V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
76
lib/cdi_0110_interactive/0110_check_kernel.sh
Normal file
76
lib/cdi_0110_interactive/0110_check_kernel.sh
Normal file
@@ -0,0 +1,76 @@
|
||||
#!/bin/bash
|
||||
# SPDX-Version: 3.0
|
||||
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
|
||||
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
|
||||
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
||||
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
||||
# SPDX-FileType: SOURCE
|
||||
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
||||
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
||||
# SPDX-PackageName: CISS.debian.installer
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# TODO: Update this module
|
||||
|
||||
guard_sourcing
|
||||
|
||||
#######################################
|
||||
# Kernel Image Selector
|
||||
# Globals:
|
||||
# VAR_ARCHITECTURE
|
||||
# VAR_KERNEL
|
||||
# VAR_KERNEL_SRT
|
||||
# VAR_KERNEL_TMP
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# 42: Sorting Error.
|
||||
#######################################
|
||||
check_kernel() {
|
||||
clear
|
||||
declare -i counter=1
|
||||
declare first_string=""
|
||||
declare line=""
|
||||
declare -gx VAR_KERNEL=""
|
||||
declare name=""
|
||||
declare options=""
|
||||
|
||||
if [[ ${VAR_ARCHITECTURE} != arm64 ]]; then
|
||||
apt-cache search linux-image | grep linux-image | grep amd64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
|
||||
else
|
||||
apt-cache search linux-image | grep linux-image | grep arm64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
|
||||
fi
|
||||
|
||||
sort --output="${VAR_KERNEL_SRT}" "${VAR_KERNEL_TMP}" || {
|
||||
printf "❌ Error check_kernel() Line 40 sort failed\n" >&2
|
||||
# shellcheck disable=SC2162
|
||||
read -p $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
|
||||
return 42
|
||||
}
|
||||
|
||||
while IFS= read -r line; do
|
||||
first_string=${line%% *}
|
||||
name=${first_string#linux-image-}
|
||||
options+=("${name}" "${counter}" off)
|
||||
((counter++))
|
||||
done < "${VAR_KERNEL_SRT}"
|
||||
|
||||
# shellcheck disable=SC2155
|
||||
if declare -g VAR_KERNEL=$(dialog \
|
||||
--no-collapse \
|
||||
--ascii-lines \
|
||||
--clear \
|
||||
--backtitle "CISS.debian.live.builder" \
|
||||
--title "Select the Kernel for the CISS Hardened Debian Live Image ISO" \
|
||||
--radiolist "Kernel available \n *+bpo* : Debian Backported Kernel \n *cloud* : Special lightweight images for KVM \n *unsigned* : Unsigned Kernel \n *preempt_rt* : Special Kernel for real-time-computing \n Not unsigned marked are MS signed Kernel for Secure Boot \n" 0 0 "${options[@]}" 3>&1 1>&2 2>&3 3>&-); then
|
||||
clear
|
||||
else
|
||||
clear
|
||||
if [[ "${VAR_ARCHITECTURE}" == "amd64" ]]; then
|
||||
declare -gr VAR_KERNEL="amd64"
|
||||
elif [[ "${VAR_ARCHITECTURE}" == "arm64" ]]; then
|
||||
declare -gr VAR_KERNEL="arm64"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
69
lib/cdi_0110_interactive/0115_check_provider.sh
Normal file
69
lib/cdi_0110_interactive/0115_check_provider.sh
Normal file
@@ -0,0 +1,69 @@
|
||||
#!/bin/bash
|
||||
# SPDX-Version: 3.0
|
||||
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
|
||||
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
|
||||
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
||||
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
||||
# SPDX-FileType: SOURCE
|
||||
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
||||
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
||||
# SPDX-PackageName: CISS.debian.installer
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# TODO: Update this module
|
||||
|
||||
guard_sourcing
|
||||
|
||||
#######################################
|
||||
# Notes Textbox
|
||||
# Arguments:
|
||||
# None
|
||||
#######################################
|
||||
check_provider() {
|
||||
clear
|
||||
cat << 'EOF' >| "${VAR_NOTES}"
|
||||
Build: Master V8.00.000.2025.06.17
|
||||
|
||||
Press 'EXIT' to continue with CISS.debian.installer.
|
||||
|
||||
When you provision ISO images using the Netcup provider, you MUST always supply a globally unique identifier
|
||||
for each image via the --control argument. If you omit this flag or reuse an existing identifier, Netcup's
|
||||
backend will automatically locate and mount the oldest ISO carrying that same name. In practice, this means
|
||||
you might believe you're booting a freshly uploaded image, but in fact, the system silently reattaches an
|
||||
earlier one-leading to confusing failures and wasted troubleshooting time.
|
||||
|
||||
A separate but related issue emerges when booting certain Debian "cloud" kernel images-specifically those
|
||||
matching the patterns *.+bpo-cloud-amd64 or *.+bpo-cloud-arm64-on a Netcup G11 instance or on a Hetzner VM.
|
||||
After the initramfs is loaded, the console output often becomes garbled or completely unreadable. This is not
|
||||
due to a kernel panic, but rather to a mismatch between the framebuffer mode expected by the initramfs and the
|
||||
one actually provided by the virtual hardware. Common workarounds, like editing the boot entry (e) and appending
|
||||
|
||||
- 'nomodeset', or
|
||||
- 'vga=0x318',
|
||||
|
||||
do not resolve the issue because they address legacy VGA modes rather than the EFI framebuffer parameters used
|
||||
in modern cloud images.
|
||||
|
||||
To mitigate this, you can:
|
||||
|
||||
- Use a plain Debian kernel (e.g., linux-image-amd64) instead of the bpo-cloud variants, which are optimized
|
||||
for cloud-init but presume a different console setup.
|
||||
|
||||
- Explicitly set an EFI-compatible framebuffer by adding something like 'video=efifb:mode=auto' to the kernel
|
||||
command line. This aligns the initramfs console driver with the actual firmware framebuffer.
|
||||
|
||||
- Build a custom initramfs that includes the correct video modules or switches back to a serial console. For
|
||||
example, adding 'console=ttyS0,115200' can force all early messages to the serial port bypassing the
|
||||
graphical framebuffer entirely.
|
||||
EOF
|
||||
|
||||
dialog --no-collapse \
|
||||
--ascii-lines \
|
||||
--clear \
|
||||
--backtitle "CISS.debian.installer" \
|
||||
--title "Important Notes" \
|
||||
--scrollbar \
|
||||
--textbox "${VAR_NOTES}" 32 128
|
||||
clear
|
||||
}
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|
||||
Reference in New Issue
Block a user