V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
61
lib/cdi_0005_guard/README.md
Normal file
61
lib/cdi_0005_guard/README.md
Normal file
@@ -0,0 +1,61 @@
|
||||
---
|
||||
gitea: none
|
||||
include_toc: true
|
||||
---
|
||||
|
||||
# 1. CISS.debian.installer
|
||||
|
||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||
*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
|
||||
**Master Version**: 8.00<br>
|
||||
**Build**: V8.00.000.2025.06.17<br>
|
||||
|
||||
# 2. Guarding and Safe Execution – `cdi_0005_guard`
|
||||
|
||||
This directory provides minimalistic but critical utility functions to ensure safe and idempotent sourcing and execution
|
||||
semantics within the `CISS.debian.installer` framework. These wrappers act as foundational safeguards against redundant
|
||||
sourcing, which are frequent sources of bugs and side effects in modular Bash-based systems.
|
||||
|
||||
## 2.1. Purpose and Functionality
|
||||
|
||||
- **0005_guard_sourcing.sh**
|
||||
Defines the `guard_sourcing()` function, which programmatically prevents a Bash library file from being sourced multiple
|
||||
times. It constructs a uniquely scoped read-only environment variable guard to mark the sourced state.
|
||||
|
||||
- **0006_source_guard.sh**
|
||||
Implements the `source_guard()` function, which sources a given file only once. It uses the file’s basename to construct a
|
||||
similarly structured guard variable. Intended for cases where sourcing decisions must be made dynamically.
|
||||
|
||||
- **0011_guard_safe_exec.sh**
|
||||
Provides a generic `safe_exec()` wrapper to execute external commands in a structured and error-controlled manner. It emits
|
||||
meaningful error logs using `do_log()` and allows associating custom error codes per invocation context. This is essential
|
||||
for defensive script execution when `pipefail` and strict traps are enabled.
|
||||
|
||||
## 2.2. Requirements
|
||||
|
||||
- Bash version ≥ 5.1
|
||||
- Active error trapping via `trap 'trap_err' ERR`
|
||||
- `do_log()` must be declared elsewhere in the global context
|
||||
- All libraries must be sourced via `source_guard()` and invoke `guard_sourcing` on top
|
||||
|
||||
## 2.3. Dependencies
|
||||
|
||||
- Pure Bash implementation
|
||||
- Uses `declare -grx` to enforce immutability and exportability of guard variables
|
||||
- `safe_exec()` expects a predefined `do_log()` implementation
|
||||
|
||||
## 2.4. License
|
||||
|
||||
This component is dual-licensed under the **European Union Public License v1.2 (EUPL-1.2),** or the
|
||||
**CoreSecret Custom Contributor License Agreement (CCLA-1.0)**. You may choose either license as per your usage context.
|
||||
Usage is permitted under the condition that no warranty is implied. Use at your own risk.
|
||||
|
||||
## 2.5. Author
|
||||
|
||||
Developed and maintained by
|
||||
**Marc S. Weidner**
|
||||
*Centurion Intelligence Consulting Agency*
|
||||
|
||||
---
|
||||
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
|
||||
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
|
||||
Reference in New Issue
Block a user