V8.13.294.2025.10.28

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-28 17:15:07 +01:00
parent ae8edb028b
commit 4614d65d7c
2 changed files with 59 additions and 28 deletions
--- a/scripts/0010_dhcp_supersede.sh
+++ b/scripts/0010_dhcp_supersede.sh
@@ -43,34 +43,34 @@ cat << 'EOF' >> "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/dhcpcd.con
 # SPDX-Security-Contact: security@coresecret.eu

 ### No Global APIPA-Fallback.
-noipv4ll
+#noipv4ll

 ### A ServerID is required by RFC2131.
-require dhcp_server_identifier
+#require dhcp_server_identifier

 ### Respect the network MTU. This is applied to DHCP routes.
-option interface_mtu
+#option interface_mtu

 ### A list of options to request from the DHCP server.
-option host_name
-option domain_name
-option domain_search
-option rapid_commit
-
-### Most distributions have NTP support.
-option ntp_servers
-
-### Ask server to update both A and PTR via FQDN (RFC 4702 semantics).
-fqdn both
-
-###-----------------------------------------------------------------------------------------------------------------------------
-### Global defaults for all interfaces.
 #option host_name
 #option domain_name
 #option domain_search
+#option rapid_commit
+
+### Most distributions have NTP support.
+#option ntp_servers

 ### Ask server to update both A and PTR via FQDN (RFC 4702 semantics).
 #fqdn both
+
+###-----------------------------------------------------------------------------------------------------------------------------
+### Global defaults for all interfaces.
+option host_name
+option domain_name
+option domain_search
+
+### Ask server to update both A and PTR via FQDN (RFC 4702 semantics).
+fqdn both
 ###-----------------------------------------------------------------------------------------------------------------------------

 ### Enforce static DNS and prevent dhcpcd from writing 'resolv.conf'.
--- a/scripts/live-boot/0030-verify-checksums
+++ b/scripts/live-boot/0030-verify-checksums
@@ -1,20 +1,23 @@
 #!/bin/sh
+# bashsupport disable=BP5007
+
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: 2025-10-28; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-License-Identifier: GPL-3.0-or-later
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Changed the version of https://salsa.debian.org/live-team/live-boot 'components/0030-verify-checksums'
+### Modified Version of the original file:
+### https://salsa.debian.org/live-team/live-boot 'components/0030-verify-checksums'
 ### In case of successful verification of one of the offered checksums, proceed with booting, else panic.

 #######################################
-# Live build ISO with the modified checksum verification script for continuing the boot process.
+# Modified checksum verification script for continuing the boot process.
 # Globals:
 #   LIVE_BOOT_CMDLINE
 #   LIVE_VERIFY_CHECKSUMS
@@ -27,30 +30,40 @@
 #   _RETURN
 #   _TTY
 # Arguments:
-#   $1: ${_PARAMETER}
+#   1: ${_PARAMETER}
 # Returns:
 #   0 : Successful Verification
 #######################################
 Verify_checksums() {
  for _PARAMETER in ${LIVE_BOOT_CMDLINE}; do
+
    case "${_PARAMETER}" in
+
      live-boot.verify-checksums=* | verify-checksums=*)
+
        LIVE_VERIFY_CHECKSUMS="true"
        LIVE_VERIFY_CHECKSUMS_DIGESTS="${_PARAMETER#*verify-checksums=}"
        ;;

      live-boot.verify-checksums | verify-checksums)
+
        LIVE_VERIFY_CHECKSUMS="true"
        ;;
+
    esac
+
  done

  case "${LIVE_VERIFY_CHECKSUMS}" in
-    true) ;;
+
+    true)
+      :
+      ;;

    *)
      return 0
      ;;
+
  esac

  _MOUNTPOINT="${1}"
@@ -63,42 +76,60 @@ Verify_checksums() {
  # shellcheck disable=SC2164
  cd "${_MOUNTPOINT}"

+  # shellcheck disable=SC2001
  for _DIGEST in $(echo "${LIVE_VERIFY_CHECKSUMS_DIGESTS}" | sed -e 's|,| |g'); do
+
    # shellcheck disable=SC2060
    _CHECKSUMS="$(echo "${_DIGEST}" | tr [a-z] [A-Z])SUMS ${_DIGEST}sum.txt"

    for _CHECKSUM in ${_CHECKSUMS}; do
+
+      # shellcheck disable=SC2292
      if [ -e "${_CHECKSUM}" ]; then
-        echo "Found ${_CHECKSUM}..." > "${_TTY}"
+
+        #echo "Found ${_CHECKSUM}..." > "${_TTY}"
+        log_begin_msg "Found ${_CHECKSUM}..."

        if [ -e "/bin/${_DIGEST}sum" ]; then
-          echo "Checking ${_CHECKSUM}..." > "${_TTY}"
+
+          #echo "Checking ${_CHECKSUM}..." > "${_TTY}"
+          log_begin_msg "Checking ${_CHECKSUM}..."

          # Verify checksums
+          # shellcheck disable=SC2312
          grep -v '^#' "${_CHECKSUM}" | /bin/"${_DIGEST}"sum -c > "${_TTY}"
          _RETURN="${?}"

          # Stop after the first verification
          # break 2
+
        else
-          echo "Not found /bin/${_DIGEST}sum..." > "${_TTY}"
+
+          #echo "Not found /bin/${_DIGEST}sum..." > "${_TTY}"
+          log_begin_msg "Not found /bin/${_DIGEST}sum...."
+
        fi
+
      fi
+
    done
+
  done

  log_end_msg

  case "${_RETURN}" in
+
    0)
-      log_success_msg "Verification sha512 sha384 sha256 successful, continuing booting in 10 seconds."
-      sleep 10
+      log_success_msg "Verification of ${_CHECKSUMS[*]} successful; continuing booting in 08 seconds."
+      sleep 8
      return 0
      ;;

    *)
-      panic "Verification failed, $(basename ${_TTY}) for more information."
+      panic "Verification failed, $(basename "${_TTY}") for more information."
      ;;
+
  esac
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh