diff --git a/build-x86-images.sh b/build-x86-images.sh index 84f22f31..24e62757 100755 --- a/build-x86-images.sh +++ b/build-x86-images.sh @@ -74,7 +74,7 @@ build_variant() { IMG=pep-live-${ARCH}-${DATE}-${variant}.iso GRUB_PKGS="grub-i386-efi grub-x86_64-efi" A11Y_PKGS="espeakup void-live-audio brltty" - PKGS="dialog octoxbps cryptsetup lvm2 mdadm void-docs-browse xtools-minimal xmirror chrony void-repo-nonfree void-repo-multilib void-repo-multilib-nonfree $A11Y_PKGS $GRUB_PKGS" + PKGS="dialog octoxbps cryptsetup lvm2 mdadm rsync void-docs-browse xtools-minimal xmirror chrony void-repo-nonfree void-repo-multilib void-repo-multilib-nonfree $A11Y_PKGS $GRUB_PKGS" XORG_PKGS="xorg xorg-input-drivers xorg-video-drivers setxkbmap xauth font-misc-misc terminus-font dejavu-fonts-ttf orca" SERVICES="sshd chronyd" diff --git a/calamares/calamares/settings.conf b/calamares/calamares/settings.conf index 1345c774..c30bd895 100644 --- a/calamares/calamares/settings.conf +++ b/calamares/calamares/settings.conf @@ -25,7 +25,6 @@ sequence: - displaymanager - networkcfg - hwclock - # - services-runit - grubcfg - bootloader - postcfg diff --git a/calamares/modules/postcfg/main.py b/calamares/modules/postcfg/main.py index af5fd084..64717b5c 100644 --- a/calamares/modules/postcfg/main.py +++ b/calamares/modules/postcfg/main.py @@ -1,167 +1,157 @@ #!/usr/bin/python3 # -*- coding: utf-8 -*- -# -# === This file is part of Calamares - === -# -# Copyright 2014 - 2019, Philip Müller -# Copyright 2016, Artoo -# -# Calamares is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Calamares is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Calamares. If not, see . - import libcalamares import subprocess - from shutil import copy2 from distutils.dir_util import copy_tree from os.path import join, exists -from libcalamares.utils import target_env_call -from libcalamares.utils import target_env_process_output -from libcalamares.utils import check_target_env_output +from libcalamares.utils import target_env_call, target_env_process_output def pretty_name(): - return ("Misc post-install configurations") + return "Misc post-install configurations" -status = ("Misc post-install configurations") +status = "Misc post-install configurations" def pretty_status_message(): return status class ConfigController: def __init__(self): - self.__root = libcalamares.globalstorage.value("rootMountPoint") + try: + self.__root = libcalamares.globalstorage.value("rootMountPoint") + except Exception as e: + print(f"Error initializing root mount point: {e}") + raise @property def root(self): return self.__root def terminate(self, proc): - target_env_call(['killall', '-9', proc]) + try: + target_env_call(['killall', '-9', proc]) + except Exception as e: + print(f"Error terminating process '{proc}': {e}") def copy_file(self, file): - if exists("/" + file): - copy2("/" + file, join(self.root, file)) + try: + if exists("/" + file): + copy2("/" + file, join(self.root, file)) + except Exception as e: + print(f"Error copying file '{file}': {e}") def copy_folder(self, source, target): - if exists("/" + source): - copy_tree("/" + source, join(self.root, target)) + try: + if exists("/" + source): + copy_tree("/" + source, join(self.root, target)) + except Exception as e: + print(f"Error copying folder from '{source}' to '{target}': {e}") + + def is_pkg_installed(self, pkg): + """ Checks if a package is installed in the target environment. """ + try: + result = target_env_process_output(['xbps-query', pkg]) + return result is not None # Package exists if query returns any result + except Exception as e: + print(f"Error checking if package '{pkg}' is installed: {e}") + return False def remove_pkg(self, pkg): - libcalamares.utils.target_env_process_output(['xbps-remove', '-Ry', pkg]) + try: + target_env_process_output(['xbps-remove', '-Ry', pkg]) + except Exception as e: + print(f"Error removing package '{pkg}': {e}") def umount(self, mp): - subprocess.call(["umount", "-l", join(self.root, mp)]) + try: + subprocess.call(["umount", "-l", join(self.root, mp)]) + except Exception as e: + print(f"Error unmounting '{mp}': {e}") def mount(self, mp): - subprocess.call(["mount", "-B", "/" + mp, join(self.root, mp)]) + try: + subprocess.call(["mount", "-B", "/" + mp, join(self.root, mp)]) + except Exception as e: + print(f"Error mounting '{mp}': {e}") def rmdir(self, dir): - subprocess.call(["rm", "-Rf", join(self.root, dir)]) + try: + subprocess.call(["rm", "-Rf", join(self.root, dir)]) + except Exception as e: + print(f"Error removing directory '{dir}': {e}") def mkdir(self, dir): - subprocess.call(["mkdir", "-p", join(self.root, dir)]) + try: + subprocess.call(["mkdir", "-p", join(self.root, dir)]) + except Exception as e: + print(f"Error creating directory '{dir}': {e}") def run(self): - status = ("Removing CLI installer") - if exists(join(self.root, "usr/sbin/void-installer")): - libcalamares.utils.target_env_process_output(["rm", "-fv", "usr/sbin/void-installer"]) + try: + # Remove CLI installers + if exists(join(self.root, "usr/sbin/void-installer")): + target_env_process_output(["rm", "-fv", "usr/sbin/void-installer"]) - if exists(join(self.root, "usr/sbin/pep-installer")): - libcalamares.utils.target_env_process_output(["rm", "-fv", "usr/sbin/pep-installer"]) + if exists(join(self.root, "usr/sbin/pep-installer")): + target_env_process_output(["rm", "-fv", "usr/sbin/pep-installer"]) - status = ("Initializing package manager databases") - if libcalamares.globalstorage.value("hasInternet"): - libcalamares.utils.target_env_process_output(["xbps-install", "-Syy"]) + # Initialize package manager databases + if libcalamares.globalstorage.value("hasInternet"): + target_env_process_output(["xbps-install", "-Syy"]) - # Remove calamares - status = ("Removing Calamares from target") - self.remove_pkg("calamares") - if exists(join(self.root, "usr/share/applications/calamares.desktop")): - target_env_call(["rm", "-fv", "usr/share/applications/calamares.desktop"]) + # Remove Calamares from target + self.remove_pkg("calamares") + if exists(join(self.root, "usr/share/applications/calamares.desktop")): + target_env_call(["rm", "-fv", "usr/share/applications/calamares.desktop"]) - # Remove Breeze if Plasma is not installed - if exists(join(self.root, "usr/bin/startplasma-x11")): - print("Plasma is installed, not removing Breeze") - else: - status = ("Removing Breeze") - self.remove_pkg("breeze") + # Remove Emptty if LightDM is present + if exists(join(self.root, "etc/lightdm/lightdm.conf")): + if exists(join(self.root, "usr/bin/emptty")): + target_env_process_output(["rm", "-fv", "etc/runit/runsvdir/default/emptty"]) + target_env_process_output(["rm", "-rfv", "etc/emptty"]) + self.remove_pkg("emptty") - # If Plasma or LXQt are installed, remove Qt5ct - if exists(join(self.root, "usr/bin/startplasma-x11")): - status = ("Removing Qt5ct") - self.remove_pkg("qt5ct") - elif exists(join(self.root, "usr/bin/startlxqt")): - status = ("Removing Qt5ct") - self.remove_pkg("qt5ct") - - # Remove Emptty if LightDM is present - if exists(join(self.root, "etc/lightdm/lightdm.conf")): - if exists(join(self.root, "usr/bin/emptty")): - status = ("Removing Emptty") - libcalamares.utils.target_env_process_output(["rm", "-fv" , "etc/runit/runsvdir/default/emptty"]) - libcalamares.utils.target_env_process_output(["rm" , "-rfv", "etc/emptty"]) - self.remove_pkg("emptty") + # Update grub.cfg + if exists(join(self.root, "usr/bin/update-grub")): + target_env_process_output(["update-grub"]) - # Copy skel to root - status = ("Copying skel to root") - self.copy_folder('etc/skel', 'root') + # Enable `menu_auto_hide` in grubenv if supported + if exists(join(self.root, "usr/bin/grub-set-bootflag")): + target_env_call(["grub-editenv", "-", "set", "menu_auto_hide=1", "boot_success=1"]) - # Update grub.cfg - status = ("Updating GRUB") - if exists(join(self.root, "usr/bin/update-grub")): - libcalamares.utils.target_env_process_output(["update-grub"]) + # Enable doas if installed on target + if exists(join(self.root, "usr/bin/doas")): + doasconf = "permit nopass :root ||\npermit persist :wheel" + with open(join(self.root, "etc/doas.conf"), 'w') as conf: + conf.write(doasconf) - # Enable 'menu_auto_hide' when supported in grubenv - if exists(join(self.root, "usr/bin/grub-set-bootflag")): - target_env_call(["grub-editenv", "-", "set", "menu_auto_hide=1", "boot_success=1"]) + # Mark current kernel as automatically installed + target_env_process_output(["xbps-pkgdb", "-m", "auto", "linux6.1"]) -# # Enable plymouth -# status = ("Enabling Plymouth on target") -# libcalamares.utils.target_env_process_output(["plymouth-set-default-theme", "-R", "simply"]) + # Remove linux-headers package if installed and ignore it in updates + if self.is_pkg_installed("linux-headers"): + self.remove_pkg("linux-headers") + else: + print("Package 'linux-headers' not installed, skipping removal.") - # Replace /etc/issue msg from live - if exists(join(self.root, "etc/issue.new")): - libcalamares.utils.target_env_process_output(["mv", "etc/issue.new", "etc/issue"]) + ignorepkg = "ignorepkg=linux-headers" + self.mkdir("etc/xbps.d/") + with open(join(self.root, "etc/xbps.d/00-ignore.conf"), 'w') as conf: + conf.write(ignorepkg) - # If doas installed on target, enable it - if exists(join(self.root, "usr/bin/doas")): - doasconf = "permit nopass :root ||\npermit persist :wheel" - with open(join(self.root, "etc/doas.conf"), 'w') as conf: - conf.write(doasconf) + # Reconfigure all target packages + target_env_process_output(["xbps-reconfigure", "-fa"]) - # Override default XFCE wallpaper - if exists(join(self.root, "usr/share/backgrounds/xfce/xfce-shapes.png")): - libcalamares.utils.target_env_process_output(["rm", "-fv", "usr/share/backgrounds/xfce/xfce-shapes.png"]) - libcalamares.utils.target_env_process_output(["ln", "-frsv", "usr/share/backgrounds/wallpaper4.png", "usr/share/backgrounds/xfce/xfce-shapes.png"]) - - # Mark current kernel as automatically installed (this allows to remove old LTS kernels as orphaned packages). - libcalamares.utils.target_env_process_output(["xbps-pkgdb", "-m", "auto", "linux6.1"]) - - # Remove linux-headers meta-package - status = ("Removing linux-headers from target") - libcalamares.utils.target_env_process_output(["xbps-remove", "-RFyv", "linux-headers"]) - ignorepkg = "ignorepkg=linux-headers" - self.mkdir("etc/xbps.d/") - with open(join(self.root, "etc/xbps.d/00-ignore.conf"), 'w') as conf: - conf.write(ignorepkg) - - # Reconfigure all target packages to ensure everything is ok - status = ("Reconfiguring all target packages") - libcalamares.utils.target_env_process_output(["xbps-reconfigure", "-fa"]) + except Exception as e: + print(f"Error during run process: {e}") + raise def run(): """ Misc post-install configurations """ + try: + config = ConfigController() + return config.run() + except Exception as e: + print(f"Error in main run function: {e}") + return None - config = ConfigController() - - return config.run() diff --git a/isolinux/isolinux.cfg.in b/isolinux/isolinux.cfg.in index 2bcdb272..a1c1f070 100644 --- a/isolinux/isolinux.cfg.in +++ b/isolinux/isolinux.cfg.in @@ -23,22 +23,22 @@ MENU COLOR sel * #ffffffff #FF5255FF * LABEL linux MENU LABEL @@BOOT_TITLE@@ @@KERNVER@@ @@ARCH@@ KERNEL /boot/vmlinuz -APPEND initrd=/boot/initrd root=live:CDLABEL=PEP-LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ +APPEND initrd=/boot/initrd root=live:CDLABEL=PEP_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ LABEL linuxram MENU LABEL @@BOOT_TITLE@@ @@KERNVER@@ @@ARCH@@ (RAM) KERNEL /boot/vmlinuz -APPEND initrd=/boot/initrd root=live:CDLABEL=PEP-LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ rd.live.ram +APPEND initrd=/boot/initrd root=live:CDLABEL=PEP_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ rd.live.ram LABEL linuxa11y MENU LABEL @@BOOT_TITLE@@ @@KERNVER@@ @@ARCH@@ with ^speech KERNEL /boot/vmlinuz -APPEND initrd=/boot/initrd root=live:CDLABEL=PEP-LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ live.accessibility live.autologin +APPEND initrd=/boot/initrd root=live:CDLABEL=PEP_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ live.accessibility live.autologin LABEL linuxa11yram MENU LABEL @@BOOT_TITLE@@ @@KERNVER@@ @@ARCH@@ with speech (^RAM) KERNEL /boot/vmlinuz -APPEND initrd=/boot/initrd root=live:CDLABEL=PEP-LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ live.accessibility live.autologin rd.live.ram +APPEND initrd=/boot/initrd root=live:CDLABEL=PEP_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ live.accessibility live.autologin rd.live.ram LABEL c MENU LABEL Boot first HD found by BIOS diff --git a/live-installer.py b/live-installer.py deleted file mode 100644 index fa03ddcd..00000000 --- a/live-installer.py +++ /dev/null @@ -1,193 +0,0 @@ -import sys -import subprocess -from PyQt5.QtWidgets import (QApplication, QMainWindow, QVBoxLayout, QLabel, QPushButton, - QWidget, QComboBox, QLineEdit, QProgressBar, QMessageBox, - QStackedWidget, QHBoxLayout, QFormLayout) -from PyQt5.QtGui import QPixmap, QFont -from PyQt5.QtCore import Qt - -class InstallerWindow(QMainWindow): - def __init__(self): - super().__init__() - self.setWindowTitle("Void Linux Installer") - self.setGeometry(300, 200, 800, 600) - - # Widget com layout empilhado para etapas de instalação - self.stack = QStackedWidget() - self.setCentralWidget(self.stack) - - # Fontes e estilos básicos - self.title_font = QFont("Arial", 18, QFont.Bold) - self.normal_font = QFont("Arial", 12) - - # Etapas do instalador - self.create_welcome_page() - self.create_partition_page() - self.create_user_page() - self.create_install_page() - - # Layout para os botões de navegação - self.nav_layout = QHBoxLayout() - self.prev_button = QPushButton("Anterior") - self.prev_button.clicked.connect(self.prev_page) - self.prev_button.setEnabled(False) # Desativado na primeira página - self.next_button = QPushButton("Próximo") - self.next_button.clicked.connect(self.next_page) - - self.nav_layout.addWidget(self.prev_button) - self.nav_layout.addWidget(self.next_button) - - # Adicionar os botões de navegação no final - nav_widget = QWidget() - nav_widget.setLayout(self.nav_layout) - layout = QVBoxLayout() - layout.addWidget(self.stack) - layout.addWidget(nav_widget) - container = QWidget() - container.setLayout(layout) - self.setCentralWidget(container) - - def create_welcome_page(self): - """Página de boas-vindas.""" - page = QWidget() - layout = QVBoxLayout() - - welcome_label = QLabel("Bem-vindo ao Instalador do Void Linux") - welcome_label.setFont(self.title_font) - layout.addWidget(welcome_label, alignment=Qt.AlignCenter) - - img_label = QLabel() - img = QPixmap("image.png") # Certifique-se de que o caminho da imagem esteja correto - img_label.setPixmap(img.scaled(300, 300, Qt.KeepAspectRatio)) - layout.addWidget(img_label, alignment=Qt.AlignCenter) - - page.setLayout(layout) - self.stack.addWidget(page) - - def create_partition_page(self): - """Página de seleção de partição.""" - page = QWidget() - layout = QVBoxLayout() - - title = QLabel("Seleção de Partição") - title.setFont(self.title_font) - layout.addWidget(title) - - form_layout = QFormLayout() - self.partition_combo = QComboBox() - self.partition_combo.addItems(self.get_partitions()) - form_layout.addRow("Escolha uma partição:", self.partition_combo) - - # Botão para abrir GParted - gparted_button = QPushButton("Abrir GParted para Particionamento") - gparted_button.clicked.connect(self.open_gparted) - layout.addLayout(form_layout) - layout.addWidget(gparted_button) - - page.setLayout(layout) - self.stack.addWidget(page) - - def create_user_page(self): - """Página de configuração de usuário e senha.""" - page = QWidget() - layout = QVBoxLayout() - - title = QLabel("Configuração do Usuário") - title.setFont(self.title_font) - layout.addWidget(title) - - form_layout = QFormLayout() - self.user_input = QLineEdit() - self.password_input = QLineEdit() - self.password_input.setEchoMode(QLineEdit.Password) - form_layout.addRow("Nome do usuário:", self.user_input) - form_layout.addRow("Senha:", self.password_input) - - layout.addLayout(form_layout) - page.setLayout(layout) - self.stack.addWidget(page) - - def create_install_page(self): - """Página de instalação com barra de progresso.""" - page = QWidget() - layout = QVBoxLayout() - - title = QLabel("Instalação do Sistema") - title.setFont(self.title_font) - layout.addWidget(title) - - self.progress_bar = QProgressBar() - self.progress_bar.setAlignment(Qt.AlignCenter) - layout.addWidget(self.progress_bar) - - install_button = QPushButton("Iniciar Instalação") - install_button.clicked.connect(self.start_installation) - layout.addWidget(install_button, alignment=Qt.AlignCenter) - - page.setLayout(layout) - self.stack.addWidget(page) - - def get_partitions(self): - """Função para listar partições do sistema.""" - partitions = subprocess.getoutput("lsblk -nd -o NAME").splitlines() - return [f"/dev/{p}" for p in partitions] - - def open_gparted(self): - """Abre o GParted para particionamento de disco.""" - try: - subprocess.Popen(["gparted"]) - except FileNotFoundError: - QMessageBox.critical(self, "Erro", "GParted não está instalado.") - - def start_installation(self): - """Inicia a instalação e atualiza a barra de progresso.""" - partition = self.partition_combo.currentText() - username = self.user_input.text() - password = self.password_input.text() - - if not partition or not username or not password: - QMessageBox.warning(self, "Erro", "Por favor, preencha todos os campos.") - return - - try: - self.progress_bar.setValue(0) - subprocess.run(["./mklive.sh"], check=True) - self.progress_bar.setValue(25) - subprocess.run(["./mkrootfs.sh"], check=True) - self.progress_bar.setValue(50) - subprocess.run(["./mkimage.sh"], check=True) - self.progress_bar.setValue(75) - subprocess.run(["./installer.sh", partition, username, password], check=True) - self.progress_bar.setValue(100) - QMessageBox.information(self, "Sucesso", "Instalação concluída com sucesso!") - except subprocess.CalledProcessError