msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.544.2025.12.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m29s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-12-05 15:20:12 +01:00
parent ef562d6ca1
commit 097b204fce
7 changed files with 45 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
build: build:
counter: 1023 counter: 1024
version: V8.13.544.2025.12.05 version: V8.13.544.2025.12.05
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

1
.gitea/workflows/generate_PRIVATE_trixie_1.yaml
View File

@@ -214,6 +214,7 @@ jobs:
--autobuild=6.17.8+deb13-amd64 \ --autobuild=6.17.8+deb13-amd64 \
--build-directory /opt/cdlb \ --build-directory /opt/cdlb \
--cdi \ --cdi \
--cicd \
--change-splash hexagon \ --change-splash hexagon \
--control "${timestamp}" \ --control "${timestamp}" \
--jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \ --jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \

59
config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
View File

@@ -75,37 +75,14 @@ declare -i OVERHEAD_PCT=10
declare -i ALIGN_BYTES=$(( 4096 * 1024 )) declare -i ALIGN_BYTES=$(( 4096 * 1024 ))
declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) )) declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) ))
declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES )) declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
declare -i rc=
preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}" preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}"
exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt" exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
if cryptsetup luksFormat \ if [[ "${VAR_GITEA_RUNNER}" == "false" ]]; then
--batch-mode \
--cipher aes-xts-plain64 \
--integrity hmac-sha512 \
--iter-time 1000 \
--key-file "/proc/$$/fd/${KEYFD}" \
--key-size 512 \
--label crypt_liveiso \
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 4096 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [cryptsetup --sector-size 4096 ] successful. \e[0m\n" cryptsetup luksFormat \
else
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup --sector-size 4096 ] failed. Trying [--sector-size 512]. \e[0m\n"
if cryptsetup luksFormat \
--batch-mode \ --batch-mode \
--cipher aes-xts-plain64 \ --cipher aes-xts-plain64 \
--integrity hmac-sha512 \ --integrity hmac-sha512 \
@@ -116,23 +93,29 @@ else
--luks2-keyslots-size 16777216 \ --luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \ --luks2-metadata-size 4194304 \
--pbkdf argon2id \ --pbkdf argon2id \
--sector-size 512 \ --sector-size 4096 \
--type luks2 \ --type luks2 \
--use-random \ --use-random \
--verbose \ --verbose \
"${LUKSFS}" "${LUKSFS}"
then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [cryptsetup --sector-size 512 ] successful. \e[0m\n" else
else cryptsetup luksFormat \
--batch-mode \
rc="$?" --cipher aes-xts-plain64 \
exec {KEYFD}<&- --iter-time 1000 \
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup --sector-size 512 ] failed. \e[0m\n" --key-file "/proc/$$/fd/${KEYFD}" \
exit "${rc}" --key-size 512 \
--label crypt_liveiso \
fi --luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 4096 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
fi fi
@@ -144,11 +127,11 @@ declare -i SQUASH_FS="${VAR_ROOTFS_SIZE}"
if (( LUKS_FREE >= SQUASH_FS )); then if (( LUKS_FREE >= SQUASH_FS )); then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ LUKS_FREE '%s' >= SQUASH_FS '%s' \e[0m\n" "${LUKS_FREE}" "${SQUASH_FS}" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ LUKS_FREE '%s' >= SQUASH_FS '%s' \e[0m\n" "${LUKS_FREE}" "${SQUASH_FS}"
else else
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ LUKS_FREE '%s' <= SQUASH_FS '%s' \e[0m\n" "${LUKS_FREE}" "${SQUASH_FS}" >&2 printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ LUKS_FREE '%s' <= SQUASH_FS '%s' \e[0m\n" "${LUKS_FREE}" "${SQUASH_FS}" >&2
exit 42 exit 42
fi fi

5
docs/DOCUMENTATION.md
View File

@@ -47,7 +47,10 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
This option creates a boot menu entry that starts the forthcoming 'CISS.debian.installer', which is executed This option creates a boot menu entry that starts the forthcoming 'CISS.debian.installer', which is executed
once the system has successfully booted up. once the system has successfully booted up.
--contact, -c\ e[0m --cicd
This option MUST be set if the CDLB is executed inside a Gitea Action Runner.
--contact, -c
Show author contact information. Show author contact information.
--control <STRING> --control <STRING>

12
lib/lib_arg_parser.sh
View File

@@ -157,6 +157,18 @@ arg_parser() {
fi fi
;; ;;
--cicd)
if [[ -n "${2-}" && "${2}" != -* ]]; then
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91m❌ Error: --cicd MUST NOT be followed by an argument.\e[0m\n" >&2
read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_ARG_MSMTCH}"
fi
# shellcheck disable=SC2034
declare -g VAR_GITEA_RUNNER="true"
shift 1
;;
--control) --control)
if [[ -n "${2-}" ]]; then if [[ -n "${2-}" ]]; then
# shellcheck disable=SC2034 # shellcheck disable=SC2034

7
lib/lib_usage.sh
View File

@@ -39,7 +39,7 @@ usage() {
# shellcheck disable=SC2155 # shellcheck disable=SC2155
declare var_header=$(center "CDLB(1) CISS.debian.live.builder CDLB(1)" "${var_cols}") declare var_header=$(center "CDLB(1) CISS.debian.live.builder CDLB(1)" "${var_cols}")
# shellcheck disable=SC2155 # shellcheck disable=SC2155
declare var_footer=$(center "V8.13.544.2025.12.05 2025-11-06 CDLB(1)" "${var_cols}") declare var_footer=$(center "V8.13.544.2025.12.05 2025-12-05 CDLB(1)" "${var_cols}")
{ {
echo -e "\e[1;97m${var_header}\e[0m" echo -e "\e[1;97m${var_header}\e[0m"
@@ -77,7 +77,10 @@ usage() {
echo " This option creates a boot menu entry that starts the forthcoming 'CISS.debian.installer', which is executed" echo " This option creates a boot menu entry that starts the forthcoming 'CISS.debian.installer', which is executed"
echo " once the system has successfully booted up." echo " once the system has successfully booted up."
echo echo
echo -e "\e[97m --contact, -c\ e[0m" echo -e "\e[97m --cicd\e[0m"
echo " This option MUST be set if the CDLB is executed inside a Gitea Action Runner."
echo
echo -e "\e[97m --contact, -c\e[0m"
echo " Show author contact information." echo " Show author contact information."
echo echo
echo -e "\e[97m --control <STRING>\e[0m" echo -e "\e[97m --control <STRING>\e[0m"

1
var/global.var.sh
View File

@@ -29,6 +29,7 @@ touch "${LOG_ERROR}" && chmod 0600 "${LOG_ERROR}"
declare -g __umask="" declare -g __umask=""
declare -g VAR_ARCHITECTURE="" declare -g VAR_ARCHITECTURE=""
declare -g VAR_CDLB_INSIDE_RUNNER="${VAR_CDLB_INSIDE_RUNNER:-false}" declare -g VAR_CDLB_INSIDE_RUNNER="${VAR_CDLB_INSIDE_RUNNER:-false}"
declare -g VAR_GITEA_RUNNER="false"
declare -g VAR_HANDLER_BUILD_DIR="" declare -g VAR_HANDLER_BUILD_DIR=""
declare -g VAR_HANDLER_CDI="false" declare -g VAR_HANDLER_CDI="false"
declare -g VAR_HANDLER_NETCUP_IPV6="false" declare -g VAR_HANDLER_NETCUP_IPV6="false"