msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.392.2025.11.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 51s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-08 00:42:29 +01:00
parent f2ae3796ee
commit 0af440b9f0
4 changed files with 22 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.gitea/workflows/generate_PRIVATE_trixie_0.yaml
View File

@@ -271,14 +271,14 @@ jobs:
run: | run: |
set -euo pipefail set -euo pipefail
if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!" echo "❌ There must be exactly one .iso file in the directory!"
exit 1 exit 1
else else
VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
@@ -300,14 +300,14 @@ jobs:
- name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file. - name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
run: | run: |
if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!" echo "❌ There must be exactly one .iso file in the directory!"
exit 1 exit 1
else else
VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"

8
.gitea/workflows/generate_PRIVATE_trixie_1.yaml
View File

@@ -268,14 +268,14 @@ jobs:
run: | run: |
set -euo pipefail set -euo pipefail
if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!" echo "❌ There must be exactly one .iso file in the directory!"
exit 1 exit 1
else else
VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
@@ -297,14 +297,14 @@ jobs:
- name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file. - name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
run: | run: |
if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!" echo "❌ There must be exactly one .iso file in the directory!"
exit 1 exit 1
else else
VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"

8
.gitea/workflows/generate_PUBLIC_iso.yaml
View File

@@ -241,14 +241,14 @@ jobs:
run: | run: |
set -euo pipefail set -euo pipefail
if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!" echo "❌ There must be exactly one .iso file in the directory!"
exit 1 exit 1
else else
VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
@@ -270,14 +270,14 @@ jobs:
- name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file. - name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
run: | run: |
if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!" echo "❌ There must be exactly one .iso file in the directory!"
exit 1 exit 1
else else
VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"

19
config/includes.chroot/usr/lib/live/boot/0030-verify-checksums
View File

@@ -83,41 +83,42 @@ Verify_checksums() {
CDLB_SCRIPT="0030-verify-checksums" CDLB_SCRIPT="0030-verify-checksums"
CDLB_SHA="sha512" CDLB_SHA="sha512"
CDLB_CMD="" CDLB_COMPUTED="" CDLB_EXPECTED="" CDLB_HASHFILE="" CDLB_ITEM="" CDLB_SIG_FILE="" CDLB_CMD="" CDLB_COMPUTED="" CDLB_EXPECTED="" CDLB_HASHFILE="" CDLB_SIG_FILE=""
CDLB_HASHFILE="${CDLB_SCRIPT}.${CDLB_SHA}" CDLB_HASHFILE="${CDLB_SCRIPT}.${CDLB_SHA}"
CDLB_SIG_FILE="${CDLB_HASHFILE}.sig" CDLB_SIG_FILE="${CDLB_HASHFILE}.sig"
CDLB_CMD="/bin/${CDLB_ITEM}sum" CDLB_CMD="/bin/sha512sum"
printf "Verifying signature of: [%s]\n" "${CDLB_HASHFILE}" printf "Verifying signature of: [%s]\n" "${CDLB_HASHFILE}"
if ! /bin/gpgv --keyring 0030-verify-checksums_public.gpg "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then if ! /bin/gpgv --keyring 0030-verify-checksums_public.gpg "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
printf "Signature verification failed for: [%s]\n" "${CDLB_HASHFILE}" printf "[PANIC] Signature verification failed for: [0030-verify-checksums.sha512]\n"
sleep 16 sleep 16
# TODO panic "[PANIC] Signature verification failed for: [0030-verify-checksums.sha512]"
else else
printf "Signature verification successful for: [%s]\n" "${CDLB_HASHFILE}" printf "Signature verification successful for: [0030-verify-checksums.sha512]\n"
fi fi
printf "Recomputing hash for: [%s]\n" "${CDLB_SHA}" printf "Recomputing hash for: [sha512]\n"
CDLB_COMPUTED=$("${CDLB_CMD}" "${CDLB_SCRIPT}" | { read -r first _ || exit 1; printf '%s\n' "${first}"; }) CDLB_COMPUTED=$("${CDLB_CMD}" "${CDLB_SCRIPT}" | { read -r first _ || exit 1; printf '%s\n' "${first}"; })
IFS=' ' read -r CDLB_EXPECTED _ < "${CDLB_HASHFILE}" IFS=' ' read -r CDLB_EXPECTED _ < "${CDLB_HASHFILE}"
if [ "${CDLB_COMPUTED}" != "${CDLB_EXPECTED}" ]; then if [ "${CDLB_COMPUTED}" != "${CDLB_EXPECTED}" ]; then
printf "Recomputed hash mismatch for: [sha512] failed \n" printf "[PANIC] Recomputing hash for: [sha512] failed.\n"
sleep 16 sleep 16
panic "Recomputed hash mismatch for: [sha512] failed." # TODO panic "[PANIC] Recomputing hash for: [sha512] failed."
fi fi
printf "Hash verification successful for: [%s]\n" "${CDLB_SHA}" printf "Hash verification successful for: [sha512]\n"
printf "Verifying integrity of '0030-verify-checksums' successfully completed. Proceeding." printf "Verification of authenticity and integrity of '0030-verify-checksums' successfully completed. Proceeding."
log_end_msg log_end_msg
printf "\n" printf "\n"