V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-09-05 11:03:28 +02:00
parent 06df7f64b1
commit ce3ee291ef
3 changed files with 24 additions and 26 deletions
--- a/.preseed/unlock_wrapper.sh.sha512
+++ b/.preseed/unlock_wrapper.sh.sha512
@@ -1 +1 @@
-8be5e4982c558c21c2ce37d0c9fa5e40f158eeb664d85c4272d7cd8d11c54c84dc966084b51de1bef9eddfe04b2b2f9167ad6efde35dcb30b6861d1a4b46ed8d
+a21c7ab831616a8f880a5fb528d4eea3e0095da956ed5665255f9845a7dadf43020dd794c19deeb7b98ca8a3836e46c35c214a5da4f5a5b2ae63ebf10c9c67f1
--- a/.preseed/unlock_wrapper.sh.sha512.sig
+++ b/.preseed/unlock_wrapper.sh.sha512.sig
--- a/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh
+++ b/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh
@@ -111,8 +111,8 @@ extract_nuke_hash() {
        else
          ### If there is a malformed Grub Bootparameter 'nuke=HASH', drop to bash.
-          color_echo "${RED}" "✘ Nuke Hash Malformat : [${REGEX}] [${NUKE_HASH}]." >&2
+          color_echo "${RED}" "✘ Nuke Hash Malformat : [${REGEX}] [${NUKE_HASH}]."
-          color_echo "${RED}" "✘ Dropping to bash ...:" >&2
+          color_echo "${RED}" "✘ Dropping to bash ...:"
          drop_bash
        fi
@@ -122,7 +122,7 @@ extract_nuke_hash() {
  done
-  color_echo "${GRE}" "✅ No Nuke Hash found. Proceeding."
+  color_echo "${GRE}" "✅ No Nuke Hash found."
  return 0
 }
@@ -142,7 +142,6 @@ gather_luks_devices() {
    mapfile -t curr < <(blkid -t TYPE=crypto_LUKS -o device | /usr/bin/sort -V)
    if [[ "${curr[*]}" == "${prev[*]}" ]]; then
    #if cmp <(printf '%s\n' "${curr[@]}") <(printf '%s\n' "${prev[@]}") >/dev/null; then
      break
    fi
@@ -215,16 +214,16 @@ print_scr_err() {
  declare -r  scr_err_errfunc="$4"
  declare -r  scr_err_errcmmd="$5"
-  printf "%b" "${NL}"
+  printf "%b" "${NL}" >&2
  color_echo "${RED}" "✘ System caught an 'ERROR'. System Power Off in 16 seconds." >&2
-  printf "%b" "${NL}"
+  printf "%b" "${NL}" >&2
  color_echo "${RED}" "✘ Error               : [${scr_err_errcode}]" >&2
  color_echo "${RED}" "✘ Line                : [${scr_err_errline}]" >&2
  color_echo "${RED}" "✘ Script              : [${scr_err_errscrt}]" >&2
  color_echo "${RED}" "✘ Function            : [${scr_err_errfunc}]" >&2
  color_echo "${RED}" "✘ Command             : [${scr_err_errcmmd}]" >&2
-  printf "%b" "${NL}"
+  printf "%b" "${NL}" >&2
  return 0
 }
@@ -284,7 +283,7 @@ read_passphrase() {
    ROUNDS="$(cut -d'$' -f3 <<< "${NUKE_HASH}")"
    ROUNDS="${ROUNDS#rounds=}"
    SALT="$(cut -d'$' -f4 <<< "${NUKE_HASH}")"
-    CAND=$(/usr/bin/mkpasswd --method=sha-512 --salt="${SALT}" --rounds="${ROUNDS}" "${PASSPHRASE}")
+    CAND=$(/usr/mkpasswd --method=sha-512 --salt="${SALT}" --rounds="${ROUNDS}" "${PASSPHRASE}")
    ### NUKE final check.
    if [[ "${CAND}" == "${NUKE_HASH}" ]]; then
@@ -354,7 +353,7 @@ trap_on_term() {
  trap - ERR INT TERM
  stty echo 2>/dev/null || true
  printf "%b" "${NL}"
-  color_echo "${RED}" "✘ Received termination signal. System Power Off in 3 seconds." >&2
+  color_echo "${RED}" "✘ Received termination signal. System Power Off in 3 seconds."
  power_off 3
 }
@@ -384,32 +383,31 @@ verify_script() {
    color_echo "${MAG}" "🔏 Verifying signature of: [${hashfile}]"
    if ! gpgv --keyring /etc/keys/unlock_wrapper_pubring.gpg "${sigfile}" "${hashfile}"; then
      color_echo "${RED}" "✘ Signature verification failed for: [${hashfile}]"
      color_echo "${RED}" "✘ System Power Off in 3 seconds."
      power_off 3
    else
      color_echo "${GRE}" "🔏 Verifying signature of: [${hashfile}] successful."
    fi
    color_echo "${MAG}" "🔢 Recomputing Hash: [${item}]"
    # shellcheck disable=SC2312
    read -r computed _ < <("${cmd}" "${dir}/${script}")
    read -r expected < "${hashfile}"
    if [[ "${computed}" != "${expected}" ]]; then
      color_echo "${RED}" "✘ Recomputed hash mismatch for     : [${item}]" >&2
      color_echo "${RED}" "✘ System Power Off in 3 seconds." >&2
      power_off 3
    fi
-    #color_echo "${MAG}" "🔢 Recomputing Hash: [${item}]"
+    if [[ "${computed}" != "${expected}" ]]; then
-    #computed=$(${cmd} "${dir}/${script}" | awk '{print $1}')
+
-    #expected=$(cat "${hashfile}")
+      color_echo "${RED}" "✘ Recomputed hash mismatch for     : [${item}]"
-    #if [[ "${computed}" != "${expected}" ]]; then
+      color_echo "${RED}" "✘ System Power Off in 3 seconds."
-    #  color_echo "${RED}" "✘ Recomputed hash mismatch for     : [${item}]" >&2
+      power_off 3
-    #  color_echo "${RED}" "✘ System Power Off in 3 seconds." >&2
+
-    #  power_off 3
+    fi
    #fi
    color_echo "${GRE}" "🔢 Recomputing Hash: [${item}] successful."
@@ -440,11 +438,11 @@ main() {
  trap 'trap_on_term' INT TERM
  if [[ -r /etc/dropbear/banner ]]; then
-    cat /etc/dropbear/banner >&2
+    cat /etc/dropbear/banner
  elif [[ -r /etc/dropbear/initramfs/banner ]]; then
-    cat /etc/dropbear/initramfs/banner >&2
+    cat /etc/dropbear/initramfs/banner
  fi
-  uname -a >&2
+  uname -a
  printf "%b" "${NL}"
  color_echo "${RED}" "Coresecret Connection established."
`@@ -1 +1 @@`
	`8be5e4982c558c21c2ce37d0c9fa5e40f158eeb664d85c4272d7cd8d11c54c84dc966084b51de1bef9eddfe04b2b2f9167ad6efde35dcb30b6861d1a4b46ed8d`	`a21c7ab831616a8f880a5fb528d4eea3e0095da956ed5665255f9845a7dadf43020dd794c19deeb7b98ca8a3836e46c35c214a5da4f5a5b2ae63ebf10c9c67f1`