V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-04 20:36:10 +02:00
parent 23f02f36bf
commit 7e0e71fa90
10 changed files with 59 additions and 33 deletions
--- a/.preseed/preseed.yaml
+++ b/.preseed/preseed.yaml
@@ -442,7 +442,8 @@ locale:
    layout: "de"
    xkb_keymap: "de"
  language: "en"
-  locale:                      # All locales specified via override MUST be set here, too.
+  locale:                      # All locales specified via override MUST be set here, too. A specified 'locale' take
+                               # precedence over 'country' and 'language' settings.
    - "en_US.UTF-8"
    - "de_DE.UTF-8"
  override:
@@ -453,7 +454,7 @@ locale:
    messages: "en_US.UTF-8"    # System language for error messages.
    monetary: "en_US.UTF-8"    # Currency format and symbol.
    name: "en_US.UTF-8"        # Format of personal names.
-    numeric: "en_US.UTF-8"     # Number formatting, decimal/thousand separators.
+    numeric: "en_US.UTF-8"     # Number formatting, decimal / a thousand separators.
    paper: "de_DE.UTF-8"       # Standard paper format.
    telephone: "en_US.UTF-8"   # Format for telephone numbers.
    time: "de_DE.UTF-8"        # Date and time format, start of week.
--- a/func/cdi_1000_helper/1082_helper_modules.sh
+++ b/func/cdi_1000_helper/1082_helper_modules.sh
@@ -40,7 +40,7 @@ generate_subnetmask() {
 #   None
 #######################################
 update_upgrade() {
-  apt-get update -y
+  apt-get update
  apt-get dist-upgrade -y
  apt-get autoclean -y
  apt-get autopurge -y
--- a/func/cdi_4000_debootstrap/4050_setup_locales.sh
+++ b/func/cdi_4000_debootstrap/4050_setup_locales.sh
@@ -15,6 +15,7 @@ guard_sourcing
 #######################################
 # Set locale, locale overrides and configure keyboard layout.
 # Globals:
+#   ARY_LOCALE
 #   TARGET
 #   VAR_ARCHITECTURE
 #   VAR_CODENAME
@@ -22,7 +23,6 @@ guard_sourcing
 #   locale_country
 #   locale_keyboard_xkb_keymap
 #   locale_language
-#   locale_locale
 #   locale_override_address
 #   locale_override_collate
 #   locale_override_ctype
@@ -63,8 +63,6 @@ setup_locales() {
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-set -x
-exec 2>/tmp/locale-hook-debug.log
 set -Ceuo pipefail

 declare -a ary_locale=()
--- a/func/cdi_4100_base_installation/4100_generate_sources.sh
+++ b/func/cdi_4100_base_installation/4100_generate_sources.sh
@@ -16,6 +16,9 @@ guard_sourcing
 # Generate target '/etc/apt/sources.list' entries.
 # Globals:
 #   TARGET
+#   VAR_ARCHITECTURE
+#   VAR_CODENAME
+#   VAR_VERSION
 #   apt_contrib
 #   apt_deb_sources
 #   apt_mirror_directory
@@ -38,7 +41,7 @@ guard_sourcing
 generate_sources() {
  ### Declare Arrays, HashMaps, and Variables.
  declare -a ary_components=()
-  declare    var_arch="" var_codename="" var_deb_src="" var_dir="" var_hostname="" var_hostsecure="" var_url var_surl=""
+  declare    var_arch="" var_codename="" var_deb_src="" var_dir="" var_hostname="" var_hostsecure="" var_url="" var_surl=""

  # shellcheck disable=SC2154 # "${architecture}"
  var_arch="${architecture,,}"
--- a/func/cdi_4100_base_installation/4110_update_sources.sh
+++ b/func/cdi_4100_base_installation/4110_update_sources.sh
@@ -25,12 +25,13 @@ guard_sourcing
 update_sources() {
  ### Declare Arrays, HashMaps, and Variables.
  declare -r  var_logfile="${DIR_LOG}/4110_update_sources.sh"
+  touch "${var_logfile}" && chmod 0600 "${var_logfile}"

  ### Update generated sources.
  # shellcheck disable=SC2312
-  do_in_target "${TARGET}" script -q -c apt-get update -y /dev/null 2>&1 | tee -a "${var_logfile}"
+  do_in_target_script "${TARGET}" "apt-get update 2>&1 | tee -a ${var_logfile}; echo ExitCode: \$? >> ${var_logfile}"

-  do_log "info" "file_only" "4110() Sources updated successfully."
+  do_log "info" "file_only" "4110() Sources lists: updated successfully."

  return 0
 }
--- a/func/cdi_4100_base_installation/4120_installation_kernel.sh
+++ b/func/cdi_4100_base_installation/4120_installation_kernel.sh
@@ -15,6 +15,7 @@ guard_sourcing
 #######################################
 # Installation of the specified kernel.
 # Globals:
+#   DIR_LOG
 #   TARGET
 #   image
 # Arguments:
@@ -25,9 +26,9 @@ guard_sourcing
 installation_kernel() {
  ### Declare Arrays, HashMaps, and Variables.
  declare -r  var_logfile="${DIR_LOG}/4120_installation_kernel.sh"
+  touch "${var_logfile}" && chmod 0600 "${var_logfile}"

-  # shellcheck disable=SC2312
-  do_in_target "${TARGET}" apt-get install -y "${image}" /dev/null 2>&1 | tee -a "${var_logfile}"
+  do_in_target_script "${TARGET}" "apt-get install -y ${image} 2>&1 | tee -a ${var_logfile}; echo ExitCode: \$? >> ${var_logfile}"

  do_log "info" "file_only" "4120() Kernel image: '${image}' installed successfully."

--- a/func/cdi_4100_base_installation/4130_installation_toolset.sh
+++ b/func/cdi_4100_base_installation/4130_installation_toolset.sh
@@ -15,6 +15,7 @@ guard_sourcing
 #######################################
 # Check and set up the minimum required tools for the next installation steps.
 # Globals:
+#   DIR_LOG
 #   TARGET
 # Arguments:
 #   None
@@ -79,10 +80,9 @@ installation_toolset() {

  declare -a  ary_missing_pkgs=() ary_unique_pkgs=()
  declare -r  var_logfile="${DIR_LOG}/4130_installation_toolset.sh"
-  declare     var_bin="" var_bin=""
+  declare     var_bin=""

-  ### Installation most basic packages.
-  do_in_target "${TARGET}" apt-get install -y --no-install-recommends locales tzdata debconf
+  touch "${var_logfile}" && chmod 0600 "${var_logfile}"

  ### Collecting missing binaries.
  for var_bin in "${!hmp_tool_pkg[@]}"; do
@@ -101,8 +101,10 @@ installation_toolset() {
    mapfile -t ary_unique_pkgs < <(printf '%s\n' "${ary_missing_pkgs[@]}" | sort -u)
    do_log "debug" "file_only" "4130() [ary_unique_pkgs]='${ary_unique_pkgs[*]}'."

-    # shellcheck disable=SC2312
-    do_in_target "${TARGET}" script -q -c "apt-get install -y --no-install-recommends ${ary_unique_pkgs[*]}" /dev/null 2>&1 | tee -a "${var_logfile}"
+    do_in_target_script "${TARGET}" "
+      apt-get install -y --no-install-recommends ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
+      echo ExitCode: \$? >> ${var_logfile}
+    "

  fi

--- a/func/cdi_4100_base_installation/4131_installation_systemd.sh
+++ b/func/cdi_4100_base_installation/4131_installation_systemd.sh
@@ -15,6 +15,7 @@ guard_sourcing
 #######################################
 # Ensure systemd is in place.
 # Globals:
+#   DIR_LOG
 #   TARGET
 # Arguments:
 #   None
@@ -22,18 +23,25 @@ guard_sourcing
 #   0: on success
 #######################################
 installation_systemd() {
-  if ! do_in_target_script "${TARGET}" "command -v systemctl >/dev/null"; then
+  ### Declare Arrays, HashMaps, and Variables.
+  declare -r  var_logfile="${DIR_LOG}/4131_installation_systemd.sh"

+  touch "${var_logfile}" && chmod 0600 "${var_logfile}"
+
+  if ! do_in_target_script "${TARGET}" "type -P systemctl >/dev/null"; then
    do_log "info" "file_only" "4131() 'systemctl' NOT found, installing 'systemd' and dependencies."
-    do_in_target "${TARGET}" apt-get install -y --no-install-recommends systemd systemd-sysv dbus
-
+    do_in_target_script "${TARGET}" "
+      apt-get update 2>&1 | tee -a ${var_logfile}
+      apt-get install -y --no-install-recommends systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
+      echo ExitCode: \$? >> ${var_logfile}
+    "
  else
-
-    do_log "info" "file_only" "4131() 'systemctl' found, skipping installation of systemd."
-
+    do_log "info" "file_only" "4131() 'systemctl' found, skipping installation."
  fi

-  do_in_target_script "${TARGET}" "systemctl --version | grep -qi 'systemd'"
+  do_in_target_script "${TARGET}" "
+    systemctl --version 2>&1 | tee -a ${var_logfile} | grep -qi 'systemd' || echo '[WARN]: systemd not verifiable' >> ${var_logfile}
+  "

  return 0
 }
--- a/func/cdi_4100_base_installation/4140_installation_microcode.sh
+++ b/func/cdi_4100_base_installation/4140_installation_microcode.sh
@@ -26,15 +26,19 @@ installation_microcode() {
  declare var_microcode_pkgs="" var_whereiam="" var_cpu_vendor=""

  # shellcheck disable=SC2312
+  if [[ -x "$(command -v virt-what)" ]]; then
    var_whereiam=$(virt-what | head -n1)
-  [[ -z "${var_whereiam}" ]] && var_whereiam="baremetal"
+  else
+    var_whereiam=$(grep -iE 'kvm|vmware|qemu' /sys/class/dmi/id/product_name 2>/dev/null || echo "baremetal")
+  fi
+
  # shellcheck disable=SC2312
-  var_cpu_vendor=$(lscpu | awk -F: '/Vendor ID/ {print $2}' | xargs)
+  var_cpu_vendor=$(</proc/cpuinfo grep 'vendor_id' | head -n1 | cut -d: -f2 | xargs)

  case "${var_cpu_vendor}" in
    *AuthenticAMD*)   var_microcode_pkgs="amd64-microcode" ;;
    *GenuineIntel*)   var_microcode_pkgs="intel-microcode" ;;
-    ""|*ARM*|*arm*|*) var_microcode_pkgs=""; do_log "info" "file_only" "4140() ARM or unknown CPU detected, skipping microcode installation." ;;
+    *)                do_log "info" "file_only" "4140() Unknown or unsupported CPU vendor: '${var_cpu_vendor}', skipping." ;;
  esac

  ###########################################################################################
@@ -42,8 +46,14 @@ installation_microcode() {
  ###########################################################################################
  if [[ "${var_whereiam}" != "kvm" && -n "${var_microcode_pkgs}" ]]; then

-    if ! do_in_target_script "${TARGET}" "dpkg -l ${var_microcode_pkgs} >/dev/null 2>&1"; then
+    if ! do_in_target_script "${TARGET}" "dpkg -s ${var_microcode_pkgs} >/dev/null 2>&1"; then
+
      do_in_target "${TARGET}" apt-get install -y "${var_microcode_pkgs}"
+
+    else
+
+      do_in_target "${TARGET}" apt-get install -y --only-upgrade "${var_microcode_pkgs}"
+
    fi

  else
--- a/func/cdi_4100_base_installation/4150_installation_chrony.sh
+++ b/func/cdi_4100_base_installation/4150_installation_chrony.sh
@@ -39,24 +39,26 @@ installation_chrony() {
  printf "# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh %b" "${NL}" >> "${var_of}"

  mkdir -p "${TARGET}/var/log/chrony"
-  do_in_target "${TARGET}" apt-get install chrony -y
+  do_in_target_script "${TARGET}" "apt-get install -y --no-install-recommends chrony"

  if [[ ! -e "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service" ]]; then

-    ln -s "${TARGET}/lib/systemd/system/chrony.service" "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service"
-  fi
+    do_in_target_script "${TARGET}" "systemctl enable chrony.service"

+  fi

  mkdir -p "${DIR_BAK}/etc/chrony"
  mv "${TARGET}/etc/chrony/chrony.conf" "${DIR_BAK}/etc/chrony/chrony.conf.bak"

-  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/etc/chrony/chrony.cnf" "${TARGET}/etc/chrony/chrony.conf"
+  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/chrony/chrony.cnf" "${TARGET}/etc/chrony/chrony.conf"
  cat "${var_of}" >> "${TARGET}/etc/chrony/chrony.conf"

+  do_log "debug" "file_only" "4150() Executing: [do_in_target ${TARGET} chronyd -Q -f /etc/chrony/chrony.conf]."
+  do_in_target "${TARGET}" chronyd -Q -f /etc/chrony/chrony.conf
+
  do_log "info" "file_only" "4150() Chrony NTPsec client installed."

  rm -f "${var_of}"
-  unset var_of

  return 0
 }