V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-09-03 15:21:20 +02:00
parent 88d03df9d6
commit 8f9d485d2e
3 changed files with 9 additions and 8 deletions
--- a/.preseed/preseed.yaml
+++ b/.preseed/preseed.yaml
@@ -84,7 +84,7 @@ debootstrap:                   # Provide a mirror for downloading the Debian pac
                               # list of official Debian packages.
  mirror: "https://deb.debian.org/debian"
                               # The following packages MUST be included in the debootstrap.
-  includes: "busybox,ca-certificates,locales,openssl,zstd"
+  includes: "busybox,busybox-initramfs,ca-certificates,locales,openssl,zstd"
 distribution: "trixie"         # MUST be "trixie".
 debian_suite: "stable"         # MUST be "stable". Not supported yet: "testing", "experimental".
 exit:
--- a/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh
+++ b/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh
@@ -274,13 +274,16 @@ read_passphrase() {
    ROUNDS="$(cut -d'$' -f3 <<< "${NUKE_HASH}")"
    ROUNDS="${ROUNDS#rounds=}"
    SALT="$(cut -d'$' -f4 <<< "${NUKE_HASH}")"
-    CAND=$(/usr/bin/mkpasswd --method=sha-512 --salt="${SALT}" --rounds="${ROUNDS}" "${PASSPHRASE}")
+    _FULL_SALT="\$6\$rounds=${ROUNDS}\$${SALT}"
+    CAND=$(mkpasswd -m sha512 -S "${_FULL_SALT}" "${PASSPHRASE}" )
+    # CAND=$(/usr/bin/mkpasswd --method=sha-512 --salt="${SALT}" --rounds="${ROUNDS}" "${PASSPHRASE}")

    # TODO: DEBUGGER
-    echo "ROUNDS   : ${ROUNDS}"
-    echo "SALT     : ${SALT}"
-    echo "CAND     : ${CAND}"
-    echo "NUKE_HASH: ${NUKE_HASH}"
+    echo "ROUNDS    : ${ROUNDS}"
+    echo "SALT      : ${SALT}"
+    echo "_FULL_SALT: ${_FULL_SALT}"
+    echo "CAND      : ${CAND}"
+    echo "NUKE_HASH : ${NUKE_HASH}"

    if [[ "${CAND}" == "${NUKE_HASH}" ]]; then

--- a/includes/target/etc/initramfs-tools/hooks/custom-initramfs.sh
+++ b/includes/target/etc/initramfs-tools/hooks/custom-initramfs.sh
@@ -86,9 +86,7 @@ printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/dr
 install -m 0555 /etc/initramfs-tools/files/unlock_wrapper.sh "${DESTDIR}/usr/local/bin/unlock_wrapper.sh"
 printf "\e[92mSuccessfully executed: [install -m 0555 /etc/initramfs-tools/files/unlock_wrapper.sh %s/usr/local/bin/unlock_wrapper.sh] \n\e[0m" "${DESTDIR}"
 # TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock_wrapper.sh
-#install -m 0444 /etc/initramfs-tools/files/unlock_wrapper.sh.sha384 "${DESTDIR}/usr/local/bin/unlock_wrapper.sh.sha384"
 #install -m 0444 /etc/initramfs-tools/files/unlock_wrapper.sh.sha512 "${DESTDIR}/usr/local/bin/unlock_wrapper.sh.sha512"
-#install -m 0444 /etc/initramfs-tools/files/unlock_wrapper.sh.sha384.sig "${DESTDIR}/usr/local/bin/unlock_wrapper.sh.sha384.sig"
 #install -m 0444 /etc/initramfs-tools/files/unlock_wrapper.sh.sha512.sig "${DESTDIR}/usr/local/bin/unlock_wrapper.sh.sha512.sig"

 ### Install PGP Signing Keys