msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m57s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-19 23:45:45 +02:00
parent c6c12c4bde
commit 3983b149e6
16 changed files with 666 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
lib/0060_trap_err.sh
View File

@@ -10,6 +10,8 @@
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Print Error Message for Trap on 'ERR' in '${ERROR_LOG}'.
# Globals:
@@ -24,6 +26,7 @@
# LOG_ERROR
# LOG_TRACE
# LOG_VAR
# NL
# SECONDS
# VAR_ARG_SANITIZED
# VAR_DEBUG_TRACE
@@ -36,32 +39,32 @@
#######################################
print_file_err() {
{
printf "❌ CISS.debian.installer Script failed. \n"
printf "❌ GIT Commit : %s \n" "${VAR_GIT_HEAD}"
printf "❌ Version : %s \n" "${VAR_VERSION}"
printf "❌ Hostsystem : %s \n" "${VAR_SYSTEM}"
printf "❌ Error : %s \n" "${ERRCODE}"
printf "❌ Line : %s \n" "${ERRLINE}"
printf "❌ Script : %s \n" "${ERRSCRT}"
printf "❌ Function : %s \n" "${ERRFUNC}"
printf "❌ Command : %s \n" "${ERRCMMD}"
printf "❌ Script PID : %s \n" "${$}"
printf "❌ Script Runtime : %s \n" "${SECONDS}"
printf "❌ Arguments Counter : %s \n" "${ARGUMENTS_COUNT}"
printf "❌ Arguments Original : %s \n" "${ARG_STR_ORG_INPUT}"
printf "❌ Arguments Sanitized : %s \n" "${VAR_ARG_SANITIZED}"
printf "❌ CISS.debian.installer Script failed. %s" "${NL}"
printf "❌ GIT Commit : %s %s" "${VAR_GIT_HEAD}" "${NL}"
printf "❌ Version : %s %s" "${VAR_VERSION}" "${NL}"
printf "❌ Hostsystem : %s %s" "${VAR_SYSTEM}" "${NL}"
printf "❌ Error : %s %s" "${ERRCODE}" "${NL}"
printf "❌ Line : %s %s" "${ERRLINE}" "${NL}"
printf "❌ Script : %s %s" "${ERRSCRT}" "${NL}"
printf "❌ Function : %s %s" "${ERRFUNC}" "${NL}"
printf "❌ Command : %s %s" "${ERRCMMD}" "${NL}"
printf "❌ Script PID : %s %s" "${$}" "${NL}"
printf "❌ Script Runtime : %s %s" "${SECONDS}" "${NL}"
printf "❌ Arguments Counter : %s %s" "${ARGUMENTS_COUNT}" "${NL}"
printf "❌ Arguments Original : %s %s" "${ARG_STR_ORG_INPUT}" "${NL}"
printf "❌ Arguments Sanitized : %s %s" "${VAR_ARG_SANITIZED}" "${NL}"
if [[ "${VAR_DEBUG_TRACE}" || "${VAR_DEBUG_TRAP}" ]]; then
printf "❌ Vars Dump saved at : %s \n" "${LOG_VAR}"
printf "❌ Vars Dump saved at : %s %s" "${LOG_VAR}" "${NL}"
fi
if "${VAR_DEBUG_TRAP}"; then
printf "❌ DEBUG Log saved at : %s \n" "${LOG_DEBUG}"
printf "❌ cat %s \n" "${LOG_DEBUG}"
printf "❌ DEBUG Log saved at : %s %s" "${LOG_DEBUG}" "${NL}"
printf "❌ cat %s %s" "${LOG_DEBUG}" "${NL}"
fi
if "${VAR_DEBUG_TRACE}"; then
printf "❌ TRACE Log saved at : %s \n" "${LOG_TRACE}"
printf "❌ cat %s \n" "${LOG_TRACE}"
printf "❌ TRACE Log saved at : %s %s" "${LOG_TRACE}" "${NL}"
printf "❌ cat %s %s" "${LOG_TRACE}" "${NL}"
fi
printf "\n"
printf "%s" "${NL}"
} >> "${LOG_ERROR}"
}
@@ -70,6 +73,8 @@ print_file_err() {
# Globals:
# ARGUMENTS_COUNT
# ARG_STR_ORG_INPUT
# C_RED
# C_RES
# ERRCMMD
# ERRCODE
# ERRFUNC
@@ -79,6 +84,7 @@ print_file_err() {
# LOG_ERROR
# LOG_TRACE
# LOG_VAR
# NL
# SECONDS
# VAR_ARG_SANITIZED
# VAR_DEBUG_TRACE
@@ -90,34 +96,34 @@ print_file_err() {
# None
#######################################
print_scr_err() {
printf "\e[91m❌ CISS.debian.installer Script failed. \e[0m\n" >&2
printf "\e[91m❌ GIT Commit : %s \e[0m\n" "${VAR_GIT_HEAD}" >&2
printf "\e[91m❌ Version : %s \e[0m\n" "${VAR_VERSION}" >&2
printf "\e[91m❌ Hostsystem : %s \e[0m\n" "${VAR_SYSTEM}" >&2
printf "\e[91m❌ Error : %s \e[0m\n" "${ERRCODE}" >&2
printf "\e[91m❌ Line : %s \e[0m\n" "${ERRLINE}" >&2
printf "\e[91m❌ Script : %s \e[0m\n" "${ERRSCRT}" >&2
printf "\e[91m❌ Function : %s \e[0m\n" "${ERRFUNC}" >&2
printf "\e[91m❌ Command : %s \e[0m\n" "${ERRCMMD}" >&2
printf "\e[91m❌ Script PID : %s \e[0m\n" "${$}" >&2
printf "\e[91m❌ Script Runtime : %s \e[0m\n" "${SECONDS}" >&2
printf "\e[91m❌ Arguments Counter : %s \e[0m\n" "${ARGUMENTS_COUNT}" >&2
printf "\e[91m❌ Arguments Original : %s \e[0m\n" "${ARG_STR_ORG_INPUT}" >&2
printf "\e[91m❌ Arguments Sanitized : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2
printf "\e[91m❌ Error Log saved at : %s \e[0m\n" "${LOG_ERROR}" >&2
printf "\e[91m❌ cat %s \e[0m\n" "${LOG_ERROR}" >&2
printf "%s❌ CISS.debian.installer Script failed. %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
printf "%s❌ GIT Commit : %s %s%s" "${C_RED}" "${VAR_GIT_HEAD}" "${C_RES}" "${NL}" >&2
printf "%s❌ Version : %s %s%s" "${C_RED}" "${VAR_VERSION}" "${C_RES}" "${NL}" >&2
printf "%s❌ Hostsystem : %s %s%s" "${C_RED}" "${VAR_SYSTEM}" "${C_RES}" "${NL}" >&2
printf "%s❌ Error : %s %s%s" "${C_RED}" "${ERRCODE}" "${C_RES}" "${NL}" >&2
printf "%s❌ Line : %s %s%s" "${C_RED}" "${ERRLINE}" "${C_RES}" "${NL}" >&2
printf "%s❌ Script : %s %s%s" "${C_RED}" "${ERRSCRT}" "${C_RES}" "${NL}" >&2
printf "%s❌ Function : %s %s%s" "${C_RED}" "${ERRFUNC}" "${C_RES}" "${NL}" >&2
printf "%s❌ Command : %s %s%s" "${C_RED}" "${ERRCMMD}" "${C_RES}" "${NL}" >&2
printf "%s❌ Script PID : %s %s%s" "${C_RED}" "${$}" "${C_RES}" "${NL}" >&2
printf "%s❌ Script Runtime : %s %s%s" "${C_RED}" "${SECONDS}" "${C_RES}" "${NL}" >&2
printf "%s❌ Arguments Counter : %s %s%s" "${C_RED}" "${ARGUMENTS_COUNT}" "${C_RES}" "${NL}" >&2
printf "%s❌ Arguments Original : %s %s%s" "${C_RED}" "${ARG_STR_ORG_INPUT}" "${C_RES}" "${NL}" >&2
printf "%s❌ Arguments Sanitized : %s %s%s" "${C_RED}" "${VAR_ARG_SANITIZED}" "${C_RES}" "${NL}" >&2
printf "%s❌ Error Log saved at : %s %s%s" "${C_RED}" "${LOG_ERROR}" "${C_RES}" "${NL}" >&2
printf "%s❌ cat %s %s%s" "${C_RED}" "${LOG_ERROR}" "${C_RES}" "${NL}" >&2
if [[ "${VAR_DEBUG_TRACE}" || "${VAR_DEBUG_TRAP}" ]]; then
printf "\e[91m❌ Vars Dump saved at : %s \e[0m\n" "${LOG_VAR}" >&2
printf "%s❌ Vars Dump saved at : %s %s%s" "${C_RED}" "${LOG_VAR}" "${C_RES}" "${NL}" >&2
fi
if "${VAR_DEBUG_TRAP}"; then
printf "\e[91m❌ Debug Log saved at : %s \e[0m\n" "${LOG_DEBUG}" >&2
printf "\e[91m❌ cat %s \e[0m\n" "${LOG_DEBUG}" >&2
printf "%s❌ Debug Log saved at : %s %s%s" "${C_RED}" "${LOG_DEBUG}" "${C_RES}" "${NL}" >&2
printf "%s❌ cat %s %s%s" "${C_RED}" "${LOG_DEBUG}" "${C_RES}" "${NL}" >&2
fi
if "${VAR_DEBUG_TRACE}"; then
printf "\e[91m❌ Debug Log saved at : %s \e[0m\n" "${LOG_TRACE}" >&2
printf "\e[91m❌ cat %s \e[0m\n" "${LOG_TRACE}" >&2
printf "%s❌ Debug Log saved at : %s %s%s" "${C_RED}" "${LOG_TRACE}" "${C_RES}" "${NL}" >&2
printf "%s❌ cat %s %s%s" "${C_RED}" "${LOG_TRACE}" "${C_RES}" "${NL}" >&2
fi
printf "\n"
printf "%s" "${NL}"
}
#######################################

9
lib/0100_arg_mismatch.sh
View File

@@ -10,14 +10,19 @@
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Wrapper for mismatched Arguments.
# Globals:
# C_RED
# C_RES
# ERR_ARG_MISMATCH
# NL
# VAR_AUTO_INSTALL
# VAR_IN_DIALOG_WR
# Arguments:
# $1: Error message to be printed.
# 1: Message to be printed.
#######################################
arg_mismatch() {
### Call cleaner if and only if not in auto-install mode.
@@ -29,7 +34,7 @@ arg_mismatch() {
;;
esac
fi
printf "\e[91m❌ Error: %s\e[0m\n" "${1}" >&2
printf "%s❌ Error: '%s'. %s%s" "${C_RED}" "${1}" "${C_RES}" "${NL}" >&2
read -pr $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_ARG_MISMATCH}"
}

39
lib/0101_arg_sanitizer.sh
View File

@@ -10,10 +10,12 @@
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Argument Check Wrapper.
# Arguments:
# $1: "$@" of ./setup.sh
# 1: "$@" of ./setup.sh
#######################################
arg_check() {
declare a
@@ -27,10 +29,14 @@ arg_check() {
#######################################
# Function to sanitize a single argument
# Globals:
# C_RED
# C_RES
# ERR_UNSAFE_CHARACTER
# LOG_ERROR
# NL
# VAR_IN_DIALOG_WR
# Arguments:
# $1: Argument to check
# 1: Argument to be sanitized.
#######################################
sanitize_arg() {
declare input="${1}"
@@ -40,18 +46,18 @@ sanitize_arg() {
disallowed_ctrl=$(printf '%s' "${input}" | sed -n 's/[^[:cntrl:]]//gp' | sed $'s/./&\\n/g' \
| while read -r c; do printf "%02X " "'$c"; done)
{
printf "❌ Control character : '%s'. \n" "${disallowed_ctrl}"
printf "❌ in argument : '%s'. \n" "${input}"
printf "❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n"
printf "\n"
printf "❌ Control character : '%s'. %s" "${disallowed_ctrl}" "${NL}"
printf "❌ in argument : '%s'. %s" "${input}" "${NL}"
printf "❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s" "${NL}"
printf "%s" "${NL}"
} >> "${LOG_ERROR}"
case "${VAR_IN_DIALOG_WR}" in
box ) dialog_box_cleaner ;;
gauge ) dialog_gauge_cleaner ;;
esac
printf "\e[91m❌ Control character : '%s'. \e[0m\n" "${disallowed_ctrl}" >&2
printf "\e[91m❌ in argument : '%s'. \e[0m\n" "${input}" >&2
printf "\e[91m❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2
printf "%s❌ Control character : '%s'. %s%s" "${C_RED}" "${disallowed_ctrl}" "${C_RES}" "${NL}" >&2
printf "%s❌ in argument : '%s'. %s%s" "${C_RED}" "${input}" "${C_RES}" "${NL}" >&2
printf "%s❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
# shellcheck disable=SC2162
read -p $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_UNSAFE_CHARACTER}"
@@ -64,18 +70,18 @@ sanitize_arg() {
disallowed=$(printf '%s' "${input}" | tr -d "${allowed}")
if [[ -n ${disallowed} ]]; then
{
printf "❌ Invalid character : '%s'. \n" "${disallowed//?/& }"
printf "❌ in argument : '%s'. \n" "${input}"
printf "❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \n"
printf "\n"
printf "❌ Invalid character : '%s'. %s" "${disallowed//?/& }" "${NL}"
printf "❌ in argument : '%s'. %s" "${input}" "${NL}"
printf "❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s" "${NL}"
printf "%s" "${NL}"
} >> "${LOG_ERROR}"
case "${VAR_IN_DIALOG_WR}" in
box ) dialog_box_cleaner ;;
gauge ) dialog_gauge_cleaner ;;
esac
printf "\e[91m❌ Invalid character : '%s'. \e[0m\n" "${disallowed//?/& }" >&2
printf "\e[91m❌ in argument : '%s'. \e[0m\n" "${input}" >&2
printf "\e[91m❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' \e[0m\n" >&2
printf "%s❌ Invalid character : '%s'. %s%s" "${C_RED}" "${disallowed//?/& }" "${C_RES}" "${NL}" >&2
printf "%s❌ in argument : '%s'. %s%s" "${C_RED}" "${input}" "${C_RES}" "${NL}" >&2
printf "%s❌ Allowed Characters : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
# shellcheck disable=SC2162
read -p $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_UNSAFE_CHARACTER}"
@@ -83,5 +89,4 @@ sanitize_arg() {
printf '%s' "${input}"
fi
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

5
lib/0102_arg_parser.sh
View File

@@ -10,16 +10,19 @@
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Argument Parser
# Globals:
# DEFAULT_LOG_LEVEL
# VAR_AUTO_INSTALL
# VAR_IN_DIALOG_WR
# VAR_PRIORITY
# VAR_REIONICE_CLASS
# VAR_REIONICE_PRIORITY
# Arguments:
# None
# None
#######################################
arg_parser() {
while [[ $# -gt 0 ]]; do

11
lib/0103_arg_priority_check.sh
View File

@@ -10,14 +10,19 @@
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Check and setup Script Priorities
# Globals:
# C_GRE
# C_RES
# NL
# VAR_PRIORITY
# VAR_REIONICE_CLASS
# VAR_REIONICE_PRIORITY
# Arguments:
# None
# None
#######################################
arg_priority_check() {
declare var
@@ -25,14 +30,14 @@ arg_priority_check() {
if [[ -n ${VAR_PRIORITY} ]]; then
renice "${VAR_PRIORITY}" -p "$$"
var=$(ps -o ni= -p $$) > /dev/null 2>&1
printf "\e[92m✅ New renice value: %s\e[0m\n" "${var}"
printf "%s✅ New renice value: '%s'. %s%s" "${C_GRE}" "${var}" "${C_RES}" "${NL}"
fi
# Check if ionice PRIORITY is set and adjust ionice priority.
if [[ -n ${VAR_REIONICE_CLASS} ]]; then
ionice -c"${VAR_REIONICE_CLASS:-2}" -n"${VAR_REIONICE_PRIORITY:-4}" -p "$$"
var=$(ionice -p $$) > /dev/null 2>&1
printf "\e[92m✅ New ionice value: %s\e[0m\n" "${var}"
printf "%s✅ New ionice value: '%s'. %s%s" "${C_GRE}" "${var}" "${C_RES}" "${NL}"
fi
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

111
lib/0104_arg_nuke_converter.sh Normal file
View File

@@ -0,0 +1,111 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
declare pw_file="${2}"
if [[ -z "${pw_file}" ]]; then
if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
printf "%s❌ Error: --root-password-file missing password file path argument.%s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
# shellcheck disable=SC2162
read -p $'%s✅ Press \'ENTER\' to exit the script ... %s' ${C_GRE}" "${C_RES}"
exit "${ERR_MISS_PWD_P}"
fi
if [[ ! -f "${pw_file}" ]]; then
if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
printf "%s❌ Error: --root-password-file password file '%s' does not exist.%s%s" "${pw_file}" >&2
# shellcheck disable=SC2162
read -p $'%s✅ Press \'ENTER\' to exit the script ... %s'
exit "${ERR_MISS_PWD_F}"
fi
declare owner
owner=$(stat -c '%U:%G' "${pw_file}")
if [[ "${owner}" != "root:root" ]]; then
chown root:root "${pw_file}" || {
if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
printf "%s❌ Error: --root-password-file failed to set owner root:root on '%s'.%s%s" "${pw_file}" >&2
# shellcheck disable=SC2162
read -p $'%s✅ Press \'ENTER\' to exit the script ... %s'
exit "${ERR_OWNS_PWD_F}"
}
fi
declare perms
perms=$(stat -c '%a' "${pw_file}")
if [[ "${perms}" -ne 400 ]]; then
chmod 400 "${pw_file}" || {
if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
printf "%s❌ Error: --root-password-file failed to set permissions 0400 on '%s'.%s%s" "${pw_file}" >&2
# shellcheck disable=SC2162
read -p $'%s✅ Press \'ENTER\' to exit the script ... %s'
exit "${ERR_RGHT_PWD_F}"
}
fi
declare plaintext_pw
[[ "${VAR_EARLY_DEBUG}" == "true" ]] && set +x # No tracing for security reasons
if ! IFS= read -r plaintext_pw < "${pw_file}"; then
:
fi
[[ "${VAR_EARLY_DEBUG}" == "true" ]] && set -x # Turn on tracing again
declare pw_length
pw_length=${#plaintext_pw}
if (( pw_length < 20 || pw_length > 64 )); then
if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
printf "%s❌ Error: --root-password-file password MUST be between 20 and 64 characters (got %d).%s%s" "${pw_length}" >&2
# shellcheck disable=SC2162
read -p $'%s✅ Press \'ENTER\' to exit the script ... %s'
exit "${ERR_PASS_LENGH}"
fi
[[ "${VAR_EARLY_DEBUG}" == "true" ]] && set +x # No tracing for security reasons
if [[ "${plaintext_pw}" == *\"* ]]; then
[[ "${VAR_EARLY_DEBUG}" == "true" ]] && set -x # Turn on tracing again
if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
printf "%s❌ Error: --root-password-file password MUST NOT contain double quotes (\").%s%s" >&2
# shellcheck disable=SC2162
read -p $'%s✅ Press \'ENTER\' to exit the script ... %s'
exit "${ERR_PASS_PLICY}"
fi
[[ "${VAR_EARLY_DEBUG}" == "true" ]] && set -x # Turn on tracing again
declare salt
set +o pipefail
while :; do
salt=$(tr -dc 'A-Za-z0-9' </dev/random | head -c 16)
[[ ${#salt} -eq 16 ]] && break
done
set -o pipefail
declare hash_temp
[[ "${VAR_EARLY_DEBUG}" == "true" ]] && set +x # No tracing for security reasons
hash_temp=$(mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608 "${plaintext_pw}")
[[ "${VAR_EARLY_DEBUG}" == "true" ]] && set -x # Turn on tracing again
declare -g VAR_HASHED_PWD="${hash_temp}"
unset hash_temp plaintext_pw
sync
if shred -vfzu -n 5 "${pw_file}" > /dev/null 2>&1; then
printf "%s✅ Password file '%s': shred -vfzu -n 5 >> done. %s%s" "${pw_file}" > /dev/null 2>&1
else
printf "%s❌ Password file '%s': shred -vfzu -n 5 >> NOT successful. %s%s" "${pw_file}" > /dev/null 2>&1
fi
sync
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh