V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

ciss_debian_installer.sh

@@ -12,6 +12,23 @@
 
 ### Contributions so far see ./docs/CREDITS.md
 
+# TODO: Implement Clang Build Chain and Secure Boot PK CISS.ROOT.CA Signing Workflow
+# TODO: Copy Grub Boot Loader to default path via manuel cp. Refactor 4230_update_grub.sh
+# TODO: Update preseed.yaml for pgp signing key OR implementation of presigned unlock-wrapper.sh
+# TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml Refactor 4500_installation_accounts.sh
+# TODO: Check Packages for installation. Refactor preseed.yaml, 4130_installation_toolset.sh, 4700_setup_packages.sh
+# TODO: What do we need for CISS environment?
+# TODO: Any changes to the NTPSec Servers?
+# TODO: Hibernate deactivation
+# TODO: Hardening Scripts Integration
+# TODO: SSH 2fa integration
+# TODO: Recovery Partition Integration
+# TODO: Grub Boot Menu Update for Recovery Integration
+# TODO: update-grub Post Hook Clang, Recovery, Signing PK
+# TODO: Copying Log Files to final System
+# TODO: Integrate CISS.debian.installer calling arguments and preseed.yaml into CISS.debian.live.builder build chain?
+# TODO: Reboot function for Autoinstall
+
 ### WHY BASH?
 # Ease of installation. No compiling or installing gems, CPAN modules, pip packages, etc. Simple to use and read. Clear syntax
 # and straightforward output interpretation. Built-in power. Pattern matching, line processing, and regular expression support
@@ -155,8 +172,8 @@ trap 'trap_err  "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${B
 trap 'trap_int' INT TERM
 
 ### INTERACTIVE MODE NOTES AND KERNEL SELECTION.
-# TODO: Update 0110_check_kernel.sh   & sourcing
-# TODO: Update 0115_check_provider.sh & sourcing
+# TODO: Update /lib/cdi_0110_interactive/0110_check_kernel.sh   & sourcing
+# TODO: Update /lib/cdi_0110_interactive/0115_check_provider.sh & sourcing
 #if ! "${VAR_AUTO_INSTALL}"; then check_provider; fi
 #if ! "${VAR_AUTO_INSTALL}"; then check_kernel; fi
 
@@ -178,110 +195,129 @@ arg_parser "$@"
 echo "PRIORITY UPDATES ..."
 arg_priority_check
 
+# TODO: Implement loop_pass() for other passwords.
 ### HASHING PASSWORDS.
 echo "HASHING PASSWORDS ..."
 nuke_passphrase
-# TODO: Implement loop_pass() for other passwords.
 
-### MAIN PROGRAM SEQUENCE
-echo "MAIN PROGRAM SEQUENCE: yaml_parser() ..."
+# TODO: Implement / Integrate IP, Port validation
+### CDI_1200
+
+### CDI_1250
+echo "MAIN PROGRAM SEQUENCE: 1250_yaml_parser.sh ..."
 yaml_parser
-echo "MAIN PROGRAM SEQUENCE: yaml_reader() ..."
+echo "MAIN PROGRAM SEQUENCE: 1251_yaml_reader.sh ..."
 yaml_reader
+echo "MAIN PROGRAM SEQUENCE: 1252_yaml_validator.sh ..."
+yaml_validator
 
-# TODO: Implement / Activate IP, Port validation
-# 1222_validation_preseed.sh 1221_validation_ip.sh
-# validation_preseed
-
-### PARTITIONING
-echo "MAIN PROGRAM SEQUENCE: partitioning() ..."
+### CDI_3200
+echo "MAIN PROGRAM SEQUENCE: 3200_partitioning.sh ..."
 partitioning
-echo "MAIN PROGRAM SEQUENCE: benchmarking_encryption() ..."
+echo "MAIN PROGRAM SEQUENCE: 3210_benchmarking_encryption.sh ..."
 benchmarking_encryption
-echo "MAIN PROGRAM SEQUENCE: partition_encryption() ..."
+echo "MAIN PROGRAM SEQUENCE: 3220_partition_encryption.sh ..."
 partition_encryption
-echo "MAIN PROGRAM SEQUENCE: partition_formatting() ..."
+echo "MAIN PROGRAM SEQUENCE: 3240_partition_formatting.sh ..."
 partition_formatting
-echo "MAIN PROGRAM SEQUENCE: mount_partition() ..."
+echo "MAIN PROGRAM SEQUENCE: 3280_mount_partition.sh ..."
 mount_partition
-echo "MAIN PROGRAM SEQUENCE: uuid_logger() ..."
+echo "MAIN PROGRAM SEQUENCE: 3290_uuid_logger.sh ..."
 uuid_logger
 
-### DEBOOTSTRAP # TODO: Order of Hostname, Locale, Time before first apt update and Locales individual, certificate
-echo "MAIN PROGRAM SEQUENCE: func_debootstrap() ..."
+### CDI_4000
+echo "MAIN PROGRAM SEQUENCE: 4000_debootstrap.sh ..."
 func_debootstrap
-echo "MAIN PROGRAM SEQUENCE: configure_system() ..."
-configure_system
-echo "MAIN PROGRAM SEQUENCE: generate_fstab() ..."
-generate_fstab
-echo "MAIN PROGRAM SEQUENCE: generate_crypttab() ..."
-generate_crypttab
-echo "MAIN PROGRAM SEQUENCE: generate_sources() ..."
-generate_sources
-echo "MAIN PROGRAM SEQUENCE: minimal_toolset() ..."
-minimal_toolset
-echo "MAIN PROGRAM SEQUENCE: setup_skel() ..."
-setup_skel
-echo "MAIN PROGRAM SEQUENCE: setup_timezone() ..."
-setup_timezone # TODO: Checks ongoing.
-echo "MAIN PROGRAM SEQUENCE: setup_locales() ..."
-setup_locales
-# TODO: Implement Clang Build Chain and MOK Signing Workflow
-echo "MAIN PROGRAM SEQUENCE: installation_kernel() ..."
-installation_kernel
-echo "MAIN PROGRAM SEQUENCE: setup_network() ..."
-setup_network
-echo "MAIN PROGRAM SEQUENCE: setup_hostname() ..."
+echo "MAIN PROGRAM SEQUENCE: 4010_prepare_mounts.sh ..."
+prepare_mounts
+echo "MAIN PROGRAM SEQUENCE: 4020_remove_x509.sh ..."
+remove_x509
+echo "MAIN PROGRAM SEQUENCE: 4030_setup_hostname.sh ..."
 setup_hostname
-echo "MAIN PROGRAM SEQUENCE: setup_machineid() ..."
-setup_machineid
-# TODO: Implement Clang Build Chain and MOK Signing Workflow and integrate GRUB, if needed
-# TODO: Copy Grub Boot Loader to default path
-echo "MAIN PROGRAM SEQUENCE: setup_grub() ..."
-setup_grub
-echo "MAIN PROGRAM SEQUENCE: setup_grub_password() ..."
-setup_grub_password
-echo "MAIN PROGRAM SEQUENCE: setup_grub_bootparameter() ..."
-setup_grub_bootparameter
-echo "MAIN PROGRAM SEQUENCE: setup_kernel_modules() ..."
-setup_kernel_modules
-echo "MAIN PROGRAM SEQUENCE: setup_kernel_sysctl() ..."
-setup_kernel_sysctl
-echo "MAIN PROGRAM SEQUENCE: installation_microcode() ..."
-installation_microcode
-echo "MAIN PROGRAM SEQUENCE: setup_ssh() ..."
-setup_ssh
-echo "MAIN PROGRAM SEQUENCE: build_dropbear() ..."
-build_dropbear
-echo "MAIN PROGRAM SEQUENCE: install_dropbear_initramfs() ..."
-install_dropbear_initramfs
-# TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock-wrapper.sh
-echo "MAIN PROGRAM SEQUENCE: setup_dropbear() ..."
-setup_dropbear
-# TODO: Implement Console Login Deactivation and 2fa as advertised in preseed.yaml
-echo "MAIN PROGRAM SEQUENCE: setup_accounts() ..."
-setup_accounts
-# TODO: Check Packages for installation
-echo "MAIN PROGRAM SEQUENCE: setup_packages() ..."
-setup_packages
-# TODO: What do we need for CISS environment?
-echo "MAIN PROGRAM SEQUENCE: setup_sudo() ..."
-setup_sudo
-# TODO: Any changes to the NTPSec Servers?
-echo "MAIN PROGRAM SEQUENCE: setup_chrony() ..."
-setup_chrony
-echo "MAIN PROGRAM SEQUENCE: exiting_chroot() ..."
-exiting_chroot
+echo "MAIN PROGRAM SEQUENCE: 4035_setup_resolv.sh ..."
+setup_resolv
+echo "MAIN PROGRAM SEQUENCE: 4040_setup_timezone.sh ..."
+setup_timezone
+echo "MAIN PROGRAM SEQUENCE: 4050_setup_locales.sh ..."
+setup_locales
 
-# TODO: Hibernate deactivation
-# TODO: Hardening Scripts Integration
-# TODO: SSH 2fa integration
-# TODO: Recovery Partition Integration
-# TODO: Grub Boot Menu Update for Recovery Integration
-# TODO: update-grub Post Hook Clang, Recovery, Signing MOK
-# TODO: Copying Log Files to final System
-# TODO: Integrate CISS.debian.installer calling arguments and preseed.yaml into CISS.debian.live.builder build chain?
-# TODO: Reboot function for Autoinstall
+### CDI_4100
+echo "MAIN PROGRAM SEQUENCE: 4100_generate_sources.sh ..."
+generate_sources
+echo "MAIN PROGRAM SEQUENCE: 4110_update_sources.sh ..."
+update_sources
+echo "MAIN PROGRAM SEQUENCE: 4120_installation_kernel.sh ..."
+installation_kernel
+echo "MAIN PROGRAM SEQUENCE: 4130_installation_toolset.sh ..."
+installation_toolset
+echo "MAIN PROGRAM SEQUENCE: 4131_installation_systemd.sh ..."
+installation_systemd
+echo "MAIN PROGRAM SEQUENCE: 4132_installation_machineid.sh ..."
+installation_machineid
+echo "MAIN PROGRAM SEQUENCE: 4140_installation_microcode.sh ..."
+installation_microcode
+echo "MAIN PROGRAM SEQUENCE: 4150_installation_chrony.sh ..."
+installation_chrony
+
+### CDI_4200
+echo "MAIN PROGRAM SEQUENCE: 4200_generate_fstab.sh ..."
+generate_fstab
+echo "MAIN PROGRAM SEQUENCE: 4210_generate_crypttab.sh ..."
+generate_crypttab
+echo "MAIN PROGRAM SEQUENCE: 4220_update_initramfs.sh ..."
+update_initramfs
+echo "MAIN PROGRAM SEQUENCE: 4230_update_grub.sh ..."
+update_grub
+echo "MAIN PROGRAM SEQUENCE: 4240_update_grub_password.sh ..."
+update_grub_password
+echo "MAIN PROGRAM SEQUENCE: 4250_update_grub_bootparameter.sh ..."
+update_grub_bootparameter
+
+### CDI_4300
+echo "MAIN PROGRAM SEQUENCE: 4300_installation_network.sh ..."
+installation_network
+echo "MAIN PROGRAM SEQUENCE: 4310_dropbear_build.sh ..."
+dropbear_build
+echo "MAIN PROGRAM SEQUENCE: 4311_dropbear_initramfs.sh ..."
+dropbear_initramfs
+echo "MAIN PROGRAM SEQUENCE: 4312_dropbear_setup.sh ..."
+dropbear_setup
+
+### CDI_4400
+echo "MAIN PROGRAM SEQUENCE: 4400_kernel_modules.sh ..."
+kernel_modules
+echo "MAIN PROGRAM SEQUENCE: 4410_kernel_sysctl.sh ..."
+kernel_sysctl
+echo "MAIN PROGRAM SEQUENCE: 4420_installation_ssh.sh ..."
+installation_ssh
+echo "MAIN PROGRAM SEQUENCE: 4430_installation_skel.sh ..."
+installation_skel
+echo "MAIN PROGRAM SEQUENCE: 4440_hardening_files.sh ..."
+hardening_files
+
+### CDI_4500
+echo "MAIN PROGRAM SEQUENCE: 4500_installation_accounts.sh ..."
+installation_accounts
+
+### CDI_4600
+#echo "MAIN PROGRAM SEQUENCE: 4600_minimal_checks.sh ..."
+
+#echo "MAIN PROGRAM SEQUENCE: 4610_finalize_system.sh ..."
+
+#echo "MAIN PROGRAM SEQUENCE: 4670_verify_system.sh ..."
+
+#echo "MAIN PROGRAM SEQUENCE: 4680_check_sshd_config_integrity.sh ..."
+
+#echo "MAIN PROGRAM SEQUENCE: 4690_check_grub_cmdline.sh ..."
+
+### CDI_4700
+echo "MAIN PROGRAM SEQUENCE: 4799_exiting_chroot_system.sh ..."
+exiting_chroot_system
+
+### CDI_5000
+if [[ "${VAR_RECOVERY}" == "true" ]]; then
+  wrapper_recovery
+fi
 
 ### Dialog Output for Initialization END
 if ! "${VAR_AUTO_INSTALL}"; then . ./lib/cdi_0200_dialog/0200_dialog_helper.sh && dialog_box_cleaner; fi