add warning to patched boards and detect the host arch

ading2210 · ading2210 · commit cde32d3b2e37 · 2024-08-20T11:08:40.000-07:00
diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml
@@ -26,7 +26,10 @@ jobs:
         uses: actions/checkout@v4
       
       - name: run build
-        run: sudo DEBUG=1 ./build_complete.sh ${{ matrix.board }} compress_img=1 quiet=1
+        run: |
+          sudo apt-get update
+          sudo apt-get upgrade -y
+          sudo DEBUG=1 ./build_complete.sh ${{ matrix.board }} compress_img=1 quiet=1
 
       - name: upload img
         uses: actions/upload-artifact@v4
diff --git a/README.md b/README.md
@@ -165,6 +165,15 @@ Any writes to the squashfs will persist, but they will not be compressed when sa
 
 On the regular XFCE4 image, this brings the rootfs size down to 1.2GB from 3.5GB.
 
+#### I can't connect to some wifi networks.
+You may have to run these commands in order to connect to certain networks:
+```
+$ nmcli connection edit <your connection name>
+> set 802-11-wireless-security.pmf disable
+> save
+> activate
+```
+
 ## Copyright:
 Shimboot is licensed under the [GNU GPL v3](https://www.gnu.org/licenses/gpl-3.0.txt). Unless otherwise indicated, all code has been written by me, [ading2210](https://github.com/ading2210).
 
diff --git a/build_complete.sh b/build_complete.sh
@@ -31,23 +31,38 @@ data_dir="${args['data_dir']}"
 arch="${args['arch']-amd64}"
 release="${args['release']-bookworm}"
 
+#a list of all arm board names
 arm_boards="
   corsola hana jacuzzi kukui strongbad nyan-big kevin bob
   veyron-speedy veyron-jerry veyron-minnie scarlet elm
   kukui peach-pi peach-pit stumpy daisy-spring
 "
-if grep -q "$board" <<< "$arm_boards"; then
+#a list of shims that have a patch for the sh1mmer vulnerability
+bad_boards="reef sand snappy pyro"
+if grep -q "$board" <<< "$arm_boards" > /dev/null; then
   print_info "automatically detected arm64 device name"
   arch="arm64"
 fi
+if grep -q "$board" <<< "$bad_boards" > /dev/null; then
+  print_error "Warning: you are attempting to build Shimboot for a board which has a shim that includes a fix for the sh1mmer vulnerability. The resulting image will not boot if you are enrolled."
+  read -p "Press [enter] to continue "
+fi
+
+kernel_arch="$(uname -m)"
+host_arch="unknown"
+if [ "$kernel_arch" = "x86_64" ]; then
+  host_arch="amd64"
+elif [ "$kernel_arch" = "aarch64" ]; then
+  host_arch="arm64"
+fi
 
 needed_deps="wget python3 unzip zip git debootstrap cpio binwalk pcregrep cgpt mkfs.ext4 mkfs.ext2 fdisk depmod findmnt lz4 pv"
 if [ "$(check_deps "$needed_deps")" ]; then
   #install deps automatically on debian and ubuntu
   if [ -f "/etc/debian_version" ]; then
     print_title "attempting to install build deps"
-    apt-get install wget python3-all unzip zip debootstrap cpio binwalk pcregrep cgpt kmod pv lz4 -y
-    if [ "$arch" = "arm64" ]; then
+    apt-get install wget python3 unzip zip debootstrap cpio binwalk pcregrep cgpt kmod pv lz4 -y
+    if [ "$arch" != "$host_arch" ]; then
       apt-get install qemu-user-static binfmt-support -y
     fi
   fi
