V8.02.768.2025.06.01

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.gitea/workflows/generate-iso.yaml

@@ -126,19 +126,23 @@ jobs:
       - name: Preparing the build environment.
         run: |
           mkdir -p opt/config
-          mkdir -p op/livebuild
+          mkdir -p opt/livebuild
+
           touch opt/config/password.txt && chmod 0600 opt/config/password.txt
           touch opt/config/authorized_keys && chmod 0600 opt/config/authorized_keys
+
           echo "${{ secrets.CISS_DLB_ROOT_PWD }}" >| opt/config/password.txt
           echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY }}" >| opt/config/authorized_keys
-          mkdir -p opt/livebuild/chroot/dev
+
-          mknod opt/livebuild/chroot/dev/null c 1 3
+          #mkdir -p opt/livebuild/chroot/dev
-          chmod 666 opt/livebuild/chroot/dev/null
+          #mknod opt/livebuild/chroot/dev/null c 1 3
-          mkdir -p opt/livebuild/config/hooks/normal
+          #chmod 666 opt/livebuild/chroot/dev/null
-          touch opt/livebuild/config/hooks/normal/0000-fix-dev.chroot
+
-          chmod 0775 opt/livebuild/config/hooks/normal/0000-fix-dev.chroot
+          mkdir -p config/hooks/normal
-          printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'opt/livebuild/config/hooks/normal/0000-fix-dev.chroot'. \e[0m\n"
+          touch config/hooks/normal/0000-fix-dev.chroot
-          cat << 'EOF' >| opt/livebuild/config/hooks/normal/0000-fix-dev.chroot
+          chmod 0775 config/hooks/normal/0000-fix-dev.chroot
+          printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'config/hooks/normal/0000-fix-dev.chroot'. \e[0m\n"
+          cat << 'EOF' >| config/hooks/normal/0000-fix-dev.chroot
           #!/bin/bash
           # SPDX-Version: 3.0
           # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -159,14 +163,16 @@ jobs:
           fi
           chmod 666 /dev/null
           EOF
-          printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'opt/livebuild/config/hooks/normal/0000-fix-dev.chroot'. \e[0m\n"
+          printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'config/hooks/normal/0000-fix-dev.chroot'. \e[0m\n"
-          ls -l opt/livebuild/config/hooks/normal/0000-fix-dev.chroot
+          ls -l config/hooks/normal/0000-fix-dev.chroot
+
           ###
-          mkdir -p opt/livebuild/config/hooks/early
+
-          touch opt/livebuild/config/hooks/early/0000-fix-dev
+          mkdir -p config/hooks/early
-          chmod 0775 opt/livebuild/config/hooks/early/0000-fix-dev
+          touch config/hooks/early/0000-fix-dev
-          printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 'Creating opt/livebuild/config/hooks/early/0000-fix-dev'. \e[0m\n"
+          chmod 0775 config/hooks/early/0000-fix-dev
-          cat << 'EOF' >| opt/livebuild/config/hooks/early/0000-fix-dev
+          printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 'Creating config/hooks/early/0000-fix-dev'. \e[0m\n"
+          cat << 'EOF' >| config/hooks/early/0000-fix-dev
           #!/bin/bash
           # SPDX-Version: 3.0
           # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -189,8 +195,8 @@ jobs:
           fi
           chmod 666 "${CHROOT}/dev/null"
           EOF
-          printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'opt/livebuild/config/hooks/early/0000-fix-dev'. \e[0m\n"
+          printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ Creating 'config/hooks/early/0000-fix-dev'. \e[0m\n"
-          ls -l opt/livebuild/config/hooks/early/0000-fix-dev
+          ls -l config/hooks/early/0000-fix-dev
           ###
 
       - name: Starting CISS.debian.live.builder. This may take a while ...
@@ -201,7 +207,7 @@ jobs:
           ./ciss_live_builder.sh \
             --autobuild=6.12.22+bpo-amd64 \
             --architecture amd64 \
-            --build-directory opt/livebuild \
+            --build-directory /opt/livebuild \
             --control "${timestamp}" \
             --debug \
             --dhcp-centurion \
@@ -210,11 +216,11 @@ jobs:
             --root-password-file opt/config/password.txt \
             --ssh-port 42842 \
             --ssh-pubkey opt/config
-          if [[ $(ls opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
+          if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
             echo "❌ There must be exactly one .iso file in the directory!"
             exit 1
           else
-            VAR_ISO_FILE_PATH=$(ls opt/livebuild/*.iso)
+            VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
             VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
             echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
           fi

lib/lib_hardening_ultra.sh

@@ -54,6 +54,17 @@ hardening_ultra() {
   fi
   printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/hooks/live done.\e[0m\n"
 
+  if [[ -d "${VAR_WORKDIR}/config/hooks/early" ]]; then
+    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/hooks/early ... \e[0m\n"
+    if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/hooks/early" ]]; then
+      mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/hooks/early"
+      cp -af ./config/hooks/early "${VAR_HANDLER_BUILD_DIR}/config/hooks"
+    else
+      cp -af ./config/hooks/early "${VAR_HANDLER_BUILD_DIR}/config/hooks"
+    fi
+    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/hooks/early done.\e[0m\n"
+  fi
+
   printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/includes.chroot ... \e[0m\n"
   if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" ]]; then
     mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot"