V9.14.024.2026.06.11

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2026-06-11 20:14:31 +01:00
parent f6ca83fb26
commit 5cc2110ecb
4 changed files with 29 additions and 5 deletions
@@ -123,7 +123,6 @@ if [ -d "${src_dir}" ]; then

 fi

-
 ### Install Dropbear configuration ---------------------------------------------------------------------------------------------
 install -m 0444 /etc/dropbear/initramfs/dropbear.conf "${DESTDIR}/etc/dropbear/dropbear.conf"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/dropbear.conf %s/etc/dropbear/dropbear.conf] \n\e[0m" "${DESTDIR}"
@@ -146,6 +145,13 @@ printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/ba
 install -m 0444 /etc/banner "${DESTDIR}/etc/dropbear/banner"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/banner %s/etc/dropbear/banner] \n\e[0m" "${DESTDIR}"

+### Ensure live-boot runtime scripts in the initramfs are executable -----------------------------------------------------------
+if [ -d "${DESTDIR}/usr/lib/live/boot" ]; then
+
+  find "${DESTDIR}/usr/lib/live/boot" -type f -exec chmod +x -- {} +
+  printf "\e[92mSuccessfully executed: [find %s/usr/lib/live/boot -type f -exec chmod +x -- {} +] \n\e[0m" "${DESTDIR}"
+
+fi
 ### EOS

 printf "\e[92mSuccessfully executed: [/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh] \n\e[0m"
@@ -26,6 +26,7 @@
 set -eu

 printf "\e[95m[INFO] Starting             : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] \n\e[0m"
+sleep 2

 ### Check panic command availability -------------------------------------------------------------------------------------------
 if ! command -v panic >/dev/null 2>&1; then
@@ -220,7 +221,7 @@ verify_rootfs_payload() {
  payload_size=""
  payload_hash=""

-  payload_size="$(awk -F': ' '/^# rootfs-size-bytes: /{print $2; exit}' "${manifest_path}")"
+  payload_size="$(awk '/^# Bytes[[:space:]]*:[[:space:]]Final filesystem[.]squashfs[[:space:]]+[0-9]+[[:space:]]*$/ {print $NF; exit}' "${manifest_path}")"
  payload_hash="$(awk '($0 !~ /^#/ && NF >= 2){print $1; exit}' "${manifest_path}")"

  case "${payload_size}" in
@@ -497,8 +497,25 @@ setup_unionfs ()

  ### CISS override for /usr/lib/live/boot/0042_ciss_post_decrypt_attest -------------------------------------------------------
  printf "\e[95m[INFO] Calling              : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] ... \n\e[0m"
-  [ -x /usr/lib/live/boot/0042_ciss_post_decrypt_attest ] && /usr/lib/live/boot/0042_ciss_post_decrypt_attest
+  chmod +x /usr/lib/live/boot/0042_ciss_post_decrypt_attest
+  sleep 2
+
+  if [ -x /usr/lib/live/boot/0042_ciss_post_decrypt_attest ]; then
+
+      if ! /usr/lib/live/boot/0042_ciss_post_decrypt_attest; then
+
+        panic "[FATAL] [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] failed."
+
+      fi
+
+  else
+
+    panic "[FATAL] [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] missing or not executable."
+
+  fi
+
  printf "\e[92m[INFO] Calling              : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] done. \n\e[0m"
+  sleep 2
  ### CISS override for /usr/lib/live/boot/0042_ciss_post_decrypt_attest -------------------------------------------------------

  printf "\e[92m[INFO] Successfully applied : [/usr/lib/live/boot/9990-overlay.sh] \n\e[0m"