Marc S. Weidner
3983b149e6
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m57s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
198 lines
6.4 KiB
Bash
198 lines
6.4 KiB
Bash
#!/bin/bash
|
|
# SPDX-Version: 3.0
|
|
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
|
|
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
|
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-FileType: SOURCE
|
|
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
|
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
|
# SPDX-PackageName: CISS.debian.installer
|
|
# SPDX-Security-Contact: security@coresecret.eu
|
|
|
|
### Contributions so far see ./docs/CREDITS.md
|
|
|
|
### WHY BASH?
|
|
# Ease of installation.
|
|
# No compiling or installing gems, CPAN modules, pip packages, etc.
|
|
# Simple to use and read. Clear syntax and straightforward output interpretation.
|
|
# Built-in power.
|
|
# Pattern matching, line processing, and regular expression support are available natively,
|
|
# no external binaries required.
|
|
# Cross-platform consistency.
|
|
# '/bin/bash' is the default shell on most Linux distributions, ensuring scripts run unmodified across systems.
|
|
# macOS compatibility.
|
|
# Since macOS Catalina (10.15), the default login shell has been zsh, but bash remains available at '/bin/bash'.
|
|
# Windows support.
|
|
# You can use bash via WSL, MSYS2, or Cygwin on Windows systems.
|
|
|
|
### PRELIMINARY CHECKS
|
|
[ -z "${BASH_VERSINFO[0]}" ] && {
|
|
. ./meta_loader_early.sh
|
|
printf "%s❌ Please make sure you are using 'bash'! Bye... %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
|
|
exit "${ERR_UNSUPPORTED_BASH}"
|
|
}
|
|
|
|
[[ ${EUID} -ne 0 ]] && {
|
|
. ./meta_loader_early.sh
|
|
printf "%s❌ Please make sure you are 'root'! Bye... %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
|
|
exit "${ERR_USER_IS_NOT_ROOT}"
|
|
}
|
|
|
|
[[ $(kill -l | grep -c SIG) -eq 0 ]] && {
|
|
. ./meta_loader_early.sh
|
|
printf "%s❌ Please make sure you are calling the script without leading 'sh'! Bye... %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
|
|
exit "${ERR_UNSUPPORTED_BASH}"
|
|
}
|
|
|
|
[[ ${BASH_VERSINFO[0]} -lt 5 ]] && {
|
|
. ./meta_loader_early.sh
|
|
printf "%s❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... %s%s" "${C_RED}" "${BASH_VERSION}" "${C_RES}" "${NL}" >&2
|
|
exit "${ERR_UNSUPPORTED_BASH}"
|
|
}
|
|
|
|
[[ ${BASH_VERSINFO[0]} -le 5 ]] && [[ ${BASH_VERSINFO[1]} -le 1 ]] && {
|
|
. ./meta_loader_early.sh
|
|
printf "%s❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... %s%s" "${C_RED}" "${BASH_VERSION}" "${C_RES}" "${NL}" >&2
|
|
exit "${ERR_UNSUPPORTED_BASH}"
|
|
}
|
|
|
|
[[ ${#} -eq 0 ]] && {
|
|
. ./lib/0000_usage.sh; usage >&2; exit 1; }
|
|
|
|
### SOURCING MUST SET EARLY VARIABLES
|
|
. ./var/early.var.sh
|
|
|
|
### CHECK FOR CONTACT, HELP, AND VERSION STRING
|
|
for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/0001_contact.sh; contact; exit 0;; esac; done
|
|
for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/0000_usage.sh; usage; exit 0;; esac; done
|
|
for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/0002_version.sh; version; exit 0;; esac; done
|
|
|
|
### ALL CHECKS DONE. READY TO START THE SCRIPT. SOURCING GUARD_SOURCING()
|
|
declare -grx VAR_SETUP="true"
|
|
. ./lib/0010_guard_sourcing.sh
|
|
|
|
### CHECK FOR AUTO INSTALL MODE
|
|
for arg in "$@"; do case "${arg,,}" in -a|--autoinstall) declare -gx VAR_AUTO_INSTALL="true";; esac; done; unset arg
|
|
|
|
### CHECKING REQUIRED PACKAGES
|
|
. ./lib/0030_check_pkgs.sh
|
|
. ./lib/0031_check_git.sh
|
|
check_pkgs
|
|
check_git
|
|
|
|
### PRE SCAN FOR DEBUG MODE
|
|
. ./lib/0050_debug_pre_scan.sh
|
|
pre_scan_debug "$@"
|
|
|
|
### ADVISORY LOCK
|
|
exec 127>/var/lock/ciss_debian_installer.lock || {
|
|
printf "%s❌ Cannot open lockfile for writing! Bye... %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
|
|
exit "${ERR_FLOCK_PROTECTED}"
|
|
}
|
|
|
|
if ! flock -x -n 127; then
|
|
printf "%s❌ Another instance is running! Bye...%s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
|
|
exit "${ERR_FLOCK_COLLISION}"
|
|
fi
|
|
|
|
### SOURCING
|
|
[[ "${VAR_SETUP}" == "true" ]] && {
|
|
### SOURCING BASH OPTIONS
|
|
. ./var/bash.var.sh
|
|
### SOURCING FUNCTIONS
|
|
. ./meta_loader_func.sh
|
|
### SOURCING LIBRARIES
|
|
. ./meta_loader_lib.sh
|
|
### SOURCING VARIABLES
|
|
. ./meta_loader_var.sh
|
|
}
|
|
|
|
### ACTIVATING TRAPS
|
|
trap 'trap_exit "$?"' EXIT
|
|
trap 'trap_int' INT
|
|
trap 'trap_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' ERR
|
|
|
|
### PREPARING DIRECTORIES AND FILES
|
|
gen_dir_files
|
|
|
|
|
|
|
|
### Dialog Output for Initialization
|
|
if ! "${VAR_AUTO_INSTALL}"; then . ./lib/0200_dialog_helper.sh && dialog_gauge; fi
|
|
|
|
|
|
|
|
|
|
|
|
### Updating Status of Dialog Gauge Bar
|
|
if ! $VAR_AUTO_INSTALL; then printf "XXX\nAdditional initialization ... \nXXX\n25\n" >&3; fi
|
|
### Initialization
|
|
declare -gr ARGUMENTS_COUNT="$#"
|
|
declare -gr ARG_STR_ORG_INPUT="$*"
|
|
#declare -ar ARG_ARY_ORG_INPUT=("$@")
|
|
# shellcheck disable=SC2155
|
|
declare -grx SCRIPT_FULLPATH="$(readlink -f "${BASH_SOURCE[0]:-$0}")"
|
|
# shellcheck disable=SC2155
|
|
declare -grx SCRIPT_BASEPATH="$(dirname "${SCRIPT_FULLPATH}")"
|
|
# shellcheck disable=SC2155
|
|
declare -grx VAR_WORKDIR="$(dirname "${SCRIPT_FULLPATH}")"
|
|
|
|
### Updating Status of Dialog Gauge Bar
|
|
if ! $VAR_AUTO_INSTALL; then printf "XXX\nSourcing Libraries ... \nXXX\n50\n" >&3; fi
|
|
|
|
|
|
# TODO Update temp File Cleaner on trap on ERR / EXIT
|
|
### Updating Status of Dialog Gauge Bar
|
|
if ! $VAR_AUTO_INSTALL; then printf "XXX\nActivate traps ... \nXXX\n55\n" >&3; fi
|
|
### Following the CISS Bash naming and ordering scheme
|
|
|
|
|
|
### Updating Status of Dialog Gauge Bar
|
|
if ! $VAR_AUTO_INSTALL; then printf "XXX\nSanitizing Arguments ... \nXXX\n70\n" >&3; fi
|
|
arg_check "$@"
|
|
declare -ar ARY_ARG_SANITIZED=("$@")
|
|
declare -gr VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}"
|
|
|
|
### Updating Status of Dialog Gauge Bar
|
|
if ! $VAR_AUTO_INSTALL; then printf "XXX\nParsing Arguments ... \nXXX\n90\n" >&3; fi
|
|
arg_parser "$@"
|
|
|
|
### Updating Status of Dialog Gauge Bar
|
|
if ! $VAR_AUTO_INSTALL; then printf "XXX\nFinal checks ... \nXXX\n95\n" >&3; fi
|
|
clean_ip
|
|
|
|
### Updating Status of Dialog Gauge Bar
|
|
if ! $VAR_AUTO_INSTALL; then printf "XXX\nInitialization completed ... \nXXX\n100\n" >&3; sleep 1; fi
|
|
|
|
if ! $VAR_AUTO_INSTALL; then dialog_gauge_cleaner; fi
|
|
|
|
### MAIN Program
|
|
arg_priority_check
|
|
check_stats
|
|
if ! $VAR_AUTO_INSTALL; then check_provider; fi
|
|
if ! $VAR_AUTO_INSTALL; then check_kernel; fi
|
|
check_hooks
|
|
hardening_ssh
|
|
lb_config_start
|
|
lb_config_write
|
|
|
|
cd "${VAR_WORKDIR}"
|
|
hardening_ultra
|
|
hardening_root_pw
|
|
change_splash
|
|
check_dhcp
|
|
cdi
|
|
provider_netcup
|
|
|
|
### Start the build process
|
|
set +o errtrace
|
|
lb_build_start
|
|
|
|
set -o errtrace
|
|
run_analysis
|
|
copy_db
|
|
declare -g VAR_SCRIPT_SUCCESS=true
|
|
exit 0
|
|
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|