msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 32s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 47s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-24 18:28:35 +02:00
parent e9681e87c5
commit 0a2d983c7d
64 changed files with 525 additions and 1423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
ciss_debian_installer.sh
View File

@@ -13,20 +13,15 @@
### Contributions so far see ./docs/CREDITS.md
### WHY BASH?
# Ease of installation.
# No compiling or installing gems, CPAN modules, pip packages, etc.
# Simple to use and read. Clear syntax and straightforward output interpretation.
# Built-in power.
# Pattern matching, line processing, and regular expression support are available natively,
# no external binaries required.
# Cross-platform consistency.
# '/bin/bash' is the default shell on most Linux distributions, ensuring scripts run unmodified across systems.
# macOS compatibility.
# Since macOS Catalina (10.15), the default login shell has been zsh, but bash remains available at '/bin/bash'.
# Windows support.
# You can use bash via WSL, MSYS2, or Cygwin on Windows systems.
# Ease of installation. No compiling or installing gems, CPAN modules, pip packages, etc. Simple to use and read. Clear syntax
# and straightforward output interpretation. Built-in power. Pattern matching, line processing, and regular expression support
# are available natively, no external binaries required. Cross-platform consistency. '/bin/bash' is the default shell on most
# Linux distributions, ensuring scripts run unmodified across systems. macOS compatibility. Since macOS Catalina (10.15), the
# default login shell has been zsh, but bash remains available at '/bin/bash'. Windows support. You can use bash via WSL, MSYS2,
# or Cygwin on Windows systems.
### PRELIMINARY CHECKS
# shellcheck disable=2292
[ -z "${BASH_VERSINFO[0]}" ] && {
. ./meta_loader_early.sh
printf "%s❌ Please make sure you are using 'bash'! Bye... %s%s" "${RED}" "${RES}" "${NL}" >&2
@@ -39,6 +34,7 @@
exit "${ERR_USER_IS_NOT_ROOT}"
}
# shellcheck disable=2312
[[ $(kill -l | grep -c SIG) -eq 0 ]] && {
. ./meta_loader_early.sh
printf "%s❌ Please make sure you are calling the script without leading 'sh'! Bye... %s%s" "${RED}" "${RES}" "${NL}" >&2
@@ -60,17 +56,25 @@
[[ ${#} -eq 0 ]] && {
. ./lib/0000_usage.sh; usage >&2; exit 1; }
### SOURCING MUST SET EARLY VARIABLES
### SOURCING MUST SET EARLY VARIABLES. SOURCING GUARD_SOURCING()
. ./var/early.var.sh
. ./lib/0010_guard_sourcing.sh
### CHECK FOR CONTACT, HELP, AND VERSION STRING
for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/0001_contact.sh; contact; exit 0;; esac; done
for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/0000_usage.sh; usage; exit 0;; esac; done
for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/0002_version.sh; version; exit 0;; esac; done
### ALL CHECKS DONE. READY TO START THE SCRIPT. SOURCING GUARD_SOURCING()
### PRE SCAN FOR DEBUG MODE
. ./lib/0050_debug_pre_scan.sh
pre_scan_debug "$@"
### SOURCING BASH OPTIONS
. ./var/bash.var.sh
umask 0022
### ALL CHECKS DONE. READY TO START THE SCRIPT.
declare -grx VAR_SETUP="true"
. ./lib/0010_guard_sourcing.sh
### CHECK FOR AUTO INSTALL MODE
for arg in "$@"; do case "${arg,,}" in -a|--autoinstall) declare -gx VAR_AUTO_INSTALL="true";; esac; done; unset arg
@@ -81,32 +85,28 @@ for arg in "$@"; do case "${arg,,}" in -a|--autoinstall) declare -gx VAR_AUTO_IN
check_pkgs
check_git
### PRE SCAN FOR DEBUG MODE
. ./lib/0050_debug_pre_scan.sh
pre_scan_debug "$@"
### ADVISORY LOCK
exec 127>/var/lock/ciss_debian_installer.lock || {
. ./meta_loader_early.sh
printf "%s❌ Cannot open lockfile for writing! Bye... %s%s" "${RED}" "${RES}" "${NL}" >&2
exit "${ERR_FLOCK_PROTECTED}"
}
if ! flock -x -n 127; then
. ./meta_loader_early.sh
printf "%s❌ Another instance is running! Bye...%s%s" "${RED}" "${RES}" "${NL}" >&2
exit "${ERR_FLOCK_COLLISION}"
fi
### SOURCING
[[ "${VAR_SETUP}" == "true" ]] && {
### SOURCING BASH OPTIONS
. ./var/bash.var.sh
### SOURCING FUNCTIONS, LIBRARIES, VARIABLES
if [[ "${VAR_SETUP}" == "true" ]]; then
### SOURCING FUNCTIONS
. ./meta_loader_func.sh
### SOURCING LIBRARIES
. ./meta_loader_lib.sh
### SOURCING VARIABLES
. ./meta_loader_var.sh
}
fi
### ACTIVATING TRAPS
trap 'trap_exit "$?"' EXIT
@@ -116,82 +116,90 @@ trap 'trap_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BA
### PREPARING DIRECTORIES AND FILES
gen_dir_files
### INTERACTIVE MODE NOTES AND KERNEL SELECTION
# TODO: Update 0110_check_kernel.sh & sourcing
# TODO: Update 0120_check_provider.sh & sourcing
#if ! "${VAR_AUTO_INSTALL}"; then check_provider; fi
#if ! "${VAR_AUTO_INSTALL}"; then check_kernel; fi
# TODO: Implement Debian Style Gauge Bar as Alternative Dialog Wrapper
### Dialog Output for Initialization START
if ! "${VAR_AUTO_INSTALL}"; then . ./lib/0200_dialog_helper.sh && dialog_box; fi
### Dialog Output for Initialization
if ! "${VAR_AUTO_INSTALL}"; then . ./lib/0200_dialog_helper.sh && dialog_gauge; fi
### Updating Status of Dialog Gauge Bar
if ! $VAR_AUTO_INSTALL; then printf "XXX\nAdditional initialization ... \nXXX\n25\n" >&3; fi
### Initialization
declare -gr ARGUMENTS_COUNT="$#"
declare -gr ARG_STR_ORG_INPUT="$*"
#declare -ar ARG_ARY_ORG_INPUT=("$@")
# shellcheck disable=SC2155
declare -grx SCRIPT_FULLPATH="$(readlink -f "${BASH_SOURCE[0]:-$0}")"
# shellcheck disable=SC2155
declare -grx SCRIPT_BASEPATH="$(dirname "${SCRIPT_FULLPATH}")"
# shellcheck disable=SC2155
declare -grx VAR_WORKDIR="$(dirname "${SCRIPT_FULLPATH}")"
### Updating Status of Dialog Gauge Bar
if ! $VAR_AUTO_INSTALL; then printf "XXX\nSourcing Libraries ... \nXXX\n50\n" >&3; fi
# TODO Update temp File Cleaner on trap on ERR / EXIT
### Updating Status of Dialog Gauge Bar
if ! $VAR_AUTO_INSTALL; then printf "XXX\nActivate traps ... \nXXX\n55\n" >&3; fi
### Following the CISS Bash naming and ordering scheme
### Updating Status of Dialog Gauge Bar
if ! $VAR_AUTO_INSTALL; then printf "XXX\nSanitizing Arguments ... \nXXX\n70\n" >&3; fi
arg_check "$@"
declare -ar ARY_ARG_SANITIZED=("$@")
declare -gr VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}"
declare -grx VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}"
### Updating Status of Dialog Gauge Bar
if ! $VAR_AUTO_INSTALL; then printf "XXX\nParsing Arguments ... \nXXX\n90\n" >&3; fi
arg_parser "$@"
### Updating Status of Dialog Gauge Bar
if ! $VAR_AUTO_INSTALL; then printf "XXX\nFinal checks ... \nXXX\n95\n" >&3; fi
clean_ip
### Updating Status of Dialog Gauge Bar
if ! $VAR_AUTO_INSTALL; then printf "XXX\nInitialization completed ... \nXXX\n100\n" >&3; sleep 1; fi
if ! $VAR_AUTO_INSTALL; then dialog_gauge_cleaner; fi
### MAIN Program
### MAIN PROGRAM SEQUENCE
arg_priority_check
check_stats
if ! $VAR_AUTO_INSTALL; then check_provider; fi
if ! $VAR_AUTO_INSTALL; then check_kernel; fi
check_hooks
hardening_ssh
lb_config_start
lb_config_write
cd "${VAR_WORKDIR}"
hardening_ultra
hardening_root_pw
change_splash
check_dhcp
cdi
provider_netcup
yaml_parser
yaml_reader
### Start the build process
set +o errtrace
lb_build_start
# TODO: Implement / Activate IP, Port validation
# 1222_validation_preseed.sh 1221_validation_ip.sh
# validation_preseed
### PARTITIONING
partitioning
partition_encryption
partition_formatting
setup_filesystem
mount_partition
uuid_logger
### DEBOOTSTRAP
func_debootstrap
configure_system
generate_fstab
generate_crypttab
generate_sources
minimal_toolset
setup_skel
setup_timezone
setup_locales
# TODO: Implement Clang Build Chain and MOK Signing Workflow
installation_kernel
setup_network
setup_hostname
setup_machineid
# TODO: Implement Clang Build Chain and MOK Signing Workflow and integrate GRUB, if needed
setup_grub
setup_grub_password
setup_grub_bootparameter
setup_kernel_modules
setup_kernel_sysctl
installation_microcode
setup_ssh
build_dropbear
install_dropbear_initramfs
# TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock-wrapper.sh
setup_dropbear
# TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml
setup_accounts
# TODO: Check Packages for installation
setup_packages
# TODO: What do we need for CISS environment?
setup_sudo
# TODO: Any changes to the NTPSec Servers?
setup_chrony
exiting_chroot
# TODO: Hardening Scripts Integration
# TODO: SSH 2fa integration
# TODO: Recovery Partition Integration
# TODO: Grub Boot Menu Update for Recovery Integration
# TODO: update-grub Post Hook
# TODO: Copying Log Files to final System
# TODO: Integrate CISS.debian.installer calling arguments and preseed.yaml into CISS.debian.live.builder build chain?
# TODO: Reboot function for Autoinstall
### Dialog Output for Initialization END
if ! "${VAR_AUTO_INSTALL}"; then . ./lib/0200_dialog_helper.sh && dialog_box_cleaner; fi
declare -gx VAR_SCRIPT_SUCCESS="true"
set -o errtrace
run_analysis
copy_db
declare -g VAR_SCRIPT_SUCCESS=true
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh