V8.13.440.2025.11.19

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-11-23 10:40:07 +00:00
parent 8852295c83
commit 4c3a242069
11 changed files with 99 additions and 22 deletions
--- a/config/includes.chroot/etc/ciss/hashes/.keep
+++ b/config/includes.chroot/etc/ciss/hashes/.keep
@@ -0,0 +1,10 @@
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-11-23; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
--- a/config/includes.chroot/etc/ciss/signatures/.keep
+++ b/config/includes.chroot/etc/ciss/signatures/.keep
@@ -0,0 +1,10 @@
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-11-23; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
--- a/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh
+++ b/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh
@@ -28,7 +28,9 @@ esac


 ### Ensure directory structure in initramfs ------------------------------------------------------------------------------------
+install -d -m 0755  "${DESTDIR}/etc/ciss/hashes"
 install -d -m 0755  "${DESTDIR}/etc/ciss/keys"
+install -d -m 0755  "${DESTDIR}/etc/ciss/signatures"
 install -d -m 0755  "${DESTDIR}/etc/initramfs-tools/conf.d"
 install -d -m 0755  "${DESTDIR}/etc/initramfs-tools/scripts/init-premount"
 install -d -m 0755  "${DESTDIR}/usr/bin"
@@ -56,7 +58,7 @@ for dir in bin usr/bin; do
 done


-### Install GPG signing keys ---------------------------------------------------------------------------------------------------
+### Install GPG keys -----------------------------------------------------------------------------------------------------------
 src_dir="/etc/ciss/keys"
 dst_dir="${DESTDIR}/etc/ciss/keys"
 key=""
@@ -77,6 +79,51 @@ if [ -d "${src_dir}" ]; then

 fi

+
+### Install GPG signatures -----------------------------------------------------------------------------------------------------
+src_dir="/etc/ciss/signatures"
+dst_dir="${DESTDIR}/etc/ciss/signatures"
+sig=""
+
+if [ -d "${src_dir}" ]; then
+
+  install -d -m 0755 "${dst_dir}"
+
+  for sig in "${src_dir}"/*.sig; do
+
+    [ -e "${sig}" ] || continue
+
+    install -m 0444 "${sig}" "${dst_dir}/"
+
+    printf '\e[92mSuccessfully executed: [install -m 0444 %s %s]\n\e[0m' "${sig}" "${dst_dir}"
+
+  done
+
+fi
+
+
+### Install SHA hashes ---------------------------------------------------------------------------------------------------------
+src_dir="/etc/ciss/hashes"
+dst_dir="${DESTDIR}/etc/ciss/hashes"
+hash=""
+
+if [ -d "${src_dir}" ]; then
+
+  install -d -m 0755 "${dst_dir}"
+
+  for hash in "${src_dir}"/*sha*sum.txt; do
+
+    [ -e "${hash}" ] || continue
+
+    install -m 0444 "${hash}" "${dst_dir}/"
+
+    printf '\e[92mSuccessfully executed: [install -m 0444 %s %s]\n\e[0m' "${hash}" "${dst_dir}"
+
+  done
+
+fi
+
+
 ### Install Dropbear configuration ---------------------------------------------------------------------------------------------
 install -m 0444 /etc/dropbear/initramfs/dropbear.conf "${DESTDIR}/etc/dropbear/dropbear.conf"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/dropbear.conf %s/etc/dropbear/dropbear.conf] \n\e[0m" "${DESTDIR}"
@@ -95,6 +142,10 @@ printf "\e[92mSuccessfully executed: [install -m 0444 /etc/initramfs-tools/files
 install -m 0444 /etc/banner "${DESTDIR}/etc/dropbear/banner"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/banner %s/etc/dropbear/banner] \n\e[0m" "${DESTDIR}"

+### Install Dropbear Banner ----------------------------------------------------------------------------------------------------
+install -m 0444 /etc/banner "${DESTDIR}/etc/dropbear/banner"
+printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/banner %s/etc/dropbear/banner] \n\e[0m" "${DESTDIR}"
+
 ### EOS

 printf "\e[92mSuccessfully executed: [/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh] \n\e[0m"