V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-17 06:42:14 +01:00
parent bedd0d3fa5
commit 7d599e8463
71 changed files with 2203 additions and 548 deletions
--- a/func/cdi_4000_debootstrap/4010_prepare_mounts.sh
+++ b/func/cdi_4000_debootstrap/4010_prepare_mounts.sh
@@ -64,7 +64,6 @@ prepare_mounts() {

  done

-
  for var_path in "${!HMP_SPECIAL_MOUNTS[@]}"; do

    IFS=" " read -r var_fs var_src var_opts <<< "${HMP_SPECIAL_MOUNTS[${var_path}]}"
@@ -87,7 +86,6 @@ prepare_mounts() {

  done

-
  if [[ "${VAR_NEED_RUN_IN_TARGET:-false}" == "true" ]]; then

    mkdir -p "${var_target}/run"
@@ -103,7 +101,6 @@ prepare_mounts() {

  fi

-
  if ! chroot_exec "${var_target}" mkdir -p /etc/systemd/system/multi-user.target.wants; then

    do_log "emergency" "file_only" "4010() Command: [chroot_exec ${var_target} mkdir -p /etc/systemd/system/multi-user.target.wants] failed."
@@ -115,8 +112,6 @@ prepare_mounts() {

  mkdir -p "${var_target}/media/cdrom0"

-  # shellcheck disable=SC2034
-
  if   [[ "${VAR_RUN_RECOVERY}" == "false" ]]; then

    declare -gx VAR_CHROOT_ACTIVATED="system"
--- a/func/cdi_4000_debootstrap/4011_prepare_xdg_root.sh
+++ b/func/cdi_4000_debootstrap/4011_prepare_xdg_root.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Prepare '/root' for XDG framework.
+# Globals:
+#   RECOVERY
+#   TARGET
+#   VAR_RUN_RECOVERY
+#   VAR_SETUP_PATH
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+prepare_xdg_root() {
+  ### Declare Arrays, HashMaps, and Variables.
+  declare     var_target="${TARGET}"
+
+  ### Check for TARGET / RECOVERY.
+  [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
+
+  install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/profile.d/ciss-xdg.sh" "${var_target}/etc/profile.d/"
+  install -m 0444 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/default/ciss-xdg-profile" "${var_target}/etc/default/"
+  install -m 0400 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/root/ciss_xdg_tmp.sh" "${var_target}/etc/root/"
+
+  # shellcheck disable=SC2016
+  chroot_script "${var_target}" '
+    install -d -m 0755 /etc/xdg
+
+    ### Create canonical directories.
+    _xdg_umask="$(umask)"
+    umask 0077
+    [[ -d "${XDG_CONFIG_HOME}"     ]] || install -d -m 0700 -- "${XDG_CONFIG_HOME}"
+    [[ -d "${XDG_DATA_HOME}"       ]] || install -d -m 0700 -- "${XDG_DATA_HOME}"
+    [[ -d "${XDG_CACHE_HOME}"      ]] || install -d -m 0700 -- "${XDG_CACHE_HOME}"
+    [[ -d "${XDG_STATE_HOME}"      ]] || install -d -m 0700 -- "${XDG_STATE_HOME}"
+    [[ -d "${XDG_STATE_HOME}/bash" ]] || install -d -m 0700 -- "${XDG_STATE_HOME}/bash"
+    [[ -d "${XDG_STATE_HOME}/less" ]] || install -d -m 0700 -- "${XDG_STATE_HOME}/less"
+    umask "$_xdg_umask"
+    unset _xdg_umask
+    '
+
+  guard_dir && return 0
+}
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f prepare_xdg_root
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh