#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu guard_sourcing || return "${ERR_GUARD_SOURCE}" [[ -f /root/ciss-debian-live-builder.env ]] && . /root/ciss-debian-live-builder.env ### Definition of MUST set global variables. # shellcheck disable=SC2155 declare -grx VAR_KERNEL_INF=$(mktemp var_kernel_inf.XXXXXXXX) # shellcheck disable=SC2155 declare -grx VAR_KERNEL_TMP=$(mktemp var_kernel_tmp.XXXXXXXX) # shellcheck disable=SC2155 declare -grx VAR_KERNEL_SRT=$(mktemp var_kernel_srt.XXXXXXXX) # shellcheck disable=SC2155 declare -grx VAR_NOTES=$(mktemp var_notes.XXXXXXXX) # shellcheck disable=SC2155 declare -grx VAR_RESOURCES=$(ulimit) # shellcheck disable=SC2155 declare -grx VAR_DATE="$(date +%F)" ### Initialize variables of different directories. declare -grx DIR_BAK="/tmp/.ciss/backup" declare -grx DIR_LOG="/tmp/.ciss/log" declare -grx DIR_TMP="/tmp/.ciss/tmp" # shellcheck disable=SC2153 declare -grx DIR_CNF="${VAR_SETUP_PATH}/.preseed" declare -grx DIR_INS="${VAR_SETUP_PATH}" ### Initialize variables for logging. declare -grx LOG_ERR="${DIR_LOG}/ciss_debian_installer_$$_error.log" declare -grx LOG_EXT="${DIR_LOG}/ciss_debian_installer_$$_exit.log" declare -grx LOG_INS="${DIR_LOG}/ciss_debian_installer_$$_install.log" declare -grx LOG_NIC="${DIR_LOG}/ciss_debian_installer_$$_nic.log" declare -grx LOG_UID="${DIR_LOG}/ciss_debian_installer_$$_uuid.log" declare -grx LOG_DBS="${DIR_LOG}/ciss_debian_installer_$$_debootstrap.log" declare -grx LOG_REC="${DIR_LOG}/ciss_debian_installer_$$_recovery.log" ### Initialize the variable of imported and cleaned 'YAML' -> 'BASH-variable'-file. declare -grx VAR_PRESEED="${DIR_TMP}/combined.var" declare -grx VAR_SETUP_CONF="${DIR_CNF}/preseed.yaml" declare -grx VAR_SETUP_PART="${DIR_CNF}/partitioning.yaml" ### Initialize SECRETS.yaml variables. # shellcheck disable=SC2034 declare -gA CISS_SECRETS_MAP=() # YAML path (w/o '.value' and without 'secrets.') -> varname. # shellcheck disable=SC2034 declare -g CISS_SECRETS_AGE="/root/.config/sops/age/keys.txt" # AGE PRIVATE Keyfile to decrypt SOPS encrypted values. # shellcheck disable=SC2034 declare -gr CISS_SECRETS_SOURCE="${DIR_CNF}/SECRETS.yaml" # Effective YAML source used (plain or decrypted stream). ### Base mount paths and variables for debootstrap. declare -grx TARGET="/target" declare -grx RECOVERY="/recovery" declare -grx VAR_SAFE_MNT_BASE="/run/ciss/bootstrap" declare -gx VAR_NEED_RUN_IN_TARGET="false" declare -gx VAR_RUN_RECOVERY="false" ### Default chroot debug policy. declare -gx VAR_CHROOT_DEBUG="false" ### Default log level. declare -gx VAR_DEFAULT_LOG_LEVEL="info" ### Default priority level. declare -gix VAR_PRIORITY=0 declare -gix VAR_REIONICE_CLASS=2 declare -gix VAR_REIONICE_PRIORITY=4 ### 4010_prepare_mounts.sh declare -gx VAR_CHROOT_ACTIVATED="false" ### 4120_installation_kernel.sh declare -gx VAR_KERNEL="" ### 4240_update_grub_password.sh declare -gx VAR_GRUB_PASSWORD="false" ### 4310_dropbear_build.sh declare -gx VAR_DROPBEAR="" ### 4330_installation_ssh.sh declare -gx VAR_SSH_PORT="" ### 4470_hardening_ufw.sh declare -gx VAR_UFW_OUT="deny" # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh