Marc S. Weidner
e8d85a39ae
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 34s
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 24s
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
76 lines
3.4 KiB
Bash
76 lines
3.4 KiB
Bash
#!/bin/bash
|
|
# SPDX-Version: 3.0
|
|
# SPDX-CreationInfo: 2025-02-13; WEIDNER, Marc S.; <cendev@coresecret.eu>
|
|
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.installer.git
|
|
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
|
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
|
|
# SPDX-FileType: SOURCE
|
|
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
|
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
|
|
# SPDX-PackageName: CISS.2025.hardened.installer
|
|
# SPDX-Security-Contact: security@coresecret.eu
|
|
|
|
###########################################################################################
|
|
# 3.7.1. Functions - installation - configure system #
|
|
###########################################################################################
|
|
|
|
###########################################################################################
|
|
# Configure target system for chroot.
|
|
# Globals:
|
|
# MODULE_ERR
|
|
# MODULE_TXT
|
|
# TARGET
|
|
# Arguments:
|
|
# None
|
|
###########################################################################################
|
|
3_7_1_functions_installation_configure_system() {
|
|
declare -g -x MODULE_ERR="3_7_1_functions_installation_configure_system"
|
|
declare -g -x MODULE_TXT="Configure and prepare system after debootstrap for setup"
|
|
do_show_header "${MODULE_TXT}"
|
|
|
|
### Reminder ###
|
|
# --rbind: recursive binding.
|
|
# --make-rslave: In this case, the mount point is marked as 'slave'.
|
|
# This means changes to the source mount (e.g., /proc) are propagated to the target mount (e.g., "${TARGET}"/proc).
|
|
# Conversely, changes to the target mount are not propagated back to the source mount.
|
|
# This mode is necessary to avoid problems with double or erroneous propagation effects in chroot or container environments.
|
|
|
|
if mount --make-rslave --rbind /proc "${TARGET}"/proc; then
|
|
do_log "info" "true" "'mount --make-rslave --rbind /proc ${TARGET}/proc'."
|
|
else
|
|
do_log "emergency" "false" "Failed: 'mount --make-rslave --rbind /proc ${TARGET}/proc'."
|
|
exit "${ERR_CHROOT_MOUNTS}"
|
|
fi
|
|
|
|
if mount --make-rslave --rbind /sys "${TARGET}"/sys; then
|
|
do_log "info" "true" "'mount --make-rslave --rbind /sys ${TARGET}/sys'."
|
|
else
|
|
do_log "emergency" "false" "Failed: 'mount --make-rslave --rbind /sys ${TARGET}/sys'."
|
|
exit "${ERR_CHROOT_MOUNTS}"
|
|
fi
|
|
|
|
if mount --make-rslave --rbind /dev "${TARGET}"/dev; then
|
|
do_log "info" "true" "'mount --make-rslave --rbind /dev ${TARGET}/dev'."
|
|
else
|
|
do_log "emergency" "false" "Failed: 'mount --make-rslave --rbind /dev ${TARGET}/dev'."
|
|
exit "${ERR_CHROOT_MOUNTS}"
|
|
fi
|
|
|
|
if mount --make-rslave --rbind /run "${TARGET}"/run; then
|
|
do_log "info" "true" "'mount --make-rslave --rbind /run ${TARGET}/run'."
|
|
else
|
|
do_log "emergency" "false" "Failed: 'mount --make-rslave --rbind /run ${TARGET}/run'."
|
|
exit "${ERR_CHROOT_MOUNTS}"
|
|
fi
|
|
|
|
if do_in_target "${TARGET}" mkdir -p /etc/systemd/system/multi-user.target.wants; then
|
|
do_log "info" "true" "Command: 'mkdir -p /etc/systemd/system/multi-user.target.wants' executed in: '${TARGET}'."
|
|
else
|
|
do_log "emergency" "false" "Failed: Command: 'mkdir -p /etc/systemd/system/multi-user.target.wants' executed in: '${TARGET}'."
|
|
exit "${ERR_CHROOT_MOUNTS}"
|
|
fi
|
|
|
|
do_show_footer "${MODULE_TXT}"
|
|
}
|
|
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh:
|