V8.13.292.2025.10.27

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-27 06:20:43 +00:00
parent 307b2a74aa
commit 18f7afa640
41 changed files with 181 additions and 47 deletions
--- a/config/hooks/live/zzzz_ciss_pgp_signer.hook.binary
+++ b/config/hooks/live/zzzz_ciss_pgp_signer.hook.binary
@@ -0,0 +1,107 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-10-26; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+set -Ceuo pipefail
+
+### Including common functions.
+if [[ -e "${LIVE_BUILD}/scripts/build.sh" ]]; then
+  . "${LIVE_BUILD}/scripts/build.sh"
+else
+  . /usr/lib/live/build.sh
+fi
+
+### Setting static variables.
+# shellcheck disable=SC2034
+DESCRIPTION="Create binary checksums and PGP signature files."
+# shellcheck disable=SC2034
+USAGE="${PROGRAM} [--force]"
+
+### Processing arguments and configuration files.
+Init_config_data "${@}"
+
+if [[ "${LB_CHECKSUMS}" = "none" ]]; then
+	exit 0
+fi
+
+if [[ "${LB_INITRAMFS}" = "dracut-live" ]]; then
+	### The checksums will be generated by binary_iso.
+	exit 0
+fi
+
+### Requiring stage file.
+Require_stagefiles config bootstrap
+
+### Checking stage file.
+Check_stagefile
+
+### Acquire a lock file.
+Acquire_lockfile
+
+declare CHECKSUM=""
+
+for CHECKSUM in ${LB_CHECKSUMS}; do
+
+	CHECKSUMS="${CHECKSUM}sum.txt"
+
+	Echo_message "Begin creating binary ${CHECKSUMS} ..."
+
+	### Remove old checksums.
+	if [[ -f "binary/${CHECKSUMS}" ]]; then
+
+		rm -f "binary/${CHECKSUMS}"
+
+	fi
+
+	### Calculating checksums.
+	cd binary
+	find . -type f \
+		\! -path './isolinux/isolinux.bin' \
+		\! -path './boot/boot.bin' \
+		\! -path './boot/grub/stage2_eltorito' \
+		\! -path './*SUMS' \
+		\! -path './*sum.txt' \
+		\! -path './*sum.README' \
+		-print0 | LC_ALL=C sort -z | xargs -0 "${CHECKSUM}sum" >| "${CHECKSUMS}"
+
+	cat << EOF >| "${CHECKSUM}sum.README"
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-10-26; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+The file ${CHECKSUMS} contains the ${CHECKSUM} checksums of all files on this medium.
+
+You can verify them automatically with the 'verify-checksums' boot parameter, or, manually with:
+${CHECKSUM}sum -c ${CHECKSUMS}
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
+EOF
+
+	cd "${OLDPWD}"
+
+done
+
+### File list.
+cd binary
+find . | sed -e 's|^.||g' | grep "^/" | LC_ALL=C sort > ../"${LB_IMAGE_NAME}-${LB_ARCHITECTURE}.contents"
+cd "${OLDPWD}"
+
+### Creating a stage file.
+Create_stagefile
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/etc/ssh/ssh_known_hosts
+++ b/config/includes.chroot/etc/ssh/ssh_known_hosts
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-# Version Master V8.13.290.2025.10.26
+# Version Master V8.13.292.2025.10.27

 [git.coresecret.dev]:42842 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQA107AVmg1D/jnyXiqbPf38zQRl8s3c+PM1zbfpeQl
 [git.coresecret.dev]:42842 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYD9ysmMWZlejUnxu0qOzeWcIYezoFLbYdo6ffGUL5kqOBAYb+5CF4bJLUpA93XFYVF+TbrcMV1yJh6JaHFL0VU5CvgAzruCeedx0c4qUV6lWcJUGNk5K0yb9n2Wosdy6F/zTOxL9KXBt/TV+cscsen2Dahvx0ctMKgNbu+vvUcWxHf9lOkbYoF/uA/nW5CVXy5XUPVUDFUhEeKXL85+6gid5AEMfYT8aRl5YDGvo1iMBmBYOljN4S7MnRe14qbAZG0GDGvF22eHbSU2pILcFIjc2Lo/S5Ox/MJpbLAqpFlLPTKgr6F7yVwfNMSNwl05ysUOZfrQKSXzCU6+lfqKYCwemLALyG/n1ernpp7/8W/2RYoz3fd+TQyfhW++rx3yUHpYCkTv9A4LRYZYGSAWKMHSBEYq3EcATQUxQi0xpwmcR+u0uC9F9eta5Bim+sBZD6F2hgPJ5xgYT8LFm880g1YadAwBoD4TAkqSvl+jYW0VA2GH9CknKHJ36gc/X4eeUHDC1Hf/E8M5RBj4D6NuHfeVRik/ahHmoCqKQUW7VU/EBsWFsngDiLEHcV71iMtWiUddWOHwoAPHIzn6p9HTeLCxTwsPMG5UDGK/S9HUozqDXxexRtqbcFa7DWuzRvZ1bcZ2VQsaafuzKCkkc4NjC7h1wssel7q9aeYPFg+1vS6Q==
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-# Version Master V8.13.290.2025.10.26
+# Version Master V8.13.292.2025.10.27

 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-# Version Master V8.13.290.2025.10.26
+# Version Master V8.13.292.2025.10.27

 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-declare -gr VERSION="Master V8.13.290.2025.10.26"
+declare -gr VERSION="Master V8.13.292.2025.10.27"

 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh

 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.13.290.2025.10.26 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.13.292.2025.10.27 at: 10:18:37.9542
--- a/config/includes.chroot/root/.ciss/alias
+++ b/config/includes.chroot/root/.ciss/alias
@@ -236,7 +236,31 @@ sysp() {
 #######################################
 trel() {
  declare depth=${1:-3}
-  tree -C -h --dirsfirst -L "${depth}"
+
+  if ! [[ "${depth}" =~ ^[0-9]+$ ]]; then
+    echo "Error: '${depth}' is not a valid depth. Please provide a positive integer." >&2
+    return 2
+  fi
+
+  if ! command -v eza >/dev/null 2>&1; then
+    echo "Error: 'eza' is not installed." >&2
+    return 1
+  fi
+
+  (( $# > 0 )) && shift
+
+  eza --tree \
+    --level="${depth}" \
+    --group-directories-first \
+    --icons=auto \
+    --color=always \
+    --long \
+    --no-permissions \
+    --no-user \
+    --no-time \
+    "$@"
+
+  return 0
 }

 #######################################