V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

lib/0025_logging_modules.sh

@@ -0,0 +1,130 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Log level values for comparison.
+# Arguments:
+#   1: "${LOG_LEVEL}" one of: "debug" | "info" | "notice" | "warn" | "error" | "critical" | "fatal" | "emergency"
+#######################################
+log_level_value() {
+  case "${1,,}" in
+    debug)     printf '%d' 7 ;;
+    info)      printf '%d' 6 ;;
+    notice)    printf '%d' 5 ;;
+    warn)      printf '%d' 4 ;;
+    error)     printf '%d' 3 ;;
+    critical)  printf '%d' 2 ;;
+    fatal)     printf '%d' 1 ;;
+    emergency) printf '%d' 0 ;;
+  esac
+}
+
+#######################################
+# Filter and compare log levels.
+# Globals:
+#   VAR_DEFAULT_LOG_LEVEL
+# Arguments:
+#   1: "${LOG_LEVEL}" one of: "debug" | "info" | "notice" | "warn" | "error" | "critical" | "fatal" | "emergency"
+#######################################
+do_should_log() {
+  # shellcheck disable=SC2155
+  declare -i var_desired_log_value=$(log_level_value "$1")                   # Desired log level
+  # shellcheck disable=SC2155
+  declare -i var_default_log_value=$(log_level_value "${VAR_DEFAULT_LOG_LEVEL}") # Current threshold
+  ###  Return true if a message should be logged.
+  [[ ${var_desired_log_value} -le ${var_default_log_value} ]]
+}
+
+#######################################
+# Log level color retriever.
+# Globals:
+#   BLU
+#   GRE
+#   MAG
+#   RED
+#   WHI
+#   YEL
+# Arguments:
+#   1: "${LOG_LEVEL}" one of: "debug" | "info" | "notice" | "warn" | "error" | "critical" | "fatal" | "emergency"
+#######################################
+do_get_log_color() {
+  case "${1,,}" in
+    debug) echo "${WHI}" ;;
+    info) echo "${GRE}" ;;
+    notice) echo "${YEL}" ;;
+    warn | error | critical) echo "${RED}" ;;
+    fatal | emergency) echo "${MAG}" ;;
+    *) echo "${BLU}" ;;
+  esac
+}
+
+#######################################
+# Main logger wrapper.
+# Globals:
+#   LOG_ERR
+#   LOG_INS
+# Arguments:
+#   1: "${LOG_LEVEL}" one of: "debug" | "info" | "notice" | "warn" | "error" | "critical" | "fatal" | "emergency"
+#   2: "${LOG_ONLY}" boolean "true" | "false"
+#   @: "${MESSAGE[*]}" arbitrary text string to log.
+#######################################
+do_log() {
+  declare var_log_level="$1"; shift
+  declare var_log_only="$2"; shift
+  declare ary_message=("$@")
+  declare var_msg_string="${ary_message[*]}"
+  declare var_color; var_color=$(do_get_log_color "${var_log_level}")
+  declare var_ts; var_ts="$(date -u '+%Y-%m-%dT%H:%M:%S.%4N%z')"
+  declare var_log_entry=("${var_ts} [${var_log_level}]: ${ary_message[*]}")
+
+  if do_should_log "${var_log_level}"; then
+    if [[ "${var_log_only,,}" == "file_only" ]]; then
+      case "${var_log_level,,}" in
+        debug | info | notice)  do_print_log "${var_log_entry[*]}" >> "${LOG_INS}" ;;
+        warn | error | critical | fatal | emergency ) do_print_log "${var_log_entry[*]}" >> "${LOG_ERR}" ;;
+      esac
+    elif [[ "${var_log_only,,}" == "tty" ]]; then
+      case "${var_log_level,,}" in
+        debug | info | notice)
+          if [[ ${#var_msg_string} -le 76 ]]; then
+            do_print_color "${var_color}" "${var_log_entry[*]}"
+            do_print_log "${var_log_entry[*]}" >> "${LOG_INS}"
+          else
+            do_print_fold "${var_color}" "${var_log_entry[*]}"
+            do_print_log "${var_log_entry[*]}" >> "${LOG_INS}"
+          fi
+          ;;
+        warn | error | critical | fatal | emergency)
+          if [[ ${#var_msg_string} -le 76 ]]; then
+            do_print_color "${var_color}" "${var_log_entry[*]}"
+            do_print_log "${var_log_entry[*]}" >> "${LOG_ERR}"
+          else
+            do_print_fold "${var_color}" "${var_log_entry[*]}"
+            do_print_log "${var_log_entry[*]}" >> "${LOG_ERR}"
+          fi
+          ;;
+        *)
+          if [[ ${#var_msg_string} -le 76 ]]; then
+            do_print_color "${var_color}" "${var_log_entry[*]}"
+            do_print_log "${var_log_entry[*]}" >> "${LOG_INS}"
+          else
+            do_print_fold "${var_color}" "${var_log_entry[*]}"
+            do_print_log "${var_log_entry[*]}" >> "${LOG_INS}"
+          fi
+          ;;
+      esac
+    fi
+  fi
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/0030_check_pkgs.sh

@@ -22,58 +22,60 @@ guard_sourcing
 check_pkgs() {
   apt-get update -y > /dev/null 2>&1
 
+  # TODO: Only activate in case CISS.debian.live.builder does not include the following packages as per default.
   ### Define HashMap: command -> package
   # shellcheck disable=SC2154
-  declare -A hmp_command_packages=(
-    [apt-transport-https]=apt-transport-https
-    [bzip2]=bzip2
-    [ca-certificates]=ca-certificates
-    [curl]=curl
-    [expect]=expect
-    [fdisk]=fdisk
-    [gdisk]=gdisk
-    [git]=git
-    [gpg]=gnupg
-    [lsb_release]=lsb-release
-    [mkfs.btrfs]=btrfs-progs
-    [mkfs.ext4]=e2fsprogs
-    [mkfs.fat]=dosfstools
-    [mkswap]=util-linux
-    [mkfs.xfs]=xfsprogs
-    [parted]=parted
-    [pwgen]=pwgen
-    [tar]=tar
-    [wget]=wget
-    [whois]=whois
-    [xz]=xz-utils
-    [yq]=yq
-  )
+  #declare -A hmp_command_packages=(
+  #  [apt-transport-https]=apt-transport-https
+  #  [bzip2]=bzip2
+  #  [ca-certificates]=ca-certificates
+  #  [curl]=curl
+  #  [expect]=expect
+  #  [fdisk]=fdisk
+  #  [gdisk]=gdisk
+  #  [git]=git
+  #  [gpg]=gnupg
+  #  [lsb_release]=lsb-release
+  #  [mkfs.btrfs]=btrfs-progs
+  #  [mkfs.ext4]=e2fsprogs
+  #  [mkfs.fat]=dosfstools
+  #  [mkswap]=util-linux
+  #  [mkfs.xfs]=xfsprogs
+  #  [parted]=parted
+  #  [pwgen]=pwgen
+  #  [tar]=tar
+  #  [wget]=wget
+  #  [whois]=whois
+  #  [xz]=xz-utils
+  #  [yq]=yq
+  #)
 
   ### Iterate over HashMap
-  declare var_cmd var_pkg
-  for var_cmd in "${!hmp_command_packages[@]}"; do
-    var_pkg="${hmp_command_packages[${var_cmd}]}"
-    if ! command -v "${var_cmd}" &>/dev/null; then
-      do_log "info" "true" "Installing ${var_pkg} ..."
-      apt-get install -y --no-install-recommends "${var_pkg}"
-      do_log "info" "true" "Installing ${var_pkg} done."
-    else
-      do_log "info" "true" "${var_cmd} already installed."
-    fi
-  done
+  #declare var_cmd var_pkg
+  #for var_cmd in "${!hmp_command_packages[@]}"; do
+  #  var_pkg="${hmp_command_packages[${var_cmd}]}"
+  #  if ! command -v "${var_cmd}" &>/dev/null; then
+  #    apt-get install -y --no-install-recommends "${var_pkg}"
+  #    do_log "info" "file_only" "Installing ${var_pkg} done."
+  #  else
+  #    do_log "info" "file_only" "${var_cmd} already installed."
+  #  fi
+  #done
 
-  if [[ -z "$(command -v debootstrap || true)" ]]; then
-    if grep -RqsE '^[[:space:]]*deb .*backports' /etc/apt/sources.list /etc/apt/sources.list.d; then
-      # shellcheck disable=SC2155
-      declare codename=$(lsb_release -sc)
-      apt-get install -y -t "${codename}-backports" debootstrap
-    else
-      apt-get install -y debootstrap
-    fi
-  fi
+  #if [[ -z "$(command -v debootstrap || true)" ]]; then
+  #  if grep -RqsE '^[[:space:]]*deb .*backports' /etc/apt/sources.list /etc/apt/sources.list.d; then
+  #    # shellcheck disable=SC2155
+  #    declare codename=$(lsb_release -sc)
+  #    apt-get install -y -t "${codename}-backports" debootstrap
+  #  else
+  #    apt-get install -y debootstrap
+  #  fi
+  #fi
 
-  if [[ -z "$(command -v dialog || true)" ]]; then
-    if ! "${VAR_AUTO_INSTALL}"; then apt-get install -y --no-install-recommends dialog; fi
-  fi
+  #if [[ -z "$(command -v dialog || true)" ]]; then
+  #  if ! "${VAR_AUTO_INSTALL}"; then apt-get install -y --no-install-recommends dialog; fi
+  #fi
+
+  return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/0070_trap_exit.sh

@@ -10,13 +10,17 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Trap function to be called on 'EXIT'.
 # Globals:
 #   VAR_DEBUG_TRACE
 #   VAR_DEBUG_TRAP
+#   VAR_LAST_CMD
+#   __preexec_invoke
 # Arguments:
-#   $1: "$?"
+#   1: "$?"
 #######################################
 trap_exit() {
   trap - DEBUG ERR EXIT INT
@@ -49,7 +53,7 @@ trap_exit() {
 #   VAR_DEBUG_TRAP
 #   VAR_SCRIPT_SUCCESS
 # Arguments:
-#   $1: ${var_trap_on_exit_code} of trap_exit()
+#   1: ${var_trap_on_exit_code} of trap_exit()
 #######################################
 print_scr_exit() {
   declare -r var_print_scr_exit_code="$1"

lib/0080_trap_int.sh

@@ -10,10 +10,12 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Restart Dialog Wrapper in case of unintentional SIGINT.
 # Arguments:
-#   $1: Dialog Wrapper in use.
+#   1: Dialog Wrapper in use.
 #######################################
 restart_dialog() {
   trap 'trap_int' INT
@@ -31,7 +33,7 @@ restart_dialog() {
 #   ERR_TRAPPED_SIG_INT
 #   VAR_IN_DIALOG_WR
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: In case of unintentional SIGINT.
 #######################################

lib/0090_clean_up.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Clean Up Wrapper on Trap on 'EXIT'.
 # Globals:
@@ -17,9 +19,9 @@
 #   VAR_KERNEL_INF
 #   VAR_KERNEL_SRT
 #   VAR_KERNEL_TMP
-#   VAR_WORKDIR
+#   VAR_NOTES
 # Arguments:
-#   $1: ${var_trap_on_exit_code} of trap_exit()
+#   1: ${var_trap_on_exit_code} of trap_exit()
 #######################################
 clean_up() {
   declare var_clean_exit_code="$1"
@@ -27,11 +29,11 @@ clean_up() {
   rm -f -- "${VAR_KERNEL_SRT}"
   rm -f -- "${VAR_KERNEL_TMP}"
   rm -f -- "${VAR_NOTES}"
-  # Release advisory lock on FD 127.
+  ### Release advisory lock on FD 127.
   flock -u 127
-  # Close file descriptor 127.
+  ### Close file descriptor 127.
   exec 127>&-
-  # Remove the lockfile artifact.
+  ### Remove the lockfile artifact.
   rm -f /run/lock/ciss_debian_installer.lock
   if (( var_clean_exit_code == 0 )); then rm -f -- "${LOG_ERR}"; fi
 }

lib/0103_arg_priority_check.sh

@@ -30,14 +30,14 @@ arg_priority_check() {
   if [[ -n ${VAR_PRIORITY} ]]; then
     renice "${VAR_PRIORITY}" -p "$$"
     var=$(ps -o ni= -p $$) > /dev/null 2>&1
-    do_log "info" "true" "New renice value: '${var}'."
+    do_log "info" "file_only" "New renice value: '${var}'."
   fi
 
   ### Check if ionice PRIORITY is set and adjust ionice priority.
   if [[ -n ${VAR_REIONICE_CLASS} ]]; then
     ionice -c"${VAR_REIONICE_CLASS:-2}" -n"${VAR_REIONICE_PRIORITY:-4}" -p "$$"
     var=$(ionice -p $$) > /dev/null 2>&1
-    do_log "info" "true" "New ionice value: '${var}'."
+    do_log "info" "file_only" "New ionice value: '${var}'."
   fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/0104_arg_nuke_converter.sh

@@ -52,13 +52,13 @@ nuke_passphrase() {
 
   sync
   if shred -vfzu -n 5 "${var_nuke_pwd_file}" > /dev/null 2>&1; then
-    do_log "info" "false" "✅ Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> done."
+    do_log "info" "file_only" "✅ Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> done."
   else
     do_log "warn" "false" "❌ Password file '${var_nuke_pwd_file}': shred -vfzu -n 5 >> NOT successful."
   fi
   sync
 
-  do_log "info" "false" "Nuke Hash generated."
+  do_log "info" "file_only" "Nuke Hash generated."
   return 0
 }