#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu guard_sourcing ####################################### # Extended dynamic network variable checks and declarations depending on preseed.yaml. # Globals: # ARY_IPV4_NS # ARY_IPV6_NS # VAR_FINAL_FQDN # VAR_FINAL_IPV4 # VAR_FINAL_IPV4_GW # VAR_FINAL_IPV4_SUBNET # VAR_FINAL_IPV6 # VAR_FINAL_IPV6_CIDR # VAR_FINAL_IPV6_GW # VAR_FINAL_NIC # VAR_LINK_IPV6 # network_autoconfig_enable # network_choose_interface_static # network_hostname # network_ipv6 # network_static_ipv4address # network_static_ipv4gateway # network_static_ipv4nameserver_0 # network_static_ipv4nameserver_1 # network_static_ipv4nameserver_2 # network_static_ipv4nameserver_3 # network_static_ipv4nameserver_fallback_0 # network_static_ipv4nameserver_fallback_1 # network_static_ipv4netmask # network_static_ipv6address # network_static_ipv6gateway # network_static_ipv6nameserver_0 # network_static_ipv6nameserver_1 # network_static_ipv6nameserver_2 # network_static_ipv6nameserver_3 # network_static_ipv6nameserver_fallback_0 # network_static_ipv6nameserver_fallback_1 # network_static_ipv6netmask # Arguments: # None # Returns: # 0: on success ####################################### yaml_validator() { ### Declare Arrays, HashMaps, and Variables. # shellcheck disable=SC2034 declare -ag ARY_IPV4_NS=() ARY_IPV6_NS=() declare var_auto_nic="" var_auto_ipv4="" var_auto_ipv4_cidr="" var_auto_ipv4_subnet="" var_auto_ipv4_gw="" \ var_auto_ipv6="" var_auto_ipv6_cidr="" var_auto_ipv6_gw="" var_link_ipv4="" var_link_ipv6="" var_auto_fqdn="" declare -gx VAR_FINAL_NIC="" VAR_FINAL_FQDN="" VAR_FINAL_IPV4="" VAR_FINAL_IPV4_GW="" VAR_FINAL_IPV4_SUBNET="" \ VAR_FINAL_IPV6="" VAR_LINK_IPV6="" VAR_FINAL_IPV6_GW="" VAR_FINAL_IPV6_CIDR="" ensure_lowercase "network_autoconfig_enable" ensure_lowercase "network_choose_interface_auto" ensure_lowercase "network_choose_interface_static" ensure_lowercase "network_hostname" # shellcheck disable=SC2034 [[ -v network_static_ipv4nameserver_0 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_0}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv4nameserver_1 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_1}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv4nameserver_2 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_2}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv4nameserver_3 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_3}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv4nameserver_fallback_0 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_fallback_0}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv4nameserver_fallback_1 ]] && ARY_IPV4_NS+=( "${network_static_ipv4nameserver_fallback_1}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv6nameserver_0 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_0}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv6nameserver_1 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_1}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv6nameserver_2 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_2}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv6nameserver_3 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_3}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv6nameserver_fallback_0 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_fallback_0}" ) # shellcheck disable=SC2034 [[ -v network_static_ipv6nameserver_fallback_1 ]] && ARY_IPV6_NS+=( "${network_static_ipv6nameserver_fallback_1}" ) ### Check current network connection and configure variables # shellcheck disable=SC2312 var_auto_nic=$(ip -o link show | awk -F': ' '/state UP/ && $2!="lo" {print $2; exit}') # shellcheck disable=SC2312 var_auto_ipv4_cidr=$(ip -4 -o addr show "${var_auto_nic}" | awk '{print $4; exit}') # shellcheck disable=SC2312 var_auto_ipv4_subnet=$(generate_subnetmask "${var_auto_ipv4_cidr}") # shellcheck disable=SC2312 var_auto_ipv4=$(echo "${var_auto_ipv4_cidr}" | awk -F'/' '{print $1}') # shellcheck disable=SC2312 var_auto_ipv4_gw=$(ip route show default dev "${var_auto_nic}" | awk '/^default/ {print $3; exit}') # shellcheck disable=SC2312 var_auto_ipv6_cidr=$(ip -6 -o addr show "${var_auto_nic}" | awk '/scope global/ {print $4; exit}') if [[ -n "${var_auto_ipv6_cidr}" ]]; then # shellcheck disable=SC2312 var_auto_ipv6=$(echo "${var_auto_ipv6_cidr}" | awk -F'/' '{print $1}') # shellcheck disable=SC2312 var_auto_ipv6_gw=$(ip -6 route show default dev "${var_auto_nic}" | awk '/^default/ {print $3; exit}') fi # shellcheck disable=SC2312 var_link_ipv4="$(probe_link 4 heise.de)" #var_link_ipv4=$(ping -q -c 1 -W 1 -4 heise.de > /dev/null 2>&1 && echo "true" || echo "false") # shellcheck disable=SC2312 var_link_ipv6="$(probe_link 6 heise.de)" #var_link_ipv6=$(ping -q -c 1 -W 1 -6 heise.de > /dev/null 2>&1 && echo "true" || echo "false") # shellcheck disable=SC2312 var_auto_fqdn="$( getent hosts "${var_auto_ipv4}" | awk '{print $2}' | head -n1 )" var_auto_fqdn="${var_auto_fqdn:-$(dig +short -x "${var_auto_ipv4}")}" var_auto_fqdn="${var_auto_fqdn%.}" var_auto_fqdn="${var_auto_fqdn,,}" do_log "info" "file_only" "1252() Live environment network check: Auto NIC = ${var_auto_nic}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv4 = ${var_auto_ipv4}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv4 CCIDR = ${var_auto_ipv4_cidr}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv4 Subnet = ${var_auto_ipv4_subnet}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv4 Gateway = ${var_auto_ipv4_gw}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv6 = ${var_auto_ipv6}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv6 CCIDR = ${var_auto_ipv6_cidr}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv6 Gateway = ${var_auto_ipv6_gw}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv4 Link = ${var_link_ipv4}" do_log "info" "file_only" "1252() Live environment network check: Auto IPv6 Link = ${var_link_ipv6}" do_log "info" "file_only" "1252() Live environment network check: Auto FQDN = ${var_auto_fqdn}" ### Export hostname and IPv4 and IPv6 addresses for further processing according to dynamic results and preseed.yaml settings. if [[ "${network_autoconfig_enable}" == "true" ]]; then # shellcheck disable=SC2034 VAR_FINAL_NIC="${var_auto_nic}" # shellcheck disable=SC2034 VAR_FINAL_FQDN="${var_auto_fqdn}" # shellcheck disable=SC2034 VAR_FINAL_IPV4="${var_auto_ipv4}" # shellcheck disable=SC2034 VAR_FINAL_IPV4_GW="${var_auto_ipv4_gw}" # shellcheck disable=SC2034 VAR_FINAL_IPV4_SUBNET="${var_auto_ipv4_subnet}" do_log "info" "file_only" "1252() Network IPv4 auto configuration: [${network_autoconfig_enable}] and IPv4 Link: [${var_link_ipv4}]." elif [[ "${network_autoconfig_enable}" == "false" ]]; then # shellcheck disable=SC2034 VAR_FINAL_NIC="${network_choose_interface_static}" # shellcheck disable=SC2034 VAR_FINAL_FQDN="${network_hostname}" # shellcheck disable=SC2034 VAR_FINAL_IPV4="${network_static_ipv4address}" # shellcheck disable=SC2034 VAR_FINAL_IPV4_GW="${network_static_ipv4gateway}" # shellcheck disable=SC2034 VAR_FINAL_IPV4_SUBNET="${network_static_ipv4netmask}" do_log "info" "file_only" "1252() Network IPv4 static configuration: [${network_static_ipv4address}] and IPv4 Link: [${var_link_ipv4}]." elif [[ "${network_autoconfig_enable}" == "false" && -z "${network_static_ipv4address}" ]]; then do_log "info" "file_only" "1252() Network IPv4: no IPv4 configuration applied." fi if [[ "${network_autoconfig_enable}" == "true" && "${network_ipv6}" == "true" && -z "${network_static_ipv6address}" ]]; then # shellcheck disable=SC2034 VAR_FINAL_IPV6="${var_auto_ipv6}" # shellcheck disable=SC2034 VAR_LINK_IPV6="${var_link_ipv6}" # shellcheck disable=SC2034 VAR_FINAL_IPV6_GW="${var_auto_ipv6_gw}" # shellcheck disable=SC2034 VAR_FINAL_IPV6_CIDR="${var_auto_ipv6_cidr}" do_log "info" "file_only" "1252() Network IPv6 auto configuration: [${network_autoconfig_enable}] and IPv6 Link: [${var_link_ipv6}]." elif [[ -n "${network_static_ipv6address}" ]]; then # shellcheck disable=SC2034 VAR_FINAL_IPV6="${network_static_ipv6address}" # shellcheck disable=SC2034 VAR_LINK_IPV6="${var_link_ipv6}" # shellcheck disable=SC2034 VAR_FINAL_IPV6_GW="${network_static_ipv6gateway}" # shellcheck disable=SC2034 VAR_FINAL_IPV6_CIDR="${network_static_ipv6address}/${network_static_ipv6netmask}" do_log "info" "file_only" "1252() Network IPv6 static configuration: [${network_static_ipv6address}] and IPv6 Link: [${var_link_ipv6}]." else # shellcheck disable=SC2034 VAR_FINAL_IPV6="" do_log "info" "file_only" "1252() Network IPv6: no IPv6 configuration applied." fi guard_dir && return 0 } ### Prevents accidental 'unset -f'. # shellcheck disable=SC2034 readonly -f yaml_validator ####################################### # Network connectivity prober. # Globals: # network_timeout_linkwait # Arguments: # 1: IP-Family # 2: TLD to probe # Returns: # 0: on success ####################################### probe_link() { declare -r var_fam="${1:-4}" # "4" or "6" declare -r var_target="${2:-heise.de}" # hostname or IP declare var_ok="false" ### 1) Try ping (quiet, 1 probe, 3s deadline) if ping -q -c 1 -W "${network_timeout_linkwait:-3}" "-${var_fam}" "${var_target}" >/dev/null 2>&1; then var_ok="true" else ### 2) Fallback: mtr in report mode (non-interactive), no DNS to avoid TUI/delays. if command -v mtr >/dev/null 2>&1; then ### Treat as success if ANY hop resolves to something other than "???". ### '-r = report', '-c 2 = two cycles', -n = no DNS, -4/-6 = address family # shellcheck disable=SC2312 if mtr "-${var_fam}" -r -c 3 -n "${var_target}" 2>/dev/null \ | awk 'NR>2 && $2!="???"{ok=1} END{exit ok?0:1}'; then var_ok="true" fi fi fi printf '%s' "${var_ok}" return 0 } ### Prevents accidental 'unset -f'. # shellcheck disable=SC2034 readonly -f probe_link # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh