V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/cdi_1250_yaml/1251_yaml_reader.sh

@@ -147,6 +147,9 @@ END { print max }
   # shellcheck disable=SC2034
   VAR_DROPBEAR="${dropbear_boot,,}"
 
+  # shellcheck disable=SC2034
+  VAR_GRUB_PASSWORD="${grub_password,,}"
+
   ### Extract chroot secure '/run' mounting strategy.
   # shellcheck disable=SC2034
   VAR_NEED_RUN_IN_TARGET="${needrun,,}"

func/cdi_4000_debootstrap/4000_debootstrap.sh

@@ -49,8 +49,9 @@ func_debootstrap() {
 
     do_log "info" "file_only" "4000() [${ary_cmd[*]}] successful."
     install -d -m 0700 -o root -g root "${var_target}/root/.ciss/cdi/backup"
-    install -d -m 0700 -o root -g root "${var_target}/root/.ciss/cdi/log"
     install -d -m 0700 -o root -g root "${var_target}/root/.ciss/cdi/hooks"
+    install -d -m 0700 -o root -g root "${var_target}/root/.ciss/cdi/keys"
+    install -d -m 0700 -o root -g root "${var_target}/root/.ciss/cdi/log"
     guard_dir && return 0
 
   else

func/cdi_4200_boot/4230_installation_grub.sh

@@ -128,8 +128,8 @@ GRUB_BACKGROUND="/boot/grub/${var_background}"
 # The resolution used on graphical terminal
 # note that you can use only modes which your graphic card supports via VBE
 # you can see them in real GRUB with the command 'vbeinfo'
-# GRUB_GFXMODE=1920x1080,1280x1024,1024x768,800x600
-GRUB_GFXMODE=800x600
+# GRUB_GFXMODE=1920x1080,1280x1024,1280x720,1024x768,800x600,640x480
+GRUB_GFXMODE=1280x720
 GRUB_GFXPAYLOAD_LINUX=keep
 
 EOF

func/cdi_4200_boot/4240_update_grub_password.sh

@@ -28,17 +28,15 @@ update_grub_password() {
   declare var_username="superadmin" var_password="" var_password_file="${DIR_CNF}/password_grub.txt" \
           var_of="${TARGET}/etc/grub.d/40_custom" var_grub_entry=""
 
-  ### TODO: PASSWORD REMINDER START
   guard_trace on
 
   var_password=$(<"${var_password_file}") || return "${ERR_READ_GRUB_FILE}"
 
   var_grub_entry=$(generate_grub_password_pbkdf2 "${var_username}" "${var_password}")
 
-  #### TODO: PASSWORD REMINDER STOP
   guard_trace off
 
-  ### Append if not already present
+  ### Append if not already present.
   if ! grep -q "set superusers=" "${var_of}"; then
     {
       echo ""

func/cdi_4300_network/4312_dropbear_setup.sh

@@ -79,8 +79,8 @@ dropbear_setup() {
   write_dropbear_conf
 
   ### Install the script to be called by 'update-initramfs' for updating 'PATH'-variable inside initramfs.
-  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/scripts/init-bottom/9999-fixpath.sh" \
-    "${TARGET}/etc/initramfs-tools/scripts/init-bottom/9999-fixpath"
+  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/scripts/init-premount/1000-fixpath.sh" \
+    "${TARGET}/etc/initramfs-tools/scripts/init-premount/1000-fixpath"
   install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/scripts/init-top/0000-fixpath.sh" \
     "${TARGET}/etc/initramfs-tools/scripts/init-top/0000-fixpath"
 
@@ -95,6 +95,12 @@ dropbear_setup() {
   ### Install the script to be called inside initramfs environment for unlocking LUKS and NUKE Devices.
   install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
     "${TARGET}/etc/initramfs-tools/files/"
+  install -D -m 0640 -o root -g root "${VAR_SETUP_PATH}${dropbear_sha_file}" \
+    "${TARGET}/etc/initramfs-tools/files/"
+  install -D -m 0640 -o root -g root "${VAR_SETUP_PATH}${dropbear_sig_file}" \
+    "${TARGET}/etc/initramfs-tools/files/"
+  install -D -m 0600 -o root -g root "${VAR_SETUP_PATH}${dropbear_pub_key}" \
+    "${TARGET}/root/.ciss/keys/"
 
   ### Install the script to be called inside the Host environment for signing 'unlock_wrapper.sh'-script.
   install -D -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper_signer.sh" \