msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 54s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-30 18:49:39 +02:00
parent 4c804e577f
commit 9d1d6581b5
8 changed files with 278 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
func/helper/1080_helper_chroot.sh
View File

@@ -14,9 +14,9 @@ guard_sourcing
#######################################
# Use do_in_target() for:
# simple commands (e.g., dpkg, ln, mkdir, apt, etc.)
# - simple commands (e.g., dpkg, ln, mkdir, apt, etc.).
# Use do_in_target_script() for:
# all shell scripts, redirects, pipes, conditions, loops, or subshells
# - all shell scripts, redirects, pipes, conditions, loops, or subshells.
#######################################
#######################################
@@ -32,34 +32,52 @@ guard_sourcing
# ERR_CHRT_COMMAND: on failure
#######################################
do_in_target() {
declare var_chroot_target="$1"
shift
declare var_chroot_target="$1"; shift
declare -a ary_chroot_command=("$@")
declare -r var_default_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
declare -i var_chroot_rc=0
if (( ${#ary_chroot_command[@]} == 0 )); then
do_log "emergency" "file_only" "Empty command passed to 'do_in_target()'."
do_log "emergency" "file_only" "1080() Empty command passed to 'do_in_target()'."
return "${ERR_CHRT_COMMAND}"
fi
if chroot "${var_chroot_target}" /usr/bin/env -i \
HOME=/root \
PATH=/usr/sbin:/usr/bin:/sbin:/bin \
TERM="${TERM}" \
LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
"${ary_chroot_command[@]}"
then
do_log "info" "file_only" "Success: chroot '${var_chroot_target}': '${ary_chroot_command[*]}'."
return 0
else
do_log "emergency" "file_only" "Failed: chroot '${var_chroot_target}': '${ary_chroot_command[*]}'."
if ! chroot "${var_chroot_target}" /usr/bin/env -i PATH="${var_default_path}" which "${ary_chroot_command[0]}" &>/dev/null; then
do_log "emergency" "file_only" "1080() Binary: '${ary_chroot_command[0]}' not found in target 'PATH=${var_default_path}'."
do_log "emergency" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i PATH=${var_default_path} which ${ary_chroot_command[0]} &>/dev/null]."
return "${ERR_CHRT_COMMAND}"
fi
if ! chroot "${var_chroot_target}" /usr/bin/env -i \
HOME="/root" \
PATH="${var_default_path}" \
TERM="${TERM}" \
LANG="C.UTF-8" \
LC_ALL="C.UTF-8" \
"${ary_chroot_command[@]}"
then
var_chroot_rc="${?}"
do_log "emergency" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 ${ary_chroot_command[*]}] failed."
do_log "emergency" "file_only" "1080() Command: [Return code: '${var_chroot_rc}']."
return "${ERR_CHRT_COMMAND}"
else
do_log "info" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 ${ary_chroot_command[*]}] successful."
return 0
fi
}
#######################################
# Execute a full shell script line inside the chroot via bash -c.
# Supports interactive debug shell on error.
# TODO: Supports interactive debug shell on error.
# Globals:
# ERR_CHRT_COMMAND
# TERM
@@ -72,43 +90,44 @@ do_in_target() {
# ERR_CHRT_COMMAND: on failure
#######################################
do_in_target_script() {
declare var_chroot_target="$1"
shift
declare var_chroot_script="$1"
declare var_chroot_target="$1"; shift
declare var_chroot_script="$1"
declare -r var_default_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
declare -i var_chroot_rc=0
if [[ -z "${var_chroot_script}" ]]; then
do_log "emergency" "file_only" "Empty command passed to 'do_in_target_script()'."
do_log "emergency" "file_only" "1080() Empty command passed to 'do_in_target_script()'."
return "${ERR_CHRT_COMMAND}"
fi
# do_log "debug" "file_only" "Evaluating chroot script in '${var_chroot_target}': '${var_chroot_script}'."
if chroot "${var_chroot_target}" /usr/bin/env -i \
HOME=/root \
PATH=/usr/sbin:/usr/bin:/sbin:/bin \
if ! chroot "${var_chroot_target}" /usr/bin/env -i \
HOME="/root" \
PATH="${var_default_path}" \
TERM="${TERM}" \
LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
LANG="C.UTF-8" \
LC_ALL="C.UTF-8" \
/bin/bash -c "${var_chroot_script}"
then
do_log "info" "file_only" "Success: chroot '${var_chroot_target}': '${var_chroot_script}'."
return 0
else
declare -i var_chroot_rc="${?}"
do_log "emergency" "file_only" "Failure: chroot '${var_chroot_target}': '${var_chroot_script}'."
do_log "info" "file_only" "Return code: '${var_chroot_rc}'."
var_chroot_rc="${?}"
do_log "emergency" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 /bin/bash -c ${var_chroot_script}] failed."
do_log "emergency" "file_only" "1080() Command: [Return code: '${var_chroot_rc}']."
return "${ERR_CHRT_COMMAND}"
# TODO: Test with Dialog Wrapper in interactive mode.
# TODO: Call clean screen first to terminate dialog wrapper !
#if [[ "${DEBUG_INTERACTIVE}" == "true" ]]; then
# do_log "warning" "true" "Launching interactive debug shell in chroot: '${var_chroot_target}'."
# chroot "${var_chroot_target}" /bin/bash -l
#fi
return "${ERR_CHRT_COMMAND}"
else
do_log "info" "file_only" "1080() Command: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 /bin/bash -c ${var_chroot_script}] successful."
return 0
fi
}

96
func/helper/1251_yaml_reader.sh
View File

@@ -32,50 +32,120 @@ guard_sourcing
#######################################
yaml_reader() {
### Declare Arrays, HashMaps, and Variables.
# shellcheck disable=SC2034
declare -Ag HMP_RECIPE_DEV_PARTITIONS=()
declare -gx VAR_RECIPE_STRING="" VAR_RECIPE_HIGHEST_DEVICE="" VAR_ARCHITECTURE="" VAR_RECIPE_FIRMWARE="" VAR_NUKE="" \
VAR_RECIPE_TABLE=""
VAR_RECIPE_TABLE="" VAR_NEED_RUN_IN_TARGET="false"
### Declare and substitute input files.
declare -r var_if="${VAR_PRESEED}"
### Search pattern for variables (recipe_<string>_active='true')
declare -r var_search_pattern="^recipe_.*_active='true'"
declare var_line="" var_middle_part="" var_highest_dev="" var_device="" var_fields="" var_partition="" \
recipe_firmware_var="" recipe_nuke_var="" recipe_table_var=""
### Read "${var_if}" line by line
### Read "${var_if}" line by line.
while IFS= read -r var_line; do
### Check, if line matches the search pattern
### Check, if line matches the search pattern.
if [[ "${var_line}" =~ ^recipe_([^_]+)_active=\'true\' ]]; then
var_middle_part="${BASH_REMATCH[1]}"
VAR_RECIPE_STRING="${var_middle_part}"
break
fi
#if [[ "${var_line}" =~ ${var_search_pattern} ]]; then
# ### Extract the middle part or second position
# var_middle_part=$(echo "${var_line}" | sed -E "s/^recipe_([^_]+)_active='true'/\1/")
# VAR_RECIPE_STRING="${var_middle_part}"
# ### Exit after first occurrence
# break
#fi
done < "${var_if}"
if [[ -n "${VAR_RECIPE_STRING}" ]]; then
do_log "info" "file_only" "1251() Found active recipe string: '${VAR_RECIPE_STRING}'."
else
do_log "fatal" "file_only" "1251() Found NO active recipe string: '${VAR_RECIPE_STRING}'."
exit "${ERR_NO_VALID_RECIPE}"
fi
### Search "${var_if}" for matching recipe_${VAR_RECIPE_STRING}_dev_* entries and find the highest dev letter.
# shellcheck disable=SC2312
var_highest_dev=$(grep -E "^recipe_${VAR_RECIPE_STRING}_dev_" "${var_if}" | awk -F'_' '
{
if (NF >= 4) {
### Extract 4th position (e.g., "recipe_${VAR_RECIPE_STRING}_dev_sda" or "recipe_${VAR_RECIPE_STRING}_dev_vda")
device_field = $4
### Check, if field is at least 3 char wide and last char contains a letter
if (length(device_field) >= 3) {
last_char = substr(device_field, length(device_field), 1) ### Extract last letter of respective field
if (last_char ~ /^[a-z]$/ && last_char > max) {
max = last_char
}
}
}
}
END { print max }
')
### Save the result in VAR_RECIPE_HIGHEST_DEVICE.
VAR_RECIPE_HIGHEST_DEVICE="${var_highest_dev}"
if [[ -n "${VAR_RECIPE_HIGHEST_DEVICE}" ]]; then
do_log "info" "file_only" "1251() Found highest recipe device: '${VAR_RECIPE_HIGHEST_DEVICE}'."
else
do_log "fatal" "file_only" "1251() Found NO highest recipe device: '${VAR_RECIPE_HIGHEST_DEVICE}'."
exit "${ERR_NO_VALID_RECIPE}"
fi
### Read var_if and iterate through all matching entries without executing in a subshell
# shellcheck disable=SC2312
while read -r var_line; do
### Extract fields of line
IFS='_' read -ra var_fields <<< "${var_line}"
### Check that enough fields are available
if [[ "${#var_fields[@]}" -ge 5 ]]; then
var_device="${var_fields[3]}" ### The fourth position includes the device (e.g., sda, vda, xvda)
var_partition="${var_fields[4]}" ### The fifth position includes the partition (e.g., 13)
### Check, if the partition is a number and higher than the current value
if [[ "${var_partition}" =~ ^[0-9]+$ ]]; then
declare -i cur="${HMP_RECIPE_DEV_PARTITIONS[${var_device}]:-0}"
if (( var_partition > cur )); then
#if [[ -z "${HMP_RECIPE_DEV_PARTITIONS[${var_device}]:-}" || "${var_partition}" -gt ${HMP_RECIPE_DEV_PARTITIONS[${var_device}]:-0} ]]; then
# shellcheck disable=SC2004
HMP_RECIPE_DEV_PARTITIONS[${var_device}]="${var_partition}"
fi
fi
fi
done < <(grep -E "^recipe_${VAR_RECIPE_STRING}_dev_" "${var_if}")
for var_device in "${!HMP_RECIPE_DEV_PARTITIONS[@]}"; do
do_log "info" "file_only" "1251() Highest number of partitions: [${var_device}:${HMP_RECIPE_DEV_PARTITIONS[${var_device}]}]."
done
### Extract architecture.
# shellcheck disable=SC2034
VAR_ARCHITECTURE="${architecture}"
### Extract chroot secure '/run' mounting strategy.
# shellcheck disable=SC2034
VAR_NEED_RUN_IN_TARGET="${needrun}"
### Extract chosen firmware.
recipe_firmware_var="recipe_${VAR_RECIPE_STRING}_control_firmware"
VAR_RECIPE_FIRMWARE="${!recipe_firmware_var}"
### Extract the chosen Nuke mechanism.
recipe_nuke_var="recipe_${VAR_RECIPE_STRING}_control_nuke"
# shellcheck disable=SC2034
VAR_NUKE="${!recipe_nuke_var}"
### Extract chosen partition table.

83
func/system/4020_configure_system.sh
View File

@@ -17,6 +17,8 @@ guard_sourcing
# Globals:
# ERR_CHRT_MOUNTS
# TARGET
# VAR_CHROOT_ACTIVATED
# VAR_NEED_RUN_IN_TARGET
# Arguments:
# None
# Returns:
@@ -26,34 +28,93 @@ guard_sourcing
configure_system() {
### Notes
# This file mounts all necessary pseudo filesystems into the target root environment to enable chroot operations.
# --rbind: recursive binding.
# --make-rslave: In this case, the mount point is marked as 'slave'.
# This means changes to the source mount (e.g., /proc) are propagated to the target mount (e.g., "${TARGET}"/proc).
# This means changes to the source mount (e.g., /proc) are propagated to the target mount (e.g., "${TARGET}/proc").
# Conversely, changes to the target mount are not propagated back to the source mount.
# This mode is necessary to avoid problems with double or erroneous propagation effects in chroot or container environments.
