From 50934ead019898d7b06ef0e4f9b6a9485dc1f2c9 Mon Sep 17 00:00:00 2001 From: TommyTran732 <57488583+tommytran732@users.noreply.github.com> Date: Wed, 14 Apr 2021 08:09:49 -0400 Subject: [PATCH 1/9] Adding the option for kernel flavor and microcode --- easy-arch.sh | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/easy-arch.sh b/easy-arch.sh index 5b74247..2926494 100644 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -3,6 +3,58 @@ # Cleaning the TTY. clear +# Selecting the kernel flavor to install +kernel_options() { + echo "Which kernel flavor would you want?" + echo "[1] Stable — Vanilla Linux kernel and modules, with a few patches applied." + echo "[2] Hardened — A security-focused Linux kernel applying a set of hardening patches to mitigate kernel and userspace exploits. It also enables more upstream kernel hardening features than Stable." + echo "[3] Longterm — Long-term support (LTS) Linux kernel and modules." + echo "[4] Zen Kernel — Result of a collaborative effort of kernel hackers to provide the best Linux kernel possible for everyday systems. Some more details can be found on https://liquorix.net (which provides kernel binaries based on Zen for Debian)." + echo "" + read choice + case $choice in + 1 ) KERNEL=linux + echo "You have selected to install the vanilla Linux kernel." + echo "" + ;; + 2 ) KERNEL=linux-hardened + echo "You have selected to install the hardened kernel." + echo "" + ;; + 3 ) KERNEL=linux-lts + echo "You have selected to install the long term kernel." + echo "" + ;; + 4 ) KERNEL=linux-zen + echo "You have selected to install the Zen kernel." + echo "" + ;; + * ) echo "You did not enter a valid selection." + kernel_options + esac +} + +# Selecting the microcode to install +cpu_options() { + echo "Which brand is your CPU?" + echo "[1] Intel" + echo "[2] AMD" + echo "" + read choice + case $choice in + 1 ) CPU=intel-ucode + echo "Intel microcode will be installed." + echo "" + ;; + 2 ) CPU=amd-ucode + echo "AMD microcode will be installed." + echo "" + ;; + * ) echo "You did not enter a valid selection." + cpu_options + esac +} + # Selecting the target for the installation. PS3="Select the disk where Arch Linux is going to be installed: " select ENTRY in $(lsblk -dpnoNAME|grep -P "/dev/sd|nvme|vd"); @@ -76,9 +128,12 @@ mount -o nodatacow,subvol=@swap $BTRFS /mnt/swap mkdir /mnt/boot/efi mount $ESP /mnt/boot/efi +kernel_options +cpu_options + # Pacstrap (setting up a base sytem onto the new root). echo "Installing the base system (it may take a while)." -pacstrap /mnt base linux linux-firmware btrfs-progs grub grub-btrfs efibootmgr snapper sudo networkmanager +pacstrap /mnt base ${KERNEL} ${CPU} linux-firmware btrfs-progs grub grub-btrfs efibootmgr snapper sudo networkmanager # Generating /etc/fstab. echo "Generating a new fstab." From 77f1f4203a3b1f66c494a74cb198fa494893a64c Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 14 Apr 2021 15:43:16 +0200 Subject: [PATCH 2/9] Update easy-arch.sh --- easy-arch.sh | 38 +++++++++----------------------------- 1 file changed, 9 insertions(+), 29 deletions(-) diff --git a/easy-arch.sh b/easy-arch.sh index 2926494..e848757 100644 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -113,18 +113,16 @@ btrfs su cr /mnt/@boot &>/dev/null btrfs su cr /mnt/@home &>/dev/null btrfs su cr /mnt/@snapshots &>/dev/null btrfs su cr /mnt/@var_log &>/dev/null -btrfs su cr /mnt/@swap &>/dev/null # Mounting the newly created subvolumes. umount /mnt echo "Mounting the newly created subvolumes." mount -o ssd,noatime,space_cache,compress=zstd,subvol=@ $BTRFS /mnt -mkdir -p /mnt/{home,.snapshots,/var/log,swap,boot} +mkdir -p /mnt/{home,.snapshots,/var/log,boot} mount -o ssd,noatime,space_cache,compress=zstd,subvol=@boot $BTRFS /mnt/boot mount -o ssd,noatime,space_cache.compress=zstd,subvol=@home $BTRFS /mnt/home mount -o ssd,noatime,space_cache,compress=zstd,subvol=@snapshots $BTRFS /mnt/.snapshots mount -o ssd,noatime,space_cache,nodatacow,subvol=@var_log $BTRFS /mnt/var/log -mount -o nodatacow,subvol=@swap $BTRFS /mnt/swap mkdir /mnt/boot/efi mount $ESP /mnt/boot/efi @@ -166,34 +164,15 @@ sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block en # Enabling LUKS in GRUB, setting up the UUID of the LUKS container and enabling boot on BTRFS. UUID=$(blkid $Cryptroot | cut -f2 -d'"') -sed -i 's/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/' /mnt/etc/default/grub +sed -i -e "s/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/" /mnt/etc/default/grub sed -i -e "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS,g" /mnt/etc/default/grub -echo "# Booting with BTRFS subvolume" >> /mnt/etc/default/grub -echo "GRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub +echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub -# Creating a swapfile. -read -r -p "Do you want a swapfile? [y/N]? " response -response=${response,,} -if [[ "$response" =~ ^(yes|y)$ ]] -then - read -r -p "How much big should the swap file be? Type the size, just a number (eg: 1 = 1GB..): " swap - truncate -s 0 /mnt/swap/swapfile - chattr +C /mnt/swap/swapfile - btrfs property set /mnt/swap/swapfile compression none &>/dev/null - dd if=/dev/zero of=/mnt/swap/swapfile bs=1G count=$swap &>/dev/null - chmod 600 /mnt/swap/swapfile - mkswap /mnt/swap/swapfile &>/dev/null - swapon /mnt/swap/swapfile &>/dev/null - echo "/swap/swapfile none swap defaults 0 0" >> /mnt/etc/fstab -else - # Removing swap subvolumes and fstab entry in case it's not needed. - echo "Deleting BTRFS swap subvolume." - mount $BTRFS -o subvolid=5 /home - head -n -4 /home/@/etc/fstab > /home/@/etc/new_fstab && mv /home/@/etc/new_fstab /home/@/etc/fstab - btrfs su de /home/@swap &>/dev/null - umount -R /home - echo "No swapfile has been added." -fi +# Adding keyfile to the initramfs to avoid double password. +dd bs=512 count=4 if=/dev/random of=/mnt/root/cryptroot.keyfile iflag=fullblock &>/dev/null +chmod 000 /mnt/root/cryptroot.keyfile &>/dev/null +cryptsetup -v luksAddKey /dev/disk/by-partlabel/Cryptroot /mnt/root/cryptroot.keyfile +sed -i -e "s,GRUB_CMDLINE_LINUX="",GRUB_CMDLINE_LINUX="cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" # Configuring the system. arch-chroot /mnt /bin/bash -e </dev/null mkinitcpio -P &>/dev/null # Snapper configuration From c6c6d27e4df2b7c395a6ec355e07be9904114cd1 Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 14 Apr 2021 15:45:21 +0200 Subject: [PATCH 3/9] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ac9d455..f51544d 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ 3. Boot the live environment. 4. Set the keyboard layout by using `loadkeys`. 5. Connect to the internet. -6. Run this `bash <(curl -sL https://git.io/JtRu2)`. +6. Run this `bash <(curl -sL git.io/JtRu2)`. ### Partitions layout From 64c5dc8ec6fab8778a2b74900b793566920ba021 Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 14 Apr 2021 15:58:50 +0200 Subject: [PATCH 4/9] Update easy-arch.sh --- easy-arch.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/easy-arch.sh b/easy-arch.sh index e848757..bd2b4ef 100644 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -69,8 +69,8 @@ read -r -p "This will delete the current partition table on $DISK. Do you agree response=${response,,} if [[ "$response" =~ ^(yes|y)$ ]] then - wipefs -af $DISK &>/dev/null - sgdisk -Zo $DISK &>/dev/null + wipefs -af "$DISK" &>/dev/null + sgdisk -Zo "$DISK" &>/dev/null else echo "Quitting." exit @@ -78,7 +78,7 @@ fi # Creating a new partition scheme. echo "Creating new partition scheme on $DISK." -parted -s $DISK \ +parted -s "$DISK" \ mklabel gpt \ mkpart ESP fat32 1MiB 513MiB \ mkpart Cryptroot 513MiB 100% \ @@ -88,7 +88,7 @@ Cryptroot="/dev/disk/by-partlabel/Cryptroot" # Informing the Kernel of the changes. echo "Informing the Kernel about the disk changes." -partprobe $DISK +partprobe "$DISK" # Formatting the ESP as FAT32. echo "Formatting the EFI Partition as FAT32." @@ -139,7 +139,7 @@ genfstab -U /mnt >> /mnt/etc/fstab # Setting hostname. read -r -p "Please enter the hostname: " hostname -echo $hostname > /mnt/etc/hostname +echo "$hostname" > /mnt/etc/hostname # Setting up locales. read -r -p "Please insert the locale you use (format: xx_XX): " locale @@ -172,7 +172,7 @@ echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETE dd bs=512 count=4 if=/dev/random of=/mnt/root/cryptroot.keyfile iflag=fullblock &>/dev/null chmod 000 /mnt/root/cryptroot.keyfile &>/dev/null cryptsetup -v luksAddKey /dev/disk/by-partlabel/Cryptroot /mnt/root/cryptroot.keyfile -sed -i -e "s,GRUB_CMDLINE_LINUX="",GRUB_CMDLINE_LINUX="cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" +sed -i -e "s,GRUB_CMDLINE_LINUX="",GRUB_CMDLINE_LINUX="cryptdevice=UUID="$UUID":cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" # Configuring the system. arch-chroot /mnt /bin/bash -e < Date: Wed, 14 Apr 2021 16:42:30 +0200 Subject: [PATCH 5/9] Update easy-arch.sh --- easy-arch.sh | 64 ++++++++++++++++++---------------------------------- 1 file changed, 22 insertions(+), 42 deletions(-) diff --git a/easy-arch.sh b/easy-arch.sh index bd2b4ef..8f8130b 100644 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -3,57 +3,37 @@ # Cleaning the TTY. clear -# Selecting the kernel flavor to install -kernel_options() { - echo "Which kernel flavor would you want?" - echo "[1] Stable — Vanilla Linux kernel and modules, with a few patches applied." - echo "[2] Hardened — A security-focused Linux kernel applying a set of hardening patches to mitigate kernel and userspace exploits. It also enables more upstream kernel hardening features than Stable." - echo "[3] Longterm — Long-term support (LTS) Linux kernel and modules." - echo "[4] Zen Kernel — Result of a collaborative effort of kernel hackers to provide the best Linux kernel possible for everyday systems. Some more details can be found on https://liquorix.net (which provides kernel binaries based on Zen for Debian)." - echo "" - read choice +# Selecting the kernel flavor to install. +kernel_selector () { + echo "List of kernels:" + echo "1) Stable — Vanilla Linux kernel and modules, with a few patches applied." + echo "2) Hardened — A security-focused Linux kernel." + echo "3) Longterm — Long-term support (LTS) Linux kernel and modules." + echo "4) Zen Kernel — Optimized for desktop usage." + read -r -p "Insert the number of the corresponding kernel: " choice + echo "$choice will be installed" case $choice in - 1 ) KERNEL=linux - echo "You have selected to install the vanilla Linux kernel." - echo "" + 1 ) kernel=linux ;; - 2 ) KERNEL=linux-hardened - echo "You have selected to install the hardened kernel." - echo "" + 2 ) kernel=linux-hardened ;; - 3 ) KERNEL=linux-lts - echo "You have selected to install the long term kernel." - echo "" + 3 ) kernel=linux-lts ;; - 4 ) KERNEL=linux-zen - echo "You have selected to install the Zen kernel." - echo "" + 4 ) kernel=linux-zen ;; * ) echo "You did not enter a valid selection." kernel_options esac } -# Selecting the microcode to install -cpu_options() { - echo "Which brand is your CPU?" - echo "[1] Intel" - echo "[2] AMD" - echo "" - read choice - case $choice in - 1 ) CPU=intel-ucode - echo "Intel microcode will be installed." - echo "" - ;; - 2 ) CPU=amd-ucode - echo "AMD microcode will be installed." - echo "" - ;; - * ) echo "You did not enter a valid selection." - cpu_options - esac -} +# Checking the microcode to install. +CPU=$(grep vendor_id /proc/cpuinfo) +if [[ $CPU == *"AuthenticAMD"* ]] +then + microcode=amd-ucode +else + microcode=intel-ucode +fi # Selecting the target for the installation. PS3="Select the disk where Arch Linux is going to be installed: " @@ -131,7 +111,7 @@ cpu_options # Pacstrap (setting up a base sytem onto the new root). echo "Installing the base system (it may take a while)." -pacstrap /mnt base ${KERNEL} ${CPU} linux-firmware btrfs-progs grub grub-btrfs efibootmgr snapper sudo networkmanager +pacstrap /mnt base $kernel $microcode linux-firmware btrfs-progs grub grub-btrfs efibootmgr snapper sudo networkmanager # Generating /etc/fstab. echo "Generating a new fstab." From 73129dc98788db372b2be4fbf4a3ff89f32bebd6 Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 14 Apr 2021 16:44:16 +0200 Subject: [PATCH 6/9] Update easy-arch.sh --- easy-arch.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/easy-arch.sh b/easy-arch.sh index 8f8130b..0355236 100644 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -107,7 +107,6 @@ mkdir /mnt/boot/efi mount $ESP /mnt/boot/efi kernel_options -cpu_options # Pacstrap (setting up a base sytem onto the new root). echo "Installing the base system (it may take a while)." From 4073eb9da9742b913fa065e795e5b7bc59b57816 Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 14 Apr 2021 16:47:02 +0200 Subject: [PATCH 7/9] Update easy-arch.sh --- easy-arch.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/easy-arch.sh b/easy-arch.sh index 0355236..9a4e47e 100644 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -22,7 +22,7 @@ kernel_selector () { 4 ) kernel=linux-zen ;; * ) echo "You did not enter a valid selection." - kernel_options + kernel_selector esac } @@ -106,7 +106,7 @@ mount -o ssd,noatime,space_cache,nodatacow,subvol=@var_log $BTRFS /mnt/var/log mkdir /mnt/boot/efi mount $ESP /mnt/boot/efi -kernel_options +kernel_selector # Pacstrap (setting up a base sytem onto the new root). echo "Installing the base system (it may take a while)." From f1eae98bcb465379dc645292876d9de3ff018470 Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 14 Apr 2021 17:07:07 +0200 Subject: [PATCH 8/9] Update easy-arch.sh --- easy-arch.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/easy-arch.sh b/easy-arch.sh index 9a4e47e..139ec79 100644 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -151,7 +151,7 @@ echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETE dd bs=512 count=4 if=/dev/random of=/mnt/root/cryptroot.keyfile iflag=fullblock &>/dev/null chmod 000 /mnt/root/cryptroot.keyfile &>/dev/null cryptsetup -v luksAddKey /dev/disk/by-partlabel/Cryptroot /mnt/root/cryptroot.keyfile -sed -i -e "s,GRUB_CMDLINE_LINUX="",GRUB_CMDLINE_LINUX="cryptdevice=UUID="$UUID":cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" +sed -i -e "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" /mnt/etc/default/grub # Configuring the system. arch-chroot /mnt /bin/bash -e </dev/null # Creating grub config file. echo "Creating GRUB config file." - grub-mkconfig -o /boot/grub/grub.cfg + grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null EOF From 3a8a2b7ec7f55e8ad6e27a41f4d4c173c9780261 Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 14 Apr 2021 17:07:38 +0200 Subject: [PATCH 9/9] Update easy-arch.sh --- easy-arch.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/easy-arch.sh b/easy-arch.sh index 139ec79..5577405 100644 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -144,7 +144,6 @@ sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block en # Enabling LUKS in GRUB, setting up the UUID of the LUKS container and enabling boot on BTRFS. UUID=$(blkid $Cryptroot | cut -f2 -d'"') sed -i -e "s/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/" /mnt/etc/default/grub -sed -i -e "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS,g" /mnt/etc/default/grub echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub # Adding keyfile to the initramfs to avoid double password.