#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu ### Contributions so far see ./docs/CREDITS.md ### WHY BASH? # Ease of installation. # No compiling or installing gems, CPAN modules, pip packages, etc. # Simple to use and read. Clear syntax and straightforward output interpretation. # Built-in power. # Pattern matching, line processing, and regular expression support are available natively, # no external binaries required. # Cross-platform consistency. # '/bin/bash' is the default shell on most Linux distributions, ensuring scripts run unmodified across systems. # macOS compatibility. # Since macOS Catalina (10.15), the default login shell has been zsh, but bash remains available at '/bin/bash'. # Windows support. # You can use bash via WSL, MSYS2, or Cygwin on Windows systems. ### PRELIMINARY CHECKS [ -z "${BASH_VERSINFO[0]}" ] && { . ./var/errors.var.sh; printf "\e[91m❌ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2; exit "${ERR_UNSUPPORTED_BASH}"; } [[ ${EUID} -ne 0 ]] && { . ./var/errors.var.sh; printf "\e[91m❌ Please make sure you are 'root'! Bye... \e[0m\n" >&2; exit "${ERR_USER_IS_NOT_ROOT}"; } [[ $(kill -l | grep -c SIG) -eq 0 ]] && { . ./var/errors.var.sh; printf "\e[91m❌ Please make sure you are calling the script without leading 'sh'! Bye... \e[0m\n" >&2; exit "${ERR_UNSUPPORTED_BASH}"; } [[ ${BASH_VERSINFO[0]} -lt 5 ]] && { . ./var/errors.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSUPPORTED_BASH}"; } [[ ${BASH_VERSINFO[0]} -le 5 ]] && [[ ${BASH_VERSINFO[1]} -le 1 ]] && { . ./var/errors.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSUPPORTED_BASH}"; } [[ ${#} -eq 0 ]] && { . ./lib/0000_usage.sh; usage >&2; exit 1; } ### SOURCING MUST SET EARLY VARIABLES AND GUARD_SOURCING() . ./var/early.var.sh . ./lib/0010_guard_sourcing.sh ### CHECK FOR CONTACT, HELP, AND VERSION STRING for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/0001_contact.sh; contact; exit 0;; esac; done for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/0000_usage.sh; usage; exit 0;; esac; done for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/0002_version.sh; version; exit 0;; esac; done ### ALL CHECKS DONE. READY TO START THE SCRIPT declare -grx VAR_SETUP="true" ### CHECK FOR AUTO INSTALL MODE for arg in "$@"; do case "${arg,,}" in -a|--autoinstall) declare -gx VAR_AUTO_INSTALL="true";; esac; done; unset arg ### CHECKING REQUIRED PACKAGES . ./lib/0030_check_pkgs.sh . ./lib/0031_check_git.sh check_pkgs check_git ### PRE SCAN FOR DEBUG MODE . ./lib/0050_debug_pre_scan.sh pre_scan_debug "$@" ### ADVISORY LOCK exec 127>/var/lock/ciss_debian_installer.lock || { printf "\e[91m❌ Cannot open lockfile for writing! Bye... \e[0m\n" >&2 exit "${ERR_FLOCK_PROTECTED}" } if ! flock -x -n 127; then printf "\e[91m❌ Another instance is running! Bye...\e[0m\n" >&2 exit "${ERR_FLOCK_COLLISION}" fi ### SOURCING [[ "${VAR_SETUP}" == true ]] && { ### SOURCING BASH OPTIONS . ./var/bash.var.sh ### SOURCING FUNCTIONS . ./meta_loader_func.sh ### SOURCING LIBRARIES . ./meta_loader_lib.sh ### SOURCING VARIABLES . ./meta_loader_var.sh } ### ACTIVATING TRAPS trap 'trap_exit "$?"' EXIT trap 'trap_int' INT trap 'trap_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' ERR ### PREPARING DIRECTORIES AND FILES gen_dir_files ### Dialog Output for Initialization if ! $VAR_AUTO_INSTALL; then . ./lib/0200_dialog_helper.sh && dialog_gauge; fi ### Updating Status of Dialog Gauge Bar if ! $VAR_AUTO_INSTALL; then printf "XXX\nAdditional initialization ... \nXXX\n25\n" >&3; fi ### Initialization declare -gr ARGUMENTS_COUNT="$#" declare -gr ARG_STR_ORG_INPUT="$*" #declare -ar ARG_ARY_ORG_INPUT=("$@") # shellcheck disable=SC2155 declare -grx SCRIPT_FULLPATH="$(readlink -f "${BASH_SOURCE[0]:-$0}")" # shellcheck disable=SC2155 declare -grx SCRIPT_BASEPATH="$(dirname "${SCRIPT_FULLPATH}")" # shellcheck disable=SC2155 declare -grx VAR_WORKDIR="$(dirname "${SCRIPT_FULLPATH}")" ### Updating Status of Dialog Gauge Bar if ! $VAR_AUTO_INSTALL; then printf "XXX\nSourcing Libraries ... \nXXX\n50\n" >&3; fi # TODO Update temp File Cleaner on trap on ERR / EXIT ### Updating Status of Dialog Gauge Bar if ! $VAR_AUTO_INSTALL; then printf "XXX\nActivate traps ... \nXXX\n55\n" >&3; fi ### Following the CISS Bash naming and ordering scheme ### Updating Status of Dialog Gauge Bar if ! $VAR_AUTO_INSTALL; then printf "XXX\nSanitizing Arguments ... \nXXX\n70\n" >&3; fi arg_check "$@" declare -ar ARY_ARG_SANITIZED=("$@") declare -gr VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}" ### Updating Status of Dialog Gauge Bar if ! $VAR_AUTO_INSTALL; then printf "XXX\nParsing Arguments ... \nXXX\n90\n" >&3; fi arg_parser "$@" ### Updating Status of Dialog Gauge Bar if ! $VAR_AUTO_INSTALL; then printf "XXX\nFinal checks ... \nXXX\n95\n" >&3; fi clean_ip ### Updating Status of Dialog Gauge Bar if ! $VAR_AUTO_INSTALL; then printf "XXX\nInitialization completed ... \nXXX\n100\n" >&3; sleep 1; fi if ! $VAR_AUTO_INSTALL; then dialog_gauge_cleaner; fi ### MAIN Program arg_priority_check check_stats if ! $VAR_AUTO_INSTALL; then check_provider; fi if ! $VAR_AUTO_INSTALL; then check_kernel; fi check_hooks hardening_ssh lb_config_start lb_config_write cd "${VAR_WORKDIR}" hardening_ultra hardening_root_pw change_splash check_dhcp cdi provider_netcup ### Start the build process set +o errtrace lb_build_start set -o errtrace run_analysis copy_db declare -g VAR_SCRIPT_SUCCESS=true exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh