V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/4195_setup_dropbear.sh

@@ -80,6 +80,15 @@ setup_dropbear() {
   VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX} cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
   grub_finalize_string
 
+  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/scripts/init-top/fixpath.sh" \
+    "${TARGET}/includes/initramfs-tools/scripts/init-top/"
+
+  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/hooks/custom-prompt.sh" \
+    "${TARGET}/includes/initramfs-tools/hooks/"
+
+  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/hooks/dropbear.sh" \
+    "${TARGET}/includes/initramfs-tools/hooks/"
+
   return 0
 }
 

func/9997_check_grub_cmdline.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+# SPDX-Comment: GRUB Kernel Parameter Linter
+
+set -Ceuo pipefail
+
+GRUB_FILE="${1:-/etc/default/grub}"
+
+# Parse GRUB_CMDLINE string into array of unique options
+parse_cmdline() {
+  local input="${1}"
+  # Remove outer quotes if present
+  input="${input%\"}"
+  input="${input#\"}"
+  # Split into array
+  read -r -a ary <<< "${input}"
+  printf "%s\n" "${ary[@]}"
+}
+
+# Key extractor: for console=tty0 → console
+extract_key() {
+  local param="${1}"
+  if [[ "${param}" == *=* ]]; then
+    echo "${param%%=*}"
+  else
+    echo "${param}"
+  fi
+}
+
+
+# Extract lines
+GRUB_LINUX_LINE=$(grep -E '^GRUB_CMDLINE_LINUX=' "${GRUB_FILE}" | sed -E 's/GRUB_CMDLINE_LINUX=//')
+GRUB_DEFAULT_LINE=$(grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' "${GRUB_FILE}" | sed -E 's/GRUB_CMDLINE_LINUX_DEFAULT=//')
+
+# Parse both lines
+mapfile -t linux_params < <(parse_cmdline "${GRUB_LINUX_LINE}")
+mapfile -t default_params < <(parse_cmdline "${GRUB_DEFAULT_LINE}")
+
+# Combine for conflict analysis
+declare -A param_values=()
+declare -A param_sources=()
+declare -A duplicate_params=()
+
+# Loop over all parameter
+for source in "linux" "default"; do
+  declare -n params="${source}_params"
+  for p in "${params[@]}"; do
+    key=$(extract_key "${p}")
+    if [[ -v param_values["${key}"] ]]; then
+      if [[ "${param_values[${key}]}" != "${p}" ]]; then
+        echo "⚠️  Conflict: Parameter '${key}' has multiple values:"
+        echo "   - ${param_values[${key}]} (from ${param_sources[${key}]})"
+        echo "   - ${p} (from ${source})"
+      else
+        duplicate_params["${p}"]=1
+      fi
+    else
+      param_values["${key}"]="${p}"
+      param_sources["${key}"]="${source}"
+    fi
+  done
+done
+
+# Report duplicates
+if (( ${#duplicate_params[@]} > 0 )); then
+  echo "ℹ️  Duplicate parameters found:"
+  for dup in "${!duplicate_params[@]}"; do
+    echo "   - ${dup}"
+  done
+fi
+
+echo "✅ GRUB_CMDLINE check complete."
+eit 0

includes/initramfs-tools/hooks/custom-prompt.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+set -e
+
+PREREQ=""
+prereqs() { echo "$PREREQ"; }
+case $1 in
+  prereqs) prereqs; exit 0 ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+mkdir -p "${DESTDIR}/etc"
+
+cat >| "${DESTDIR}/etc/profile" << 'EOF'
+export PS1='$( STATUS=$?; \
+  if [ "${STATUS}" -eq 0 ]; then \
+    printf "\001\e[0;31m\002\u@\H\001\e[0m\002:\001\e[0;95m\002\w\001\e[0m\002>>\001\e[0;92m\002%d\001\e[0m\002|~#> " "${STATUS}"; \
+  else \
+    printf "\001\e[0;31m\002\u@\H\001\e[0m\002:\001\e[0;95m\002\w\001\e[0m\002>>\001\e[0;91m\002%d\001\e[0m\002|~#> " "${STATUS}"; \
+  fi; ) '
+EOF

includes/initramfs-tools/hooks/dropbear.sh

@@ -0,0 +1,59 @@
+#!/bin/sh
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+set -e
+
+PREREQ=""
+prereqs() { echo "$PREREQ"; }
+case $1 in
+  prereqs) prereqs; exit 0 ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+mkdir -p "${DESTDIR}/bin" "${DESTDIR}/usr/bin" "${DESTDIR}/usr/local/bin" "${DESTDIR}/etc/dropbear/initramfs" "${DESTDIR}/etc/keys"
+
+### Include Busybox
+copy_exec /usr/bin/busybox /usr/bin
+copy_exec /usr/bin/busybox /bin
+
+### Include Bash
+copy_exec /usr/bin/bash /usr/bin
+
+### Include lsblk (block device info tool)
+copy_exec /usr/bin/lsblk /usr/bin
+
+### Include udevadm (udev management tool)
+copy_exec /usr/bin/udevadm /usr/bin
+
+### Include sha512sum e.g.
+copy_exec /usr/bin/sha512sum /usr/bin
+copy_exec /usr/bin/sha384sum /usr/bin
+
+### Include Signature-Verifier
+copy_exec /usr/bin/gpgv /usr/bin
+
+for dir in bin usr/bin; do
+  ln -sf busybox "${DESTDIR}/${dir}/cat"
+  ln -sf busybox "${DESTDIR}/${dir}/sleep"
+done
+
+install -m 0555 /etc/initramfs-tools/files/coresecret.sh "${DESTDIR}/usr/local/bin/coresecret.sh"
+install -m 0444 /etc/initramfs-tools/files/coresecret.sh.sha384 "${DESTDIR}/usr/local/bin/coresecret.sh.sha384"
+install -m 0444 /etc/initramfs-tools/files/coresecret.sh.sha512 "${DESTDIR}/usr/local/bin/coresecret.sh.sha512"
+install -m 0444 /etc/initramfs-tools/files/coresecret.sh.sha384.sig "${DESTDIR}/usr/local/bin/coresecret.sh.sha384.sig"
+install -m 0444 /etc/initramfs-tools/files/coresecret.sh.sha512.sig "${DESTDIR}/usr/local/bin/coresecret.sh.sha512.sig"
+
+cp -a /root/.ciss/keys/pubring.gpg "${DESTDIR}/etc/keys/"
+chmod 0444 "${DESTDIR}/etc/keys/pubring.gpg"
+
+cp -a /etc/dropbear/initramfs/banner "${DESTDIR}/etc/dropbear/initramfs/banner"

includes/initramfs-tools/scripts/init-top/fixpath.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+export PATH=/usr/bin:/bin:/sbin:/usr/sbin:$PATH
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh