msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m40s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-08-26 22:59:18 +02:00
parent 0eefd467ac
commit 33248a9a99
2 changed files with 5 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
func/cdi_4200_boot/4210_generate_crypttab.sh
View File

@@ -56,26 +56,9 @@ generate_crypttab() {
ensure_lowercase "VAR_DROPBEAR"
### Generate '${TARGET}/etc/crypttab' header.
: >| "${TARGET}/etc/crypttab"
chmod 0600 "${TARGET}/etc/crypttab"
insert_header "${TARGET}/etc/crypttab"
insert_comments "${TARGET}/etc/crypttab"
cat << EOF >> "${TARGET}/etc/crypttab"
# SPDX-Version: 3.0
# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
# Static file system information: /etc/crypttab
# Generated by CISS.debian.installer ${VAR_VERSION}
# Architecture: ${VAR_ARCHITECTURE}
# Distribution: ${VAR_CODENAME}
# Basic rule: 'discard' / 'nodiscard' are normally only set in '/etc/crypttab' when LUKS/dm-crypt is in use. Options like
# 'discard=async' or similar are typically only set in '/etc/fstab' (at the file system level). The crypttab determines whether
# the underlying encrypted device (LUKS/dm-crypt) passes TRIM commands to the physical drive or not. The '/etc/fstab' determines
@@ -108,7 +91,8 @@ EOF
install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
"${TARGET}/lib/cryptsetup/scripts/"
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
#write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
else

2
func/cdi_4300_network/4312_dropbear_setup.sh
View File

@@ -50,7 +50,7 @@ dropbear_setup() {
### Prepare dropbear authorized_keys
touch "${TARGET}/etc/dropbear/initramfs/authorized_keys" && chmod 0600 "${TARGET}/etc/dropbear/initramfs/authorized_keys"
printf "%s\n" "${user_root_sshpubkey}" >> "${TARGET}/etc/dropbear/initramfs/authorized_keys"
install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/banner" "${TARGET}/etc/dropbear/initramfs/"
install -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/banner" "${TARGET}/etc/dropbear/initramfs/"
### Check for initramfs "IP"-variable: static or dynamic configuration vai dhcp.
if [[ "${dropbear_dhcp}" = "false" ]]; then