-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathbuild.sh
executable file
·81 lines (69 loc) · 2.1 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/bin/bash
# build.sh by Ian LeCorbeau.
# Builds custom Debian iso.
# IMPORTANT: this script should never be run as root.
# Only the lb clean and lb build commands require root privileges.
# By default, doas is called from the script. If sudo is installed instead,
# replace /usr/bin/doas with /usr/bin/sudo in the do_build() and do_rebuild() functions.
BUILDER=LeCorbeau
FLAVOUR=bullseye
REPODIR="$HOME"/.local/src/debian-live-build/config
WORKDIR="$HOME"/.build/deb-dwm-live
mk_dir() {
mkdir -p "$WORKDIR"
}
conf() {
cd "$WORKDIR" || exit
lb config \
-d "$FLAVOUR" \
--debian-installer none \
--iso-publisher "$BUILDER" \
--checksums sha512 \
--image-name deb-dwm-live-"$(date +"%Y%m%d")" \
--archive-areas "main contrib non-free" \
--debootstrap-options "--variant=minbase" \
--bootappend-live "boot=live slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off lockdown=confidentiality"
}
copy_files() {
cp -r "$REPODIR"/archives "$WORKDIR"/config/
cp "$REPODIR"/hooks/normal/0001-instenv.hook.chroot "$WORKDIR"/config/hooks/normal/
cp -r "$REPODIR"/includes.chroot_after_packages/ "$WORKDIR"/config/
cp "$REPODIR"/package-lists/pkgs.list.chroot "$WORKDIR"/config/package-lists/
}
do_deploy() {
mk_dir
conf
copy_files
}
do_build() {
cd "$WORKDIR" || exit
/usr/bin/doas lb build
gen_sums_sig
}
do_rebuild() {
cd "$WORKDIR" || exit
/usr/bin/doas lb clean
lb config
/usr/bin/doas lb build
}
gen_sums_sig() {
local _isoname=deb-dwm-live-"$(date +"%Y%m%d")"-amd64.hybrid.iso
cd "$WORKDIR" || exit
touch checksums-"$_isoname".txt
sha256sum "$_isoname" > checksums-"$_isoname".txt
sha512sum "$_isoname" >> checksums-"$_isoname".txt
# Generate a key pair with gpg beforehand or comment out this part
gpg --detach-sign "$_isoname"
}
# Accepted arguments:
# -c: only run do_deploy
# -r: rebuilds the iso without re-deploying (NOT TESTED YET)
# No arguments provided assumes we want to deploy and build the iso from scratch.
case "$1" in
-c) do_deploy ;;
-r) do_rebuild
gen_sums_sig ;;
*) do_deploy
do_build
gen_sums_sig ;;
esac