V9.14.024.2026.06.11
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
+33
-20
@@ -41,6 +41,8 @@ declare -grx VAR_SETUP_PATH="$(cd "$(dirname "${0}")" && pwd)" # '/roo
|
||||
declare -grx VAR_TMP_SECRET="/dev/shm/cdlb_secrets" # Fixed tmpfs path to store securely build artifacts.
|
||||
declare -grx VAR_WORKDIR="$(dirname "${VAR_SETUP_FULL}")" # '/root/git/CISS.debian.live.builder'
|
||||
|
||||
clear
|
||||
|
||||
### PRELIMINARY CHECKS.
|
||||
### No ash, dash, ksh, sh.
|
||||
# shellcheck disable=SC2292
|
||||
@@ -116,7 +118,6 @@ for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/lib_version.sh ;
|
||||
for arg in "$@"; do case "${arg,,}" in -d|--debug) . ./meta_sources_debug.sh; debugger "${@}";; esac; done
|
||||
|
||||
### ALL CHECKS DONE. READY TO START THE SCRIPT.
|
||||
clear
|
||||
printf '\033[95m'
|
||||
cat bootscreen.txt
|
||||
printf '\033[0m\n'
|
||||
@@ -143,6 +144,7 @@ find "${VAR_TMP_SECRET}" -type f -exec chown root:root {} +
|
||||
[[ "${VAR_SETUP}" == true ]] && {
|
||||
source_guard "./lib/lib_arg_parser.sh"
|
||||
source_guard "./lib/lib_arg_priority_check.sh"
|
||||
source_guard "./lib/lib_build_dir_safety.sh"
|
||||
source_guard "./lib/lib_boot_screen.sh"
|
||||
source_guard "./lib/lib_cdi.sh"
|
||||
source_guard "./lib/lib_change_splash.sh"
|
||||
@@ -160,6 +162,7 @@ find "${VAR_TMP_SECRET}" -type f -exec chown root:root {} +
|
||||
source_guard "./lib/lib_clean_screen.sh"
|
||||
source_guard "./lib/lib_clean_up.sh"
|
||||
source_guard "./lib/lib_copy_integrity.sh"
|
||||
source_guard "./lib/lib_debug_sanitize.sh"
|
||||
source_guard "./lib/lib_gnupg.sh"
|
||||
source_guard "./lib/lib_hardening_root_pw.sh"
|
||||
source_guard "./lib/lib_hardening_ssh_tcp.sh"
|
||||
@@ -173,6 +176,7 @@ find "${VAR_TMP_SECRET}" -type f -exec chown root:root {} +
|
||||
source_guard "./lib/lib_provider_netcup.sh"
|
||||
source_guard "./lib/lib_run_analysis.sh"
|
||||
source_guard "./lib/lib_sanitizer.sh"
|
||||
source_guard "./lib/lib_secret_validation.sh"
|
||||
source_guard "./lib/lib_secureboot_profile.sh"
|
||||
source_guard "./lib/lib_trap_on_err.sh"
|
||||
source_guard "./lib/lib_trap_on_exit.sh"
|
||||
@@ -180,22 +184,6 @@ find "${VAR_TMP_SECRET}" -type f -exec chown root:root {} +
|
||||
source_guard "./lib/lib_usage.sh"
|
||||
}
|
||||
|
||||
### PRE-SCAN SECURE BOOT PROFILE FOR BUILD-HOST PACKAGE CHECKS.
|
||||
### Formal validation still happens in arg_parser().
|
||||
for ((idx=0; idx<${#ARY_PARAM_ARRAY[@]}; idx++)); do
|
||||
case "${ARY_PARAM_ARRAY[idx],,}" in
|
||||
--secure-boot-profile=*)
|
||||
declare -gx VAR_CISS_SECUREBOOT_PROFILE="${ARY_PARAM_ARRAY[idx]#*=}"
|
||||
;;
|
||||
--secure-boot-profile)
|
||||
if [[ -n "${ARY_PARAM_ARRAY[idx + 1]:-}" ]]; then
|
||||
declare -gx VAR_CISS_SECUREBOOT_PROFILE="${ARY_PARAM_ARRAY[idx + 1]}"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
unset idx
|
||||
|
||||
### CHECKING REQUIRED PACKAGES.
|
||||
check_pkgs
|
||||
|
||||
@@ -221,9 +209,30 @@ if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen; fi
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nInitialization done ... \nXXX\n15\n" >&3; fi
|
||||
|
||||
### Updating Status of Dialog Gauge Bar.
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nActivate traps ... \nXXX\n50\n" >&3; fi
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nValidating secrets artifacts ... \nXXX\n20\n" >&3; fi
|
||||
validate_secret_root "${VAR_TMP_SECRET}"
|
||||
harden_secret_root_files "${VAR_TMP_SECRET}"
|
||||
|
||||
### Following the CISS Bash naming and ordering scheme:
|
||||
### Updating Status of Dialog Gauge Bar.
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nPre-Scan Secure-Boot ... \nXXX\n30\n" >&3; fi
|
||||
### PRE-SCAN SECURE BOOT PROFILE FOR BUILD-HOST PACKAGE CHECKS.
|
||||
### Formal validation still happens in arg_parser().
|
||||
for ((idx=0; idx<${#ARY_PARAM_ARRAY[@]}; idx++)); do
|
||||
case "${ARY_PARAM_ARRAY[idx],,}" in
|
||||
--secure-boot-profile=*)
|
||||
declare -gx VAR_CISS_SECUREBOOT_PROFILE="${ARY_PARAM_ARRAY[idx]#*=}"
|
||||
;;
|
||||
--secure-boot-profile)
|
||||
if [[ -n "${ARY_PARAM_ARRAY[idx + 1]:-}" ]]; then
|
||||
declare -gx VAR_CISS_SECUREBOOT_PROFILE="${ARY_PARAM_ARRAY[idx + 1]}"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
unset idx
|
||||
|
||||
### Updating Status of Dialog Gauge Bar.
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nTraps active ... \nXXX\n50\n" >&3; fi
|
||||
trap 'trap_on_exit "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' EXIT
|
||||
trap 'trap_on_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' ERR
|
||||
|
||||
@@ -234,9 +243,13 @@ declare -ar ARY_ARG_SANITIZED=("$@")
|
||||
declare -grx VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}"
|
||||
|
||||
### Updating Status of Dialog Gauge Bar.
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nParsing Arguments ... \nXXX\n90\n" >&3; fi
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nParsing Arguments ... \nXXX\n80\n" >&3; fi
|
||||
arg_parser "$@"
|
||||
|
||||
### Updating Status of Dialog Gauge Bar.
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nValidate secret Arguments ... \nXXX\n95\n" >&3; fi
|
||||
validate_selected_secret_inputs
|
||||
|
||||
### Updating Status of Dialog Gauge Bar.
|
||||
if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nFinal checks ... \nXXX\n95\n" >&3; fi
|
||||
clean_ip
|
||||
|
||||
Reference in New Issue
Block a user