msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m19s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-08-02 05:23:26 +02:00
parent d86082ad3a
commit 95d6e9bd60
15 changed files with 368 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.preseed/preseed.yaml
View File

@@ -439,9 +439,32 @@ locale:
country: "US" country: "US"
keyboard: keyboard:
layout: "de" layout: "de"
xkb-keymap: "de" xkb_keymap: "de"
language: "en" language: "en"
locale: "en_US.UTF-8" locale: "en_US.UTF-8"
override:
# Address format:
address: "de_DE.UTF-8"
# Sort order:
collate: "en_US.UTF-8"
# Character set, upper/lower case, character groups:
ctype: "de_DE.UTF-8"
# Metric or imperial system:
measurement: "de_DE.UTF-8"
# System language for error messages:
messages: "en_US.UTF-8"
# Currency format and symbol:
monetary: "en_US.UTF-8"
# Format of personal names:
name: "en_US.UTF-8"
# Number formatting, decimal/thousand separators:
numeric: "en_US.UTF-8"
# Standard paper format:
paper: "de_DE.UTF-8"
# Format for telephone numbers:
telephone: "en_US.UTF-8"
# Date and time format, start of week:
time: "de_DE.UTF-8"
timezone: "Europe/Lisbon" timezone: "Europe/Lisbon"
################################################################################################################################ ################################################################################################################################

9
func/cdi_4000_debootstrap/4000_debootstrap.sh
View File

@@ -15,12 +15,13 @@ guard_sourcing
####################################### #######################################
# Install a minimal Debian environment using the 'debootstrap' command. # Install a minimal Debian environment using the 'debootstrap' command.
# Globals: # Globals:
# ERR_DEBOOTSTRAP
# LOG_DBS # LOG_DBS
# TARGET # TARGET
# architecture # VAR_ARCHITECTURE
# VAR_CODENAME
# debootstrap_includes # debootstrap_includes
# debootstrap_mirror # debootstrap_mirror
# distribution
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
@@ -29,8 +30,8 @@ guard_sourcing
####################################### #######################################
func_debootstrap() { func_debootstrap() {
### Declare Arrays, HashMaps, and Variables. ### Declare Arrays, HashMaps, and Variables.
declare -r var_arch="${architecture}" declare -r var_arch="${VAR_ARCHITECTURE}"
declare -r var_dist="${distribution}" declare -r var_dist="${VAR_CODENAME}"
declare -r var_target="${TARGET}" declare -r var_target="${TARGET}"
declare -r var_mirror="${debootstrap_mirror}" declare -r var_mirror="${debootstrap_mirror}"
declare -r var_includes="${debootstrap_includes}" declare -r var_includes="${debootstrap_includes}"

3
func/cdi_4000_debootstrap/4010_prepare_mounts.sh
View File

@@ -59,6 +59,7 @@ configure_system() {
done done
for var_path in "${!HMP_SPECIAL_MOUNTS[@]}"; do for var_path in "${!HMP_SPECIAL_MOUNTS[@]}"; do
IFS=" " read -r var_fs var_src var_opts <<< "${HMP_SPECIAL_MOUNTS[${var_path}]}" IFS=" " read -r var_fs var_src var_opts <<< "${HMP_SPECIAL_MOUNTS[${var_path}]}"
@@ -81,6 +82,7 @@ configure_system() {
done done
if [[ "${VAR_NEED_RUN_IN_TARGET:-false}" == "true" ]]; then if [[ "${VAR_NEED_RUN_IN_TARGET:-false}" == "true" ]]; then
mkdir -p "${TARGET}/run" mkdir -p "${TARGET}/run"
@@ -96,6 +98,7 @@ configure_system() {
fi fi
if ! do_in_target "${TARGET}" mkdir -p /etc/systemd/system/multi-user.target.wants; then if ! do_in_target "${TARGET}" mkdir -p /etc/systemd/system/multi-user.target.wants; then
do_log "emergency" "file_only" "4010() Command: [do_in_target ${TARGET} mkdir -p /etc/systemd/system/multi-user.target.wants] failed." do_log "emergency" "file_only" "4010() Command: [do_in_target ${TARGET} mkdir -p /etc/systemd/system/multi-user.target.wants] failed."

12
func/cdi_4000_debootstrap/4020_remove_expired_certificates.sh → func/cdi_4000_debootstrap/4020_remove_x509.sh
View File

@@ -22,19 +22,19 @@ guard_sourcing
# Returns: # Returns:
# 0: on success # 0: on success
####################################### #######################################
expired_certs() { delete_expired_certs() {
install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/chroot/hooks/1000_deleting_invalid_x509.sh" \ install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/chroot/hooks/4020_remove_x509.hooks.sh" \
"${TARGET}/root/.ciss/cdi/hooks/1000_deleting_invalid_x509.sh" "${TARGET}/root/.ciss/cdi/hooks/4020_remove_x509.hooks.sh"
if ! do_in_target_script "${TARGET}" "/root/.ciss/cdi/hooks/1000_deleting_invalid_x509.sh" "emergency"; then if ! do_in_target_script "${TARGET}" "/root/.ciss/cdi/hooks/4020_remove_x509.hooks.sh" "emergency"; then
do_log "warn" "file_only" "4020() Command: [do_in_target_script ${TARGET} /root/.ciss/cdi/hooks/1000_deleting_invalid_x509.sh emergency] failed." do_log "warn" "file_only" "4020() Command: [do_in_target_script ${TARGET} /root/.ciss/cdi/hooks/4020_remove_x509.hooks.sh emergency] failed."
else else
do_log "debug" "file_only" "4020() Command: [do_in_target_script ${TARGET} /root/.ciss/cdi/hooks/1000_deleting_invalid_x509.sh emergency] successful." do_log "debug" "file_only" "4020() Command: [do_in_target_script ${TARGET} /root/.ciss/cdi/hooks/4020_remove_x509.hooks.sh emergency] successful."
fi fi

99
func/cdi_4000_debootstrap/4050_setup_locales.sh
View File

@@ -13,20 +13,35 @@
guard_sourcing guard_sourcing
####################################### #######################################
# Set locale and configure keyboard layout. # Set locale, locale overrides and configure keyboard layout.
# Globals: # Globals:
# TARGET # TARGET
# VAR_ARCHITECTURE
# VAR_CODENAME
# VAR_VERSION
# locale_country # locale_country
# locale_keyboard_layout
# locale_keyboard_xkb_keymap # locale_keyboard_xkb_keymap
# locale_language # locale_language
# locale_locale # locale_locale
# locale_override_address
# locale_override_collate
# locale_override_ctype
# locale_override_measurement
# locale_override_messages
# locale_override_monetary
# locale_override_name
# locale_override_numeric
# locale_override_paper
# locale_override_telephone
# locale_override_time
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
# 0: on success # 0: on success
####################################### #######################################
setup_locales() { setup_locales() {
### Declare Arrays, HashMaps, and Variables.
declare var_locale_hook="${TARGET}/root/.ciss/cdi/hooks/4050_setup_locales.hooks.sh"
### Give priority to '${locale_locale}' over separately configured variables '${locale_country}' and '${locale_language}'. ### Give priority to '${locale_locale}' over separately configured variables '${locale_country}' and '${locale_language}'.
### If 'locale_locale' is not set, build it from 'locale_language' and 'locale_country'. ### If 'locale_locale' is not set, build it from 'locale_language' and 'locale_country'.
@@ -34,20 +49,80 @@ setup_locales() {
declare locale_locale="${locale_language}_${locale_country}.UTF-8" declare locale_locale="${locale_language}_${locale_country}.UTF-8"
fi fi
[[ -n "${locale_locale:-}" ]] || do_log "error" "file_only" "4050() Variable '${locale_locale}' is not set." ### Creat Hook in target.
cat << EOF >| "${var_locale_hook}"
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
### Generate the specified locale set -Ceuo pipefail
do_in_target "${TARGET}" locale-gen "${locale_locale}"
### Set the standard locale. sed -i '/^[[:space:]]*[^#[:space:]]/s/^/#/' /etc/locale.gen
#do_in_target "${TARGET}" update-locale LANG="${locale_locale}" LC_ALL="${locale_locale}"
echo -e "LANG=${locale_locale}\nLC_ALL=${locale_locale}" >| "${TARGET}/etc/default/locale" echo '${locale_locale} UTF-8' >> /etc/locale.gen
do_in_target "${TARGET}" locale-gen "${locale_locale}"
dpkg-reconfigure -f noninteractive locales
locale-gen
update-locale \
LANG=${locale_locale} \
LC_ADDRESS=${locale_override_address:-${locale_locale}} \
LC_COLLATE=${locale_override_collate:-${locale_locale}} \
LC_CTYPE=${locale_override_ctype:-${locale_locale}} \
LC_MEASUREMENT=${locale_override_measurement:-${locale_locale}} \
LC_MESSAGES=${locale_override_messages:-${locale_locale}} \
LC_MONETARY=${locale_override_monetary:-${locale_locale}} \
LC_NAME=${locale_override_name:-${locale_locale}} \
LC_NUMERIC=${locale_override_numeric:-${locale_locale}} \
LC_PAPER=${locale_override_paper:-${locale_locale}} \
LC_TELEPHONE=${locale_override_telephone:-${locale_locale}} \
LC_TIME=${locale_override_time:-${locale_locale}} \
LC_IDENTIFICATION=${locale_locale} \
LC_ALL=
EOF
chmod 0700 "${var_locale_hook}"
do_in_target "${TARGET}" "${var_locale_hook}"
### Set the keyboard layout for the system (for consoles). ### Set the keyboard layout for the system (for consoles).
[[ -e "${TARGET}/etc/default/keyboard" ]] || touch "${TARGET}/etc/default/keyboard" cat << EOF >| "${TARGET}/etc/default/keyboard"
sed -i "s/^KEYMAP=.*/KEYMAP=${locale_keyboard_layout}/" "${TARGET}/etc/default/keyboard" # SPDX-Version: 3.0
do_log "info" "file_only" "4110() Keyboard layout updated: 'KEYMAP=${locale_keyboard_layout}' -> '${TARGET}/etc/default/keyboard'." # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
# /etc/default/keyboard : Generated by CISS.debian.installer ${VAR_VERSION}
# Architecture : ${VAR_ARCHITECTURE}
# Distribution : ${VAR_CODENAME}
# KEYBOARD CONFIGURATION FILE
# Consult the keyboard(5) manual page.
XKBMODEL="pc105"
XKBLAYOUT="${locale_keyboard_xkb_keymap}"
XKBVARIANT=""
XKBOPTIONS=""
BACKSPACE="guess"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
chmod 0644 "${TARGET}/etc/default/keyboard"
do_log "info" "file_only" "4050() Keyboard layout updated: 'XKBLAYOUT=${locale_keyboard_xkb_keymap}' -> '${TARGET}/etc/default/keyboard'."
### Set the X11 keyboard layout (for graphical environments). ### Set the X11 keyboard layout (for graphical environments).
do_in_target "${TARGET}" localectl set-x11-keymap "${locale_keyboard_xkb_keymap}" do_in_target "${TARGET}" localectl set-x11-keymap "${locale_keyboard_xkb_keymap}"

24
func/system/4080_generate_sources.sh → func/cdi_4100_base_installation/4100_generate_sources.sh
View File

@@ -101,12 +101,12 @@ generate_sources() {
#------------------------------------------------------------------------------------------------------------------------------# #------------------------------------------------------------------------------------------------------------------------------#
deb ${var_url} ${var_codename} ${ary_components[*]} deb ${var_url} ${var_codename} ${ary_components[*]}
EOF EOF
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename} ${ary_components[*]}'." do_log "info" "file_only" "4100() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename} ${ary_components[*]}'."
if [[ "${var_deb_src}" == "true" ]]; then if [[ "${var_deb_src}" == "true" ]]; then
echo "deb-src ${var_url} ${var_codename} ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list" echo "deb-src ${var_url} ${var_codename} ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list"
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename} ${ary_components[*]}'." do_log "info" "file_only" "4100() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename} ${ary_components[*]}'."
fi fi
@@ -118,12 +118,12 @@ EOF
deb ${var_surl} ${var_codename}-security ${ary_components[*]} deb ${var_surl} ${var_codename}-security ${ary_components[*]}
EOF EOF
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_surl} ${var_codename}-security ${ary_components[*]}'." do_log "info" "file_only" "4100() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_surl} ${var_codename}-security ${ary_components[*]}'."
if [[ "${var_deb_src}" == "true" ]]; then if [[ "${var_deb_src}" == "true" ]]; then
echo "deb-src ${var_surl} ${var_codename}-security ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list" echo "deb-src ${var_surl} ${var_codename}-security ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list"
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_surl} ${var_codename}-security ${ary_components[*]}'." do_log "info" "file_only" "4100() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_surl} ${var_codename}-security ${ary_components[*]}'."
fi fi
@@ -137,12 +137,12 @@ EOF
deb ${var_url} ${var_codename}-updates ${ary_components[*]} deb ${var_url} ${var_codename}-updates ${ary_components[*]}
EOF EOF
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename}-updates ${ary_components[*]}'." do_log "info" "file_only" "4100() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename}-updates ${ary_components[*]}'."
if [[ "${var_deb_src}" == "true" ]]; then if [[ "${var_deb_src}" == "true" ]]; then
echo "deb-src ${var_url} ${var_codename}-updates ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list" echo "deb-src ${var_url} ${var_codename}-updates ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list"
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename}-updates ${ary_components[*]}'." do_log "info" "file_only" "4100() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename}-updates ${ary_components[*]}'."
fi fi
@@ -156,12 +156,12 @@ EOF
deb ${var_url} ${var_codename}-backports ${ary_components[*]} deb ${var_url} ${var_codename}-backports ${ary_components[*]}
EOF EOF
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename}-backports ${ary_components[*]}'." do_log "info" "file_only" "4100() ${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_url} ${var_codename}-backports ${ary_components[*]}'."
if [[ "${var_deb_src,,}" == "true" ]]; then if [[ "${var_deb_src,,}" == "true" ]]; then
echo "deb-src ${var_url} ${var_codename}-backports ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list" echo "deb-src ${var_url} ${var_codename}-backports ${ary_components[*]}" >> "${TARGET}/etc/apt/sources.list"
do_log "info" "file_only" "4080() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename}-backports ${ary_components[*]}'." do_log "info" "file_only" "4100() ${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_url} ${var_codename}-backports ${ary_components[*]}'."
fi fi
@@ -181,7 +181,7 @@ EOF
if [[ "${apt_updates_policy,,}" == "unattended" ]]; then if [[ "${apt_updates_policy,,}" == "unattended" ]]; then
do_in_target "${TARGET}" apt-get install -y unattended-upgrades do_in_target "${TARGET}" apt-get install -y unattended-upgrades
do_log "info" "file_only" "4080() The update policy was set at installation time to '${apt_updates_policy}'." do_log "info" "file_only" "4100() The update policy was set at installation time to '${apt_updates_policy}'."
elif [[ "${apt_updates_policy,,}" == "security" ]]; then elif [[ "${apt_updates_policy,,}" == "security" ]]; then
@@ -189,15 +189,15 @@ EOF
# shellcheck disable=SC2016 # shellcheck disable=SC2016
sed -i 's/^[[:space:]]*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${TARGET}/etc/apt/apt.conf.d/50unattended-upgrades" sed -i 's/^[[:space:]]*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${TARGET}/etc/apt/apt.conf.d/50unattended-upgrades"
do_log "info" "file_only" "4080() The update policy was set at installation time to '${apt_updates_policy}'." do_log "info" "file_only" "4100() The update policy was set at installation time to '${apt_updates_policy}'."
elif [[ "${apt_updates_policy,,}" == "none" ]]; then elif [[ "${apt_updates_policy,,}" == "none" ]]; then
do_log "info" "file_only" "4080() The update policy was set at installation time to: '${apt_updates_policy}'." do_log "info" "file_only" "4100() The update policy was set at installation time to: '${apt_updates_policy}'."
else else
do_log "warning" "file_only" "4080() Update policy '${apt_updates_policy}': is not supported. Using 'none' as default." do_log "warning" "file_only" "4100() Update policy '${apt_updates_policy}': is not supported. Using 'none' as default."
fi fi

37
func/cdi_4100_base_installation/4110_update_sources.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Update generated sources.
# Globals:
# DIR_LOG
# TARGET
# Arguments:
# None
# Returns:
# 0: on success
#######################################
update_sources() {
### Declare Arrays, HashMaps, and Variables.
declare -r var_logfile="${DIR_LOG}/4110_update_sources.sh"
### Update generated sources.
# shellcheck disable=SC2312
do_in_target "${TARGET}" script -q -c apt-get update -y /dev/null 2>&1 | tee -a "${var_logfile}"
do_log "info" "file_only" "4110() Sources updated successfully."
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

36
func/cdi_4100_base_installation/4120_installation_kernel.sh Normal file
View File

@@ -0,0 +1,36 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Installation of the specified kernel.
# Globals:
# TARGET
# image
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_kernel() {
### Declare Arrays, HashMaps, and Variables.
declare -r var_logfile="${DIR_LOG}/4120_installation_kernel.sh"
# shellcheck disable=SC2312
do_in_target "${TARGET}" apt-get install -y "${image}" /dev/null 2>&1 | tee -a "${var_logfile}"
do_log "info" "file_only" "4120() Kernel image: '${image}' installed successfully."
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

98
func/system/4090_minimal_toolset.sh → func/cdi_4100_base_installation/4130_installation_toolset.sh
View File

