V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-14 21:43:27 +01:00
parent 236b0e56f6
commit e5ddb69a9e
6 changed files with 71 additions and 9 deletions
--- a/func/cdi_4200_boot/4210_generate_crypttab.sh
+++ b/func/cdi_4200_boot/4210_generate_crypttab.sh
@@ -125,11 +125,11 @@ EOF
    case "${var_key,,}" in

      swap)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,loud,swap"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,swap"
        ;;

      /tmp)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,loud,tmp=ext4"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,tmp=ext4"
        mkdir -p "${TARGET}/etc/tmpfiles.d"
        insert_header   "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
        insert_comments "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
--- a/func/cdi_4900_xtended/4900_final_command.sh
+++ b/func/cdi_4900_xtended/4900_final_command.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Exiting chroot of the target system.
+# Globals:
+#   RECOVERY
+#   TARGET
+#   VAR_CHROOT_ACTIVATED
+#   VAR_NEED_RUN_IN_TARGET
+#   VAR_RUN_RECOVERY
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+final_commands() {
+  ### Declare Arrays, HashMaps, and Variables.
+  declare -r  var_logfile="/root/.ciss/cdi/log/4900_final_command.log"
+  declare     var_target="${TARGET}"
+
+  ### Check for TARGET / RECOVERY.
+  [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
+
+  chroot_logger "${var_target}${var_logfile}"
+
+  chroot_script "${var_target}" "
+    updatedb | tee -a ${var_logfile}
+  "
+
+  guard_dir && return 0
+}
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f final_commands
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_4900_xtended/4999_exiting_chroot_system.sh
+++ b/func/cdi_4900_xtended/4999_exiting_chroot_system.sh
@@ -15,8 +15,11 @@ guard_sourcing
 #######################################
 # Exiting chroot of the target system.
 # Globals:
+#   RECOVERY
 #   TARGET
+#   VAR_CHROOT_ACTIVATED
 #   VAR_NEED_RUN_IN_TARGET
+#   VAR_RUN_RECOVERY
 # Arguments:
 #   None
 # Returns:
@@ -24,20 +27,25 @@ guard_sourcing
 #######################################
 exiting_chroot_system() {
  ### Declare Arrays, HashMaps, and Variables.
-  declare -a ary_umount=( "/sys/fs/cgroup" "/dev/hugepages" "/dev/mqueue" "/dev/shm" "/dev/pts" "/proc" "/sys" "/dev" )
-  declare    var_path=""
+  declare -a  ary_umount=( "/sys/fs/cgroup" "/dev/hugepages" "/dev/mqueue" "/dev/shm" "/dev/pts" "/proc" "/sys" "/dev" )
+  declare     var_path=""
+
+  declare     var_target="${TARGET}"
+
+  ### Check for TARGET / RECOVERY.
+  [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"

  for var_path in "${ary_umount[@]}"; do

-    umount -l "${TARGET}${var_path}" 2>/dev/null || true
-    do_log "info" "file_only" "4999() Command: [umount -l ${TARGET}${var_path} 2>/dev/null || true] issued."
+    umount -l "${var_target}${var_path}" 2>/dev/null || true
+    do_log "info" "file_only" "4999() Command: [umount -l ${var_target}${var_path} 2>/dev/null || true] issued."

  done

  if [[ "${VAR_NEED_RUN_IN_TARGET:-false}" == "true" ]]; then

-    umount -l "${TARGET}/run" 2>/dev/null || true
-    do_log "info" "file_only" "4999() Command: [umount -l ${TARGET}/run 2>/dev/null || true] issued."
+    umount -l "${var_target}/run" 2>/dev/null || true
+    do_log "info" "file_only" "4999() Command: [umount -l ${var_target}/run 2>/dev/null || true] issued."

  fi

@@ -45,4 +53,7 @@ exiting_chroot_system() {

  guard_dir && return 0
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f exiting_chroot_system
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh