V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-04 21:01:54 +02:00
parent 4d67571d55
commit 39ab10ea01
5 changed files with 29 additions and 28 deletions
--- a/func/cdi_4000_debootstrap/4000_debootstrap.sh
+++ b/func/cdi_4000_debootstrap/4000_debootstrap.sh
@@ -49,6 +49,7 @@ func_debootstrap() {
  if "${ary_cmd[@]}" | tee "${LOG_DBS}"; then

    do_log "info" "file_only" "4000() [${ary_cmd[*]}] successful."
+    install -d -m 0700 -o root -g root "${var_target}/root/.ciss/cdi/backup"
    install -d -m 0700 -o root -g root "${var_target}/root/.ciss/cdi/hooks"
    return 0

--- a/func/cdi_4000_debootstrap/4035_setup_resolv.sh
+++ b/func/cdi_4000_debootstrap/4035_setup_resolv.sh
@@ -35,8 +35,8 @@ setup_resolv() {

  if [[ -f "${TARGET}/etc/resolv.conf" ]]; then

-    mkdir -p "${DIR_BAK}/etc"
-    mv "${TARGET}/etc/resolv.conf" "${DIR_BAK}/etc/resolv.conf.bak"
+    mkdir -p "${TARGET}/root/.ciss/cdi/backup/etc"
+    mv "${TARGET}/etc/resolv.conf" "${TARGET}/root/.ciss/cdi/backup/etc/resolv.conf.bak"
    do_log "info" "file_only" "4035() Existing '${TARGET}/etc/resolv.conf' moved."

  fi
--- a/func/cdi_4100_base_installation/4100_generate_sources.sh
+++ b/func/cdi_4100_base_installation/4100_generate_sources.sh
@@ -28,7 +28,6 @@ guard_sourcing
 #   apt_non_free_firmware
 #   apt_sec
 #   apt_updates_backports
-#   apt_updates_policy
 #   apt_updates_release
 #   apt_updates_security
 #   architecture
@@ -179,30 +178,7 @@ EOF
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF

-  do_in_target "${TARGET}" apt-get update -y
-
-  if [[ "${apt_updates_policy,,}" == "unattended" ]]; then
-
-    do_in_target "${TARGET}" apt-get install -y unattended-upgrades
-    do_log "info" "file_only" "4100() The update policy was set at installation time to '${apt_updates_policy}'."
-
-  elif [[ "${apt_updates_policy,,}" == "security" ]]; then
-
-    do_in_target "${TARGET}" apt-get install -y unattended-upgrades
-
-    # shellcheck disable=SC2016
-    sed -i 's/^[[:space:]]*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${TARGET}/etc/apt/apt.conf.d/50unattended-upgrades"
-    do_log "info" "file_only" "4100() The update policy was set at installation time to '${apt_updates_policy}'."
-
-  elif [[ "${apt_updates_policy,,}" == "none" ]]; then
-
-    do_log "info" "file_only" "4100() The update policy was set at installation time to: '${apt_updates_policy}'."
-
-  else
-
-    do_log "warning" "file_only" "4100() Update policy '${apt_updates_policy}': is not supported. Using 'none' as default."
-
-  fi
+  do_log "info" "file_only" "4100() Sources lists: generated successfully."

  return 0
 }
--- a/func/cdi_4100_base_installation/4110_update_sources.sh
+++ b/func/cdi_4100_base_installation/4110_update_sources.sh
@@ -17,6 +17,7 @@ guard_sourcing
 # Globals:
 #   DIR_LOG
 #   TARGET
+#   apt_updates_policy
 # Arguments:
 #   None
 # Returns:
@@ -33,6 +34,29 @@ update_sources() {

  do_log "info" "file_only" "4110() Sources lists: updated successfully."

+  if [[ "${apt_updates_policy,,}" == "unattended" ]]; then
+
+    do_in_target "${TARGET}" apt-get install -y unattended-upgrades
+    do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'."
+
+  elif [[ "${apt_updates_policy,,}" == "security" ]]; then
+
+    do_in_target "${TARGET}" apt-get install -y unattended-upgrades
+
+    # shellcheck disable=SC2016
+    sed -i 's/^[[:space:]]*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${TARGET}/etc/apt/apt.conf.d/50unattended-upgrades"
+    do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'."
+
+  elif [[ "${apt_updates_policy,,}" == "none" ]]; then
+
+    do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'."
+
+  else
+
+    do_log "warning" "file_only" "4110() Update policy '${apt_updates_policy}': is not supported. Using 'none' as default."
+
+  fi
+
  return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/includes/chroot/hooks/4020_remove_x509.hooks.sh
+++ b/includes/chroot/hooks/4020_remove_x509.hooks.sh
@@ -176,7 +176,7 @@ main() {
  printf "All expired certificates will be safely removed. \n"

  declare -ag  ary_search_dir=( "/etc/ssl/certs" "/usr/local/share/ca-certificates" "/usr/share/ca-certificates" "/etc/letsencrypt" )
-  declare -gx  var_backup_dir="/root/.ciss/dlb/backup/certificates"
+  declare -gx  var_backup_dir="/root/.ciss/cdi/backup/certificates"
  declare -gx  var_crrnt_date; var_crrnt_date=$(date +%s)
  declare -ag  ary_expd_certs=()
  declare      exp_cert="" basename="" mozilla_entry=""