msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 40s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-27 19:31:32 +02:00
parent b57c453656
commit 300b228f20
4 changed files with 41 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.preseed/partitioning.yaml
View File

@@ -41,7 +41,7 @@ recipe:
table: "gpt" # MUST be "gpt" for "UEFI" || "msdos": table: "gpt" # MUST be "gpt" for "UEFI" || "msdos":
syntax: true # This is set to "false" by default, otherwise if the recipe is tested by the authors to "true". syntax: true # This is set to "false" by default, otherwise if the recipe is tested by the authors to "true".
### Version of the specific recipe. ### Version of the specific recipe.
version: "1.1.8b" version: "1.1.9"
dev: dev:
sda: sda:
1: 1:

33
ciss_debian_installer.sh
View File

@@ -192,49 +192,78 @@ partitioning
echo "MAIN PROGRAM SEQUENCE: partition_encryption()" echo "MAIN PROGRAM SEQUENCE: partition_encryption()"
partition_encryption partition_encryption
echo "MAIN PROGRAM SEQUENCE: partition_formatting()" echo "MAIN PROGRAM SEQUENCE: partition_formatting()"
partition_formatting # TODO: Checks ongoing. partition_formatting
echo "MAIN PROGRAM SEQUENCE: setup_filesystem()" echo "MAIN PROGRAM SEQUENCE: setup_filesystem()"
setup_filesystem setup_filesystem
echo "MAIN PROGRAM SEQUENCE: mount_partition()" echo "MAIN PROGRAM SEQUENCE: mount_partition()"
mount_partition mount_partition
echo "MAIN PROGRAM SEQUENCE: uuid_logger()" echo "MAIN PROGRAM SEQUENCE: uuid_logger()"
uuid_logger uuid_logger # TODO: Checks ongoing.
### DEBOOTSTRAP ### DEBOOTSTRAP
echo "MAIN PROGRAM SEQUENCE: func_debootstrap()"
func_debootstrap func_debootstrap
echo "MAIN PROGRAM SEQUENCE: configure_system()"
configure_system configure_system
echo "MAIN PROGRAM SEQUENCE: generate_fstab()"
generate_fstab generate_fstab
echo "MAIN PROGRAM SEQUENCE: generate_crypttab()"
generate_crypttab generate_crypttab
echo "MAIN PROGRAM SEQUENCE: generate_sources()"
generate_sources generate_sources
echo "MAIN PROGRAM SEQUENCE: minimal_toolset()"
minimal_toolset minimal_toolset
echo "MAIN PROGRAM SEQUENCE: setup_skel()"
setup_skel setup_skel
echo "MAIN PROGRAM SEQUENCE: setup_timezone()"
setup_timezone setup_timezone
echo "MAIN PROGRAM SEQUENCE: setup_locales()"
setup_locales setup_locales
# TODO: Implement Clang Build Chain and MOK Signing Workflow # TODO: Implement Clang Build Chain and MOK Signing Workflow
echo "MAIN PROGRAM SEQUENCE: installation_kernel()"
installation_kernel installation_kernel
echo "MAIN PROGRAM SEQUENCE: setup_network()"
setup_network setup_network
echo "MAIN PROGRAM SEQUENCE: setup_hostname()"
setup_hostname setup_hostname
echo "MAIN PROGRAM SEQUENCE: setup_machineid()"
setup_machineid setup_machineid
# TODO: Implement Clang Build Chain and MOK Signing Workflow and integrate GRUB, if needed # TODO: Implement Clang Build Chain and MOK Signing Workflow and integrate GRUB, if needed
# TODO: Copy Grub Boot Loader to default path
echo "MAIN PROGRAM SEQUENCE: setup_grub()"
setup_grub setup_grub
echo "MAIN PROGRAM SEQUENCE: setup_grub_password()"
setup_grub_password setup_grub_password
echo "MAIN PROGRAM SEQUENCE: setup_grub_bootparameter()"
setup_grub_bootparameter setup_grub_bootparameter
echo "MAIN PROGRAM SEQUENCE: setup_kernel_modules()"
setup_kernel_modules setup_kernel_modules
echo "MAIN PROGRAM SEQUENCE: setup_kernel_sysctl()"
setup_kernel_sysctl setup_kernel_sysctl
echo "MAIN PROGRAM SEQUENCE: installation_microcode()"
installation_microcode installation_microcode
echo "MAIN PROGRAM SEQUENCE: setup_ssh()"
setup_ssh setup_ssh
echo "MAIN PROGRAM SEQUENCE: build_dropbear()"
build_dropbear build_dropbear
echo "MAIN PROGRAM SEQUENCE: install_dropbear_initramfs()"
install_dropbear_initramfs install_dropbear_initramfs
# TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock-wrapper.sh # TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock-wrapper.sh
echo "MAIN PROGRAM SEQUENCE: setup_dropbear()"
setup_dropbear setup_dropbear
# TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml # TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml
echo "MAIN PROGRAM SEQUENCE: setup_accounts()"
setup_accounts setup_accounts
# TODO: Check Packages for installation # TODO: Check Packages for installation
echo "MAIN PROGRAM SEQUENCE: setup_packages()"
setup_packages setup_packages
# TODO: What do we need for CISS environment? # TODO: What do we need for CISS environment?
echo "MAIN PROGRAM SEQUENCE: setup_sudo()"
setup_sudo setup_sudo
# TODO: Any changes to the NTPSec Servers? # TODO: Any changes to the NTPSec Servers?
echo "MAIN PROGRAM SEQUENCE: setup_chrony()"
setup_chrony setup_chrony
echo "MAIN PROGRAM SEQUENCE: exiting_chroot()"
exiting_chroot exiting_chroot
# TODO: Hardening Scripts Integration # TODO: Hardening Scripts Integration

2
func/partitioning/3260_setup_filesystem.sh
View File

@@ -73,6 +73,8 @@ setup_filesystem() {
done done
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview.log" lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview.log"
printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview.log"
lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview.log"
done done

18
func/partitioning/3280_mount_partition.sh
View File

@@ -177,7 +177,6 @@ mount_partition() {
mkswap "/dev/mapper/${var_encryption_label}" mkswap "/dev/mapper/${var_encryption_label}"
do_log "debug" "file_only" "3280() [mkswap /dev/mapper/${var_encryption_label}]." do_log "debug" "file_only" "3280() [mkswap /dev/mapper/${var_encryption_label}]."
do_log "info" "file_only" "3280() Mounted: '${var_mount_path}' on: '/dev/mapper/${var_encryption_label}'."
swapon "/dev/mapper/${var_encryption_label}" swapon "/dev/mapper/${var_encryption_label}"
do_log "debug" "file_only" "3280() [swapon /dev/mapper/${var_encryption_label}]." do_log "debug" "file_only" "3280() [swapon /dev/mapper/${var_encryption_label}]."
@@ -196,25 +195,20 @@ mount_partition() {
mkdir -p "${TARGET}/tmp" mkdir -p "${TARGET}/tmp"
# TODO: Remove Debug # TODO: Remove Debug
### Debug Begin #[[ -b "/dev/mapper/${var_encryption_label}" ]] || {
[[ -b "/dev/mapper/${var_encryption_label}" ]] || { # do_log "error" "file_only" "Mapper-Device: '/dev/mapper/${var_encryption_label}' non-existing."
do_log "error" "file_only" "Mapper-Device: '/dev/mapper/${var_encryption_label}' non-existing." #}
}
echo "lsblk -o NAME,SIZE,TYPE,FSTYPE,LABEL /dev/mapper/${var_encryption_label}" #echo "lsblk -o NAME,SIZE,TYPE,FSTYPE,LABEL /dev/mapper/${var_encryption_label}"
lsblk -o NAME,SIZE,TYPE,FSTYPE,LABEL /dev/mapper/"${var_encryption_label}" #lsblk -o NAME,SIZE,TYPE,FSTYPE,LABEL /dev/mapper/"${var_encryption_label}"
echo "safe_exec mkfs.ext4 -E nodiscard,lazy_itable_init=1,lazy_journal_init=1 /dev/mapper/${var_encryption_label} ${ERR_MOUNTING_DEV}" echo "safe_exec mkfs.ext4 -E nodiscard,lazy_itable_init=1,lazy_journal_init=1 /dev/mapper/${var_encryption_label} ${ERR_MOUNTING_DEV}"
safe_exec mkfs.ext4 -E nodiscard,lazy_itable_init=1,lazy_journal_init=1 "/dev/mapper/${var_encryption_label}" "${ERR_MOUNTING_DEV}" || return "${ERR_MOUNTING_DEV}" safe_exec mkfs.ext4 -E nodiscard,lazy_itable_init=1,lazy_journal_init=1 "/dev/mapper/${var_encryption_label}" "${ERR_MOUNTING_DEV}" || return "${ERR_MOUNTING_DEV}"
#mkfs.ext4 -E nodiscard,lazy_itable_init=1,lazy_journal_init=1 "/dev/mapper/${var_encryption_label}"
sleep 30
### Debug End
# TODO: Remove Debug # TODO: Remove Debug
### Build the command in an array to keep word boundaries intact ### Build the command in an array to keep word boundaries intact
declare -a ary_cmd2=(mount) declare -a ary_cmd2=(mount)
#[[ -n "${var_mount_options}" ]] && ary_cmd2+=("-o" "${var_mount_options}")
ary_cmd2+=("/dev/mapper/${var_encryption_label}" "${TARGET}${var_mount_path}") ary_cmd2+=("/dev/mapper/${var_encryption_label}" "${TARGET}${var_mount_path}")
safe_exec "${ary_cmd2[@]}" "${ERR_MOUNTING_DEV}" || return "${ERR_MOUNTING_DEV}" safe_exec "${ary_cmd2[@]}" "${ERR_MOUNTING_DEV}" || return "${ERR_MOUNTING_DEV}"
@@ -293,6 +287,8 @@ mount_partition() {
done done
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_full.log" lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/${var_dev}_overview_full.log"
printf "%b" "${NL}" >> "${DIR_LOG}/${var_dev}_overview_full.log"
lsblk "/dev/${var_dev}" >> "${DIR_LOG}/${var_dev}_overview_full.log"
done done