msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.408.2025.11.13
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m5s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-13 09:56:52 +01:00
parent 59686ce69f
commit 73e4aef372
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/MAN_CISS_ISO_BOOT_CHAIN.md
View File

@@ -192,9 +192,9 @@ flowchart TD
A["Build time: pin EXP_FPR + embed ISO key"] --> B["ISO artifacts: sha512sum.txt + .sig"]; A["Build time: pin EXP_FPR + embed ISO key"] --> B["ISO artifacts: sha512sum.txt + .sig"];
B --> C["Boot early (0030): gpgv verify + FPR pin"]; B --> C["Boot early (0030): gpgv verify + FPR pin"];
C -->|OK| D["LUKS open (0025)"]; C -->|OK| D["LUKS open (0024)"];
D --> E["Mount RootFS"]; D --> E["Mount RootFS"];
E --> F["Boot late (0045): gpgv verify + FPR pin (root key)"]; E --> F["Boot late (0042): gpgv verify + FPR pin (root key)"];
F --> G["dmsetup health: crypt(XTS) over integrity(HMAC-SHA-512)"]; F --> G["dmsetup health: crypt(XTS) over integrity(HMAC-SHA-512)"];
C -- FAIL --> X["Abort"]; C -- FAIL --> X["Abort"];
F -- FAIL --> X; F -- FAIL --> X;

2
lib/lib_ciss_upgrades_boot.sh
View File

@@ -44,7 +44,7 @@ ciss_upgrades_boot() {
declare target="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/${_target}" declare target="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/${_target}"
declare var_sha="${target}sha512sum.txt" declare var_sha="${target}sha512sum.txt"
declare var_sig="${var_sig}.sig" declare var_sig="${var_sha}.sig"
declare var_fil="${target}" declare var_fil="${target}"
declare var_prefix="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" declare var_prefix="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot"