diff --git a/README.md b/README.md index 65caec2..952ac33 100644 --- a/README.md +++ b/README.md @@ -389,10 +389,26 @@ apply or revert these controls. set -o errexit # Exit script when a command exits with non-zero status (same as "set -e"). set -o errtrace # Inherit ERR traps in subshells (same as "set -E"). set -o functrace # Inherit DEBUG and RETURN traps in subshells (same as "set -T"). +set -o ignoreeof # An interactive shell will not exit upon reading EOF. set -o nounset # Exit script on use of an undefined variable (same as "set -u"). set -o pipefail # Return the exit status of the last failed command in a pipeline. set -o noclobber # Prevent overwriting files via redirection (same as "set -C"). ``` + +* The following `shopt` options are applied at the beginning of the script (see + [Bash Manual, The Shopt Builtin](https://www.gnu.org/software/bash/manual/bash.html#The-Shopt-Builtin)): +````bash +shopt -s failglob # If set, patterns that fail to match filenames during filename expansion result in an expansion error. +shopt -s inherit_errexit # If set, command substitution inherits the value of the errexit option instead of unsetting it in the + # subshell environment. +shopt -s lastpipe # If set, and job control is not active, the shell runs the last command of a pipeline not executed in + # the background in the current shell environment. +shopt -u expand_aliases # If set, aliases are expanded as described. This option is enabled by default for interactive shells. +shopt -u dotglob # If set, Bash includes filenames beginning with a '.' in the results of filename expansion. +shopt -u extglob # If set, enable the extended pattern matching features. +shopt -u nullglob # If set, filename expansion patterns that match no files expand to nothing and are removed. +```` + * **Rationale**: These options enforce strict error checking and handling, reducing silent failures and ensuring predictable script behavior. @@ -435,7 +451,8 @@ predictable script behavior. --reionice-priority 1 2 \ --root-password-file /opt/gitea/CISS.debian.live.builder/password.txt \ --ssh-port 4242 \ - --ssh-pubkey /opt/gitea/CISS.debian.live.builder + --ssh-pubkey /opt/gitea/CISS.debian.live.builder \ + --trixie ```` 4. Locate your ISO in the `--build-directory`. 5. Boot from the ISO and login to the live image via the console, or the multi-layer secured **coresecret** SSH tunnel. diff --git a/makefile b/makefile index 8064254..b14351f 100644 --- a/makefile +++ b/makefile @@ -23,7 +23,7 @@ SHELL := /usr/bin/bash ### Timestamp at parse time (UTC); can be overridden: TIMESTAMP ?= $(shell date -u +%Y-%m-%dT%H-%M-%S) -### Core parameters (safe defaults; override in config.mk or via CLI): +### Core parameters (safe defaults; override in config.mk, rename config.mk.sample to config.mk and apply the remaining values): ARCH ?= amd64 AUTOBUILD ?= 6.12.41+deb13-amd64 CONTROL ?= $(TIMESTAMP) diff --git a/var/bash.var.sh b/var/bash.var.sh index cebdfc8..3a0d033 100644 --- a/var/bash.var.sh +++ b/var/bash.var.sh @@ -24,7 +24,7 @@ set -o pipefail # Makes pipelines return the exit status of the last co ### For all options see https://www.gnu.org/software/bash/manual/bash.html#The-Shopt-Builtin shopt -s failglob # If set, patterns that fail to match filenames during filename expansion result in an expansion error. shopt -s inherit_errexit # If set, command substitution inherits the value of the errexit option instead of unsetting it in the - # subshell environment. This option is enabled when POSIX mode is enabled. + # subshell environment. shopt -s lastpipe # If set, and job control is not active, the shell runs the last command of a pipeline not executed in # the background in the current shell environment. shopt -u expand_aliases # If set, aliases are expanded as described. This option is enabled by default for interactive shells.