#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu ####################################### # Wrapper for executing commands in the desired chroot environment. # Globals: # TERM # Arguments: # $1: Target of the chroot environment. # $@: Commands and options and parameters to be executed in chroot. ####################################### do_in_target() { declare var_chroot_target="$1"; shift declare ary_chroot_command=("$@") do_log "info" "false" "Executing in the target system '${var_chroot_target}' command: '${ary_chroot_command[*]}'." chroot "${var_chroot_target}" /usr/bin/env -i \ HOME=/root \ PATH=/usr/sbin:/usr/bin:/sbin:/bin \ TERM="${TERM}" \ "${ary_chroot_command[@]}" } ####################################### # Wrapper around 'printf' for clean code. # Globals: # C_RES # Arguments: # $1: One of "${C_BLA}" | "${C_RED}" | "${C_GRE}" | "${C_YEL}" | "${C_BLU}" | "${C_MAG}" | "${C_CYA}" | "${C_WHI}" # $2: Text string to print on terminal. ####################################### do_print_color() { printf "%s\n" "${1}${2}${C_RES}" } ####################################### # Wrapper around 'printf' for clean, uniform terminal output and line fold for long text strings for better readability. # Globals: # C_RES # Arguments: # $1: One of "${C_BLA}" | "${C_RED}" | "${C_GRE}" | "${C_YEL}" | "${C_BLU}" | "${C_MAG}" | "${C_CYA}" | "${C_WHI}" # $2: Text string to print on terminal. ####################################### do_print_fold() { declare var_color="$1"; shift declare var_msg_string="$*" declare var_formatted_String="${var_color}${var_msg_string}${C_RES}" printf "%b\n" "${var_formatted_String}" | fold -s -w 76 | sed '1! s/^/ /' } ####################################### # Wrapper around 'printf' for logfile redirect. # Arguments: # $1: Text string to redirect to a log file. ####################################### do_print_log() { printf "%s\n" "${1}" } ####################################### # Helper Module to generate a Subnet Mask out of an IP in CCDIR Notation. # Arguments: # $1: IPv4 in CCDIR Notation, e.g.,: 192.168.128.128/24 # Returns: # 0 : In every case a zero return value is delivered. ####################################### generate_subnetmask() { declare var_arg="$1" declare var_prefix="${var_arg#*/}" declare var_mask_int="" declare var_has_ipv4_subnet="" var_mask_int=$((0xFFFFFFFF << (32 - var_prefix) & 0xFFFFFFFF)) var_has_ipv4_subnet=$(printf "%d.%d.%d.%d" \ $(((var_mask_int >> 24) & 0xFF)) \ $(((var_mask_int >> 16) & 0xFF)) \ $(((var_mask_int >> 8) & 0xFF)) \ $((var_mask_int & 0xFF))) echo "${var_has_ipv4_subnet}" return 0 } ####################################### # Converts characters such as spaces, inverted commas, backslashes, and other special # characters so that they can be safely used as arguments in a shell command. # Arguments: # $1: String to sanitize. ####################################### sanitize_input() { # shellcheck disable=SC2155 declare var_safe_out=$(printf "%q" "$1") echo "${var_safe_out}" } ####################################### # Remove any leading or trailing whitespace. # Arguments: # $1: String to clean. ####################################### remove_whitespace() { # shellcheck disable=SC2155 declare var_out=$(printf "%s" "$1" | xargs) echo "${var_out}" } ####################################### # Function to escape all shell metacharacters # Arguments: # $1: String to Sanitize ####################################### sanitize_shell_literal() { declare input="$1" ### %q quotes the string so that the shell re-reads it as the original literal printf '%q' "${input}" } ####################################### # Function to remove any character not in the allowed set # Arguments: # $1: String to Sanitize ####################################### sanitize_string() { declare input="$1" ### Define allowed characters: ### letters, digits, dot, underscore, slash, equals, [, ], colon, double-quote, hyphen, space. declare allowed='a-zA-Z0-9._/=\[\]:"\-+ ' printf '%s' "${input}" | tr -cd "${allowed}" } ####################################### # Helper module for full upgrade, autoremove and autoclean. # Arguments: # None ####################################### update_upgrade() { apt-get update -y apt-get upgrade -y apt-get autoclean -y apt-get autopurge -y apt-get autoremove -y } ####################################### # Wrapper for secure curl. # Globals: # ERR_DOWNLOAD_FAILED # ERR_NO_DOWNLOAD_ARG # Arguments: # $1: URL from which to download a specific file. # $2: /path/to/file to be saved to. # Returns: # ${ERR_DOWNLOAD_FAILED}: Download failed. # ${ERR_NO_DOWNLOAD_ARG}: No arguments specified. ####################################### scurl() { if [[ $# -ne 2 ]]; then do_log "error" "false" "Usage: scurl " return "${ERR_NO_DOWNLOAD_ARG}" fi declare url="$1" declare output_path="$2" if ! curl --doh-url "https://dns01.eddns.eu/dns-query" \ --doh-cert-status \ --tlsv1.3 \ -sSf \ -o "${output_path}" \ "${url}" then do_log "error" "false" "Download failed for URL: '${1}'." return "${ERR_DOWNLOAD_FAILED}" fi } ####################################### # Wrapper for secure wget. # Globals: # ERR_DOWNLOAD_FAILED # ERR_NO_DOWNLOAD_ARG # Arguments: # $1: URL from which to download a specific file. # $2: /path/to/file to be saved to. # Returns: # ${ERR_DOWNLOAD_FAILED}: Download failed. # ${ERR_NO_DOWNLOAD_ARG}: No arguments specified. ####################################### swget() { if [[ $# -ne 2 ]]; then do_log "error" "false" "Usage: swget " return "${ERR_NO_DOWNLOAD_ARG}" fi declare url="$1" declare output_path="$2" if ! wget --show-progress \ --no-clobber \ --https-only \ --secure-protocol=TLSv1_3 \ -qO "${output_path}" \ "${url}" then do_log "error" "false" "Download failed for URL: '${1}'." return "${ERR_DOWNLOAD_FAILED}" fi } # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh