V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-25 19:43:29 +02:00
parent 1cf1e6d487
commit 8bf1ac8835
19 changed files with 178 additions and 110 deletions
--- a/func/2010_validation_ip.sh
+++ b/func/2010_validation_ip.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # IPv4 validation.
 # Globals:
--- a/func/2015_helper_modules.sh
+++ b/func/2015_helper_modules.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Wrapper for executing commands in the desired chroot environment.
 # Globals:
--- a/func/2020_logging_modules.sh
+++ b/func/2020_logging_modules.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Log level values for comparison.
 # Arguments:
--- a/func/2030_check_nic.sh
+++ b/func/2030_check_nic.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Specify the NIC interactively for setup.
 # Globals:
--- a/func/2040_grub_helper.sh
+++ b/func/2040_grub_helper.sh
@@ -13,6 +13,8 @@
 ### Options in "VAR_GRUB_CMDLINE_LINUX" are always effective.
 ### Options in "VAR_GRUB_CMDLINE_LINUX_DEFAULT" are effective ONLY during normal boot (NOT during recovery mode).

+guard_sourcing
+
 #######################################
 # Helper module to extract the current GRUB CMDLINE strings.
 # Globals:
--- a/func/2050_yaml_parser.sh
+++ b/func/2050_yaml_parser.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Parsing './.preseed/preseed.yaml'.
 # Globals:
--- a/func/2051_yaml_reader.sh
+++ b/func/2051_yaml_reader.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Reading and extracting variables from "${PRESEED}".
 # Globals:
--- a/func/2056_validation_preseed.sh
+++ b/func/2056_validation_preseed.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Validate all preseed network variables (IPv4 & IPv6)
 # Arguments:
--- a/func/3200_partitioning.sh
+++ b/func/3200_partitioning.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Function that generates each partition on each device according to the chosen recipe string.
 # Globals:
--- a/func/3220_partition_encryption.sh
+++ b/func/3220_partition_encryption.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Function to encrypt the respective partition on each device according to the chosen recipe string.
 # Globals:
--- a/func/3240_partition_formatting.sh
+++ b/func/3240_partition_formatting.sh
@@ -10,9 +10,17 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing

-###########################################################################################
+#######################################
 # Function to format the respective partition on each device according to the recipe string chosen.
+# Globals:
+#   DIR_LOG
+#   VAR_RECIPE_STRING
+#   VAR_SETUP_PART
+# Arguments:
+#   None
+#######################################
 partition_formatting() {
  ### Declare Arrays and Variables.
  declare var_dev var_part \
--- a/func/3260_setup_filesystem.sh
+++ b/func/3260_setup_filesystem.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+###########################################################################################
+# Function to prepare the filesystem to mount each partition on the respective path.
+# Globals:
+#   MAP_MOUNTPATH_DEV
+#   MODULE_ERR
+#   MODULE_TXT
+#   RECIPE_DEV_PARTITIONS
+#   RECIPE_STRING
+# Arguments:
+#   None
+###########################################################################################
+setup_filesystem() {
+  ### Declare Arrays and Variables.
+  declare -Ag HMP_MOUNTPATH_DEV
+  declare var_dev var_part var_encryption_enable var_encryption_label var_mount_enable var_mount_path
+
+  ### Iterate over all devices in the recipe.
+  for var_dev in $(yq e ".recipe.${VAR_RECIPE_STRING}.dev | keys | .[]" "${VAR_SETUP_PART}"); do
+
+    ### Iterate over all partitions for this device.
+    for var_part in $(yq e ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev} | keys | .[]" "${VAR_SETUP_PART}"); do
+
+      ### Extract parameters from YAML.
+      var_encryption_enable=$(yq e ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev}.${var_part}.encryption.enable" "${VAR_SETUP_PART}")
+      var_encryption_label=$(yq e ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev}.${var_part}.encryption.label"   "${VAR_SETUP_PART}")
+      var_mount_enable=$(yq e ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev}.${var_part}.mount.enable"           "${VAR_SETUP_PART}")
+      var_mount_path=$(yq e ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev}.${var_part}.mount.path"               "${VAR_SETUP_PART}")
+
+      if [[ "${var_mount_enable,,}" == "true" ]]; then
+
+        if [[ -n "${var_mount_path}" ]]; then
+
+          if [[ "${var_encryption_enable,,}" == "true" && "${var_mount_path}" != "SWAP" && "${var_mount_path}" != "/tmp" ]]; then
+
+            ### Encrypted partition
+            HMP_MOUNTPATH_DEV["${var_mount_path}"]="/dev/mapper/${var_encryption_label}"
+            do_log "info" "false" "Saved in HashMap MAP_MOUNTPATH_DEV: '${MOUNT_PATH}' -> '${HMP_MOUNTPATH_DEV["${MOUNT_PATH}"]}'"
+
+      elif     [[ ${ENCRYPTION_ENABLE,,} == "false" && ${MOUNT_PATH} != "SWAP" && ${MOUNT_PATH} != "/tmp" ]]; then
+
+            # Unencrypted partition
+            HMP_MOUNTPATH_DEV["${MOUNT_PATH}"]="/dev/${DEV}${PARTITION}"
+            do_log "info" "false" "Saved in HashMap MAP_MOUNTPATH_DEV: '${MOUNT_PATH}' -> '${HMP_MOUNTPATH_DEV["${MOUNT_PATH}"]}'"
+
+      else
+
+            do_log "error" "false" "Invalid value for encryption_enable: '${ENCRYPTION_ENABLE}', should be either true or false."
+
+      fi
+
+    fi
+
+  fi
+
+done
+
+  done
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh