V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-06 22:39:24 +02:00
parent 3301a93677
commit 93f9c8891d
10 changed files with 149 additions and 98 deletions
--- a/func/cdi_4200_boot/4200_generate_fstab.sh
+++ b/func/cdi_4200_boot/4200_generate_fstab.sh
@@ -78,9 +78,9 @@ generate_fstab() {
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/fstab            : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture          : ${VAR_ARCHITECTURE}
-# Distribution          : ${VAR_CODENAME}
+# /etc/fstab                   : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                 : ${VAR_ARCHITECTURE}
+# Distribution                 : ${VAR_CODENAME}

 # Static file system information '/etc/fstab'.
 #
--- a/func/cdi_4200_boot/4210_generate_crypttab.sh
+++ b/func/cdi_4200_boot/4210_generate_crypttab.sh
@@ -69,9 +69,9 @@ generate_crypttab() {
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/crypttab         : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture          : ${VAR_ARCHITECTURE}
-# Distribution          : ${VAR_CODENAME}
+# /etc/crypttab                : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                 : ${VAR_ARCHITECTURE}
+# Distribution                 : ${VAR_CODENAME}

 # Static file system information: '/etc/crypttab'.
 #
--- a/func/cdi_4200_boot/4240_update_grub_password.sh
+++ b/func/cdi_4200_boot/4240_update_grub_password.sh
@@ -24,20 +24,22 @@ guard_sourcing
 #   ERR_READ_GRUB_FILE
 #######################################
 update_grub_password() {
+  ### Declare Arrays, HashMaps, and Variables.
  declare var_username="superadmin" var_password="" var_password_file="${DIR_CNF}/password_grub.txt" \
-    var_of="${TARGET}/etc/grub.d/40_custom" var_grub_entry=""
+          var_of="${TARGET}/etc/grub.d/40_custom" var_grub_entry=""

-  # TODO: Reactivate XTRACE Password Truncation
+  ### TODO: PASSWORD REMINDER
  ### No tracing for security reasons
  #[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
-  if [[ ! -f "${var_password_file}" ]] || ! IFS= read -r var_password < "${var_password_file}"; then
-    return "${ERR_READ_GRUB_FILE}"
-  fi
-  ### Turn on tracing again
-  #[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
+
+  var_password=$(<"${var_password_file}") || return "${ERR_READ_GRUB_FILE}"

  var_grub_entry=$(generate_grub_password_pbkdf2 "${var_username}" "${var_password}")

+  ### Turn on tracing again
+  #[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
+  #### TODO: PASSWORD REMINDER
+
  ### Append if not already present
  if ! grep -q "set superusers=" "${var_of}"; then
    {
@@ -49,6 +51,7 @@ update_grub_password() {
  fi

  do_in_target "${TARGET}" update-grub
+  do_log "info" "file_only" "4240() GRUB Password installed successfully."

  return 0
 }
--- a/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
+++ b/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
@@ -20,26 +20,30 @@ guard_sourcing
 # Globals:
 #   ARY_BOOTPARAM
 #   TARGET
+#   VAR_GRUB_CMDLINE_LINUX
 #   VAR_GRUB_CMDLINE_LINUX_DEFAULT
+#   VAR_NUKE
+#   VAR_NUKE_HASH
 # Arguments:
 #   None
 # Returns:
 #   0: on success
 #######################################
 update_grub_bootparameter() {
-  declare var_nuke_string="" var_param=""
+  ### Declare Arrays, HashMaps, and Variables.
+  declare     var_nuke_string="" var_param=""

  grub_extract_current_string

  for var_param in "${ARY_BOOTPARAM[@]}"; do

    if [[ -z "${var_param}" ]]; then
-      do_log "warn" "file_only" "Empty GRUB parameter detected and skipped."
+      do_log "warn" "file_only" "4250() Empty GRUB parameter detected and skipped."
      continue
    fi

    if grep -q --word-regexp "${var_param%%=*}" <<< "${VAR_GRUB_CMDLINE_LINUX_DEFAULT}"; then
-      do_log "info" "file_only" "Skipping duplicate kernel parameter: '${var_param}'."
+      do_log "info" "file_only" "4250() Skipping duplicate kernel parameter: '${var_param}'."
      continue
    fi

@@ -49,6 +53,7 @@ update_grub_bootparameter() {

  if [[ "${VAR_NUKE}" == "true" ]]; then
    var_nuke_string="nuke=${VAR_NUKE_HASH}"
+    # shellcheck disable=SC2034
    VAR_GRUB_CMDLINE_LINUX+=" ${var_nuke_string}"
  fi

@@ -56,7 +61,7 @@ update_grub_bootparameter() {

  do_in_target "${TARGET}" update-grub

-  do_log "info" "file_only" "Setting GRUB kernel parameters: ${VAR_GRUB_CMDLINE_LINUX_DEFAULT}"
+  do_log "info" "file_only" "4250() Setting GRUB kernel parameters: ${VAR_GRUB_CMDLINE_LINUX_DEFAULT}"

  return 0
 }