V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/cdi_4200_boot/4210_generate_crypttab.sh

@@ -56,26 +56,9 @@ generate_crypttab() {
   ensure_lowercase "VAR_DROPBEAR"
 
   ### Generate '${TARGET}/etc/crypttab' header.
-  : >| "${TARGET}/etc/crypttab"
+  insert_header "${TARGET}/etc/crypttab"
-  chmod 0600 "${TARGET}/etc/crypttab"
+  insert_comments "${TARGET}/etc/crypttab"
-
   cat << EOF >> "${TARGET}/etc/crypttab"
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.installer
-# SPDX-Security-Contact: security@coresecret.eu
-
-# Static file system information: /etc/crypttab
-# Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture: ${VAR_ARCHITECTURE}
-# Distribution: ${VAR_CODENAME}
-
 # Basic rule: 'discard' / 'nodiscard' are normally only set in '/etc/crypttab' when LUKS/dm-crypt is in use. Options like
 # 'discard=async' or similar are typically only set in '/etc/fstab' (at the file system level). The crypttab determines whether
 # the underlying encrypted device (LUKS/dm-crypt) passes TRIM commands to the physical drive or not. The '/etc/fstab' determines
@@ -108,7 +91,8 @@ EOF
         install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
           "${TARGET}/lib/cryptsetup/scripts/"
 
-        write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
+        #write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
+        write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
 
       else
 

func/cdi_4300_network/4312_dropbear_setup.sh

@@ -50,7 +50,7 @@ dropbear_setup() {
   ### Prepare dropbear authorized_keys
   touch "${TARGET}/etc/dropbear/initramfs/authorized_keys" && chmod 0600 "${TARGET}/etc/dropbear/initramfs/authorized_keys"
   printf "%s\n" "${user_root_sshpubkey}" >> "${TARGET}/etc/dropbear/initramfs/authorized_keys"
-  install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/banner" "${TARGET}/etc/dropbear/initramfs/"
+  install -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/banner" "${TARGET}/etc/dropbear/initramfs/"
 
   ### Check for initramfs "IP"-variable: static or dynamic configuration vai dhcp.
   if [[ "${dropbear_dhcp}" = "false" ]]; then