From 87905d693c6f9c2367932844b5137d178862ae469ba8698eff92bd42a9486ebb Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Mon, 23 Jun 2025 18:46:10 +0200 Subject: [PATCH] V8.03.768.2025.06.23 Signed-off-by: Marc S. Weidner --- ciss_live_builder.sh | 23 +++++++------------ lib/lib_arg_parser.sh | 2 ++ lib/lib_arg_priority_check.sh | 2 ++ lib/lib_boot_screen.sh | 2 ++ lib/lib_cdi.sh | 2 ++ lib/lib_change_splash.sh | 2 ++ lib/lib_check_dhcp.sh | 2 ++ lib/lib_check_hooks.sh | 2 ++ lib/lib_check_kernel.sh | 2 ++ lib/lib_check_pkgs.sh | 4 +++- lib/lib_check_provider.sh | 2 ++ lib/lib_check_stats.sh | 2 ++ lib/lib_check_var.sh | 2 ++ lib/lib_clean_screen.sh | 2 ++ lib/lib_clean_up.sh | 2 ++ lib/lib_copy_integrity.sh | 2 ++ lib/lib_debug.sh | 4 +++- lib/lib_debug_header.sh | 8 ++++--- lib/lib_debug_var_git.sh | 36 ++++++++++++++++++++++++++++++ lib/lib_guard_sourcing.sh | 42 +++++++++++++++++++++++++++++++++++ lib/lib_hardening_root_pw.sh | 2 ++ lib/lib_hardening_ssh.sh | 2 ++ lib/lib_hardening_ultra.sh | 2 ++ lib/lib_helper_ip.sh | 2 ++ lib/lib_lb_build_start.sh | 2 ++ lib/lib_lb_config_start.sh | 2 ++ lib/lib_lb_config_write.sh | 2 ++ lib/lib_provider_netcup.sh | 2 ++ lib/lib_run_analysis.sh | 2 ++ lib/lib_sanitizer.sh | 2 ++ lib/lib_trap_on_err.sh | 6 +++-- lib/lib_trap_on_exit.sh | 2 ++ meta_sources_debug.sh | 32 ++++++++++++++++++++++++++ var/early.var.sh | 24 ++++++++++++++++++++ var/global.var.sh | 6 ----- 35 files changed, 207 insertions(+), 28 deletions(-) create mode 100644 lib/lib_debug_var_git.sh create mode 100644 lib/lib_guard_sourcing.sh create mode 100644 meta_sources_debug.sh create mode 100644 var/early.var.sh diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh index 143e3eb..4a0eb2f 100644 --- a/ciss_live_builder.sh +++ b/ciss_live_builder.sh @@ -40,23 +40,18 @@ [[ ${#} -eq 0 ]] && { . ./lib/lib_usage.sh; usage; exit 1; } -declare -gx VAR_CONTACT="security@coresecret.eu" -declare -gx VAR_VERSION="Master V8.03.768.2025.06.23" +### SOURCING MUST SET EARLY VARIABLES AND GUARD_SOURCING() +. ./var/early.var.sh +. ./lib/lib_guard_sourcing.sh -### CHECK FOR CONTACT, HELP, AND VERSION STRING +### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/lib_usage.sh; usage; exit 0;; esac; done for arg in "$@"; do case "${arg,,}" in -v|--version) printf "\e[95mCISS.debian.live.builder Version: %s\e[0m\n" "${VAR_VERSION}"; exit 0;; esac; done -declare -gx VAR_SETUP="true" -### CHECK FOR XTRACE DEBUG -if [[ $* == *" --debug "* ]]; then - . ./lib/lib_debug.sh - . ./lib/lib_debug_header.sh - debugger "${@}" -else - declare -gx VAR_EARLY_DEBUG="false" -fi +### ALL CHECKS DONE. READY TO START THE SCRIPT +for arg in "$@"; do case "${arg,,}" in -d|--debug) . ./meta_sources_debug.sh; check_git; debugger "${@}";; esac; done +declare -gx VAR_SETUP="true" ### SOURCING VARIABLES [[ "${VAR_SETUP}" == true ]] && { @@ -109,9 +104,7 @@ if ! flock -x -n 127; then fi ### CHECK FOR AUTOBUILD MODE -declare -gx VAR_HANDLER_AUTOBUILD="false" -for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -gx VAR_HANDLER_AUTOBUILD="true"; declare -gx VAR_KERNEL="${arg#*=}";; esac; done -unset arg +for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -gx VAR_HANDLER_AUTOBUILD="true"; declare -gx VAR_KERNEL="${arg#*=}";; esac; done; unset arg for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *) PATH="${PATH}:${dir}" ;; esac; done; export PATH; unset dir ### CHECKING REQUIRED PACKAGES diff --git a/lib/lib_arg_parser.sh b/lib/lib_arg_parser.sh index 4fbcb76..8366493 100644 --- a/lib/lib_arg_parser.sh +++ b/lib/lib_arg_parser.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Argument Parser # Globals: diff --git a/lib/lib_arg_priority_check.sh b/lib/lib_arg_priority_check.sh index d5aeceb..10a1ec3 100644 --- a/lib/lib_arg_priority_check.sh +++ b/lib/lib_arg_priority_check.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Check and setup Script Priorities # Globals: diff --git a/lib/lib_boot_screen.sh b/lib/lib_boot_screen.sh index 49e83fa..407a856 100644 --- a/lib/lib_boot_screen.sh +++ b/lib/lib_boot_screen.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Set up a gauge Dialog Wrapper. # Globals: diff --git a/lib/lib_cdi.sh b/lib/lib_cdi.sh index 13bda8f..97c634b 100644 --- a/lib/lib_cdi.sh +++ b/lib/lib_cdi.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # CISS.2025.debian.installer GRUB and Autostart Generator # Globals: diff --git a/lib/lib_change_splash.sh b/lib/lib_change_splash.sh index 2788632..16fffaf 100644 --- a/lib/lib_change_splash.sh +++ b/lib/lib_change_splash.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Change Grub Boot Screen Splash # Globals: diff --git a/lib/lib_check_dhcp.sh b/lib/lib_check_dhcp.sh index 5aeae30..df29d8f 100644 --- a/lib/lib_check_dhcp.sh +++ b/lib/lib_check_dhcp.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Check if hardened Centurion DNS servers are desired. # Globals: diff --git a/lib/lib_check_hooks.sh b/lib/lib_check_hooks.sh index cf05f1c..5af8235 100644 --- a/lib/lib_check_hooks.sh +++ b/lib/lib_check_hooks.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Check and apply 0755 Permissions on every ./config/hooks/live/*.chroot file # Globals: diff --git a/lib/lib_check_kernel.sh b/lib/lib_check_kernel.sh index eee8030..8760f81 100644 --- a/lib/lib_check_kernel.sh +++ b/lib/lib_check_kernel.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Kernel Image Selector # Globals: diff --git a/lib/lib_check_pkgs.sh b/lib/lib_check_pkgs.sh index 8c91b53..ce5e8c1 100644 --- a/lib/lib_check_pkgs.sh +++ b/lib/lib_check_pkgs.sh @@ -10,13 +10,15 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Check for required Deb Packages to run the script. # Arguments: # None ####################################### check_pkgs() { - apt-get update -y + apt-get update -y > /dev/null 2>&1 if [[ -z "$(command -v lsb_release || true)" ]]; then apt-get install -y --no-install-recommends lsb-release diff --git a/lib/lib_check_provider.sh b/lib/lib_check_provider.sh index 930fbc4..ca4fa6d 100644 --- a/lib/lib_check_provider.sh +++ b/lib/lib_check_provider.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Notes Textbox # Arguments: diff --git a/lib/lib_check_stats.sh b/lib/lib_check_stats.sh index f37b053..3fd5aea 100644 --- a/lib/lib_check_stats.sh +++ b/lib/lib_check_stats.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Check if analysis run is desired only. # Globals: diff --git a/lib/lib_check_var.sh b/lib/lib_check_var.sh index 6c59bf8..ea19ae7 100644 --- a/lib/lib_check_var.sh +++ b/lib/lib_check_var.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Unbound Variable Check and call Trap on ERR # Globals: diff --git a/lib/lib_clean_screen.sh b/lib/lib_clean_screen.sh index 0ea221a..0b8ac2a 100644 --- a/lib/lib_clean_screen.sh +++ b/lib/lib_clean_screen.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Terminal cleaner before Trap on Error # Arguments: diff --git a/lib/lib_clean_up.sh b/lib/lib_clean_up.sh index c7650d1..362dd5d 100644 --- a/lib/lib_clean_up.sh +++ b/lib/lib_clean_up.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Clean Up Wrapper on Trap on 'ERR' and 'EXIT'. # Globals: diff --git a/lib/lib_copy_integrity.sh b/lib/lib_copy_integrity.sh index 3501b50..597af7d 100644 --- a/lib/lib_copy_integrity.sh +++ b/lib/lib_copy_integrity.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Copy Initial ISO aide Database into Host System # Globals: diff --git a/lib/lib_debug.sh b/lib/lib_debug.sh index 7d41bba..b500456 100644 --- a/lib/lib_debug.sh +++ b/lib/lib_debug.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Debugger Wrapper for xtrace to Debug Log # Globals: @@ -34,7 +36,7 @@ debugger() { declare -p "${var}" 2>/dev/null done < <(compgen -v | grep -Ev '^(BASH|_).*') } | sort >| "${VAR_DUMP_VARS_INITIAL}" - declare -gx VAR_EARLY_DEBUG=true + declare -gx VAR_EARLY_DEBUG="true" ### Set a verbose PS4 prompt including timestamp, source, line, exit status, and function name declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m ' # shellcheck disable=SC2155 diff --git a/lib/lib_debug_header.sh b/lib/lib_debug_header.sh index 08aef83..8b38e02 100644 --- a/lib/lib_debug_header.sh +++ b/lib/lib_debug_header.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Generates Debug Log Header # Globals: @@ -30,11 +32,9 @@ debug_header() { declare -r arg_counter="$1" declare -r arg_string="$2" - # shellcheck disable=SC2155 - declare git_head=$(git rev-parse HEAD) { printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" - printf "\e[97m+\e[0m\e[92m%s: Git Commit : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${git_head}" + printf "\e[97m+\e[0m\e[92m%s: Git Commit : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_HEAD_FULL}" printf "\e[97m+\e[0m\e[92m%s: Version : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_VERSION}" printf "\e[97m+\e[0m\e[92m%s: Epoch : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EPOCHREALTIME}" printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[0]}" @@ -45,6 +45,7 @@ debug_header() { printf "\e[97m+\e[0m\e[92m%s: UID : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${UID}" printf "\e[97m+\e[0m\e[92m%s: EUID : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EUID}" printf "\e[97m+\e[0m\e[92m%s: Hostname : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${HOSTNAME}" + printf "\e[97m+\e[0m\e[92m%s: Hostsystem : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_SYSTEM}" printf "\e[97m+\e[0m\e[92m%s: Script name : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$0" printf "\e[97m+\e[0m\e[92m%s: Argument Counter : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_counter}" printf "\e[97m+\e[0m\e[92m%s: Argument String Original : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_string}" @@ -53,6 +54,7 @@ debug_header() { printf "\e[97m+\e[0m\e[92m%s: Script work DIR : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${PWD}" printf "\e[97m+\e[0m\e[92m%s: Shell Options : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$-" printf "\e[97m+\e[0m\e[92m%s: BASHOPTS : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASHOPTS}" + printf "\e[97m+\e[0m\e[92m%s: SHELLOPTS : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${SHELLOPTS}" printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" } >&42 } diff --git a/lib/lib_debug_var_git.sh b/lib/lib_debug_var_git.sh new file mode 100644 index 0000000..f6d450e --- /dev/null +++ b/lib/lib_debug_var_git.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# SPDX-Version: 3.0 +# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; +# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git +# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency +# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; +# SPDX-FileType: SOURCE +# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 +# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. +# SPDX-PackageName: CISS.debian.live.builder +# SPDX-Security-Contact: security@coresecret.eu + +guard_sourcing + +####################################### +# Define Git Repo related Variables. +# Globals: +# VAR_GIT_HEAD +# VAR_GIT_REL +# VAR_GIT_REL_DATE +# VAR_GIT_REL_DATE_TIME +# VAR_GIT_REL_SHORT +# Arguments: +# None +####################################### +check_git() { + # shellcheck disable=SC2155 + if git rev-parse --is-inside-work-tree &>/dev/null; then + declare -grx VAR_GIT_REL="$(git log --format='%h %ci' -1 2>/dev/null | awk '{ print $1" "$2" "$3 }')" + declare -grx VAR_GIT_REL_SHORT="${VAR_GIT_REL%% *}" + declare -grx VAR_GIT_REL_DATE_TIME="${VAR_GIT_REL#* }" + declare -grx VAR_GIT_REL_DATE="${VAR_GIT_REL_DATE_TIME% *}" + declare -grx VAR_GIT_HEAD_FULL="$(git rev-parse HEAD)" + fi +} +# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/lib/lib_guard_sourcing.sh b/lib/lib_guard_sourcing.sh new file mode 100644 index 0000000..584ee8d --- /dev/null +++ b/lib/lib_guard_sourcing.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# SPDX-Version: 3.0 +# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; +# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git +# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency +# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; +# SPDX-FileType: SOURCE +# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 +# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. +# SPDX-PackageName: CISS.debian.live.builder +# SPDX-Security-Contact: security@coresecret.eu + +####################################### +# Prevent the caller LIB-file from being sourced twice. +# Derive a safe guard-variable name from the caller script filename. +# Globals: +# BASH_SOURCE +# Arguments: +# $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically. +# Returns: +# 0: Returns '0' in both cases as they are intended to be successful. +####################################### +guard_sourcing() { + ### Determine the caller script (the library being sourced). + declare var_src="${1:-${BASH_SOURCE[1]}}" + ### Strip path, keep only filename + declare var_file_name="${var_src##*/}" + ### Sanitize to valid var name. + declare var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}" + ### Build guard-variable name. + declare var_guard_var="_${var_safe_name}_LOADED" + + ### If already loaded, abort sourcing + if [[ -n "${!var_guard_var:-}" ]]; then + return 0 + fi + + ### Mark as loaded (readonly + exported) + declare -grx "${var_guard_var}"=1 + return 0 +} +# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/lib/lib_hardening_root_pw.sh b/lib/lib_hardening_root_pw.sh index 53e5dc1..2333e8e 100644 --- a/lib/lib_hardening_root_pw.sh +++ b/lib/lib_hardening_root_pw.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Updates the Live ISO to use root password authentication for local console access. # Globals: diff --git a/lib/lib_hardening_ssh.sh b/lib/lib_hardening_ssh.sh index d84fb06..afb368c 100644 --- a/lib/lib_hardening_ssh.sh +++ b/lib/lib_hardening_ssh.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # SSH Hardening Ultra via TCP Wrapper # Globals: diff --git a/lib/lib_hardening_ultra.sh b/lib/lib_hardening_ultra.sh index 37729b2..d0fe202 100644 --- a/lib/lib_hardening_ultra.sh +++ b/lib/lib_hardening_ultra.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Wrapper for accompanying all CISS.debian.hardening features into the Live ISO image. # Globals: diff --git a/lib/lib_helper_ip.sh b/lib/lib_helper_ip.sh index b005501..4b6b18f 100644 --- a/lib/lib_helper_ip.sh +++ b/lib/lib_helper_ip.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # IP Notation cleaner for pure IP output only # Globals: diff --git a/lib/lib_lb_build_start.sh b/lib/lib_lb_build_start.sh index bea72e1..b799f92 100644 --- a/lib/lib_lb_build_start.sh +++ b/lib/lib_lb_build_start.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Wrapper to write a new 'lb config' environment. # Globals: diff --git a/lib/lib_lb_config_start.sh b/lib/lib_lb_config_start.sh index e468fc6..23b62a8 100644 --- a/lib/lib_lb_config_start.sh +++ b/lib/lib_lb_config_start.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Wrapper for 'lb config' - set up a build environment or deleting old build artifacts. # Globals: diff --git a/lib/lib_lb_config_write.sh b/lib/lib_lb_config_write.sh index 0f8ff48..e9f1568 100644 --- a/lib/lib_lb_config_write.sh +++ b/lib/lib_lb_config_write.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Wrapper to write a new 'lb config' environment. # Globals: diff --git a/lib/lib_provider_netcup.sh b/lib/lib_provider_netcup.sh index 6cb0313..2ac41e0 100644 --- a/lib/lib_provider_netcup.sh +++ b/lib/lib_provider_netcup.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Notes Textbox # Arguments: diff --git a/lib/lib_run_analysis.sh b/lib/lib_run_analysis.sh index 01c8f2a..a9959d6 100644 --- a/lib/lib_run_analysis.sh +++ b/lib/lib_run_analysis.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Wrapper for statistic functions of the final build. # Globals: diff --git a/lib/lib_sanitizer.sh b/lib/lib_sanitizer.sh index c7061f4..ba7c7ac 100644 --- a/lib/lib_sanitizer.sh +++ b/lib/lib_sanitizer.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Argument Check Wrapper # Arguments: diff --git a/lib/lib_trap_on_err.sh b/lib/lib_trap_on_err.sh index a21f2ba..61caad0 100644 --- a/lib/lib_trap_on_err.sh +++ b/lib/lib_trap_on_err.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Print Error Message for Trap on 'ERR' in ${ERROR_LOG} # Globals: @@ -35,7 +37,7 @@ print_file_err() { { printf "❌ CISS.debian.live.builder Script failed. \n" printf "❌ Version : %s \n" "${VAR_VERSION}" - printf "❌ Environment : %s \n" "${VAR_SYSTEM}" + printf "❌ Hostsystem : %s \n" "${VAR_SYSTEM}" printf "❌ Error : %s \n" "${ERRCODE}" printf "❌ Line : %s \n" "${ERRLINE}" printf "❌ Script : %s \n" "${ERRSCRT}" @@ -78,7 +80,7 @@ print_file_err() { print_scr_err() { printf "\e[91m❌ CISS.debian.live.builder Script failed. \e[0m\n" >&2 printf "\e[91m❌ Version : %s \e[0m\n" "${VAR_VERSION}" >&2 - printf "\e[91m❌ Environment : %s \e[0m\n" "${VAR_SYSTEM}" >&2 + printf "\e[91m❌ Hostsystem : %s \e[0m\n" "${VAR_SYSTEM}" >&2 printf "\e[91m❌ Error : %s \e[0m\n" "${ERRCODE}" >&2 printf "\e[91m❌ Line : %s \e[0m\n" "${ERRLINE}" >&2 printf "\e[91m❌ Script : %s \e[0m\n" "${ERRSCRT}" >&2 diff --git a/lib/lib_trap_on_exit.sh b/lib/lib_trap_on_exit.sh index df887bc..027436a 100644 --- a/lib/lib_trap_on_exit.sh +++ b/lib/lib_trap_on_exit.sh @@ -10,6 +10,8 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +guard_sourcing + ####################################### # Trap function to be called on 'EXIT'. # Globals: diff --git a/meta_sources_debug.sh b/meta_sources_debug.sh new file mode 100644 index 0000000..625c557 --- /dev/null +++ b/meta_sources_debug.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# SPDX-Version: 3.0 +# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; +# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git +# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency +# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; +# SPDX-FileType: SOURCE +# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 +# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. +# SPDX-PackageName: CISS.debian.live.builder +# SPDX-Security-Contact: security@coresecret.eu + +### Prevent this file from being sourced twice. Derive a safe guard-variable name from the script filename. +var_file_name="${BASH_SOURCE[0]##*/}" +var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}" +var_guard_var="_${var_safe_name}_LOADED" + +### If var_guard_var is already set, abort sourcing. +if [[ -n "${!var_guard_var:-}" ]]; then + unset var_file_name var_safe_name var_guard_var + return 0 +fi + +### Set var_guard_var and make it readonly+exported +declare -grx "${var_guard_var}"=1 +unset var_file_name var_safe_name var_guard_var + +### Sourcing Debug Libs +. ./lib/lib_debug.sh +. ./lib/lib_debug_header.sh +. ./lib/lib_debug_var_git.sh +# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/var/early.var.sh b/var/early.var.sh new file mode 100644 index 0000000..633d217 --- /dev/null +++ b/var/early.var.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# SPDX-Version: 3.0 +# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; +# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git +# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency +# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; +# SPDX-FileType: SOURCE +# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 +# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. +# SPDX-PackageName: CISS.debian.live.builder +# SPDX-Security-Contact: security@coresecret.eu + +### Definition of MUST set early Variables + +# shellcheck disable=SC2155 +declare -agx ARY_PARAM_ARRAY=("$@") +declare -grx VAR_PARAM_COUNT="$#" +declare -grx VAR_PARAM_STRNG="$*" +declare -grx VAR_CONTACT="security@coresecret.eu" +declare -grx VAR_VERSION="Master V8.03.768.2025.06.23" +declare -grx VAR_SYSTEM="$(uname -a)" +declare -gx VAR_HANDLER_AUTOBUILD="false" +umask 0022 +# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/var/global.var.sh b/var/global.var.sh index ce043b1..16db268 100644 --- a/var/global.var.sh +++ b/var/global.var.sh @@ -10,17 +10,11 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -# shellcheck disable=SC2155 -declare -gr VAR_SYSTEM="$(uname -a)" # shellcheck disable=SC2155 declare -gr VAR_ISO8601="$(date +%Y_%m_%d_%H_%M_%S)" -# shellcheck disable=SC2155 declare -gr VAR_KERNEL_INF="$(mktemp)" -# shellcheck disable=SC2155 declare -gr VAR_KERNEL_TMP="$(mktemp)" -# shellcheck disable=SC2155 declare -gr VAR_KERNEL_SRT="$(mktemp)" -# shellcheck disable=SC2155 declare -gr VAR_NOTES="$(mktemp)" if "${VAR_EARLY_DEBUG}"; then