msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 39s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m45s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-20 19:43:09 +02:00
parent 55a0cb6884
commit e1f09ca170
27 changed files with 1100 additions and 909 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/CNET.md
View File

@@ -14,7 +14,7 @@ include_toc: true
This is an automatically generated overview of the secure ``Centurion Net`` ``CISS.debian.installer`` building system.
![Centurion Net](/docs/graphviz/ciss.debian.live.builder.png)
![Centurion Net](/docs/graphviz/ciss.debian.installer.png)
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**

37
docs/graphviz/ciss.debian.installer.bootflow.dot Normal file
View File

@@ -0,0 +1,37 @@
// SPDX-Version: 3.0
// SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
// SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
// SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
// SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
// SPDX-FileType: SOURCE
// SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
// SPDX-Comment: This file is part of the CISS.debian.installer.secure framework.
// SPDX-PackageName: CISS.debian.installer
// SPDX-Security-Contact: security@coresecret.eu
digraph CISS_debian_installer_bootflow {
rankdir=LR;
node [shape=box, style=filled, fillcolor=lightgray, fontname="Helvetica"];
Initramfs [label="initramfs boot", fillcolor=lightblue];
Crypttab [label="/etc/crypttab", fillcolor=lightblue];
CryptrootScript [label="local-top/cryptroot", fillcolor=lightblue];
Cryptsetup [label="cryptsetup luksOpen", fillcolor=orange];
Keyscript [label="keyscript (e.g. nuke_aware.sh)", fillcolor=yellow];
Askpass [label="askpass (console/GUI/Dropbear)", fillcolor=white];
NukeCheck [label="if password matches NUKE_HASH → nuke()", fillcolor=red, fontcolor=white];
PASSPHRASEOut [label="printf '%s' \"$PASSPHRASE\" + exit 0", fillcolor=green];
Decryption [label="LUKS device unlocked", fillcolor=darkgreen, fontcolor=white];
RootFS [label="mount /dev/mapper/cryptroot → /", fillcolor=lightblue];
Initramfs -> Crypttab;
Crypttab -> CryptrootScript;
CryptrootScript -> Cryptsetup;
Cryptsetup -> Keyscript;
Keyscript -> Askpass;
Askpass -> NukeCheck;
NukeCheck -> PASSPHRASEOut [label="if no match"];
PASSPHRASEOut -> Cryptsetup [label="stdin"];
Cryptsetup -> Decryption;
Decryption -> RootFS;
}

2
docs/graphviz/ciss.debian.live.builder.dot → docs/graphviz/ciss.debian.installer.dot
View File

@@ -9,7 +9,7 @@
// SPDX-PackageName: CISS.debian.installer
// SPDX-Security-Contact: security@coresecret.eu
digraph CISS_debian_live_builder {
digraph CISS_debian_installer {
// -----------------------------
// General settings
// -----------------------------

0
docs/graphviz/ciss.debian.live.builder.png → docs/graphviz/ciss.debian.installer.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 107 KiB

After

Width:  |  Height:  |  Size: 107 KiB