V9.14.000.2026.06.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2026-06-07 15:46:30 +01:00
parent aa94c53d65
commit 261d770e42
54 changed files with 515 additions and 203 deletions
@@ -1,4 +1,7 @@
 #!/bin/sh
+# bashsupport disable=BP5007
+# shellcheck shell=sh
+
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
@@ -13,7 +16,7 @@

 set -e

-printf "\e[95mStarting: [/etc/initramfs-tools/hooks/9999-custom-initramfs.sh] \n\e[0m"
+printf "\e[95mStarting: [/etc/initramfs-tools/hooks/9999_ciss_initramfs.sh] \n\e[0m"

 PREREQ=""
 prereqs() { echo "${PREREQ}"; }
@@ -137,6 +140,6 @@ install -m 0444 /etc/dropbear/initramfs/banner "${DESTDIR}/etc/dropbear/banner"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/banner %s/etc/dropbear/banner] \n\e[0m" "${DESTDIR}"


-printf "\e[92mSuccessfully executed: [/etc/initramfs-tools/hooks/9999-custom-initramfs.sh] \n\e[0m"
+printf "\e[92mSuccessfully executed: [/etc/initramfs-tools/hooks/9999_ciss_initramfs.sh] \n\e[0m"

 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
@@ -1,4 +1,7 @@
 #!/bin/sh
+# bashsupport disable=BP5007
+# shellcheck shell=sh
+
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
@@ -13,10 +16,11 @@

 set -e

-printf "\e[95mStarting: [/etc/initramfs-tools/hooks/9999-custom-prompt.sh] \n\e[0m"
+printf "\e[95mStarting: [/etc/initramfs-tools/hooks/9999_ciss_prompt.sh] \n\e[0m"

 PREREQ=""
 prereqs() { echo "${PREREQ}"; }
+# shellcheck disable=SC2249
 case "${1}" in
  prereqs) prereqs; exit 0 ;;
 esac
@@ -34,6 +38,6 @@ export PS1='$( STATUS=$?; \
  fi; ) '
 EOF

-printf "\e[92mSuccessfully executed: [/etc/initramfs-tools/hooks/9999-custom-prompt.sh] \n\e[0m"
+printf "\e[92mSuccessfully executed: [/etc/initramfs-tools/hooks/9999_ciss_prompt.sh] \n\e[0m"

 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
@@ -1,4 +1,7 @@
 #!/bin/sh
+# bashsupport disable=BP5007
+# shellcheck shell=sh
+
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
@@ -14,6 +17,7 @@ set -e

 PREREQ=""
 prereqs() { echo "${PREREQ}"; }
+# shellcheck disable=SC2249
 case "${1}" in
  prereqs) prereqs; exit 0 ;;
 esac
@@ -1,4 +1,7 @@
 #!/bin/sh
+# bashsupport disable=BP5007
+# shellcheck shell=sh
+
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
@@ -14,6 +17,7 @@ set -e

 PREREQ=""
 prereqs() { echo "${PREREQ}"; }
+# shellcheck disable=SC2249
 case "${1}" in
  prereqs) prereqs; exit 0 ;;
 esac
@@ -415,8 +415,12 @@ CipherString = ECDHE+AES256-GCM:ECDHE+CHACHA20:ECDHE+ARIA256-GCM:ECDHE+CAMELLIA2
 # TLS 1.3 cipher policy: AES-256 and ChaCha20-Poly1305 only:
 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

+# ToDo: Update PQC Groups to include P-521 and P-384.
+
 # Prefer strong, widely-supported ECDHE groups (first = most preferred):
-Groups = X448:X25519:P-521:P-384
+Groups = X448:P-521:P-384
+
+SignatureAlgorithms = rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:rsa_pss_rsae_sha256

 # Operational flags:
 # -SessionTicket   => disable TLS session tickets (TLS 1.2 + 1.3)