as e: - QMessageBox.critical(self, "Erro", f"Ocorreu um erro: {e}") - - def next_page(self): - """Avançar para a próxima página.""" - current_index = self.stack.currentIndex() - if current_index < self.stack.count() - 1: - self.stack.setCurrentIndex(current_index + 1) - self.prev_button.setEnabled(True) - - # Alterar o texto do botão para "Instalar" na última página - if current_index == self.stack.count() - 2: - self.next_button.setText("Instalar") - else: - self.next_button.setText("Próximo") - - def prev_page(self): - """Voltar para a página anterior.""" - current_index = self.stack.currentIndex() - if current_index > 0: - self.stack.setCurrentIndex(current_index - 1) - self.next_button.setText("Próximo") - if current_index == 1: - self.prev_button.setEnabled(False) - -if __name__ == "__main__": - app = QApplication(sys.argv) - window = InstallerWindow() - window.show() - sys.exit(app.exec_()) - diff --git a/mklive.sh b/mklive.sh index 193181e8..8dbc8f01 100755 --- a/mklive.sh +++ b/mklive.sh @@ -585,6 +585,9 @@ generate_isolinux_boot print_step "Generating GRUB support for EFI systems..." generate_grub_efi_boot +#print_step "Configuring Secure Boot and TPM support..." +#source ./secureboot_tpm_setup.sh + print_step "Cleaning up rootfs..." cleanup_rootfs diff --git a/secureboot_tpm_setup.sh b/secureboot_tpm_setup.sh new file mode 100755 index 00000000..0f089051 --- /dev/null +++ b/secureboot_tpm_setup.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# secureboot_tpm_setup.sh - Script to set up Secure Boot and TPM during ISO build + +set -e + +# Paths and filenames +KEY_DIR="/etc/secureboot" +GRUB_PATH="/boot/EFI/BOOT/BOOTX64.EFI" +KERNEL_PATH="/boot/vmlinuz" +SIGNED_KERNEL_PATH="/boot/vmlinuz-signed" +SIGNED_GRUB_PATH="/boot/EFI/BOOT/BOOTX64.EFI.signed" +CONF_PATH="/etc/xbps.d" + +# Create directory for storing Secure Boot keys +mkdir -p "$KEY_DIR" +chmod 700 "$KEY_DIR" + +# Generate Secure Boot Keys +echo "Generating Secure Boot keys..." +openssl req -new -x509 -newkey rsa:2048 -keyout "$KEY_DIR/db.key" -out "$KEY_DIR/db.crt" -nodes -days 3650 -subj "/CN=Void Linux Secure Boot/" +openssl x509 -in "$KEY_DIR/db.crt" -outform DER -out "$KEY_DIR/db.der" + +# Install required tools +echo "Installing required tools..." +xbps-install -S -y efitools sbsigntool tpm-tools tpm2-tools + +# Sign the GRUB EFI binary +echo "Signing GRUB..." +sbsign --key "$KEY_DIR/db.key" --cert "$KEY_DIR/db.crt" --output "$SIGNED_GRUB_PATH" "$GRUB_PATH" +mv "$SIGNED_GRUB_PATH" "$GRUB_PATH" + +# Sign the kernel +echo "Signing kernel..." +sbsign --key "$KEY_DIR/db.key" --cert "$KEY_DIR/db.crt" --output "$SIGNED_KERNEL_PATH" "$KERNEL_PATH" +mv "$SIGNED_KERNEL_PATH" "$KERNEL_PATH" + +# Configure GRUB to load the signed kernel +echo "Configuring GRUB for signed kernel..." +cat << EOF > /etc/grub.d/40_custom +menuentry "Void Linux" { + insmod gzio + insmod part_gpt + insmod ext2 + set root='hd0,gpt1' + linux /vmlinuz root=/dev/sdX ro + initrd /initramfs.img +} +EOF + +# Regenerate GRUB configuration +echo "Generating GRUB configuration..." +grub-mkconfig -o /boot/grub/grub.cfg + +# Set up TPM (optional, for integrity checks) +echo "Configuring TPM..." +echo "GRUB_CMDLINE_LINUX='tpm_tis.force=1'" >> /etc/default/grub +grub-mkconfig -o /boot/grub/grub.cfg + +# Disable linux-headers to avoid conflicts with Secure Boot +echo "Disabling linux-headers package..." +mkdir -p "$CONF_PATH" +echo "ignorepkg=linux-headers" > "$CONF_PATH/00-ignore.conf" + +# Clean up key files (optional, to avoid storing keys in ISO) +rm -rf "$KEY_DIR" + +echo "Secure Boot and TPM setup completed."