msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.440.2025.11.19
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m28s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-22 14:48:56 +00:00
parent 1d91852d68
commit 5362412a9a
2 changed files with 261 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
View File

@@ -267,16 +267,19 @@ PID_BROKER="$!"
fi
printf "\e[93m[INFO] Enter LUKS passphrase on console: \n\e[0m" >/dev/console 2>/dev/null || break
#printf "\e[93m[INFO] Enter LUKS passphrase on console: \n\e[0m" >/dev/console 2>/dev/null || break
if ! IFS= read -r PASS </dev/console 2>/dev/null; then
#if ! IFS= read -r PASS </dev/console 2>/dev/null; then
break
# break
fi
#fi
[ -n "${PASS}" ] || continue
# shellcheck disable=SC2310
PASS="$(ask_pass_console)" || continue
printf '%s\n' "${PASS}" >| /lib/cryptsetup/passfifo 2>/dev/null || :
done

254
config/includes.chroot/usr/lib/live/boot/9990-main.sh Normal file
View File

@@ -0,0 +1,254 @@
#!/bin/sh
# bashsupport disable=BP5007
# shellcheck disable=SC2249
# shellcheck shell=sh
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-11-12; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Modified Version of the original file:
### https://salsa.debian.org/live-team/live-boot 'components/9990-main.shh'
### Change behavior to mount already opened ciss_rootfs.crypt (0024-ciss-crypt-squash).
# set -e
Live ()
{
printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/9990-main.sh] ... \n\e[0m"
if [ -x /scripts/local-top/cryptroot ]
then
/scripts/local-top/cryptroot
fi
exec 6>&1
exec 7>&2
exec > boot.log
exec 2>&1
tail -f boot.log >&7 &
tailpid="${!}"
# shellcheck disable=SC2034
LIVE_BOOT_CMDLINE="${LIVE_BOOT_CMDLINE:-$(cat /proc/cmdline)}"
Cmdline_old
Debug
Read_only
Select_eth_device
if [ -e /conf/param.conf ]
then
. /conf/param.conf
fi
# Needed here too because some things (*cough* udev *cough*)
# change the timeout
printf "\e[93m[DEBUG] live(): Before do_netmount() pp. \e[0m\n" >&2
if [ -n "${NETBOOT}" ] || [ -n "${FETCH}" ] || [ -n "${HTTPFS}" ] || [ -n "${FTPFS}" ]
then
if do_netmount
then
printf "\e[93m[DEBUG] live(): [livefs_root=%s] \e[0m\n" "${mountpoint?}" >&2
livefs_root="${mountpoint?}"
else
panic "Unable to find a live file system on the network"
fi
else
if [ -n "${ISCSI_PORTAL}" ]
then
printf "\e[93m[DEBUG] live(): [do_iscsi && livefs_root=%s] \e[0m\n" "${mountpoint?}" >&2
do_iscsi && livefs_root="${mountpoint}"
elif [ -n "${PLAIN_ROOT}" ] && [ -n "${ROOT}" ]
then
# Do a local boot from hd
printf "\e[93m[DEBUG] live(): Do a local boot from hd [livefs_root=%s] \e[0m\n" "${ROOT?}" >&2
livefs_root=${ROOT}
else
printf "\e[93m[DEBUG] live(): [Setup_Memdisk] \e[0m\n" >&2
Setup_Memdisk
# If the live media location is given via command line and access to it
# involves LVM volumes, the corresponding volumes need to be activated.
IFS=','
# shellcheck disable=SC2116
for dev in $(echo "${LIVE_MEDIA}")
do
case "${dev}" in
/dev/mapper/*)
# shellcheck disable=SC2046,SC2312
eval $(dmsetup splitname --nameprefixes --noheadings --rows "${dev#/dev/mapper/}")
# shellcheck disable=SC2244
if [ "${DM_VG_NAME}" ] && [ "${DM_LV_NAME}" ]
then
lvm lvchange -aay -y --sysinit --ignoreskippedcluster "${DM_VG_NAME}/${DM_LV_NAME}"
fi
;;
/dev/*/*)
# Could be /dev/VG/LV; use lvs to check
if lvm lvs -- "${dev}" >/dev/null 2>&1
then
lvm lvchange -aay -y --sysinit --ignoreskippedcluster "${dev}"
fi
;;
esac
done
unset IFS
# Scan local devices for the image
i=0
while [ "${i}" -lt 60 ]
do
# shellcheck disable=SC2086
livefs_root=$(find_livefs ${i})
if [ -n "${livefs_root}" ]
then
break
fi
sleep 1
i=$((i + 1))
done
fi
fi
if [ -z "${livefs_root}" ]
then
panic "Unable to find a medium containing a live file system"
fi
printf "\e[93m[DEBUG] live(): Before [Verify_checksums %s] \e[0m\n" "${livefs_root}" >&2
Verify_checksums "${livefs_root}"
# shellcheck disable=SC2244
if [ "${TORAM}" ]
then
live_dest="ram"
elif [ "${TODISK}" ]
then
live_dest="${TODISK}"
fi
# shellcheck disable=SC2244
if [ "${live_dest}" ]
then
log_begin_msg "Copying live media to ${live_dest}"
copy_live_to "${livefs_root}" "${live_dest}"
log_end_msg
fi
# if we do not unmount the ISO, we can't run "fsck /dev/ice" later on
# because the mountpoint is left behind in /proc/mounts, so let's get
# rid of it when running from RAM
# shellcheck disable=SC2244
if [ -n "${FROMISO}" ] && [ "${TORAM}" ]
then
losetup -d /dev/loop0
if is_mountpoint /run/live/fromiso
then
umount /run/live/fromiso
rmdir --ignore-fail-on-non-empty /run/live/fromiso \
>/dev/null 2>&1 || true
fi
fi
printf "\e[93m[DBG] Live(): before overlay, live_dest=%s \e[0m\n" "${live_dest:-<none>}" >&2
printf "\e[93m[DBG] Live(): MODULETORAMFILE=%s PLAIN_ROOT=%s \e[0m\n" "${MODULETORAMFILE}" "${PLAIN_ROOT}" >&2
if [ -n "${MODULETORAMFILE}" ] || [ -n "${PLAIN_ROOT}" ]
then
printf "\e[93m[DBG] Live(): setup_unionfs livefs_root=%s rootmnt=%s \e[0m\n" "${livefs_root}" "${rootmnt?}" >&2
setup_unionfs "${livefs_root}" "${rootmnt?}"
else
mac="$(get_mac)"
mac="$(echo "${mac}" | sed 's/-//g')"
printf "\e[93m[DBG] Live(): mount_images_in_directory livefs_root=%s rootmnt=%s mac=%s \e[0m\n" "${livefs_root}" "${rootmnt}" "${mac}" >&2
mount_images_in_directory "${livefs_root}" "${rootmnt}" "${mac}"
fi
if [ -n "${ROOT_PID}" ]
then
echo "${ROOT_PID}" > "${rootmnt}"/lib/live/root.pid
fi
log_end_msg
# aufs2 in kernel versions around 2.6.33 has a regression:
# directories can't be accessed when read for the first time,
# causing a failure, for example, when accessing /var/lib/fai
# when booting FAI, this simple workaround solves it
ls /root/* >/dev/null 2>&1
# if we do not unmount the ISO, we can't run "fsck /dev/ice" later on
# because the mountpoint is left behind in /proc/mounts, so let's get
# rid of it when running from RAM
# shellcheck disable=SC2244
if [ -n "${FINDISO}" ] && [ "${TORAM}" ]
then
losetup -d /dev/loop0
if is_mountpoint /run/live/findiso
then
umount /run/live/findiso
rmdir --ignore-fail-on-non-empty /run/live/findiso \
>/dev/null 2>&1 || true
fi
fi
if [ -f /etc/hostname ] && ! grep -E -q -v '^[[:space:]]*(#|$)' "${rootmnt}/etc/hostname"
then
log_begin_msg "Copying /etc/hostname to ${rootmnt}/etc/hostname"
cp -v /etc/hostname "${rootmnt}/etc/hostname"
log_end_msg
fi
if [ -f /etc/hosts ] && ! grep -E -q -v '^[[:space:]]*(#|$|(127.0.0.1|::1|ff02::[12])[[:space:]])' "${rootmnt}/etc/hosts"
then
log_begin_msg "Copying /etc/hosts to ${rootmnt}/etc/hosts"
cp -v /etc/hosts "${rootmnt}/etc/hosts"
log_end_msg
fi
if [ -L /root/etc/resolv.conf ] ; then
# assume we have resolvconf
DNSFILE="${rootmnt}/etc/resolvconf/resolv.conf.d/base"
else
DNSFILE="${rootmnt}/etc/resolv.conf"
fi
if [ -f /etc/resolv.conf ] && ! grep -E -q -v '^[[:space:]]*(#|$)' "${DNSFILE}"
then
log_begin_msg "Copying /etc/resolv.conf to ${DNSFILE}"
cp -v /etc/resolv.conf "${DNSFILE}"
log_end_msg
fi
if ! [ -d "/lib/live/boot" ]
then
panic "A wrong rootfs was mounted."
fi
Fstab
Netbase
Swap
exec 1>&6 6>&-
exec 2>&7 7>&-
kill "${tailpid}"
[ -w "${rootmnt}/var/log/" ] && mkdir -p "${rootmnt}/var/log/live" && ( \
cp boot.log "${rootmnt}/var/log/live" 2>/dev/null; \
cp fsck.log "${rootmnt}/var/log/live" 2>/dev/null )
printf "\e[92m[INFO] Successfully applied: [/usr/lib/live/boot/9990-main.sh] ... \n\e[0m"
}