#
# Some subdirectories (such as /dev/pts, /dev/shm, /sys/fs/cgroup) are remounted with more restrictive options
# like 'noexec', 'nosuid', and 'nodev' to enhance security. This ensures they override the inherited bind-mounts and
# enforce proper runtime behavior in the chroot.
declare var_src="" var_dst=""
declare -a ary_mounts=(proc sys dev run)
### Declare Arrays, HashMaps, and Variables.
declare -A HMP_SPECIAL_MOUNTS=(
["/dev/pts"]="devpts devpts noexec,nosuid" ### Mount 'devpts' (used by pseudo-terminals).
["/dev/shm"]="tmpfs tmpfs rw,nosuid,nodev" ### Mount 'tmpfs' for '/dev/shm' (shared memory).
["/dev/mqueue"]="mqueue mqueue rw,nosuid,nodev,noexec" ### Mount 'mqueue' for POSIX message queues.
["/dev/hugepages"]="hugetlbfs hugetlbfs rw,nosuid,nodev" ### Mount 'hugetlbfs' (huge pages, may be unused but required on some 'archs').
["/sys/fs/cgroup"]="cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime" ### Mount unified 'cgroup2' hierarchy.
)
for var_src in "${ary_mounts[@]}"; do
var_dst="${TARGET}/${var_src}"
mkdir -p "${var_dst}"
declare -a ary_mount=( "/proc" "/sys" "/dev" )
declare var_src="" var_dst="" var_path="" var_fs="" var_opts=""
if ! mount --make-rslave --rbind "/${var_src}" "${var_dst}"; then
do_log "emergency" "file_only" "4020() Command: [mount --make-rslave --rbind /${var_src} ${var_dst}] failed."
for var_path in "${ary_mount[@]}" "${!HMP_SPECIAL_MOUNTS[@]}"; do
mkdir -p "${TARGET}${var_path}"
done
for var_src in "${ary_mount[@]}"; do
var_dst="${TARGET}${var_src}"
if ! mount --make-rslave --rbind "${var_src}" "${var_dst}"; then
do_log "emergency" "file_only" "4020() Command: [mount --make-rslave --rbind ${var_src} ${var_dst}] failed."
return "${ERR_CHRT_MOUNTS}"
fi
do_log "info" "file_only" "4020() Command: [mount --make-rslave --rbind /${var_src} ${var_dst}] successful."
do_log "info" "file_only" "4020() Command: [mount --make-rslave --rbind ${var_src} ${var_dst}] successful."
done
if [[ "${VAR_NEED_RUN_IN_TARGET:-false}" == "true" ]]; then
mkdir -p "${TARGET}/run"
if ! mount --make-rslave --rbind /run "${TARGET}/run"; then
do_log "emergency" "file_only" "4020() Command: [mount --make-rslave --rbind /run ${TARGET}/run] failed."
return "${ERR_CHRT_MOUNTS}"
fi
do_log "info" "file_only" "4020() Command: [mount --make-rslave --rbind /run ${TARGET}/run] successful."
fi
for var_path in "${!HMP_SPECIAL_MOUNTS[@]}"; do
IFS=" " read -r var_fs var_src var_opts <<< "${HMP_SPECIAL_MOUNTS[${var_path}]}"
if ! mount -t "${var_fs}" "${var_src}" "${TARGET}${var_path}" -o "${var_opts}"; then
do_log "emergency" "file_only" "4020() Command: [mount -t ${var_fs} ${var_src} ${TARGET}${var_path} -o ${var_opts}] failed."
return "${ERR_CHRT_MOUNTS}"
else
do_log "info" "file_only" "4020() Command: [mount -t ${var_fs} ${var_src} ${TARGET}${var_path} -o ${var_opts}] successful."
fi
done
if ! do_in_target "${TARGET}" mkdir -p /etc/systemd/system/multi-user.target.wants; then
do_log "emergency" "file_only" "4020() Command: [do_in_target ${TARGET} mkdir -p /etc/systemd/system/multi-user.target.wants] failed."
return "${ERR_CHRT_MOUNTS}"
else
do_log "info" "file_only" "4020() Command: [do_in_target ${TARGET} mkdir -p /etc/systemd/system/multi-user.target.wants] successful."
fi
do_log "info" "file_only" "4020() Command: [mkdir -p /etc/systemd/system/multi-user.target.wants] failed in: '${TARGET}'."
# shellcheck disable=SC2034
declare -gx VAR_CHROOT_ACTIVATED="system"
return 0

67
func/system/4040_generate_fstab.sh
View File

@@ -30,12 +30,12 @@ write_fstab() {
if [[ "${write_maps}" =~ ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}$ ]] || [[ "${write_maps}" =~ ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ ]]; then
printf "%-43s%-28s%-8s%-74s0 %s\n" "UUID=${write_maps}" "${write_path}" "${write_type}" "${write_opts}" "${write_pass}" >> "${TARGET}/etc/fstab"
printf "%-43s%-28s%-8s%-100s0 %s\n" "UUID=${write_maps}" "${write_path}" "${write_type}" "${write_opts}" "${write_pass}" >> "${TARGET}/etc/fstab"
do_log "info" "file_only" "4040() fstab entry generated: [UUID=${write_maps} ${write_path} ${write_type} ${write_opts} 0 ${write_pass}]."
elif [[ "${write_maps}" == /dev/mapper/* ]]; then
printf "%-43s%-28s%-8s%-74s0 %s\n" "${write_maps}" "${write_path}" "${write_type}" "${write_opts}" "${write_pass}" >> "${TARGET}/etc/fstab"
printf "%-43s%-28s%-8s%-100s0 %s\n" "${write_maps}" "${write_path}" "${write_type}" "${write_opts}" "${write_pass}" >> "${TARGET}/etc/fstab"
do_log "info" "file_only" "4040() fstab entry generated: [${write_maps} ${write_path} ${write_type} ${write_opts} 0 ${write_pass}]."
fi
@@ -67,7 +67,7 @@ generate_fstab() {
: >| "${TARGET}/etc/fstab"
chmod 0600 "${TARGET}/etc/fstab"
cat << 'EOF' >> "${TARGET}/etc/fstab"
cat << "EOF" >> "${TARGET}/etc/fstab"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
@@ -79,6 +79,8 @@ generate_fstab() {
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
# CISS.debian.installer ${VAR_VERSION}
# Static file system information '/etc/fstab'.
#
# Use 'blkid' to print the universally unique identifier for a device; this may be used with [UUID=] as a more robust way to
@@ -87,20 +89,7 @@ generate_fstab() {
# 'systemd' generates mount units based on this file. See systemd.mount(5). Please run 'systemctl daemon-reload' after making
# changes here.
#
# <file system UUID> <mount point> <type> <options> <dump> <pass>
### Secure tmpfs mounts for a hardened system
# Mount the proc filesystem to provide process and kernel information
proc /proc proc nodev,nosuid,noexec,hidepid=2 0 0
# Mount sysfs to expose kernel device information to user space
sysfs /sys sysfs defaults 0 0
# Mount the devpts filesystem to enable pseudo-terminal support for user sessions
devpts /dev/pts devpts gid=5,mode=620 0 0
# Restrict /dev/shm to shared memory, limit size, prevent code execution
tmpfs /dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,size=1G 0 0
# System runtime directory in RAM; do not set noexec here for compatibility
tmpfs /run tmpfs mode=0755,nodev,nosuid 0 0
# <file system UUID> <mount point> <type> <options> <dump> <pass>
EOF
@@ -109,15 +98,7 @@ EOF
case "${var_path,,}" in
swap)
var_dmapper="${HMP_EPHEMERAL_ENCLABEL["${var_path}"]}"
var_fs_uuid="/dev/mapper/${var_dmapper}"
var_fs_path="none"
var_fs_type="swap"
var_fs_opts="defaults"
var_fs_pass="0"
;;
swap|SWAP) continue;;
/tmp)
@@ -172,23 +153,53 @@ EOF
done
### Generate separate SWAP entry.
var_dmapper="${HMP_EPHEMERAL_ENCLABEL["SWAP"]}"
var_fs_uuid="/dev/mapper/${var_dmapper}"
var_fs_path="none"
var_fs_type="swap"
var_fs_opts="defaults"
var_fs_pass="0"
write_fstab "${var_fs_uuid}" "${var_fs_path}" "${var_fs_type}" "${var_fs_opts}" "${var_fs_pass}"
cat << 'EOF' >> "${TARGET}/etc/fstab"
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
EOF
do_log "info" "file_only" "fstab entry generated: '/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0'."
cat << 'EOF' >> "${TARGET}/etc/fstab"
### Secure tmpfs mounts for a hardened system
# Mount the proc filesystem to provide process and kernel information
proc /proc proc nodev,nosuid,noexec,hidepid=2 0 0
# Mount sysfs to expose kernel device information to user space
sysfs /sys sysfs defaults 0 0
# Mount the devpts filesystem to enable pseudo-terminal support for user sessions
devpts /dev/pts devpts gid=5,mode=620 0 0
# Restrict /dev/shm to shared memory, limit size, prevent code execution
tmpfs /dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,size=1G 0 0
# System runtime directory in RAM; do not set noexec here for compatibility
tmpfs /run tmpfs mode=0755,nodev,nosuid 0 0
# vim: number et ts=2 sw=2 sts=2 ai tw=192 ft=sh
EOF
: >| "${DIR_LOG}/fstab.verify.log"
chmod 0600 "${DIR_LOG}/fstab.verify.log"
do_in_target_script "${TARGET}" 'systemd-analyze verify /etc/fstab' >> "${DIR_LOG}/fstab.verify.log" 2>&1
do_in_target_script "${TARGET}" "systemd-analyze verify /etc/fstab >> ${DIR_LOG}/fstab.verify.log" 2>&1
rc="$?"
if (( rc == 0 )); then
do_log "info" "file_only" "4040() '/etc/fstab' verified successfully with systemd-analyze."
else
do_log "warning" "file_only" "4040() '/etc/fstab' verification returned errors — see '${DIR_LOG}/fstab.verify.log'."
fi
return 0

28
func/system/4999_exiting_chroot_system.sh
View File

@@ -13,23 +13,33 @@
guard_sourcing
#######################################
# Exiting chroot.
# Exiting chroot of the target system.
# Globals:
# TARGET
# VAR_NEED_RUN_IN_TARGET
# Arguments:
# None
# Returns:
# 0: on success
#######################################
exiting_chroot_system() {
umount -lf "${TARGET}/proc"
do_log "info" "file_only" "'umount -lf ${TARGET}/proc'."
umount -lf "${TARGET}/sys"
do_log "info" "file_only" "'umount -lf ${TARGET}/sys'."
umount -lf "${TARGET}/dev"
do_log "info" "file_only" "'umount -lf ${TARGET}/dev'."
umount -lf "${TARGET}/run"
do_log "info" "file_only" "'umount -lf ${TARGET}/run'."
### Declare Arrays, HashMaps, and Variables.
declare -a ary_umount=( "/sys/fs/cgroup" "/dev/hugepages" "/dev/mqueue" "/dev/shm" "/dev/pts" "/proc" "/sys" "/dev" )
declare var_path=""
for var_path in "${ary_umount[@]}"; do
umount -l "${TARGET}${var_path}" 2>/dev/null || true
do_log "info" "file_only" "4999() Command: [umount -l ${TARGET}${var_path} 2>/dev/null || true] issued."
done
if [[ "${VAR_NEED_RUN_IN_TARGET:-false}" == "true" ]]; then
umount -l "${TARGET}/run" 2>/dev/null || true
do_log "info" "file_only" "4999() Command: [umount -l ${TARGET}/run 2>/dev/null || true] issued."
fi
return 0
}