#! /usr/bin/env bash FILE="$(realpath "${BASH_SOURCE[0]}")" DIRECTORY="$(dirname "${FILE}")" ROOT="$(dirname "${DIRECTORY}")" [ -d "${ROOT}" ] || exit 1 PROJECT="$(basename "${DIRECTORY}")" function get_path_mount { stat --format '%m' "${1}" } function get_mount_uuid { findmnt --noheadings --output 'UUID' "${1}" } function get_path_uuid { local tmp="$(get_path_mount "${1}")" get_mount_uuid "${tmp}" } ESP="$(get_path_uuid "${ROOT}")" if [ "${1}" ] ; then DATA="$(get_path_uuid "${1}")" else DATA="${ESP}" fi PGP_PUB='312ACDF9BB03C81ADE95B9C09C7613450C80C24F' function sign { if [ -d "${1}" ] ; then local file local files readarray -t files <<< "$(find "${1}" -type f | sort)" for file in "${files[@]}" ; do sign "${file}" done fi if [ -f "${1}" ] ; then echo "${1}" gpg \ --quiet \ --default-key "${PGP_PUB}!" \ --detach-sign \ "${1}" fi } NAME="$(basename "${FILE}")" PREVIOUS="${PWD}" cd "${DIRECTORY}" # imports ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ source "${NAME%.*}.mod" # variables ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ MEMDISK_ROOT='boot' MEMDISK_DIRECTORY="${MEMDISK_ROOT}/grub" MEMDISK_FILE="${MEMDISK_DIRECTORY}/grub.cfg" MEMDISK_PUB="${MEMDISK_DIRECTORY}/grub.pgp" MEMDISK_ARCHIVE="${MEMDISK_ROOT}.tar" UEFI_ROOT="${ROOT}/efi" UEFI_DIRECTORY="${UEFI_ROOT}/boot" UEFI_FILE="${UEFI_DIRECTORY}/bootx64.efi" UEFI_GRUB="${UEFI_DIRECTORY}/grubx64.efi" SIGNED_GRUB='/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed' SIGNED_SHIM='/usr/lib/shim/shimx64.efi.signed' BIOS_DIRECTORY="${ROOT}/bios" BIOS_FILE="${BIOS_DIRECTORY}/core.img" BIOS_SETUP="${BIOS_DIRECTORY}/setup.sh" COMPRESSION='xz' GRUB_ROOT="${ROOT}/boot/grub" GRUB_CFG="${GRUB_ROOT}/grub.cfg" GRUB_ENV="${ROOT}/grub.env" GRUB_PUB="${GRUB_ROOT}/grub.pgp" # wipe ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ rm --force --recursive \ "${MEMDISK_ROOT}" "${UEFI_ROOT}" "${BIOS_DIRECTORY}" # memdisk ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ mkdir --parents "${MEMDISK_DIRECTORY}" echo -n "\ function set_init { search --no-floppy --set data \\ --fs-uuid '${DATA}' # search --no-floppy --set esp \\ --fs-uuid '${ESP}' if [ \"\${esp}\" ] ; then env=\"(\${esp})/grub.env\" live=\"(\${esp})/${PROJECT}/live\" # for file in \${live}/source/*.sh ; do source \"\${file}\" done unset file fi } function normal_init { check_signatures='no' pager=1 # set_init if [ \"\${esp}\" ] ; then prefix=\"(\${esp})/grub\" root=\"\${esp}\" # normal \"\${live}/normal.sh\" fi } normal_init " > "${MEMDISK_FILE}" # gpg --detach-sign "${MEMDISK_FILE}" gpg --export "${PGP_PUB}" > "${MEMDISK_PUB}" # gpg --detach-sign "${MEMDISK_PUB}" tar --create --auto-compress \ --file "${MEMDISK_ARCHIVE}" "${MEMDISK_ROOT}" # uefi ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ mkdir --parents "${UEFI_DIRECTORY}" grub-mkimage \ --compress "${COMPRESSION}" \ --memdisk "${MEMDISK_ARCHIVE}" \ --format 'x86_64-efi' \ --output "${UEFI_FILE}" \ --pubkey "${MEMDISK_PUB}" \ "${MODULES[@]}" # gpg --detach-sign "${UEFI_FILE}" if [ -f "${SIGNED_SHIM}" ] ; then mv "${UEFI_FILE}" "${UEFI_GRUB}" cp "${SIGNED_SHIM}" "${UEFI_FILE}" fi if [ -f "${SIGNED_GRUB}" ] ; then cp "${SIGNED_GRUB}" "${UEFI_GRUB}" fi # bios ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ mkdir "${BIOS_DIRECTORY}" cp '/usr/lib/grub/i386-pc/boot.img' "${BIOS_DIRECTORY}" sign "${BIOS_DIRECTORY}/boot.img" grub-mkimage \ --compress "${COMPRESSION}" \ --memdisk "${MEMDISK_ARCHIVE}" \ --format 'i386-pc' \ --output "${BIOS_FILE}" \ --pubkey "${MEMDISK_PUB}" \ "${MODULES[@]}" "${MODULES_BIOS[@]}" sign "${BIOS_FILE}" echo -n '#! /usr/bin/env bash FILE="$(realpath "${BASH_SOURCE[0]}")" DIRECTORY="$(dirname "${FILE}")" /usr/lib/grub/i386-pc/grub-bios-setup \ --directory "${DIRECTORY}" \ "${1}" ' >> "${BIOS_SETUP}" sign "${BIOS_SETUP}" # grub ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ rm --force --recursive "${GRUB_ROOT}" mkdir --parents "${GRUB_ROOT}" # grub / cfg ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ cp "${DIRECTORY}/grub.cfg.sh" "${GRUB_CFG}" # grub / env ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ grubenv="# GRUB Environment Block live_name=${PROJECT} data_uuid=${DATA} " grublen=${#grubenv} while [ $grublen -lt 1024 ] ; do grubenv="${grubenv}#" grublen=${#grubenv} done echo -n "${grubenv}" > "${GRUB_ENV}" # grub / fonts ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ mkdir --parents "${GRUB_ROOT}/fonts" for font in $(find '/usr/share/grub' -type 'f' -name '*.pf2') ; do cp "${font}" "${GRUB_ROOT}/fonts" done # grub / themes ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ if cd '/usr/share/grub/themes' ; then mkdir --parents "${GRUB_ROOT}/themes" for theme in * ; do if [ -f "${theme}/theme.txt" ] ; then cp --recursive "${theme}" "${GRUB_ROOT}/themes" fi done fi cd "${DIRECTORY}" # grub / locales ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ mkdir --parents "${GRUB_ROOT}/locale" cd '/usr/share/locale' for locale in * ; do file="${locale}/LC_MESSAGES/grub.mo" if [ -f "${file}" ] ; then cp "${file}" "${GRUB_ROOT}/locale/${locale}.mo" fi done cd "${DIRECTORY}" # grub / pubkey ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ gpg --export "${PGP_PUB}" > "${GRUB_PUB}" # grub / modules ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ for target in 'x86_64-efi' 'i386-pc' ; do mkdir --parents "${GRUB_ROOT}/${target}" cd "/usr/lib/grub/${target}" for module in *.lst *.mod ; do cp "${module}" "${GRUB_ROOT}/${target}" done done cd "${DIRECTORY}" # sign ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ sign "${ROOT}/${PROJECT}/live" sign "${GRUB_ROOT}" sign "${UEFI_DIRECTORY}" # display ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ du --human-readable --summarize \ "${UEFI_ROOT}" \ "${BIOS_DIRECTORY}" \ "${ROOT}" echo echo "ESP: ${ESP}" echo "DATA: ${DATA}" # clean ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ rm --force --recursive \ "${MEMDISK_ARCHIVE}" \ "${MEMDISK_ROOT}" # back ⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅⋅ cd "${PREVIOUS}"