msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.392.2025.11.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m22s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-07 19:30:16 +01:00
parent 2692dc4170
commit 1068aa2004
5 changed files with 74 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/generate_PRIVATE_trixie_1.yaml
View File

@@ -150,7 +150,7 @@ jobs:
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits. - name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
run: | run: |
#set +x set +x
set -euo pipefail set -euo pipefail
git config user.name "Marc S. Weidner BOT" git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev" git config user.email "msw+bot@coresecret.dev"

6
ciss_live_builder.sh
View File

@@ -110,7 +110,13 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${
declare -grx VAR_SETUP="true" declare -grx VAR_SETUP="true"
### SECURING SECRETS ARTIFACTS. ### SECURING SECRETS ARTIFACTS.
test ! -L "${VAR_TMP_SECRET}" || {
. ./var/global.var.sh
printf "\e[91m❌ Refusing symlink: '%s'! Bye... \e[0m\n" "${VAR_TMP_SECRET}" >&2
exit "${ERR_SECRETSSYM}"
}
find "${VAR_TMP_SECRET}" -type f -exec chmod 0400 {} + find "${VAR_TMP_SECRET}" -type f -exec chmod 0400 {} +
find "${VAR_TMP_SECRET}" -type f -exec chown root:root {} +
### SOURCING VARIABLES. ### SOURCING VARIABLES.
[[ "${VAR_SETUP}" == true ]] && { [[ "${VAR_SETUP}" == true ]] && {

2
lib/lib_lb_config_write_trixie.sh
View File

@@ -79,7 +79,7 @@ lb_config_write_trixie() {
--linux-packages linux-image \ --linux-packages linux-image \
--loadlin true \ --loadlin true \
--memtest memtest86+ \ --memtest memtest86+ \
--mirror-binary 'https://deb/debian.org/debian/' \ --mirror-binary 'https://deb.debian.org/debian/' \
--mirror-binary-security 'https://security.debian.org/' \ --mirror-binary-security 'https://security.debian.org/' \
--mirror-bootstrap 'https://deb.debian.org/debian/' \ --mirror-bootstrap 'https://deb.debian.org/debian/' \
--mirror-chroot 'https://deb.debian.org/debian/' \ --mirror-chroot 'https://deb.debian.org/debian/' \

47
var/error.var.sh Normal file
View File

@@ -0,0 +1,47 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
# shellcheck disable=SC2034
### Definition of error codes.
declare -gir ERR_UNCRITICAL=127
declare -gir ERR_NOT_USER_0=128 # Not running as root
declare -gir ERR_FLOCK_WRTG=129 # Cannot open lockfile for writing
declare -gir ERR_FLOCK_COLL=130 # The Script is already running
declare -gir ERR_GUARD_SRCE=131 # Module tried to load twice.
declare -gir ERR_GPG__AGENT=132 # GNUPG agent error.
declare -gir ERR_SPLASH_PNG=200 # --change-splash MUST be 'club' or 'hexagon'
declare -gir ERR_CONTROL_CT=201 # --control MUST be an integer between '1' and '65535'
declare -gir ERR_RENICE_PRI=202 # --renice-priority MUST an integer between '-19' and '19'
declare -gir ERR_REIONICE_P=203 # --reionice-priority no values provided.
declare -gir ERR_REIO_P_VAL=204 # --reionice-priority PRIORITY MUST be an integer between '0' and '7'
declare -gir ERR_REIO_C_VAL=205 # --reionice-priority CLASS MUST be an integer between '1' and '3'
declare -gir ERR_MISS_PWD_P=206 # --root-password-file missing password file path argument
declare -gir ERR_MISS_PWD_F=207 # --root-password-file password file does not exist
declare -gir ERR_OWNS_PWD_F=208 # --root-password-file failed to set owner root:root on the PWD file
declare -gir ERR_RGHT_PWD_F=209 # --root-password-file failed to set permissions 0400 on the PWD file
declare -gir ERR_PASS_LENGH=210 # --root-password-file password MUST be between 20 and 64 characters
declare -gir ERR_PASS_PLICY=211 # --root-password-file password MUST NOT contain double quotes
declare -gir ERR__SSH__PORT=212 # --ssh-port MUST be an integer between '1' and '65535'
declare -gir ERR_ARG_MSMTCH=213 # Wrong Number of optional Arguments provided
declare -gir ERR_NOTABSPATH=252 # Not an absolute path
declare -gir ERR_INVLD_CHAR=253 # Invalid Character
declare -gir ERR_UNBOUNDVAR=254 # Unbound Variable
declare -gir ERR_UNSPPTBASH=255 # Unsupported Bash
### Definition of error trap vars
declare -g ERRCODE="" # = $? = $1 = ERRCODE
declare -g ERRSCRT="" # = ${BASH_SOURCE[0]} = $2 = ERRSCRT
declare -g ERRLINE="" # = ${LINENO} = $3 = ERRLINE
declare -g ERRFUNC="" # = ${FUNCNAME[0]:-main} = $4 = ERRFUNC
declare -g ERRCMMD="" # = ${$BASH_COMMAND} = $5 = ERRCMMD
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

18
var/global.var.sh
View File

@@ -11,8 +11,12 @@
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
# shellcheck disable=SC2155,SC2034 # shellcheck disable=SC2155,SC2034
if declare -F guard_sourcing >/dev/null 2>&1; then
guard_sourcing || return "${ERR_GUARD_SRCE}" guard_sourcing || return "${ERR_GUARD_SRCE}"
fi
### Definition of MUST set global variables. ### Definition of MUST set global variables.
declare -gr VAR_KERNEL_INF="$(mktemp)" declare -gr VAR_KERNEL_INF="$(mktemp)"
declare -gr VAR_KERNEL_SRT="$(mktemp)" declare -gr VAR_KERNEL_SRT="$(mktemp)"
@@ -55,6 +59,19 @@ declare -gx VAR_SIGNING_KEY_PASS=""
declare -gx VAR_SIGNING_KEY_PASSFILE="" declare -gx VAR_SIGNING_KEY_PASSFILE=""
declare -gx VAR_SIGNING_KEY="" declare -gx VAR_SIGNING_KEY=""
### Definition of color variables.
declare -grx BLA='\e[90m' # Beautiful black for the techno fans.
declare -grx RED='\e[91m' # Bright red.
declare -grx GRE='\e[92m' # Vibrant green.
declare -grx YEL='\e[93m' # Fancy yellow
declare -grx BLU='\e[94m' # Organic blue.
declare -grx MAG='\e[95m' # Super gay magenta.
declare -grx CYA='\e[96m' # Lovely cyan.
declare -grx WHI='\e[97m' # Fantastic color mix.
declare -grx RES='\e[0m' # Forget everything.
declare -grx TAB='\t' # Insert a fresh tabulator.
declare -grx NL='\n' # Print a crystal clear new line.
### Definition of error codes. ### Definition of error codes.
declare -gir ERR_UNCRITICAL=127 declare -gir ERR_UNCRITICAL=127
declare -gir ERR_NOT_USER_0=128 # Not running as root declare -gir ERR_NOT_USER_0=128 # Not running as root
@@ -76,6 +93,7 @@ declare -gir ERR_PASS_LENGH=210 # --root-password-file password MUST be between
declare -gir ERR_PASS_PLICY=211 # --root-password-file password MUST NOT contain double quotes declare -gir ERR_PASS_PLICY=211 # --root-password-file password MUST NOT contain double quotes
declare -gir ERR__SSH__PORT=212 # --ssh-port MUST be an integer between '1' and '65535' declare -gir ERR__SSH__PORT=212 # --ssh-port MUST be an integer between '1' and '65535'
declare -gir ERR_ARG_MSMTCH=213 # Wrong Number of optional Arguments provided declare -gir ERR_ARG_MSMTCH=213 # Wrong Number of optional Arguments provided
declare -gir ERR_SECRETSSYM=251 # VAR_TMP_SECRET is a symlink.
declare -gir ERR_NOTABSPATH=252 # Not an absolute path declare -gir ERR_NOTABSPATH=252 # Not an absolute path
declare -gir ERR_INVLD_CHAR=253 # Invalid Character declare -gir ERR_INVLD_CHAR=253 # Invalid Character
declare -gir ERR_UNBOUNDVAR=254 # Unbound Variable declare -gir ERR_UNBOUNDVAR=254 # Unbound Variable