-
-
Notifications
You must be signed in to change notification settings - Fork 12
/
build.sh
executable file
·250 lines (217 loc) · 7.65 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
#!/bin/bash -e
. ./funcs.sh
device="pinephone"
environment="phosh"
hostname="fossfrog"
username="kali"
password="8888"
mobian_suite="trixie"
IMGSIZE=5 # GBs
while getopts "cbt:e:h:u:p:s:m:M:" opt
do
case "$opt" in
t ) device="$OPTARG" ;;
e ) environment="$OPTARG" ;;
h ) hostname="$OPTARG" ;;
u ) username="$OPTARG" ;;
p ) password="$OPTARG" ;;
s ) custom_script="$OPTARG" ;;
m ) mobian_suite="$OPTARG" ;;
M ) MIRROR="$OPTARG" ;;
c ) compress=1 ;;
b ) blockmap=1 ;;
esac
done
case "$device" in
"pinephone"|"pinetab"|"sunxi" )
arch="arm64"
family="sunxi"
SERVICES="eg25-manager"
;;
"pinephonepro"|"pinetab2"|"rockchip" )
arch="arm64"
family="rockchip"
SERVICES="eg25-manager"
;;
"pocof1"|"oneplus6"|"oneplus6t"|"sdm845" )
arch="arm64"
family="sdm845"
SERVICES="qrtr-ns rmtfs pd-mapper tqftpserv qcom-modem-setup droid-juicer"
PACKAGES="pulseaudio yq"
PARTITIONS=1
SPARSE=1
;;
"nothingphone1"|"sm7325" )
arch="arm64"
family="sm7325"
SERVICES="qrtr-ns rmtfs pd-mapper tqftpserv qcom-modem-setup droid-juicer"
PACKAGES="pulseaudio yq"
PARTITIONS=1
SPARSE=1
;;
* )
echo "Unsupported device ${device}"
exit 1
;;
esac
PACKAGES="${PACKAGES} kali-linux-core wget curl rsync systemd-timesyncd systemd-repart"
DPACKAGES="${family}-support"
case "${environment}" in
phosh)
PACKAGES="${PACKAGES} phosh-phone phog portfolio-filemanager"
SERVICES="${SERVICES} greetd"
;;
plasma-mobile)
PACKAGES="${PACKAGES} plasma-mobile qmlkonsole"
SERVICES="${SERVICES} plasma-mobile"
;;
xfce|lxde|gnome|kde)
PACKAGES="${PACKAGES} kali-desktop-${environment}"
;;
esac
IMG="kali_${environment}_${device}_`date +%Y%m%d`.img"
ROOTFS_TAR="kali_${environment}_${device}_`date +%Y%m%d`.tgz"
ROOTFS="kali_rootfs_tmp"
### START BUILDING ###
banner
echo '____________________BUILD_INFO____________________'
echo "Device: $device"
echo "Environment: $environment"
echo "Hostname: $hostname"
echo "Username: $username"
echo "Password: $password"
echo "Mobian Suite: $mobian_suite"
echo "Family: $family"
echo "Custom Script: $custom_script"
echo -e '--------------------------------------------------\n\n'
echo '[*]Build will start in 5 seconds...'; sleep 5
[ -e "base.tgz" ] && mkdir ${ROOTFS} && tar --strip-components=1 -xpf base.tgz -C ${ROOTFS}
echo '[+]Stage 1: Debootstrap'
[ -e ${ROOTFS}/etc ] && echo -e "[*]Debootstrap already done.\nSkipping Debootstrap..." || debootstrap --foreign --arch $arch kali-rolling ${ROOTFS} ${MIRROR}
echo '[+]Stage 2: Debootstrap second stage and adding Mobian apt repo'
[ -e ${ROOTFS}/etc/passwd ] && echo '[*]Second Stage already done' || nspawn-exec /debootstrap/debootstrap --second-stage
mkdir -p ${ROOTFS}/etc/apt/sources.list.d ${ROOTFS}/etc/apt/trusted.gpg.d
sed -i 's/main/main contrib non-free non-free-firmware/g' ${ROOTFS}/etc/apt/sources.list
echo "deb http://repo.mobian.org/ ${mobian_suite} main non-free-firmware" > ${ROOTFS}/etc/apt/sources.list.d/mobian.list
curl -L http://repo.mobian.org/mobian.gpg -o ${ROOTFS}/etc/apt/trusted.gpg.d/mobian.gpg
chmod 644 ${ROOTFS}/etc/apt/trusted.gpg.d/mobian.gpg
cat << EOF > ${ROOTFS}/etc/apt/preferences.d/00-mobian-priority
Package: *
Pin: release o=Mobian
Pin-Priority: 700
EOF
ROOT_UUID=`python3 -c 'from uuid import uuid4; print(uuid4())'`
BOOT_UUID=`python3 -c 'from uuid import uuid4; print(uuid4())'`
if [[ "$family" == "sunxi" || "$family" == "rockchip" ]]
then
BOOTPART="UUID=${BOOT_UUID} /boot ext4 defaults,x-systemd.growfs 0 2"
fi
cat << EOF > partuuid
ROOT_UUID=${ROOT_UUID}
BOOT_UUID=${BOOT_UUID}
EOF
cat << EOF > ${ROOTFS}/etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
UUID=${ROOT_UUID} / ext4 defaults,x-systemd.growfs 0 1
${BOOTPART}
EOF
echo '[+]Stage 3: Installing device specific and environment packages'
nspawn-exec apt update
nspawn-exec apt install -y ${PACKAGES}
nspawn-exec sh -c "$(curl -fsSL https://repo.fossfrog.in/setup.sh)"
nspawn-exec apt update
nspawn-exec apt install -y ${DPACKAGES}
echo '[+]Stage 4: Adding some extra tweaks'
if [ ! -e "${ROOTFS}/etc/repart.d/50-root.conf" ]
then
mkdir -p ${ROOTFS}/etc/kali-motd
touch ${ROOTFS}/etc/kali-motd/disable-minimal-warning
mkdir -p ${ROOTFS}/etc/skel/.local/share/squeekboard/keyboards/terminal
curl https://raw.githubusercontent.com/Shubhamvis98/PinePhone_Tweaks/main/layouts/us.yaml > ${ROOTFS}/etc/skel/.local/share/squeekboard/keyboards/us.yaml
ln -srf ${ROOTFS}/etc/skel/.local/share/squeekboard/keyboards/{us.yaml,terminal/}
sed -i 's/-0.07/0/;s/-0.13/0/' ${ROOTFS}/usr/share/plymouth/themes/kali/kali.script
mkdir -p ${ROOTFS}/etc/repart.d
cat << 'EOF' > ${ROOTFS}/etc/repart.d/50-root.conf
[Partition]
Type=root
Weight=1000
EOF
else
echo '[*]This has been already done'
fi
echo '[+]Stage 5: Adding user and changing default shell to zsh'
if [ ! `grep ${username} ${ROOTFS}/etc/passwd` ]
then
nspawn-exec adduser --disabled-password --gecos "" ${username}
sed -i "s#${username}:\!:#${username}:`echo ${password} | openssl passwd -1 -stdin`:#" ${ROOTFS}/etc/shadow
sed -i 's/bash/zsh/' ${ROOTFS}/etc/passwd
for i in dialout sudo audio video plugdev input render bluetooth feedbackd netdev; do
nspawn-exec usermod -aG ${i} ${username} || true
done
else
echo '[*]User already present'
fi
echo '[*]Enabling kali plymouth theme'
nspawn-exec plymouth-set-default-theme -R kali
#sed -i "/picture-uri/cpicture-uri='file:\/\/\/usr\/share\/backgrounds\/kali\/kali-red-sticker-16x9.jpg'" ${ROOTFS}/usr/share/glib-2.0/schemas/11_mobile.gschema.override
#sed -i "/picture-uri/cpicture-uri='file:\/\/\/usr\/share\/backgrounds\/kali\/kali-red-sticker-16x9.jpg'" ${ROOTFS}/usr/share/glib-2.0/schemas/10_desktop-base.gschema.override
nspawn-exec glib-compile-schemas /usr/share/glib-2.0/schemas
echo '[+]Stage 6: Enable services'
for svc in `echo ${SERVICES} | tr ' ' '\n'`
do
nspawn-exec systemctl enable $svc
done
echo '[*]Checking for custom script'
if [ -f "${custom_script}" ]
then
mkdir -p ${ROOTFS}/ztmpz
cp ${custom_script} ${ROOTFS}/ztmpz
nspawn-exec bash /ztmpz/${custom_script}
[ -d "${ROOTFS}/ztmpz" ] && rm -rf ${ROOTFS}/ztmpz
fi
echo '[*]Tweaks and cleanup'
echo ${hostname} > ${ROOTFS}/etc/hostname
grep -q ${hostname} ${ROOTFS}/etc/hosts || \
sed -i "1s/$/\n127.0.1.1\t${hostname}/" ${ROOTFS}/etc/hosts
nspawn-exec apt clean
if [ ${SPARSE} ]
then
nspawn-exec sudo -u ${username} systemctl --user disable pipewire pipewire-pulse
nspawn-exec sudo -u ${username} systemctl --user mask pipewire pipewire-pulse
nspawn-exec sudo -u ${username} systemctl --user enable pulseaudio
cp -r bin/bootloader.sh bin/configs ${ROOTFS}
chmod +x ${ROOTFS}/bootloader.sh
nspawn-exec /bootloader.sh ${family}
mv -v ${ROOTFS}/boot*img .
rm -rf ${ROOTFS}/bootloader.sh ${ROOTFS}/configs
fi
echo '[*]Deploy rootfs into EXT4 image'
tar -cpzf ${ROOTFS_TAR} ${ROOTFS} && rm -rf ${ROOTFS}
mkimg ${IMG} ${IMGSIZE} ${PARTITIONS}
tar -xpf ${ROOTFS_TAR}
if [[ "$family" == "sunxi" || "$family" == "rockchip" ]]
then
echo '[*]Update u-boot config...'
nspawn-exec -r '/etc/kernel/postinst.d/zz-u-boot-menu $(linux-version list | tail -1)'
fi
echo '[*]Cleanup and unmount'
cleanup
echo "[+]Stage 7: Compressing ${IMG}..."
if [ "$blockmap" ]
then
bmaptool create ${IMG} > ${IMG}.bmap
else
echo '[*]Skipped blockmap creation'
fi
if [ "$SPARSE" ]
then
img2simg ${IMG} ${IMG}_SPARSE
mv -v ${IMG}_SPARSE ${IMG}
fi
if [ "$compress" ]
then
[ -f "${IMG}" ] && xz "${IMG}"
else
echo '[*]Skipped compression'
fi
echo '[+]Image Generated.'