msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V9.14.016.2026.06.06
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2026-06-06 18:37:43 +01:00
parent fa1a31ef64
commit 8b6731f1be
4 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums
+11 -2
View File
@@ -77,6 +77,8 @@ Verify_checksums() {
LIVE_VERIFY_CHECKSUMS_SIGNATURES="false" LIVE_VERIFY_CHECKSUMS_SIGNATURES="false"
_CHECKSUM_LOG=""
_KEYFILE="" _KEYFILE=""
_MP="" _MP=""
@@ -249,7 +251,7 @@ Verify_checksums() {
if /usr/bin/gpgv --keyring "${_KEYFILE}" --status-fd 1 "${_CHECKSUM_SIGNATURE}" "${_CHECKSUM}"; then if /usr/bin/gpgv --keyring "${_KEYFILE}" --status-fd 1 "${_CHECKSUM_SIGNATURE}" "${_CHECKSUM}"; then
_RETURN_PGP="${?}" _RETURN_PGP="${?}"
log_in "Checking signature of: [${_CHECKSUM}] successful." log_ok "Checking signature of: [${_CHECKSUM}] successful."
else else
@@ -265,15 +267,22 @@ Verify_checksums() {
fi fi
# shellcheck disable=SC2312 # shellcheck disable=SC2312
if grep -v '^#' "${_CHECKSUM}" | /usr/bin/"${_DIGEST}"sum -c > "${_TTY}"; then _CHECKSUM_LOG="/run/ciss-${_DIGEST}sum-check.log"
if grep -v '^#' "${_CHECKSUM}" | LC_ALL=C /usr/bin/"${_DIGEST}"sum -c > "${_CHECKSUM_LOG}" 2>&1; then
_RETURN_SHA="${?}" _RETURN_SHA="${?}"
cat "${_CHECKSUM_LOG}" > "${_TTY}"
log_ok "Found: [/usr/bin/${_DIGEST}sum] successful verified: [${_CHECKSUM}]" log_ok "Found: [/usr/bin/${_DIGEST}sum] successful verified: [${_CHECKSUM}]"
else else
_RETURN_SHA="${?}" _RETURN_SHA="${?}"
cat "${_CHECKSUM_LOG}" > "${_TTY}"
log_er "Found: [/usr/bin/${_DIGEST}sum] unsuccessful verified: [${_CHECKSUM}]" log_er "Found: [/usr/bin/${_DIGEST}sum] unsuccessful verified: [${_CHECKSUM}]"
log_er "Checksum verification failed. Failed entries:"
if ! grep -E ': FAILED$|FAILED open or read|No such file or directory|WARNING:' "${_CHECKSUM_LOG}" >&2; then
cat "${_CHECKSUM_LOG}" >&2
fi
fi fi
docs/CHANGELOG.md
+3
View File
@@ -16,6 +16,9 @@ include_toc: true
* **Changed**: [zzzz_ciss_uki_build.hook.binary](../config/hooks/live/zzzz_ciss_uki_build.hook.binary) * **Changed**: [zzzz_ciss_uki_build.hook.binary](../config/hooks/live/zzzz_ciss_uki_build.hook.binary)
* **Changed**: [zzzz_ciss_uki_install.hook.binary](../config/hooks/live/zzzz_ciss_uki_install.hook.binary) * **Changed**: [zzzz_ciss_uki_install.hook.binary](../config/hooks/live/zzzz_ciss_uki_install.hook.binary)
* **Changed**: [lib_secureboot_profile.sh](../lib/lib_secureboot_profile.sh) * **Changed**: [lib_secureboot_profile.sh](../lib/lib_secureboot_profile.sh)
* **Changed**: [binary_checksums.sh](../scripts/usr/lib/live/build/binary_checksums.sh) added ``\! -path './boot/grub/grub_eltorito' \``
* **Changed**: [lib_trap_on_exit.sh](../lib/lib_trap_on_exit.sh) changed ``if [[ "${ERRTRAP}" != "true" ]]; then`` shellcheck SC2335
* **Changed**: [0030-ciss-verify-checksums](../config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums) increased verbosity of sha---sum verification.
## V9.14.008.2026.06.04 ## V9.14.008.2026.06.04
* **Added**: [zzzz_ciss_uki_build.hook.binary](../config/hooks/live/zzzz_ciss_uki_build.hook.binary) * **Added**: [zzzz_ciss_uki_build.hook.binary](../config/hooks/live/zzzz_ciss_uki_build.hook.binary)
lib/lib_trap_on_exit.sh
+4 -4
View File
@@ -38,7 +38,7 @@ trap_on_exit() {
trap - DEBUG ERR EXIT INT TERM trap - DEBUG ERR EXIT INT TERM
### Defensive shell behavior inside trap. ### Defensive shell behavior inside the trap.
set +e +o pipefail set +e +o pipefail
if (( errcode == 0 )); then if (( errcode == 0 )); then
@@ -53,7 +53,7 @@ trap_on_exit() {
else else
if [[ ! "${ERRTRAP}" == "true" ]]; then if [[ "${ERRTRAP}" != "true" ]]; then
if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
@@ -72,7 +72,7 @@ trap_on_exit() {
readonly -f trap_on_exit readonly -f trap_on_exit
####################################### #######################################
# Print success message for trap on 'EXIT' on 'stdout'. # Print a success message for the trap on 'EXIT' on 'stdout'.
# Globals: # Globals:
# LOG_DEBUG # LOG_DEBUG
# LOG_VAR # LOG_VAR
@@ -131,7 +131,7 @@ print_scr_exit() {
readonly -f print_scr_exit readonly -f print_scr_exit
####################################### #######################################
# Trap on 'EXIT' handler for 'non-0' exit-code. # Trap on the 'EXIT' handler for 'non-0' exit-code.
# Globals: # Globals:
# BASHOPTS # BASHOPTS
# EPOCHREALTIME # EPOCHREALTIME
scripts/usr/lib/live/build/binary_checksums.sh
+4 -3
View File
@@ -17,7 +17,7 @@
## Modified Version of the original file: ## Modified Version of the original file:
## live-build(7) - System Build Scripts ## Live-build(7) - System Build Scripts
## Copyright (C) 2016-2020 The Debian Live team ## Copyright (C) 2016-2020 The Debian Live team
## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch> ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
## ##
@@ -50,7 +50,7 @@ if [ "${LB_CHECKSUMS}" = "none" ]; then
fi fi
if [ "${LB_INITRAMFS}" = "dracut-live" ]; then if [ "${LB_INITRAMFS}" = "dracut-live" ]; then
### The checksums will be generated by binary_iso. ### Binary_iso will generate the checksums.
exit 0 exit 0
fi fi
@@ -85,7 +85,8 @@ for CHECKSUM in ${LB_CHECKSUMS}; do
find . -type f \ find . -type f \
\! -path './isolinux/isolinux.bin' \ \! -path './isolinux/isolinux.bin' \
\! -path './boot/boot.bin' \ \! -path './boot/boot.bin' \
\! -path './boot/grub/stage2_eltorito' \ \! -path './boot/grub/grub_eltorito' \
\! -path './boot/grub/stage2_eltorito' \
\! -path './live/filesystem.squashfs' \ \! -path './live/filesystem.squashfs' \
\! -path './*SUMS' \ \! -path './*SUMS' \
\! -path './*sum.txt' \ \! -path './*sum.txt' \