V8.02.512.2025.05.30

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-05-30 07:43:32 +02:00
parent b2282d3475
commit 100024b6bb
3 changed files with 135 additions and 3 deletions
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -0,0 +1,28 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+set -C -e -u -o pipefail
+
+printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
+# sleep 1
+
+[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
+printf "CISS.debian.installer Master V8.02.512.2025.05.30 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+
+if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
+  chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
+  0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
+fi
+
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successful applied. \e[0m\n" "${0}"
+# sleep 1
+exit 0
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/scripts/live-boot/0030-verify-checksums
+++ b/scripts/live-boot/0030-verify-checksums
@@ -0,0 +1,104 @@
+#!/bin/sh
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Changed the version of https://salsa.debian.org/live-team/live-boot 'components/0030-verify-checksums'
+### In case of successful verification of one of the offered checksums, proceed with booting, else panic.
+
+#######################################
+# Live build ISO with the modified checksum verification script for continuing the boot process.
+# Globals:
+#   LIVE_BOOT_CMDLINE
+#   LIVE_VERIFY_CHECKSUMS
+#   LIVE_VERIFY_CHECKSUMS_DIGESTS
+#   _CHECKSUM
+#   _CHECKSUMS
+#   _DIGEST
+#   _MOUNTPOINT
+#   _PARAMETER
+#   _RETURN
+#   _TTY
+# Arguments:
+#   $1: ${_PARAMETER}
+# Returns:
+#   0 : Successful Verification
+#######################################
+Verify_checksums() {
+  for _PARAMETER in ${LIVE_BOOT_CMDLINE}; do
+    case "${_PARAMETER}" in
+      live-boot.verify-checksums=* | verify-checksums=*)
+        LIVE_VERIFY_CHECKSUMS="true"
+        LIVE_VERIFY_CHECKSUMS_DIGESTS="${_PARAMETER#*verify-checksums=}"
+        ;;
+
+      live-boot.verify-checksums | verify-checksums)
+        LIVE_VERIFY_CHECKSUMS="true"
+        ;;
+    esac
+  done
+
+  case "${LIVE_VERIFY_CHECKSUMS}" in
+    true) ;;
+
+    *)
+      return 0
+      ;;
+  esac
+
+  _MOUNTPOINT="${1}"
+
+  LIVE_VERIFY_CHECKSUMS_DIGESTS="${LIVE_VERIFY_CHECKSUMS_DIGESTS:-sha512 sha384 sha256}"
+  _TTY="/dev/tty8"
+
+  log_begin_msg "Verifying checksums"
+
+  # shellcheck disable=SC2164
+  cd "${_MOUNTPOINT}"
+
+  for _DIGEST in $(echo "${LIVE_VERIFY_CHECKSUMS_DIGESTS}" | sed -e 's|,| |g'); do
+    # shellcheck disable=SC2060
+    _CHECKSUMS="$(echo "${_DIGEST}" | tr [a-z] [A-Z])SUMS ${_DIGEST}sum.txt"
+
+    for _CHECKSUM in ${_CHECKSUMS}; do
+      if [ -e "${_CHECKSUM}" ]; then
+        echo "Found ${_CHECKSUM}..." > "${_TTY}"
+
+        if [ -e "/bin/${_DIGEST}sum" ]; then
+          echo "Checking ${_CHECKSUM}..." > "${_TTY}"
+
+          # Verify checksums
+          grep -v '^#' "${_CHECKSUM}" | /bin/"${_DIGEST}"sum -c > "${_TTY}"
+          _RETURN="${?}"
+
+          # Stop after the first verification
+          # break 2
+        else
+          echo "Not found /bin/${_DIGEST}sum..." > "${_TTY}"
+        fi
+      fi
+    done
+  done
+
+  log_end_msg
+
+  case "${_RETURN}" in
+    0)
+      log_success_msg "Verification sha512 sha384 sha256 successful, continuing booting in 10 seconds."
+      sleep 10
+      return 0
+      ;;
+
+    *)
+      panic "Verification failed, $(basename ${_TTY}) for more information."
+      ;;
+  esac
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh