msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.512.2025.11.26
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m2s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m27s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-26 10:05:56 +00:00
parent afe0dd7038
commit 52c3298db9
10 changed files with 18 additions and 1630 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config/hooks/live/0000_basic_chroot_setup.chroot
View File

@@ -232,9 +232,17 @@ ln -sf /dev/null /etc/systemd/system/apt-show-versions.timer
ln -sf /dev/null /etc/systemd/system/apt-show-versions.service
rm -f /etc/cron.daily/apt-show-versions || true
### Remove original '/usr/lib/live/boot/0030-verify-checksums' -----------------------------------------------------------------
### Remove the original '/usr/lib/live/boot/0030-verify-checksums' -------------------------------------------------------------
[[ -e /usr/lib/live/boot/0030-verify-checksums ]] && rm -f /usr/lib/live/boot/0030-verify-checksums
### Ensure proper 0755 rights for CISS initramfs scripts ----------------------------------------------------------------------
[[ -x /etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh ]] \
&& chmod 0755 /etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh
[[ -x /etc/initramfs-tools/scripts/init-premount/1000_ciss_fixpath.sh ]] \
&& chmod 0755 /etc/initramfs-tools/scripts/init-premount/1000_ciss_fixpath.sh
[[ -x /etc/initramfs-tools/scripts/init-top/0000_ciss_fixpath.sh ]] \
&& chmod 0755 /etc/initramfs-tools/scripts/init-top/0000_ciss_fixpath.sh
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
exit 0

14
config/includes.chroot/etc/initramfs-tools/scripts/live-bottom/0042-ciss-post-decrypt-attest → config/includes.chroot/etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh
View File

@@ -77,10 +77,11 @@ for _mp in /run/live/rootfs /run/live/rootfs.squashfs /run/live/overlay /root ;
done
if [ -z "${ROOTMP}" ]; then
log_er "No decrypted rootfs mount found."
sleep 8
# TODO: Remove debug mode
# panic "[FATAL] No decrypted rootfs mount found."
panic "[FATAL] No decrypted rootfs mount found."
fi
log_ok "Decrypted rootfs at: [${ROOTMP}]"
@@ -106,8 +107,7 @@ else
log_er "Signature FPR mismatch: got: [${_CDLB_SIG_FILE_FPR}] expected: [${CDLB_EXP_FPR}]"
sleep 8
# TODO: Remove debug mode
# panic "[FATAL] Signature FPR mismatch: got: [${_CDLB_SIG_FILE_FPR}] expected: [${CDLB_EXP_FPR}]."
panic "[FATAL] Signature FPR mismatch: got: [${_CDLB_SIG_FILE_FPR}] expected: [${CDLB_EXP_FPR}]."
fi
@@ -126,8 +126,7 @@ if [ -e "${MAP_DEV}" ]; then
log_er "Top layer is NOT 'crypt'."
sleep 8
# TODO: Remove debug mode
# panic "[FATAL] Top layer is NOT 'crypt'."
panic "[FATAL] Top layer is NOT 'crypt'."
fi
@@ -139,8 +138,7 @@ if [ -e "${MAP_DEV}" ]; then
log_er "Cipher does not look like AES-XTS."
sleep 8
# TODO: Remove debug mode
# panic "[FATAL] Cipher does not look like AES-XTS."
panic "[FATAL] Cipher does not look like AES-XTS."
fi