msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V9.14.002.2026.06.08

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2026-06-08 15:21:48 +01:00
parent 830aa1afa7
commit 925cdae81c
38 changed files with 114 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files
func/cdi_1000_helper/README/README_1080.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
**Master Version**: 9.00<br>
**Build**: V9.14.000.2026.06.07<br>
**Build**: V9.14.002.2026.06.08<br>
# 2. [1080_helper_chroot.sh](../1080_helper_chroot.sh)
**Scope:** This note explains *what to use when* among
func/cdi_4000_debootstrap/README/README_4000.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
**Master Version**: 9.00<br>
**Build**: V9.14.000.2026.06.07<br>
**Build**: V9.14.002.2026.06.08<br>
# 2. [4000_debootstrap.sh](../4000_debootstrap.sh)
This module provisions a minimal Debian userspace into the installers target root (`$TARGET`) using `debootstrap`.
func/cdi_4300_network/4310_dropbear_build.sh
+7 -5
View File
@@ -15,7 +15,10 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
#######################################
# Build Ultra Hardened dropbear from sources.
# Globals:
# PATH
# TARGET
# VAR_DROPBEAR_BUILD_ROOT
# VAR_DROPBEAR_VERSION
# VAR_SETUP_PATH
# Arguments:
# None
@@ -27,10 +30,9 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
#######################################
dropbear_build() {
### Declare Arrays, HashMaps, and Variables.
declare var_dropbear_version="2026.91"
declare var_tar="${VAR_SETUP_PATH}/upgrades/dropbear/dropbear-${var_dropbear_version}.tar.bz2"
declare var_build_root="/opt/.ciss/build"
declare var_build_dir="${var_build_root}/dropbear-${var_dropbear_version}"
declare -r var_tar="${VAR_SETUP_PATH}/upgrades/dropbear/dropbear-${VAR_DROPBEAR_VERSION}.tar.bz2"
declare -r var_build_root="${VAR_DROPBEAR_BUILD_ROOT}"
declare -r var_build_dir="${var_build_root}/dropbear-${VAR_DROPBEAR_VERSION}"
declare -r var_logfile="/root/.ciss/cdi/log/4310_dropbear_build.log"
declare -r var_build_log="${TARGET}${var_logfile}"
declare -r var_build_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -49,7 +51,7 @@ dropbear_build() {
fi
case "${var_build_dir}" in
/opt/.ciss/build/dropbear-*) ;;
"${VAR_DROPBEAR_BUILD_ROOT}"/dropbear-*) ;;
*)
do_log "error" "file_only" "4310() Refusing to clean unexpected Dropbear build directory: '${var_build_dir}'."
return "${ERR_PATH_NOT_VALID}"
func/cdi_4300_network/4311_dropbear_initramfs.sh
+20 -3
View File
@@ -15,9 +15,10 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
#######################################
# Install the 'dropbear-initramfs' and replace the binaries with those from the previous Ultra Hardened build.
# Globals:
# DIR_TMP
# RECOVERY
# TARGET
# VAR_DROPBEAR_BUILD_ROOT
# VAR_DROPBEAR_VERSION
# VAR_RUN_RECOVERY
# Arguments:
# None
@@ -27,6 +28,7 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
dropbear_initramfs() {
### Declare Arrays, HashMaps, and Variables.
declare var_file=""
declare -r var_build_dir="${VAR_DROPBEAR_BUILD_ROOT}/dropbear-${VAR_DROPBEAR_VERSION}"
declare -r var_logfile="/root/.ciss/cdi/log/4311_dropbear_initramfs.log"
declare var_target="${TARGET}"
@@ -35,6 +37,21 @@ dropbear_initramfs() {
chroot_logger "${var_target}${var_logfile}"
case "${var_build_dir}" in
"${VAR_DROPBEAR_BUILD_ROOT}"/dropbear-*) ;;
*)
do_log "error" "file_only" "4311() Refusing unexpected Dropbear build directory: '${var_build_dir}'."
return "${ERR_PATH_NOT_VALID}"
;;
esac
for var_file in dropbear dbclient dropbearconvert dropbearkey; do
if [[ ! -x "${var_build_dir}/${var_file}" ]]; then
do_log "error" "file_only" "4311() Dropbear build artifact missing or not executable: '${var_build_dir}/${var_file}'."
return "${ERR_PATH_NOT_VALID}"
fi
done
chroot_script "${var_target}" "
export INITRD=No
[[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
@@ -60,14 +77,14 @@ dropbear_initramfs() {
"
mv "${var_target}/usr/sbin/dropbear" "${var_target}/usr/sbin/dropbear.trixie"
install -D -m 0755 -o root -g root "${DIR_TMP}/build/dropbear-2025.88/dropbear" "${var_target}/usr/sbin/"
install -D -m 0755 -o root -g root "${var_build_dir}/dropbear" "${var_target}/usr/sbin/"
do_log "debug" "file_only" "4311() Installation [dropbear] successful."
for var_file in dbclient dropbearconvert dropbearkey; do
mv "${var_target}/usr/bin/${var_file}" "${var_target}/usr/bin/${var_file}.trixie"
install -D -m 0755 -o root -g root "${DIR_TMP}/build/dropbear-2025.88/${var_file}" "${var_target}/usr/bin/"
install -D -m 0755 -o root -g root "${var_build_dir}/${var_file}" "${var_target}/usr/bin/"
do_log "debug" "file_only" "4311() Installation [${var_file}] successful."
done