V8.13.408.2025.11.13
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m8s
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m31s

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
2025-11-13 06:26:44 +01:00
parent a362db3d78
commit 5f370c2cdb
83 changed files with 1422 additions and 877 deletions

View File

@@ -13,7 +13,7 @@
guard_sourcing || return "${ERR_GUARD_SRCE}"
#######################################
# Integrate primordial SSH identity files.
# Integrates CISS dropbear and SOPS Age Key and CISS and PhysNet primordial SSH identity files.
# Globals:
# BASH_SOURCE
# VAR_AGE
@@ -30,8 +30,8 @@ guard_sourcing || return "${ERR_GUARD_SRCE}"
init_primordial() {
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}"
### Prepare CISS dropbear integration ----------------------------------------------------------------------------------------
declare var_dropbear_version="2025.88"
declare var_unlock_wrapper="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/initramfs-tools/files/unlock_wrapper.sh"
install -d -m 0755 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/initramfs-tools/files"
install -d -m 0755 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/build"
@@ -44,15 +44,6 @@ init_primordial() {
install -m 0444 "${VAR_WORKDIR}/config/includes.chroot/usr/share/initramfs-tools/scripts/init-premount/dropbear" \
"${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/dropbear.file"
# shellcheck disable=SC2312
sha512sum "${VAR_WORKDIR}/config/includes.chroot/etc/initramfs-tools/files/unlock_wrapper.sh" | awk '{print $1}' \
>| "${var_unlock_wrapper}.sha512sum.txt"
gpg --batch --yes --pinentry-mode loopback --passphrase-file "${VAR_SIGNING_KEY_PASSFILE}" --local-user "${VAR_SIGNING_KEY_FPR}" \
--detach-sign --output "${var_unlock_wrapper}.sha512sum.txt.sig" "${var_unlock_wrapper}.sha512sum.txt"
gpgv --keyring "${VAR_VERIFY_KEYRING}" "${var_unlock_wrapper}.sha512sum.txt.sig" "${var_unlock_wrapper}.sha512sum.txt"
### Check for SOPS AGE key integration ---------------------------------------------------------------------------------------
if [[ "${VAR_AGE,,}" == "true" ]]; then