V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-07-08 00:13:43 +02:00
parent 813f3ec5d7
commit a3aa3df386
3 changed files with 149 additions and 180 deletions
--- a/func/4080_generate_sources.sh
+++ b/func/4080_generate_sources.sh
@@ -0,0 +1,142 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+###########################################################################################
+# Generate target ${TARGET}/etc/apt/sources.list entries
+generate_sources() {
+  declare var_contrib var_dir var_hostname var_hostsecure var_non_free var_non_free_firmware var_protocol var_codename var_arch
+
+  var_arch="${arch}"
+  var_codename=$(lsb_release --codename --short)
+  var_dir="${apt_mirror_directory}"
+  var_hostname="${apt_mirror_hostname}"
+  var_hostsecure="${apt_security_string}"
+
+  [[ "${apt_contrib,,}" == "true" ]] && var_contrib="contrib"
+
+  [[ "${apt_non_free,,}" == "true" ]] && var_non_free="non-free"
+
+  [[ "${apt_non_free_firmware,,}" == "true" ]] && var_non_free_firmware="non-free-firmware"
+
+  if [[ ${apt_mirror_protocol,,} == "https" ]]; then
+    var_protocol="https"
+  elif [[ ${apt_mirror_protocol,,} == "http" ]]; then
+    var_protocol="http"
+  fi
+
+  : >| "${TARGET}/etc/apt/sources.list"
+  chmod 0644 "${TARGET}/etc/apt/sources.list"
+
+  cat << EOF >> "${TARGET}"/etc/apt/sources.list
+# /etc/apt/sources.list : Generated by CISS.debian.installer
+# Architecture          : ${var_arch}
+# Distribution          : ${var_codename}
+
+#------------------------------------------------------------------------------------------------------------------------------#
+#                                                     OFFICIAL DEBIAN REPOS                                                    #
+#------------------------------------------------------------------------------------------------------------------------------#
+deb ${var_protocol}://${var_hostname}${var_dir} ${var_codename} main ${var_contrib} ${var_non_free} ${var_non_free_firmware}
+deb-src ${var_protocol}://${var_hostname}${var_dir} ${var_codename} main ${var_contrib} ${var_non_free} ${var_non_free_firmware}
+
+EOF
+
+  do_log "info" "true" "${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_protocol}://${var_hostname}${var_dir} ${var_codename} main ${var_contrib} ${var_non_free} ${var_non_free_firmware}'."
+  do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_protocol}://${var_hostname}${var_dir} ${var_codename} main ${var_contrib} ${var_non_free} ${var_non_free_firmware}'."
+
+  if [[ "${apt_updates_security,,}" == "true" ]]; then
+
+    cat << EOF >> "${TARGET}"/etc/apt/sources.list
+deb ${var_protocol}://${var_hostsecure}/debian-security ${var_codename}-security main ${var_contrib} ${var_non_free} ${var_non_free_firmware}
+deb-src ${var_protocol}://${var_hostsecure}/debian-security ${var_codename}-security main ${var_contrib} ${var_non_free} ${var_non_free_firmware}
+
+EOF
+
+    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_protocol}://${var_hostsecure}/debian-security ${var_codename}-security main ${var_contrib} ${var_non_free} ${var_non_free_firmware}'."
+    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_protocol}://${var_hostsecure}/debian-security ${var_codename}-security main ${var_contrib} ${var_non_free} ${var_non_free_firmware}'."
+
+  fi
+
+  if [[ ${apt_updates_release,,} == "true" ]]; then
+
+    cat << EOF >> "${TARGET}"/etc/apt/sources.list
+deb ${var_protocol}://${var_hostname}${var_dir} ${var_codename}-updates main ${var_contrib} ${var_non_free} ${var_non_free_firmware}
+deb-src ${var_protocol}://${var_hostname}${var_dir} ${var_codename}-updates main ${var_contrib} ${var_non_free} ${var_non_free_firmware}
+
+EOF
+
+    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_protocol}://${var_hostname}${var_dir} ${var_codename}-updates main ${var_contrib} ${var_non_free} ${var_non_free_firmware}'."
+    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_protocol}://${var_hostname}${var_dir} ${var_codename}-updates main ${var_contrib} ${var_non_free} ${var_non_free_firmware}'."
+
+  fi
+
+  if [[ ${apt_updates_backports,,} == "true" ]]; then
+
+    cat << EOF >> "${TARGET}"/etc/apt/sources.list
+deb ${var_protocol}://${var_hostname}${var_dir} ${var_codename}-backports main ${var_contrib} ${var_non_free} ${var_non_free_firmware}
+deb-src ${var_protocol}://${var_hostname}${var_dir} ${var_codename}-backports main ${var_contrib} ${var_non_free} ${var_non_free_firmware}
+
+EOF
+
+    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb ${var_protocol}://${var_hostname}${var_dir} ${var_codename}-backports main ${var_contrib} ${var_non_free} ${var_non_free_firmware}'."
+    do_log "info" "false" "${TARGET}/etc/apt/sources.list entry generated: 'deb-src ${var_protocol}://${var_hostname}${var_dir} ${var_codename}-backports main ${var_contrib} ${var_non_free} ${var_non_free_firmware}'."
+
+  fi
+
+  # Clean up 'source.list'
+  sed -i '/^#/!s/[[:space:]]\+/ /g' "${TARGET}"/etc/apt/sources.list
+
+  cat << EOF >> "${TARGET}"/etc/apt/sources.list
+# Copyright 2018-2025; WEIDNER, Marc S., <msw@coresecret.dev>
+EOF
+
+  if do_in_target "${TARGET}" apt-get update -y; then
+    do_log "info" "true" "Command: 'apt-get update -y' executed in: '${TARGET}'."
+  else
+    do_log "emergency" "true" "Failed: Command: 'apt-get update -y' executed in: '${TARGET}'."
+  fi
+
+  if [[ ${apt_updates_policy,,} == "unattended" ]]; then
+
+    if do_in_target "${TARGET}" apt-get install -y unattended-upgrades; then
+      do_log "info" "true" "Command: 'apt-get install -y unattended-upgrades' executed in: '${TARGET}'."
+    else
+      do_log "emergency" "true" "Failed: Command: 'apt-get install -y unattended-upgrades' executed in: '${TARGET}'."
+    fi
+    do_log "info" "false" "The update policy was set at installation time to: '${apt_updates_policy}' executed in: '${TARGET}'."
+
+  elif [[ ${apt_updates_policy,,} == "security" ]]; then
+
+    if do_in_target "${TARGET}" apt-get install -y unattended-upgrades; then
+      do_log "info" "true" "Command: 'apt-get install -y unattended-upgrades' executed in: '${TARGET}'."
+    else
+      do_log "emergency" "true" "Failed: Command: 'apt-get install -y unattended-upgrades' executed in: '${TARGET}'."
+    fi
+
+    # shellcheck disable=SC2016
+    sed -i 's/^\s*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${TARGET}"/etc/apt/apt.conf.d/50unattended-upgrades
+    do_log "info" "false" "The update policy was set at installation time to '${apt_updates_policy}' executed in: '${TARGET}'."
+
+  elif [[ ${apt_updates_policy,,} == "none" ]]; then
+
+    do_log "info" "false" "The update policy was set at installation to: '${apt_updates_policy}'."
+
+  else
+
+    do_log "warning" "false" "Update policy '${apt_updates_policy}': is not supported. Using 'none' as default."
+
+  fi
+
+  do_show_footer "${MODULE_TXT}"
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh