V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-07-17 17:09:28 +02:00
parent 2634341d66
commit 22cb57addd
5 changed files with 197 additions and 0 deletions
--- a/func/4195_setup_dropbear.sh
+++ b/func/4195_setup_dropbear.sh
@@ -80,6 +80,15 @@ setup_dropbear() {
  VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX} cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
  grub_finalize_string

+  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/scripts/init-top/fixpath.sh" \
+    "${TARGET}/includes/initramfs-tools/scripts/init-top/"
+
+  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/hooks/custom-prompt.sh" \
+    "${TARGET}/includes/initramfs-tools/hooks/"
+
+  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/hooks/dropbear.sh" \
+    "${TARGET}/includes/initramfs-tools/hooks/"
+
  return 0
 }

--- a/func/9997_check_grub_cmdline.sh
+++ b/func/9997_check_grub_cmdline.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+# SPDX-Comment: GRUB Kernel Parameter Linter
+
+set -Ceuo pipefail
+
+GRUB_FILE="${1:-/etc/default/grub}"
+
+# Parse GRUB_CMDLINE string into array of unique options
+parse_cmdline() {
+  local input="${1}"
+  # Remove outer quotes if present
+  input="${input%\"}"
+  input="${input#\"}"
+  # Split into array
+  read -r -a ary <<< "${input}"
+  printf "%s\n" "${ary[@]}"
+}
+
+# Key extractor: for console=tty0 → console
+extract_key() {
+  local param="${1}"
+  if [[ "${param}" == *=* ]]; then
+    echo "${param%%=*}"
+  else
+    echo "${param}"
+  fi
+}
+
+
+# Extract lines
+GRUB_LINUX_LINE=$(grep -E '^GRUB_CMDLINE_LINUX=' "${GRUB_FILE}" | sed -E 's/GRUB_CMDLINE_LINUX=//')
+GRUB_DEFAULT_LINE=$(grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' "${GRUB_FILE}" | sed -E 's/GRUB_CMDLINE_LINUX_DEFAULT=//')
+
+# Parse both lines
+mapfile -t linux_params < <(parse_cmdline "${GRUB_LINUX_LINE}")
+mapfile -t default_params < <(parse_cmdline "${GRUB_DEFAULT_LINE}")
+
+# Combine for conflict analysis
+declare -A param_values=()
+declare -A param_sources=()
+declare -A duplicate_params=()
+
+# Loop over all parameter
+for source in "linux" "default"; do
+  declare -n params="${source}_params"
+  for p in "${params[@]}"; do
+    key=$(extract_key "${p}")
+    if [[ -v param_values["${key}"] ]]; then
+      if [[ "${param_values[${key}]}" != "${p}" ]]; then
+        echo "⚠️  Conflict: Parameter '${key}' has multiple values:"
+        echo "   - ${param_values[${key}]} (from ${param_sources[${key}]})"
+        echo "   - ${p} (from ${source})"
+      else
+        duplicate_params["${p}"]=1
+      fi
+    else
+      param_values["${key}"]="${p}"
+      param_sources["${key}"]="${source}"
+    fi
+  done
+done
+
+# Report duplicates
+if (( ${#duplicate_params[@]} > 0 )); then
+  echo "ℹ️  Duplicate parameters found:"
+  for dup in "${!duplicate_params[@]}"; do
+    echo "   - ${dup}"
+  done
+fi
+
+echo "✅ GRUB_CMDLINE check complete."
+eit 0