Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Copyright 2020 - DanctNIX Community
- #
- # This script setup FDE on Arch Linux ARM for PinePhone (Pro)
- # and PineTab.
- #
- # Inspired by:
- # https://github.com/sailfish-on-dontbeevil/flash-it
- set +e
- DOWNLOAD_SERVER="https://danctnix.arikawa-hi.me/rootfs/archarm-on-mobile"
- TMPMOUNT=$(mktemp -p . -d)
- # Parse arguments
- # https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
- POSITIONAL=()
- while [[ $# -gt 0 ]]
- do
- key="$1"
- case $key in
- -h|--help)
- echo "Arch Linux ARM for PP/PT Encrypted Setup"
- echo ""
- printf '%s\n' \
- "This script will download the latest encrypted image for the" \
- "PinePhone, PinePhone Pro, and PineTab. It downloads and create a image for the user" \
- "to flash on their device or SD card." \
- "" \
- "usage: $0 " \
- "" \
- "Options:" \
- "" \
- " -h, --help Print this help and exit." \
- "" \
- "This command requires: parted, curl, sudo, wget, tar, unzip," \
- "mkfs.ext4, mkfs.f2fs, losetup, unsquashfs." \
- ""
- exit 0
- shift
- ;;
- *) # unknown argument
- POSITIONAL+=("$1") # save it in an array for later
- shift # past argument
- ;;
- esac
- done
- set -- "${POSITIONAL[@]}" # restore positional parameters
- # Helper functions
- # Error out if the given command is not found in PATH.
- function check_dependency {
- dependency=$1
- hash $dependency >/dev/null 2>&1 || {
- echo >&2 "${dependency} not found. Please make sure it is installed and on your PATH."; exit 1;
- }
- }
- function error {
- echo -e "\e[41m\e[5mERROR:\e[49m\e[25m $1"
- }
- # Check dependencies
- check_dependency "parted"
- check_dependency "cryptsetup"
- check_dependency "sudo"
- check_dependency "wget"
- check_dependency "tar"
- check_dependency "unsquashfs"
- check_dependency "mkfs.ext4"
- check_dependency "mkfs.f2fs"
- check_dependency "losetup"
- check_dependency "zstd"
- check_dependency "curl"
- # Image selection
- echo -e "\e[1mWhich image do you want to create?\e[0m"
- select OPTION in "PinePhone" "PineTab" "PinePhone Pro"; do
- case $OPTION in
- "PinePhone" ) DEVICE="pinephone"; break;;
- "PineTab" ) DEVICE="pinetab"; break;;
- "PinePhone Pro" ) DEVICE="pinephone-pro"; break;;
- esac
- done
- echo -e "\e[1mWhich environment would you like to install?\e[0m"
- select OPTION in "Phosh" "Plasma" "Sxmo" "Barebone"; do
- case $OPTION in
- "Phosh" ) USR_ENV="phosh"; break;;
- "Plasma" ) USR_ENV="plasma"; break;;
- "Sxmo" ) USR_ENV="sxmo"; break;;
- "Barebone" ) USR_ENV="barebone"; break;;
- esac
- done
- SQFSDATE=$(curl -s -f $DOWNLOAD_SERVER/version.txt || echo BAD)
- SQFSROOT="archlinux-$DEVICE-$USR_ENV-$SQFSDATE.sqfs"
- [ $SQFSDATE = "BAD" ] && { error "Failed to fetch for the latest version. The server may be down, please try again later." && exit 1; }
- # Filesystem selection
- echo -e "\e[1mWhich filesystem would you like to use?\e[0m"
- select OPTION in "ext4" "f2fs"; do
- case $OPTION in
- "ext4" ) FILESYSTEM="ext4"; break;;
- "f2fs" ) FILESYSTEM="f2fs"; break;;
- esac
- done
- # Select flash target
- echo -e "\e[1mWhich SD card do you want to flash?\e[0m"
- lsblk
- read -p "Device node (/dev/sdX): " DISK_IMAGE
- echo "Flashing image to: $DISK_IMAGE"
- echo "WARNING: All data will be erased! You have been warned!"
- echo "Some commands require root permissions, you might be asked to enter your sudo password."
- # Make sure people won't pick the wrong thing and ultimately erase the disk
- echo
- echo -e "\e[31m\e[1mARE YOU SURE \e[5m\e[4m${DISK_IMAGE}\e[24m\e[25m IS WHAT YOU PICKED?\e[39m\e[0m"
- read -p "Confirm device node: " CONFIRM_DISK_IMAGE
- [ "$DISK_IMAGE" != "$CONFIRM_DISK_IMAGE" ] && error "The device node mismatched. Aborting." && exit 1
- echo
- # Downloading images
- echo -e "\e[1mDownloading images...\e[0m"
- wget --quiet --show-progress -c -O $SQFSROOT $DOWNLOAD_SERVER/$SQFSROOT || {
- error "Root filesystem image download failed. Aborting."
- exit 2
- }
- # Checksum check, make sure the root image is the real deal.
- curl -s $DOWNLOAD_SERVER/$SQFSROOT.sha512sum | sha512sum -c || { error "Checksum does not match. Aborting." && rm $SQFSROOT && exit 1; }
- wget --quiet --show-progress -c -O arch-install-scripts.tar.zst "https://archlinux.org/packages/extra/any/arch-install-scripts/download/" || {
- error "arch-install-scripts download failed. Aborting."
- exit 2
- }
- tar --transform='s,^\([^/][^/]*/\)\+,,' -xf arch-install-scripts.tar.zst usr/bin/genfstab
- chmod +x genfstab
- [ ! -e "genfstab" ] && error "Failed to locate genfstab. Aborting." && exit 2
- [ $FILESYSTEM = "ext4" ] && MKFS="mkfs.ext4"
- [ $FILESYSTEM = "f2fs" ] && MKFS="mkfs.f2fs"
- sudo parted -a optimal ${DISK_IMAGE} mklabel msdos --script
- sudo parted -a optimal ${DISK_IMAGE} mkpart primary fat32 '0%' 256MB --script
- sudo parted -a optimal ${DISK_IMAGE} mkpart primary ext4 256MB 100% --script
- sudo parted ${DISK_IMAGE} set 1 boot on --script
- # The first partition is the boot partition and the second one the root
- PARTITIONS=$(lsblk $DISK_IMAGE -l | grep ' part ' | awk '{print $1}')
- BOOTPART=/dev/$(echo "$PARTITIONS" | sed -n '1p')
- ROOTPART=/dev/$(echo "$PARTITIONS" | sed -n '2p')
- ENCRYNAME=$(basename $(mktemp -p /dev/mapper/ -u))
- ENCRYPART="/dev/mapper/$ENCRYNAME"
- echo "You'll now be asked to type in a new encryption key. DO NOT LOSE THIS!"
- # Generating LUKS header on a modern computer would make the container slow to unlock
- # on slower devices such as PinePhone.
- #
- # Unless you're happy with the phone taking an eternity to unlock, this is it for now.
- sudo cryptsetup -q -y -v luksFormat --pbkdf-memory=20721 --pbkdf-parallel=4 --pbkdf-force-iterations=4 $ROOTPART
- sudo cryptsetup open $ROOTPART $ENCRYNAME
- [ ! -e /dev/mapper/${ENCRYNAME} ] && error "Failed to locate rootfs mapper. Aborting." && exit 1
- sudo mkfs.vfat $BOOTPART
- sudo $MKFS $ENCRYPART
- sudo mount $ENCRYPART $TMPMOUNT
- sudo mkdir $TMPMOUNT/boot
- sudo mount $BOOTPART $TMPMOUNT/boot
- sudo unsquashfs -f -d $TMPMOUNT $SQFSROOT
- ./genfstab -U $TMPMOUNT | grep UUID | grep -v "swap" | sudo tee -a $TMPMOUNT/etc/fstab
- sudo sed -i "s:UUID=[0-9a-f-]*\s*/\s:/dev/mapper/cryptroot / :g" $TMPMOUNT/etc/fstab
- sudo dd if=${TMPMOUNT}/boot/u-boot-sunxi-with-spl-${DEVICE}-552.bin of=${DISK_IMAGE} bs=8k seek=1
- sudo umount -R $TMPMOUNT
- sudo cryptsetup close $ENCRYNAME
- echo -e "\e[1mCleaning up working directory...\e[0m"
- sudo rm -f arch-install-scripts.tar.zst || true
- sudo rm -f genfstab || true
- sudo rm -rf $TMPMOUNT || true
- echo -e "\e[32m\e[1mAll done! Please insert the card to your device and power on.\e[39m\e[0m"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement