V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-06 19:23:16 +02:00
parent b7a8e7174b
commit 03c63b8b87
25 changed files with 449 additions and 221 deletions
--- a/func/cdi_4100_base/4110_update_sources.sh
+++ b/func/cdi_4100_base/4110_update_sources.sh
@@ -14,8 +14,10 @@ guard_sourcing

 #######################################
 # Update generated sources.
+# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
+# to suppress the 'update-initramfs'-Kernel-Hooks according to the initramfs-tools manpage:
+# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
 # Globals:
-#   DIR_LOG
 #   TARGET
 #   apt_updates_policy
 # Arguments:
@@ -35,11 +37,11 @@ update_sources() {
  do_log "info" "file_only" "4110() Sources lists: updated successfully."


-  ### Update unattended, security or no unattended updates at all.
+  ### Update unattended, security, or no unattended updates at all.
  if [[ "${apt_updates_policy,,}" == "unattended" ]]; then

    do_in_target_script "${TARGET}" "
-      apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
+      export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
      echo ExitCode: \$? >> ${var_logfile}
    "
    do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'."
@@ -47,7 +49,7 @@ update_sources() {
  elif [[ "${apt_updates_policy,,}" == "security" ]]; then

    do_in_target_script "${TARGET}" "
-      apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
+      export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
      echo ExitCode: \$? >> ${var_logfile}
    "

--- a/func/cdi_4100_base/4120_installation_kernel.sh
+++ b/func/cdi_4100_base/4120_installation_kernel.sh
@@ -14,9 +14,12 @@ guard_sourcing

 #######################################
 # Installation of the specified kernel.
+# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
+# to suppress the 'update-initramfs'-Kernel-Hooks according to the initramfs-tools manpage:
+# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
 # Globals:
-#   DIR_LOG
 #   TARGET
+#   VAR_KERNEL
 #   image
 # Arguments:
 #   None
@@ -32,7 +35,7 @@ installation_kernel() {
  if [[ -n "${VAR_KERNEL}" ]]; then

    do_in_target_script "${TARGET}" '
-      apt-get install -y -o DPkg::Options::="--no-triggers" --no-install-recommends --no-install-suggests '"${VAR_KERNEL}"' initramfs-tools 2>&1 | tee -a '"${var_logfile}"'
+      export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests '"${VAR_KERNEL}"' initramfs-tools 2>&1 | tee -a '"${var_logfile}"'
      echo ExitCode: $? >> '"${var_logfile}"'
    '

@@ -43,7 +46,7 @@ installation_kernel() {
  else

    do_in_target_script "${TARGET}" "
-      apt-get install -y --no-install-recommends --no-install-suggests ${image} 2>&1 | tee -a ${var_logfile}
+      export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests ${image} initramfs-tools 2>&1 | tee -a ${var_logfile}
      echo ExitCode: \$? >> ${var_logfile}
    "

--- a/func/cdi_4100_base/4130_installation_toolset.sh
+++ b/func/cdi_4100_base/4130_installation_toolset.sh
@@ -14,8 +14,10 @@ guard_sourcing

 #######################################
 # Check and set up the minimum required tools for the next installation steps.
+# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
+# to suppress the 'update-initramfs'-Kernel-Hooks according to the initramfs-tools manpage:
+# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
 # Globals:
-#   DIR_LOG
 #   TARGET
 # Arguments:
 #   None
@@ -118,7 +120,7 @@ installation_toolset() {
    do_log "debug" "file_only" "4130() [ary_unique_pkgs]='${ary_unique_pkgs[*]}'."

    do_in_target_script "${TARGET}" "
-      apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
+      export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
      echo ExitCode: \$? >> ${var_logfile}
    "

--- a/func/cdi_4100_base/4131_installation_systemd.sh
+++ b/func/cdi_4100_base/4131_installation_systemd.sh
@@ -14,8 +14,10 @@ guard_sourcing

 #######################################
 # Ensure systemd is in place.
+# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
+# to suppress the 'update-initramfs'-Kernel-Hooks according to the initramfs-tools manpage:
+# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
 # Globals:
-#   DIR_LOG
 #   TARGET
 # Arguments:
 #   None
@@ -32,8 +34,7 @@ installation_systemd() {
    do_log "info" "file_only" "4131() 'systemctl' NOT found, installing 'systemd' and dependencies."

    do_in_target_script "${TARGET}" "
-      apt-get update 2>&1 | tee -a ${var_logfile}
-      apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
+      export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
      echo ExitCode: \$? >> ${var_logfile}
    "

--- a/func/cdi_4100_base/4140_installation_microcode.sh
+++ b/func/cdi_4100_base/4140_installation_microcode.sh
@@ -14,6 +14,9 @@ guard_sourcing

 #######################################
 # Install microcode updates depending on architecture (amd64, arm64, intel64) and environment (Baremetal, VM).
+# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
+# to suppress the 'update-initramfs'-Kernel-Hooks according to the initramfs-tools manpage:
+# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
 # Globals:
 #   TARGET
 # Arguments:
@@ -52,14 +55,14 @@ installation_microcode() {
    if ! do_in_target_script "${TARGET}" "dpkg -s ${var_microcode_pkgs} >/dev/null 2>&1"; then

      do_in_target_script "${TARGET}" "
-        apt-get install -y --no-install-recommends --no-install-suggests ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
+        export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
        echo ExitCode: \$? >> ${var_logfile}
      "

    else

      do_in_target_script "${TARGET}" "
-        apt-get install -y --no-install-recommends --no-install-suggests --only-upgrade ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
+        export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests --only-upgrade ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
        echo ExitCode: \$? >> ${var_logfile}
      "

--- a/func/cdi_4100_base/4150_installation_chrony.sh
+++ b/func/cdi_4100_base/4150_installation_chrony.sh
@@ -14,6 +14,9 @@ guard_sourcing

 #######################################
 # Setup chrony NTPSec client.
+# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
+# to suppress the 'update-initramfs'-Kernel-Hooks according to the initramfs-tools manpage:
+# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
 # Globals:
 #   ARY_NTPSRVR
 #   DIR_BAK
@@ -44,7 +47,7 @@ installation_chrony() {
  mkdir -p "${TARGET}/var/log/chrony"

  do_in_target_script "${TARGET}" "
-    apt-get install -y --no-install-recommends --no-install-suggests chrony 2>&1 | tee -a ${var_logfile}
+    export INITRD=No apt-get install -y --no-install-recommends --no-install-suggests chrony 2>&1 | tee -a ${var_logfile}
    echo ExitCode: \$? >> ${var_logfile}
  "

@@ -58,6 +61,9 @@ installation_chrony() {
  mv "${TARGET}/etc/chrony/chrony.conf" "${DIR_BAK}/etc/chrony/chrony.conf.bak"

  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/chrony/chrony.cnf" "${TARGET}/etc/chrony/chrony.conf"
+
+  insert_chrony_comments "${TARGET}/etc/chrony/chrony.conf"
+
  cat "${var_of}" >> "${TARGET}/etc/chrony/chrony.conf"

  do_log "debug" "file_only" "4150() Executing: [do_in_target_script ${TARGET} chronyd -Q -f /etc/chrony/chrony.conf]."
@@ -72,4 +78,27 @@ installation_chrony() {

  return 0
 }
+
+#######################################
+# Helper to insert the Metadata field into '/etc/chrony/chrony.conf'.
+# Globals:
+#   VAR_ARCHITECTURE
+#   VAR_CODENAME
+#   VAR_VERSION
+# Arguments:
+#   1: /etc/chrony/chrony.conf
+# Returns:
+#   0: on success
+#######################################
+insert_chrony_comments() {
+  declare file="${1}"
+  sed -i '/^# SPDX-Security-Contact: security@coresecret\.eu$/a\
+# /etc/chrony/conf.d    : Generated by CISS.debian.installer '"${VAR_VERSION}"'\
+\
+# Architecture          : '"${VAR_ARCHITECTURE}"'\
+\
+# Distribution          : '"${VAR_CODENAME}"'
+' "${file}"
+  return 0
+}
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh