msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.032.2025.10.03
Some checks failed
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m2s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m39s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-03 18:39:15 +01:00
parent ec171888f7
commit 0f8b894e40
91 changed files with 333 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/lib_arg_parser.sh
View File

@@ -95,6 +95,7 @@ arg_parser() {
--architecture)
if [[ "${2}" == "amd64" || "${2}" == "arm64" ]]; then
# shellcheck disable=SC2034
declare -gx VAR_ARCHITECTURE="${2}"
shift 2
else
@@ -124,12 +125,14 @@ arg_parser() {
read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_ARG_MSMTCH}"
fi
declare -g VAR_HANDLER_CDI=true
# shellcheck disable=SC2034
declare -g VAR_HANDLER_CDI="true"
shift 1
;;
--change-splash )
if [[ "${2}" == "club" || "${2}" == "hexagon" ]]; then
# shellcheck disable=SC2034
declare -g VAR_HANDLER_SPLASH="${2}"
shift 2
else
@@ -143,6 +146,7 @@ arg_parser() {
--control)
if [[ -n "${2-}" ]]; then
# shellcheck disable=SC2034
declare -g VAR_HANDLER_ISO_COUNTER="${2}"
shift 2
else
@@ -171,6 +175,7 @@ arg_parser() {
read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_ARG_MSMTCH}"
fi
# shellcheck disable=SC2034
declare -gi VAR_HANDLER_DHCP=1
shift 1
;;
@@ -180,6 +185,7 @@ arg_parser() {
declare -i count=0
shift
while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do
# shellcheck disable=SC2034
declare -g ARY_HANDLER_JUMPHOST+=("$1")
count=$((count + 1))
shift
@@ -202,6 +208,7 @@ arg_parser() {
read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
exit "${ERR_ARG_MSMTCH}"
fi
# shellcheck disable=SC2034
declare -gi VAR_HANDLER_STA=1
shift 1
;;
@@ -209,10 +216,12 @@ arg_parser() {
--provider-netcup-ipv6)
if [[ -n "${2-}" && "${2}" != -* ]]; then
declare -i count=0
declare -g VAR_HANDLER_NETCUP_IPV6=true
# shellcheck disable=SC2034
declare -g VAR_HANDLER_NETCUP_IPV6="true"
shift
while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 1 ]]; do
declare cleaned="${1//[\[\]]/}"
# shellcheck disable=SC2034
declare -g ARY_HANDLER_NETCUP_IPV6+=("${cleaned}")
count=$((count + 1))
shift
@@ -230,6 +239,7 @@ arg_parser() {
--renice-priority)
if [[ -n ${2-} && ${2} =~ ^-?[0-9]+$ && ${2} -ge -19 && ${2} -le 19 ]]; then
# shellcheck disable=SC2034
VAR_HANDLER_PRIORITY="$2"
shift 2
else
@@ -249,6 +259,7 @@ arg_parser() {
exit "${ERR_REIONICE_P}"
else
if [[ "${2}" =~ ^[1-3]$ ]]; then
# shellcheck disable=SC2034
VAR_REIONICE_CLASS="${2}"
if [[ -z "${3-}" ]]; then
:
@@ -359,6 +370,7 @@ arg_parser() {
hash_temp=$(mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608 "${plaintext_pw}")
[[ "${VAR_EARLY_DEBUG}" == "true" ]] && set -x # Turn on tracing again
# shellcheck disable=SC2034
declare -g VAR_HASHED_PWD="${hash_temp}"
unset hash_temp plaintext_pw
@@ -375,6 +387,7 @@ arg_parser() {
--ssh-port)
if [[ -n "${2-}" && "${2}" =~ ^-?[0-9]+$ && "${2}" -ge 1 && "${2}" -le 65535 ]]; then
# shellcheck disable=SC2034
declare -gi VAR_SSHPORT="${2}"
shift 2
else
@@ -385,12 +398,20 @@ arg_parser() {
fi
;;
--sshfp)
# shellcheck disable=SC2034
declare -g VAR_SSHFP="true"
shift 1
;;
--ssh-pubkey)
# shellcheck disable=SC2034
declare -g VAR_SSHPUBKEY="${2}"
shift 2
;;
--trixie)
# shellcheck disable=SC2034
declare -g VAR_SUITE="trixie"
shift 1
;;

16
lib/lib_hardening_ultra.sh
View File

@@ -166,7 +166,23 @@ hardening_ultra() {
' "${VAR_HANDLER_BUILD_DIR}/config/package-lists/live.list.chroot" > temp && mv temp "${VAR_HANDLER_BUILD_DIR}/config/package-lists/live.list.chroot"
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/package-lists done.\e[0m\n"
### Updating SSH Keys, Ports.
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Updating SSH Keys, Ports ... \e[0m\n"
### Check for static SSHFP key material via Gitea Actions Runner Secrets injection.
if [[ "${VAR_SSHFP}" == "true" ]]; then
rm -f "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9930_hardening_ssh.chroot"
else
rm -f "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9935_hardening_ssh.chroot.tmpl"
fi
if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh" ]]; then
mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh"

4
lib/lib_usage.sh
View File

@@ -35,13 +35,13 @@ usage() {
# shellcheck disable=SC2155
declare var_header=$(center "CLB(1) CISS.debian.live.builder CLB(1)" "${var_cols}")
# shellcheck disable=SC2155
declare var_footer=$(center "V8.13.016.2025.09.28 2025-08-11 CLB(1)" "${var_cols}")
declare var_footer=$(center "V8.13.032.2025.10.03 2025-08-11 CLB(1)" "${var_cols}")
{
echo -e "\e[1;97m${var_header}\e[0m"
echo
echo -e "\e[92mCISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m"
echo -e "\e[92mMaster V8.13.016.2025.09.28\e[0m"
echo -e "\e[92mMaster V8.13.032.2025.10.03\e[0m"
echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m"
echo
echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"