msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m3s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-09-13 16:59:13 +02:00
parent bb6d6a21c6
commit 54c35623bd
4 changed files with 36 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
func/cdi_1000_helper/1080_helper_chroot.sh
View File

@@ -14,9 +14,13 @@ guard_sourcing
####################################### #######################################
# Use chroot_exec() for: # Use chroot_exec() for:
# - simple commands (e.g., dpkg, ln, mkdir, apt, etc.). # - Simple commands (e.g., dpkg, ln, mkdir, apt, etc.).
# Use chroot_script() for: # Use chroot_script() for:
# - all shell scripts, redirects, pipes, conditions, loops, or subshells. # - All shell scripts, redirects, pipes, conditions, loops, or subshells.
# Use chroot_stdin() for:
# - Long, multi-line payloads without argv/ARG_MAX pain. Use it to stream robust, quoting-safe scripts via stdin (bash -s).
# Ideal for multi-line awk/sed edits, or any content that would otherwise suffer from nested quoting or size limits if
# passed via -c.
####################################### #######################################
####################################### #######################################
@@ -76,7 +80,7 @@ chroot_exec() {
} }
####################################### #######################################
# Execute a full shell script line inside the chroot via bash -c. # Run a complete shell script line inside the chroot using the command 'bash -c'.
# Globals: # Globals:
# BASH_SOURCE # BASH_SOURCE
# TERM # TERM
@@ -150,7 +154,7 @@ chroot_script() {
} }
####################################### #######################################
# Execute the desired code of the installer via stdin inside the chroot with bash -s. # Run the installer-desired code via stdin inside the chroot with bash -s.
# Globals: # Globals:
# BASH_SOURCE # BASH_SOURCE
# TERM # TERM

64
func/cdi_4500_user/4520_accounts_setup.sh
View File

@@ -596,19 +596,13 @@ pam_access_sync_login_sshd() {
declare var_file_login="/etc/pam.d/login" declare var_file_login="/etc/pam.d/login"
declare var_file_sshd="/etc/pam.d/sshd" declare var_file_sshd="/etc/pam.d/sshd"
### Guard: files must exist, no-op otherwise. ### Guard: The file must exist, no-op otherwise.
if [[ ! -f "${TARGET}${var_file_login}" ]]; then if [[ ! -f "${TARGET}${var_file_login}" ]]; then
return 0 return 0
fi fi
if [[ ! -f "${TARGET}${var_file_sshd}" ]]; then
: ### Still continue, only '/etc/pam.d/login' will be processed
fi
### 1) If the 'pam_access' line is commented in '/etc/pam.d/login', uncomment exactly one occurrence. ### 1) If the 'pam_access' line is commented in '/etc/pam.d/login', uncomment exactly one occurrence.
# shellcheck disable=SC2155 chroot_stdin "${TARGET}" "__payload__" <<'EOF'
declare var_payload="$(
cat <<'CISS'
tmp="$(mktemp /etc/pam.d/login.XXXXXX)" tmp="$(mktemp /etc/pam.d/login.XXXXXX)"
LC_ALL=C awk ' LC_ALL=C awk '
BEGIN { done=0 } BEGIN { done=0 }
@@ -623,46 +617,28 @@ BEGIN { done=0 }
print print
} }
' /etc/pam.d/login >| "${tmp}" ' /etc/pam.d/login >| "${tmp}"
test -s "${tmp}" test -s "${tmp}"
mv -f "${tmp}" /etc/pam.d/login mv -f "${tmp}" /etc/pam.d/login
CISS [[ -f "${tmp}" ]] && rm -f "${tmp}"
)" EOF
chroot_script "${TARGET}" "${var_payload}"
#chroot_script "${TARGET}" "
# LC_ALL=C awk '
# BEGIN { done=0 }
# {
# if (!done) {
# tmp=\$0
# sub(/^[[:space:]]*#+[[:space:]]*/, \"\", tmp)
# if (tmp ~ /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/) {
# print tmp
# done=1
# next
# }
# }
# print
# }
# ' /etc/pam.d/login >| /etc/pam.d/login.new
# mv -f /etc/pam.d/login.new /etc/pam.d/login
# "
### 2) If '/etc/pam.d/login' now has an active pam_access line, ensure '/etc/pam.d/sshd' pam_access line(s) are commented out. ### 2) If '/etc/pam.d/login' now has an active pam_access line, ensure '/etc/pam.d/sshd' pam_access line(s) are commented out.
chroot_script "${TARGET}" " ### No-op if '/etc/pam.d/sshd' is absent.
if grep -Eq '^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access\.so([[:space:]]|$)' /etc/pam.d/login; then [[ -f "${TARGET}${var_file_sshd}" ]] || return 0
if [[ -f /etc/pam.d/sshd ]]; then
awk ' chroot_stdin "${TARGET}" "__payload__" <<'EOF'
### Comment only active matches; keep pre-commented lines untouched. LC_ALL=C
/^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access\.so([[:space:]]|$)/ { print \"# \" \$0; next } if grep -Eq '^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)' /etc/pam.d/login; then
{ print } tmp="$(mktemp /etc/pam.d/sshd.XXXXXX)"
' /etc/pam.d/sshd >| /etc/pam.d/sshd.new LC_ALL=C awk '
mv -f /etc/pam.d/sshd.new /etc/pam.d/sshd /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/ { print "# " $0; next }
fi { print }
fi ' /etc/pam.d/sshd >| "${tmp}"
" test -s "${tmp}"
mv -f "${tmp}" /etc/pam.d/sshd
[[ -f "${tmp}" ]] && rm -f "${tmp}"
fi
EOF
return 0 return 0
} }

5
lib/cdi_0060_traps/0060_trap_err.sh
View File

@@ -36,6 +36,7 @@ guard_sourcing
# VAR_DEBUG_TRACE # VAR_DEBUG_TRACE
# VAR_DEBUG_TRAP # VAR_DEBUG_TRAP
# VAR_GIT_REL # VAR_GIT_REL
# VAR_HEADROOM
# VAR_PARAM_COUNT # VAR_PARAM_COUNT
# VAR_PARAM_STRNG # VAR_PARAM_STRNG
# VAR_RESOURCES # VAR_RESOURCES
@@ -68,6 +69,7 @@ print_file_err() {
printf "❌ Script PID : %s %b" "${$}" "${NL}" printf "❌ Script PID : %s %b" "${$}" "${NL}"
printf "❌ Script Runtime : %s %b" "${VAR_SCRIPT_RUNTIME}" "${NL}" printf "❌ Script Runtime : %s %b" "${VAR_SCRIPT_RUNTIME}" "${NL}"
printf "❌ System Resources : %s %b" "${VAR_RESOURCES}" "${NL}" printf "❌ System Resources : %s %b" "${VAR_RESOURCES}" "${NL}"
printf "❌ Approx. Stack Headroom : %s %b" "${VAR_HEADROOM}" "${NL}"
printf "❌ Arguments Counter : %s %b" "${VAR_PARAM_COUNT}" "${NL}" printf "❌ Arguments Counter : %s %b" "${VAR_PARAM_COUNT}" "${NL}"
printf "❌ Arguments Original : %s %b" "${VAR_PARAM_STRNG}" "${NL}" printf "❌ Arguments Original : %s %b" "${VAR_PARAM_STRNG}" "${NL}"
printf "❌ Arguments Sanitized : %s %b" "${VAR_ARG_SANITIZED}" "${NL}" printf "❌ Arguments Sanitized : %s %b" "${VAR_ARG_SANITIZED}" "${NL}"
@@ -114,6 +116,7 @@ print_file_err() {
# VAR_DEBUG_TRACE # VAR_DEBUG_TRACE
# VAR_DEBUG_TRAP # VAR_DEBUG_TRAP
# VAR_GIT_REL # VAR_GIT_REL
# VAR_HEADROOM
# VAR_PARAM_COUNT # VAR_PARAM_COUNT
# VAR_PARAM_STRNG # VAR_PARAM_STRNG
# VAR_RESOURCES # VAR_RESOURCES
@@ -145,6 +148,7 @@ print_scr_err() {
printf "%b❌ Script PID : %s %b%b" "${RED}" "${$}" "${RES}" "${NL}" printf "%b❌ Script PID : %s %b%b" "${RED}" "${$}" "${RES}" "${NL}"
printf "%b❌ Script Runtime : %s %b%b" "${RED}" "${VAR_SCRIPT_RUNTIME}" "${RES}" "${NL}" printf "%b❌ Script Runtime : %s %b%b" "${RED}" "${VAR_SCRIPT_RUNTIME}" "${RES}" "${NL}"
printf "%b❌ System Resources : %s %b%b" "${RED}" "${VAR_RESOURCES}" "${RES}" "${NL}" printf "%b❌ System Resources : %s %b%b" "${RED}" "${VAR_RESOURCES}" "${RES}" "${NL}"
printf "%b❌ Approx. Stack Headroom : %s %b%b" "${RED}" "${VAR_HEADROOM}" "${RES}" "${NL}"
printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}" printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}"
printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}" printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}"
printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}"
@@ -220,6 +224,7 @@ trap_err() {
declare -g ERRCMMD="$5" declare -g ERRCMMD="$5"
# shellcheck disable=SC2034 # shellcheck disable=SC2034
declare -g ERRTRAP="true" declare -g ERRTRAP="true"
declare -g VAR_HEADROOM=$(( $(getconf ARG_MAX) - $(printenv -0 | wc -c) - 4096 ))
trap - DEBUG ERR INT TERM trap - DEBUG ERR INT TERM

3
lib/cdi_0060_traps/0070_trap_exit.sh
View File

@@ -147,6 +147,8 @@ trap_exit_non_zero() {
if [[ "${ERRTRAP}" == "false" ]]; then if [[ "${ERRTRAP}" == "false" ]]; then
declare VAR_HEADROOM=$(( $(getconf ARG_MAX) - $(printenv -0 | wc -c) - 4096 ))
if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then dump_vars_exiting; fi if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then dump_vars_exiting; fi
case "${VAR_IN_DIALOG_WR}" in case "${VAR_IN_DIALOG_WR}" in
@@ -181,6 +183,7 @@ trap_exit_non_zero() {
printf "%b❌ Script PID : %s %b%b" "${RED}" "${$}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Script PID : %s %b%b" "${RED}" "${$}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ Script Runtime : %s %b%b" "${RED}" "${VAR_SCRIPT_RUNTIME}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Script Runtime : %s %b%b" "${RED}" "${VAR_SCRIPT_RUNTIME}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ System Resources : %s %b%b" "${RED}" "${VAR_RESOURCES}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ System Resources : %s %b%b" "${RED}" "${VAR_RESOURCES}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ Approx. Stack Headroom : %s %b%b" "${RED}" "${VAR_HEADROOM}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Arguments Counter : %s %b%b" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Arguments Original : %s %b%b" "${RED}" "${VAR_PARAM_STRNG}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"
printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" | tee -a "${LOG_EXT}" printf "%b❌ Arguments Sanitized : %s %b%b" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" | tee -a "${LOG_EXT}"