V9.14.002.2026.06.08

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2026-06-08 15:21:48 +01:00
parent 830aa1afa7
commit 925cdae81c
38 changed files with 114 additions and 58 deletions
@@ -15,7 +15,10 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
 #######################################
 # Build Ultra Hardened dropbear from sources.
 # Globals:
+#   PATH
 #   TARGET
+#   VAR_DROPBEAR_BUILD_ROOT
+#   VAR_DROPBEAR_VERSION
 #   VAR_SETUP_PATH
 # Arguments:
 #   None
@@ -27,10 +30,9 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
 #######################################
 dropbear_build() {
  ### Declare Arrays, HashMaps, and Variables.
-  declare     var_dropbear_version="2026.91"
-  declare     var_tar="${VAR_SETUP_PATH}/upgrades/dropbear/dropbear-${var_dropbear_version}.tar.bz2"
-  declare     var_build_root="/opt/.ciss/build"
-  declare     var_build_dir="${var_build_root}/dropbear-${var_dropbear_version}"
+  declare -r  var_tar="${VAR_SETUP_PATH}/upgrades/dropbear/dropbear-${VAR_DROPBEAR_VERSION}.tar.bz2"
+  declare -r  var_build_root="${VAR_DROPBEAR_BUILD_ROOT}"
+  declare -r  var_build_dir="${var_build_root}/dropbear-${VAR_DROPBEAR_VERSION}"
  declare -r  var_logfile="/root/.ciss/cdi/log/4310_dropbear_build.log"
  declare -r  var_build_log="${TARGET}${var_logfile}"
  declare -r  var_build_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -49,7 +51,7 @@ dropbear_build() {
  fi

  case "${var_build_dir}" in
-    /opt/.ciss/build/dropbear-*) ;;
+    "${VAR_DROPBEAR_BUILD_ROOT}"/dropbear-*) ;;
    *)
      do_log "error" "file_only" "4310() Refusing to clean unexpected Dropbear build directory: '${var_build_dir}'."
      return "${ERR_PATH_NOT_VALID}"
@@ -15,9 +15,10 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
 #######################################
 # Install the 'dropbear-initramfs' and replace the binaries with those from the previous Ultra Hardened build.
 # Globals:
-#   DIR_TMP
 #   RECOVERY
 #   TARGET
+#   VAR_DROPBEAR_BUILD_ROOT
+#   VAR_DROPBEAR_VERSION
 #   VAR_RUN_RECOVERY
 # Arguments:
 #   None
@@ -27,6 +28,7 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
 dropbear_initramfs() {
  ### Declare Arrays, HashMaps, and Variables.
  declare     var_file=""
+  declare -r  var_build_dir="${VAR_DROPBEAR_BUILD_ROOT}/dropbear-${VAR_DROPBEAR_VERSION}"
  declare -r  var_logfile="/root/.ciss/cdi/log/4311_dropbear_initramfs.log"
  declare     var_target="${TARGET}"

@@ -35,6 +37,21 @@ dropbear_initramfs() {

  chroot_logger "${var_target}${var_logfile}"

+  case "${var_build_dir}" in
+    "${VAR_DROPBEAR_BUILD_ROOT}"/dropbear-*) ;;
+    *)
+      do_log "error" "file_only" "4311() Refusing unexpected Dropbear build directory: '${var_build_dir}'."
+      return "${ERR_PATH_NOT_VALID}"
+      ;;
+  esac
+
+  for var_file in dropbear dbclient dropbearconvert dropbearkey; do
+    if [[ ! -x "${var_build_dir}/${var_file}" ]]; then
+      do_log "error" "file_only" "4311() Dropbear build artifact missing or not executable: '${var_build_dir}/${var_file}'."
+      return "${ERR_PATH_NOT_VALID}"
+    fi
+  done
+
  chroot_script "${var_target}" "
    export INITRD=No
    [[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
@@ -60,14 +77,14 @@ dropbear_initramfs() {
  "

  mv "${var_target}/usr/sbin/dropbear" "${var_target}/usr/sbin/dropbear.trixie"
-  install -D -m 0755 -o root -g root "${DIR_TMP}/build/dropbear-2025.88/dropbear" "${var_target}/usr/sbin/"
+  install -D -m 0755 -o root -g root "${var_build_dir}/dropbear" "${var_target}/usr/sbin/"
  do_log "debug" "file_only" "4311() Installation [dropbear] successful."


  for var_file in dbclient dropbearconvert dropbearkey; do

    mv "${var_target}/usr/bin/${var_file}" "${var_target}/usr/bin/${var_file}.trixie"
-    install -D -m 0755 -o root -g root "${DIR_TMP}/build/dropbear-2025.88/${var_file}" "${var_target}/usr/bin/"
+    install -D -m 0755 -o root -g root "${var_build_dir}/${var_file}" "${var_target}/usr/bin/"
    do_log "debug" "file_only" "4311() Installation [${var_file}] successful."

  done