V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 55s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 55s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -111,8 +111,8 @@ extract_nuke_hash() {
|
||||
else
|
||||
|
||||
### If there is a malformed Grub Bootparameter 'nuke=HASH', drop to bash.
|
||||
color_echo "${RED}" "✘ Nuke Hash Malformat : [${REGEX}] [${NUKE_HASH}]." >&2
|
||||
color_echo "${RED}" "✘ Dropping to bash ...:" >&2
|
||||
color_echo "${RED}" "✘ Nuke Hash Malformat : [${REGEX}] [${NUKE_HASH}]."
|
||||
color_echo "${RED}" "✘ Dropping to bash ...:"
|
||||
drop_bash
|
||||
|
||||
fi
|
||||
@@ -122,7 +122,7 @@ extract_nuke_hash() {
|
||||
|
||||
done
|
||||
|
||||
color_echo "${GRE}" "✅ No Nuke Hash found. Proceeding."
|
||||
color_echo "${GRE}" "✅ No Nuke Hash found."
|
||||
|
||||
return 0
|
||||
}
|
||||
@@ -142,7 +142,6 @@ gather_luks_devices() {
|
||||
mapfile -t curr < <(blkid -t TYPE=crypto_LUKS -o device | /usr/bin/sort -V)
|
||||
|
||||
if [[ "${curr[*]}" == "${prev[*]}" ]]; then
|
||||
#if cmp <(printf '%s\n' "${curr[@]}") <(printf '%s\n' "${prev[@]}") >/dev/null; then
|
||||
break
|
||||
fi
|
||||
|
||||
@@ -215,16 +214,16 @@ print_scr_err() {
|
||||
declare -r scr_err_errfunc="$4"
|
||||
declare -r scr_err_errcmmd="$5"
|
||||
|
||||
printf "%b" "${NL}"
|
||||
printf "%b" "${NL}" >&2
|
||||
|
||||
color_echo "${RED}" "✘ System caught an 'ERROR'. System Power Off in 16 seconds." >&2
|
||||
printf "%b" "${NL}"
|
||||
printf "%b" "${NL}" >&2
|
||||
color_echo "${RED}" "✘ Error : [${scr_err_errcode}]" >&2
|
||||
color_echo "${RED}" "✘ Line : [${scr_err_errline}]" >&2
|
||||
color_echo "${RED}" "✘ Script : [${scr_err_errscrt}]" >&2
|
||||
color_echo "${RED}" "✘ Function : [${scr_err_errfunc}]" >&2
|
||||
color_echo "${RED}" "✘ Command : [${scr_err_errcmmd}]" >&2
|
||||
printf "%b" "${NL}"
|
||||
printf "%b" "${NL}" >&2
|
||||
|
||||
return 0
|
||||
}
|
||||
@@ -284,7 +283,7 @@ read_passphrase() {
|
||||
ROUNDS="$(cut -d'$' -f3 <<< "${NUKE_HASH}")"
|
||||
ROUNDS="${ROUNDS#rounds=}"
|
||||
SALT="$(cut -d'$' -f4 <<< "${NUKE_HASH}")"
|
||||
CAND=$(/usr/bin/mkpasswd --method=sha-512 --salt="${SALT}" --rounds="${ROUNDS}" "${PASSPHRASE}")
|
||||
CAND=$(/usr/mkpasswd --method=sha-512 --salt="${SALT}" --rounds="${ROUNDS}" "${PASSPHRASE}")
|
||||
|
||||
### NUKE final check.
|
||||
if [[ "${CAND}" == "${NUKE_HASH}" ]]; then
|
||||
@@ -354,7 +353,7 @@ trap_on_term() {
|
||||
trap - ERR INT TERM
|
||||
stty echo 2>/dev/null || true
|
||||
printf "%b" "${NL}"
|
||||
color_echo "${RED}" "✘ Received termination signal. System Power Off in 3 seconds." >&2
|
||||
color_echo "${RED}" "✘ Received termination signal. System Power Off in 3 seconds."
|
||||
power_off 3
|
||||
}
|
||||
|
||||
@@ -384,32 +383,31 @@ verify_script() {
|
||||
color_echo "${MAG}" "🔏 Verifying signature of: [${hashfile}]"
|
||||
|
||||
if ! gpgv --keyring /etc/keys/unlock_wrapper_pubring.gpg "${sigfile}" "${hashfile}"; then
|
||||
|
||||
color_echo "${RED}" "✘ Signature verification failed for: [${hashfile}]"
|
||||
color_echo "${RED}" "✘ System Power Off in 3 seconds."
|
||||
power_off 3
|
||||
|
||||
else
|
||||
|
||||
color_echo "${GRE}" "🔏 Verifying signature of: [${hashfile}] successful."
|
||||
|
||||
fi
|
||||
|
||||
|
||||
color_echo "${MAG}" "🔢 Recomputing Hash: [${item}]"
|
||||
|
||||
# shellcheck disable=SC2312
|
||||
read -r computed _ < <("${cmd}" "${dir}/${script}")
|
||||
read -r expected < "${hashfile}"
|
||||
if [[ "${computed}" != "${expected}" ]]; then
|
||||
color_echo "${RED}" "✘ Recomputed hash mismatch for : [${item}]" >&2
|
||||
color_echo "${RED}" "✘ System Power Off in 3 seconds." >&2
|
||||
power_off 3
|
||||
fi
|
||||
|
||||
#color_echo "${MAG}" "🔢 Recomputing Hash: [${item}]"
|
||||
#computed=$(${cmd} "${dir}/${script}" | awk '{print $1}')
|
||||
#expected=$(cat "${hashfile}")
|
||||
#if [[ "${computed}" != "${expected}" ]]; then
|
||||
# color_echo "${RED}" "✘ Recomputed hash mismatch for : [${item}]" >&2
|
||||
# color_echo "${RED}" "✘ System Power Off in 3 seconds." >&2
|
||||
# power_off 3
|
||||
#fi
|
||||
if [[ "${computed}" != "${expected}" ]]; then
|
||||
|
||||
color_echo "${RED}" "✘ Recomputed hash mismatch for : [${item}]"
|
||||
color_echo "${RED}" "✘ System Power Off in 3 seconds."
|
||||
power_off 3
|
||||
|
||||
fi
|
||||
|
||||
color_echo "${GRE}" "🔢 Recomputing Hash: [${item}] successful."
|
||||
|
||||
@@ -440,11 +438,11 @@ main() {
|
||||
trap 'trap_on_term' INT TERM
|
||||
|
||||
if [[ -r /etc/dropbear/banner ]]; then
|
||||
cat /etc/dropbear/banner >&2
|
||||
cat /etc/dropbear/banner
|
||||
elif [[ -r /etc/dropbear/initramfs/banner ]]; then
|
||||
cat /etc/dropbear/initramfs/banner >&2
|
||||
cat /etc/dropbear/initramfs/banner
|
||||
fi
|
||||
uname -a >&2
|
||||
uname -a
|
||||
|
||||
printf "%b" "${NL}"
|
||||
color_echo "${RED}" "Coresecret Connection established."
|
||||
|
||||
Reference in New Issue
Block a user