diff --git a/arch-setup.sh b/arch-setup.sh index 7419973..dead1fd 100755 --- a/arch-setup.sh +++ b/arch-setup.sh @@ -276,14 +276,9 @@ setup_plymouth() { echo "quiet splash" | sudo tee -a /etc/kernel/cmdline fi if ! grep -q "plymouth" /etc/mkinitcpio.conf; then - sudo sed -i 's/^HOOKS=(base udev autodetect microcode/HOOKS=(base udev autodetect microcode plymouth /' /etc/mkinitcpio.conf + sudo sed -i 's/^HOOKS=(base udev autodetect microcode/HOOKS=(base udev autodetect microcode plymouth/' /etc/mkinitcpio.conf fi install_package plymouth - if pacman -Qs plymouth-theme-catppuccin-mocha-git > /dev/null; then - sudo plymouth-set-default-theme -R catppuccin-mocha - else - sudo plymouth-set-default-theme -R spinner - fi echo "Plymouth setup completed." fi } @@ -292,9 +287,41 @@ setup_plymouth() { # Description: Install and setup NetworkManager and its dependencies setup_network() { if whiptail --title "Setup Network" --yesno "Would you like to setup NetworkManager?" 10 60; then + echo "== Installing NetworkManager and its dependencies ==" install_dependencies networkmanager wpa_supplicant install_package networkmanager-openvpn networkmanager-strongswan sudo systemctl enable --now NetworkManager + echo "NetworkManager and its dependencies installed successfully." + fi + + wireless_ifaces=$(ip -o link show 2>/dev/null | awk -F': ' '{print $2}' | grep -E '^(wlan|wlp|wl|wifi)' || true) + if [ -z "$wireless_ifaces" ]; then + if lspci 2>/dev/null | grep -Ei 'network controller|wireless|wi-fi' >/dev/null 2>&1 || \ + lsusb 2>/dev/null | grep -Ei 'wireless|802.11' >/dev/null 2>&1; then + wireless_detected=1 + else + wireless_detected=0 + fi + else + wireless_detected=1 + fi + + if [ "$wireless_detected" -eq 1 ]; then + if ! pacman -Qi wireless-regdb >/dev/null 2>&1; then + if whiptail --title "Wireless regulatory database" --yesno \ + "Wireless hardware detected. Would you like to install wireless-regdb (regulatory database)?" 10 60; then + install_package wireless-regdb + country_code=$(whiptail --title "Wireless Regulatory Domain" --inputbox \ + "Enter your 2-letter ISO country code (e.g., US, GB, IN):" 10 60 3>&1 1>&2 2>&3) + if [ -n "$country_code" ]; then + echo "Updating regulatory domain to $country_code" + echo "WIRELESS_REGDOM=\"$country_code\"" | sudo tee -a /etc/conf.d/wireless-regdomain + echo "Regulatory domain updated to $country_code" + else + echo "No country code entered. Skipping regulatory domain update." + fi + fi + fi fi } @@ -319,14 +346,13 @@ setup_u2f() { echo "auth required pam_u2f.so cue origin=pam://$HOST appid=pam://$HOST" | sudo tee -a /etc/pam.d/u2f-required echo "auth sufficient pam_u2f.so cue origin=pam://$HOST appid=pam://$HOST" | sudo tee -a /etc/pam.d/u2f-sufficient - sudo sed -i '/^password\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/su - sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/sudo - sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/passwd - sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/system-login + sudo sed -i '/^auth\s*include\s*system-login/i auth include u2f-sufficient' /etc/pam.d/system-local-login + sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/sudo if [ ! -f /etc/pam.d/polkit-1 ]; then sudo cp /usr/lib/pam.d/polkit-1 /etc/pam.d/polkit-1 fi sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/polkit-1 + if whiptail --title "Enroll U2F Device" --yesno "Would you like to enroll your U2F device now?" 10 60; then echo "Enrolling U2F device..." pamu2fcfg -o "pam://$HOST" -i "pam://$HOST" > ~/.config/Yubico/u2f_keys @@ -339,21 +365,34 @@ setup_u2f() { # Description: setup fprint for login using fingerprint reader setup_fprint() { if whiptail --title "Setup Fprint" --yesno "Would you like to setup fingerprint authentication (fprintd)?" 10 60; then - echo "== Installing fprintd and its dependencies ==" - install_package fprintd - install_dependencies imagemagick - sudo systemctl enable --now fprintd + # using lsusb to check if fingerprint reader needs python-validity or fprintd + if lsusb | grep -q "Validity Sensors, Inc."; then + echo "Fingerprint reader from Validity Sensors detected. We will install python-validity instead of standard fprintd for better support" + echo "== Installing python-validity and its dependencies ==" + install_package python-validity + echo "python-validity installation completed." + else + echo "== Installing fprintd and its dependencies ==" + install_package fprintd + install_dependencies imagemagick + sudo systemctl enable --now fprintd + echo "fprintd installation completed." + fi sudo sed -i '/^auth\s*include\s*system-login/i auth [success=1 default=ignore] pam_succeed_if.so service in sudo:su:su-l tty in :unknown' /etc/pam.d/system-local-login sudo sed -i '/^auth\s*include\s*system-login/i auth sufficient pam_fprintd.so' /etc/pam.d/system-local-login + sudo sed -i '/^auth\s*include\s*system-auth/i auth [success=1 default=ignore] pam_succeed_if.so service in sudo:su:su-l tty in :unknown' /etc/pam.d/sudo + sudo sed -i '/^auth\s*include\s*system-auth/i auth sufficient pam_fprintd.so' /etc/pam.d/sudo if [ ! -f /etc/pam.d/polkit-1 ]; then sudo cp /usr/lib/pam.d/polkit-1 /etc/pam.d/polkit-1 fi - sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/polkit-1 + sudo sed -i '/^auth\s*include\s*system-auth/i auth [success=1 default=ignore] pam_succeed_if.so service in sudo:su:su-l tty in :unknown' /etc/pam.d/polkit-1 + sudo sed -i '/^auth\s*include\s*system-auth/i auth sufficient pam_fprintd.so' /etc/pam.d/polkit-1 + if whiptail --title "Enroll Fingerprint" --yesno "Would you like to enroll your fingerprint now?" 10 60; then echo "Enrolling fingerprint..." fprintd-enroll fi - echo "Fprintd setup completed." + echo "Fingerprint setup completed." fi } @@ -440,12 +479,39 @@ setup_flatpak() { fi } +# Function name: Setup sbctl +# Description: Install and setup sbctl for managing Secure Boot keys +setup_sbctl() { + if whiptail --title "Setup sbctl" --yesno "Would you like to setup sbctl?" 10 60; then + echo "== Installing sbctl ==" + install_package sbctl + echo "== Setting up sbctl ==" + sudo sbctl create-keys + sbctl verify | sed 's/✗ /sbctl sign -s /e' + if sbctl status | grep -q "Setup Mode:.*Disabled"; then + echo "Setup mode is disabled so we cannot enroll the keys. Please enable setup mode in your firmware settings and run 'sudo sbctl enroll-keys' manually." + else + echo "Enrolling keys with sbctl" + sudo sbctl enroll-keys -m + echo "Keys enrolled successfully." + fi + fi +} + # function name : setup fwupd # Description: setup fwupd setup_fwupd() { if whiptail --title "Setup fwupd" --yesno "Would you like to setup fwupd?" 10 60; then echo "== Installing fwupd ==" install_package fwupd + # if sbctl install then + if pacman -Qs sbctl > /dev/null; then + sudo sbctl sign -s -o /usr/lib/fwupd/efi/fwupdx64.efi.signed /usr/lib/fwupd/efi/fwupdx64.efi + sudo sbctl sign -s -o /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed /usr/lib/systemd/boot/efi/systemd-bootx64.efi + if pacman -Qs shim > /dev/null; then + sudo sbctl sign -s -o /boot/EFI/arch/shimx64.efi /usr/share/shim/shimx64.efi + fi + fi fi } @@ -737,6 +803,7 @@ setup_bluetooth setup_firewall setup_ntp setup_flatpak +setup_sbctl setup_fwupd setup_u2f setup_fprint