V8.02.768.2025.06.01

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-01 19:09:04 +02:00
parent f98086a67d
commit 4790e545ea
2 changed files with 38 additions and 21 deletions
--- a/.gitea/workflows/generate-iso.yaml
+++ b/.gitea/workflows/generate-iso.yaml
@@ -126,19 +126,23 @@ jobs:
      - name: Preparing the build environment.
        run: |
          mkdir -p opt/config
-          mkdir -p op/livebuild
+          mkdir -p opt/livebuild
+
          touch opt/config/password.txt && chmod 0600 opt/config/password.txt
          touch opt/config/authorized_keys && chmod 0600 opt/config/authorized_keys
+
          echo "${{ secrets.CISS_DLB_ROOT_PWD }}" >| opt/config/password.txt
          echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY }}" >| opt/config/authorized_keys
-          mkdir -p opt/livebuild/chroot/dev
-          mknod opt/livebuild/chroot/dev/null c 1 3
-          chmod 666 opt/livebuild/chroot/dev/null
-          mkdir -p opt/livebuild/config/hooks/normal
-          touch opt/livebuild/config/hooks/normal/0000-fix-dev.chroot
-          chmod 0775 opt/livebuild/config/hooks/normal/0000-fix-dev.chroot
-          printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'opt/livebuild/config/hooks/normal/0000-fix-dev.chroot'. \e[0m\n"
-          cat << 'EOF' >| opt/livebuild/config/hooks/normal/0000-fix-dev.chroot
+
+          #mkdir -p opt/livebuild/chroot/dev
+          #mknod opt/livebuild/chroot/dev/null c 1 3
+          #chmod 666 opt/livebuild/chroot/dev/null
+
+          mkdir -p config/hooks/normal
+          touch config/hooks/normal/0000-fix-dev.chroot
+          chmod 0775 config/hooks/normal/0000-fix-dev.chroot
+          printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'config/hooks/normal/0000-fix-dev.chroot'. \e[0m\n"
+          cat << 'EOF' >| config/hooks/normal/0000-fix-dev.chroot
          #!/bin/bash
          # SPDX-Version: 3.0
          # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -159,14 +163,16 @@ jobs:
          fi
          chmod 666 /dev/null
          EOF
-          printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'opt/livebuild/config/hooks/normal/0000-fix-dev.chroot'. \e[0m\n"
-          ls -l opt/livebuild/config/hooks/normal/0000-fix-dev.chroot
+          printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'config/hooks/normal/0000-fix-dev.chroot'. \e[0m\n"
+          ls -l config/hooks/normal/0000-fix-dev.chroot
+
          ###
-          mkdir -p opt/livebuild/config/hooks/early
-          touch opt/livebuild/config/hooks/early/0000-fix-dev
-          chmod 0775 opt/livebuild/config/hooks/early/0000-fix-dev
-          printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 'Creating opt/livebuild/config/hooks/early/0000-fix-dev'. \e[0m\n"
-          cat << 'EOF' >| opt/livebuild/config/hooks/early/0000-fix-dev
+
+          mkdir -p config/hooks/early
+          touch config/hooks/early/0000-fix-dev
+          chmod 0775 config/hooks/early/0000-fix-dev
+          printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 'Creating config/hooks/early/0000-fix-dev'. \e[0m\n"
+          cat << 'EOF' >| config/hooks/early/0000-fix-dev
          #!/bin/bash
          # SPDX-Version: 3.0
          # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -189,8 +195,8 @@ jobs:
          fi
          chmod 666 "${CHROOT}/dev/null"
          EOF
-          printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'opt/livebuild/config/hooks/early/0000-fix-dev'. \e[0m\n"
-          ls -l opt/livebuild/config/hooks/early/0000-fix-dev
+          printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'config/hooks/early/0000-fix-dev'. \e[0m\n"
+          ls -l config/hooks/early/0000-fix-dev
          ###

      - name: Starting CISS.debian.live.builder. This may take a while ...
@@ -201,7 +207,7 @@ jobs:
          ./ciss_live_builder.sh \
            --autobuild=6.12.22+bpo-amd64 \
            --architecture amd64 \
-            --build-directory opt/livebuild \
+            --build-directory /opt/livebuild \
            --control "${timestamp}" \
            --debug \
            --dhcp-centurion \
@@ -210,11 +216,11 @@ jobs:
            --root-password-file opt/config/password.txt \
            --ssh-port 42842 \
            --ssh-pubkey opt/config
-          if [[ $(ls opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
+          if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
            echo "❌ There must be exactly one .iso file in the directory!"
            exit 1
          else
-            VAR_ISO_FILE_PATH=$(ls opt/livebuild/*.iso)
+            VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
            VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
            echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
          fi
--- a/lib/lib_hardening_ultra.sh
+++ b/lib/lib_hardening_ultra.sh
@@ -54,6 +54,17 @@ hardening_ultra() {
  fi
  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/hooks/live done.\e[0m\n"

+  if [[ -d "${VAR_WORKDIR}/config/hooks/early" ]]; then
+    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/hooks/early ... \e[0m\n"
+    if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/hooks/early" ]]; then
+      mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/hooks/early"
+      cp -af ./config/hooks/early "${VAR_HANDLER_BUILD_DIR}/config/hooks"
+    else
+      cp -af ./config/hooks/early "${VAR_HANDLER_BUILD_DIR}/config/hooks"
+    fi
+    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/hooks/early done.\e[0m\n"
+  fi
+
  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/includes.chroot ... \e[0m\n"
  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" ]]; then
    mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot"