msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 52s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-09-02 17:09:11 +02:00
parent c3b5938a4d
commit 28203cc8dc
4 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
func/cdi_4200_boot/4210_generate_crypttab.sh
View File

@@ -92,10 +92,10 @@ EOF
mkdir -p "${TARGET}/usr/lib/cryptsetup/scripts" mkdir -p "${TARGET}/usr/lib/cryptsetup/scripts"
### Install the script to be called inside initramfs environment for unlocking LUKS and NUKE Devices. ### Install the script to be called inside initramfs environment for unlocking LUKS and NUKE Devices.
install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \ #install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
"${TARGET}/etc/initramfs-tools/files/" # "${TARGET}/etc/initramfs-tools/files/"
install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \ #install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
"${TARGET}/lib/cryptsetup/scripts/" # "${TARGET}/lib/cryptsetup/scripts/"
#write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh" #write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1" write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"

8
func/cdi_4300_network/4311_dropbear_initramfs.sh
View File

@@ -13,7 +13,7 @@
guard_sourcing guard_sourcing
####################################### #######################################
# Install Dropbear Initramfs and replace the binaries with the previous Ultra Hardened build. # Install the 'dropbear-initramfs' and replace the binaries with those from the previous Ultra Hardened build.
# Globals: # Globals:
# DIR_TMP # DIR_TMP
# TARGET # TARGET
@@ -35,6 +35,12 @@ dropbear_initramfs() {
echo ExitCode: $? >> '"${var_logfile}"' echo ExitCode: $? >> '"${var_logfile}"'
' '
chroot_script "${TARGET}" '
export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests gpgv 2>&1 | tee -a '"${var_logfile}"'
echo ExitCode: $? >> '"${var_logfile}"'
'
chroot_script "${TARGET}" ' chroot_script "${TARGET}" '
export INITRD=No export INITRD=No
apt-mark hold dropbear dropbear-initramfs 2>&1 | tee -a '"${var_logfile}"' apt-mark hold dropbear dropbear-initramfs 2>&1 | tee -a '"${var_logfile}"'

6
func/cdi_4300_network/4312_dropbear_setup.sh
View File

@@ -13,7 +13,7 @@
guard_sourcing guard_sourcing
####################################### #######################################
# Set up Dropbear Initramfs Environment. # Set up the 'dropbear-initramfs' environment.
# Globals: # Globals:
# TARGET # TARGET
# VAR_FINAL_FQDN # VAR_FINAL_FQDN
@@ -39,7 +39,7 @@ dropbear_setup() {
declare network_static_ipv4ntpserver_0="192.53.103.108" \ declare network_static_ipv4ntpserver_0="192.53.103.108" \
var_force_command_string='command="/usr/local/bin/unlock_wrapper.sh",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ' var_force_command_string='command="/usr/local/bin/unlock_wrapper.sh",no-agent-forwarding,no-port-forwarding,no-X11-forwarding '
### Prepare strong dropbear host keys ### Prepare strong dropbear host keys.
rm -f "${TARGET}"/etc/dropbear/initramfs/dropbear*key* rm -f "${TARGET}"/etc/dropbear/initramfs/dropbear*key*
chroot_exec "${TARGET}" /usr/bin/dropbearkey -t rsa -s 4096 -f /etc/dropbear/initramfs/dropbear_rsa_host_key -C "root@${VAR_FINAL_FQDN}" chroot_exec "${TARGET}" /usr/bin/dropbearkey -t rsa -s 4096 -f /etc/dropbear/initramfs/dropbear_rsa_host_key -C "root@${VAR_FINAL_FQDN}"
@@ -48,7 +48,7 @@ dropbear_setup() {
chmod 0600 "${TARGET}"/etc/dropbear/initramfs/dropbear*key* chmod 0600 "${TARGET}"/etc/dropbear/initramfs/dropbear*key*
chown root:root "${TARGET}"/etc/dropbear/initramfs/dropbear*key* chown root:root "${TARGET}"/etc/dropbear/initramfs/dropbear*key*
### Prepare dropbear authorized_keys ### Prepare dropbear authorized_keys.
touch "${TARGET}/etc/dropbear/initramfs/authorized_keys" && chmod 0600 "${TARGET}/etc/dropbear/initramfs/authorized_keys" touch "${TARGET}/etc/dropbear/initramfs/authorized_keys" && chmod 0600 "${TARGET}/etc/dropbear/initramfs/authorized_keys"
printf "%s\n" "${var_force_command_string}${user_root_sshpubkey}" >> "${TARGET}/etc/dropbear/initramfs/authorized_keys" printf "%s\n" "${var_force_command_string}${user_root_sshpubkey}" >> "${TARGET}/etc/dropbear/initramfs/authorized_keys"
install -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/banner" "${TARGET}/etc/dropbear/initramfs/" install -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/banner" "${TARGET}/etc/dropbear/initramfs/"

4
includes/target/etc/initramfs-tools/hooks/custom-initramfs.sh
View File

@@ -62,8 +62,8 @@ copy_exec /usr/bin/sha384sum /usr/bin
printf "\e[92mSuccessfully executed: [copy_exec /usr/bin/sha384sum /usr/bin] \n\e[0m" printf "\e[92mSuccessfully executed: [copy_exec /usr/bin/sha384sum /usr/bin] \n\e[0m"
### Include GPG ### Include GPG
copy_exec /usr/bin/gpg /usr/bin #copy_exec /usr/bin/gpg /usr/bin
printf "\e[92mSuccessfully executed: [copy_exec /usr/bin/gpg /usr/bin] \n\e[0m" #printf "\e[92mSuccessfully executed: [copy_exec /usr/bin/gpg /usr/bin] \n\e[0m"
copy_exec /usr/bin/gpgv /usr/bin copy_exec /usr/bin/gpgv /usr/bin
printf "\e[92mSuccessfully executed: [copy_exec /usr/bin/gpgv /usr/bin] \n\e[0m" printf "\e[92mSuccessfully executed: [copy_exec /usr/bin/gpgv /usr/bin] \n\e[0m"