#!/usr/bin/env bash # shellcheck disable=SC1117 # Ubuntu Kernel PPA info ppa_host="kernel.ubuntu.com" ppa_index="/~kernel-ppa/mainline/" ppa_key="17C622B0" # Machine-Owner-Key for Secure Boot sign_kernel=0 mokKey="/var/lib/shim-signed/mok/MOK-Kernel.priv" mokCert="/var/lib/shim-signed/mok/MOK-Kernel.pem" self_update_url="https://raw.githubusercontent.com/pimlie/ubuntu-mainline-kernel.sh/master/ubuntu-mainline-kernel.sh" # If quiet=1 then no log messages are printed (except errors) quiet=0 # If check_signature=0 then the signature of the CHECKSUMS file will not be checked check_signature=1 # If check_checksum=0 then the checksums of the .deb files will not be checked check_checksum=1 # If doublecheckversion=1 then also check the version specific ppa page to make # sure the kernel build was successful doublecheckversion=1 # Connect over http or https to ppa (only https works) use_https=1 # Path to sudo command, empty by default sudo="" #sudo=$(command -v sudo) # Uncomment this line if you dont want to sudo yourself # Path to wget command wget=$(command -v wget) ##### ## Below are internal variables of which most can be toggled by command options ## DON'T CHANGE THESE MANUALLY ##### # (internal) If cleanup_files=1 then before exiting all downloaded/temporaryfiles # are removed cleanup_files=1 # (internal) If do_install=0 downloaded deb files will not be installed do_install=1 # (internal) If use_lowlatency=1 then the lowlatency kernel will be installed use_lowlatency=0 # (internal) If use_lpae=1 then the lpae kernel will be installed use_lpae=0 # (internal) If use_snapdragon=1 then the snapdragon kernel will be installed use_snapdragon=0 # (internal) If use_rc=1 then release candidate kernel versions are also checked use_rc=0 # (internal) If assume_yes=1 assume yes on all prompts assume_yes=0 # (internal) How many files we expect to retrieve from the ppa # checksum, signature, header-all, header-arch, image(-unsigned), modules expected_files_count=6 # (internal) Which action/command the script should run run_action="help" # (internal) The workdir where eg the .deb files are downloaded workdir="/tmp/$(basename "$0")/" # (internal) The stdio where all detail output should be sent debug_target="/dev/null" # (internal) Holds all version numbers of locally installed ppa kernels LOCAL_VERSIONS=() # (internal) Holds all version numbers of available ppa kernels REMOTE_VERSIONS=() # (internal) The architecture of the local system arch=$(dpkg --print-architecture) # (internal) The text to search for to check if the build was successfully # NOTE: New succeed text since v5.6.18 build_succeeded_text="(Build for ${arch} succeeded|Test ${arch}/build succeeded)" # (internal) The pid of the child process which checks download progress monitor_pid=0 # (internal) The size of the file which is being downloaded download_size=0 action_data=() ##### ## Check if we are running on an Ubuntu-like OS ##### # shellcheck disable=SC1091,SC2015 [ -f "/etc/os-release" ] && { source /etc/os-release [[ "$ID" == "ubuntu" ]] || [[ "$ID_LIKE" =~ "ubuntu" ]] } || { OS=$(lsb_release -si 2>&-) [[ "$OS" == "Ubuntu" ]] || [[ "$OS" == "LinuxMint" ]] || [[ "$OS" == "neon" ]] || { echo "Abort, this script is only intended for Ubuntu-like distros" exit 2 } } ##### ## helper functions ##### single_action () { [ "$run_action" != "help" ] && { err "Abort, only one argument can be supplied. See -h" exit 2 } } log () { [ $quiet -eq 0 ] && echo "$@" } logn () { [ $quiet -eq 0 ] && echo -n "$@" } warn () { [ $quiet -eq 0 ] && echo "$@" >&2 } err () { echo "$@" >&2 } ##### ## Simple command options parser ##### while (( "$#" )); do argarg_required=0 case $1 in -c|--check) single_action run_action="check" ;; -l|--local-list) single_action run_action="local-list" argarg_required=1 ;; -r|--remote-list) single_action run_action="remote-list" argarg_required=1 ;; -i|--install) single_action run_action="install" argarg_required=1 ;; -u|--uninstall) single_action run_action="uninstall" argarg_required=1 ;; -p|--path) if [ -z "$2" ] || [ "${2##-}" != "$2" ]; then err "Option $1 requires an argument." exit 2 else workdir="$(realpath "$2")/" shift if [ ! -d "$workdir" ]; then mkdir -p "$workdir"; fi if [ ! -d "$workdir" ] || [ ! -w "$workdir" ]; then err "$workdir is not writable" exit 1 fi cleanup_files=0 fi ;; -ll|--lowlatency|--low-latency) [[ "$arch" != "amd64" ]] && [[ "$arch" != "i386" ]] && { err "Low-latency kernels are only available for amd64 or i386 architectures" exit 3 } use_lowlatency=1 ;; -lpae|--lpae) [[ "$arch" != "armhf" ]] && { err "Large Physical Address Extension (LPAE) kernels are only available for the armhf architecture" exit 3 } use_lpae=1 ;; --snapdragon) [[ "$arch" != "arm64" ]] && { err "Snapdragon kernels are only available for the arm64 architecture" exit 3 } use_snapdragon=1 ;; --rc) use_rc=1 ;; -s|--signed) log "The option '--signed' is not yet implemented" ;; --yes) assume_yes=1 ;; -q|--quiet) [ "$debug_target" == "/dev/null" ] && { quiet=1; } ;; -do|--download-only) do_install=0 cleanup_files=0 ;; -ns|--no-signature) check_signature=0 ;; -nc|--no-checksum) check_checksum=0 ;; -d|--debug) debug_target="/dev/stderr" quiet=0 ;; --update) run_action="update" ;; -h|--help) run_action="help" ;; *) run_action="help" err "Unknown argument $1" ;; esac if [ $argarg_required -eq 1 ]; then [ -n "$2" ] && [ "${2##-}" == "$2" ] && { action_data+=("$2") shift } elif [ $argarg_required -eq 2 ]; then # shellcheck disable=SC2015 [ -n "$2" ] && [ "${2##-}" == "$2" ] && { action_data+=("$2") shift } || { err "Option $1 requires an argument" exit 2 } fi shift done ##### ## internal functions ##### containsElement () { local e for e in "${@:2}"; do [[ "$e" == "$1" ]] || [[ "$e" =~ $1- ]] && return 0; done return 1 } download () { host=$1 uri=$2 if [ $use_https -eq 1 ]; then $wget -q --save-headers --output-document - "https://$host$uri" else exec 3<>/dev/tcp/"$host"/80 echo -e "GET $uri HTTP/1.0\r\nHost: $host\r\nConnection: close\r\n\r\n" >&3 cat <&3 fi } monitor_progress () { local msg=$1 local file=$2 download_size=-1 printf "%s: " "$msg" (while :; do for c in / - \\ \|; do [[ -f "$file" ]] && { # shellcheck disable=SC2015 [[ $download_size -le 0 ]] && { download_size=$(($(head -n20 "$file" | grep -aoi -E "Content-Length: [0-9]+" | cut -d" " -f2) + 0)) printf ' %d%% %s' 0 "$c" printf '\b%.0s' {1..5} } || { filesize=$(( $(du -b "$file" | cut -f1) + 0)) progress="$((200*filesize/download_size % 2 + 100*filesize/download_size))" printf ' %s%% %s' "$progress" "$c" length=$((4 + ${#progress})) printf '\b%.0s' $(seq 1 $length) } } sleep 1 done; done) & monitor_pid=$! } end_monitor_progress () { { kill $monitor_pid && wait $monitor_pid; printf '100%% \n'; } 2>/dev/null } remove_http_headers () { file="$1" nr=0 while(true); do nr=$((nr + 1)) line=$(head -n$nr "$file" | tail -n 1) if [ -z "$(echo "$line" | tr -cd '\r\n')" ]; then tail -n +$nr "$file" > "${file}.tmp" mv "${file}.tmp" "${file}" break fi [ $nr -gt 100 ] && { err "Abort, could not remove http headers from file" exit 3 } done } load_local_versions() { local version if [ ${#LOCAL_VERSIONS[@]} -eq 0 ]; then IFS=$'\n' for pckg in $(dpkg -l linux-image-* | cut -d " " -f 3 | sort -V); do # only match kernels from ppa if [[ "$pckg" =~ linux-image-[0-9]+\.[0-9]+\.[0-9]+-[0-9]{6} ]]; then version="v"$(echo "$pckg" | cut -d"-" -f 3,4) LOCAL_VERSIONS+=("$version") fi done unset IFS fi } latest_local_version() { load_local_versions 1 if [ ${#LOCAL_VERSIONS[@]} -gt 0 ]; then local sorted mapfile -t sorted < <(echo "${LOCAL_VERSIONS[*]}" | tr ' ' '\n' | sort -t"." -k1V,3) lv="${sorted[${#sorted[@]}-1]}" echo "${lv/-[0-9][0-9][0-9][0-9][0-9][0-9]rc/-rc}" else echo "none" fi } remote_html_cache="" parse_remote_versions() { local line while read -r line; do if [[ $line =~ DIR.*href=\"(v[[:digit:]]+\.[[:digit:]]+(\.[[:digit:]]+)?)(-(rc[[:digit:]]+))?/\" ]]; then line="${BASH_REMATCH[1]}" if [[ -z "${BASH_REMATCH[2]}" ]]; then line="$line.0" fi # temporarily substitute rc suffix join character for correct version sort if [[ -n "${BASH_REMATCH[3]}" ]]; then line="$line~${BASH_REMATCH[4]}" fi echo "$line" fi done <<<"$remote_html_cache" } load_remote_versions () { local line [[ -n "$2" ]] && { REMOTE_VERSIONS=() } if [ ${#REMOTE_VERSIONS[@]} -eq 0 ]; then if [ -z "$remote_html_cache" ]; then [ -z "$1" ] && logn "Downloading index from $ppa_host" remote_html_cache=$(download $ppa_host $ppa_index) [ -z "$1" ] && log fi if [ -n "$remote_html_cache" ]; then IFS=$'\n' while read -r line; do # reinstate original rc suffix join character if [[ $line =~ ^([^~]+)~([^~]+)$ ]]; then [[ $use_rc -eq 0 ]] && continue line="${BASH_REMATCH[1]}-${BASH_REMATCH[2]}" fi [[ -n "$2" ]] && [[ ! "$line" =~ $2 ]] && continue REMOTE_VERSIONS+=("$line") done < <(parse_remote_versions | sort -V) unset IFS fi fi } latest_remote_version () { load_remote_versions 1 "$1" if [ ${#REMOTE_VERSIONS[@]} -gt 0 ]; then echo "${REMOTE_VERSIONS[${#REMOTE_VERSIONS[@]}-1]}" else echo "" fi } check_environment () { if [ $use_https -eq 1 ] && [ -z "$wget" ]; then err "Abort, wget not found. Please apt install wget" exit 3 fi } guard_run_as_root () { if [ "$(id -u)" -ne 0 ]; then echo "The '$run_action' command requires root privileges" exit 2 fi } # execute requested action case $run_action in help) echo "Usage: $0 -c|-l|-r|-u Download & install the latest kernel available from $ppa_host$ppa_uri Arguments: -c Check if a newer kernel version is available -i [VERSION] Install kernel VERSION, see -l for list. You don't have to prefix with v. E.g. -i 4.9 is the same as -i v4.9. If version is omitted the latest available version will be installed -l [SEARCH] List locally installed kernel versions. If an argument to this option is supplied it will search for that -r [SEARCH] List available kernel versions. If an argument to this option is supplied it will search for that -u [VERSION] Uninstall the specified kernel version. If version is omitted, a list of max 10 installed kernel versions is displayed --update Update this script by redownloading it from github -h Show this message Optional: -s, --signed Only install signed kernel packages (not implemented) -p, --path DIR The working directory, .deb files will be downloaded into this folder. If omitted, the folder /tmp/$(basename "$0")/ is used. Path is relative from \$PWD -ll, --low-latency Use the low-latency version of the kernel, only for amd64 & i386 -lpae, --lpae Use the Large Physical Address Extension kernel, only for armhf --snapdragon Use the Snapdragon kernel, only for arm64 -do, --download-only Only download the deb files, do not install them -ns, --no-signature Do not check the gpg signature of the checksums file -nc, --no-checksum Do not check the sha checksums of the .deb files -d, --debug Show debug information, all internal command's echo their output --rc Also include release candidates --yes Assume yes on all questions (use with caution!) " exit 2 ;; update) check_environment self="$(readlink -f "$0")" $wget -q -O "$self.tmp" "$self_update_url" if [ ! -s "$self.tmp" ]; then rm "$self.tmp" err "Update failed, downloaded file is empty" exit 1 else mv "$self.tmp" "$self" echo "Script updated" fi ;; check) check_environment logn "Finding latest version available on $ppa_host" latest_version=$(latest_remote_version) log ": $latest_version" if [ -z "$latest_version" ]; then err "Could not find latest version" exit 1 fi logn "Finding latest installed version" installed_version=$(latest_local_version) installed_version=${installed_version%-*} log ": $installed_version" # Check if build was successful if [ $doublecheckversion -gt 0 ]; then ppa_uri=$ppa_index${latest_version%\.0}"/" ppa_uri=${ppa_uri/\.0-rc/-rc} index=$(download $ppa_host "$ppa_uri") if [[ ! $index =~ $build_succeeded_text ]]; then log "A newer kernel version ($latest_version) was found but the build was not successful" [ -n "$DISPLAY" ] && [ -x "$(command -v notify-send)" ] && notify-send --icon=info -t 12000 \ "Kernel $latest_version available" \ "A newer kernel version ($latest_version) is\navailable but the build was not successful" exit 1 fi fi # Check installed minor branch latest_minor_text="" latest_minor_notify="" latest_minor_version="" if [ -n "${installed_version}" ] && [ "${installed_version}" != "none" ] && [ "${latest_version%.*}" != "${installed_version%.*}" ]; then latest_minor_version=$(latest_remote_version "${installed_version%.*}") if [ "$installed_version" != "$latest_minor_version" ]; then latest_minor_text=", latest in current branch is ${latest_minor_version}" latest_minor_notify="Version ${latest_minor_version} is available in the current ${installed_version%.*} branch\n\n" fi fi if [ "$installed_version" != "$latest_version" ] && [ "$installed_version" = "$(echo -e "$latest_version\n$installed_version" | sort -V | head -n1)" ]; then log "A newer kernel version ($latest_version) is available${latest_minor_text}" [ -n "$DISPLAY" ] && [ -x "$(command -v notify-send)" ] && notify-send --icon=info -t 12000 \ "Kernel $latest_version available" \ "A newer kernel version ($latest_version) is available\n\n${latest_minor_notify}Run '$(basename "$0") -i' to update\nor visit $ppa_host$ppa_uri" exit 1 fi ;; local-list) load_local_versions # shellcheck disable=SC2015 [[ -n "$(command -v column)" ]] && { column="column -x"; } || { column="cat"; } (for version in "${LOCAL_VERSIONS[@]}"; do if [ -z "${action_data[0]}" ] || [[ "$version" =~ ${action_data[0]} ]]; then echo "$version" fi done) | $column ;; remote-list) check_environment load_remote_versions # shellcheck disable=SC2015 [[ -n "$(command -v column)" ]] && { column="column -x"; } || { column="cat"; } (for version in "${REMOTE_VERSIONS[@]}"; do if [ -z "${action_data[0]}" ] || [[ "$version" =~ ${action_data[0]} ]]; then echo "$version" fi done) | $column ;; install) # only ensure running if the kernel files should be installed [ $do_install -eq 1 ] && guard_run_as_root check_environment load_local_versions if [ -z "${action_data[0]}" ]; then logn "Finding latest version available on $ppa_host" version=$(latest_remote_version) log if [ -z "$version" ]; then err "Could not find latest version" exit 1 fi if containsElement "$version" "${LOCAL_VERSIONS[@]}"; then logn "Latest version is $version but seems its already installed" else logn "Latest version is: $version" fi if [ $do_install -gt 0 ] && [ $assume_yes -eq 0 ];then logn ", continue? (y/N) " [ $quiet -eq 0 ] && read -rsn1 continue log [ "$continue" != "y" ] && [ "$continue" != "Y" ] && { exit 0; } else log fi else load_remote_versions version="" if containsElement "v${action_data[0]#v}" "${REMOTE_VERSIONS[@]}"; then version="v"${action_data[0]#v} fi [[ -z "$version" ]] && { err "Version '${action_data[0]}' not found" exit 2 } shift if [ $do_install -gt 0 ] && containsElement "$version" "${LOCAL_VERSIONS[@]}" && [ $assume_yes -eq 0 ]; then logn "It seems version $version is already installed, continue? (y/N) " [ $quiet -eq 0 ] && read -rsn1 continue log [ "$continue" != "y" ] && [ "$continue" != "Y" ] && { exit 0; } fi fi [ ! -d "$workdir" ] && { mkdir -p "$workdir" 2>/dev/null } [ ! -x "$workdir" ] && { err "$workdir is not writable" exit 1 } cd "$workdir" || exit 1 [ $check_signature -eq 1 ] && [ ! -x "$(command -v gpg)" ] && { check_signature=0 warn "Disable signature check, gpg not available" } [[ $sign_kernel -eq 1 && (! -s "$mokKey" || ! -s "$mokCert") ]] && { err "Could not find machine owner key" exit 1 } IFS=$'\n' ppa_uri=$ppa_index${version%\.0}"/" ppa_uri=${ppa_uri/\.0-rc/-rc} index=$(download $ppa_host "$ppa_uri") if [[ ! $index =~ $build_succeeded_text ]]; then err "Abort, the ${arch} build has not succeeded" exit 1 fi index=${index%%*