; + mkdir -p debian/build/build-generic/certs; + sudo cp /cert/mok/signing_key.pem ../ -f; + sudo chmod u=rw,g=rw,o=rw ../signing_key.pem; + sudo cp /var/lib/shim-signed/mok/MOK.der ../signing_key.x509 -f; + sudo chmod u=rw,g=rw,o=rw ../signing_key.x509; + (((until [ -f debian/build/build-generic/certs/signing_key.pem ]; do sleep 0.1; done) && while lsof debian/build/build-generic/certs/signing_key.pem; do sleep 0.1; done) && mv -f ../signing_key.pem debian/build/build-generic/certs/signing_key.pem) & + (((until [ -f debian/build/build-generic/certs/signing_key.x509 ]; do sleep 0.1; done) && while lsof debian/build/build-generic/certs/signing_key.x509; do sleep 0.1; done) && mv -f ../signing_key.x509 debian/build/build-generic/certs/signing_key.x509) & + else + echo "[-] Failed to obtain sources!"; + doNotContinueKernelBuild=1; + fi; + fi; + if [ $doNotContinueKernelBuild -eq 0 ]; then + echo "[*] Building kernel..."; + fakeroot debian/rules binary; + if [ $? -eq 0 ]; then + echo "[*] Build Complete!"; + rm -f debian/build/build-generic/certs/signing_key.pem; + rm -f ../signing_key.pem; + rm -f ../signing_key.x509; + echo "[+] Extracting kernel package..."; + cd ~/kernel; + mkdir -p deb-contents; + dpkg-deb -R $(ls linux-image-unsigned-* | head -1) deb-contents; + cd "$linuxdir"; + echo "[*] Making kernel signed..."; + pkgarch=$(dpkg-architecture -qDEB_HOST_ARCH); + pkgver=$(dpkg-parsechangelog --show-field Version); + cd ~/kernel/deb-contents; + pkgunom=$(head -1 DEBIAN/control | sed -e 's/Package: //'); + find ./ -type f -exec sed -i -e 's/-unsigned//g' {} \; + find ./ -type f -exec sed -i -e 's/ unsigned//g' {} \; + pkgnom=$(head -1 DEBIAN/control | sed -e 's/Package: //'); + sudo mv usr/share/doc/$pkgunom usr/share/doc/$pkgnom; + tlinuz=$(ls boot/vmlinuz-* | head -1); + sudo sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $tlinuz --output $tlinuz; + sed -i "s/.*Conflicts: .*/Conflicts: $pkgunom/" DEBIAN/control; + pkgisz=$(du -ks * | grep -v DEBIAN | cut -f1 | xargs | sed -e 's/\ /+/g' | bc); + find ./ -path '*/DEBIAN' -prune -o -type f -exec md5sum {} \; | awk '{ print $1 " " substr($2, 10) }' > DEBIAN/md5sums; + sed -i "s/.*Installed-Size: .*/Installed-Size: $pkgisz/" DEBIAN/control; + echo "[+] Packing signed kernel..."; + cd ~/kernel; + dpkg-deb -b deb-contents ${pkgnom}_${pkgver}_${pkgarch}.deb; + sudo rm -rf deb-contents; + echo "[+] Deploying Packages Locally..."; + sudo cp ${pkgnom}_${pkgver}_${pkgarch}.deb /usr/local/mydebs/; + sudo cp linux-headers-* /usr/local/mydebs/; + sudo cp linux-libc-dev* /usr/local/mydebs/; + sudo cp linux-modules* /usr/local/mydebs/; + sudo cp linux-lib-rust* /usr/local/mydebs/; + sudo update-mydebs; + cd "$cwd"; + echo "[+] Kernel Build Finished!"; + else + echo "[*] Build Failed!"; + cd ~/kernel; + touch last-build-failed; + cd "$cwd"; + fi; + fi; } function install-tar() { if [ $# -gt 0 ]; then