@@ -21,54 +21,64 @@ guard_sourcing
# Returns: # Returns:
# 0: on success # 0: on success
####################################### #######################################
minimal_toolset() { installation_toolset() {
### Declare Arrays, HashMaps, and Variables. ### Declare Arrays, HashMaps, and Variables.
# shellcheck disable=SC2154 # shellcheck disable=SC2154
declare -A hmp_tool_pkg=( declare -A hmp_tool_pkg=(
[awk]="gawk" [dig]="bind9-dnsutils"
[host]="bind9-dnsutils"
[hexdump]="bsdmainutils"
[btrfs]="btrfs-progs"
[busybox]="busybox" [busybox]="busybox"
[base64]="coreutils"
[cat]="coreutils" [cat]="coreutils"
[chmod]="coreutils" [chmod]="coreutils"
[chown]="coreutils" [chown]="coreutils"
[chpasswd]="passwd"
[chsh]="passwd"
[cp]="coreutils" [cp]="coreutils"
[cryptsetup]="cryptsetup-initramfs"
[echo]="coreutils" [echo]="coreutils"
[grep]="grep"
[ip]="iproute2"
[ln]="coreutils" [ln]="coreutils"
[mkdir]="coreutils" [mkdir]="coreutils"
[ping]="iputils-ping" [cryptsetup]="cryptsetup-initramfs"
[sed]="sed"
[sudo]="sudo"
[update-initramfs]="initramfs-tools"
[zsh]="zsh"
[lsblk]="util-linux"
[blkid]="util-linux"
[mount]="util-linux"
[umount]="util-linux"
[findmnt]="util-linux"
[parted]="parted"
[fdisk]="fdisk"
[tar]="tar"
[gzip]="gzip"
[curl]="curl" [curl]="curl"
[wget]="wget"
[tree]="tree"
[lsb_release]="lsb-release"
[btrfs]="btrfs-progs"
[e2label]="e2fsprogs" [e2label]="e2fsprogs"
[tune2fs]="e2fsprogs" [tune2fs]="e2fsprogs"
[fsck]="e2fsprogs" [fsck]="e2fsprogs"
[base64]="coreutils" [fdisk]="fdisk"
[xxd]="vim-common" [file]="file"
[awk]="gawk"
[grep]="grep"
[gzip]="gzip"
[update-initramfs]="initramfs-tools"
[ip]="iproute2"
[ping]="iputils-ping"
[jq]="jq" [jq]="jq"
[modprobe]="kmod"
[lsb_release]="lsb-release"
[parted]="parted"
[chpasswd]="passwd"
[chsh]="passwd"
[lspci]="pciutils"
[sysctl]="procps"
[sed]="sed"
[sudo]="sudo"
[tar]="tar"
[tree]="tree"
[lsusb]="usbutils"
[blkid]="util-linux"
[dmesg]="util-linux"
[lsblk]="util-linux"
[findmnt]="util-linux"
[mount]="util-linux"
[umount]="util-linux"
[xxd]="vim-common"
[wget]="wget"
[whois]="whois"
[zsh]="zsh"
[zstd]="zstd" [zstd]="zstd"
) )
declare -a ary_missing_pkgs=() ary_unique_pkgs=() declare -a ary_missing_pkgs=() ary_unique_pkgs=()
declare -r var_logfile="${DIR_LOG}/4090_minimal_toolset_install.log" declare -r var_logfile="${DIR_LOG}/4130_installation_toolset.sh"
declare var_bin="" var_bin="" declare var_bin="" var_bin=""
### Installation most basic packages. ### Installation most basic packages.
@@ -82,44 +92,20 @@ minimal_toolset() {
fi fi
done done
do_log "debug" "file_only" "4090() [ary_missing_pkgs]='${ary_missing_pkgs[*]}'." do_log "debug" "file_only" "4130() [ary_missing_pkgs]='${ary_missing_pkgs[*]}'."
### Installing unique list of packages ### Installing unique list of packages.
if ((${#ary_missing_pkgs[@]})); then if ((${#ary_missing_pkgs[@]})); then
# shellcheck disable=SC2312 # shellcheck disable=SC2312
mapfile -t ary_unique_pkgs < <(printf '%s\n' "${ary_missing_pkgs[@]}" | sort -u) mapfile -t ary_unique_pkgs < <(printf '%s\n' "${ary_missing_pkgs[@]}" | sort -u)
do_log "debug" "file_only" "4090() [ary_unique_pkgs]='${ary_unique_pkgs[*]}'." do_log "debug" "file_only" "4130() [ary_unique_pkgs]='${ary_unique_pkgs[*]}'."
# shellcheck disable=SC2312 # shellcheck disable=SC2312
# do_in_target "${TARGET}" apt-get install -y --no-install-recommends "${ary_unique_pkgs[@]}" 2>&1 | tee -a "${var_logfile}"
do_in_target "${TARGET}" script -q -c "apt-get install -y --no-install-recommends ${ary_unique_pkgs[*]}" /dev/null 2>&1 | tee -a "${var_logfile}" do_in_target "${TARGET}" script -q -c "apt-get install -y --no-install-recommends ${ary_unique_pkgs[*]}" /dev/null 2>&1 | tee -a "${var_logfile}"
fi fi
### Ensure systemd and machine-id are in place
if ! do_in_target_script "${TARGET}" "command -v systemctl >/dev/null"; then
do_log "info" "file_only" "4090() 'systemctl' NOT found, installing 'systemd' and dependencies."
do_in_target "${TARGET}" apt-get install -y --no-install-recommends systemd systemd-sysv dbus
else
do_log "info" "file_only" "4090() 'systemctl' found, skipping installation of systemd."
fi
### Generate machine-id if missing
if ! do_in_target_script "${TARGET}" "[[ -s /etc/machine-id ]]"; then
do_log "info" "file_only" "4090() Generating /etc/machine-id via systemd-machine-id-setup."
do_in_target "${TARGET}" systemd-machine-id-setup
else
do_log "info" "file_only" "4090() Existing 'machine-id' found, no action needed."
fi
return 0 return 0
} }
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

40
func/cdi_4100_base_installation/4131_installation_systemd.sh Normal file
View File

@@ -0,0 +1,40 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Ensure systemd is in place.
# Globals:
# TARGET
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_toolset() {
if ! do_in_target_script "${TARGET}" "command -v systemctl >/dev/null"; then
do_log "info" "file_only" "4131() 'systemctl' NOT found, installing 'systemd' and dependencies."
do_in_target "${TARGET}" apt-get install -y --no-install-recommends systemd systemd-sysv dbus
else
do_log "info" "file_only" "4131() 'systemctl' found, skipping installation of systemd."
fi
do_in_target_script "${TARGET}" "systemctl --version | grep -qi 'systemd'"
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

38
func/cdi_4100_base_installation/4132_installation_machineid.sh Normal file
View File

@@ -0,0 +1,38 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Generate machine-id if missing.
# Globals:
# TARGET
# Arguments:
# None
# Returns:
# 0: on success
#######################################
installation_machineid() {
if ! do_in_target_script "${TARGET}" "[[ -s /etc/machine-id ]]"; then
do_log "info" "file_only" "4132() Generating /etc/machine-id via systemd-machine-id-setup."
do_in_target "${TARGET}" systemd-machine-id-setup
else
do_log "info" "file_only" "4132() Existing 'machine-id' found, no action needed."
fi
return 0
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

27
func/system/4150_setup_grub.sh → func/cdi_4100_base_installation/4140_installation_grub.sh
View File

@@ -46,8 +46,10 @@ guard_sourcing
# ERR_GRUB_EFI_FORCE # ERR_GRUB_EFI_FORCE
# 0: on success # 0: on success
####################################### #######################################
setup_grub() { installation_grub() {
declare -gx var_update_grub_required="false" declare -gx var_update_grub_required="false"
get_all_boot_devs get_all_boot_devs
if [[ "${grub_skip,,}" != "true" ]]; then if [[ "${grub_skip,,}" != "true" ]]; then
@@ -62,7 +64,7 @@ setup_grub() {
amd64) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-amd64 ;; amd64) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-amd64 ;;
arm64) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-arm64 ;; arm64) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-arm64 ;;
i386) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-ia32 ;; i386) do_in_target "${TARGET}" apt-get install -y -t bookworm-backports grub2 grub2-common grub-efi-ia32 ;;
*) do_log "emergency" "file_only" "Unsupported UEFI architecture: ${VAR_ARCHITECTURE}"; return "${ERR_GRUB_ARCHITECTURE}" ;; *) do_log "emergency" "file_only" "4140() Unsupported UEFI architecture: ${VAR_ARCHITECTURE}"; return "${ERR_GRUB_ARCHITECTURE}" ;;
esac esac
else else
@@ -80,7 +82,7 @@ setup_grub() {
amd64) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-amd64 ;; amd64) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-amd64 ;;
arm64) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-arm64 ;; arm64) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-arm64 ;;
i386) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-ia32 ;; i386) do_in_target "${TARGET}" apt-get install -y grub2 grub2-common grub-efi-ia32 ;;
*) do_log "emergency" "file_only" "Unsupported UEFI architecture: ${VAR_ARCHITECTURE}"; return "${ERR_GRUB_ARCHITECTURE}" ;; *) do_log "emergency" "file_only" "4140() Unsupported UEFI architecture: ${VAR_ARCHITECTURE}"; return "${ERR_GRUB_ARCHITECTURE}" ;;
esac esac
else else
@@ -113,7 +115,7 @@ setup_grub() {
else else
do_log "emergency" "file_only" "Unsupported combination of partition table: '${VAR_RECIPE_TABLE,,}' and setting: grub_force_efi '${grub_force_efi,,}'." do_log "emergency" "file_only" "4140() Unsupported combination of partition table: '${VAR_RECIPE_TABLE,,}' and setting: grub_force_efi '${grub_force_efi,,}'."
return "${ERR_GRUB_EFI_FORCE}" return "${ERR_GRUB_EFI_FORCE}"
fi fi
@@ -186,7 +188,7 @@ EOF
else else
do_log "info" "file_only" "GRUB2 setup skipped." do_log "info" "file_only" "414() GRUB2 setup skipped."
fi fi
@@ -194,7 +196,7 @@ EOF
### Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. ### Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them.
chown root:root "${TARGET}/boot/grub/grub.cfg" chown root:root "${TARGET}/boot/grub/grub.cfg"
chmod 0600 "${TARGET}/boot/grub/grub.cfg" chmod 0640 "${TARGET}/boot/grub/grub.cfg"
chmod -R 0700 "${TARGET}/etc/grub.d" chmod -R 0700 "${TARGET}/etc/grub.d"
return 0 return 0
@@ -215,12 +217,13 @@ EOF
get_all_boot_devs() { get_all_boot_devs() {
declare -ag ary_bootdev_all=() declare -ag ary_bootdev_all=()
declare dev="" dev_prefix="" dev_path="" letter="" declare dev="" dev_prefix="" dev_path="" letter=""
declare -i ascii ascii_end ascii_start declare -i ascii=0 ascii_end=0 ascii_start=0
### Determine prefix from grub_bootdev (e.g., "sd", "vd", "nvme", "mmcblk") ### Determine prefix from grub_bootdev (e.g., "sd", "vd", "nvme", "mmcblk")
dev_prefix=$(basename "${grub_bootdev}" | sed -E 's/^([a-z]+)[a-z0-9]*$/\1/') dev_prefix=$(basename "${grub_bootdev}" | sed -E 's/^([a-z]+)[a-z0-9]*$/\1/')
case "${dev_prefix}" in case "${dev_prefix}" in
sd|vd|hd) sd|vd|hd)
ascii_start=$(printf '%d' "'a") ascii_start=$(printf '%d' "'a")
ascii_end=$(printf '%d' "'${VAR_RECIPE_HIGHEST_DEVICE}") ascii_end=$(printf '%d' "'${VAR_RECIPE_HIGHEST_DEVICE}")
@@ -230,21 +233,25 @@ get_all_boot_devs() {
[[ -b "${dev_path}" ]] && ary_bootdev_all+=("${dev_path}") [[ -b "${dev_path}" ]] && ary_bootdev_all+=("${dev_path}")
done done
;; ;;
nvme) nvme)
# shellcheck disable=SC2312 # shellcheck disable=SC2312
while read -r dev; do while read -r dev; do
ary_bootdev_all+=("/dev/${dev}") ary_bootdev_all+=("/dev/${dev}")
done < <(lsblk -dn -o NAME | grep -E '^nvme[0-9]+n1$') done < <(lsblk -dn -o NAME | grep -E '^nvme[0-9]+n1$')
;; ;;
mmcblk) mmcblk)
# shellcheck disable=SC2312 # shellcheck disable=SC2312
while read -r dev; do while read -r dev; do
ary_bootdev_all+=("/dev/${dev}") ary_bootdev_all+=("/dev/${dev}")
done < <(lsblk -dn -o NAME | grep -E '^mmcblk[0-9]+$') done < <(lsblk -dn -o NAME | grep -E '^mmcblk[0-9]+$')
;; ;;
*) *)
do_log "warning" "file_only" "Unrecognized boot device prefix: ${dev_prefix}" do_log "warning" "file_only" "Unrecognized boot device prefix: ${dev_prefix}"
;; ;;
esac esac
return 0 return 0
@@ -269,7 +276,7 @@ install_grub_bios_all() {
case "${VAR_RECIPE_TABLE,,}" in case "${VAR_RECIPE_TABLE,,}" in
gpt) partmod="part_gpt" ;; gpt) partmod="part_gpt" ;;
msdos|mbr) partmod="part_msdos" ;; msdos|mbr) partmod="part_msdos" ;;
*) do_log "emergency" "file_only" "Unknown partition table type: '${VAR_RECIPE_TABLE}'."; return "${ERR_PARTITIONTBL}" ;; *) do_log "emergency" "file_only" "4140() Unknown partition table type: '${VAR_RECIPE_TABLE}'."; return "${ERR_PARTITIONTBL}" ;;
esac esac
declare var_modules="btrfs cryptodisk luks2 gcry_rijndael gcry_sha256 gcry_sha512 ${partmod}" declare var_modules="btrfs cryptodisk luks2 gcry_rijndael gcry_sha256 gcry_sha512 ${partmod}"
@@ -304,7 +311,7 @@ install_grub_uefi_all() {
case "${VAR_RECIPE_TABLE,,}" in case "${VAR_RECIPE_TABLE,,}" in
gpt) partmod="part_gpt" ;; gpt) partmod="part_gpt" ;;
msdos|mbr) partmod="part_msdos" ;; msdos|mbr) partmod="part_msdos" ;;
*) do_log "emergency" "file_only" "4150() Unknown partition table type: '${VAR_RECIPE_TABLE}'."; return "${ERR_PARTITIONTBL}" ;; *) do_log "emergency" "file_only" "4140() Unknown partition table type: '${VAR_RECIPE_TABLE}'."; return "${ERR_PARTITIONTBL}" ;;
esac esac
declare var_modules="btrfs cryptodisk luks2 gcry_rijndael gcry_sha256 gcry_sha512 ${partmod}" declare var_modules="btrfs cryptodisk luks2 gcry_rijndael gcry_sha256 gcry_sha512 ${partmod}"
@@ -312,7 +319,7 @@ install_grub_uefi_all() {
for dev in "${ary_bootdev_all[@]}"; do for dev in "${ary_bootdev_all[@]}"; do
do_in_target "${TARGET}" grub-install "${args[@]}" do_in_target "${TARGET}" grub-install "${args[@]}"
do_log "info" "file_only" "Installed: GRUB on Device: '${dev}' (UEFI)." do_log "info" "file_only" "4140() Installed: GRUB on Device: '${dev}' (UEFI)."
var_update_grub_required="true" var_update_grub_required="true"
done done

12
func/system/4120_installation_kernel.sh → func/system/4100_finalzie_system.sh
View File

@@ -13,19 +13,19 @@
guard_sourcing guard_sourcing
####################################### #######################################
# Installation of the specified kernel. # Set locale, locale overrides and configure keyboard layout.
# Globals: # Globals:
# TARGET # TARGET
# image
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
# 0: on success # 0: on success
####################################### #######################################
installation_kernel() { setup_locales() {
# Installing the chosen Kernel Image according to preseed.yaml
# shellcheck disable=SC2154 # "${image}" ### Set the X11 keyboard layout (for graphical environments).
do_in_target "${TARGET}" apt-get install -y "${image}" do_in_target "${TARGET}" localectl set-x11-keymap "${locale_keyboard_xkb_keymap}"
return 0 return 0
} }
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

0
includes/chroot/hooks/1000_deleting_invalid_x509.sh → includes/chroot/hooks/4020_remove_x509.hooks.sh
View File

21
meta_loader_func.sh
View File

@@ -10,6 +10,7 @@
# SPDX-PackageName: CISS.debian.installer # SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### cdi_1000_helper
source_guard "./func/cdi_1000_helper/1030_check_nic.sh" source_guard "./func/cdi_1000_helper/1030_check_nic.sh"
source_guard "./func/cdi_1000_helper/1080_helper_chroot.sh" source_guard "./func/cdi_1000_helper/1080_helper_chroot.sh"
source_guard "./func/cdi_1000_helper/1081_helper_grub.sh" source_guard "./func/cdi_1000_helper/1081_helper_grub.sh"
@@ -18,14 +19,17 @@ source_guard "./func/cdi_1000_helper/1084_helper_sanitizer.sh"
source_guard "./func/cdi_1000_helper/1085_helper_secure_dl.sh" source_guard "./func/cdi_1000_helper/1085_helper_secure_dl.sh"
source_guard "./func/cdi_1000_helper/1086_helper_yaml.sh" source_guard "./func/cdi_1000_helper/1086_helper_yaml.sh"
### cdi_1200_validation
source_guard "./func/cdi_1200_validation/1220_validation_element.sh" source_guard "./func/cdi_1200_validation/1220_validation_element.sh"
source_guard "./func/cdi_1200_validation/1221_validation_ip.sh" source_guard "./func/cdi_1200_validation/1221_validation_ip.sh"
source_guard "./func/cdi_1200_validation/1222_validation_preseed.sh" source_guard "./func/cdi_1200_validation/1222_validation_preseed.sh"
### cdi_1250_yaml
source_guard "./func/cdi_1250_yaml/1250_yaml_parser.sh" source_guard "./func/cdi_1250_yaml/1250_yaml_parser.sh"
source_guard "./func/cdi_1250_yaml/1251_yaml_reader.sh" source_guard "./func/cdi_1250_yaml/1251_yaml_reader.sh"
source_guard "./func/cdi_1250_yaml/1252_yaml_validator.sh" source_guard "./func/cdi_1250_yaml/1252_yaml_validator.sh"
### cdi_3200_partitioning
source_guard "./func/cdi_3200_partitioning/3200_partitioning.sh" source_guard "./func/cdi_3200_partitioning/3200_partitioning.sh"
source_guard "./func/cdi_3200_partitioning/3210_benchmarking_encryption.sh" source_guard "./func/cdi_3200_partitioning/3210_benchmarking_encryption.sh"
source_guard "./func/cdi_3200_partitioning/3220_partition_encryption.sh" source_guard "./func/cdi_3200_partitioning/3220_partition_encryption.sh"
@@ -34,23 +38,28 @@ source_guard "./func/cdi_3200_partitioning/3280_mount_partition.sh"
source_guard "./func/cdi_3200_partitioning/3290_uuid_logger.sh" source_guard "./func/cdi_3200_partitioning/3290_uuid_logger.sh"
source_guard "./func/cdi_3200_partitioning/3295_get_label.sh" source_guard "./func/cdi_3200_partitioning/3295_get_label.sh"
### cdi_4000_debootstrap
source_guard "./func/cdi_4000_debootstrap/4000_debootstrap.sh" source_guard "./func/cdi_4000_debootstrap/4000_debootstrap.sh"
source_guard "./func/cdi_4000_debootstrap/4010_prepare_mounts.sh" source_guard "./func/cdi_4000_debootstrap/4010_prepare_mounts.sh"
source_guard "./func/cdi_4000_debootstrap/4020_remove_expired_certificates.sh" source_guard "./func/cdi_4000_debootstrap/4020_remove_x509.sh"
source_guard "./func/cdi_4000_debootstrap/4030_setup_hostname.sh" source_guard "./func/cdi_4000_debootstrap/4030_setup_hostname.sh"
source_guard "./func/cdi_4000_debootstrap/4035_setup_resolv.sh" source_guard "./func/cdi_4000_debootstrap/4035_setup_resolv.sh"
source_guard "./func/cdi_4000_debootstrap/4040_setup_timezone.sh" source_guard "./func/cdi_4000_debootstrap/4040_setup_timezone.sh"
source_guard "./func/cdi_4000_debootstrap/4050_setup_locales.sh" source_guard "./func/cdi_4000_debootstrap/4050_setup_locales.sh"
### cdi_4100_base_installation
source_guard "./func/cdi_4100_base_installation/4100_generate_sources.sh"
source_guard "./func/cdi_4100_base_installation/4110_update_sources.sh"
source_guard "./func/cdi_4100_base_installation/4120_installation_kernel.sh"
source_guard "./func/cdi_4100_base_installation/4130_installation_toolset.sh"
source_guard "./func/cdi_4100_base_installation/4131_installation_systemd.sh"
source_guard "./func/cdi_4100_base_installation/4132_installation_machineid.sh"
source_guard "./func/cdi_4100_base_installation/4140_installation_grub.sh"
source_guard "./func/system/4040_generate_fstab.sh" source_guard "./func/system/4040_generate_fstab.sh"
source_guard "./func/system/4060_generate_crypttab.sh" source_guard "./func/system/4060_generate_crypttab.sh"
source_guard "./func/system/4080_generate_sources.sh"
source_guard "./func/system/4090_minimal_toolset.sh"
source_guard "./func/system/4095_setup_skel.sh" source_guard "./func/system/4095_setup_skel.sh"
source_guard "./func/system/4120_installation_kernel.sh"
source_guard "./func/system/4130_setup_network.sh" source_guard "./func/system/4130_setup_network.sh"
source_guard "./func/system/4150_setup_grub.sh"
source_guard "./func/system/4155_setup_grub_password.sh" source_guard "./func/system/4155_setup_grub_password.sh"
source_guard "./func/system/4160_grub_bootparameter.sh" source_guard "./func/system/4160_grub_bootparameter.sh"
source_guard "./func/system/4165_kernel_modules.sh" source_guard "./func/system/4165_kernel_modules.sh"