V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 44s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 44s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -101,34 +101,34 @@ source_guard "./var/early.var.sh"
|
||||
source_guard "./lib/0004_color_echo.sh"
|
||||
|
||||
### ALL CHECKS DONE. READY TO START THE SCRIPT.
|
||||
color_echo "${CYA}" "ALL CHECKS DONE. READY TO START THE SCRIPT."
|
||||
color_echo "${CYA}" "ALL CHECKS DONE. READY TO START THE SCRIPT ..."
|
||||
declare -grx VAR_SETUP="true"
|
||||
umask 0022
|
||||
|
||||
### SOURCING FUNCTIONS, LIBRARIES, VARIABLES.
|
||||
if [[ "${VAR_SETUP}" == "true" ]]; then
|
||||
### SOURCING VARIABLES
|
||||
color_echo "${CYA}" "SOURCING VARIABLES."
|
||||
color_echo "${CYA}" "SOURCING VARIABLES ..."
|
||||
. ./meta_loader_var.sh
|
||||
### SOURCING FUNCTIONS
|
||||
color_echo "${CYA}" "SOURCING FUNCTIONS."
|
||||
color_echo "${CYA}" "SOURCING FUNCTIONS ..."
|
||||
. ./meta_loader_func.sh
|
||||
### SOURCING LIBRARIES
|
||||
color_echo "${CYA}" "SOURCING LIBRARIES."
|
||||
color_echo "${CYA}" "SOURCING LIBRARIES ..."
|
||||
. ./meta_loader_lib.sh
|
||||
fi
|
||||
|
||||
### PREPARING DIRECTORIES AND FILES.
|
||||
color_echo "${CYA}" "PREPARING DIRECTORIES AND FILES."
|
||||
color_echo "${CYA}" "PREPARING DIRECTORIES AND FILES ..."
|
||||
gen_dir_files
|
||||
|
||||
### CHECKING REQUIRED PACKAGES.
|
||||
color_echo "${CYA}" "CHECKING REQUIRED PACKAGES."
|
||||
color_echo "${CYA}" "CHECKING REQUIRED PACKAGES ..."
|
||||
#check_pkgs
|
||||
check_git
|
||||
|
||||
### ADVISORY LOCK.
|
||||
color_echo "${CYA}" "ADVISORY LOCK."
|
||||
color_echo "${CYA}" "ADVISORY LOCK ..."
|
||||
exec 127>/var/lock/ciss_debian_installer.lock || {
|
||||
printf "%b❌ Cannot open lockfile for writing! Bye... %b%b" "${RED}" "${RES}" "${NL}" >&2
|
||||
exit "${ERR_FLOCK_PROTECTED}"
|
||||
@@ -140,15 +140,15 @@ if ! flock -x -n 127; then
|
||||
fi
|
||||
|
||||
### SCAN FOR DEBUG MODE.
|
||||
color_echo "${CYA}" "SCAN FOR DEBUG MODE."
|
||||
color_echo "${CYA}" "SCAN FOR DEBUG MODE ..."
|
||||
pre_scan_debug "$@"
|
||||
|
||||
### CHECK FOR AUTO INSTALL MODE.
|
||||
color_echo "${CYA}" "CHECK FOR AUTO INSTALL MODE."
|
||||
color_echo "${CYA}" "CHECK FOR AUTO INSTALL MODE ..."
|
||||
for arg in "$@"; do case "${arg,,}" in -a|--autoinstall) declare -gx VAR_AUTO_INSTALL="true";; esac; done; unset arg
|
||||
|
||||
### ACTIVATING TRAPS.
|
||||
color_echo "${CYA}" "ACTIVATING TRAPS."
|
||||
color_echo "${CYA}" "ACTIVATING TRAPS ..."
|
||||
trap 'trap_exit "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' EXIT
|
||||
trap 'trap_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' ERR
|
||||
trap 'trap_int' INT TERM
|
||||
@@ -160,32 +160,32 @@ trap 'trap_int' INT TERM
|
||||
#if ! "${VAR_AUTO_INSTALL}"; then check_kernel; fi
|
||||
|
||||
### Dialog Output for Initialization START.
|
||||
color_echo "${CYA}" "Dialog Output for Initialization START."
|
||||
color_echo "${CYA}" "Dialog Output for Initialization START ..."
|
||||
if ! "${VAR_AUTO_INSTALL}"; then . ./lib/0200_dialog_helper.sh && dialog_box; fi
|
||||
|
||||
### ARGUMENT CHECKS.
|
||||
echo "ARGUMENT CHECKS..."
|
||||
echo "ARGUMENT CHECKS ..."
|
||||
arg_check "$@"
|
||||
declare -ar ARY_ARG_SANITIZED=("$@")
|
||||
declare -grx VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}"
|
||||
|
||||
### ARGUMENT PARSING.
|
||||
echo "ARGUMENT PARSING..."
|
||||
echo "ARGUMENT PARSING ..."
|
||||
arg_parser "$@"
|
||||
|
||||
### PRIORITY UPDATES.
|
||||
echo "PRIORITY UPDATES..."
|
||||
echo "PRIORITY UPDATES ..."
|
||||
arg_priority_check
|
||||
|
||||
### HASHING PASSWORDS.
|
||||
echo "HASHING PASSWORDS..."
|
||||
echo "HASHING PASSWORDS ..."
|
||||
nuke_passphrase
|
||||
# TODO: Implement loop_pass() for other passwords.
|
||||
|
||||
### MAIN PROGRAM SEQUENCE
|
||||
echo "MAIN PROGRAM SEQUENCE: yaml_parser()"
|
||||
echo "MAIN PROGRAM SEQUENCE: yaml_parser() ..."
|
||||
yaml_parser
|
||||
echo "MAIN PROGRAM SEQUENCE: yaml_reader()"
|
||||
echo "MAIN PROGRAM SEQUENCE: yaml_reader() ..."
|
||||
yaml_reader
|
||||
|
||||
# TODO: Implement / Activate IP, Port validation
|
||||
@@ -193,83 +193,83 @@ yaml_reader
|
||||
# validation_preseed
|
||||
|
||||
### PARTITIONING
|
||||
echo "MAIN PROGRAM SEQUENCE: partitioning()"
|
||||
echo "MAIN PROGRAM SEQUENCE: partitioning() ..."
|
||||
partitioning
|
||||
echo "MAIN PROGRAM SEQUENCE: benchmarking_encryption()"
|
||||
echo "MAIN PROGRAM SEQUENCE: benchmarking_encryption() ..."
|
||||
benchmarking_encryption
|
||||
echo "MAIN PROGRAM SEQUENCE: partition_encryption()"
|
||||
echo "MAIN PROGRAM SEQUENCE: partition_encryption() ..."
|
||||
partition_encryption
|
||||
echo "MAIN PROGRAM SEQUENCE: partition_formatting()"
|
||||
echo "MAIN PROGRAM SEQUENCE: partition_formatting() ..."
|
||||
partition_formatting
|
||||
echo "MAIN PROGRAM SEQUENCE: mount_partition()"
|
||||
echo "MAIN PROGRAM SEQUENCE: mount_partition() ..."
|
||||
mount_partition
|
||||
echo "MAIN PROGRAM SEQUENCE: uuid_logger()"
|
||||
echo "MAIN PROGRAM SEQUENCE: uuid_logger() ..."
|
||||
uuid_logger
|
||||
|
||||
### DEBOOTSTRAP
|
||||
echo "MAIN PROGRAM SEQUENCE: func_debootstrap()"
|
||||
echo "MAIN PROGRAM SEQUENCE: func_debootstrap() ..."
|
||||
func_debootstrap
|
||||
echo "MAIN PROGRAM SEQUENCE: configure_system()"
|
||||
echo "MAIN PROGRAM SEQUENCE: configure_system() ..."
|
||||
configure_system
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_fstab()"
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_fstab() ..."
|
||||
generate_fstab # TODO: Checks ongoing.
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_crypttab()"
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_crypttab() ..."
|
||||
generate_crypttab # TODO: Checks ongoing.
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_sources()"
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_sources() ..."
|
||||
generate_sources
|
||||
echo "MAIN PROGRAM SEQUENCE: minimal_toolset()"
|
||||
echo "MAIN PROGRAM SEQUENCE: minimal_toolset() ..."
|
||||
minimal_toolset
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_skel()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_skel() ..."
|
||||
setup_skel
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_timezone()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_timezone() ..."
|
||||
setup_timezone
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_locales()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_locales() ..."
|
||||
setup_locales
|
||||
# TODO: Implement Clang Build Chain and MOK Signing Workflow
|
||||
echo "MAIN PROGRAM SEQUENCE: installation_kernel()"
|
||||
echo "MAIN PROGRAM SEQUENCE: installation_kernel() ..."
|
||||
installation_kernel
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_network()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_network() ..."
|
||||
setup_network
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_hostname()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_hostname() ..."
|
||||
setup_hostname
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_machineid()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_machineid() ..."
|
||||
setup_machineid
|
||||
# TODO: Implement Clang Build Chain and MOK Signing Workflow and integrate GRUB, if needed
|
||||
# TODO: Copy Grub Boot Loader to default path
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub() ..."
|
||||
setup_grub
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub_password()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub_password() ..."
|
||||
setup_grub_password
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub_bootparameter()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub_bootparameter() ..."
|
||||
setup_grub_bootparameter
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_kernel_modules()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_kernel_modules() ..."
|
||||
setup_kernel_modules
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_kernel_sysctl()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_kernel_sysctl() ..."
|
||||
setup_kernel_sysctl
|
||||
echo "MAIN PROGRAM SEQUENCE: installation_microcode()"
|
||||
echo "MAIN PROGRAM SEQUENCE: installation_microcode() ..."
|
||||
installation_microcode
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_ssh()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_ssh() ..."
|
||||
setup_ssh
|
||||
echo "MAIN PROGRAM SEQUENCE: build_dropbear()"
|
||||
echo "MAIN PROGRAM SEQUENCE: build_dropbear() ..."
|
||||
build_dropbear
|
||||
echo "MAIN PROGRAM SEQUENCE: install_dropbear_initramfs()"
|
||||
echo "MAIN PROGRAM SEQUENCE: install_dropbear_initramfs() ..."
|
||||
install_dropbear_initramfs
|
||||
# TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock-wrapper.sh
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_dropbear()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_dropbear() ..."
|
||||
setup_dropbear
|
||||
# TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_accounts()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_accounts() ..."
|
||||
setup_accounts
|
||||
# TODO: Check Packages for installation
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_packages()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_packages() ..."
|
||||
setup_packages
|
||||
# TODO: What do we need for CISS environment?
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_sudo()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_sudo() ..."
|
||||
setup_sudo
|
||||
# TODO: Any changes to the NTPSec Servers?
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_chrony()"
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_chrony() ..."
|
||||
setup_chrony
|
||||
echo "MAIN PROGRAM SEQUENCE: exiting_chroot()"
|
||||
echo "MAIN PROGRAM SEQUENCE: exiting_chroot() ..."
|
||||
exiting_chroot
|
||||
|
||||
# TODO: Hibernate deactivation
|
||||
|
||||
@@ -254,7 +254,7 @@ partitioning() {
|
||||
return "${ERR_PART_READ}"
|
||||
else
|
||||
HMP_PATH_PARTUUID["${var_mount_path}"]="${var_uuid}"
|
||||
do_log "debug" "file_only" "3200() Stored in HashMap [HMP_PATH_PARTUUID] : '${var_mount_path}' -> '${HMP_PATH_PARTUUID["${var_mount_path}"]}'."
|
||||
do_log "debug" "file_only" "3200() [HMP_PATH_PARTUUID]: '${var_mount_path}' -> '${HMP_PATH_PARTUUID["${var_mount_path}"]}'."
|
||||
fi
|
||||
|
||||
### Gathering information for forthcoming modules 32n0().
|
||||
@@ -280,9 +280,9 @@ partitioning() {
|
||||
if [[ "${var_mount_true}" == "true" ]]; then
|
||||
# shellcheck disable=SC2034
|
||||
ARY_FSTAB_MOUNT_PATHS+=("${var_mount_path}")
|
||||
do_log "debug" "file_only" "3200() Stored in Array [ARY_FSTAB_MOUNT_PATHS] : '${var_mount_path}'."
|
||||
do_log "debug" "file_only" "3200() [ARY_FSTAB_MOUNT_PATHS]: '${var_mount_path}'."
|
||||
HMP_FSTAB_MOUNT_FTYPE["${var_mount_path}"]="${var_fs}"
|
||||
do_log "debug" "file_only" "3200() Stored in HashMap [HMP_FSTAB_MOUNT_FTYPE] : '${var_mount_path}' -> '${HMP_FSTAB_MOUNT_FTYPE["${var_mount_path}"]}'."
|
||||
do_log "debug" "file_only" "3200() [HMP_FSTAB_MOUNT_FTYPE]: '${var_mount_path}' -> '${HMP_FSTAB_MOUNT_FTYPE["${var_mount_path}"]}'."
|
||||
fi
|
||||
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ partition_encryption() {
|
||||
declare -gx VAR_CRYPT_ROOT="" # LUKS UUID of '/'.
|
||||
declare -gx VAR_CRYPT_RECOVERY="" # LUKS UUID of '/recovery'.
|
||||
|
||||
declare var_encryption_path="" var_dev_part="" \
|
||||
declare var_encryption_path="" var_dev_part="" var_dev="" \
|
||||
var_encryption_ephemeral="" var_encryption_integrity="" var_encryption_cipher="" var_encryption_hash="" \
|
||||
var_encryption_key="" var_encryption_label="" var_encryption_meta="" var_encryption_slot="" \
|
||||
var_encryption_pbkdf="" var_encryption_rng="" var_filesystem_label="" var_mount_path="" var_uuid="" var_fs=""
|
||||
@@ -63,6 +63,7 @@ partition_encryption() {
|
||||
|
||||
### Generates physical device location.
|
||||
var_dev_part="${HMP_PATH_DEV_PART["${var_encryption_path}"]}"
|
||||
var_dev="${var_dev_part//./}"
|
||||
|
||||
### Extract parameters from YAML.
|
||||
var_encryption_ephemeral=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.encryption.ephemeral" "${VAR_SETUP_PART}")
|
||||
@@ -118,10 +119,10 @@ partition_encryption() {
|
||||
|
||||
var_filesystem_label=$(get_label "${var_encryption_path}" "${var_fs}" "file")
|
||||
|
||||
mkfs.ext4 -L "${var_filesystem_label}" "/dev/${var_dev_part}" 1M
|
||||
do_log "info" "file_only" "3220() Ephemeral: '${var_encryption_path}' prepared on: '/dev/${var_dev_part}'."
|
||||
mkfs.ext4 -L "${var_filesystem_label}" "/dev/${var_dev}" 1M
|
||||
do_log "info" "file_only" "3220() Ephemeral: '${var_encryption_path}' prepared on: '/dev/${var_dev}'."
|
||||
|
||||
var_fs_uuid=$(blkid -s UUID -o value "${var_dev_part}")
|
||||
var_fs_uuid=$(blkid -s UUID -o value "${var_dev}")
|
||||
### Gathering information for '/etc/fstab'-generation in 4040() and '/etc/crypttab'-generation in 4060().
|
||||
# shellcheck disable=SC2034
|
||||
HMP_PATH_FSUUID["${var_encryption_path}"]="${var_fs_uuid}"
|
||||
@@ -139,7 +140,7 @@ partition_encryption() {
|
||||
|
||||
*)
|
||||
|
||||
do_log "error" "file_only" "3220() Invalid mount path: '${var_encryption_path}' for partition: '/dev/${var_dev_part}'."
|
||||
do_log "error" "file_only" "3220() Invalid mount path: '${var_encryption_path}' for partition: '/dev/${var_dev}'."
|
||||
### There is no other need to implement ephemeral devices.
|
||||
continue
|
||||
;;
|
||||
@@ -148,40 +149,40 @@ partition_encryption() {
|
||||
|
||||
fi
|
||||
|
||||
cryptsetup luksFormat "${ary_luks_opts[@]}" "/dev/${var_dev_part}"
|
||||
cryptsetup luksFormat "${ary_luks_opts[@]}" "/dev/${var_dev}"
|
||||
|
||||
if [[ "${var_encryption_integrity,,}" == "true" ]]; then
|
||||
|
||||
do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev_part}]."
|
||||
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' dm-integrity encrypted."
|
||||
do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev}]."
|
||||
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' dm-integrity encrypted."
|
||||
|
||||
else
|
||||
|
||||
do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev_part}]."
|
||||
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' encrypted."
|
||||
do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev}]."
|
||||
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' encrypted."
|
||||
|
||||
fi
|
||||
|
||||
cryptsetup luksHeaderBackup --header-backup-file="${DIR_BAK}/luks_header_${var_dev_part}.bak" "/dev/${var_dev_part}"
|
||||
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' LUKS Header saved: '${DIR_BAK}/luks_header_${var_dev_part}.bak'."
|
||||
cryptsetup luksHeaderBackup --header-backup-file="${DIR_BAK}/luks_header_${var_dev}.bak" "/dev/${var_dev}"
|
||||
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' LUKS Header saved: '${DIR_BAK}/luks_header_${var_dev}.bak'."
|
||||
|
||||
### Opening encrypted container.
|
||||
if [[ "${var_encryption_path,,}" == "/boot" ]]; then
|
||||
cryptsetup luksOpen "/dev/${var_dev_part}" \
|
||||
cryptsetup luksOpen "/dev/${var_dev}" \
|
||||
--key-file="${DIR_CNF}/password_luks_boot.txt" \
|
||||
"${var_encryption_label}"
|
||||
else
|
||||
cryptsetup luksOpen "/dev/${var_dev_part}" \
|
||||
cryptsetup luksOpen "/dev/${var_dev}" \
|
||||
--key-file="${DIR_CNF}/password_luks_common.txt" \
|
||||
"${var_encryption_label}"
|
||||
fi
|
||||
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' opened as '/dev/mapper/${var_encryption_label}'."
|
||||
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' opened as '/dev/mapper/${var_encryption_label}'."
|
||||
|
||||
### Create luksDump log entry.
|
||||
cryptsetup luksDump "/dev/${var_dev_part}" >> "${DIR_LOG}/cryptsetup_luksdump_${var_dev_part}.log"
|
||||
cryptsetup luksDump "/dev/${var_dev}" >> "${DIR_LOG}/cryptsetup_luksdump_${var_dev}.log"
|
||||
|
||||
### Store UUID of the LUKS container.
|
||||
var_uuid=$(blkid -s UUID -o value "/dev/${var_dev_part}")
|
||||
var_uuid=$(blkid -s UUID -o value "/dev/${var_dev}")
|
||||
|
||||
[[ "${var_encryption_path}" == "/" ]] && declare -grx VAR_CRYPT_ROOT="${var_uuid}"
|
||||
[[ "${var_encryption_path}" == "/recovery" ]] && declare -grx VAR_CRYPT_RECOVERY="${var_uuid}"
|
||||
|
||||
@@ -33,7 +33,7 @@ partition_formatting() {
|
||||
declare -Ag HMP_PATH_FSUUID # Used in: 3290() - [Mount Path:Filesystem UUID].
|
||||
# Used in: 4040() - [Mount Path:Filesystem UUID].
|
||||
# Used in: 4060() - [Mount Path:Filesystem UUID].
|
||||
declare var_dev="" var_dev_part="" \
|
||||
declare var_dev="" var_dev_part="" var_dev="" \
|
||||
var_encryption_enable="" var_encryption_label="" var_format_path="" var_fs_btrfs_checksum="" \
|
||||
var_fs_btrfs_compress="" var_fs_btrfs_mdup="" var_fs_label="" var_fs_options="" var_fs_version="" \
|
||||
var_node="" var_fs_uuid=""
|
||||
@@ -47,6 +47,7 @@ partition_formatting() {
|
||||
|
||||
### Generates physical device location.
|
||||
var_dev_part="${HMP_PATH_DEV_PART["${var_format_path}"]}"
|
||||
var_dev="${var_dev_part//./}"
|
||||
|
||||
### Extract parameters from YAML.
|
||||
var_encryption_enable=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.encryption.enable" "${VAR_SETUP_PART}")
|
||||
@@ -58,7 +59,7 @@ partition_formatting() {
|
||||
|
||||
case "${var_format_path,,}" in
|
||||
swap|/tmp)
|
||||
do_log "info" "file_only" "3240() Partition: '/dev/${var_dev_part}' ephemeral encryption already prepared in 3220(): '${var_format_path}'."
|
||||
do_log "info" "file_only" "3240() Partition: '/dev/${var_dev}' ephemeral encryption already prepared in 3220(): '${var_format_path}'."
|
||||
### Nothing more to do here.
|
||||
continue
|
||||
;;
|
||||
@@ -68,7 +69,7 @@ partition_formatting() {
|
||||
var_encryption_label=$(get_label "${var_format_path}" "${var_fs_version}" "luks")
|
||||
var_node="/dev/mapper/${var_encryption_label}"
|
||||
else
|
||||
var_node="/dev/${var_dev_part}"
|
||||
var_node="/dev/${var_dev}"
|
||||
fi
|
||||
|
||||
var_fs_label=$(get_label "${var_format_path}" "${var_fs_version}" "file")
|
||||
@@ -129,9 +130,6 @@ partition_formatting() {
|
||||
|
||||
esac
|
||||
|
||||
var_dev="${HMP_PATH_DEV_PART["${var_format_path}"]}"
|
||||
var_dev="${var_dev%.*}"
|
||||
|
||||
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_3240.log"
|
||||
printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview_3240.log"
|
||||
lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview_3240.log"
|
||||
|
||||
@@ -137,6 +137,7 @@ mount_partition() {
|
||||
|
||||
### Generates physical device location.
|
||||
var_dev_part="${HMP_PATH_DEV_PART["${var_mount_path}"]}"
|
||||
var_dev="${var_dev_part//./}"
|
||||
|
||||
### Extract parameters from YAML.
|
||||
var_fs_btrfs_compress=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.filesystem.btrfs.compress" "${VAR_SETUP_PART}")
|
||||
@@ -287,9 +288,6 @@ mount_partition() {
|
||||
|
||||
esac
|
||||
|
||||
var_dev="${HMP_PATH_DEV_PART["${var_mount_path}"]}"
|
||||
var_dev="${var_dev%.*}"
|
||||
|
||||
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_3280.log"
|
||||
printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview_3280.log"
|
||||
lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview_3280.log"
|
||||
|
||||
@@ -149,7 +149,6 @@ print_scr_err() {
|
||||
printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}"
|
||||
printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}"
|
||||
printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}"
|
||||
printf "%b❌ BASHOPTS : %s %b%b" "${RED}" "${BASHOPTS}" "${RES}" "${NL}"
|
||||
printf "%b❌ SHELLOPTS : %s %b%b" "${RED}" "${SHELLOPTS}" "${RES}" "${NL}"
|
||||
printf "%b❌ Error Log saved at : %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}"
|
||||
printf "%b❌ cat %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}"
|
||||
|
||||
@@ -173,7 +173,7 @@ trap_exit_non_zero() {
|
||||
printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
|
||||
printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
|
||||
printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
|
||||
printf "%b❌ BASHOPTS : %s %b%b" "${RED}" "${BASHOPTS}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
|
||||
printf "%b❌ BASHOPTS : %s %b%b" "${RED}" "${BASHOPTS}" "${RES}" "${NL}" >> "${LOG_EXT}"
|
||||
printf "%b❌ SHELLOPTS : %s %b%b" "${RED}" "${SHELLOPTS}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
|
||||
printf "%b❌ Error Log saved at : %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
|
||||
printf "%b❌ cat %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
|
||||
|
||||
@@ -30,14 +30,14 @@ arg_priority_check() {
|
||||
if [[ -n "${VAR_PRIORITY}" ]]; then
|
||||
renice "${VAR_PRIORITY}" -p "$$" > /dev/null 2>&1
|
||||
var=$(ps -o ni= -p $$) > /dev/null 2>&1
|
||||
do_log "info" "file_only" "New renice value: '${var}'."
|
||||
do_log "info" "file_only" "0103() New renice value: '${var}'."
|
||||
fi
|
||||
|
||||
### Check if ionice PRIORITY is set and adjust ionice priority.
|
||||
if [[ -n "${VAR_REIONICE_CLASS}" ]]; then
|
||||
ionice -c"${VAR_REIONICE_CLASS}" -n"${VAR_REIONICE_PRIORITY}" -p "$$"
|
||||
var=$(ionice -p $$) > /dev/null 2>&1
|
||||
do_log "info" "file_only" "New ionice value: '${var}'."
|
||||
do_log "info" "file_only" "0103() New ionice value: '${var}'."
|
||||
fi
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
|
||||
@@ -54,14 +54,14 @@ read_password_file() {
|
||||
### No tracing for security reasons
|
||||
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
|
||||
if [[ ! -f "${var_input_file}" ]]; then
|
||||
do_log "fatal" "file_only" "Password file '${var_input_file}' not found."
|
||||
do_log "fatal" "file_only" "0104() Password file '${var_input_file}' not found."
|
||||
return "${ERR_READ_PASS_FILE}"
|
||||
fi
|
||||
|
||||
mapfile -t lines < "${var_input_file}"
|
||||
|
||||
if (( ${#lines[@]} != 1 )); then
|
||||
do_log "fatal" "file_only" "Password file '${var_input_file}' MUST contain exactly one line."
|
||||
do_log "fatal" "file_only" "0104() Password file '${var_input_file}' MUST contain exactly one line."
|
||||
return "${ERR_READ_PASS_FILE}"
|
||||
fi
|
||||
|
||||
@@ -71,7 +71,7 @@ read_password_file() {
|
||||
var_output_file="${var_output_file%"${var_output_file##*[![:space:]]}"}" ### trailing
|
||||
|
||||
if [[ -z "${var_output_file}" ]]; then
|
||||
do_log "fatal" "file_only" "Password file '${var_input_file}' contains only whitespace."
|
||||
do_log "fatal" "file_only" "0104() Password file '${var_input_file}' contains only whitespace."
|
||||
return "${ERR_READ_PASS_FILE}"
|
||||
fi
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ guard_sourcing
|
||||
#######################################
|
||||
nuke_passphrase() {
|
||||
declare -r var_nuke_pwd_file="${DIR_CNF}/password_luks_nuke.txt"
|
||||
declare var_temp_nuke_hash="" var_temp_plain_nuke_pwd="" var_salt=""
|
||||
declare var_temp_nuke_hash="" var_temp_plain_nuke_pwd="" var_salt=""
|
||||
|
||||
### No tracing for security reasons
|
||||
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
|
||||
@@ -50,17 +50,17 @@ nuke_passphrase() {
|
||||
declare -grx VAR_NUKE_HASH="${var_temp_nuke_hash}"
|
||||
unset var_temp_nuke_hash var_temp_plain_nuke_pwd
|
||||
|
||||
do_log "debug" "file_only" "NUKE hash starts with: ${VAR_NUKE_HASH:0:12}..."
|
||||
do_log "debug" "file_only" "0105() NUKE hash starts with: ${VAR_NUKE_HASH:0:32}..."
|
||||
|
||||
sync
|
||||
if shred -vfzu -n 5 "${var_nuke_pwd_file}" > /dev/null 2>&1; then
|
||||
do_log "info" "file_only" "✅ Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> done."
|
||||
do_log "info" "file_only" "0105() Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> done."
|
||||
else
|
||||
do_log "warn" "file_only" "❌ Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> NOT successful."
|
||||
do_log "warn" "file_only" "0105() Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> NOT successful."
|
||||
fi
|
||||
sync
|
||||
|
||||
do_log "info" "file_only" "Nuke Hash generated."
|
||||
do_log "info" "file_only" "0105() Nuke Hash generated."
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user