From 8da33a5e3874d7b597384608ba919671c60d9abbb0374c69a5c94d46cc1e479b Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Fri, 22 Aug 2025 16:51:00 +0200 Subject: [PATCH] V8.13.008.2025.08.22 Signed-off-by: Marc S. Weidner --- .gitea/trigger/t_generate_PRIVATE_trixie.yaml | 2 +- .gitea/workflows/generate_PRIVATE_trixie.yaml | 19 +++++++++++++++++++ .gitea/workflows/linter_char_scripts.yaml | 6 ++++-- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/.gitea/trigger/t_generate_PRIVATE_trixie.yaml b/.gitea/trigger/t_generate_PRIVATE_trixie.yaml index 403d0b4..b192b23 100644 --- a/.gitea/trigger/t_generate_PRIVATE_trixie.yaml +++ b/.gitea/trigger/t_generate_PRIVATE_trixie.yaml @@ -10,6 +10,6 @@ # SPDX-Security-Contact: security@coresecret.eu build: - counter: 1024 + counter: 1023 version: V8.13.008.2025.08.22 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml diff --git a/.gitea/workflows/generate_PRIVATE_trixie.yaml b/.gitea/workflows/generate_PRIVATE_trixie.yaml index 7b0e344..88b3a81 100644 --- a/.gitea/workflows/generate_PRIVATE_trixie.yaml +++ b/.gitea/workflows/generate_PRIVATE_trixie.yaml @@ -37,6 +37,7 @@ jobs: steps: - name: 🛠️ Basic Image Setup. + shell: bash run: | export DEBIAN_FRONTEND=noninteractive apt-get update @@ -45,6 +46,7 @@ jobs: apt-utils \ bash \ ca-certificates \ + curl \ git \ gnupg \ openssh-client \ @@ -53,10 +55,12 @@ jobs: util-linux - name: ⚙️ Check GnuPG Version. + shell: bash run: | gpg --version - name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config. + shell: bash run: | rm -rf ~/.ssh && mkdir -m700 ~/.ssh @@ -81,6 +85,7 @@ jobs: ### https://github.com/actions/checkout/issues/1843 - name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues. + shell: bash env: ### GITHUB_REF_NAME contains the branch name from the push event. GITHUB_REF_NAME: ${{ github.ref_name }} @@ -89,11 +94,13 @@ jobs: git fetch --unshallow || echo "Nothing to fetch - already full clone." - name: 🛠️ Cleaning the workspace. + shell: bash run: | git reset --hard git clean -fd - name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key. + shell: bash run: | set -euo pipefail ### GPG-Home relative to the Runner Workspace to avoid changing global files. @@ -108,6 +115,7 @@ jobs: echo "trust-model always" >| "${GNUPGHOME}/gpg.conf" - name: ⚙️ Configuring Git for signed CI/DEPLOY commits. + shell: bash run: | set -euo pipefail export GNUPGHOME="$(pwd)/.gnupg" @@ -118,6 +126,7 @@ jobs: git config gpg.format openpgp - name: ⚙️ Preparing the build environment. + shell: bash run: | set -euo pipefail mkdir -p /opt/config @@ -128,6 +137,7 @@ jobs: echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY }}" >| /opt/config/authorized_keys - name: 🛠️ Starting CISS.debian.live.builder. This may take a while ... + shell: bash run: | set -euo pipefail chmod 0755 ciss_live_builder.sh @@ -148,6 +158,7 @@ jobs: --trixie - name: 📥 Checking Centurion Cloud for existing LIVE ISOs. + shell: bash env: NC_BASE: "https://cloud.e2ee.li" SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}" @@ -185,6 +196,7 @@ jobs: fi - name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV. + shell: bash env: NC_BASE: "https://cloud.e2ee.li" SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}" @@ -210,6 +222,7 @@ jobs: fi - name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file. + shell: bash run: | if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then echo "❌ There must be exactly one .iso file in the directory!" @@ -257,6 +270,7 @@ jobs: EOF - name: 🚧 Stash local changes (including untracked). + shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | @@ -265,6 +279,7 @@ jobs: git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash." - name: 🔄 Sync with remote before commit using merge strategy. + shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | @@ -282,6 +297,7 @@ jobs: git log --oneline -n 5 - name: 🛠️ Restore stashed changes. + shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | @@ -290,6 +306,7 @@ jobs: git stash pop || echo "✔️ Nothing to pop." - name: 📦 Stage generated files. + shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | @@ -298,6 +315,7 @@ jobs: git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add." - name: 🔑 Commit and sign changes with CI metadata. + shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | @@ -333,6 +351,7 @@ jobs: fi - name: 🔁 Push back to repository. + shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | diff --git a/.gitea/workflows/linter_char_scripts.yaml b/.gitea/workflows/linter_char_scripts.yaml index 1b7b673..94dbce8 100644 --- a/.gitea/workflows/linter_char_scripts.yaml +++ b/.gitea/workflows/linter_char_scripts.yaml @@ -202,11 +202,12 @@ jobs: echo -e "⚠️ Linting issues detected:\n" echo -e "${findings}" timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + VAR_DATE="$(date +%F)" PRIVATE_FILE="LINTER_RESULTS.txt" touch "${PRIVATE_FILE}" cat << EOF >| "${PRIVATE_FILE}" # SPDX-Version: 3.0 - # SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; + # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; @@ -225,11 +226,12 @@ jobs: else echo "✅ No issues found in shell scripts." timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + VAR_DATE="$(date +%F)" PRIVATE_FILE="LINTER_RESULTS.txt" touch "${PRIVATE_FILE}" cat << EOF >| "${PRIVATE_FILE}" # SPDX-Version: 3.0 - # SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; + # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.;