From 86846e29ed3b865c3b8b61f772e041923ec4a288 Mon Sep 17 00:00:00 2001 From: toloveru Date: Sat, 8 Apr 2017 17:23:25 +0200 Subject: [PATCH 1/5] Improved install script --- install | 55 ++++++++++++++++++++++++++++++++++++++++++++--------- kernelcheck | 23 ++++++++++++---------- 2 files changed, 59 insertions(+), 19 deletions(-) diff --git a/install b/install index 3c09469..4c8ad19 100755 --- a/install +++ b/install @@ -1,10 +1,47 @@ #!/bin/sh -printf "Copying files..\n" -sudo cp kernelcheck /usr/local/sbin/kernelcheck -sudo cp notify_all /usr/local/sbin/notify_all -printf "Adding hourly service to cron scheduler..\n" -(sudo crontab -l; echo "@hourly /usr/local/sbin/kernelcheck" ) | sudo crontab - -printf "Enabling cronie scheduler..\n" # Let me know if you use something else, and enable manually. -sudo systemctl start cronie.service -sudo systemctl enable cronie.service -printf "Installation complete.\n" + +if [ $EUID != 0 ] +then + printf "This script needs to be run as root.\n" + exit 1 +fi + +function install_arch_manjaro(){ + cp kernelcheck /usr/local/sbin/kernelcheck + cp notify_all /usr/local/sbin/notify_all + if ! hash crontab &>/dev/null + then + printf "Installing cronie command scheduler..\n" + pacman -S --noconfirm cronie &>/dev/null + fi + if hash systemctl &>/dev/null + then + if [ $(systemctl is-active cronie) == inactive ] + then + printf "Enabling cronie command scheduler..\n" + systemctl start cronie.service &>/dev/null + systemctl enable cronie.service &>/dev/null + fi + else + printf "You don't seem to be using systemd.. Please enable cronie manually.\n" + fi + if ! grep -Fxq "@hourly /usr/local/sbin/kernelcheck" /var/spool/cron/root 2>/dev/null + then + printf "Installing hourly service in crontab..\n" + (crontab -l 2>/dev/null; echo "@hourly /usr/local/sbin/kernelcheck" ) | crontab - + elif grep -Fxq "@hourly /usr/local/sbin/kernelcheck" /var/spool/cron/root + then + printf "Crontab entry found. Skipping..\n" + fi + printf "Installation complete.\n" +} + +if [ -f /etc/manjaro-release ] +then + printf "Installing for Manjaro Linux...\n" + install_arch_manjaro +elif [ -f /etc/arch-release ] +then + printf "Installing for Arch Linux...\n" + install_arch_manjaro +fi diff --git a/kernelcheck b/kernelcheck index 9d89d5b..f955812 100755 --- a/kernelcheck +++ b/kernelcheck @@ -54,20 +54,23 @@ then make modules_install &>/dev/null cp arch/$(uname -m)/boot/bzImage /boot/vmlinuz-$latest mkinitcpio -k $latest -g /boot/initramfs-$latest.img &>/dev/null - if [ "$(echo $(uname -r) | sed 's/ARCH//')" != "$(uname -r)" ] - then - /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Arch distribution kernel.." --icon=dialog-information - pacman -R --noconfirm linux - elif [ "$(echo $(uname -r) | sed 's/MANJARO//')" != "$(uname -r)" ] - then - /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Manjaro distribution kernel.." --icon=dialog-information - pacman -R --noconfirm linux - else + ## Uncomment this code block only if you really know what you are doing!! + ## It removes the Arch / Manjaro distribution kernel, and should only be done if you know how to recover from chroot! + + # if [ "$(echo $(uname -r) | sed 's/ARCH//')" != "$(uname -r)" ] + # then + # /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Arch distribution kernel.." --icon=dialog-information + # pacman -R --noconfirm linux + # elif [ "$(echo $(uname -r) | sed 's/MANJARO//')" != "$(uname -r)" ] + # then + # /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Manjaro distribution kernel.." --icon=dialog-information + # pacman -R --noconfirm linux + # else /usr/local/sbin/notify_all "Kernel update tracker" "Removing the current kernel.." --icon=dialog-information rm -f /boot/initramfs-$current.img rm -f /boot/vmlinuz-$current rm -rf /usr/lib/modules/$current - fi + # fi grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null /usr/local/sbin/notify_all "Kernel update tracker" "New kernel installed\!" --icon=dialog-information elif [[ "$latest" == "$current" ]] && [[ ! -z $latest ]] From d61238cd0bde34ecb2820ba12ee35b85689adb0d Mon Sep 17 00:00:00 2001 From: toloveru Date: Sat, 8 Apr 2017 17:58:34 +0200 Subject: [PATCH 2/5] Added support for generic Linux --- README.md | 2 +- install | 34 +++++++++++++++++++++++++++++++++- kernelcheck | 34 ++++++++++++++++++---------------- 3 files changed, 52 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 54621c2..d3a4f68 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ IMPORTANT: this tool is still to be considered a development / pre-alpha release * Verify the kernel signature * Compile and install the kernel * Nofity the users about what is going on (tested only on Xfce). -* Remove a distribution kernel if present (currently only on Arch and Manjaro). +* Remove a distribution kernel if present (disabled by default). ### Installation 1. Clone and navigate to the repository, then run `./install` diff --git a/install b/install index 4c8ad19..7e643ff 100755 --- a/install +++ b/install @@ -35,7 +35,35 @@ function install_arch_manjaro(){ fi printf "Installation complete.\n" } - +function install_generic(){ + cp kernelcheck /usr/local/sbin/kernelcheck + cp notify_all /usr/local/sbin/notify_all + if ! hash crontab &>/dev/null + then + printf "This tool depends on cron to schedule kernel checks. Exiting..\n" + exit 1 + fi + if hash systemctl &>/dev/null + then + if [ $(systemctl is-active cronie) == inactive ] + then + printf "Enabling cronie command scheduler..\n" + systemctl start cronie.service &>/dev/null + systemctl enable cronie.service &>/dev/null + fi + else + printf "You don't seem to be using systemd.. Please enable cronie manually.\n" + fi + if ! grep -Fxq "@hourly /usr/local/sbin/kernelcheck" /var/spool/cron/root 2>/dev/null + then + printf "Installing hourly service in crontab..\n" + (crontab -l 2>/dev/null; echo "@hourly /usr/local/sbin/kernelcheck" ) | crontab - + elif grep -Fxq "@hourly /usr/local/sbin/kernelcheck" /var/spool/cron/root + then + printf "Crontab entry found. Skipping..\n" + fi + printf "Installation complete.\n" +} if [ -f /etc/manjaro-release ] then printf "Installing for Manjaro Linux...\n" @@ -44,4 +72,8 @@ elif [ -f /etc/arch-release ] then printf "Installing for Arch Linux...\n" install_arch_manjaro +elif [ $(uname) == Linux ] +then + printf "Distribution not yet supported.\nInstalling for generic Linux..\n" + install_generic fi diff --git a/kernelcheck b/kernelcheck index f955812..5a15544 100755 --- a/kernelcheck +++ b/kernelcheck @@ -54,23 +54,25 @@ then make modules_install &>/dev/null cp arch/$(uname -m)/boot/bzImage /boot/vmlinuz-$latest mkinitcpio -k $latest -g /boot/initramfs-$latest.img &>/dev/null - ## Uncomment this code block only if you really know what you are doing!! + function remove_distr_kernel(){ + if [ "$(echo $(uname -r) | sed 's/ARCH//')" != "$(uname -r)" ] + then + /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Arch distribution kernel.." --icon=dialog-information + pacman -R --noconfirm linux + elif [ "$(echo $(uname -r) | sed 's/MANJARO//')" != "$(uname -r)" ] + then + /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Manjaro distribution kernel.." --icon=dialog-information + pacman -R --noconfirm linux + else + /usr/local/sbin/notify_all "Kernel update tracker" "Removing the current kernel.." --icon=dialog-information + rm -f /boot/initramfs-$current.img + rm -f /boot/vmlinuz-$current + rm -rf /usr/lib/modules/$current + fi + } + ## Uncomment this function only if you really know what you are doing!! ## It removes the Arch / Manjaro distribution kernel, and should only be done if you know how to recover from chroot! - - # if [ "$(echo $(uname -r) | sed 's/ARCH//')" != "$(uname -r)" ] - # then - # /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Arch distribution kernel.." --icon=dialog-information - # pacman -R --noconfirm linux - # elif [ "$(echo $(uname -r) | sed 's/MANJARO//')" != "$(uname -r)" ] - # then - # /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Manjaro distribution kernel.." --icon=dialog-information - # pacman -R --noconfirm linux - # else - /usr/local/sbin/notify_all "Kernel update tracker" "Removing the current kernel.." --icon=dialog-information - rm -f /boot/initramfs-$current.img - rm -f /boot/vmlinuz-$current - rm -rf /usr/lib/modules/$current - # fi + # remove_distr_kernel grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null /usr/local/sbin/notify_all "Kernel update tracker" "New kernel installed\!" --icon=dialog-information elif [[ "$latest" == "$current" ]] && [[ ! -z $latest ]] From 8181c9be009695a349e4042df4935c45c609b5e1 Mon Sep 17 00:00:00 2001 From: toloveru Date: Sat, 8 Apr 2017 18:02:07 +0200 Subject: [PATCH 3/5] Updated development stage --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d3a4f68..77aa117 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ ### Introduction Ever thought of compiling a custom kernel, but held back because of the need for manual tracking, compilation and installation? Well, I say no more. This tool can do it for you. -IMPORTANT: this tool is still to be considered a development / pre-alpha release. Use it only in the appropriate testing environments, unless you really know what you are doing. +IMPORTANT: this tool has currently reached the alpha stage. It will likely work as expected on testing systems by now, but you should still be cautious on production systems. ### What does it do? * Periodically check for updates on kernel.org From 94a0fd38bbd87695c56dab0d129c65ced5e7df0f Mon Sep 17 00:00:00 2001 From: toloveru Date: Sat, 8 Apr 2017 18:25:11 +0200 Subject: [PATCH 4/5] Fixed error in kernelcheck program flow --- kernelcheck | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/kernelcheck b/kernelcheck index 5a15544..3dc8016 100755 --- a/kernelcheck +++ b/kernelcheck @@ -63,16 +63,15 @@ then then /usr/local/sbin/notify_all "Kernel update tracker" "Removing the Manjaro distribution kernel.." --icon=dialog-information pacman -R --noconfirm linux - else - /usr/local/sbin/notify_all "Kernel update tracker" "Removing the current kernel.." --icon=dialog-information - rm -f /boot/initramfs-$current.img - rm -f /boot/vmlinuz-$current - rm -rf /usr/lib/modules/$current fi } ## Uncomment this function only if you really know what you are doing!! ## It removes the Arch / Manjaro distribution kernel, and should only be done if you know how to recover from chroot! # remove_distr_kernel + /usr/local/sbin/notify_all "Kernel update tracker" "Removing the current kernel.." --icon=dialog-information + rm -f /boot/initramfs-$current.img + rm -f /boot/vmlinuz-$current + rm -rf /usr/lib/modules/$current grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null /usr/local/sbin/notify_all "Kernel update tracker" "New kernel installed\!" --icon=dialog-information elif [[ "$latest" == "$current" ]] && [[ ! -z $latest ]] From 1d70a6f072f6848edf4c006336f5523e9baccbce Mon Sep 17 00:00:00 2001 From: toloveru Date: Sat, 8 Apr 2017 22:54:24 +0200 Subject: [PATCH 5/5] Licensing The single most boring part of coding... --- README.md | 2 +- install | 2 ++ kernelcheck | 2 ++ notify_all | 3 +++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 77aa117..f4277cd 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ So, in a nutshell: In a non-interactive script, it's much easier to run priveleged by default and drop priveleges as needed, instead of requiring authentication every time. If you know of a fully non-interactive way of achieving on-the-fly enhanced priveleges though, feel free to open a pull request. ### I want to use this code in my own projects. What should I be aware of? -If you wish to redistribute, share or otherwise modify the material provided in this project, aside from the license, the following rules also apply and when conflicting with the license supersede it: +If you wish to redistribute, share or otherwise modify the material provided in this project, aside from the license, the following rules also apply and when conflicting with the license override it: * You must use it for non-commercial purposes only. * Attribution to this project (my name and a link to this repository) are required. * In disputes, the previous Creative Commons license is invalid. diff --git a/install b/install index 7e643ff..f05e3de 100755 --- a/install +++ b/install @@ -1,5 +1,7 @@ #!/bin/sh +# Copyright 2017 Michael De Roover + if [ $EUID != 0 ] then printf "This script needs to be run as root.\n" diff --git a/kernelcheck b/kernelcheck index 3dc8016..d3bde66 100755 --- a/kernelcheck +++ b/kernelcheck @@ -1,5 +1,7 @@ #!/bin/sh +# Copyright 2017 Michael De Roover + # Variables latest="$(wget -qO - 'https://kernel.org' | sed -n '/stable:/{n;p;}' | sed 's.[a-z]\|<\|>\|/\|[[:space:]]..g')" current="$(uname -r)" diff --git a/notify_all b/notify_all index b44e355..f2e83be 100755 --- a/notify_all +++ b/notify_all @@ -1,4 +1,7 @@ #!/bin/sh + +# I (Michael De Roover) do not own this code. Many thanks to Stack Exchange user Andy (http://unix.stackexchange.com/users/187608/andy) for submitting it on http://unix.stackexchange.com/a/307097. + PATH=/usr/bin XUSERS=($(who|egrep "\(:[0-9](\.[0-9])*\)"|awk '{print $1$5}'|sort -u))