msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.404.2025.11.10
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 54s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-10 11:57:27 +01:00
parent fc263c95e3
commit 6c00891cd4
62 changed files with 1419 additions and 312 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/lib_primordial.sh
View File

@@ -38,6 +38,8 @@ init_primordial() {
"${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/dropbear/dropbear-${var_dropbear_version}.tar.bz2"
install -m 0444 "${VAR_WORKDIR}/upgrades/dropbear/localoptions.h" \
"${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/dropbear/localoptions.h"
install -m 0444 "${VAR_WORKDIR}/config/includes.chroot/usr/share/initramfs-tools/scripts/init-premount/dropbear" \
"${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/dropbear"
### Check for SOPS AGE key integration ---------------------------------------------------------------------------------------
if [[ "${VAR_AGE,,}" == "true" ]]; then
@@ -115,7 +117,7 @@ normalize_ssh_key_file() {
if ! ssh-keygen -yf "${var_key_file}" >/dev/null; then
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Failed check ssh-keygen -lf: [%s] \e[0m\n" "${var_key_file}"
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Failed check ssh-keygen -yf: [%s] \e[0m\n" "${var_key_file}"
return "${ERR_SANITIZING}"
fi
@@ -144,13 +146,21 @@ readonly -f normalize_ssh_key_file
# ERR_SANITIZING: on failure
#######################################
normalize_ssh_keys_in_dir() {
declare var_key_dir="" var_key_file=""
declare var_key_dir="" var_key_file="" _old_nullglob="" _old_dotglob="" _old_failglob=""
var_key_dir="$1"
### Enable nullglob/dotglob, disable failglob for safe globbing.
_old_nullglob="$(shopt -p nullglob || true)"
_old_dotglob="$( shopt -p dotglob || true)"
_old_failglob="$(shopt -p failglob || true)"
shopt -s nullglob dotglob
shopt -u failglob
if [[ ! -d "${var_key_dir}" ]]; then
shopt -u nullglob dotglob
eval "${_old_nullglob}" 2>/dev/null || true
eval "${_old_dotglob}" 2>/dev/null || true
eval "${_old_failglob}" 2>/dev/null || true
return 0
fi
@@ -160,13 +170,17 @@ normalize_ssh_keys_in_dir() {
[[ -e "${var_key_file}" ]] || continue
if ! normalize_ssh_key_file "${var_key_file}"; then
shopt -u nullglob dotglob
eval "${_old_nullglob}" 2>/dev/null || true
eval "${_old_dotglob}" 2>/dev/null || true
eval "${_old_failglob}" 2>/dev/null || true
return "${ERR_SANITIZING}"
fi
done
shopt -u nullglob dotglob
eval "${_old_nullglob}" 2>/dev/null || true
eval "${_old_dotglob}" 2>/dev/null || true
eval "${_old_failglob}" 2>/dev/null || true
return 0
}