msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m19s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-08-02 05:23:26 +02:00
parent d86082ad3a
commit 95d6e9bd60
15 changed files with 368 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
func/system/4080_generate_sources.sh
View File

@@ -1,206 +0,0 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Generate target '/etc/apt/sources.list' entries.
# Globals:
# TARGET
# apt_contrib
# apt_deb_sources
# apt_mirror_directory
# apt_mirror_hostname
# apt_mirror_protocol
# apt_non_free
# apt_non_free_firmware
# apt_sec
# apt_updates_backports
# apt_updates_policy
# apt_updates_release
# apt_updates_security
# architecture
# distribution
# Arguments:
# None
# Returns:
# 0: on success
#######################################
generate_sources() {
### Declare Arrays, HashMaps, and Variables.
declare -a ary_components=()
declare var_arch="" var_codename="" var_deb_src="" var_dir="" var_hostname="" var_hostsecure="" var_url var_surl=""
# shellcheck disable=SC2154 # "${architecture}"
var_arch="${architecture,,}"
# shellcheck disable=SC2154 # "${distribution}"
var_codename="${distribution,,}"
# shellcheck disable=SC2154 # "${apt_deb_sources}"
var_deb_src="${apt_deb_sources,,}"
# shellcheck disable=SC2154 # "${apt_mirror_directory}"
var_dir="${apt_mirror_directory,,}"
# shellcheck disable=SC2154 # "${apt_mirror_hostname}"
var_hostname="${apt_mirror_hostname,,}"
# shellcheck disable=SC2154 # "${apt_sec}"
var_hostsecure="${apt_sec,,}"
ary_components=( "main" )
[[ "${apt_contrib,,}" == "true" ]] && ary_components+=( "contrib" )
[[ "${apt_non_free,,}" == "true" ]] && ary_components+=( "non-free" )
[[ "${apt_non_free_firmware,,}" == "true" ]] && ary_components+=( "non-free-firmware" )
if [[ "${apt_mirror_protocol,,}" == "https" ]]; then
var_url="https://${var_hostname}${var_dir}"
var_surl="https://${var_hostsecure}/debian-security"
elif [[ "${apt_mirror_protocol,,}" == "http" ]]; then
var_url="http://${var_hostname}${var_dir}"
var_surl="http://${var_hostsecure}/debian-security"
else
var_url="https://${var_hostname}${var_dir}"
var_surl="https://${var_hostsecure}/debian-security"
fi
: >| "${TARGET}/etc/apt/sources.list"
chmod 0644 "${TARGET}/etc/apt/sources.list"
### Main Repository
# shellcheck disable=SC2153
cat << EOF >> "${TARGET}/etc/apt/sources.list"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
# /etc/apt/sources.list : Generated by CISS.debian.installer ${VAR_VERSION}
# Architecture : ${VAR_ARCHITECTURE}
# Distribution : ${VAR_CODENAME}
#------------------------------------------------------------------------------------------------------------------------------#
# OFFICIAL DEBIAN REPOS #
#------------------------------------------------------------------------------------------------------------------------------#
deb ${var_url} ${var_codename} ${ary_components[*]}
EOF
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename} ${ary_components[*]}'."
if [[ "${var_deb_src}" == "true" ]]; then
echo "deb-src ${var_url} ${var_codename} ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list"
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename} ${ary_components[*]}'."
fi
### Security Repository
if [[ "${apt_updates_security,,}" == "true" ]]; then
cat << EOF >> "${TARGET}/etc/apt/sources.list"
deb ${var_surl} ${var_codename}-security ${ary_components[*]}
EOF
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_surl} ${var_codename}-security ${ary_components[*]}'."
if [[ "${var_deb_src}" == "true" ]]; then
echo "deb-src ${var_surl} ${var_codename}-security ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list"
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_surl} ${var_codename}-security ${ary_components[*]}'."
fi
fi
### Updates Repository
if [[ "${apt_updates_release,,}" == "true" ]]; then
cat << EOF >> "${TARGET}/etc/apt/sources.list"
deb ${var_url} ${var_codename}-updates ${ary_components[*]}
EOF
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename}-updates ${ary_components[*]}'."
if [[ "${var_deb_src}" == "true" ]]; then
echo "deb-src ${var_url} ${var_codename}-updates ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list"
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename}-updates ${ary_components[*]}'."
fi
fi
### Backports Repository
if [[ "${apt_updates_backports,,}" == "true" ]]; then
cat << EOF >> "${TARGET}/etc/apt/sources.list"
deb ${var_url} ${var_codename}-backports ${ary_components[*]}
EOF
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename}-backports ${ary_components[*]}'."
if [[ "${var_deb_src,,}" == "true" ]]; then
echo "deb-src ${var_url} ${var_codename}-backports ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list"
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename}-backports ${ary_components[*]}'."
fi
fi
### Clean up 'sources.list'
sed -i '/^#/!s/[[:space:]]\+/ /g' "${TARGET}/etc/apt/sources.list"
cat << EOF >> "${TARGET}/etc/apt/sources.list"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF
do_in_target "${TARGET}" apt-get update -y
if [[ "${apt_updates_policy,,}" == "unattended" ]]; then
do_in_target "${TARGET}" apt-get install -y unattended-upgrades
do_log "info" "file_only" "4080() The update policy was set at installation time to '${apt_updates_policy}'."
elif [[ "${apt_updates_policy,,}" == "security" ]]; then
do_in_target "${TARGET}" apt-get install -y unattended-upgrades
# shellcheck disable=SC2016
sed -i 's/^[[:space:]]*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${TARGET}/etc/apt/apt.conf.d/50unattended-upgrades"
do_log "info" "file_only" "4080() The update policy was set at installation time to '${apt_updates_policy}'."
elif [[ "${apt_updates_policy,,}" == "none" ]]; then
do_log "info" "file_only" "4080() The update policy was set at installation time to: '${apt_updates_policy}'."
else
do_log "warning" "file_only" "4080() Update policy '${apt_updates_policy}': is not supported. Using 'none' as default."
fi
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

125
func/system/4090_minimal_toolset.sh
View File

@@ -1,125 +0,0 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Check and set up the minimum required tools for the next installation steps.
# Globals:
# TARGET
# Arguments:
# None
# Returns:
# 0: on success
#######################################
minimal_toolset() {
### Declare Arrays, HashMaps, and Variables.
# shellcheck disable=SC2154
declare -A hmp_tool_pkg=(
[awk]="gawk"
[busybox]="busybox"
[cat]="coreutils"
[chmod]="coreutils"
[chown]="coreutils"
[chpasswd]="passwd"
[chsh]="passwd"
[cp]="coreutils"
[cryptsetup]="cryptsetup-initramfs"
[echo]="coreutils"
[grep]="grep"
[ip]="iproute2"
[ln]="coreutils"
[mkdir]="coreutils"
[ping]="iputils-ping"
[sed]="sed"
[sudo]="sudo"
[update-initramfs]="initramfs-tools"
[zsh]="zsh"
[lsblk]="util-linux"
[blkid]="util-linux"
[mount]="util-linux"
[umount]="util-linux"
[findmnt]="util-linux"
[parted]="parted"
[fdisk]="fdisk"
[tar]="tar"
[gzip]="gzip"
[curl]="curl"
[wget]="wget"
[tree]="tree"
[lsb_release]="lsb-release"
[btrfs]="btrfs-progs"
[e2label]="e2fsprogs"
[tune2fs]="e2fsprogs"
[fsck]="e2fsprogs"
[base64]="coreutils"
[xxd]="vim-common"
[jq]="jq"
[zstd]="zstd"
)
declare -a ary_missing_pkgs=() ary_unique_pkgs=()
declare -r var_logfile="${DIR_LOG}/4090_minimal_toolset_install.log"
declare var_bin="" var_bin=""
### Installation most basic packages.
do_in_target "${TARGET}" apt-get install -y --no-install-recommends locales tzdata debconf
### Collecting missing binaries.
for var_bin in "${!hmp_tool_pkg[@]}"; do
if ! do_in_target_script "${TARGET}" "command -v ${var_bin} >/dev/null" "debug"; then
ary_missing_pkgs+=("${hmp_tool_pkg[${var_bin}]}")
fi
done
do_log "debug" "file_only" "4090() [ary_missing_pkgs]='${ary_missing_pkgs[*]}'."
### Installing unique list of packages
if ((${#ary_missing_pkgs[@]})); then
# shellcheck disable=SC2312
mapfile -t ary_unique_pkgs < <(printf '%s\n' "${ary_missing_pkgs[@]}" | sort -u)
do_log "debug" "file_only" "4090() [ary_unique_pkgs]='${ary_unique_pkgs[*]}'."
# shellcheck disable=SC2312
# do_in_target "${TARGET}" apt-get install -y --no-install-recommends "${ary_unique_pkgs[@]}" 2>&1 | tee -a "${var_logfile}"
do_in_target "${TARGET}" script -q -c "apt-get install -y --no-install-recommends ${ary_unique_pkgs[*]}" /dev/null 2>&1 | tee -a "${var_logfile}"
fi
### Ensure systemd and machine-id are in place
if ! do_in_target_script "${TARGET}" "command -v systemctl >/dev/null"; then
do_log "info" "file_only" "4090() 'systemctl' NOT found, installing 'systemd' and dependencies."
do_in_target "${TARGET}" apt-get install -y --no-install-recommends systemd systemd-sysv dbus
else
do_log "info" "file_only" "4090() 'systemctl' found, skipping installation of systemd."
fi
### Generate machine-id if missing
if ! do_in_target_script "${TARGET}" "[[ -s /etc/machine-id ]]"; then
do_log "info" "file_only" "4090() Generating /etc/machine-id via systemd-machine-id-setup."
do_in_target "${TARGET}" systemd-machine-id-setup
else
do_log "info" "file_only" "4090() Existing 'machine-id' found, no action needed."
fi
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

12
func/system/4120_installation_kernel.sh → func/system/4100_finalzie_system.sh
View File

@@ -13,19 +13,19 @@
guard_sourcing
#######################################
# Installation of the specified kernel.
# Set locale, locale overrides and configure keyboard layout.
# Globals:
# TARGET
# image
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_kernel() {
# Installing the chosen Kernel Image according to preseed.yaml
# shellcheck disable=SC2154 # "${image}"
do_in_target "${TARGET}" apt-get install -y "${image}"
setup_locales() {
### Set the X11 keyboard layout (for graphical environments).
do_in_target "${TARGET}" localectl set-x11-keymap "${locale_keyboard_xkb_keymap}"
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

321
func/system/4150_setup_grub.sh
View File

@@ -1,321 +0,0 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
# --- UEFI GRUB Installation Strategy ---
#
# We explicitly install GRUB using '--no-nvram' to avoid modifying NVRAM entries inside the chroot environment, which is
# unreliable and can break host firmware boot order. Instead of relying on '--removable', we manually copy the GRUB EFI binary
# to the fallback location 'EFI/BOOT/BOOTX64.EFI'. This mirrors the behavior of '--removable', but gives us more control over
# the bootloader ID and file paths.
# Result:
# - GRUB is available under 'EFI/debian/grubx64.efi' (for manual boot entries).
# - GRUB is also available as 'EFI/BOOT/BOOTX64.EFI' (UEFI fallback path, no NVRAM needed).
# This setup ensures compatibility with systems that do not retain NVRAM entries (e.g., removable drives, VM firmware).
#######################################
# Installation and setup of the GRUB2 (backported) version.
# The backported version MUST be installed for LUKS2 '/boot' encryption.
# Globals:
# ERR_GRUB_BACKGROUND
# ERR_GRUB_EFI_FORCE
# TARGET
# VAR_RECIPE_FIRMWARE
# VAR_RECIPE_TABLE
# grub_background_enable
# grub_background_path
# grub_bootdev
# grub_force_efi
# grub_latest
# grub_prober
# grub_skip
# Arguments:
# None
# Returns:
# ERR_GRUB_BACKGROUND
# ERR_GRUB_EFI_FORCE
# 0: on success
#######################################
setup_grub() {
declare -gx var_update_grub_required="false"
get_all_boot_devs
if [[ "${grub_skip,,}" != "true" ]]; then
### Install GRUB2 package
if [[ "${grub_latest,,}" == "true" ]]; then
### Install the GRUB2 backported version from the Bookworm backports repository.
if [[ "${VAR_RECIPE_FIRMWARE}" == "uefi" ]]; then
case "${VAR_ARCHITECTURE,,}" in
amd64) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-amd64 ;;
arm64) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-arm64 ;;
i386) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-ia32 ;;
*) do_log "emergency" "file_only" "Unsupported UEFI architecture: ${VAR_ARCHITECTURE}"; return "${ERR_GRUB_ARCHITECTURE}" ;;
esac
else
do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-pc
fi
else
### Install the GRUB2 stable version.
if [[ "${VAR_RECIPE_FIRMWARE}" == "uefi" ]]; then
case "${VAR_ARCHITECTURE,,}" in
amd64) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-amd64 ;;
arm64) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-arm64 ;;
i386) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-ia32 ;;
*) do_log "emergency" "file_only" "Unsupported UEFI architecture: ${VAR_ARCHITECTURE}"; return "${ERR_GRUB_ARCHITECTURE}" ;;
esac
else
do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-pc
fi
fi
### Install grub on the specific device.
if [[ "${grub_force_efi,,}" == "false" ]]; then
if [[ "${VAR_RECIPE_FIRMWARE,,}" == "uefi" ]]; then
install_grub_uefi_all
elif [[ "${VAR_RECIPE_FIRMWARE,,}" == "bios" ]]; then
install_grub_bios_all
fi
elif [[ "${grub_force_efi,,}" == "true" ]]; then
if [[ "${VAR_RECIPE_TABLE,,}" == "gpt" && "${VAR_RECIPE_FIRMWARE,,}" == "uefi" ]]; then
do_in_target "${TARGET}" grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=Debian --no-nvram --modules="btrfs cryptodisk luks2 gcry_rijndael gcry_sha256 gcry_sha512 part_gpt" --force-extra-removable
var_update_grub_required="true"
else
do_log "emergency" "file_only" "Unsupported combination of partition table: '${VAR_RECIPE_TABLE,,}' and setting: grub_force_efi '${grub_force_efi,,}'."
return "${ERR_GRUB_EFI_FORCE}"
fi
fi
### Enable booting from LUKS encrypted devices by default.
cat << EOF >> "${TARGET}/etc/default/grub"
# Enable booting from LUKS encrypted devices by default.
GRUB_ENABLE_CRYPTODISK=y
EOF
var_update_grub_required="true"
### Install a boot menu background.
if [[ "${grub_background_enable,,}" == "true" ]]; then
declare var_background
var_background=$(basename "${grub_background_path}")
cp --no-preserve=ownership "${grub_background_path}" "${TARGET}/etc/default/grub.d/${var_background}" || return "${ERR_GRUB_BACKGROUND}"
chmod 0640 "${TARGET}/etc/default/grub.d/${var_background}" || return "${ERR_GRUB_BACKGROUND}"
cat << EOF >> "${TARGET}/etc/default/grub"
# Enable boot menu background.
GRUB_BACKGROUND="/etc/default/grub.d/${var_background}"
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command 'vbeinfo'
GRUB_GFXMODE=1920x1080,1280x1024,1024x768,800x600
GRUB_GFXPAYLOAD_LINUX=keep
EOF
var_update_grub_required="true"
fi
### Change GRUB OS detection configuration accordingly.
if [[ "${grub_prober,,}" == "true" ]]; then
cat << EOF >> "${TARGET}/etc/default/grub"
# If your computer has multiple operating systems installed, then you
# probably want to run os-prober. However, if your computer is a host
# for guest OSes installed via LVM or raw disk devices, running
# os-prober can cause damage to those guest OSes as it mounts
# filesystems to look for things.
GRUB_DISABLE_OS_PROBER=false
EOF
var_update_grub_required="true"
elif [[ "${grub_prober,,}" == "false" ]]; then
cat << EOF >> "${TARGET}/etc/default/grub"
# If your computer has multiple operating systems installed, then you
# probably want to run os-prober. However, if your computer is a host
# for guest OSes installed via LVM or raw disk devices, running
# os-prober can cause damage to those guest OSes as it mounts
# filesystems to look for things.
GRUB_DISABLE_OS_PROBER=true
EOF
var_update_grub_required="true"
fi
else
do_log "info" "file_only" "GRUB2 setup skipped."
fi
[[ "${var_update_grub_required}" == "true" ]] && do_in_target "${TARGET}" update-grub
### Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them.
chown root:root "${TARGET}/boot/grub/grub.cfg"
chmod 0600 "${TARGET}/boot/grub/grub.cfg"
chmod -R 0700 "${TARGET}/etc/grub.d"
return 0
}
#######################################
# Detects and collects all boot devices for GRUB installation.
# Supports /dev/sdX, /dev/vdX, /dev/hdX, /dev/nvmeXn1, /dev/mmcblkX.
# Globals:
# VAR_RECIPE_HIGHEST_DEVICE
# ary_bootdev_all
# grub_bootdev
# Arguments:
# None
# Returns:
# 0: on success
#######################################
get_all_boot_devs() {
declare -ag ary_bootdev_all=()
declare dev="" dev_prefix="" dev_path="" letter=""
declare -i ascii ascii_end ascii_start
### Determine prefix from grub_bootdev (e.g., "sd", "vd", "nvme", "mmcblk")
dev_prefix=$(basename "${grub_bootdev}" | sed -E 's/^([a-z]+)[a-z0-9]*$/\1/')
case "${dev_prefix}" in
sd|vd|hd)
ascii_start=$(printf '%d' "'a")
ascii_end=$(printf '%d' "'${VAR_RECIPE_HIGHEST_DEVICE}")
for ((ascii = ascii_start; ascii <= ascii_end; ascii++)); do
letter=$(printf "%b" "\\$(printf '%03o' "${ascii}")")
dev_path="/dev/${dev_prefix}${letter}"
[[ -b "${dev_path}" ]] && ary_bootdev_all+=("${dev_path}")
done
;;
nvme)
# shellcheck disable=SC2312
while read -r dev; do
ary_bootdev_all+=("/dev/${dev}")
done < <(lsblk -dn -o NAME | grep -E '^nvme[0-9]+n1$')
;;
mmcblk)
# shellcheck disable=SC2312
while read -r dev; do
ary_bootdev_all+=("/dev/${dev}")
done < <(lsblk -dn -o NAME | grep -E '^mmcblk[0-9]+$')
;;
*)
do_log "warning" "file_only" "Unrecognized boot device prefix: ${dev_prefix}"
;;
esac
return 0
}
#######################################
# Installs GRUB in BIOS mode on all block devices.
# Globals:
# TARGET
# VAR_RECIPE_TABLE
# ary_bootdev_all
# var_update_grub_required
# Arguments:
# None
# Returns:
# 0: on success
# ERR_PARTITIONTBL on failure
#######################################
install_grub_bios_all() {
declare dev="" partmod=""
case "${VAR_RECIPE_TABLE,,}" in
gpt) partmod="part_gpt" ;;
msdos|mbr) partmod="part_msdos" ;;
*) do_log "emergency" "file_only" "Unknown partition table type: '${VAR_RECIPE_TABLE}'."; return "${ERR_PARTITIONTBL}" ;;
esac
declare var_modules="btrfs cryptodisk luks2 gcry_rijndael gcry_sha256 gcry_sha512 ${partmod}"
declare -a args=(--target=i386-pc --boot-directory=/boot "--modules=${var_modules}")
args+=(--recheck)
for dev in "${ary_bootdev_all[@]}"; do
do_in_target "${TARGET}" grub-install "${args[@]}" "${dev}"
do_log "info" "file_only" "Installed: GRUB on Device: '${dev}' (BIOS)."
var_update_grub_required="true"
done
return 0
}
#######################################
# Installs GRUB to all ESPs in UEFI mode.
# Globals:
# TARGET
# VAR_RECIPE_TABLE
# ary_bootdev_all
# var_update_grub_required
# Arguments:
# None
# Returns:
# 0: on success
# ERR_PARTITIONTBL on failure
#######################################
install_grub_uefi_all() {
declare dev="" partmod=""
case "${VAR_RECIPE_TABLE,,}" in
gpt) partmod="part_gpt" ;;
msdos|mbr) partmod="part_msdos" ;;
*) do_log "emergency" "file_only" "4150() Unknown partition table type: '${VAR_RECIPE_TABLE}'."; return "${ERR_PARTITIONTBL}" ;;
esac
declare var_modules="btrfs cryptodisk luks2 gcry_rijndael gcry_sha256 gcry_sha512 ${partmod}"
declare -a args=(--target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=Debian "--modules=${var_modules}")
for dev in "${ary_bootdev_all[@]}"; do
do_in_target "${TARGET}" grub-install "${args[@]}"
do_log "info" "file_only" "Installed: GRUB on Device: '${dev}' (UEFI)."
var_update_grub_required="true"
done
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh