V9.14.028.2026.06.18
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Has been cancelled
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Has been cancelled
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -395,7 +395,25 @@ if [ ! -f "${CDLB_ROOTFS_ATTEST_SOURCE}" ] || [ ! -f "${CDLB_ROOTFS_ATTEST_SOURC
|
||||
|
||||
fi
|
||||
|
||||
mkdir -p "${CDLB_ROOTFS_ATTEST_CACHE_DIR}"
|
||||
if ! mkdir -p "${CDLB_ROOTFS_ATTEST_CACHE_DIR}"; then
|
||||
|
||||
printf "\e[91m[FATAL] Boot failure : Failed to create rootfs attestation cache directory: [%s] \n\e[0m" \
|
||||
"${CDLB_ROOTFS_ATTEST_CACHE_DIR}"
|
||||
sleep 8
|
||||
log "[FATAL] Boot failure : Failed to create rootfs attestation cache directory: [${CDLB_ROOTFS_ATTEST_CACHE_DIR}]"
|
||||
panic "[FATAL] Boot failure : Failed to create rootfs attestation cache directory: [${CDLB_ROOTFS_ATTEST_CACHE_DIR}]"
|
||||
|
||||
fi
|
||||
|
||||
if ! chmod 0755 "${CDLB_ROOTFS_ATTEST_CACHE_DIR}"; then
|
||||
|
||||
printf "\e[91m[FATAL] Boot failure : Failed to permission rootfs attestation cache directory: [%s] \n\e[0m" \
|
||||
"${CDLB_ROOTFS_ATTEST_CACHE_DIR}"
|
||||
sleep 8
|
||||
log "[FATAL] Boot failure : Failed to permission rootfs attestation cache directory: [${CDLB_ROOTFS_ATTEST_CACHE_DIR}]"
|
||||
panic "[FATAL] Boot failure : Failed to permission rootfs attestation cache directory: [${CDLB_ROOTFS_ATTEST_CACHE_DIR}]"
|
||||
|
||||
fi
|
||||
|
||||
if ! cp "${CDLB_ROOTFS_ATTEST_SOURCE}" "${CDLB_ROOTFS_ATTEST_MANIFEST}" || \
|
||||
! cp "${CDLB_ROOTFS_ATTEST_SOURCE_SIG}" "${CDLB_ROOTFS_ATTEST_SIGNATURE}"; then
|
||||
@@ -408,7 +426,17 @@ if ! cp "${CDLB_ROOTFS_ATTEST_SOURCE}" "${CDLB_ROOTFS_ATTEST_MANIFEST}" || \
|
||||
|
||||
fi
|
||||
|
||||
chmod 0444 "${CDLB_ROOTFS_ATTEST_MANIFEST}" "${CDLB_ROOTFS_ATTEST_SIGNATURE}" 2>&- || true
|
||||
if ! chmod 0444 "${CDLB_ROOTFS_ATTEST_MANIFEST}" "${CDLB_ROOTFS_ATTEST_SIGNATURE}"; then
|
||||
|
||||
printf "\e[91m[FATAL] Boot failure : Failed to make rootfs attestation cache read-only: [%s] \n\e[0m" \
|
||||
"${CDLB_ROOTFS_ATTEST_CACHE_DIR}"
|
||||
sleep 8
|
||||
log "[FATAL] Boot failure : Failed to make rootfs attestation cache read-only: [${CDLB_ROOTFS_ATTEST_CACHE_DIR}]"
|
||||
panic "[FATAL] Boot failure : Failed to make rootfs attestation cache read-only: [${CDLB_ROOTFS_ATTEST_CACHE_DIR}]"
|
||||
|
||||
fi
|
||||
|
||||
chmod 0555 "${CDLB_ROOTFS_ATTEST_CACHE_DIR}" 2>&- || true
|
||||
|
||||
printf "\e[92m[INFO] Rootfs attestation : Preserved [%s] and [%s] \n\e[0m" \
|
||||
"${CDLB_ROOTFS_ATTEST_MANIFEST}" "${CDLB_ROOTFS_ATTEST_SIGNATURE}"
|
||||
|
||||
Reference in New Issue
Block a user