msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 44s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-29 19:46:22 +02:00
parent dd9c937a56
commit 219c272299
10 changed files with 88 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
ciss_debian_installer.sh
View File

@@ -101,34 +101,34 @@ source_guard "./var/early.var.sh"
source_guard "./lib/0004_color_echo.sh" source_guard "./lib/0004_color_echo.sh"
### ALL CHECKS DONE. READY TO START THE SCRIPT. ### ALL CHECKS DONE. READY TO START THE SCRIPT.
color_echo "${CYA}" "ALL CHECKS DONE. READY TO START THE SCRIPT." color_echo "${CYA}" "ALL CHECKS DONE. READY TO START THE SCRIPT ..."
declare -grx VAR_SETUP="true" declare -grx VAR_SETUP="true"
umask 0022 umask 0022
### SOURCING FUNCTIONS, LIBRARIES, VARIABLES. ### SOURCING FUNCTIONS, LIBRARIES, VARIABLES.
if [[ "${VAR_SETUP}" == "true" ]]; then if [[ "${VAR_SETUP}" == "true" ]]; then
### SOURCING VARIABLES ### SOURCING VARIABLES
color_echo "${CYA}" "SOURCING VARIABLES." color_echo "${CYA}" "SOURCING VARIABLES ..."
. ./meta_loader_var.sh . ./meta_loader_var.sh
### SOURCING FUNCTIONS ### SOURCING FUNCTIONS
color_echo "${CYA}" "SOURCING FUNCTIONS." color_echo "${CYA}" "SOURCING FUNCTIONS ..."
. ./meta_loader_func.sh . ./meta_loader_func.sh
### SOURCING LIBRARIES ### SOURCING LIBRARIES
color_echo "${CYA}" "SOURCING LIBRARIES." color_echo "${CYA}" "SOURCING LIBRARIES ..."
. ./meta_loader_lib.sh . ./meta_loader_lib.sh
fi fi
### PREPARING DIRECTORIES AND FILES. ### PREPARING DIRECTORIES AND FILES.
color_echo "${CYA}" "PREPARING DIRECTORIES AND FILES." color_echo "${CYA}" "PREPARING DIRECTORIES AND FILES ..."
gen_dir_files gen_dir_files
### CHECKING REQUIRED PACKAGES. ### CHECKING REQUIRED PACKAGES.
color_echo "${CYA}" "CHECKING REQUIRED PACKAGES." color_echo "${CYA}" "CHECKING REQUIRED PACKAGES ..."
#check_pkgs #check_pkgs
check_git check_git
### ADVISORY LOCK. ### ADVISORY LOCK.
color_echo "${CYA}" "ADVISORY LOCK." color_echo "${CYA}" "ADVISORY LOCK ..."
exec 127>/var/lock/ciss_debian_installer.lock || { exec 127>/var/lock/ciss_debian_installer.lock || {
printf "%b❌ Cannot open lockfile for writing! Bye... %b%b" "${RED}" "${RES}" "${NL}" >&2 printf "%b❌ Cannot open lockfile for writing! Bye... %b%b" "${RED}" "${RES}" "${NL}" >&2
exit "${ERR_FLOCK_PROTECTED}" exit "${ERR_FLOCK_PROTECTED}"
@@ -140,15 +140,15 @@ if ! flock -x -n 127; then
fi fi
### SCAN FOR DEBUG MODE. ### SCAN FOR DEBUG MODE.
color_echo "${CYA}" "SCAN FOR DEBUG MODE." color_echo "${CYA}" "SCAN FOR DEBUG MODE ..."
pre_scan_debug "$@" pre_scan_debug "$@"
### CHECK FOR AUTO INSTALL MODE. ### CHECK FOR AUTO INSTALL MODE.
color_echo "${CYA}" "CHECK FOR AUTO INSTALL MODE." color_echo "${CYA}" "CHECK FOR AUTO INSTALL MODE ..."
for arg in "$@"; do case "${arg,,}" in -a|--autoinstall) declare -gx VAR_AUTO_INSTALL="true";; esac; done; unset arg for arg in "$@"; do case "${arg,,}" in -a|--autoinstall) declare -gx VAR_AUTO_INSTALL="true";; esac; done; unset arg
### ACTIVATING TRAPS. ### ACTIVATING TRAPS.
color_echo "${CYA}" "ACTIVATING TRAPS." color_echo "${CYA}" "ACTIVATING TRAPS ..."
trap 'trap_exit "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' EXIT trap 'trap_exit "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' EXIT
trap 'trap_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' ERR trap 'trap_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' ERR
trap 'trap_int' INT TERM trap 'trap_int' INT TERM
@@ -160,32 +160,32 @@ trap 'trap_int' INT TERM
#if ! "${VAR_AUTO_INSTALL}"; then check_kernel; fi #if ! "${VAR_AUTO_INSTALL}"; then check_kernel; fi
### Dialog Output for Initialization START. ### Dialog Output for Initialization START.
color_echo "${CYA}" "Dialog Output for Initialization START." color_echo "${CYA}" "Dialog Output for Initialization START ..."
if ! "${VAR_AUTO_INSTALL}"; then . ./lib/0200_dialog_helper.sh && dialog_box; fi if ! "${VAR_AUTO_INSTALL}"; then . ./lib/0200_dialog_helper.sh && dialog_box; fi
### ARGUMENT CHECKS. ### ARGUMENT CHECKS.
echo "ARGUMENT CHECKS..." echo "ARGUMENT CHECKS ..."
arg_check "$@" arg_check "$@"
declare -ar ARY_ARG_SANITIZED=("$@") declare -ar ARY_ARG_SANITIZED=("$@")
declare -grx VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}" declare -grx VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}"
### ARGUMENT PARSING. ### ARGUMENT PARSING.
echo "ARGUMENT PARSING..." echo "ARGUMENT PARSING ..."
arg_parser "$@" arg_parser "$@"
### PRIORITY UPDATES. ### PRIORITY UPDATES.
echo "PRIORITY UPDATES..." echo "PRIORITY UPDATES ..."
arg_priority_check arg_priority_check
### HASHING PASSWORDS. ### HASHING PASSWORDS.
echo "HASHING PASSWORDS..." echo "HASHING PASSWORDS ..."
nuke_passphrase nuke_passphrase
# TODO: Implement loop_pass() for other passwords. # TODO: Implement loop_pass() for other passwords.
### MAIN PROGRAM SEQUENCE ### MAIN PROGRAM SEQUENCE
echo "MAIN PROGRAM SEQUENCE: yaml_parser()" echo "MAIN PROGRAM SEQUENCE: yaml_parser() ..."
yaml_parser yaml_parser
echo "MAIN PROGRAM SEQUENCE: yaml_reader()" echo "MAIN PROGRAM SEQUENCE: yaml_reader() ..."
yaml_reader yaml_reader
# TODO: Implement / Activate IP, Port validation # TODO: Implement / Activate IP, Port validation
@@ -193,83 +193,83 @@ yaml_reader
# validation_preseed # validation_preseed
### PARTITIONING ### PARTITIONING
echo "MAIN PROGRAM SEQUENCE: partitioning()" echo "MAIN PROGRAM SEQUENCE: partitioning() ..."
partitioning partitioning
echo "MAIN PROGRAM SEQUENCE: benchmarking_encryption()" echo "MAIN PROGRAM SEQUENCE: benchmarking_encryption() ..."
benchmarking_encryption benchmarking_encryption
echo "MAIN PROGRAM SEQUENCE: partition_encryption()" echo "MAIN PROGRAM SEQUENCE: partition_encryption() ..."
partition_encryption partition_encryption
echo "MAIN PROGRAM SEQUENCE: partition_formatting()" echo "MAIN PROGRAM SEQUENCE: partition_formatting() ..."
partition_formatting partition_formatting
echo "MAIN PROGRAM SEQUENCE: mount_partition()" echo "MAIN PROGRAM SEQUENCE: mount_partition() ..."
mount_partition mount_partition
echo "MAIN PROGRAM SEQUENCE: uuid_logger()" echo "MAIN PROGRAM SEQUENCE: uuid_logger() ..."
uuid_logger uuid_logger
### DEBOOTSTRAP ### DEBOOTSTRAP
echo "MAIN PROGRAM SEQUENCE: func_debootstrap()" echo "MAIN PROGRAM SEQUENCE: func_debootstrap() ..."
func_debootstrap func_debootstrap
echo "MAIN PROGRAM SEQUENCE: configure_system()" echo "MAIN PROGRAM SEQUENCE: configure_system() ..."
configure_system configure_system
echo "MAIN PROGRAM SEQUENCE: generate_fstab()" echo "MAIN PROGRAM SEQUENCE: generate_fstab() ..."
generate_fstab # TODO: Checks ongoing. generate_fstab # TODO: Checks ongoing.
echo "MAIN PROGRAM SEQUENCE: generate_crypttab()" echo "MAIN PROGRAM SEQUENCE: generate_crypttab() ..."
generate_crypttab # TODO: Checks ongoing. generate_crypttab # TODO: Checks ongoing.
echo "MAIN PROGRAM SEQUENCE: generate_sources()" echo "MAIN PROGRAM SEQUENCE: generate_sources() ..."
generate_sources generate_sources
echo "MAIN PROGRAM SEQUENCE: minimal_toolset()" echo "MAIN PROGRAM SEQUENCE: minimal_toolset() ..."
minimal_toolset minimal_toolset
echo "MAIN PROGRAM SEQUENCE: setup_skel()" echo "MAIN PROGRAM SEQUENCE: setup_skel() ..."
setup_skel setup_skel
echo "MAIN PROGRAM SEQUENCE: setup_timezone()" echo "MAIN PROGRAM SEQUENCE: setup_timezone() ..."
setup_timezone setup_timezone
echo "MAIN PROGRAM SEQUENCE: setup_locales()" echo "MAIN PROGRAM SEQUENCE: setup_locales() ..."
setup_locales setup_locales
# TODO: Implement Clang Build Chain and MOK Signing Workflow # TODO: Implement Clang Build Chain and MOK Signing Workflow
echo "MAIN PROGRAM SEQUENCE: installation_kernel()" echo "MAIN PROGRAM SEQUENCE: installation_kernel() ..."
installation_kernel installation_kernel
echo "MAIN PROGRAM SEQUENCE: setup_network()" echo "MAIN PROGRAM SEQUENCE: setup_network() ..."
setup_network setup_network
echo "MAIN PROGRAM SEQUENCE: setup_hostname()" echo "MAIN PROGRAM SEQUENCE: setup_hostname() ..."
setup_hostname setup_hostname
echo "MAIN PROGRAM SEQUENCE: setup_machineid()" echo "MAIN PROGRAM SEQUENCE: setup_machineid() ..."
setup_machineid setup_machineid
# TODO: Implement Clang Build Chain and MOK Signing Workflow and integrate GRUB, if needed # TODO: Implement Clang Build Chain and MOK Signing Workflow and integrate GRUB, if needed
# TODO: Copy Grub Boot Loader to default path # TODO: Copy Grub Boot Loader to default path
echo "MAIN PROGRAM SEQUENCE: setup_grub()" echo "MAIN PROGRAM SEQUENCE: setup_grub() ..."
setup_grub setup_grub
echo "MAIN PROGRAM SEQUENCE: setup_grub_password()" echo "MAIN PROGRAM SEQUENCE: setup_grub_password() ..."
setup_grub_password setup_grub_password
echo "MAIN PROGRAM SEQUENCE: setup_grub_bootparameter()" echo "MAIN PROGRAM SEQUENCE: setup_grub_bootparameter() ..."
setup_grub_bootparameter setup_grub_bootparameter
echo "MAIN PROGRAM SEQUENCE: setup_kernel_modules()" echo "MAIN PROGRAM SEQUENCE: setup_kernel_modules() ..."
setup_kernel_modules setup_kernel_modules
echo "MAIN PROGRAM SEQUENCE: setup_kernel_sysctl()" echo "MAIN PROGRAM SEQUENCE: setup_kernel_sysctl() ..."
setup_kernel_sysctl setup_kernel_sysctl
echo "MAIN PROGRAM SEQUENCE: installation_microcode()" echo "MAIN PROGRAM SEQUENCE: installation_microcode() ..."
installation_microcode installation_microcode
echo "MAIN PROGRAM SEQUENCE: setup_ssh()" echo "MAIN PROGRAM SEQUENCE: setup_ssh() ..."
setup_ssh setup_ssh
echo "MAIN PROGRAM SEQUENCE: build_dropbear()" echo "MAIN PROGRAM SEQUENCE: build_dropbear() ..."
build_dropbear build_dropbear
echo "MAIN PROGRAM SEQUENCE: install_dropbear_initramfs()" echo "MAIN PROGRAM SEQUENCE: install_dropbear_initramfs() ..."
install_dropbear_initramfs install_dropbear_initramfs
# TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock-wrapper.sh # TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock-wrapper.sh
echo "MAIN PROGRAM SEQUENCE: setup_dropbear()" echo "MAIN PROGRAM SEQUENCE: setup_dropbear() ..."
setup_dropbear setup_dropbear
# TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml # TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml
echo "MAIN PROGRAM SEQUENCE: setup_accounts()" echo "MAIN PROGRAM SEQUENCE: setup_accounts() ..."
setup_accounts setup_accounts
# TODO: Check Packages for installation # TODO: Check Packages for installation
echo "MAIN PROGRAM SEQUENCE: setup_packages()" echo "MAIN PROGRAM SEQUENCE: setup_packages() ..."
setup_packages setup_packages
# TODO: What do we need for CISS environment? # TODO: What do we need for CISS environment?
echo "MAIN PROGRAM SEQUENCE: setup_sudo()" echo "MAIN PROGRAM SEQUENCE: setup_sudo() ..."
setup_sudo setup_sudo
# TODO: Any changes to the NTPSec Servers? # TODO: Any changes to the NTPSec Servers?
echo "MAIN PROGRAM SEQUENCE: setup_chrony()" echo "MAIN PROGRAM SEQUENCE: setup_chrony() ..."
setup_chrony setup_chrony
echo "MAIN PROGRAM SEQUENCE: exiting_chroot()" echo "MAIN PROGRAM SEQUENCE: exiting_chroot() ..."
exiting_chroot exiting_chroot
# TODO: Hibernate deactivation # TODO: Hibernate deactivation

6
func/partitioning/3200_partitioning.sh
View File

@@ -254,7 +254,7 @@ partitioning() {
return "${ERR_PART_READ}" return "${ERR_PART_READ}"
else else
HMP_PATH_PARTUUID["${var_mount_path}"]="${var_uuid}" HMP_PATH_PARTUUID["${var_mount_path}"]="${var_uuid}"
do_log "debug" "file_only" "3200() Stored in HashMap [HMP_PATH_PARTUUID] : '${var_mount_path}' -> '${HMP_PATH_PARTUUID["${var_mount_path}"]}'." do_log "debug" "file_only" "3200() [HMP_PATH_PARTUUID]: '${var_mount_path}' -> '${HMP_PATH_PARTUUID["${var_mount_path}"]}'."
fi fi
### Gathering information for forthcoming modules 32n0(). ### Gathering information for forthcoming modules 32n0().
@@ -280,9 +280,9 @@ partitioning() {
if [[ "${var_mount_true}" == "true" ]]; then if [[ "${var_mount_true}" == "true" ]]; then
# shellcheck disable=SC2034 # shellcheck disable=SC2034
ARY_FSTAB_MOUNT_PATHS+=("${var_mount_path}") ARY_FSTAB_MOUNT_PATHS+=("${var_mount_path}")
do_log "debug" "file_only" "3200() Stored in Array [ARY_FSTAB_MOUNT_PATHS] : '${var_mount_path}'." do_log "debug" "file_only" "3200() [ARY_FSTAB_MOUNT_PATHS]: '${var_mount_path}'."
HMP_FSTAB_MOUNT_FTYPE["${var_mount_path}"]="${var_fs}" HMP_FSTAB_MOUNT_FTYPE["${var_mount_path}"]="${var_fs}"
do_log "debug" "file_only" "3200() Stored in HashMap [HMP_FSTAB_MOUNT_FTYPE] : '${var_mount_path}' -> '${HMP_FSTAB_MOUNT_FTYPE["${var_mount_path}"]}'." do_log "debug" "file_only" "3200() [HMP_FSTAB_MOUNT_FTYPE]: '${var_mount_path}' -> '${HMP_FSTAB_MOUNT_FTYPE["${var_mount_path}"]}'."
fi fi

35
func/partitioning/3220_partition_encryption.sh
View File

@@ -49,7 +49,7 @@ partition_encryption() {
declare -gx VAR_CRYPT_ROOT="" # LUKS UUID of '/'. declare -gx VAR_CRYPT_ROOT="" # LUKS UUID of '/'.
declare -gx VAR_CRYPT_RECOVERY="" # LUKS UUID of '/recovery'. declare -gx VAR_CRYPT_RECOVERY="" # LUKS UUID of '/recovery'.
declare var_encryption_path="" var_dev_part="" \ declare var_encryption_path="" var_dev_part="" var_dev="" \
var_encryption_ephemeral="" var_encryption_integrity="" var_encryption_cipher="" var_encryption_hash="" \ var_encryption_ephemeral="" var_encryption_integrity="" var_encryption_cipher="" var_encryption_hash="" \
var_encryption_key="" var_encryption_label="" var_encryption_meta="" var_encryption_slot="" \ var_encryption_key="" var_encryption_label="" var_encryption_meta="" var_encryption_slot="" \
var_encryption_pbkdf="" var_encryption_rng="" var_filesystem_label="" var_mount_path="" var_uuid="" var_fs="" var_encryption_pbkdf="" var_encryption_rng="" var_filesystem_label="" var_mount_path="" var_uuid="" var_fs=""
@@ -63,6 +63,7 @@ partition_encryption() {
### Generates physical device location. ### Generates physical device location.
var_dev_part="${HMP_PATH_DEV_PART["${var_encryption_path}"]}" var_dev_part="${HMP_PATH_DEV_PART["${var_encryption_path}"]}"
var_dev="${var_dev_part//./}"
### Extract parameters from YAML. ### Extract parameters from YAML.
var_encryption_ephemeral=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.encryption.ephemeral" "${VAR_SETUP_PART}") var_encryption_ephemeral=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.encryption.ephemeral" "${VAR_SETUP_PART}")
@@ -118,10 +119,10 @@ partition_encryption() {
var_filesystem_label=$(get_label "${var_encryption_path}" "${var_fs}" "file") var_filesystem_label=$(get_label "${var_encryption_path}" "${var_fs}" "file")
mkfs.ext4 -L "${var_filesystem_label}" "/dev/${var_dev_part}" 1M mkfs.ext4 -L "${var_filesystem_label}" "/dev/${var_dev}" 1M
do_log "info" "file_only" "3220() Ephemeral: '${var_encryption_path}' prepared on: '/dev/${var_dev_part}'." do_log "info" "file_only" "3220() Ephemeral: '${var_encryption_path}' prepared on: '/dev/${var_dev}'."
var_fs_uuid=$(blkid -s UUID -o value "${var_dev_part}") var_fs_uuid=$(blkid -s UUID -o value "${var_dev}")
### Gathering information for '/etc/fstab'-generation in 4040() and '/etc/crypttab'-generation in 4060(). ### Gathering information for '/etc/fstab'-generation in 4040() and '/etc/crypttab'-generation in 4060().
# shellcheck disable=SC2034 # shellcheck disable=SC2034
HMP_PATH_FSUUID["${var_encryption_path}"]="${var_fs_uuid}" HMP_PATH_FSUUID["${var_encryption_path}"]="${var_fs_uuid}"
@@ -139,7 +140,7 @@ partition_encryption() {
*) *)
do_log "error" "file_only" "3220() Invalid mount path: '${var_encryption_path}' for partition: '/dev/${var_dev_part}'." do_log "error" "file_only" "3220() Invalid mount path: '${var_encryption_path}' for partition: '/dev/${var_dev}'."
### There is no other need to implement ephemeral devices. ### There is no other need to implement ephemeral devices.
continue continue
;; ;;
@@ -148,40 +149,40 @@ partition_encryption() {
fi fi
cryptsetup luksFormat "${ary_luks_opts[@]}" "/dev/${var_dev_part}" cryptsetup luksFormat "${ary_luks_opts[@]}" "/dev/${var_dev}"
if [[ "${var_encryption_integrity,,}" == "true" ]]; then if [[ "${var_encryption_integrity,,}" == "true" ]]; then
do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev_part}]." do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev}]."
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' dm-integrity encrypted." do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' dm-integrity encrypted."
else else
do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev_part}]." do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev}]."
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' encrypted." do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' encrypted."
fi fi
cryptsetup luksHeaderBackup --header-backup-file="${DIR_BAK}/luks_header_${var_dev_part}.bak" "/dev/${var_dev_part}" cryptsetup luksHeaderBackup --header-backup-file="${DIR_BAK}/luks_header_${var_dev}.bak" "/dev/${var_dev}"
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' LUKS Header saved: '${DIR_BAK}/luks_header_${var_dev_part}.bak'." do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' LUKS Header saved: '${DIR_BAK}/luks_header_${var_dev}.bak'."
### Opening encrypted container. ### Opening encrypted container.
if [[ "${var_encryption_path,,}" == "/boot" ]]; then if [[ "${var_encryption_path,,}" == "/boot" ]]; then
cryptsetup luksOpen "/dev/${var_dev_part}" \ cryptsetup luksOpen "/dev/${var_dev}" \
--key-file="${DIR_CNF}/password_luks_boot.txt" \ --key-file="${DIR_CNF}/password_luks_boot.txt" \
"${var_encryption_label}" "${var_encryption_label}"
else else
cryptsetup luksOpen "/dev/${var_dev_part}" \ cryptsetup luksOpen "/dev/${var_dev}" \
--key-file="${DIR_CNF}/password_luks_common.txt" \ --key-file="${DIR_CNF}/password_luks_common.txt" \
"${var_encryption_label}" "${var_encryption_label}"
fi fi
do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' opened as '/dev/mapper/${var_encryption_label}'." do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' opened as '/dev/mapper/${var_encryption_label}'."
### Create luksDump log entry. ### Create luksDump log entry.
cryptsetup luksDump "/dev/${var_dev_part}" >> "${DIR_LOG}/cryptsetup_luksdump_${var_dev_part}.log" cryptsetup luksDump "/dev/${var_dev}" >> "${DIR_LOG}/cryptsetup_luksdump_${var_dev}.log"
### Store UUID of the LUKS container. ### Store UUID of the LUKS container.
var_uuid=$(blkid -s UUID -o value "/dev/${var_dev_part}") var_uuid=$(blkid -s UUID -o value "/dev/${var_dev}")
[[ "${var_encryption_path}" == "/" ]] && declare -grx VAR_CRYPT_ROOT="${var_uuid}" [[ "${var_encryption_path}" == "/" ]] && declare -grx VAR_CRYPT_ROOT="${var_uuid}"
[[ "${var_encryption_path}" == "/recovery" ]] && declare -grx VAR_CRYPT_RECOVERY="${var_uuid}" [[ "${var_encryption_path}" == "/recovery" ]] && declare -grx VAR_CRYPT_RECOVERY="${var_uuid}"

10
func/partitioning/3240_partition_formatting.sh
View File

@@ -33,7 +33,7 @@ partition_formatting() {
declare -Ag HMP_PATH_FSUUID # Used in: 3290() - [Mount Path:Filesystem UUID]. declare -Ag HMP_PATH_FSUUID # Used in: 3290() - [Mount Path:Filesystem UUID].
# Used in: 4040() - [Mount Path:Filesystem UUID]. # Used in: 4040() - [Mount Path:Filesystem UUID].
# Used in: 4060() - [Mount Path:Filesystem UUID]. # Used in: 4060() - [Mount Path:Filesystem UUID].
declare var_dev="" var_dev_part="" \ declare var_dev="" var_dev_part="" var_dev="" \
var_encryption_enable="" var_encryption_label="" var_format_path="" var_fs_btrfs_checksum="" \ var_encryption_enable="" var_encryption_label="" var_format_path="" var_fs_btrfs_checksum="" \
var_fs_btrfs_compress="" var_fs_btrfs_mdup="" var_fs_label="" var_fs_options="" var_fs_version="" \ var_fs_btrfs_compress="" var_fs_btrfs_mdup="" var_fs_label="" var_fs_options="" var_fs_version="" \
var_node="" var_fs_uuid="" var_node="" var_fs_uuid=""
@@ -47,6 +47,7 @@ partition_formatting() {
### Generates physical device location. ### Generates physical device location.
var_dev_part="${HMP_PATH_DEV_PART["${var_format_path}"]}" var_dev_part="${HMP_PATH_DEV_PART["${var_format_path}"]}"
var_dev="${var_dev_part//./}"
### Extract parameters from YAML. ### Extract parameters from YAML.
var_encryption_enable=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.encryption.enable" "${VAR_SETUP_PART}") var_encryption_enable=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.encryption.enable" "${VAR_SETUP_PART}")
@@ -58,7 +59,7 @@ partition_formatting() {
case "${var_format_path,,}" in case "${var_format_path,,}" in
swap|/tmp) swap|/tmp)
do_log "info" "file_only" "3240() Partition: '/dev/${var_dev_part}' ephemeral encryption already prepared in 3220(): '${var_format_path}'." do_log "info" "file_only" "3240() Partition: '/dev/${var_dev}' ephemeral encryption already prepared in 3220(): '${var_format_path}'."
### Nothing more to do here. ### Nothing more to do here.
continue continue
;; ;;
@@ -68,7 +69,7 @@ partition_formatting() {
var_encryption_label=$(get_label "${var_format_path}" "${var_fs_version}" "luks") var_encryption_label=$(get_label "${var_format_path}" "${var_fs_version}" "luks")
var_node="/dev/mapper/${var_encryption_label}" var_node="/dev/mapper/${var_encryption_label}"
else else
var_node="/dev/${var_dev_part}" var_node="/dev/${var_dev}"
fi fi
var_fs_label=$(get_label "${var_format_path}" "${var_fs_version}" "file") var_fs_label=$(get_label "${var_format_path}" "${var_fs_version}" "file")
@@ -129,9 +130,6 @@ partition_formatting() {
esac esac
var_dev="${HMP_PATH_DEV_PART["${var_format_path}"]}"
var_dev="${var_dev%.*}"
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_3240.log" lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_3240.log"
printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview_3240.log" printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview_3240.log"
lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview_3240.log" lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview_3240.log"

4
func/partitioning/3280_mount_partition.sh
View File

@@ -137,6 +137,7 @@ mount_partition() {
### Generates physical device location. ### Generates physical device location.
var_dev_part="${HMP_PATH_DEV_PART["${var_mount_path}"]}" var_dev_part="${HMP_PATH_DEV_PART["${var_mount_path}"]}"
var_dev="${var_dev_part//./}"
### Extract parameters from YAML. ### Extract parameters from YAML.
var_fs_btrfs_compress=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.filesystem.btrfs.compress" "${VAR_SETUP_PART}") var_fs_btrfs_compress=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.filesystem.btrfs.compress" "${VAR_SETUP_PART}")
@@ -287,9 +288,6 @@ mount_partition() {
esac esac
var_dev="${HMP_PATH_DEV_PART["${var_mount_path}"]}"
var_dev="${var_dev%.*}"
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_3280.log" lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_3280.log"
printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview_3280.log" printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview_3280.log"
lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview_3280.log" lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview_3280.log"

1
lib/0060_trap_err.sh
View File

@@ -149,7 +149,6 @@ print_scr_err() {
printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}" printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}"
printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}" printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}"
printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}"
printf "%b❌ BASHOPTS : %s %b%b" "${RED}" "${BASHOPTS}" "${RES}" "${NL}"
printf "%b❌ SHELLOPTS : %s %b%b" "${RED}" "${SHELLOPTS}" "${RES}" "${NL}" printf "%b❌ SHELLOPTS : %s %b%b" "${RED}" "${SHELLOPTS}" "${RES}" "${NL}"
printf "%b❌ Error Log saved at : %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}" printf "%b❌ Error Log saved at : %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}"
printf "%b❌ cat %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}" printf "%b❌ cat %s %b%b" "${RED}" "${LOG_ERR}" "${RES}" "${NL}"

2
lib/0070_trap_exit.sh
View File

@@ -173,7 +173,7 @@ trap_exit_non_zero() {
printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ BASHOPTS : %s %b%b" "${RED}" "${BASHOPTS}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ BASHOPTS : %s %b%b" "${RED}" "${BASHOPTS}" "${RES}" "${NL}" >> "${LOG_EXT}"
printf "%b❌ SHELLOPTS : %s %b%b" "${RED}" "${SHELLOPTS}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ SHELLOPTS : %s %b%b" "${RED}" "${SHELLOPTS}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ Error Log saved at : %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Error Log saved at : %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ cat %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ cat %s %b%b" "${RED}" "${LOG_EXT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"

4
lib/0103_arg_priority_check.sh
View File

@@ -30,14 +30,14 @@ arg_priority_check() {
if [[ -n "${VAR_PRIORITY}" ]]; then if [[ -n "${VAR_PRIORITY}" ]]; then
renice "${VAR_PRIORITY}" -p "$$" > /dev/null 2>&1 renice "${VAR_PRIORITY}" -p "$$" > /dev/null 2>&1
var=$(ps -o ni= -p $$) > /dev/null 2>&1 var=$(ps -o ni= -p $$) > /dev/null 2>&1
do_log "info" "file_only" "New renice value: '${var}'." do_log "info" "file_only" "0103() New renice value: '${var}'."
fi fi
### Check if ionice PRIORITY is set and adjust ionice priority. ### Check if ionice PRIORITY is set and adjust ionice priority.
if [[ -n "${VAR_REIONICE_CLASS}" ]]; then if [[ -n "${VAR_REIONICE_CLASS}" ]]; then
ionice -c"${VAR_REIONICE_CLASS}" -n"${VAR_REIONICE_PRIORITY}" -p "$$" ionice -c"${VAR_REIONICE_CLASS}" -n"${VAR_REIONICE_PRIORITY}" -p "$$"
var=$(ionice -p $$) > /dev/null 2>&1 var=$(ionice -p $$) > /dev/null 2>&1
do_log "info" "file_only" "New ionice value: '${var}'." do_log "info" "file_only" "0103() New ionice value: '${var}'."
fi fi
} }
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

6
lib/0104_arg_passphrase_modules.sh
View File

@@ -54,14 +54,14 @@ read_password_file() {
### No tracing for security reasons ### No tracing for security reasons
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
if [[ ! -f "${var_input_file}" ]]; then if [[ ! -f "${var_input_file}" ]]; then
do_log "fatal" "file_only" "Password file '${var_input_file}' not found." do_log "fatal" "file_only" "0104() Password file '${var_input_file}' not found."
return "${ERR_READ_PASS_FILE}" return "${ERR_READ_PASS_FILE}"
fi fi
mapfile -t lines < "${var_input_file}" mapfile -t lines < "${var_input_file}"
if (( ${#lines[@]} != 1 )); then if (( ${#lines[@]} != 1 )); then
do_log "fatal" "file_only" "Password file '${var_input_file}' MUST contain exactly one line." do_log "fatal" "file_only" "0104() Password file '${var_input_file}' MUST contain exactly one line."
return "${ERR_READ_PASS_FILE}" return "${ERR_READ_PASS_FILE}"
fi fi
@@ -71,7 +71,7 @@ read_password_file() {
var_output_file="${var_output_file%"${var_output_file##*[![:space:]]}"}" ### trailing var_output_file="${var_output_file%"${var_output_file##*[![:space:]]}"}" ### trailing
if [[ -z "${var_output_file}" ]]; then if [[ -z "${var_output_file}" ]]; then
do_log "fatal" "file_only" "Password file '${var_input_file}' contains only whitespace." do_log "fatal" "file_only" "0104() Password file '${var_input_file}' contains only whitespace."
return "${ERR_READ_PASS_FILE}" return "${ERR_READ_PASS_FILE}"
fi fi

8
lib/0105_arg_nuke_converter.sh
View File

@@ -50,17 +50,17 @@ nuke_passphrase() {
declare -grx VAR_NUKE_HASH="${var_temp_nuke_hash}" declare -grx VAR_NUKE_HASH="${var_temp_nuke_hash}"
unset var_temp_nuke_hash var_temp_plain_nuke_pwd unset var_temp_nuke_hash var_temp_plain_nuke_pwd
do_log "debug" "file_only" "NUKE hash starts with: ${VAR_NUKE_HASH:0:12}..." do_log "debug" "file_only" "0105() NUKE hash starts with: ${VAR_NUKE_HASH:0:32}..."
sync sync
if shred -vfzu -n 5 "${var_nuke_pwd_file}" > /dev/null 2>&1; then if shred -vfzu -n 5 "${var_nuke_pwd_file}" > /dev/null 2>&1; then
do_log "info" "file_only" " Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> done." do_log "info" "file_only" "0105() Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> done."
else else
do_log "warn" "file_only" " Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> NOT successful." do_log "warn" "file_only" "0105() Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> NOT successful."
fi fi
sync sync
do_log "info" "file_only" "Nuke Hash generated." do_log "info" "file_only" "0105() Nuke Hash generated."
return 0 return 0
} }