Lightemerald/linux-scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed and improved some functions and added sbctl

Browse Source
This commit is contained in:
Lightemerald
2025-09-30 00:52:38 +02:00
parent c24892ff8b
commit eab308fd8b
1 changed files with 83 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
arch-setup.sh
View File

@@ -276,14 +276,9 @@ setup_plymouth() {
echo "quiet splash" | sudo tee -a /etc/kernel/cmdline
fi
if ! grep -q "plymouth" /etc/mkinitcpio.conf; then
sudo sed -i 's/^HOOKS=(base udev autodetect microcode/HOOKS=(base udev autodetect microcode plymouth /' /etc/mkinitcpio.conf
sudo sed -i 's/^HOOKS=(base udev autodetect microcode/HOOKS=(base udev autodetect microcode plymouth/' /etc/mkinitcpio.conf
fi
install_package plymouth
if pacman -Qs plymouth-theme-catppuccin-mocha-git > /dev/null; then
sudo plymouth-set-default-theme -R catppuccin-mocha
else
sudo plymouth-set-default-theme -R spinner
fi
echo "Plymouth setup completed."
fi
}
@@ -292,9 +287,41 @@ setup_plymouth() {
# Description: Install and setup NetworkManager and its dependencies
setup_network() {
if whiptail --title "Setup Network" --yesno "Would you like to setup NetworkManager?" 10 60; then
echo "== Installing NetworkManager and its dependencies =="
install_dependencies networkmanager wpa_supplicant
install_package networkmanager-openvpn networkmanager-strongswan
sudo systemctl enable --now NetworkManager
echo "NetworkManager and its dependencies installed successfully."
fi
wireless_ifaces=$(ip -o link show 2>/dev/null | awk -F': ' '{print $2}' | grep -E '^(wlan|wlp|wl|wifi)' || true)
if [ -z "$wireless_ifaces" ]; then
if lspci 2>/dev/null | grep -Ei 'network controller|wireless|wi-fi' >/dev/null 2>&1 || \
lsusb 2>/dev/null | grep -Ei 'wireless|802.11' >/dev/null 2>&1; then
wireless_detected=1
else
wireless_detected=0
fi
else
wireless_detected=1
fi
if [ "$wireless_detected" -eq 1 ]; then
if ! pacman -Qi wireless-regdb >/dev/null 2>&1; then
if whiptail --title "Wireless regulatory database" --yesno \
"Wireless hardware detected. Would you like to install wireless-regdb (regulatory database)?" 10 60; then
install_package wireless-regdb
country_code=$(whiptail --title "Wireless Regulatory Domain" --inputbox \
"Enter your 2-letter ISO country code (e.g., US, GB, IN):" 10 60 3>&1 1>&2 2>&3)
if [ -n "$country_code" ]; then
echo "Updating regulatory domain to $country_code"
echo "WIRELESS_REGDOM=\"$country_code\"" | sudo tee -a /etc/conf.d/wireless-regdomain
echo "Regulatory domain updated to $country_code"
else
echo "No country code entered. Skipping regulatory domain update."
fi
fi
fi
fi
}
@@ -319,14 +346,13 @@ setup_u2f() {
echo "auth required pam_u2f.so cue origin=pam://$HOST appid=pam://$HOST" | sudo tee -a /etc/pam.d/u2f-required
echo "auth sufficient pam_u2f.so cue origin=pam://$HOST appid=pam://$HOST" | sudo tee -a /etc/pam.d/u2f-sufficient
sudo sed -i '/^password\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/su
sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/sudo
sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/passwd
sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/system-login
sudo sed -i '/^auth\s*include\s*system-login/i auth include u2f-sufficient' /etc/pam.d/system-local-login
sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/sudo
if [ ! -f /etc/pam.d/polkit-1 ]; then
sudo cp /usr/lib/pam.d/polkit-1 /etc/pam.d/polkit-1
fi
sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/polkit-1
if whiptail --title "Enroll U2F Device" --yesno "Would you like to enroll your U2F device now?" 10 60; then
echo "Enrolling U2F device..."
pamu2fcfg -o "pam://$HOST" -i "pam://$HOST" > ~/.config/Yubico/u2f_keys
@@ -339,21 +365,34 @@ setup_u2f() {
# Description: setup fprint for login using fingerprint reader
setup_fprint() {
if whiptail --title "Setup Fprint" --yesno "Would you like to setup fingerprint authentication (fprintd)?" 10 60; then
echo "== Installing fprintd and its dependencies =="
install_package fprintd
install_dependencies imagemagick
sudo systemctl enable --now fprintd
# using lsusb to check if fingerprint reader needs python-validity or fprintd
if lsusb | grep -q "Validity Sensors, Inc."; then
echo "Fingerprint reader from Validity Sensors detected. We will install python-validity instead of standard fprintd for better support"
echo "== Installing python-validity and its dependencies =="
install_package python-validity
echo "python-validity installation completed."
else
echo "== Installing fprintd and its dependencies =="
install_package fprintd
install_dependencies imagemagick
sudo systemctl enable --now fprintd
echo "fprintd installation completed."
fi
sudo sed -i '/^auth\s*include\s*system-login/i auth [success=1 default=ignore] pam_succeed_if.so service in sudo:su:su-l tty in :unknown' /etc/pam.d/system-local-login
sudo sed -i '/^auth\s*include\s*system-login/i auth sufficient pam_fprintd.so' /etc/pam.d/system-local-login
sudo sed -i '/^auth\s*include\s*system-auth/i auth [success=1 default=ignore] pam_succeed_if.so service in sudo:su:su-l tty in :unknown' /etc/pam.d/sudo
sudo sed -i '/^auth\s*include\s*system-auth/i auth sufficient pam_fprintd.so' /etc/pam.d/sudo
if [ ! -f /etc/pam.d/polkit-1 ]; then
sudo cp /usr/lib/pam.d/polkit-1 /etc/pam.d/polkit-1
fi
sudo sed -i '/^auth\s*include\s*system-auth/i auth include u2f-sufficient' /etc/pam.d/polkit-1
sudo sed -i '/^auth\s*include\s*system-auth/i auth [success=1 default=ignore] pam_succeed_if.so service in sudo:su:su-l tty in :unknown' /etc/pam.d/polkit-1
sudo sed -i '/^auth\s*include\s*system-auth/i auth sufficient pam_fprintd.so' /etc/pam.d/polkit-1
if whiptail --title "Enroll Fingerprint" --yesno "Would you like to enroll your fingerprint now?" 10 60; then
echo "Enrolling fingerprint..."
fprintd-enroll
fi
echo "Fprintd setup completed."
echo "Fingerprint setup completed."
fi
}
@@ -440,12 +479,39 @@ setup_flatpak() {
fi
}
# Function name: Setup sbctl
# Description: Install and setup sbctl for managing Secure Boot keys
setup_sbctl() {
if whiptail --title "Setup sbctl" --yesno "Would you like to setup sbctl?" 10 60; then
echo "== Installing sbctl =="
install_package sbctl
echo "== Setting up sbctl =="
sudo sbctl create-keys
sbctl verify | sed 's/✗ /sbctl sign -s /e'
if sbctl status | grep -q "Setup Mode:.*Disabled"; then
echo "Setup mode is disabled so we cannot enroll the keys. Please enable setup mode in your firmware settings and run 'sudo sbctl enroll-keys' manually."
else
echo "Enrolling keys with sbctl"
sudo sbctl enroll-keys -m
echo "Keys enrolled successfully."
fi
fi
}
# function name : setup fwupd
# Description: setup fwupd
setup_fwupd() {
if whiptail --title "Setup fwupd" --yesno "Would you like to setup fwupd?" 10 60; then
echo "== Installing fwupd =="
install_package fwupd
# if sbctl install then
if pacman -Qs sbctl > /dev/null; then
sudo sbctl sign -s -o /usr/lib/fwupd/efi/fwupdx64.efi.signed /usr/lib/fwupd/efi/fwupdx64.efi
sudo sbctl sign -s -o /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed /usr/lib/systemd/boot/efi/systemd-bootx64.efi
if pacman -Qs shim > /dev/null; then
sudo sbctl sign -s -o /boot/EFI/arch/shimx64.efi /usr/share/shim/shimx64.efi
fi
fi
fi
}
@@ -737,6 +803,7 @@ setup_bluetooth
setup_firewall
setup_ntp
setup_flatpak
setup_sbctl
setup_fwupd
setup_u2f
setup_fprint