V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/preseed.yaml

@@ -781,6 +781,7 @@ software:
   ##############################################################################################################################
   # Installed by 4620_installation_verification.sh
   ##############################################################################################################################
+  # acct
   # aide
   # aide-common
   # audit

func/cdi_4600_packages/4620_installation_verification.sh

@@ -31,6 +31,20 @@ install_verification() {
 
   chroot_logger "${TARGET}${var_logfile}"
 
+  chroot_script "${TARGET}" "
+    export INITRD=No
+    [[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
+    apt-get install -y --no-install-recommends --no-install-suggests acct 2>&1 | tee -a ${var_logfile}
+
+    mkdir -p /etc/systemd/system/multi-user.target.wants
+
+    if ln -s /lib/systemd/system/acct.service /etc/systemd/system/multi-user.target.wants/acct.service; then
+      printf 'Process Accounting enabled successfully.'
+    else
+      printf 'Process Accounting already enabled.'
+    fi
+  "
+
   chroot_script "${TARGET}" "
     export INITRD=No
     [[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh

func/cdi_4900_xtended/4900_final_command.sh

@@ -37,6 +37,8 @@ final_commands() {
     updatedb | tee -a ${var_logfile}
   "
 
+  ciss_enforce_multi_user_target
+
   rm -f "${var_target}/root/ciss_xdg_tmp.sh"
 
   guard_dir && return 0
@@ -44,4 +46,84 @@ final_commands() {
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f final_commands
+
+#######################################
+# description
+# Arguments:
+#  None
+# Returns:
+#   0 ...
+#######################################
+ciss_enforce_multi_user_target() {
+  ### Declare Arrays, HashMaps, and Variables.
+  declare -a  ary_dm_units=()
+  declare     var_target="${TARGET}"
+
+  ### Check for TARGET / RECOVERY.
+  [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
+
+  declare     var_dm="" var_unit_dir="" var_link="${var_target}/etc/systemd/system/default.target"
+
+  ### Determine the canonical systemd unit dir inside TARGET.
+  if [[ -d "${TARGET}/lib/systemd/system" ]]; then
+
+    var_unit_dir="${TARGET}/lib/systemd/system"
+
+  elif [[ -d "${TARGET}/usr/lib/systemd/system" ]]; then
+
+    var_unit_dir="${TARGET}/usr/lib/systemd/system"
+
+  fi
+
+  ### Enforce 'default.target' -> 'multi-user.target' as a symlink.
+  if [[ -e "${var_link}" ]] && [[ ! -L "${var_link}" ]]; then
+
+    ### A regular file here is wrong; we remove it to avoid vendor fallback to graphical.
+    rm -f -- "${var_link}"
+
+  fi
+
+  if [[ ! -L "${var_link}" ]]; then
+
+    ln -s "${var_unit_dir}/multi-user.target" "${var_link}"
+
+  else
+
+    ### Ensure it points to multi-user.
+    # shellcheck disable=SC2312
+    if [[ "$(readlink -f "${var_link}")" != "${var_unit_dir}/multi-user.target" ]]; then
+
+      rm -f -- "${var_link}"
+      ln -s "${var_unit_dir}/multi-user.target" "${var_link}"
+
+    fi
+
+  fi
+
+  ### Hard-block any display manager (mask via /dev/null symlink). Include common DMs, and the generic alias:
+  ary_dm_units=(
+    "display-manager.service"
+    "gdm.service" "gdm3.service"
+    "sddm.service"
+    "lightdm.service"
+    "xdm.service"
+    "lxdm.service"
+    "slim.service"
+  )
+
+  for var_dm in "${ary_dm_units[@]}"; do
+
+    if [[ ! -L "${TARGET}/etc/systemd/system/${var_dm}" ]]; then
+
+      ln -s /dev/null "${TARGET}/etc/systemd/system/${var_dm}"
+
+    fi
+
+  done
+
+  return 0
+}
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f ciss_enforce_multi_user_target
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh