msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 53s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-08-06 22:39:24 +02:00
parent 3301a93677
commit 93f9c8891d
10 changed files with 149 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
func/cdi_1250_yaml/1252_yaml_validator.sh
View File

@@ -55,20 +55,37 @@ yaml_validator() {
declare var_auto_nic="" var_auto_ipv4="" var_auto_ipv4_ccidr="" var_auto_ipv4_subnet="" var_auto_ipv4_gw="" \ declare var_auto_nic="" var_auto_ipv4="" var_auto_ipv4_ccidr="" var_auto_ipv4_subnet="" var_auto_ipv4_gw="" \
var_auto_ipv6="" var_auto_ipv6_ccidr="" var_auto_ipv6_gw="" var_link_ipv4="" var_link_ipv6="" var_auto_fqdn="" var_auto_ipv6="" var_auto_ipv6_ccidr="" var_auto_ipv6_gw="" var_link_ipv4="" var_link_ipv6="" var_auto_fqdn=""
declare -gx VAR_FINAL_NIC="" VAR_FINAL_FQDN="" VAR_FINAL_IPV4="" VAR_FINAL_IPV4_GW="" VAR_FINAL_IPV4_SUBNET="" \ declare -gx VAR_FINAL_NIC="" VAR_FINAL_FQDN="" VAR_FINAL_IPV4="" VAR_FINAL_IPV4_GW="" VAR_FINAL_IPV4_SUBNET="" \
VAR_FINAL_IPV6="" VAR_LINK_IPV6="" VAR_FINAL_IPV6="" VAR_LINK_IPV6="" VAR_FINAL_IPV6_GW="" VAR_FINAL_IPV6_SUBNET=""
ARY_IPV4_NS+=("${network_static_ipv4nameserver_0}") ensure_lowercase "network_autoconfig_enable"
ensure_lowercase "network_choose_interface_auto"
ensure_lowercase "network_choose_interface_static"
ensure_lowercase "network_hostname"
# shellcheck disable=SC2034
[[ -v network_static_ipv4nameserver_0 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_0}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv4nameserver_1 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_1}" ) [[ -v network_static_ipv4nameserver_1 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_1}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv4nameserver_2 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_2}" ) [[ -v network_static_ipv4nameserver_2 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_2}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv4nameserver_3 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_3}" ) [[ -v network_static_ipv4nameserver_3 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_3}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv4nameserver_fallback_0 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_fallback_0}" ) [[ -v network_static_ipv4nameserver_fallback_0 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_fallback_0}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv4nameserver_fallback_1 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_fallback_1}" ) [[ -v network_static_ipv4nameserver_fallback_1 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_fallback_1}" )
ARY_IPV6_NS+=("${network_static_ipv6nameserver_0}") # shellcheck disable=SC2034
[[ -v network_static_ipv6nameserver_0 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_0}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv6nameserver_1 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_1}" ) [[ -v network_static_ipv6nameserver_1 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_1}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv6nameserver_2 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_2}" ) [[ -v network_static_ipv6nameserver_2 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_2}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv6nameserver_3 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_3}" ) [[ -v network_static_ipv6nameserver_3 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_3}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv6nameserver_fallback_0 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_fallback_0}" ) [[ -v network_static_ipv6nameserver_fallback_0 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_fallback_0}" )
# shellcheck disable=SC2034
[[ -v network_static_ipv6nameserver_fallback_1 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_fallback_1}" ) [[ -v network_static_ipv6nameserver_fallback_1 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_fallback_1}" )
### Check current network connection and configure variables ### Check current network connection and configure variables
@@ -129,7 +146,7 @@ yaml_validator() {
do_log "info" "file_only" "1252() Live environment network check: Auto FQDN ='${var_auto_fqdn}'." do_log "info" "file_only" "1252() Live environment network check: Auto FQDN ='${var_auto_fqdn}'."
### Export hostname and IPv4 and IPv6 addresses for further processing according to dynamic results and preseed.yaml settings. ### Export hostname and IPv4 and IPv6 addresses for further processing according to dynamic results and preseed.yaml settings.
if [[ "${network_autoconfig_enable,,}" == "true" ]]; then if [[ "${network_autoconfig_enable}" == "true" ]]; then
# shellcheck disable=SC2034 # shellcheck disable=SC2034
VAR_FINAL_NIC="${var_auto_nic}" VAR_FINAL_NIC="${var_auto_nic}"
@@ -142,7 +159,7 @@ yaml_validator() {
# shellcheck disable=SC2034 # shellcheck disable=SC2034
VAR_FINAL_IPV4_SUBNET="${var_auto_ipv4_subnet}" VAR_FINAL_IPV4_SUBNET="${var_auto_ipv4_subnet}"
do_log "info" "file_only" "1252() Network IPv4 autoconfiguration: [${network_autoconfig_enable,,}]." do_log "info" "file_only" "1252() Network IPv4 autoconfiguration: [${network_autoconfig_enable}]."
else else
@@ -157,25 +174,35 @@ yaml_validator() {
# shellcheck disable=SC2034 # shellcheck disable=SC2034
VAR_FINAL_IPV4_SUBNET="${network_static_ipv4netmask}" VAR_FINAL_IPV4_SUBNET="${network_static_ipv4netmask}"
do_log "info" "file_only" "1252() Network IPv4 autoconfiguration: [${network_autoconfig_enable,,}]." do_log "info" "file_only" "1252() Network IPv4 autoconfiguration: [${network_autoconfig_enable}]."
fi fi
if [[ "${network_autoconfig_enable,,}" == "true" && "${var_link_ipv6,,}" == "true" ]]; then if [[ "${network_autoconfig_enable}" == "true" && "${var_link_ipv6}" == "true" ]]; then
# shellcheck disable=SC2034 # shellcheck disable=SC2034
VAR_FINAL_IPV6="${var_auto_ipv6}" VAR_FINAL_IPV6="${var_auto_ipv6}"
# shellcheck disable=SC2034 # shellcheck disable=SC2034
VAR_LINK_IPV6="${var_link_ipv6}" VAR_LINK_IPV6="${var_link_ipv6}"
# shellcheck disable=SC2034
VAR_FINAL_IPV6_GW="${var_auto_ipv6_gw}"
# shellcheck disable=SC2034
VAR_FINAL_IPV6_SUBNET="${var_auto_ipv6_ccidr}"
do_log "info" "file_only" "1252() Network IPv6 autoconfiguration: [${network_autoconfig_enable,,}] and IPv6 Link: [${var_link_ipv6,,}]." do_log "info" "file_only" "1252() Network IPv6 autoconfiguration: [${network_autoconfig_enable}] and IPv6 Link: [${var_link_ipv6}]."
elif [[ "${network_autoconfig_enable,,}" == "false" && -n "${network_static_ipv6address}" ]]; then elif [[ "${network_autoconfig_enable}" == "false" && -n "${network_static_ipv6address}" ]]; then
# shellcheck disable=SC2034
VAR_LINK_IPV6="${var_link_ipv6}"
# shellcheck disable=SC2034 # shellcheck disable=SC2034
VAR_FINAL_IPV6="${network_static_ipv6address}" VAR_FINAL_IPV6="${network_static_ipv6address}"
# shellcheck disable=SC2034
VAR_FINAL_IPV6_GW="${network_static_ipv6gateway}"
# shellcheck disable=SC2034
VAR_FINAL_IPV6_SUBNET="${network_static_ipv6netmask}"
do_log "info" "file_only" "1252() Network IPv6 autoconfiguration: [${network_autoconfig_enable,,}] and IPv6 static: [${network_static_ipv6address}]." do_log "info" "file_only" "1252() Network IPv6 autoconfiguration: [${network_autoconfig_enable}] and IPv6 static: [${network_static_ipv6address}]."
else else

15
func/cdi_4200_boot/4240_update_grub_password.sh
View File

@@ -24,20 +24,22 @@ guard_sourcing
# ERR_READ_GRUB_FILE # ERR_READ_GRUB_FILE
####################################### #######################################
update_grub_password() { update_grub_password() {
### Declare Arrays, HashMaps, and Variables.
declare var_username="superadmin" var_password="" var_password_file="${DIR_CNF}/password_grub.txt" \ declare var_username="superadmin" var_password="" var_password_file="${DIR_CNF}/password_grub.txt" \
var_of="${TARGET}/etc/grub.d/40_custom" var_grub_entry="" var_of="${TARGET}/etc/grub.d/40_custom" var_grub_entry=""
# TODO: Reactivate XTRACE Password Truncation ### TODO: PASSWORD REMINDER
### No tracing for security reasons ### No tracing for security reasons
#[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x #[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
if [[ ! -f "${var_password_file}" ]] || ! IFS= read -r var_password < "${var_password_file}"; then
return "${ERR_READ_GRUB_FILE}" var_password=$(<"${var_password_file}") || return "${ERR_READ_GRUB_FILE}"
fi
### Turn on tracing again
#[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
var_grub_entry=$(generate_grub_password_pbkdf2 "${var_username}" "${var_password}") var_grub_entry=$(generate_grub_password_pbkdf2 "${var_username}" "${var_password}")
### Turn on tracing again
#[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
#### TODO: PASSWORD REMINDER
### Append if not already present ### Append if not already present
if ! grep -q "set superusers=" "${var_of}"; then if ! grep -q "set superusers=" "${var_of}"; then
{ {
@@ -49,6 +51,7 @@ update_grub_password() {
fi fi
do_in_target "${TARGET}" update-grub do_in_target "${TARGET}" update-grub
do_log "info" "file_only" "4240() GRUB Password installed successfully."
return 0 return 0
} }

11
func/cdi_4200_boot/4250_update_grub_bootparameter.sh
View File

@@ -20,13 +20,17 @@ guard_sourcing
# Globals: # Globals:
# ARY_BOOTPARAM # ARY_BOOTPARAM
# TARGET # TARGET
# VAR_GRUB_CMDLINE_LINUX
# VAR_GRUB_CMDLINE_LINUX_DEFAULT # VAR_GRUB_CMDLINE_LINUX_DEFAULT
# VAR_NUKE
# VAR_NUKE_HASH
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
# 0: on success # 0: on success
####################################### #######################################
update_grub_bootparameter() { update_grub_bootparameter() {
### Declare Arrays, HashMaps, and Variables.
declare var_nuke_string="" var_param="" declare var_nuke_string="" var_param=""
grub_extract_current_string grub_extract_current_string
@@ -34,12 +38,12 @@ update_grub_bootparameter() {
for var_param in "${ARY_BOOTPARAM[@]}"; do for var_param in "${ARY_BOOTPARAM[@]}"; do
if [[ -z "${var_param}" ]]; then if [[ -z "${var_param}" ]]; then
do_log "warn" "file_only" "Empty GRUB parameter detected and skipped." do_log "warn" "file_only" "4250() Empty GRUB parameter detected and skipped."
continue continue
fi fi
if grep -q --word-regexp "${var_param%%=*}" <<< "${VAR_GRUB_CMDLINE_LINUX_DEFAULT}"; then if grep -q --word-regexp "${var_param%%=*}" <<< "${VAR_GRUB_CMDLINE_LINUX_DEFAULT}"; then
do_log "info" "file_only" "Skipping duplicate kernel parameter: '${var_param}'." do_log "info" "file_only" "4250() Skipping duplicate kernel parameter: '${var_param}'."
continue continue
fi fi
@@ -49,6 +53,7 @@ update_grub_bootparameter() {
if [[ "${VAR_NUKE}" == "true" ]]; then if [[ "${VAR_NUKE}" == "true" ]]; then
var_nuke_string="nuke=${VAR_NUKE_HASH}" var_nuke_string="nuke=${VAR_NUKE_HASH}"
# shellcheck disable=SC2034
VAR_GRUB_CMDLINE_LINUX+=" ${var_nuke_string}" VAR_GRUB_CMDLINE_LINUX+=" ${var_nuke_string}"
fi fi
@@ -56,7 +61,7 @@ update_grub_bootparameter() {
do_in_target "${TARGET}" update-grub do_in_target "${TARGET}" update-grub
do_log "info" "file_only" "Setting GRUB kernel parameters: ${VAR_GRUB_CMDLINE_LINUX_DEFAULT}" do_log "info" "file_only" "4250() Setting GRUB kernel parameters: ${VAR_GRUB_CMDLINE_LINUX_DEFAULT}"
return 0 return 0
} }

139
func/cdi_4300_network/4300_installation_network.sh
View File

@@ -15,54 +15,42 @@ guard_sourcing
####################################### #######################################
# Setup network. # Setup network.
# Globals: # Globals:
# DIR_BAK # ARY_IPV4_NS
# ARY_IPV6_NS
# TARGET # TARGET
# VAR_FINAL_FQDN # VAR_ARCHITECTURE
# VAR_CODENAME
# VAR_FINAL_IPV4 # VAR_FINAL_IPV4
# VAR_FINAL_IPV4_GW # VAR_FINAL_IPV4_GW
# VAR_FINAL_IPV4_SUBNET # VAR_FINAL_IPV4_SUBNET
# VAR_FINAL_IPV6 # VAR_FINAL_IPV6
# VAR_FINAL_IPV6_GW
# VAR_FINAL_IPV6_SUBNET
# VAR_FINAL_NIC # VAR_FINAL_NIC
# VAR_LINK_IPV6 # VAR_LINK_IPV6
# VAR_VERSION
# network_autoconfig_enable # network_autoconfig_enable
# network_choose_interface_auto # network_choose_interface_auto
# network_choose_interface_static
# network_hostname
# network_static_ipv4address
# network_static_ipv4gateway
# network_static_ipv4nameserver_0 # network_static_ipv4nameserver_0
# network_static_ipv4nameserver_1
# network_static_ipv4nameserver_2
# network_static_ipv4nameserver_fallback_0
# network_static_ipv4nameserver_fallback_1
# network_static_ipv4netmask
# network_static_ipv6address # network_static_ipv6address
# network_static_ipv6gateway
# network_static_ipv6nameserver_0 # network_static_ipv6nameserver_0
# network_static_ipv6nameserver_1
# network_static_ipv6nameserver_2
# network_static_ipv6nameserver_fallback_0
# network_static_ipv6nameserver_fallback_1
# network_static_ipv6netmask
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
# 0: on success # 0: on success
####################################### #######################################
installation_network() { installation_network() {
### Declare Arrays, HashMaps, and Variables.
declare var_supersede="" var_supersede_ipv6=""
do_in_target "${TARGET}" apt-get install -y isc-dhcp-client ifupdown do_in_target "${TARGET}" apt-get install -y isc-dhcp-client ifupdown
mkdir -p "${TARGET}/etc/network/interfaces/interfaces.d" mkdir -p "${TARGET}/etc/network/interfaces/interfaces.d"
declare var_auto_nic="" var_auto_ipv4_ccidr="" var_auto_ipv4_subnet="" var_auto_ipv4="" var_auto_ipv4_gw="" \ ### Create a network configuration file header.
var_auto_ipv6_ccidr="" var_auto_ipv6="" var_auto_ipv6_gw="" var_link_ipv4="" var_link_ipv6="" var_auto_fqdn="" ns=""
declare -a ary_ipv4_ns=() ary_ipv6_ns=()
### Create network configuration file header.
if [[ -f "${TARGET}/etc/network/interfaces" ]]; then if [[ -f "${TARGET}/etc/network/interfaces" ]]; then
mkdir -p "${DIR_BAK}/etc/network" mkdir -p "${TARGET}/root/.ciss/cdi/backup/etc/network"
mv "${TARGET}/etc/network/interfaces" "${DIR_BAK}/etc/network/interfaces.bak" mv "${TARGET}/etc/network/interfaces" "${TARGET}/root/.ciss/cdi/backup/etc/network/interfaces.bak"
do_log "info" "file_only" "4130() Existing '${TARGET}/etc/network/interfaces' moved." do_log "info" "file_only" "4300() Existing '${TARGET}/etc/network/interfaces' moved."
fi fi
cat << EOF >| "${TARGET}/etc/network/interfaces" cat << EOF >| "${TARGET}/etc/network/interfaces"
@@ -77,6 +65,10 @@ installation_network() {
# SPDX-PackageName: CISS.debian.installer # SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
# /etc/network/interfaces : Generated by CISS.debian.installer ${VAR_VERSION}
# Architecture : ${VAR_ARCHITECTURE}
# Distribution : ${VAR_CODENAME}
# This file describes the network interfaces available on your system # This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5). # and how to activate them. For more information, see interfaces(5).
@@ -89,10 +81,10 @@ iface lo inet loopback
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF EOF
chmod 0644 "${TARGET}/etc/network/interfaces" chmod 0644 "${TARGET}/etc/network/interfaces"
do_log "info" "file_only" "4130() Header '${TARGET}/etc/network/interfaces' created." do_log "info" "file_only" "4300() Header '${TARGET}/etc/network/interfaces' created."
### Configure network interfaces based on 'preseed.yaml' and create network configuration files for IPv4. ### Configure network interfaces based on 'preseed.yaml' and create network configuration files for IPv4.
if [[ "${network_autoconfig_enable,,}" == "true" && "${network_choose_interface_auto,,}" == "true" ]]; then if [[ "${network_autoconfig_enable}" == "true" && "${network_choose_interface_auto}" == "true" ]]; then
### Reminder ### ### Reminder ###
# auto: # auto:
@@ -114,16 +106,20 @@ EOF
# SPDX-PackageName: CISS.debian.installer # SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
# /etc/network/interfaces : Generated by CISS.debian.installer ${VAR_VERSION}
# Architecture : ${VAR_ARCHITECTURE}
# Distribution : ${VAR_CODENAME}
# The primary network interface IPv4 # The primary network interface IPv4
auto ${var_auto_nic} auto ${VAR_FINAL_NIC}
iface ${var_auto_nic} inet dhcp iface ${VAR_FINAL_NIC} inet dhcp
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF EOF
chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-dhcp" chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-dhcp"
do_log "info" "file_only" "4130() IPv4 on the primary NIC: '${var_auto_nic}' configured with DHCP." do_log "info" "file_only" "4300() IPv4 on the primary NIC: '${VAR_FINAL_NIC}' configured with DHCP."
elif [[ "${network_autoconfig_enable,,}" == "true" && "${network_choose_interface_auto,,}" == "false" ]]; then elif [[ "${network_autoconfig_enable}" == "true" && "${network_choose_interface_auto}" == "false" ]]; then
cat << EOF >| "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-dhcp" cat << EOF >| "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-dhcp"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
@@ -137,19 +133,24 @@ EOF
# SPDX-PackageName: CISS.debian.installer # SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
# /etc/network/interfaces : Generated by CISS.debian.installer ${VAR_VERSION}
# Architecture : ${VAR_ARCHITECTURE}
# Distribution : ${VAR_CODENAME}
# The primary network interface IPv4 # The primary network interface IPv4
auto ${network_choose_interface_static} auto ${VAR_FINAL_NIC}
iface ${network_choose_interface_static} inet dhcp iface ${VAR_FINAL_NIC} inet dhcp
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF EOF
chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-dhcp" chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-dhcp"
do_log "info" "file_only" "4130() IPv4 on the primary NIC: '${network_choose_interface_static}' configured with DHCP." do_log "info" "file_only" "4300() IPv4 on the primary NIC: '${VAR_FINAL_NIC}' configured with DHCP."
fi fi
if [[ "${network_autoconfig_enable,,}" == "false" ]]; then if [[ "${network_autoconfig_enable}" == "false" ]]; then
# shellcheck disable=SC2153
cat << EOF >| "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-static" cat << EOF >| "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-static"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -162,23 +163,27 @@ EOF
# SPDX-PackageName: CISS.debian.installer # SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
# /etc/network/interfaces : Generated by CISS.debian.installer ${VAR_VERSION}
# Architecture : ${VAR_ARCHITECTURE}
# Distribution : ${VAR_CODENAME}
# The primary network interface IPv4 # The primary network interface IPv4
auto ${network_choose_interface_static} auto ${VAR_FINAL_NIC}
iface ${network_choose_interface_static} inet static iface ${VAR_FINAL_NIC} inet static
address ${network_static_ipv4address} address ${VAR_FINAL_IPV4}
netmask ${network_static_ipv4netmask} netmask ${VAR_FINAL_IPV4_SUBNET}
gateway ${network_static_ipv4gateway} gateway ${VAR_FINAL_IPV4_GW}
dns-nameservers ${ary_ipv4_ns[*]} dns-nameservers ${ARY_IPV4_NS[*]}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF EOF
chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-static" chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv4-static"
do_log "info" "file_only" "4130() IPv4 on the primary NIC: '${network_choose_interface_static}' configured statically." do_log "info" "file_only" "4300() IPv4 on the primary NIC: '${VAR_FINAL_NIC}' configured statically."
fi fi
### Configure network interfaces based on 'preseed.yaml' and create network configuration files for IPv6. ### Configure network interfaces based on 'preseed.yaml' and create network configuration files for IPv6.
if [[ "${network_autoconfig_enable,,}" == "true" && "${var_link_ipv6,,}" == "true" ]]; then if [[ "${network_autoconfig_enable}" == "true" && "${VAR_LINK_IPV6}" == "true" ]]; then
cat << EOF >| "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv6-dhcp" cat << EOF >| "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv6-dhcp"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
@@ -192,19 +197,24 @@ EOF
# SPDX-PackageName: CISS.debian.installer # SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
# /etc/network/interfaces : Generated by CISS.debian.installer ${VAR_VERSION}
# Architecture : ${VAR_ARCHITECTURE}
# Distribution : ${VAR_CODENAME}
# The primary network interface IPv6 # The primary network interface IPv6
auto ${var_auto_nic} auto ${VAR_FINAL_NIC}
iface ${var_auto_nic} inet6 dhcp iface ${VAR_FINAL_NIC} inet6 dhcp
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF EOF
chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv6-dhcp" chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv6-dhcp"
do_log "info" "file_only" "4130() IPv6 on the primary NIC: '${var_auto_nic}' configured with DHCP." do_log "info" "file_only" "4300() IPv6 on the primary NIC: '${VAR_FINAL_NIC}' configured with DHCP."
fi fi
if [[ "${network_autoconfig_enable,,}" == "false" && -n "${network_static_ipv6address}" ]]; then if [[ "${network_autoconfig_enable}" == "false" && -n "${network_static_ipv6address}" ]]; then
# shellcheck disable=SC2153
cat << EOF >| "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv6-static" cat << EOF >| "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv6-static"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -218,51 +228,51 @@ EOF
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
# The primary network interface IPv6 # The primary network interface IPv6
auto ${network_choose_interface_static} auto ${VAR_FINAL_NIC}
iface ${network_choose_interface_static} inet6 static iface ${VAR_FINAL_NIC} inet6 static
address ${network_static_ipv6address}/${network_static_ipv6netmask} address ${VAR_FINAL_IPV6}/${VAR_FINAL_IPV6_SUBNET}
gateway ${network_static_ipv6gateway} gateway ${VAR_FINAL_IPV6_GW}
dns-nameservers ${ary_ipv6_ns[*]} dns-nameservers ${ARY_IPV6_NS[*]}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF EOF
chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv6-static" chmod 0644 "${TARGET}/etc/network/interfaces/interfaces.d/10-ipv6-static"
do_log "info" "file_only" "4130() IPv6 on the primary NIC: '${network_choose_interface_static}' configured statically." do_log "info" "file_only" "4300() IPv6 on the primary NIC: '${VAR_FINAL_NIC}' configured statically."
fi fi
### Ensure Internet Systems Consortium DHCP Client is not overwriting the static nameserver settings. ### Ensure Internet Systems Consortium DHCP Client is not overwriting the static nameserver settings.
if [[ -f "${TARGET}/etc/dhcp/dhclient.conf" ]]; then if [[ -f "${TARGET}/etc/dhcp/dhclient.conf" ]]; then
mkdir -p "${DIR_BAK}/etc/dhcp" mkdir -p "${TARGET}/root/.ciss/cdi/backup/etc/dhcp"
cp "${TARGET}/etc/dhcp/dhclient.conf" "${DIR_BAK}/etc/dhcp/dhclient.conf.bak" cp "${TARGET}/etc/dhcp/dhclient.conf" "${TARGET}/root/.ciss/cdi/backup/etc/dhcp/dhclient.conf.bak"
do_log "info" "file_only" "4130() Existing '${TARGET}/etc/dhcp/dhclient.conf' saved." do_log "info" "file_only" "4300() Existing '${TARGET}/etc/dhcp/dhclient.conf' copied."
fi fi
if [[ "${network_autoconfig_enable,,}" == "true" && -n "${network_static_ipv4nameserver_0}" ]]; then if [[ "${network_autoconfig_enable}" == "true" && -n "${network_static_ipv4nameserver_0}" ]]; then
cat << EOF >> "${TARGET}/etc/dhcp/dhclient.conf" cat << EOF >> "${TARGET}/etc/dhcp/dhclient.conf"
# Custom dhclient config to override DHCP DNS # Custom dhclient config to override DHCP DNS
EOF EOF
declare var_supersede; var_supersede=$(printf "%s, " "${ary_ipv4_ns[@]}") var_supersede=$(printf "%s, " "${ARY_IPV4_NS[@]}")
var_supersede="${var_supersede%, }" var_supersede="${var_supersede%, }"
echo "supersede domain-name-servers ${var_supersede};" >> "${TARGET}/etc/dhcp/dhclient.conf" echo "supersede domain-name-servers ${var_supersede};" >> "${TARGET}/etc/dhcp/dhclient.conf"
do_log "info" "file_only" "4130() DHCP client configuration for IPv4: '${TARGET}/etc/dhcp/dhclient.conf' configured." do_log "info" "file_only" "4300() DHCP client configuration for IPv4: '${TARGET}/etc/dhcp/dhclient.conf' configured."
fi fi
if [[ "${network_autoconfig_enable,,}" == "false" && -n "${network_static_ipv6nameserver_0}" ]]; then if [[ "${network_autoconfig_enable}" == "false" && -n "${network_static_ipv6nameserver_0}" ]]; then
declare var_supersede_ipv6; var_supersede_ipv6=$(printf "%s, " "${ary_ipv6_ns[@]}") var_supersede_ipv6=$(printf "%s, " "${ARY_IPV6_NS[@]}")
var_supersede_ipv6="${var_supersede_ipv6%, }" var_supersede_ipv6="${var_supersede_ipv6%, }"
echo "supersede domain-name-servers ${var_supersede_ipv6};" >> "${TARGET}/etc/dhcp/dhclient.conf" echo "supersede domain-name-servers ${var_supersede_ipv6};" >> "${TARGET}/etc/dhcp/dhclient.conf"
do_log "info" "file_only" "4130() DHCP client configuration for IPv6: '${TARGET}/etc/dhcp/dhclient.conf' configured." do_log "info" "file_only" "4300() DHCP client configuration for IPv6: '${TARGET}/etc/dhcp/dhclient.conf' configured."
fi fi
if [[ "${network_autoconfig_enable,,}" == "true" && -n "${network_static_ipv4nameserver_0}" ]]; then if [[ "${network_autoconfig_enable}" == "true" && -n "${network_static_ipv4nameserver_0}" ]]; then
cat << EOF >> "${TARGET}/etc/dhcp/dhclient.conf" cat << EOF >> "${TARGET}/etc/dhcp/dhclient.conf"
@@ -270,7 +280,6 @@ EOF
EOF EOF
fi fi
return 0 return 0
} }
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
lib/cdi_0100_arg/0104_arg_passphrase_modules.sh
View File

@@ -51,6 +51,7 @@ read_password_file() {
declare -n var_output_file="${2}" declare -n var_output_file="${2}"
declare -a lines=() declare -a lines=()
### TODO: PASSWORD REMINDER
### No tracing for security reasons ### No tracing for security reasons
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
if [[ ! -f "${var_input_file}" ]]; then if [[ ! -f "${var_input_file}" ]]; then
@@ -77,6 +78,7 @@ read_password_file() {
### Turn on tracing again ### Turn on tracing again
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
### TODO: PASSWORD REMINDER
unset lines unset lines
return 0 return 0

5
lib/cdi_0100_arg/0105_arg_nuke_converter.sh
View File

@@ -29,6 +29,7 @@ nuke_passphrase() {
declare -r var_nuke_pwd_file="${DIR_CNF}/password_luks_nuke.txt" declare -r var_nuke_pwd_file="${DIR_CNF}/password_luks_nuke.txt"
declare var_temp_nuke_hash="" var_temp_plain_nuke_pwd="" var_salt="" declare var_temp_nuke_hash="" var_temp_plain_nuke_pwd="" var_salt=""
### TODO: PASSWORD REMINDER
### No tracing for security reasons ### No tracing for security reasons
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
if ! read_password_file "${var_nuke_pwd_file}" var_temp_plain_nuke_pwd; then if ! read_password_file "${var_nuke_pwd_file}" var_temp_plain_nuke_pwd; then
@@ -36,16 +37,19 @@ nuke_passphrase() {
fi fi
### Turn on tracing again ### Turn on tracing again
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
### TODO: PASSWORD REMINDER
if ! var_salt="$(generate_salt)"; then if ! var_salt="$(generate_salt)"; then
return "${ERR_GENERATE_SALT}" return "${ERR_GENERATE_SALT}"
fi fi
### TODO: PASSWORD REMINDER
### No tracing for security reasons ### --rounds=8388608 ### No tracing for security reasons ### --rounds=8388608
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
var_temp_nuke_hash=$(mkpasswd --method=sha-512 --salt="${var_salt}" --rounds=16384 "${var_temp_plain_nuke_pwd}") var_temp_nuke_hash=$(mkpasswd --method=sha-512 --salt="${var_salt}" --rounds=16384 "${var_temp_plain_nuke_pwd}")
### Turn on tracing again ### Turn on tracing again
[[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x
### TODO: PASSWORD REMINDER
declare -grx VAR_NUKE_HASH="${var_temp_nuke_hash}" declare -grx VAR_NUKE_HASH="${var_temp_nuke_hash}"
unset var_temp_nuke_hash var_temp_plain_nuke_pwd unset var_temp_nuke_hash var_temp_plain_nuke_pwd
@@ -61,6 +65,7 @@ nuke_passphrase() {
sync sync
do_log "info" "file_only" "0105() Nuke Hash generated." do_log "info" "file_only" "0105() Nuke Hash generated."
return 0 return 0
} }