msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m3s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-09-13 16:59:13 +02:00
parent bb6d6a21c6
commit 54c35623bd
4 changed files with 36 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
func/cdi_1000_helper/1080_helper_chroot.sh
View File

@@ -14,9 +14,13 @@ guard_sourcing
#######################################
# Use chroot_exec() for:
# - simple commands (e.g., dpkg, ln, mkdir, apt, etc.).
# - Simple commands (e.g., dpkg, ln, mkdir, apt, etc.).
# Use chroot_script() for:
# - all shell scripts, redirects, pipes, conditions, loops, or subshells.
# - All shell scripts, redirects, pipes, conditions, loops, or subshells.
# Use chroot_stdin() for:
# - Long, multi-line payloads without argv/ARG_MAX pain. Use it to stream robust, quoting-safe scripts via stdin (bash -s).
# Ideal for multi-line awk/sed edits, or any content that would otherwise suffer from nested quoting or size limits if
# passed via -c.
#######################################
#######################################
@@ -76,7 +80,7 @@ chroot_exec() {
}
#######################################
# Execute a full shell script line inside the chroot via bash -c.
# Run a complete shell script line inside the chroot using the command 'bash -c'.
# Globals:
# BASH_SOURCE
# TERM
@@ -150,7 +154,7 @@ chroot_script() {
}
#######################################
# Execute the desired code of the installer via stdin inside the chroot with bash -s.
# Run the installer-desired code via stdin inside the chroot with bash -s.
# Globals:
# BASH_SOURCE
# TERM

64
func/cdi_4500_user/4520_accounts_setup.sh
View File

@@ -596,19 +596,13 @@ pam_access_sync_login_sshd() {
declare var_file_login="/etc/pam.d/login"
declare var_file_sshd="/etc/pam.d/sshd"
### Guard: files must exist, no-op otherwise.
### Guard: The file must exist, no-op otherwise.
if [[ ! -f "${TARGET}${var_file_login}" ]]; then
return 0
fi
if [[ ! -f "${TARGET}${var_file_sshd}" ]]; then
: ### Still continue, only '/etc/pam.d/login' will be processed
fi
### 1) If the 'pam_access' line is commented in '/etc/pam.d/login', uncomment exactly one occurrence.
# shellcheck disable=SC2155
declare var_payload="$(
cat <<'CISS'
chroot_stdin "${TARGET}" "__payload__" <<'EOF'
tmp="$(mktemp /etc/pam.d/login.XXXXXX)"
LC_ALL=C awk '
BEGIN { done=0 }
@@ -623,46 +617,28 @@ BEGIN { done=0 }
print
}
' /etc/pam.d/login >| "${tmp}"
test -s "${tmp}"
mv -f "${tmp}" /etc/pam.d/login
CISS
)"
chroot_script "${TARGET}" "${var_payload}"
#chroot_script "${TARGET}" "
# LC_ALL=C awk '
# BEGIN { done=0 }
# {
# if (!done) {
# tmp=\$0
# sub(/^[[:space:]]*#+[[:space:]]*/, \"\", tmp)
# if (tmp ~ /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/) {
# print tmp
# done=1
# next
# }
# }
# print
# }
# ' /etc/pam.d/login >| /etc/pam.d/login.new
# mv -f /etc/pam.d/login.new /etc/pam.d/login
# "
[[ -f "${tmp}" ]] && rm -f "${tmp}"
EOF
### 2) If '/etc/pam.d/login' now has an active pam_access line, ensure '/etc/pam.d/sshd' pam_access line(s) are commented out.
chroot_script "${TARGET}" "
if grep -Eq '^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access\.so([[:space:]]|$)' /etc/pam.d/login; then
if [[ -f /etc/pam.d/sshd ]]; then
awk '
### Comment only active matches; keep pre-commented lines untouched.
/^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access\.so([[:space:]]|$)/ { print \"# \" \$0; next }
{ print }
' /etc/pam.d/sshd >| /etc/pam.d/sshd.new
mv -f /etc/pam.d/sshd.new /etc/pam.d/sshd
fi
fi
"
### No-op if '/etc/pam.d/sshd' is absent.
[[ -f "${TARGET}${var_file_sshd}" ]] || return 0
chroot_stdin "${TARGET}" "__payload__" <<'EOF'
LC_ALL=C
if grep -Eq '^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)' /etc/pam.d/login; then
tmp="$(mktemp /etc/pam.d/sshd.XXXXXX)"
LC_ALL=C awk '
/^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/ { print "# " $0; next }
{ print }
' /etc/pam.d/sshd >| "${tmp}"
test -s "${tmp}"
mv -f "${tmp}" /etc/pam.d/sshd
[[ -f "${tmp}" ]] && rm -f "${tmp}"
fi
EOF
return 0
}