V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-09-02 13:10:24 +02:00
parent 0d39f3b5e1
commit 41eeb3a621
6 changed files with 33 additions and 33 deletions
--- a/.preseed/preseed.yaml
+++ b/.preseed/preseed.yaml
@@ -25,7 +25,7 @@ installer:
 apt:
  contrib: true                # Optionally, install contrib software.
  deb_sources: true            # Optionally includes deb-src entries for source repositories.
-  default_list: false          # By default, source repositories are listed in '/etc/apt/sources.list'. This MUST be "true".
+  default_list: false          # By default, source repositories are listed in '/etc/apt/sources.list'.
  default_deb822: true         # Since Trixie, source repositories are listed in '/etc/apt/sources.list.d/' in deb.822 format.
  full_upgrade: true           # Whether to upgrade packages after debootstrap.
  install_recommends: true     # Configure APT to not install recommended packages by default.
@@ -114,7 +114,11 @@ dropbear:
  firewall: false              # Yet not implemented. MUST be "false".
                               # Additional ultra hardening of the dropbear initramfs environment via firewall.
                               # The "bastion_ipv4" MUST be provided.
+  pgp_key: "/.pubkey/marc_s_weidner_msw@coresecret.dev_0xE62E84F8_public.asc"
+                               # './path/to/pgp_public_key.asc' to check the signature of: 'unlock-wrapper.sh'
  port: 42137                  # SSH Port dropbear initramfs should listen.
+  sig_file: "/.preseed/unlock-wrapper.sh.sha512.sig"
+                               # './path/to/unlock-wrapper.sh.sha512.sig' to verify the integrity of: 'unlock-wrapper.sh'

 ################################################################################################################################
 # Grub Bootparameter