#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu guard_sourcing ####################################### # Wrapper for preparing logfile inside chroot. # Globals: # TARGET # Arguments: # 1: Logfile inside chroot # Returns: # 0: on success # ERR_CHROOT_LOGGER ####################################### chroot_logger() { declare -r var_logfile="$1" : >| "${var_logfile}" || return "${ERR_CHROOT_LOGGER}" chmod 0600 "${var_logfile}" || "${ERR_CHROOT_LOGGER}" return 0 } ####################################### # Helper Module to generate a Subnet Mask out of an IP in CCDIR Notation. # Arguments: # 1: IPv4 in CCDIR Notation, e.g.,: 192.168.128.128/24 # Returns: # 0: on success ####################################### generate_subnetmask() { declare var_arg="$1" declare var_prefix="${var_arg#*/}" declare var_mask_int="" declare var_has_ipv4_subnet="" var_mask_int=$((0xFFFFFFFF << (32 - var_prefix) & 0xFFFFFFFF)) var_has_ipv4_subnet=$(printf "%d.%d.%d.%d" \ $(((var_mask_int >> 24) & 0xFF)) \ $(((var_mask_int >> 16) & 0xFF)) \ $(((var_mask_int >> 8) & 0xFF)) \ $((var_mask_int & 0xFF))) printf '%s' "${var_has_ipv4_subnet}" return 0 } ####################################### # Collect NIC driver modules for initramfs installation. # Arguments: # None # Returns: # 0: on success ####################################### grep_nic_driver_modules() { ### Collect all ethernet driver names and sort them uniquely. declare -a _mods declare var_nic_module var_nic_modules # shellcheck disable=SC2312 readarray -t _mods < <( lspci -k \ | grep -A2 -i ethernet \ | grep 'Kernel driver in use' \ | awk '{print $5}' \ | sort -u ) ### If only one entry remains, save it in 'var_nic_module', otherwise save all modules in 'var_nic_modules'. if [[ "${#_mods[@]}" -eq 1 ]]; then var_nic_module="${_mods[0]}" else var_nic_modules="${_mods[*]}" fi if [[ -n "${var_nic_module}" ]]; then echo "${var_nic_module}" else echo "${var_nic_modules}" fi return 0 } ####################################### # Wrapper to insert the metadata field into the specified file. # Globals: # VAR_ARCHITECTURE # VAR_CODENAME # VAR_VERSION # Arguments: # 1: /path/to/file # Returns: # 0: on success ####################################### insert_comments() { declare of_file="${1}" var_name="" case "${of_file}" in /target/*) var_name="${of_file#/target}" ;; /recovery/*) var_name="${of_file#/recovery}" ;; *) var_name="${of_file}" ;; esac sed -i '/^# SPDX-Security-Contact: security@coresecret\.eu$/a\ \ # Static file system information: '"${var_name}"'\ # Generated by CISS.debian.installer '"${VAR_VERSION}"'\ # Architecture: '"${VAR_ARCHITECTURE}"'\ # Distribution: '"${VAR_CODENAME}"' ' "${of_file}" return 0 } ####################################### # Wrapper to insert the SPDX Header into the specified file. # Globals: # VAR_DATE # Arguments: # 1: /path/to/file # Returns: # 0: on success ####################################### insert_header() { cat << EOF >| "${1}" # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu EOF chmod 0644 "${1}" return 0 } ####################################### # Helper module for update, full dist-upgrade, autoclean, autopurge and autoremove. # Arguments: # None ####################################### update_upgrade() { apt-get update apt-get dist-upgrade -y apt-get autoclean -y apt-get autopurge -y apt-get autoremove -y } # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh