V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/cdi_1000_helper/1030_check_nic.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Specify the network interface card (NIC) interactively for setup.
+# Globals:
+#   DIR_TMP
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+check_nic() {
+  # shellcheck disable=SC2312
+  ip -o link show | awk -F': ' '{print $2}' | sed 's!lo!!' | sed '/^$/d' | awk '{$1=$1};1' >| "${DIR_TMP}nic.tmp"
+  declare var_counter=1
+  declare var_line=""
+  declare var_nic=""
+  declare var_radiolist=""
+
+  while IFS= read -r var_line; do
+    var_radiolist="${var_radiolist} ${var_line} ${var_counter} on "
+    ((var_counter++))
+  done < "${DIR_TMP}nic.tmp"
+
+  # shellcheck disable=SC2086 disable=SC2248
+  var_nic=$(dialog --ascii-lines --clear --backtitle "Specify the NIC for setup" --radiolist "NIC available" 0 0 ${var_counter} ${var_radiolist} 3>&1 1>&2 2>&3)
+  clear
+
+  do_log "info" "file_only" "You have selected: '${var_nic}' - proceeding with setup."
+  return 0
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_1000_helper/1080_helper_chroot.sh

@@ -0,0 +1,134 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Use do_in_target() for:
+#   - simple commands (e.g., dpkg, ln, mkdir, apt, etc.).
+# Use do_in_target_script() for:
+#   - all shell scripts, redirects, pipes, conditions, loops, or subshells.
+#######################################
+
+#######################################
+# Wrapper for executing commands in the desired chroot environment.
+# Globals:
+#   ERR_CHRT_COMMAND
+#   TERM
+# Arguments:
+#   1: Target of the chroot environment.
+#   2: Commands and options and parameters to be executed in chroot.
+# Returns:
+#   0: on success
+#   ERR_CHRT_COMMAND: on failure
+#######################################
+do_in_target() {
+  declare    var_chroot_target="$1"; shift
+  declare -a ary_chroot_command=("$@")
+  declare -r var_default_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+  if (( ${#ary_chroot_command[@]} == 0 )); then
+
+    do_log "emergency" "file_only" "1080() Empty command passed to 'do_in_target()'."
+    return "${ERR_CHRT_COMMAND}"
+
+  fi
+
+  if ! chroot "${var_chroot_target}" /usr/bin/env -i PATH="${var_default_path}" which "${ary_chroot_command[0]}" &>/dev/null; then
+
+    do_log "emergency" "file_only" "1080() Binary: '${ary_chroot_command[0]}' not found in target 'PATH=${var_default_path}'."
+    do_log "emergency" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i PATH=${var_default_path} which ${ary_chroot_command[0]} &>/dev/null]."
+    return "${ERR_CHRT_COMMAND}"
+
+  fi
+
+  if ! chroot "${var_chroot_target}" /usr/bin/env -i \
+    HOME="/root" \
+    PATH="${var_default_path}" \
+    TERM="${TERM}" \
+    LANG="C.UTF-8" \
+    LC_ALL="C.UTF-8" \
+    DEBIAN_FRONTEND="noninteractive" \
+    APT_LISTCHANGES_FRONTEND="none" \
+    "${ary_chroot_command[@]}"
+
+  then
+
+    do_log "emergency" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none ${ary_chroot_command[*]}] failed."
+    return "${ERR_CHRT_COMMAND}"
+
+  else
+
+    do_log "info" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none ${ary_chroot_command[*]}] successful."
+    return 0
+
+  fi
+}
+
+#######################################
+# Execute a full shell script line inside the chroot via bash -c.
+# TODO: Supports interactive debug shell on error.
+# Globals:
+#   ERR_CHRT_COMMAND
+#   TERM
+#   DEBUG_INTERACTIVE (optional boolean)
+# Arguments:
+#   1: Target of the chroot environment
+#   2: Command string to execute inside a shell (quoted)
+#   3: Log level of command pipeline to be executed.
+# Returns:
+#   0: on success
+#   ERR_CHRT_COMMAND: on failure
+#######################################
+do_in_target_script() {
+  declare    var_chroot_target="$1"
+  declare    var_chroot_script="$2"
+  declare    var_log_level_on_error="${3:-emergency}"
+  declare -r var_default_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+  if [[ -z "${var_chroot_script}" ]]; then
+
+    do_log "emergency" "file_only" "1080() Empty command passed to 'do_in_target_script()'."
+    return "${ERR_CHRT_COMMAND}"
+
+  fi
+
+  if ! chroot "${var_chroot_target}" /usr/bin/env -i \
+    HOME="/root" \
+    PATH="${var_default_path}" \
+    TERM="${TERM}" \
+    LANG="C.UTF-8" \
+    LC_ALL="C.UTF-8" \
+    DEBIAN_FRONTEND="noninteractive" \
+    APT_LISTCHANGES_FRONTEND="none" \
+    /bin/bash -c "${var_chroot_script}"
+
+  then
+
+    do_log "${var_log_level_on_error}" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -c ${var_chroot_script}] failed."
+    return "${ERR_CHRT_COMMAND}"
+
+    # TODO: Test with Dialog Wrapper in interactive mode.
+    # TODO: Call clean screen first to terminate dialog wrapper !
+    #if [[ "${DEBUG_INTERACTIVE}" == "true" ]]; then
+    #  do_log "warning" "true" "Launching interactive debug shell in chroot: '${var_chroot_target}'."
+    #  chroot "${var_chroot_target}" /bin/bash -l
+    #fi
+
+  else
+
+    do_log "info" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -c ${var_chroot_script}] successful."
+    return 0
+
+  fi
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_1000_helper/1081_helper_grub.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Options in "GRUB_CMDLINE_LINUX" are always effective.
+### Options in "GRUB_CMDLINE_LINUX_DEFAULT" are effective ONLY during normal boot (NOT during recovery mode).
+
+guard_sourcing
+
+### Variable to finish GRUB CMDLINE strings.
+declare -grx VAR_H='"'
+
+#######################################
+# Helper module to extract the current GRUB CMDLINE strings.
+# Globals:
+#   TARGET
+#   VAR_GRUB_CMDLINE_LINUX
+#   VAR_GRUB_CMDLINE_LINUX_DEFAULT
+#   VAR_ORIG_GRUB_CMDLINE_LINUX
+#   VAR_ORIG_GRUB_CMDLINE_LINUX_DEFAULT
+# Arguments:
+#   None
+#######################################
+grub_extract_current_string() {
+  # shellcheck disable=SC2155
+  declare -gx VAR_ORIG_GRUB_CMDLINE_LINUX=$(grep -E 'GRUB_CMDLINE_LINUX=' "${TARGET}/etc/default/grub")
+  # shellcheck disable=SC2155
+  declare -gx VAR_ORIG_GRUB_CMDLINE_LINUX_DEFAULT=$(grep -E 'GRUB_CMDLINE_LINUX_DEFAULT=' "${TARGET}/etc/default/grub")
+  # shellcheck disable=SC2155
+  declare -gx VAR_GRUB_CMDLINE_LINUX=$(grep -E 'GRUB_CMDLINE_LINUX=' "${TARGET}/etc/default/grub" | sed 's/.$//')
+  # shellcheck disable=SC2155
+  declare -gx VAR_GRUB_CMDLINE_LINUX_DEFAULT=$(grep -E 'GRUB_CMDLINE_LINUX_DEFAULT=' "${TARGET}/etc/default/grub" | sed 's/.$//')
+}
+
+#######################################
+# Helper module to finish the modified GRUB CMDLINE strings.
+# Globals:
+#   TARGET
+#   VAR_GRUB_CMDLINE_LINUX
+#   VAR_GRUB_CMDLINE_LINUX_DEFAULT
+#   VAR_H
+#   VAR_ORIG_GRUB_CMDLINE_LINUX
+#   VAR_ORIG_GRUB_CMDLINE_LINUX_DEFAULT
+# Arguments:
+#   None
+#######################################
+grub_finalize_string() {
+  VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX}${VAR_H}"
+  VAR_GRUB_CMDLINE_LINUX_DEFAULT="${VAR_GRUB_CMDLINE_LINUX_DEFAULT}${VAR_H}"
+  sed -i "s/${VAR_ORIG_GRUB_CMDLINE_LINUX}/${VAR_GRUB_CMDLINE_LINUX}/" "${TARGET}/etc/default/grub"
+  sed -i "s/${VAR_ORIG_GRUB_CMDLINE_LINUX_DEFAULT}/${VAR_GRUB_CMDLINE_LINUX_DEFAULT}/" "${TARGET}/etc/default/grub"
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_1000_helper/1082_helper_modules.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Helper Module to generate a Subnet Mask out of an IP in CCDIR Notation.
+# Arguments:
+#   1: IPv4 in CCDIR Notation, e.g.,: 192.168.128.128/24
+# Returns:
+#   0: on success
+#######################################
+generate_subnetmask() {
+  declare var_arg="$1"
+  declare var_prefix="${var_arg#*/}"
+  declare var_mask_int=""
+  declare var_has_ipv4_subnet=""
+  var_mask_int=$((0xFFFFFFFF << (32 - var_prefix) & 0xFFFFFFFF))
+  var_has_ipv4_subnet=$(printf "%d.%d.%d.%d" \
+    $(((var_mask_int >> 24) & 0xFF)) \
+    $(((var_mask_int >> 16) & 0xFF)) \
+    $(((var_mask_int >> 8) & 0xFF)) \
+    $((var_mask_int & 0xFF)))
+  printf '%s' "${var_has_ipv4_subnet}"
+  return 0
+}
+
+#######################################
+# Helper module for update, full dist-upgrade, autoclean, autopurge and autoremove.
+# Arguments:
+#   None
+#######################################
+update_upgrade() {
+  apt-get update -y
+  apt-get dist-upgrade -y
+  apt-get autoclean -y
+  apt-get autopurge -y
+  apt-get autoremove -y
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_1000_helper/1084_helper_sanitizer.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Remove any leading or trailing whitespace.
+# Arguments:
+#   1: String to clean.
+#######################################
+remove_whitespace() {
+  # shellcheck disable=SC2155
+  declare var_out=$(printf "%s" "$1" | xargs)
+  printf '%s' "${var_out}"
+}
+
+#######################################
+# Function to escape all shell metacharacters
+# Arguments:
+#   1: String to Sanitize
+#######################################
+sanitize_input() {
+  declare input="$1"
+  ### %q quotes the string so that the shell re-reads it as the original literal
+  printf '%q' "${input}"
+}
+
+#######################################
+# Function to remove any character not in the allowed set
+# Arguments:
+#   1: String to Sanitize
+#######################################
+sanitize_string() {
+  declare input="$1"
+  ### Define allowed characters:
+  ### letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space.
+  declare allowed='a-zA-Z0-9._/=\[\]:"\-+ '
+  printf '%s' "${input}" | tr -cd "${allowed}"
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_1000_helper/1085_helper_secure_dl.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Wrapper for secure curl.
+# Globals:
+#   ERR_DOWNLOAD_FAILED
+#   ERR_NO_DOWNLOAD_ARG
+# Arguments:
+#   1: URL from which to download a specific file.
+#   2: /path/to/file to be saved to.
+# Returns:
+#   ERR_DOWNLOAD_FAILED: Download failed.
+#   ERR_NO_DOWNLOAD_ARG: No arguments specified.
+#######################################
+scurl() {
+  if [[ $# -ne 2 ]]; then
+    do_log "error" "true" "Usage: scurl <URL> <path/to/file>"
+    return "${ERR_NO_DOWNLOAD_ARG}"
+  fi
+  declare url="$1"
+  declare output_path="$2"
+  if ! curl --doh-url "https://dns01.eddns.eu/dns-query" \
+            --doh-cert-status \
+            --tlsv1.3 \
+            -sSf \
+            -o "${output_path}" \
+            "${url}"
+  then
+    do_log "error" "true" "Download failed for URL: '${1}'."
+    return "${ERR_DOWNLOAD_FAILED}"
+  fi
+}
+
+#######################################
+# Wrapper for secure wget.
+# Globals:
+#   ERR_DOWNLOAD_FAILED
+#   ERR_NO_DOWNLOAD_ARG
+# Arguments:
+#   1: URL from which to download a specific file.
+#   2: /path/to/file to be saved to.
+# Returns:
+#   ERR_DOWNLOAD_FAILED: Download failed.
+#   ERR_NO_DOWNLOAD_ARG: No arguments specified.
+#######################################
+swget() {
+  if [[ $# -ne 2 ]]; then
+    do_log "error" "true" "Usage: swget <URL> <path/to/file>"
+    return "${ERR_NO_DOWNLOAD_ARG}"
+  fi
+  declare url="$1"
+  declare output_path="$2"
+  if ! wget --show-progress \
+            --no-clobber \
+            --https-only \
+            --secure-protocol=TLSv1_3 \
+            -qO "${output_path}" \
+            "${url}"
+  then
+    do_log "error" "true" "Download failed for URL: '${1}'."
+    return "${ERR_DOWNLOAD_FAILED}"
+  fi
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_1000_helper/1086_helper_yaml.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# yq_val <YQ expression> <file> - Returns value, converts null to ""
+# Arguments:
+#   1: Key String to evaluate
+#   2: YAML File
+#######################################
+yq_val() {
+  declare var_h; var_h=$(yq e "$1" "$2")
+  [[ "${var_h}" == null ]] && var_h=""
+  printf '%s' "${var_h}"
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh