V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 40s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 40s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -41,7 +41,7 @@ recipe:
|
||||
table: "gpt" # MUST be "gpt" for "UEFI" || "msdos":
|
||||
syntax: true # This is set to "false" by default, otherwise if the recipe is tested by the authors to "true".
|
||||
### Version of the specific recipe.
|
||||
version: "1.1.8b"
|
||||
version: "1.1.9"
|
||||
dev:
|
||||
sda:
|
||||
1:
|
||||
|
||||
@@ -192,49 +192,78 @@ partitioning
|
||||
echo "MAIN PROGRAM SEQUENCE: partition_encryption()"
|
||||
partition_encryption
|
||||
echo "MAIN PROGRAM SEQUENCE: partition_formatting()"
|
||||
partition_formatting # TODO: Checks ongoing.
|
||||
partition_formatting
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_filesystem()"
|
||||
setup_filesystem
|
||||
echo "MAIN PROGRAM SEQUENCE: mount_partition()"
|
||||
mount_partition
|
||||
echo "MAIN PROGRAM SEQUENCE: uuid_logger()"
|
||||
uuid_logger
|
||||
uuid_logger # TODO: Checks ongoing.
|
||||
|
||||
### DEBOOTSTRAP
|
||||
echo "MAIN PROGRAM SEQUENCE: func_debootstrap()"
|
||||
func_debootstrap
|
||||
echo "MAIN PROGRAM SEQUENCE: configure_system()"
|
||||
configure_system
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_fstab()"
|
||||
generate_fstab
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_crypttab()"
|
||||
generate_crypttab
|
||||
echo "MAIN PROGRAM SEQUENCE: generate_sources()"
|
||||
generate_sources
|
||||
echo "MAIN PROGRAM SEQUENCE: minimal_toolset()"
|
||||
minimal_toolset
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_skel()"
|
||||
setup_skel
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_timezone()"
|
||||
setup_timezone
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_locales()"
|
||||
setup_locales
|
||||
# TODO: Implement Clang Build Chain and MOK Signing Workflow
|
||||
echo "MAIN PROGRAM SEQUENCE: installation_kernel()"
|
||||
installation_kernel
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_network()"
|
||||
setup_network
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_hostname()"
|
||||
setup_hostname
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_machineid()"
|
||||
setup_machineid
|
||||
# TODO: Implement Clang Build Chain and MOK Signing Workflow and integrate GRUB, if needed
|
||||
# TODO: Copy Grub Boot Loader to default path
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub()"
|
||||
setup_grub
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub_password()"
|
||||
setup_grub_password
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_grub_bootparameter()"
|
||||
setup_grub_bootparameter
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_kernel_modules()"
|
||||
setup_kernel_modules
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_kernel_sysctl()"
|
||||
setup_kernel_sysctl
|
||||
echo "MAIN PROGRAM SEQUENCE: installation_microcode()"
|
||||
installation_microcode
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_ssh()"
|
||||
setup_ssh
|
||||
echo "MAIN PROGRAM SEQUENCE: build_dropbear()"
|
||||
build_dropbear
|
||||
echo "MAIN PROGRAM SEQUENCE: install_dropbear_initramfs()"
|
||||
install_dropbear_initramfs
|
||||
# TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock-wrapper.sh
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_dropbear()"
|
||||
setup_dropbear
|
||||
# TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_accounts()"
|
||||
setup_accounts
|
||||
# TODO: Check Packages for installation
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_packages()"
|
||||
setup_packages
|
||||
# TODO: What do we need for CISS environment?
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_sudo()"
|
||||
setup_sudo
|
||||
# TODO: Any changes to the NTPSec Servers?
|
||||
echo "MAIN PROGRAM SEQUENCE: setup_chrony()"
|
||||
setup_chrony
|
||||
echo "MAIN PROGRAM SEQUENCE: exiting_chroot()"
|
||||
exiting_chroot
|
||||
|
||||
# TODO: Hardening Scripts Integration
|
||||
|
||||
@@ -73,6 +73,8 @@ setup_filesystem() {
|
||||
done
|
||||
|
||||
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview.log"
|
||||
printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview.log"
|
||||
lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview.log"
|
||||
|
||||
done
|
||||
|
||||
|
||||
@@ -177,7 +177,6 @@ mount_partition() {
|
||||
|
||||
mkswap "/dev/mapper/${var_encryption_label}"
|
||||
do_log "debug" "file_only" "3280() [mkswap /dev/mapper/${var_encryption_label}]."
|
||||
do_log "info" "file_only" "3280() Mounted: '${var_mount_path}' on: '/dev/mapper/${var_encryption_label}'."
|
||||
|
||||
swapon "/dev/mapper/${var_encryption_label}"
|
||||
do_log "debug" "file_only" "3280() [swapon /dev/mapper/${var_encryption_label}]."
|
||||
@@ -196,25 +195,20 @@ mount_partition() {
|
||||
mkdir -p "${TARGET}/tmp"
|
||||
|
||||
# TODO: Remove Debug
|
||||
### Debug Begin
|
||||
[[ -b "/dev/mapper/${var_encryption_label}" ]] || {
|
||||
do_log "error" "file_only" "Mapper-Device: '/dev/mapper/${var_encryption_label}' non-existing."
|
||||
}
|
||||
#[[ -b "/dev/mapper/${var_encryption_label}" ]] || {
|
||||
# do_log "error" "file_only" "Mapper-Device: '/dev/mapper/${var_encryption_label}' non-existing."
|
||||
#}
|
||||
|
||||
echo "lsblk -o NAME,SIZE,TYPE,FSTYPE,LABEL /dev/mapper/${var_encryption_label}"
|
||||
lsblk -o NAME,SIZE,TYPE,FSTYPE,LABEL /dev/mapper/"${var_encryption_label}"
|
||||
#echo "lsblk -o NAME,SIZE,TYPE,FSTYPE,LABEL /dev/mapper/${var_encryption_label}"
|
||||
#lsblk -o NAME,SIZE,TYPE,FSTYPE,LABEL /dev/mapper/"${var_encryption_label}"
|
||||
|
||||
echo "safe_exec mkfs.ext4 -E nodiscard,lazy_itable_init=1,lazy_journal_init=1 /dev/mapper/${var_encryption_label} ${ERR_MOUNTING_DEV}"
|
||||
safe_exec mkfs.ext4 -E nodiscard,lazy_itable_init=1,lazy_journal_init=1 "/dev/mapper/${var_encryption_label}" "${ERR_MOUNTING_DEV}" || return "${ERR_MOUNTING_DEV}"
|
||||
#mkfs.ext4 -E nodiscard,lazy_itable_init=1,lazy_journal_init=1 "/dev/mapper/${var_encryption_label}"
|
||||
sleep 30
|
||||
### Debug End
|
||||
# TODO: Remove Debug
|
||||
|
||||
### Build the command in an array to keep word boundaries intact
|
||||
declare -a ary_cmd2=(mount)
|
||||
|
||||
#[[ -n "${var_mount_options}" ]] && ary_cmd2+=("-o" "${var_mount_options}")
|
||||
ary_cmd2+=("/dev/mapper/${var_encryption_label}" "${TARGET}${var_mount_path}")
|
||||
|
||||
safe_exec "${ary_cmd2[@]}" "${ERR_MOUNTING_DEV}" || return "${ERR_MOUNTING_DEV}"
|
||||
@@ -293,6 +287,8 @@ mount_partition() {
|
||||
done
|
||||
|
||||
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_full.log"
|
||||
printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview_full.log"
|
||||
lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview_full.log"
|
||||
|
||||
done
|
||||
|
||||
|
||||
Reference in New Issue
Block a user