diff --git a/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml b/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml index 8f50145..c5d7ab9 100644 --- a/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml +++ b/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml @@ -10,6 +10,6 @@ # SPDX-Security-Contact: security@coresecret.eu build: - counter: 1023 + counter: 1024 version: V8.13.064.2025.10.07 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml diff --git a/.gitea/workflows/generate_PRIVATE_trixie_0.yaml b/.gitea/workflows/generate_PRIVATE_trixie_0.yaml index 45569e0..b5ef2a6 100644 --- a/.gitea/workflows/generate_PRIVATE_trixie_0.yaml +++ b/.gitea/workflows/generate_PRIVATE_trixie_0.yaml @@ -146,23 +146,27 @@ jobs: shell: bash working-directory: ${{ github.workspace }} env: - ED25519_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY }} - ED25519_PUB: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY_PUB }} - RSA_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY }} - RSA_PUB: ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY_PUB }} + ED25519_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY }} + ED25519_PUB: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY_PUB }} + RSA_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY }} + RSA_PUB: ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY_PUB }} + CISS_PRIMORDIAL: ${{ secrets.CISS_PRIMORDIAL_PRIVATE }} + CISS_PRIMORDIAL_PUB: ${{ secrets.CISS_PRIMORDIAL_PUBLIC }} run: | set -Ceuo pipefail umask 077 REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd -P)" - TPL="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot.tmpl" - OUT="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot" + TPL="${REPO_ROOT}/config/hooks/live/9935_hardening_ssh.chroot.tmpl" + OUT="${REPO_ROOT}/config/hooks/live/9935_hardening_ssh.chroot" + ID_OUT"${REPO_ROOT}/config/includes.chroot/root/.ssh/id_2025_ed25519_ciss_primordial" + ID_OUT_PUB"${REPO_ROOT}/config/includes.chroot/root/.ssh/id_2025_ed25519_ciss_primordial.pub" - if [[ ! -f "$TPL" ]]; then - echo "Template not found: $TPL" + if [[ ! -f "${TPL}" ]]; then + echo "Template not found: ${TPL}" echo "::group::Tree of config/hooks/live" - ls -la "$REPO_ROOT/config/hooks/live" || true + ls -la "${REPO_ROOT}/config/hooks/live" || true echo "::endgroup::" exit 2 fi @@ -171,6 +175,22 @@ jobs: export ED25519_PUB="${ED25519_PUB//$'\r'/}" export RSA_PRIV="${RSA_PRIV//$'\r'/}" export RSA_PUB="${RSA_PUB//$'\r'/}" + export CISS_PRIMORDIAL="${CISS_PRIMORDIAL//$'\r'/}" + export CISS_PRIMORDIAL_PUB="${CISS_PRIMORDIAL_PUB//$'\r'/}" + + ( + cat << EOF >| "${ID_OUT}" + ${CISS_PRIMORDIAL} + EOF + ) && chmod 0600 "${ID_OUT}" + echo "Written: ${ID_OUT}" + + ( + cat << EOF >| "${ID_OUT_PUB}" + ${CISS_PRIMORDIAL_PUB} + EOF + ) && chmod 0600 "${ID_OUT_PUB}" + echo "Written: ${ID_OUT_PUB}" perl -0777 -pe ' BEGIN{ @@ -181,10 +201,10 @@ jobs: s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_ED25519_KEY_PUB\s*\}\}/$edpub/g; s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_RSA_KEY\s*\}\}/$rsa/g; s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_RSA_KEY_PUB\s*\}\}/$rsapub/g; - ' "$TPL" > "$OUT" + ' "${TPL}" > "${OUT}" - chmod 0755 "$OUT" - echo "Hook rendered: $OUT" + chmod 0755 "${OUT}" + echo "Hook rendered: ${OUT}" - name: ๐Ÿ› ๏ธ Starting CISS.debian.live.builder. This may take a while ... shell: bash diff --git a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml index 735e297..3defa2c 100644 --- a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml +++ b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml @@ -146,23 +146,27 @@ jobs: shell: bash working-directory: ${{ github.workspace }} env: - ED25519_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY }} - ED25519_PUB: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY_PUB }} - RSA_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY }} - RSA_PUB: ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY_PUB }} + ED25519_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY }} + ED25519_PUB: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY_PUB }} + RSA_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY }} + RSA_PUB: ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY_PUB }} + CISS_PRIMORDIAL: ${{ secrets.CISS_PRIMORDIAL_PRIVATE }} + CISS_PRIMORDIAL_PUB: ${{ secrets.CISS_PRIMORDIAL_PUBLIC }} run: | set -Ceuo pipefail umask 077 REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd -P)" - TPL="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot.tmpl" - OUT="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot" + TPL="${REPO_ROOT}/config/hooks/live/9935_hardening_ssh.chroot.tmpl" + OUT="${REPO_ROOT}/config/hooks/live/9935_hardening_ssh.chroot" + ID_OUT"${REPO_ROOT}/config/includes.chroot/root/.ssh/id_2025_ed25519_ciss_primordial" + ID_OUT_PUB"${REPO_ROOT}/config/includes.chroot/root/.ssh/id_2025_ed25519_ciss_primordial.pub" - if [[ ! -f "$TPL" ]]; then - echo "Template not found: $TPL" + if [[ ! -f "${TPL}" ]]; then + echo "Template not found: ${TPL}" echo "::group::Tree of config/hooks/live" - ls -la "$REPO_ROOT/config/hooks/live" || true + ls -la "${REPO_ROOT}/config/hooks/live" || true echo "::endgroup::" exit 2 fi @@ -171,6 +175,22 @@ jobs: export ED25519_PUB="${ED25519_PUB//$'\r'/}" export RSA_PRIV="${RSA_PRIV//$'\r'/}" export RSA_PUB="${RSA_PUB//$'\r'/}" + export CISS_PRIMORDIAL="${CISS_PRIMORDIAL//$'\r'/}" + export CISS_PRIMORDIAL_PUB="${CISS_PRIMORDIAL_PUB//$'\r'/}" + + ( + cat << EOF >| "${ID_OUT}" + ${CISS_PRIMORDIAL} + EOF + ) && chmod 0600 "${ID_OUT}" + echo "Written: ${ID_OUT}" + + ( + cat << EOF >| "${ID_OUT_PUB}" + ${CISS_PRIMORDIAL_PUB} + EOF + ) && chmod 0600 "${ID_OUT_PUB}" + echo "Written: ${ID_OUT_PUB}" perl -0777 -pe ' BEGIN{ @@ -181,10 +201,10 @@ jobs: s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_ED25519_KEY_PUB\s*\}\}/$edpub/g; s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_RSA_KEY\s*\}\}/$rsa/g; s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_RSA_KEY_PUB\s*\}\}/$rsapub/g; - ' "$TPL" > "$OUT" + ' "${TPL}" > "${OUT}" - chmod 0755 "$OUT" - echo "Hook rendered: $OUT" + chmod 0755 "${OUT}" + echo "Hook rendered: ${OUT}" - name: ๐Ÿ› ๏ธ Starting CISS.debian.live.builder. This may take a while ... shell: bash diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh index a2c236b..5322cff 100644 --- a/ciss_live_builder.sh +++ b/ciss_live_builder.sh @@ -210,6 +210,12 @@ arg_priority_check check_stats if ! ${VAR_HANDLER_AUTOBUILD}; then check_provider; fi if ! ${VAR_HANDLER_AUTOBUILD}; then check_kernel; fi + +if [[ ! "${VAR_SSHFP}" == "true" ]]; then + rm -f "${SCRIPT_BASEPATH}/config/includes.chroot/root/.ssh/id_2025_ed25519_ciss_primordial" + rm -f "${SCRIPT_BASEPATH}/config/includes.chroot/root/.ssh/id_2025_ed25519_ciss_primordial.pub" +fi + check_hooks hardening_ssh lb_config_start diff --git a/config/hooks/live/0001_initramfs_modules.chroot b/config/hooks/live/0001_initramfs_modules.chroot index a8ad320..e593f6c 100644 --- a/config/hooks/live/0001_initramfs_modules.chroot +++ b/config/hooks/live/0001_initramfs_modules.chroot @@ -327,7 +327,7 @@ EOF chmod 0755 /etc/initramfs-tools/hooks/ciss_debian_live_builder ### Regenerate the initramfs for the live system kernel -update-initramfs -u -k all +update-initramfs -u -k all -v printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" diff --git a/config/hooks/live/9900_process_accounting.chroot b/config/hooks/live/9900_process_accounting.chroot index c8a7ed1..481ba83 100644 --- a/config/hooks/live/9900_process_accounting.chroot +++ b/config/hooks/live/9900_process_accounting.chroot @@ -12,22 +12,26 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 apt-get install -y acct if [[ ! -d /etc/systemd/system/multi-user.target.wants ]]; then + mkdir -p /etc/systemd/system/multi-user.target.wants + fi if ln -s /lib/systemd/system/acct.service /etc/systemd/system/multi-user.target.wants/acct.service; then + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… 'Process Accounting' enabled successful. \e[0m\n" + else + printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ โŒ 'Process Accounting' already enabled. \e[0m\n" >&2 + fi printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9910_motd.chroot b/config/hooks/live/9910_motd.chroot index f495728..6c4c913 100644 --- a/config/hooks/live/9910_motd.chroot +++ b/config/hooks/live/9910_motd.chroot @@ -12,7 +12,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 mkdir -p /root/.ciss/dlb/backup/update-motd.d cp -af /etc/update-motd.d/* /root/.ciss/dlb/backup/update-motd.d @@ -25,7 +24,6 @@ EOF chmod 0755 /etc/update-motd.d/10-uname printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' successfully applied. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9920_deleting_invalid_x509.chroot b/config/hooks/live/9920_deleting_invalid_x509.chroot index 3030dea..451da7e 100644 --- a/config/hooks/live/9920_deleting_invalid_x509.chroot +++ b/config/hooks/live/9920_deleting_invalid_x509.chroot @@ -12,7 +12,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 declare -a search_dirs=("/etc/ssl/certs" "/usr/local/share/ca-certificates" "/usr/share/ca-certificates" "/etc/letsencrypt") declare backup_dir="/root/.ciss/dlb/backup/certificates" @@ -27,17 +26,24 @@ declare -ax expired_certificates=() # search_dirs # dir # Arguments: -# None +# None ####################################### create_backup() { printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช Backup Certificate: '%s' ... \e[0m\n" "${backup_dir}" + mkdir -p "${backup_dir}" declare dir="" + for dir in "${search_dirs[@]}"; do - if [ -d "${dir}" ] && compgen -G "${dir}"/* > /dev/null; then + + if [[ -d "${dir}" ]] && compgen -G "${dir}"/* > /dev/null; then + cp -r "${dir}"/* "${backup_dir}" + fi + done + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Backup Certificate: '%s' done.\e[0m\n" "${backup_dir}" } @@ -52,25 +58,32 @@ create_backup() { # EXPIRED_CERTIFICATES # SEARCH_DIRS # Arguments: -# None +# None ####################################### check_certificates() { declare dir="" declare cert="" declare cert_date="" declare cert_date_seconds="" + for dir in "${search_dirs[@]}"; do + + # shellcheck disable=SC2312 while IFS= read -r -d '' cert; do + cert_date=$(openssl x509 -in "${cert}" -noout -enddate | sed 's/notAfter=//') cert_date_seconds=$(date -d "${cert_date}" +%s) + if [[ ${cert_date_seconds} -lt ${current_date} ]]; then + declare -g expired_certificates+=("${cert}") + fi + done < <(find "${dir}" -type f \( -name "*.crt" -o -name "*.pem" \) -print0) + done } -# done < <(find "${dir}" -type f -name "*.crt" -o -name "*.pem" -print0) -# done < <(find "${DIR}" -type f \( -name "*.crt" -o -name "*.pem" \) -print0) ####################################### # Find and clean all ca-certificates.crt files in SEARCH_DIRS. @@ -80,13 +93,17 @@ check_certificates() { # cert # line # Arguments: -# None +# None ####################################### delete_expired_from_all_bundles() { declare dir bundle + for dir in "${search_dirs[@]}"; do + bundle="${dir}/ca-certificates.crt" + if [[ -f ${bundle} ]]; then + printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช Checking Root-CA Bundle: '%s' ...\e[0m\n" "${bundle}" declare tmp_bundle="${bundle}.tmp" declare -a block=() @@ -97,33 +114,57 @@ delete_expired_from_all_bundles() { declare line="" while IFS= read -r line; do + block+=("${line}") + if [[ ${line} == "-----END CERTIFICATE-----" ]]; then + cert=$(printf "%s\n" "${block[@]}") enddate=$(echo "${cert}" | openssl x509 -noout -enddate 2> /dev/null | sed 's/notAfter=//') + if [[ -n ${enddate} ]]; then + declare cert_date_seconds="" cert_date_seconds=$(date -d "${enddate}" +%s) + if [[ ${cert_date_seconds} -lt ${current_date} ]]; then + expired=1 + else + expired=0 + fi + else + expired=0 + fi + if [[ ${expired} -eq 0 ]]; then + printf "%s\n" "${block[@]}" >> "${tmp_bundle}" + else + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Certificate deleted: '%s' (Expired: %s)\e[0m\n" "${bundle}" "${enddate}" + fi + block=() + fi + done < "${bundle}" mv -f "${tmp_bundle}" "${bundle}" + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Checking Root-CA Bundle: '%s' done. \e[0m\n" "${bundle}" + fi + done } @@ -141,30 +182,38 @@ else printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช Expired certificates found:\e[0m\n" for exp_cert in "${expired_certificates[@]}"; do + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ '%s'. \e[0m\n" "${exp_cert}" + done for exp_cert in "${expired_certificates[@]}"; do + rm -f "${exp_cert}" + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Certificate deleted: '%s'.\e[0m\n" "${exp_cert}" basename=$(basename "${exp_cert}") mozilla_entry="mozilla/${basename%.pem}.crt" mozilla_entry="${mozilla_entry%.crt}.crt" declare ca_conf="/etc/ca-certificates.conf" + if grep -Fxq "${mozilla_entry}" "${ca_conf}"; then + sed -i "s|^${mozilla_entry}$|#${mozilla_entry}|" "${ca_conf}" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Entry in ca-certificates.conf deselected: '#%s'.\e[0m\n" "${mozilla_entry}" + fi + done printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Updating the certificate cache ... \e[0m\n" update-ca-certificates --fresh printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Updating the certificate cache done.\e[0m\n" - # sleep 1 + fi printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 + exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9935_hardening_ssh.chroot.tmpl b/config/hooks/live/9935_hardening_ssh.chroot.tmpl index 56baa4c..a630897 100644 --- a/config/hooks/live/9935_hardening_ssh.chroot.tmpl +++ b/config/hooks/live/9935_hardening_ssh.chroot.tmpl @@ -88,7 +88,6 @@ EOF chmod 0644 /etc/systemd/system/ssh.service.d/override.conf printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9940_hardening_memory.dump.chroot b/config/hooks/live/9940_hardening_memory.dump.chroot index e151ee4..c6015f3 100644 --- a/config/hooks/live/9940_hardening_memory.dump.chroot +++ b/config/hooks/live/9940_hardening_memory.dump.chroot @@ -12,15 +12,20 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 cp -u /etc/security/limits.conf /root/.ciss/dlb/backup/limits.conf.bak chmod 0644 /root/.ciss/dlb/backup/limits.conf.bak -sed -i "/#* soft core 0/ i\* soft core 0" /etc/security/limits.conf -sed -i "/#root hard core 100000/ i\* hard core 0" /etc/security/limits.conf + +grep -Eq '^[[:space:]]*\*[[:space:]]+soft[[:space:]]+core[[:space:]]+0[[:space:]]*$' /etc/security/limits.conf \ + || sed -i -E '/^[[:space:]]*#?[[:space:]]*soft[[:space:]]+core[[:space:]]+0[[:space:]]*$/ i\* soft core 0' /etc/security/limits.conf + +grep -Eq '^[[:space:]]*\*[[:space:]]+hard[[:space:]]+core[[:space:]]+0[[:space:]]*$' /etc/security/limits.conf \ + || sed -i -E '/^[[:space:]]*#?[[:space:]]*root[[:space:]]+hard[[:space:]]+core[[:space:]]+100000[[:space:]]*$/ i\* hard core 0' /etc/security/limits.conf if [[ ! -d /etc/systemd/coredump.conf.d ]]; then + mkdir -p /etc/systemd/coredump.conf.d + fi touch /etc/systemd/coredump.conf.d/disable.conf @@ -31,7 +36,6 @@ Storage=none EOF printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9950_fail2ban_hardening.chroot b/config/hooks/live/9950_fail2ban_hardening.chroot index 42521fc..6a44be2 100644 --- a/config/hooks/live/9950_fail2ban_hardening.chroot +++ b/config/hooks/live/9950_fail2ban_hardening.chroot @@ -12,7 +12,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 cd /root @@ -142,7 +141,6 @@ touch /var/log/fail2ban/fail2ban.log chmod 640 /var/log/fail2ban/fail2ban.log printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9960_disable_services.chroot b/config/hooks/live/9960_disable_services.chroot index dbaacf3..3846214 100644 --- a/config/hooks/live/9960_disable_services.chroot +++ b/config/hooks/live/9960_disable_services.chroot @@ -12,7 +12,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 ########################################################################################### # Remarks: Turn off Energy saving mode and ctrl-alt-del # @@ -25,7 +24,6 @@ done unset target printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9970_remove_exim.chroot b/config/hooks/live/9970_remove_exim.chroot index 8212e5b..a1ec16d 100644 --- a/config/hooks/live/9970_remove_exim.chroot +++ b/config/hooks/live/9970_remove_exim.chroot @@ -12,21 +12,17 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 cd /etc -apt-get purge exim4 -y -apt-get purge exim4-base -y -apt-get purge exim4-config -y - +apt-get purge exim4 exim4-base exim4-config -y apt-get autoremove -y apt-get autoclean -y apt-get autopurge -y apt-mark hold exim4 exim4-daemon-light exim4-base exim4-config -apt-get update -y +apt-get update apt-get upgrade -y if [[ -d /etc/exim4 ]]; then @@ -34,7 +30,6 @@ if [[ -d /etc/exim4 ]]; then fi printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9985_clamav.chroot b/config/hooks/live/9985_clamav.chroot index dd06215..0c98c1e 100644 --- a/config/hooks/live/9985_clamav.chroot +++ b/config/hooks/live/9985_clamav.chroot @@ -12,7 +12,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 mkdir -p /etc/systemd/system/clamav-daemon.service.d cat << 'EOF' >| /etc/systemd/system/clamav-daemon.service.d/override.conf @@ -71,7 +70,6 @@ EOF chmod 0644 /etc/systemd/system/clamav-freshclam.service.d/override.conf printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9990_final_purge.chroot b/config/hooks/live/9990_final_purge.chroot index 0bfffdd..55af822 100644 --- a/config/hooks/live/9990_final_purge.chroot +++ b/config/hooks/live/9990_final_purge.chroot @@ -12,36 +12,40 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 -apt-get update -y +apt-get update apt-get purge -y exim4 exim4-daemon-light exim4-base exim4-config qemu-guest-agent rmail -#sendmail-base sendmail-bin sendmail-cf sensible-mda sendmail-doc apt-mark hold exim4 exim4-daemon-light exim4-base exim4-config qemu-guest-agent rmail -#sendmail-base sendmail-bin sendmail-cf sensible-mda sendmail-doc dpkg --get-selections | grep deinstall >| /tmp/deinstall.log || true if [[ -s /tmp/deinstall.log ]]; then + printf "\n" printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช Packages to purge ... \e[0m\n" sed -i 's!deinstall!!' /tmp/deinstall.log + while IFS= read -r line; do + declare trimmed_string - trimmed_string=$(echo "$line" | awk '{$1=$1};1') + trimmed_string=$(echo "${line}" | awk '{$1=$1};1') echo "y" | apt-get purge "${trimmed_string}" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Package '%s' purged. \e[0m\n" "${trimmed_string}" - # sleep 1 + done < /tmp/deinstall.log + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Packages to purge done. \e[0m\n" + else + printf "\n" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… No Packages to purge, proceeding with clean up. \e[0m\n" + fi -apt-get update -y +apt-get update apt-get upgrade -y rm -f /tmp/deinstall.log @@ -53,7 +57,6 @@ apt-get autopurge -y updatedb printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' successfully applied. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9991_file_permissions.chroot b/config/hooks/live/9991_file_permissions.chroot index 8fa62e7..4afddf6 100644 --- a/config/hooks/live/9991_file_permissions.chroot +++ b/config/hooks/live/9991_file_permissions.chroot @@ -12,7 +12,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 chmod 0644 /etc/banner chmod 0644 /etc/issue @@ -99,8 +98,16 @@ for bin in as gcc g++ cc clang; do done unset bin target +### Directories: 0700 +find /root -type d -exec chmod 0700 {} + +### Executable files: 0700 (any x-bit set) +find /root -type f -perm /111 -exec chmod 0700 {} + +### Non-executable files: 0600 +find /root -type f ! -perm /111 -exec chmod 0600 {} + +### Ownership: UID:GID (do not dereference symlinks; stay on this filesystem) +find /root -xdev -exec chown -h root:root {} + + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' successfully applied. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9992_password_expiration.chroot b/config/hooks/live/9992_password_expiration.chroot index 565cc73..c1b2447 100644 --- a/config/hooks/live/9992_password_expiration.chroot +++ b/config/hooks/live/9992_password_expiration.chroot @@ -12,31 +12,35 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 if ! command -v chage &>/dev/null; then + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Info: 'chage' NOT found. Exiting hook ... \e[0m\n" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" - # sleep 1 + exit 0 + fi declare -i max_days=16384 +# shellcheck disable=SC2312 mapfile -t users_to_update < <( awk -F: '$2 !~ /^[!*]/ { print $1 }' /etc/shadow ) if [[ ${#users_to_update[@]} -eq 0 ]]; then + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… No enabled-login accounts found in /etc/shadow. Exiting hook ... \e[0m\n" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" - # sleep 1 + exit 0 + fi declare user for user in "${users_to_update[@]}"; do printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Setting max password age for user '%s' to '%s' days. \e[0m\n" "${user}" "${max_days}" - chage --maxdays "$max_days" "$user" + chage --maxdays "${max_days}" "${user}" done unset max_days user users_to_update @@ -46,7 +50,6 @@ awk -F: '$2 !~ /^\$[0-9]/ && length($2)==13 { print $1,$2 }' /etc/shadow printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… All applicable accounts have been updated. \e[0m\n" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9993_aide.chroot b/config/hooks/live/9993_aide.chroot index 17c63aa..20ccae3 100644 --- a/config/hooks/live/9993_aide.chroot +++ b/config/hooks/live/9993_aide.chroot @@ -12,7 +12,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 apt-get install -y aide > /dev/null 2>&1 @@ -20,13 +19,16 @@ cp -u /etc/aide/aide.conf /root/.ciss/dlb/backup/aide.conf.bak sed -i "s/Checksums = H/Checksums = sha512/" /etc/aide/aide.conf if aideinit > /dev/null 2>&1; then + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… 'aideinit' successful. \e[0m\n" + else + printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ โŒ 'aideinit' NOT successful. \e[0m\n" >&2 + fi printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9994_password_policy.chroot b/config/hooks/live/9994_password_policy.chroot index 4dd0b9c..6ccdd7c 100644 --- a/config/hooks/live/9994_password_policy.chroot +++ b/config/hooks/live/9994_password_policy.chroot @@ -16,14 +16,16 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 + +# shellcheck disable=SC2155 +declare -r VAR_DATE="$(date +%F)" cp -a /etc/security/pwquality.conf /root/.ciss/dlb/backup/pwquality.conf.bak chmod 0644 /root/.ciss/dlb/backup/pwquality.conf.bak -cat << 'EOF' >| /etc/security/pwquality.conf +cat << EOF >| /etc/security/pwquality.conf # SPDX-Version: 3.0 -# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; +# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; @@ -129,7 +131,6 @@ local_users_only EOF printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9995_sysstat.chroot b/config/hooks/live/9995_sysstat.chroot index 727c1eb..47c592a 100644 --- a/config/hooks/live/9995_sysstat.chroot +++ b/config/hooks/live/9995_sysstat.chroot @@ -12,12 +12,10 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 sed -i 's#^\(ENABLED=\).*#\1"true"#' /etc/default/sysstat printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9996_auditd.chroot b/config/hooks/live/9996_auditd.chroot index 252280b..d2449e0 100644 --- a/config/hooks/live/9996_auditd.chroot +++ b/config/hooks/live/9996_auditd.chroot @@ -15,7 +15,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 cd /root diff --git a/config/hooks/live/9997_debsums.chroot b/config/hooks/live/9997_debsums.chroot index e57918f..5e8c45a 100644 --- a/config/hooks/live/9997_debsums.chroot +++ b/config/hooks/live/9997_debsums.chroot @@ -12,7 +12,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 cd /root @@ -30,7 +29,6 @@ else fi printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9998_sources_list_bookworm.chroot b/config/hooks/live/9998_sources_list_bookworm.chroot index 498e81b..1f53024 100644 --- a/config/hooks/live/9998_sources_list_bookworm.chroot +++ b/config/hooks/live/9998_sources_list_bookworm.chroot @@ -12,7 +12,9 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 + +# shellcheck disable=SC2155 +declare -r VAR_DATE="$(date +%F)" cd /root @@ -22,7 +24,7 @@ fi cat << 'EOF' >| /etc/apt/sources.list # SPDX-Version: 3.0 -# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; +# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; diff --git a/config/hooks/live/9998_sources_list_trixie.chroot b/config/hooks/live/9998_sources_list_trixie.chroot index 51fc98c..58a86b4 100644 --- a/config/hooks/live/9998_sources_list_trixie.chroot +++ b/config/hooks/live/9998_sources_list_trixie.chroot @@ -12,7 +12,9 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 + +# shellcheck disable=SC2155 +declare -r VAR_DATE="$(date +%F)" cd /root @@ -29,7 +31,7 @@ EOF if [[ ! -f /etc/apt/sources.list.d/trixie.sources ]]; then cat << EOF >| /etc/apt/sources.list.d/trixie.sources # SPDX-Version: 3.0 -# SPDX-CreationInfo: 2025-08-11; WEIDNER, Marc S.; +# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; @@ -52,7 +54,7 @@ fi if [[ ! -f /etc/apt/sources.list.d/trixie-security.sources ]]; then cat << EOF >| /etc/apt/sources.list.d/trixie-security.sources # SPDX-Version: 3.0 -# SPDX-CreationInfo: 2025-08-11; WEIDNER, Marc S.; +# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; @@ -75,7 +77,7 @@ fi if [[ ! -f /etc/apt/sources.list.d/trixie-updates.sources ]]; then cat << EOF >| /etc/apt/sources.list.d/trixie-updates.sources # SPDX-Version: 3.0 -# SPDX-CreationInfo: 2025-08-11; WEIDNER, Marc S.; +# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; @@ -99,7 +101,7 @@ fi if [[ ! -f /etc/apt/sources.list.d/trixie-backports.sources ]]; then cat << EOF >| /etc/apt/sources.list.d/trixie-backports.sources # SPDX-Version: 3.0 -# SPDX-CreationInfo: 2025-08-11; WEIDNER, Marc S.; +# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; @@ -120,7 +122,6 @@ EOF fi printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/9999_interfaces_update.chroot b/config/hooks/live/9999_interfaces_update.chroot index aca191d..a7309a9 100644 --- a/config/hooks/live/9999_interfaces_update.chroot +++ b/config/hooks/live/9999_interfaces_update.chroot @@ -12,14 +12,16 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" -# sleep 1 + +# shellcheck disable=SC2155 +declare -r VAR_DATE="$(date +%F)" mv /etc/network/interfaces /root/.ciss/dlb/backup/interfaces.chroot rm -f /etc/network/interfaces -cat << 'EOF' >| /etc/network/interfaces +cat << EOF >| /etc/network/interfaces # SPDX-Version: 3.0 -# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; +# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; @@ -32,6 +34,9 @@ cat << 'EOF' >| /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). +EOF + +cat << 'EOF' >> /etc/network/interfaces ### The loopback network interface auto lo iface lo inet loopback @@ -59,7 +64,6 @@ EOF chmod 0644 /etc/network/interfaces printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' applied successfully. \e[0m\n" "${0}" -# sleep 1 exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 9c931d7..0ad3e70 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -13,6 +13,7 @@ include_toc: true # 2. Changelog ## V8.13.064.2025.10.07 +* **Added**: An internal Gitea Action Runner switch for the CISS and PHYS central configuration source of truth. * **Added**: Verbose status information screen on successful completion. * **Added**: Verbose status information in 'CISS.debian.live.iso.' * **Added**: Loop to desynchronize parallel workflows. @@ -21,6 +22,9 @@ include_toc: true * **Updated**: [lib_trap_on_exit.sh](../lib/lib_trap_on_exit.sh) * **Updated**: [9000-cdi-starter](../scripts/9000-cdi-starter) * **Updated**: [9980_usb_guard.chroot](../config/hooks/live/9980_usb_guard.chroot) +* **Updated**: [9998_sources_list_bookworm.chroot](../config/hooks/live/9998_sources_list_bookworm.chroot) +* **Updated**: [9998_sources_list_trixie.chroot](../config/hooks/live/9998_sources_list_trixie.chroot) +* **Updated**: [9999_interfaces_update.chroot](../config/hooks/live/9999_interfaces_update.chroot) * **Updated**: [lib_cdi.sh](../lib/lib_cdi.sh) Unified Kernel bootparameter. * **Updated**: [lib_lb_config_write_trixie.sh](../lib/lib_lb_config_write_trixie.sh) Unified Kernel bootparameter. * **Updated**: [lib_run_analysis.sh](../lib/lib_run_analysis.sh) diff --git a/lib/lib_lb_build_start.sh b/lib/lib_lb_build_start.sh index b799f92..a889544 100644 --- a/lib/lib_lb_build_start.sh +++ b/lib/lib_lb_build_start.sh @@ -19,30 +19,37 @@ guard_sourcing # VAR_BUILD_LOG # VAR_HANDLER_BUILD_DIR # Arguments: -# None +# None ####################################### lb_build_start() { printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿ”จ Start Build... Log file: %s \e[0m\n" "${VAR_BUILD_LOG}" - # sleep 1 # shellcheck disable=SC2164 cd "${SCRIPT_BASEPATH}" + # shellcheck disable=SC2164 cd "${VAR_HANDLER_BUILD_DIR}" + # shellcheck disable=SC2312 if lb build --color 2>&1 | tee "${VAR_BUILD_LOG}"; then + printf "\e[92mโœ… Build successfully completed.\e[0m\n" + else + printf "\e[91mโŒ Build failed!\e[0m\n" >&2 exit "${ERR_UNCRITICAL}" + fi # shellcheck disable=SC2155 declare iso_file=$(find . -maxdepth 1 -type f -name "*.iso" | sort | tail -n1) - if [[ -z ${iso_file} || ! -f ${iso_file} ]]; then + if [[ -z ${iso_file} || ! -f ${iso_file} ]]; then + printf "\e[91mโŒ No ISO Image found.\e[0m\n" >&2 exit "${ERR_UNCRITICAL}" + fi } # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/lib/lib_lb_config_start.sh b/lib/lib_lb_config_start.sh index 23b62a8..795f0d2 100644 --- a/lib/lib_lb_config_start.sh +++ b/lib/lib_lb_config_start.sh @@ -17,29 +17,36 @@ guard_sourcing # Globals: # VAR_HANDLER_BUILD_DIR # Arguments: -# $0: Script-name +# 0: Script-name ####################################### lb_config_start() { printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช '%s' starting ... \e[0m\n" "${0}" if [[ ! -d ${VAR_HANDLER_BUILD_DIR} ]]; then + mkdir -p "${VAR_HANDLER_BUILD_DIR}" # shellcheck disable=SC2164 cd "${VAR_HANDLER_BUILD_DIR}" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… '%s' created. \e[0m\n" "${VAR_HANDLER_BUILD_DIR}" + else + # shellcheck disable=SC2164 cd "${VAR_HANDLER_BUILD_DIR}" + fi if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/.build" ]]; then + printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช Preparing environment ... \e[0m\n" # Start lb config in a completely detached shell bash -c "lb config" & disown sleep 1 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Preparing environment done.\e[0m\n" + else + printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช Deleting former config, binary and cache ... \e[0m\n" rm -f ./config/binary rm -f ./config/bootstrap @@ -52,6 +59,7 @@ lb_config_start() { disown sleep 1 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Deleting former config, binary and cache done.\e[0m\n" + fi } # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/lib/lib_note_target.sh b/lib/lib_note_target.sh index 7c44e08..e51f061 100644 --- a/lib/lib_note_target.sh +++ b/lib/lib_note_target.sh @@ -22,7 +22,7 @@ note_target() { printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช %s starting ... \e[0m\n" "${BASH_SOURCE[0]}" - cat << EOF >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/cdlb.txt" + cat << EOF >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/ciss-debian-live-builder.txt" ################################################################################ This CISS.debian.live ISO was built by: diff --git a/var/early.var.sh b/var/early.var.sh index 717214c..2e875e1 100644 --- a/var/early.var.sh +++ b/var/early.var.sh @@ -15,7 +15,7 @@ # shellcheck disable=SC2155 declare -grx VAR_CONTACT="security@coresecret.eu" declare -grx VAR_VERSION="Master V8.13.064.2025.10.07" -declare -grx VAR_SYSTEM="$(uname -a)" +declare -grx VAR_SYSTEM="$(uname -mnosv)" declare -gx VAR_EARLY_DEBUG="false" declare -gx VAR_HANDLER_AUTOBUILD="false"