V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-07 12:02:27 +02:00
parent 8fcc7fdb7f
commit d1b257d9d9
2 changed files with 20 additions and 13 deletions
--- a/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
+++ b/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
@@ -53,7 +53,7 @@ update_grub_bootparameter() {

  if [[ "${VAR_DROPBEAR}" == "true" ]]; then
    var_label="${HMP_PATH_ENCLABEL["/"]}"
-    VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX} cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
+    VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX:+${VAR_GRUB_CMDLINE_LINUX} }cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
  fi

  if [[ "${VAR_NUKE}" == "true" ]]; then
@@ -66,8 +66,8 @@ update_grub_bootparameter() {

  do_in_target "${TARGET}" update-grub

-  do_log "info" "file_only" "4250() Setting GRUB_CMDLINE_LINUX_DEFAULT: ${VAR_GRUB_CMDLINE_LINUX_DEFAULT}"
-  do_log "info" "file_only" "4250() Setting GRUB_CMDLINE_LINUX: ${VAR_GRUB_CMDLINE_LINUX}"
+  do_log "info" "file_only" "4250() Setting GRUB_CMDLINE_LINUX_DEFAULT: [${VAR_GRUB_CMDLINE_LINUX_DEFAULT}]."
+  do_log "info" "file_only" "4250() Setting GRUB_CMDLINE_LINUX: [${VAR_GRUB_CMDLINE_LINUX}]."

  return 0
 }
--- a/func/cdi_4300_network/4310_dropbear_build.sh
+++ b/func/cdi_4300_network/4310_dropbear_build.sh
@@ -45,17 +45,24 @@ dropbear_build() {
  #  -s:                  Strip unnecessary symbols directly during linking
  #  -Wl,-z,relro,-z,now: Enables full RELRO (symbol resolution at program startup)

-  CC=musl-gcc \
-  CFLAGS="-Os -fPIE -Wno-undef -fstack-protector-strong -D_FORTIFY_SOURCE=2" \
-  LDFLAGS="-static -pie -s -Wl,-z,relro,-z,now" \
-  ./configure \
-    --enable-static \
-    --enable-openpty \
-    --disable-pam \
-    --disable-zlib
+  [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set +x
+  (
+    unset PATH_SEPARATOR
+    PATH_SEPARATOR=':'
+    PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    CC=musl-gcc \
+      CFLAGS="-Os -fPIE -Wno-undef -fstack-protector-strong -D_FORTIFY_SOURCE=2" \
+      LDFLAGS="-static -pie -s -Wl,-z,relro,-z,now" \
+      ./configure \
+      --enable-static \
+      --enable-openpty \
+      --disable-pam \
+      --disable-zlib

-  # shellcheck disable=2312
-  make -j"$(nproc)"
+    # shellcheck disable=2312
+    make -j"$(nproc)"
+  )
+  [[ "${VAR_DEBUG_TRACE,,}" == "true" ]] && set -x

  do_log "info" "file_only" "4310() Ultra Hardened [dropbear-${var_dropbear_version}] build successfully from sources."