msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m50s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 49m56s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-08-22 16:51:00 +02:00
parent 1330ed9cc9
commit 8da33a5e38
3 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/trigger/t_generate_PRIVATE_trixie.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
build: build:
counter: 1024 counter: 1023
version: V8.13.008.2025.08.22 version: V8.13.008.2025.08.22
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

19
.gitea/workflows/generate_PRIVATE_trixie.yaml
View File

@@ -37,6 +37,7 @@ jobs:
steps: steps:
- name: 🛠️ Basic Image Setup. - name: 🛠️ Basic Image Setup.
shell: bash
run: | run: |
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get update apt-get update
@@ -45,6 +46,7 @@ jobs:
apt-utils \ apt-utils \
bash \ bash \
ca-certificates \ ca-certificates \
curl \
git \ git \
gnupg \ gnupg \
openssh-client \ openssh-client \
@@ -53,10 +55,12 @@ jobs:
util-linux util-linux
- name: ⚙️ Check GnuPG Version. - name: ⚙️ Check GnuPG Version.
shell: bash
run: | run: |
gpg --version gpg --version
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config. - name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: | run: |
rm -rf ~/.ssh && mkdir -m700 ~/.ssh rm -rf ~/.ssh && mkdir -m700 ~/.ssh
@@ -81,6 +85,7 @@ jobs:
### https://github.com/actions/checkout/issues/1843 ### https://github.com/actions/checkout/issues/1843
- name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues. - name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
env: env:
### GITHUB_REF_NAME contains the branch name from the push event. ### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_REF_NAME: ${{ github.ref_name }}
@@ -89,11 +94,13 @@ jobs:
git fetch --unshallow || echo "Nothing to fetch - already full clone." git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace. - name: 🛠️ Cleaning the workspace.
shell: bash
run: | run: |
git reset --hard git reset --hard
git clean -fd git clean -fd
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key. - name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files. ### GPG-Home relative to the Runner Workspace to avoid changing global files.
@@ -108,6 +115,7 @@ jobs:
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf" echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits. - name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg" export GNUPGHOME="$(pwd)/.gnupg"
@@ -118,6 +126,7 @@ jobs:
git config gpg.format openpgp git config gpg.format openpgp
- name: ⚙️ Preparing the build environment. - name: ⚙️ Preparing the build environment.
shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
mkdir -p /opt/config mkdir -p /opt/config
@@ -128,6 +137,7 @@ jobs:
echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY }}" >| /opt/config/authorized_keys echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY }}" >| /opt/config/authorized_keys
- name: 🛠️ Starting CISS.debian.live.builder. This may take a while ... - name: 🛠️ Starting CISS.debian.live.builder. This may take a while ...
shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
chmod 0755 ciss_live_builder.sh chmod 0755 ciss_live_builder.sh
@@ -148,6 +158,7 @@ jobs:
--trixie --trixie
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs. - name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
shell: bash
env: env:
NC_BASE: "https://cloud.e2ee.li" NC_BASE: "https://cloud.e2ee.li"
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}" SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}"
@@ -185,6 +196,7 @@ jobs:
fi fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV. - name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
shell: bash
env: env:
NC_BASE: "https://cloud.e2ee.li" NC_BASE: "https://cloud.e2ee.li"
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}" SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}"
@@ -210,6 +222,7 @@ jobs:
fi fi
- name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file. - name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
shell: bash
run: | run: |
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!" echo "❌ There must be exactly one .iso file in the directory!"
@@ -257,6 +270,7 @@ jobs:
EOF EOF
- name: 🚧 Stash local changes (including untracked). - name: 🚧 Stash local changes (including untracked).
shell: bash
env: env:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
run: | run: |
@@ -265,6 +279,7 @@ jobs:
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash." git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy. - name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env: env:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
run: | run: |
@@ -282,6 +297,7 @@ jobs:
git log --oneline -n 5 git log --oneline -n 5
- name: 🛠️ Restore stashed changes. - name: 🛠️ Restore stashed changes.
shell: bash
env: env:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
run: | run: |
@@ -290,6 +306,7 @@ jobs:
git stash pop || echo "✔️ Nothing to pop." git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files. - name: 📦 Stage generated files.
shell: bash
env: env:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
run: | run: |
@@ -298,6 +315,7 @@ jobs:
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add." git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata. - name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env: env:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
run: | run: |
@@ -333,6 +351,7 @@ jobs:
fi fi
- name: 🔁 Push back to repository. - name: 🔁 Push back to repository.
shell: bash
env: env:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
run: | run: |

6
.gitea/workflows/linter_char_scripts.yaml
View File

@@ -202,11 +202,12 @@ jobs:
echo -e "⚠️ Linting issues detected:\n" echo -e "⚠️ Linting issues detected:\n"
echo -e "${findings}" echo -e "${findings}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
VAR_DATE="$(date +%F)"
PRIVATE_FILE="LINTER_RESULTS.txt" PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}" touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}" cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -225,11 +226,12 @@ jobs:
else else
echo "✅ No issues found in shell scripts." echo "✅ No issues found in shell scripts."
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
VAR_DATE="$(date +%F)"
PRIVATE_FILE="LINTER_RESULTS.txt" PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}" touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}" cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>