msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-09-28 12:33:50 +01:00
parent d41780a9d0
commit 1568839fa7
10 changed files with 788 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
ciss_debian_installer.sh
View File

@@ -452,6 +452,30 @@ if [[ "${VAR_RECOVERY}" == "true" ]]; then
info_echo "5040_setup_timezone.sh" info_echo "5040_setup_timezone.sh"
setup_timezone_reco setup_timezone_reco
info_echo "5050_setup_locales.sh"
setup_locales_reco
info_echo "5105_generate_sources_822.sh"
generate_sources822_reco
info_echo "5110_update_sources.sh"
update_sources_reco
info_echo "5120_installation_kernel.sh"
installation_kernel_reco
info_echo "5121_installation_initramfs.sh"
installation_initramfs_reco
info_echo "5130_installation_toolset.sh"
installation_toolset_reco
info_echo "5131_installation_systemd.sh"
installation_systemd_reco
info_echo "5132_installation_machineid.sh"
installation_machineid_reco
info_echo "5999_exiting_chroot_recovery.sh" info_echo "5999_exiting_chroot_recovery.sh"
exiting_chroot_recovery exiting_chroot_recovery

138
func/cdi_5000_recovery/5050_setup_locales.sh Normal file
View File

@@ -0,0 +1,138 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Set locale, locale overrides and configure keyboard layout.
# Globals:
# ARY_LOCALE
# RECOVERY
# VAR_ARCHITECTURE
# VAR_CODENAME
# VAR_VERSION
# locale_country
# locale_keyboard_xkb_keymap
# locale_language
# locale_override_address
# locale_override_collate
# locale_override_ctype
# locale_override_measurement
# locale_override_messages
# locale_override_monetary
# locale_override_name
# locale_override_numeric
# locale_override_paper
# locale_override_telephone
# locale_override_time
# Arguments:
# None
# Returns:
# 0: on success
#######################################
setup_locales_reco() {
### Declare Arrays, HashMaps, and Variables.
declare var_locale_hook="/root/.ciss/cdi/hooks/4050_setup_locales.hooks.sh"
### Give priority to '${locale_locale}' over separately configured variables '${locale_country}' and '${locale_language}'.
### If 'locale_locale' is not set, build it from 'locale_language' and 'locale_country'.
if [[ -n "${locale_language:-}" && -n "${locale_country:-}" && -z "${ARY_LOCALE[0]:-}" ]]; then
ARY_LOCALE+="${locale_language}_${locale_country}.UTF-8"
fi
### Creat Hook in target.
cat << EOF >| "${RECOVERY}${var_locale_hook}"
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
set -Ceuo pipefail
declare -a ary_locale=()
declare -r locale_0=${ARY_LOCALE[0]:-en_US.UTF-8}
declare -r locale_1=${ARY_LOCALE[1]:-}
declare loc=""
EOF
cat << 'EOF' >> "${RECOVERY}${var_locale_hook}"
ary_locale+=( "${locale_0}" )
[[ -n "${locale_1}" ]] && ary_locale+=( "${locale_1}" )
for loc in "${ary_locale[@]}"; do
if ! grep -qx "${loc} UTF-8" /etc/locale.gen; then
sed -i "s/^# ${loc} UTF-8/${loc} UTF-8/" /etc/locale.gen || echo "${loc} UTF-8" >> /etc/locale.gen
fi
done
locale-gen --purge "${ary_locale[@]}"
for loc in "${ary_locale[@]}"; do
locale_check=$(echo "${loc}" | sed 's/UTF-8/utf8/')
if ! locale -a | grep -qx "${locale_check}"; then
echo "Locale '${loc}' has not been generated successfully." >&2
exit 1
fi
done
EOF
cat << EOF >> "${RECOVERY}${var_locale_hook}"
update-locale \
LANG=${ARY_LOCALE[0]} \
LC_ADDRESS=${locale_override_address:-${ARY_LOCALE[0]}} \
LC_COLLATE=${locale_override_collate:-${ARY_LOCALE[0]}} \
LC_CTYPE=${locale_override_ctype:-${ARY_LOCALE[0]}} \
LC_MEASUREMENT=${locale_override_measurement:-${ARY_LOCALE[0]}} \
LC_MESSAGES=${locale_override_messages:-${ARY_LOCALE[0]}} \
LC_MONETARY=${locale_override_monetary:-${ARY_LOCALE[0]}} \
LC_NAME=${locale_override_name:-${ARY_LOCALE[0]}} \
LC_NUMERIC=${locale_override_numeric:-${ARY_LOCALE[0]}} \
LC_PAPER=${locale_override_paper:-${ARY_LOCALE[0]}} \
LC_TELEPHONE=${locale_override_telephone:-${ARY_LOCALE[0]}} \
LC_TIME=${locale_override_time:-${ARY_LOCALE[0]}} \
LC_IDENTIFICATION=${ARY_LOCALE[0]}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF
chmod 0700 "${RECOVERY}${var_locale_hook}"
chroot_script "${RECOVERY}" "${var_locale_hook}"
### Set the keyboard layout for the system (for consoles).
insert_header "${RECOVERY}/etc/default/keyboard"
insert_comments "${RECOVERY}/etc/default/keyboard"
cat << EOF >> "${RECOVERY}/etc/default/keyboard"
# KEYBOARD CONFIGURATION FILE
# Consult the keyboard(5) manual page.
XKBMODEL="pc105"
XKBLAYOUT="${locale_keyboard_xkb_keymap}"
XKBVARIANT=""
XKBOPTIONS=""
BACKSPACE="guess"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
chmod 0644 "${RECOVERY}/etc/default/keyboard"
do_log "info" "file_only" "4050() Keyboard layout updated: 'XKBLAYOUT=${locale_keyboard_xkb_keymap}' -> '${RECOVERY}/etc/default/keyboard'."
guard_dir && return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

185
func/cdi_5000_recovery/5105_generate_sources_822.sh Normal file
View File

@@ -0,0 +1,185 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Generate target '/etc/apt/sources.list.d/' deb.822 entries.
# Globals:
# RECOVERY
# apt_contrib
# apt_deb_sources
# apt_mirror_directory
# apt_mirror_hostname
# apt_mirror_protocol
# apt_non_free
# apt_non_free_firmware
# apt_sec
# apt_updates_backports
# apt_updates_release
# apt_updates_security
# architecture
# distribution
# Arguments:
# None
# Returns:
# 0: on success
#######################################
generate_sources822_reco() {
### Declare Arrays, HashMaps, and Variables.
declare -a ary_components=() ary_types=()
declare var_arch="" var_codename="" var_deb_src="" var_dir="" var_hostname="" var_hostsecure="" var_url="" var_surl=""
# shellcheck disable=SC2154 # "${architecture}"
var_arch="${architecture,,}"
# shellcheck disable=SC2154 # "${distribution}"
var_codename="${distribution,,}"
# shellcheck disable=SC2154 # "${apt_deb_sources}"
var_deb_src="${apt_deb_sources,,}"
# shellcheck disable=SC2154 # "${apt_mirror_directory}"
var_dir="${apt_mirror_directory,,}"
# shellcheck disable=SC2154 # "${apt_mirror_hostname}"
var_hostname="${apt_mirror_hostname,,}"
# shellcheck disable=SC2154 # "${apt_sec}"
var_hostsecure="${apt_sec,,}"
ary_components=( "main" )
[[ "${apt_contrib,,}" == "true" ]] && ary_components+=( "contrib" )
[[ "${apt_non_free,,}" == "true" ]] && ary_components+=( "non-free" )
[[ "${apt_non_free_firmware,,}" == "true" ]] && ary_components+=( "non-free-firmware" )
ary_types=( "deb" )
[[ "${apt_deb_sources,,}" == "true" ]] && ary_types+=( "deb-src" )
if [[ "${apt_mirror_protocol,,}" == "https" ]]; then
var_url="https://${var_hostname}${var_dir}"
var_surl="https://${var_hostsecure}/debian-security"
elif [[ "${apt_mirror_protocol,,}" == "http" ]]; then
var_url="http://${var_hostname}${var_dir}"
var_surl="http://${var_hostsecure}/debian-security"
else
var_url="https://${var_hostname}${var_dir}"
var_surl="https://${var_hostsecure}/debian-security"
fi
### Main Repository
insert_header "${RECOVERY}/etc/apt/sources.list.d/trixie.sources"
insert_comments "${RECOVERY}/etc/apt/sources.list.d/trixie.sources"
cat << EOF >> "${RECOVERY}/etc/apt/sources.list.d/trixie.sources"
#------------------------------------------------------------------------------------------------------------------------------#
# OFFICIAL DEBIAN REPOS #
#------------------------------------------------------------------------------------------------------------------------------#
Types: ${ary_types[*]}
URIs: ${var_url}
Suites: ${var_codename}
Components: ${ary_components[*]}
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
### Security Repository
if [[ "${apt_updates_security,,}" == "true" ]]; then
insert_header "${RECOVERY}/etc/apt/sources.list.d/trixie-security.sources"
insert_comments "${RECOVERY}/etc/apt/sources.list.d/trixie-security.sources"
cat << EOF >> "${RECOVERY}/etc/apt/sources.list.d/trixie-security.sources"
#------------------------------------------------------------------------------------------------------------------------------#
# OFFICIAL DEBIAN REPOS #
#------------------------------------------------------------------------------------------------------------------------------#
Types: ${ary_types[*]}
URIs: ${var_surl}
Suites: ${var_codename}-security
Components: ${ary_components[*]}
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
fi
### Updates Repository
if [[ "${apt_updates_release,,}" == "true" ]]; then
insert_header "${RECOVERY}/etc/apt/sources.list.d/trixie-updates.sources"
insert_comments "${RECOVERY}/etc/apt/sources.list.d/trixie-updates.sources"
cat << EOF >> "${RECOVERY}/etc/apt/sources.list.d/trixie-updates.sources"
#------------------------------------------------------------------------------------------------------------------------------#
# OFFICIAL DEBIAN REPOS #
#------------------------------------------------------------------------------------------------------------------------------#
Types: ${ary_types[*]}
URIs: ${var_url}
Suites: ${var_codename}-updates
Components: ${ary_components[*]}
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
fi
### Backports Repository
if [[ "${apt_updates_backports,,}" == "true" ]]; then
insert_header "${RECOVERY}/etc/apt/sources.list.d/trixie-backports.sources"
insert_comments "${RECOVERY}/etc/apt/sources.list.d/trixie-backports.sources"
cat << EOF >> "${RECOVERY}/etc/apt/sources.list.d/trixie-backports.sources"
#------------------------------------------------------------------------------------------------------------------------------#
# OFFICIAL DEBIAN REPOS #
#------------------------------------------------------------------------------------------------------------------------------#
Types: ${ary_types[*]}
URIs: ${var_url}
Suites: ${var_codename}-backports
Components: ${ary_components[*]}
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
fi
if [[ -f "${RECOVERY}/etc/apt/sources.list" ]]; then
rm -f "${RECOVERY}/etc/apt/sources.list"
fi
insert_header "${RECOVERY}/etc/apt/apt.conf.d/90-no-pdiffs"
insert_comments "${RECOVERY}/etc/apt/apt.conf.d/90-no-pdiffs"
cat << 'EOF' >> "${RECOVERY}/etc/apt/apt.conf.d/90-no-pdiffs"
Acquire::PDiffs "false";
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
sed -i -E 's|^([[:space:]]*)#+|\1//|' "${RECOVERY}/etc/apt/apt.conf.d/90-no-pdiffs"
insert_header "${RECOVERY}/etc/apt/apt.conf.d/91-acquire"
insert_comments "${RECOVERY}/etc/apt/apt.conf.d/91-acquire"
cat << 'EOF' >> "${RECOVERY}/etc/apt/apt.conf.d/91-acquire"
Acquire::Retries "3";
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
sed -i -E 's|^([[:space:]]*)#+|\1//|' "${RECOVERY}/etc/apt/apt.conf.d/91-acquire"
guard_dir && return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

74
func/cdi_5000_recovery/5110_update_sources.sh Normal file
View File

@@ -0,0 +1,74 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Update generated sources.
# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
# to suppress the 'update-initramfs'-Kernel-Hooks, according to the initramfs-tools manpage:
# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
# Globals:
# RECOVERY
# apt_updates_policy
# Arguments:
# None
# Returns:
# 0: on success
#######################################
update_sources_reco() {
### Declare Arrays, HashMaps, and Variables.
declare -r var_logfile="/root/.ciss/cdi/log/5110_update_sources.log"
chroot_logger "${RECOVERY}${var_logfile}"
### Update generated sources.
# shellcheck disable=SC2312
chroot_script "${RECOVERY}" "apt-get update 2>&1 | tee -a ${var_logfile}; echo ExitCode: \$? >> ${var_logfile}"
do_log "info" "file_only" "5110() Sources lists: updated successfully."
### Update unattended, security, or no unattended updates at all.
if [[ "${apt_updates_policy,,}" == "unattended" ]]; then
chroot_script "${RECOVERY}" "
export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
echo ExitCode: \$? >> ${var_logfile}
"
do_log "info" "file_only" "5110() The update policy was set at installation time to: '${apt_updates_policy}'."
elif [[ "${apt_updates_policy,,}" == "security" ]]; then
chroot_script "${RECOVERY}" "
export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
echo ExitCode: \$? >> ${var_logfile}
"
# shellcheck disable=SC2016
sed -i 's/^[[:space:]]*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${RECOVERY}/etc/apt/apt.conf.d/50unattended-upgrades"
do_log "info" "file_only" "5110() The update policy was set at installation time to: '${apt_updates_policy}'."
elif [[ "${apt_updates_policy,,}" == "none" ]]; then
do_log "info" "file_only" "5110() The update policy was set at installation time to: '${apt_updates_policy}'."
else
do_log "warning" "file_only" "5110() Update policy '${apt_updates_policy}': is not supported. Using 'none' as default."
fi
guard_dir && return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

62
func/cdi_5000_recovery/5120_installation_kernel.sh Normal file
View File

@@ -0,0 +1,62 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Installation of the specified kernel.
# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
# to suppress the 'update-initramfs'-Kernel-Hooks, according to the initramfs-tools manpage:
# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
# Globals:
# RECOVERY
# VAR_KERNEL
# image
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_kernel_reco() {
### Declare Arrays, HashMaps, and Variables.
declare -r var_logfile="/root/.ciss/cdi/log/5120_installation_kernel.log"
chroot_logger "${RECOVERY}${var_logfile}"
if [[ -n "${VAR_KERNEL}" ]]; then
chroot_script "${RECOVERY}" '
export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests '"${VAR_KERNEL}"' initramfs-tools 2>&1 | tee -a '"${var_logfile}"'
echo ExitCode: $? >> '"${var_logfile}"'
'
do_log "info" "file_only" "5120() Kernel image: '${VAR_KERNEL}' installed successfully."
guard_dir && return 0
else
chroot_script "${RECOVERY}" "
export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${image} initramfs-tools 2>&1 | tee -a ${var_logfile}
echo ExitCode: \$? >> ${var_logfile}
"
do_log "info" "file_only" "5120() Kernel image: '${image}' installed successfully."
guard_dir && return 0
fi
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

99
func/cdi_5000_recovery/5121_installation_initramfs.sh Normal file
View File

@@ -0,0 +1,99 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Installation of 'initramfs'-environment.
# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
# to suppress the 'update-initramfs'-Kernel-Hooks, according to the initramfs-tools manpage:
# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
# Globals:
# RECOVERY
# VAR_ROOT_FS
# VAR_SETUP_PATH
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_initramfs_reco() {
### Declare Arrays, HashMaps, and Variables.
declare var_modules="" var_whereiam=""
# shellcheck disable=SC2312
if [[ -x "$(command -v virt-what)" ]]; then
var_whereiam=$(virt-what | head -n1)
else
var_whereiam=$(grep -iE 'kvm|vmware|qemu' /sys/class/dmi/id/product_name 2>/dev/null || echo "baremetal")
fi
mkdir -p "${RECOVERY}/etc/initramfs-tools/files"
### Install the script that will be called by 'update-initramfs' to install the necessary modules for the initramfs environment.
install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/modules" \
"${RECOVERY}/etc/initramfs-tools/"
insert_comments "${RECOVERY}/etc/initramfs-tools/modules"
var_modules=$(grep_nic_driver_modules)
cat << EOF >> "${RECOVERY}/etc/initramfs-tools/modules"
### Custom NIC driver:
${var_modules}
EOF
if [[ "${var_whereiam}" =~ ^(kvm|vmware|qemu)$ ]]; then
cat << EOF >> "${RECOVERY}/etc/initramfs-tools/modules"
### QEMU Bochs-compatible virtual machine support:
bochs
### Virtio support:
virtio_pci
virtio_blk
virtio_scsi
virtio_console
virtio_rng
EOF
fi
printf "%s\n" '# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf' >> "${RECOVERY}/etc/initramfs-tools/modules"
### MODULES: [ most | netboot | dep | list ]
## 'most' - Add most filesystem and all hard-drive drivers.
## 'dep' - Try and guess the modules to load.
insert_header "${RECOVERY}/etc/initramfs-tools/conf.d/driver-policy"
insert_comments "${RECOVERY}/etc/initramfs-tools/conf.d/driver-policy"
cat << EOF >> "${RECOVERY}/etc/initramfs-tools/conf.d/driver-policy"
# Driver inclusion policy selected during installation.
# Note: This setting overrides the value set in the file '/etc/initramfs-tools/initramfs.conf'.
MODULES=dep
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF
insert_header "${RECOVERY}/etc/initramfs-tools/conf.d/fsroot"
insert_comments "${RECOVERY}/etc/initramfs-tools/conf.d/fsroot"
cat << EOF >> "${RECOVERY}/etc/initramfs-tools/conf.d/fsroot"
FSTYPE=${VAR_ROOT_FS}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF
guard_dir && return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

106
func/cdi_5000_recovery/5130_installation_toolset.sh Normal file
View File

@@ -0,0 +1,106 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Check and set up the minimum required tools for the next installation steps.
# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
# to suppress the 'update-initramfs'-Kernel-Hooks, according to the initramfs-tools manpage:
# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
# Globals:
# RECOVERY
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_toolset_reco() {
### Declare Arrays, HashMaps, and Variables.
# shellcheck disable=SC2154
declare -A hmp_tool_pkg=(
[apt-show-versions]="apt-show-versions"
[bc]="bc"
[dig]="bind9-dnsutils"
[host]="bind9-dnsutils"
[hexdump]="bsdmainutils"
[btrfs]="btrfs-progs"
[bunzip2]="bzip2"
[setupcon]="console-setup"
[curl]="curl"
[dirmngr]="dirmngr"
[dmsetup]="dmsetup"
[fsck.vfat]="dosfstools"
[mkfs.vfat]="dosfstools"
[e2label]="e2fsprogs"
[tune2fs]="e2fsprogs"
[fsck]="e2fsprogs"
[efibootmgr]="efibootmgr"
[file]="file"
[awk]="gawk"
[gdisk]="gdisk"
[gnupg]="gnupg"
[haveged]="haveged"
[update-initramfs]="initramfs-tools"
[jq]="jq"
[loadkeys]="kbd"
[setfont]="kbd"
[keyctl]="keyutils"
[libpam-pwquality]="libpam-pwquality"
[lsb_release]="lsb-release"
[parted]="parted"
[lspci]="pciutils"
[pwgen]="pwgen"
[sudo]="sudo"
[tree]="tree"
[unzip]="unzip"
[lsusb]="usbutils"
[xxd]="vim-common"
[wget]="wget"
[whois]="whois"
[zsh]="zsh"
)
declare -a ary_missing_pkgs=() ary_unique_pkgs=()
declare -r var_logfile="/root/.ciss/cdi/log/5130_installation_toolset.log"
declare var_bin=""
chroot_logger "${RECOVERY}${var_logfile}"
### Collecting missing binaries.
for var_bin in "${!hmp_tool_pkg[@]}"; do
if ! chroot_script "${RECOVERY}" "command -v ${var_bin} >/dev/null" "debug"; then
ary_missing_pkgs+=("${hmp_tool_pkg[${var_bin}]}")
fi
done
do_log "debug" "file_only" "5130() [ary_missing_pkgs]='${ary_missing_pkgs[*]}'."
### Installing unique list of packages.
if ((${#ary_missing_pkgs[@]})); then
# shellcheck disable=SC2312
mapfile -t ary_unique_pkgs < <(printf '%s\n' "${ary_missing_pkgs[@]}" | sort -u)
do_log "debug" "file_only" "5130() [ary_unique_pkgs]='${ary_unique_pkgs[*]}'."
chroot_script "${RECOVERY}" "
export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
echo ExitCode: \$? >> ${var_logfile}
"
fi
guard_dir && return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

54
func/cdi_5000_recovery/5131_installation_systemd.sh Normal file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Ensure systemd is in place.
# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
# to suppress the 'update-initramfs'-Kernel-Hooks, according to the initramfs-tools manpage:
# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
# Globals:
# RECOVERY
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_systemd_reco() {
### Declare Arrays, HashMaps, and Variables.
declare -r var_logfile="/root/.ciss/cdi/log/5131_installation_systemd.log"
chroot_logger "${RECOVERY}${var_logfile}"
if ! chroot_script "${RECOVERY}" "type -P systemctl >/dev/null"; then
do_log "info" "file_only" "5131() 'systemctl' NOT found, installing 'systemd' and dependencies."
chroot_script "${RECOVERY}" "
export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
echo ExitCode: \$? >> ${var_logfile}
"
else
do_log "info" "file_only" "5131() 'systemctl' found, skipping installation."
fi
chroot_script "${RECOVERY}" "
systemctl --version 2>&1 | tee -a ${var_logfile} | grep -qi 'systemd' || echo '[WARN]: systemd not verifiable' >> ${var_logfile}
"
guard_dir && return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

38
func/cdi_5000_recovery/5132_installation_machineid.sh Normal file
View File

@@ -0,0 +1,38 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Generate machine-id if missing.
# Globals:
# RECOVERY
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_machineid_reco() {
if ! chroot_script "${RECOVERY}" "[[ -s /etc/machine-id ]]"; then
do_log "info" "file_only" "5132() Generating /etc/machine-id via systemd-machine-id-setup."
chroot_exec "${RECOVERY}" systemd-machine-id-setup
else
do_log "info" "file_only" "5132() Existing 'machine-id' found, no action needed."
fi
guard_dir && return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

9
meta_loader_func.sh
View File

@@ -119,7 +119,14 @@ source_guard "./func/cdi_5000_recovery/5020_remove_x509.sh"
source_guard "./func/cdi_5000_recovery/5030_setup_hostname.sh" source_guard "./func/cdi_5000_recovery/5030_setup_hostname.sh"
source_guard "./func/cdi_5000_recovery/5035_setup_resolv.sh" source_guard "./func/cdi_5000_recovery/5035_setup_resolv.sh"
source_guard "./func/cdi_5000_recovery/5040_setup_timezone.sh" source_guard "./func/cdi_5000_recovery/5040_setup_timezone.sh"
source_guard "./func/cdi_5000_recovery/5050_setup_locales.sh"
source_guard "./func/cdi_5000_recovery/5105_generate_sources_822.sh"
source_guard "./func/cdi_5000_recovery/5110_update_sources.sh"
source_guard "./func/cdi_5000_recovery/5120_installation_kernel.sh"
source_guard "./func/cdi_5000_recovery/5121_installation_initramfs.sh"
source_guard "./func/cdi_5000_recovery/5130_installation_toolset.sh"
source_guard "./func/cdi_5000_recovery/5131_installation_systemd.sh"
source_guard "./func/cdi_5000_recovery/5132_installation_machineid.sh"
source_guard "./func/cdi_5000_recovery/5999_exiting_chroot_recovery.sh" source_guard "./func/cdi_5000_recovery/5999_exiting_chroot_recovery.sh"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh