V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/cdi_1250_yaml/1251_yaml_reader.sh

@@ -41,7 +41,7 @@ yaml_reader() {
   # shellcheck disable=SC2034
   declare -Ag HMP_RECIPE_DEV_PARTITIONS=()
   declare -gx VAR_RECIPE_STRING="" VAR_RECIPE_HIGHEST_DEVICE="" VAR_ARCHITECTURE="" VAR_RECIPE_FIRMWARE="" VAR_NUKE="" \
-              VAR_RECIPE_TABLE="" VAR_NEED_RUN_IN_TARGET="false" VAR_CODENAME="" VAR_RECOVERY=""
+              VAR_RECIPE_TABLE="" VAR_NEED_RUN_IN_TARGET="false" VAR_CODENAME="" VAR_DROPBEAR="" VAR_RECOVERY=""
   ### Declare and substitute input files.
   declare -r  var_if="${VAR_PRESEED}"
   declare     var_line="" var_middle_part="" var_highest_dev="" var_device="" var_fields="" var_partition="" \
@@ -144,6 +144,9 @@ END { print max }
   # shellcheck disable=SC2034
   VAR_CODENAME="${distribution,,}"
 
+  # shellcheck disable=SC2034
+  VAR_DROPBEAR="${dropbear_boot,,}"
+
   ### Extract chroot secure '/run' mounting strategy.
   # shellcheck disable=SC2034
   VAR_NEED_RUN_IN_TARGET="${needrun,,}"

func/cdi_4100_base/4150_installation_chrony.sh

@@ -98,7 +98,6 @@ insert_chrony_comments() {
 # /etc/chrony/conf.d           : Generated by CISS.debian.installer '"${VAR_VERSION}"'\
 # Architecture                 : '"${VAR_ARCHITECTURE}"'\
 # Distribution                 : '"${VAR_CODENAME}"'\
-\
 ' "${file}"
   return 0
 }

func/cdi_4200_boot/4210_generate_crypttab.sh

@@ -41,9 +41,9 @@ write_crypttab() {
 #   HMP_PATH_FSUUID
 #   HMP_PATH_LUKSUUID
 #   TARGET
+#   VAR_DROPBEAR
 #   VAR_NUKE
 #   VAR_VERSION
-#   dropbear_boot
 # Arguments:
 #  None
 # Returns:
@@ -53,6 +53,8 @@ generate_crypttab() {
   ### Declare Arrays, HashMaps, and Variables.
   declare     var_key="" var_encryption_label="" var_luks_uuid="" var_ephemeral_enclabel="" var_host_uuid=""
 
+  ensure_lowercase "VAR_DROPBEAR"
+
   ### Generate '${TARGET}/etc/crypttab' header.
   : >| "${TARGET}/etc/crypttab"
   chmod 0600 "${TARGET}/etc/crypttab"
@@ -94,9 +96,17 @@ EOF
     var_encryption_label="${HMP_PATH_ENCLABEL["${var_key}"]}"
     var_luks_uuid="${HMP_PATH_LUKSUUID["${var_key}"]}"
 
-    if [[ "${dropbear_boot,,}" == "true" ]]; then
+    if [[ "${VAR_DROPBEAR}" == "true" ]]; then
 
-      write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
+      if [[ "${var_key}" == "/" ]]; then
+
+        write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
+
+      else
+
+        write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
+
+      fi
 
     else
 

func/cdi_4200_boot/4250_update_grub_bootparameter.sh

@@ -31,7 +31,7 @@ guard_sourcing
 #######################################
 update_grub_bootparameter() {
   ### Declare Arrays, HashMaps, and Variables.
-  declare     var_nuke_string="" var_param=""
+  declare     var_nuke_string="" var_param="" var_label=""
 
   grub_extract_current_string
 
@@ -47,14 +47,19 @@ update_grub_bootparameter() {
       continue
     fi
 
-    VAR_GRUB_CMDLINE_LINUX_DEFAULT+=" ${var_param}"
+    VAR_GRUB_CMDLINE_LINUX_DEFAULT="${VAR_GRUB_CMDLINE_LINUX_DEFAULT} ${var_param}"
 
   done
 
+  if [[ "${VAR_DROPBEAR}" == "true" ]]; then
+    var_label="${HMP_PATH_ENCLABEL["/"]}"
+    VAR_GRUB_CMDLINE_LINUX+="${VAR_GRUB_CMDLINE_LINUX} cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
+  fi
+
   if [[ "${VAR_NUKE}" == "true" ]]; then
     var_nuke_string="nuke=${VAR_NUKE_HASH}"
     # shellcheck disable=SC2034
-    VAR_GRUB_CMDLINE_LINUX+=" ${var_nuke_string}"
+    VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX} ${var_nuke_string}"
   fi
 
   grub_finalize_string

func/cdi_4300_network/4310_dropbear_build.sh

@@ -30,6 +30,8 @@ dropbear_build() {
   declare var_tar="${VAR_SETUP_PATH}/upgrades/dropbear/dropbear-${var_dropbear_version}.tar.bz2"
   declare var_build_dir="${DIR_TMP}/build/dropbear-${var_dropbear_version}"
 
+  apt-get install -y autoconf automake build-essential libtool libtomcrypt-dev libtommath-dev musl-tools
+
   mkdir -p "${DIR_TMP}/build"
   cp "${var_tar}" "${DIR_TMP}/build"
   tar xjf "${DIR_TMP}/build/dropbear-${var_dropbear_version}.tar.bz2" -C "${DIR_TMP}/build" || return "${ERR_PATH_NOT_VALID}"

func/cdi_4300_network/4312_dropbear_setup.sh

@@ -12,13 +12,6 @@
 
 guard_sourcing
 
-# TODO: Implement this update:
-# if [[ "${VAR_NUKE,,}" == "true" && "${var_key,,}" == "/" ]]; then
-#  #write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
-#  write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
-#  continue
-#fi
-
 #######################################
 # Set up Dropbear Initramfs Environment.
 # Globals:
@@ -84,13 +77,7 @@ dropbear_setup() {
   ### Generate dropbear configuration file
   write_dropbear_conf
 
-  ### Prepare Grub Bootparameter for LUKS decryption of '/root' and '/recovery'.
-  # Options in "GRUB_CMDLINE_LINUX" are always effective.
-  # Options in "GRUB_CMDLINE_LINUX_DEFAULT" are effective ONLY during normal boot (NOT during recovery mode).
-  grub_extract_current_string
-  declare var_label="${HMP_PATH_ENCLABEL["LABEL_/"]}"
-  VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX} cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
-  grub_finalize_string
+
 
   ### Install the script to be called by 'update-initramfs' for updating 'PATH'-variable inside initramfs.
   install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/scripts/init-top/fixpath.sh" \