V8.13.400.2025.11.08
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 45m25s
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 1m9s
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 45m25s
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 1m9s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -11,5 +11,5 @@
|
||||
|
||||
build:
|
||||
counter: 1023
|
||||
version: V8.13.296.2025.10.29
|
||||
version: V8.13.400.2025.11.08
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
|
||||
|
||||
@@ -10,6 +10,6 @@
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
build:
|
||||
counter: 1024
|
||||
counter: 1023
|
||||
version: V8.13.400.2025.11.08
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
|
||||
|
||||
@@ -11,5 +11,5 @@
|
||||
|
||||
build:
|
||||
counter: 1023
|
||||
version: V8.13.296.2025.10.29
|
||||
version: V8.13.400.2025.11.08
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
|
||||
|
||||
@@ -219,6 +219,7 @@ jobs:
|
||||
--trixie
|
||||
|
||||
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
|
||||
shell: bash
|
||||
env:
|
||||
NC_BASE: "https://cloud.e2ee.li"
|
||||
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}"
|
||||
@@ -228,8 +229,11 @@ jobs:
|
||||
SHARE_SUBDIR=""
|
||||
|
||||
echo "📥 Get directory listing via PROPFIND ..."
|
||||
|
||||
curl -s --user "${SHARE_TOKEN}:${SHARE_PASS}" -X PROPFIND -H "Depth: 1" "${NC_BASE}/public.php/webdav/${SHARE_SUBDIR}" \
|
||||
curl -s \
|
||||
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
|
||||
-X PROPFIND \
|
||||
-H "Depth: 1" \
|
||||
"${NC_BASE}/public.php/webdav/${SHARE_SUBDIR}" \
|
||||
-o propfind_public.xml
|
||||
|
||||
echo "📥 Filter .iso files from the PROPFIND response ..."
|
||||
@@ -237,65 +241,46 @@ jobs:
|
||||
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
|
||||
|
||||
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
|
||||
|
||||
echo "💡 Old ISO files found and deleted :"
|
||||
|
||||
while IFS= read -r href; do
|
||||
|
||||
FILE_URL="${NC_BASE}${href}"
|
||||
echo " Delete: ${FILE_URL}"
|
||||
|
||||
if curl -s --user "${SHARE_TOKEN}:${SHARE_PASS}" -X DELETE "${FILE_URL}"; then
|
||||
|
||||
if curl -s \
|
||||
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
|
||||
-X DELETE "${FILE_URL}"; then
|
||||
echo " ✅ Successfully deleted: $(basename "${href}")"
|
||||
|
||||
else
|
||||
|
||||
echo " ❌ Error: $(basename "${href}") could not be deleted"
|
||||
|
||||
fi
|
||||
|
||||
done < public_iso_list.txt
|
||||
|
||||
else
|
||||
|
||||
echo "💡 No old ISO files found to delete."
|
||||
|
||||
fi
|
||||
|
||||
- name: ⬆️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
|
||||
shell: bash
|
||||
env:
|
||||
NC_BASE: "https://cloud.e2ee.li"
|
||||
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}"
|
||||
SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
|
||||
|
||||
echo "❌ There must be exactly one .iso file in the directory!"
|
||||
exit 1
|
||||
|
||||
else
|
||||
|
||||
VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso)
|
||||
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
|
||||
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
|
||||
|
||||
fi
|
||||
|
||||
AUTH="${SHARE_TOKEN}:${SHARE_PASS}"
|
||||
|
||||
if curl --retry 2 "${NC_BASE}"/public.php/webdav/"${VAR_ISO_FILE_NAME}"
|
||||
if curl --retry 2 "${NC_BASE}"/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
|
||||
--upload-file "${VAR_ISO_FILE_PATH}" --user "${AUTH}" > /dev/null 2>&1; then
|
||||
|
||||
echo "✅ New ISO successfully uploaded."
|
||||
|
||||
else
|
||||
|
||||
echo "❌ Uploading the new ISO failed."
|
||||
exit 1
|
||||
|
||||
fi
|
||||
|
||||
- name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
|
||||
|
||||
@@ -235,7 +235,7 @@ init_gnupg
|
||||
### Integrate primordial SSH identity files.
|
||||
init_primordial
|
||||
|
||||
### Integrate CISS.debian.live.builder repository into build dir.
|
||||
### Integrate CISS.debian.live.builder repository into the build dir.
|
||||
hardening_ultra
|
||||
|
||||
### CISS.debian.installer 'GRUB' and 'autostart' generator.
|
||||
|
||||
@@ -104,20 +104,18 @@ Verify_checksums() {
|
||||
|
||||
log_begin_msg "Verifying integrity of: [0030-verify-checksums]"
|
||||
printf "\n"
|
||||
printf "\e[95m[INFO] Verifying integrity of: [0030-verify-checksums] ... \n\e[0m"
|
||||
|
||||
_CAND=""
|
||||
CDLB_SCRIPT_SELF="" CDLB_CMD="" CDLB_COMPUTED="" CDLB_EXPECTED="" CDLB_HASHFILE="" CDLB_SIG_FILE=""
|
||||
|
||||
CDLB_CMD="/usr/bin/sha512sum"
|
||||
CDLB_SHA="sha512"
|
||||
|
||||
for _CAND in /scripts/live-bottom/0030-verify-checksums /usr/lib/live/boot/0030-verify-checksums; do
|
||||
|
||||
[ -e "${_CAND}" ] && { CDLB_SCRIPT_SELF="${_CAND}"; break; }
|
||||
|
||||
done
|
||||
[ -n "${CDLB_SCRIPT_SELF}" ] || { echo "cannot locate 0030-verify-checksums"; exit 1; }
|
||||
|
||||
CDLB_CMD="/usr/bin/sha512sum"
|
||||
CDLB_SHA="sha512"
|
||||
|
||||
CDLB_SCRIPT_FILE="${CDLB_SCRIPT_SELF##*/}"
|
||||
CDLB_SCRIPT_PATH="${CDLB_SCRIPT_SELF%/*}"
|
||||
@@ -125,13 +123,16 @@ Verify_checksums() {
|
||||
CDLB_HASHFILE="${CDLB_SCRIPT_FILE}.${CDLB_SHA}sum.txt"
|
||||
CDLB_SIG_FILE="${CDLB_HASHFILE}.sig"
|
||||
|
||||
|
||||
printf "\e[95m[INFO] Verifying integrity of: [%s] ... \n\e[0m" "${CDLB_SCRIPT_FULL}"
|
||||
|
||||
printf "\e[95m[INFO] Verifying signature of: [%s] ... \n\e[0m" "${CDLB_SIG_FILE}"
|
||||
|
||||
if ! /usr/bin/gpgv --no-default-keyring --keyring "${_KEYFILE}" --status-fd 1 "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
|
||||
if ! /usr/bin/gpgv --keyring "${_KEYFILE}" --status-fd 1 "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
|
||||
|
||||
printf "\e[91m[FATAL] Verifying signature of: [%s] failed. \n\e[0m" "${CDLB_SIG_FILE}"
|
||||
sleep 16
|
||||
# TODO panic "[FATAL] Verifying signature of: [0030-verify-checksums.sha512sum.txt.sig] failed. "
|
||||
panic "[FATAL] Verifying signature of: [${CDLB_SIG_FILE}] failed."
|
||||
|
||||
else
|
||||
|
||||
@@ -148,12 +149,12 @@ Verify_checksums() {
|
||||
|
||||
printf "\e[91m[FATAL] Recomputing hash for: [%s] failed. \n\e[0m" "${CDLB_SHA}"
|
||||
sleep 16
|
||||
# TODO panic "[FATAL] Recomputing hash for: [sha512] failed."
|
||||
panic "[FATAL] Recomputing hash for: [${CDLB_SHA}] failed."
|
||||
|
||||
fi
|
||||
|
||||
printf "\e[92m[INFO] Recomputing hash for: [%s] successful. \n\e[0m" "${CDLB_SHA}"
|
||||
printf "\e[92m[INFO] Verification of authenticity and integrity of [%s] successfully completed. \n\e[0m" "${CDLB_SHA}"
|
||||
printf "\e[92m[INFO] Verification of authenticity and integrity of [%s] successfully completed. \n\e[0m" "${CDLB_SCRIPT_FULL}"
|
||||
log_end_msg
|
||||
printf "\n"
|
||||
|
||||
@@ -174,22 +175,29 @@ Verify_checksums() {
|
||||
|
||||
if [ -e "${_CHECKSUM}" ]; then
|
||||
|
||||
printf "\e[95m[INFO] Found [%s] ... \n\e[0m" "${_CHECKSUM}"
|
||||
printf "\e[95m[INFO] Found: [%s] ... \n\e[0m" "${_CHECKSUM}"
|
||||
|
||||
if [ -e "/usr/bin/${_DIGEST}sum" ]; then
|
||||
|
||||
printf "\e[95m[INFO] Found [%s] ... \n\e[0m" "/usr/bin/${_DIGEST}sum"
|
||||
printf "\e[95m[INFO] Found: [%s] ... \n\e[0m" "/usr/bin/${_DIGEST}sum"
|
||||
|
||||
if [ "${LIVE_VERIFY_CHECKSUMS_SIGNATURES}" = "true" ]; then
|
||||
|
||||
printf "\e[95m[INFO] Checking signature of [%s] ... \n\e[0m" "${_CHECKSUM}"
|
||||
printf "\e[95m[INFO] Checking signature of: [%s] ... \n\e[0m" "${_CHECKSUM}"
|
||||
|
||||
_CHECKSUM_SIGNATURE="${_CHECKSUM}.sig"
|
||||
|
||||
/usr/bin/gpgv --no-default-keyring --keyring "${_KEYFILE}" --status-fd 1 "${_CHECKSUM_SIGNATURE}" "${_CHECKSUM}"
|
||||
_RETURN_PGP="${?}"
|
||||
if /usr/bin/gpgv --keyring "${_KEYFILE}" --status-fd 1 "${_CHECKSUM_SIGNATURE}" "${_CHECKSUM}"; then
|
||||
|
||||
printf "\e[92m[INFO] Checking signature of [%s] successful. \n\e[0m" "${_CHECKSUM}"
|
||||
_RETURN_PGP="${?}"
|
||||
printf "\e[92m[INFO] Checking signature of: [%s] successful. \n\e[0m" "${_CHECKSUM}"
|
||||
|
||||
else
|
||||
|
||||
_RETURN_PGP="${?}"
|
||||
printf "\e[91m[FATAL] Checking signature of: [%s] failed. \n\e[0m" "${_CHECKSUM}"
|
||||
|
||||
fi
|
||||
|
||||
else
|
||||
|
||||
@@ -197,17 +205,25 @@ Verify_checksums() {
|
||||
|
||||
fi
|
||||
|
||||
printf "\e[92m[INFO] Found [%s] done. \n\e[0m" "/usr/bin/${_DIGEST}sum"
|
||||
|
||||
# shellcheck disable=SC2312
|
||||
grep -v '^#' "${_CHECKSUM}" | /bin/"${_DIGEST}"sum -c > "${_TTY}"
|
||||
if grep -v '^#' "${_CHECKSUM}" | /usr/bin/"${_DIGEST}"sum -c > "${_TTY}"; then
|
||||
|
||||
_RETURN_SHA="${?}"
|
||||
printf "\e[92m[INFO] Found: [%s] successful done, for: [%s] \n\e[0m" "/usr/bin/${_DIGEST}sum" "${_CHECKSUM}"
|
||||
|
||||
else
|
||||
|
||||
_RETURN_SHA="${?}"
|
||||
printf "\e[91m[FATAL] Found: [%s] failed, for: [%s] \n\e[0m" "/usr/bin/${_DIGEST}sum" "${_CHECKSUM}"
|
||||
|
||||
fi
|
||||
|
||||
# Stop after the first verification.
|
||||
break 2
|
||||
|
||||
else
|
||||
|
||||
_RETURN_SHA="255"
|
||||
printf "\e[93m[WARN] NOT Found [%s]. \n\e[0m" "/usr/bin/${_DIGEST}sum"
|
||||
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user