V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-07 10:00:50 +02:00
parent 16be92c0af
commit 5ae49b8e38
6 changed files with 28 additions and 22 deletions
--- a/func/cdi_1250_yaml/1251_yaml_reader.sh
+++ b/func/cdi_1250_yaml/1251_yaml_reader.sh
@@ -41,7 +41,7 @@ yaml_reader() {
  # shellcheck disable=SC2034
  declare -Ag HMP_RECIPE_DEV_PARTITIONS=()
  declare -gx VAR_RECIPE_STRING="" VAR_RECIPE_HIGHEST_DEVICE="" VAR_ARCHITECTURE="" VAR_RECIPE_FIRMWARE="" VAR_NUKE="" \
-              VAR_RECIPE_TABLE="" VAR_NEED_RUN_IN_TARGET="false" VAR_CODENAME="" VAR_RECOVERY=""
+              VAR_RECIPE_TABLE="" VAR_NEED_RUN_IN_TARGET="false" VAR_CODENAME="" VAR_DROPBEAR="" VAR_RECOVERY=""
  ### Declare and substitute input files.
  declare -r  var_if="${VAR_PRESEED}"
  declare     var_line="" var_middle_part="" var_highest_dev="" var_device="" var_fields="" var_partition="" \
@@ -144,6 +144,9 @@ END { print max }
  # shellcheck disable=SC2034
  VAR_CODENAME="${distribution,,}"
  # shellcheck disable=SC2034
  VAR_DROPBEAR="${dropbear_boot,,}"
  ### Extract chroot secure '/run' mounting strategy.
  # shellcheck disable=SC2034
  VAR_NEED_RUN_IN_TARGET="${needrun,,}"
--- a/func/cdi_4100_base/4150_installation_chrony.sh
+++ b/func/cdi_4100_base/4150_installation_chrony.sh
@@ -98,7 +98,6 @@ insert_chrony_comments() {
 # /etc/chrony/conf.d           : Generated by CISS.debian.installer '"${VAR_VERSION}"'\
 # Architecture                 : '"${VAR_ARCHITECTURE}"'\
 # Distribution                 : '"${VAR_CODENAME}"'\
 \
 ' "${file}"
  return 0
 }
--- a/func/cdi_4200_boot/4210_generate_crypttab.sh
+++ b/func/cdi_4200_boot/4210_generate_crypttab.sh
@@ -41,9 +41,9 @@ write_crypttab() {
 #   HMP_PATH_FSUUID
 #   HMP_PATH_LUKSUUID
 #   TARGET
 #   VAR_DROPBEAR
 #   VAR_NUKE
 #   VAR_VERSION
 #   dropbear_boot
 # Arguments:
 #  None
 # Returns:
@@ -53,6 +53,8 @@ generate_crypttab() {
  ### Declare Arrays, HashMaps, and Variables.
  declare     var_key="" var_encryption_label="" var_luks_uuid="" var_ephemeral_enclabel="" var_host_uuid=""
  ensure_lowercase "VAR_DROPBEAR"
  ### Generate '${TARGET}/etc/crypttab' header.
  : >| "${TARGET}/etc/crypttab"
  chmod 0600 "${TARGET}/etc/crypttab"
@@ -94,10 +96,18 @@ EOF
    var_encryption_label="${HMP_PATH_ENCLABEL["${var_key}"]}"
    var_luks_uuid="${HMP_PATH_LUKSUUID["${var_key}"]}"
-    if [[ "${dropbear_boot,,}" == "true" ]]; then
+    if [[ "${VAR_DROPBEAR}" == "true" ]]; then
      if [[ "${var_key}" == "/" ]]; then
        write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
      else
        write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
      fi
    else
      write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard"
--- a/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
+++ b/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
@@ -31,7 +31,7 @@ guard_sourcing
 #######################################
 update_grub_bootparameter() {
  ### Declare Arrays, HashMaps, and Variables.
-  declare     var_nuke_string="" var_param=""
+  declare     var_nuke_string="" var_param="" var_label=""
  grub_extract_current_string
@@ -47,14 +47,19 @@ update_grub_bootparameter() {
      continue
    fi
-    VAR_GRUB_CMDLINE_LINUX_DEFAULT+=" ${var_param}"
+    VAR_GRUB_CMDLINE_LINUX_DEFAULT="${VAR_GRUB_CMDLINE_LINUX_DEFAULT} ${var_param}"
  done
  if [[ "${VAR_DROPBEAR}" == "true" ]]; then
    var_label="${HMP_PATH_ENCLABEL["/"]}"
    VAR_GRUB_CMDLINE_LINUX+="${VAR_GRUB_CMDLINE_LINUX} cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
  fi
  if [[ "${VAR_NUKE}" == "true" ]]; then
    var_nuke_string="nuke=${VAR_NUKE_HASH}"
    # shellcheck disable=SC2034
-    VAR_GRUB_CMDLINE_LINUX+=" ${var_nuke_string}"
+    VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX} ${var_nuke_string}"
  fi
  grub_finalize_string
--- a/func/cdi_4300_network/4310_dropbear_build.sh
+++ b/func/cdi_4300_network/4310_dropbear_build.sh
@@ -30,6 +30,8 @@ dropbear_build() {
  declare var_tar="${VAR_SETUP_PATH}/upgrades/dropbear/dropbear-${var_dropbear_version}.tar.bz2"
  declare var_build_dir="${DIR_TMP}/build/dropbear-${var_dropbear_version}"
  apt-get install -y autoconf automake build-essential libtool libtomcrypt-dev libtommath-dev musl-tools
  mkdir -p "${DIR_TMP}/build"
  cp "${var_tar}" "${DIR_TMP}/build"
  tar xjf "${DIR_TMP}/build/dropbear-${var_dropbear_version}.tar.bz2" -C "${DIR_TMP}/build" || return "${ERR_PATH_NOT_VALID}"
--- a/func/cdi_4300_network/4312_dropbear_setup.sh
+++ b/func/cdi_4300_network/4312_dropbear_setup.sh
@@ -12,13 +12,6 @@
 guard_sourcing
 # TODO: Implement this update:
 # if [[ "${VAR_NUKE,,}" == "true" && "${var_key,,}" == "/" ]]; then
 #  #write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
 #  write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
 #  continue
 #fi
 #######################################
 # Set up Dropbear Initramfs Environment.
 # Globals:
@@ -84,13 +77,7 @@ dropbear_setup() {
  ### Generate dropbear configuration file
  write_dropbear_conf
-  ### Prepare Grub Bootparameter for LUKS decryption of '/root' and '/recovery'.
+
  # Options in "GRUB_CMDLINE_LINUX" are always effective.
  # Options in "GRUB_CMDLINE_LINUX_DEFAULT" are effective ONLY during normal boot (NOT during recovery mode).
  grub_extract_current_string
  declare var_label="${HMP_PATH_ENCLABEL["LABEL_/"]}"
  VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX} cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
  grub_finalize_string
  ### Install the script to be called by 'update-initramfs' for updating 'PATH'-variable inside initramfs.
  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/scripts/init-top/fixpath.sh" \