V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/partitioning.yaml

@@ -31,7 +31,7 @@ recipe:
       id: "guben0afx256r"      # MUST be equal to the second part of the recipe-variables string.
       kdf:
         threads: 1             # Set the parallel cost for PBKDF (number of threads, up to 4).
-        time: 2048             # The number of milliseconds to spend with PBKDF passphrase processing.
+        time: 256              # The number of milliseconds to spend with PBKDF passphrase processing.
       name: "ciss.2025.gpt.btrfs.ephemeral.non-raid.256GiB.rescue"
       nuke: true               # Activates Nuke-Mechanism in '/etc/crypttab' keyscript and via dropbear SSH forced command.
       raid:                    # mdadm RAID settings only (not yet supported).

.preseed/preseed.yaml

@@ -82,7 +82,7 @@ debootstrap:                   # Provide a mirror for downloading the Debian pac
                                # Specify the packages to be included in the debootstrapping process. Include a comma-separated
                                # list of official Debian packages.
   mirror: "https://deb.debian.org/debian"
-  includes: "ca-certificates,openssl"
+  includes: "ca-certificates,locales,openssl"
 distribution: "bookworm"       # MUST be "bookworm".
 debian_suite: "stable"         # MUST be "stable". Not supported yet: "testing", "experimental".
 exit:

ciss_debian_installer.sh

@@ -28,6 +28,7 @@
 # TODO: Copying Log Files to final System
 # TODO: Integrate CISS.debian.installer calling arguments and preseed.yaml into CISS.debian.live.builder build chain?
 # TODO: Reboot function for Autoinstall
+# TODO: 0105_arg_nuke_converter.sh - implement HashRounds as argument
 
 ### WHY BASH?
 # Ease of installation. No compiling or installing gems, CPAN modules, pip packages, etc. Simple to use and read. Clear syntax
@@ -239,7 +240,7 @@ setup_resolv
 echo "MAIN PROGRAM SEQUENCE: 4040_setup_timezone.sh ..."
 setup_timezone
 echo "MAIN PROGRAM SEQUENCE: 4050_setup_locales.sh ..."
-setup_locales
+setup_locales # TODO: Checks ongoing
 
 ### CDI_4100
 echo "MAIN PROGRAM SEQUENCE: 4100_generate_sources.sh ..."

func/cdi_4000_debootstrap/4050_setup_locales.sh

@@ -65,7 +65,14 @@ setup_locales() {
 
 set -Ceuo pipefail
 
-sed -i '/^[[:space:]]*[^#[:space:]]/s/^/#/' /etc/locale.gen
+if [[ -f /etc/locale.gen ]]; then
+
+  sed -i '/^[[:space:]]*[^#[:space:]]/s/^/#/' /etc/locale.gen
+
+else
+
+  touch /etc/locale.gen
+fi
 
 echo '${locale_locale} UTF-8' >> /etc/locale.gen
 
@@ -74,20 +81,22 @@ dpkg-reconfigure -f noninteractive locales
 locale-gen
 
 update-locale \
-  LANG=${locale_locale} \
-  LC_ADDRESS=${locale_override_address:-${locale_locale}} \
-  LC_COLLATE=${locale_override_collate:-${locale_locale}} \
-  LC_CTYPE=${locale_override_ctype:-${locale_locale}} \
-  LC_MEASUREMENT=${locale_override_measurement:-${locale_locale}} \
-  LC_MESSAGES=${locale_override_messages:-${locale_locale}} \
-  LC_MONETARY=${locale_override_monetary:-${locale_locale}} \
-  LC_NAME=${locale_override_name:-${locale_locale}} \
-  LC_NUMERIC=${locale_override_numeric:-${locale_locale}} \
-  LC_PAPER=${locale_override_paper:-${locale_locale}} \
-  LC_TELEPHONE=${locale_override_telephone:-${locale_locale}} \
-  LC_TIME=${locale_override_time:-${locale_locale}} \
-  LC_IDENTIFICATION=${locale_locale} \
-  LC_ALL=
+LANG=${locale_locale} \
+LC_ADDRESS=${locale_override_address:-${locale_locale}} \
+LC_COLLATE=${locale_override_collate:-${locale_locale}} \
+LC_CTYPE=${locale_override_ctype:-${locale_locale}} \
+LC_MEASUREMENT=${locale_override_measurement:-${locale_locale}} \
+LC_MESSAGES=${locale_override_messages:-${locale_locale}} \
+LC_MONETARY=${locale_override_monetary:-${locale_locale}} \
+LC_NAME=${locale_override_name:-${locale_locale}} \
+LC_NUMERIC=${locale_override_numeric:-${locale_locale}} \
+LC_PAPER=${locale_override_paper:-${locale_locale}} \
+LC_TELEPHONE=${locale_override_telephone:-${locale_locale}} \
+LC_TIME=${locale_override_time:-${locale_locale}} \
+LC_IDENTIFICATION=${locale_locale} \
+LC_ALL=
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF
 
   chmod 0700 "${var_locale_hook}"
@@ -124,8 +133,9 @@ EOF
   chmod 0644 "${TARGET}/etc/default/keyboard"
   do_log "info" "file_only" "4050() Keyboard layout updated: 'XKBLAYOUT=${locale_keyboard_xkb_keymap}' -> '${TARGET}/etc/default/keyboard'."
 
+  # TODO: Move this command later than 4131_installation_systemd.sh
   ### Set the X11 keyboard layout (for graphical environments).
-  do_in_target "${TARGET}" localectl set-x11-keymap "${locale_keyboard_xkb_keymap}"
+  #do_in_target "${TARGET}" localectl set-x11-keymap "${locale_keyboard_xkb_keymap}"
 
   return 0
 }

lib/cdi_0100_arg/0105_arg_nuke_converter.sh

@@ -41,9 +41,9 @@ nuke_passphrase() {
     return "${ERR_GENERATE_SALT}"
   fi
 
-  ### No tracing for security reasons
+  ### No tracing for security reasons ### --rounds=8388608
   [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
-  var_temp_nuke_hash=$(mkpasswd --method=sha-512 --salt="${var_salt}" --rounds=8388608 "${var_temp_plain_nuke_pwd}")
+  var_temp_nuke_hash=$(mkpasswd --method=sha-512 --salt="${var_salt}" --rounds=16384 "${var_temp_plain_nuke_pwd}")
   ### Turn on tracing again
   [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x