diff --git a/.archive/9998_sources_list_bookworm.chroot b/.archive/9998_sources_list_bookworm.chroot index 65df88d..27d277b 100644 --- a/.archive/9998_sources_list_bookworm.chroot +++ b/.archive/9998_sources_list_bookworm.chroot @@ -19,7 +19,7 @@ declare -r VAR_DATE="$(date +%F)" cd /root if [[ -f /etc/apt/sources.list ]]; then - mv /etc/apt/sources.list /root/.ciss/dlb/backup/sources.list.bak + mv /etc/apt/sources.list /root/.ciss/cdlb/backup/sources.list.bak fi cat << 'EOF' >| /etc/apt/sources.list diff --git a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml index fb287a6..82061e5 100644 --- a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml +++ b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml @@ -121,7 +121,7 @@ jobs: set +x set -euo pipefail umask 0077 - GNUPGHOME="/dev/shm/gnupg.${GITHUB_RUN_ID}.${GITHUB_JOB}.${GITHUB_RUN_ATTEMPT}" + GNUPGHOME="/dev/shm/gnupg.${GITHUB_RUN_ID}.${GITHUB_JOB}" # shellcheck disable=SC2174 mkdir -p -m 0700 "${GNUPGHOME}" echo "GNUPGHOME=${GNUPGHOME}" >> "${GITHUB_ENV}" @@ -190,26 +190,23 @@ jobs: timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ") ### Change "--autobuild=" to the specific kernel version you need: '6.16.3+deb13-amd64'. ./ciss_live_builder.sh \ - --autobuild=6.16.3+deb13-amd64 \ --architecture amd64 \ + --autobuild=6.16.3+deb13-amd64 \ --build-directory /opt/cdlb \ --cdi \ --control "${timestamp}" \ --jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \ + --key_age=keys.txt \ + --key_luks=luks.txt \ --root-password-file /dev/shm/cdlb_secrets/password.txt \ - --signing_key=signing_key.asc \ - --signing_key_fpr="${{ secrets.PGP_MSW_PRIVATE_SIGNING_KEY_FPR }}" \ + --signing_key_fpr=${{ secrets.PGP_MSW_PRIVATE_SIGNING_KEY_FPR }} \ --signing_key_pass=signing_key_pass.txt \ + --signing_key=signing_key.asc \ --ssh-port ${{ secrets.CISS_DLB_SSH_PORT_1 }} \ --ssh-pubkey /dev/shm/cdlb_secrets \ --sshfp \ --trixie - REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd -P)" - OUT="${REPO_ROOT}/config/hooks/live/9935_hardening_ssh.chroot" - rm -f "${OUT}" - echo "Hook removed: ${OUT}" - - name: 📥 Checking Centurion Cloud for existing LIVE ISOs. env: NC_BASE: "https://cloud.e2ee.li" diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh index c23b5c6..96975be 100644 --- a/ciss_live_builder.sh +++ b/ciss_live_builder.sh @@ -242,10 +242,11 @@ provider_netcup update_microcode x_hooks -### Start the build process +### Start the build process ---------------------------------------------------------------------------------------------------- set +o errtrace lb_build_start set -o errtrace + run_analysis copy_db declare -grx VAR_SCRIPT_SUCCESS="true" diff --git a/config/hooks/live/0000_basic_chroot_setup.chroot b/config/hooks/live/0000_basic_chroot_setup.chroot index 30e2c05..8c46c99 100644 --- a/config/hooks/live/0000_basic_chroot_setup.chroot +++ b/config/hooks/live/0000_basic_chroot_setup.chroot @@ -220,8 +220,8 @@ if [[ -f /root/.architecture ]]; then fi -mkdir -p /root/.ciss/dlb/{backup,log,private_keys} -chmod 0700 /root/.ciss/dlb/{backup,log,private_keys} +mkdir -p /root/.ciss/cdlb/{backup,log,private_keys} +chmod 0700 /root/.ciss/cdlb/{backup,log,private_keys} mkdir -p /root/git chmod 0700 /root/git diff --git a/config/hooks/live/0050_activate_root.chroot b/config/hooks/live/0050_activate_root.chroot index 3842270..e8feef7 100644 --- a/config/hooks/live/0050_activate_root.chroot +++ b/config/hooks/live/0050_activate_root.chroot @@ -25,8 +25,8 @@ fi cd /root # shellcheck disable=SC2312 -cp /etc/shadow /root/.ciss/dlb/backup/shadow.bak."$(date +%F_%T)" -chmod 0600 /root/.ciss/dlb/backup/shadow.bak.* +cp /etc/shadow /root/.ciss/cdlb/backup/shadow.bak."$(date +%F_%T)" +chmod 0600 /root/.ciss/cdlb/backup/shadow.bak.* declare hashed_pwd declare safe_hashed_pwd diff --git a/config/hooks/live/0120_set_hostname.chroot b/config/hooks/live/0120_set_hostname.chroot index d04672d..4092fc8 100644 --- a/config/hooks/live/0120_set_hostname.chroot +++ b/config/hooks/live/0120_set_hostname.chroot @@ -13,8 +13,8 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" -mv /etc/hostname /root/.ciss/dlb/backup/hostname.bak -mv /etc/mailname /root/.ciss/dlb/backup/mailname.bak +mv /etc/hostname /root/.ciss/cdlb/backup/hostname.bak +mv /etc/mailname /root/.ciss/cdlb/backup/mailname.bak cat << 'EOF' >| /etc/hostname live.local diff --git a/config/hooks/live/0810_chrony_setup.chroot b/config/hooks/live/0810_chrony_setup.chroot index 6934779..bada646 100644 --- a/config/hooks/live/0810_chrony_setup.chroot +++ b/config/hooks/live/0810_chrony_setup.chroot @@ -23,8 +23,8 @@ apt-get install -y adjtimex chrony tzdata systemctl enable chrony.service -mv /etc/chrony/chrony.conf /root/.ciss/dlb/backup/chrony.conf.bak -chmod 0644 /root/.ciss/dlb/backup/chrony.conf.bak +mv /etc/chrony/chrony.conf /root/.ciss/cdlb/backup/chrony.conf.bak +chmod 0644 /root/.ciss/cdlb/backup/chrony.conf.bak cat << EOF >| /etc/chrony/chrony.conf # SPDX-Version: 3.0 diff --git a/config/hooks/live/0860_sops.chroot b/config/hooks/live/0860_sops.chroot index 5d203b89..dfd1757 100644 --- a/config/hooks/live/0860_sops.chroot +++ b/config/hooks/live/0860_sops.chroot @@ -40,26 +40,14 @@ cosign verify-blob "sops-${SOPS_VER}.checksums.txt" \ sha256sum -c "sops-${SOPS_VER}.checksums.txt" --ignore-missing install -m 0755 "${SOPS_FILE}" /usr/local/bin/sops -sops --version --check-for-updates -age --version +sops --version --check-for-updates >| /root/.ciss/cdlb/log/sops.log +age --version >| /root/.ciss/cdlb/log/age.log rm -f "/tmp/${SOPS_FILE}" rm -f "/tmp/sops-${SOPS_VER}.checksums.txt" rm -f "/tmp/sops-${SOPS_VER}.checksums.pem" rm -f "/tmp/sops-${SOPS_VER}.checksums.sig" -umask 0077 - -mkdir -p /root/.config/sops/age - -cat << 'EOF' >| /root/.config/sops/age/keys.txt -{{ secrets.CISS_PHYS_AGE }} -EOF - -if grep -q '{{ secrets.' /root/.config/sops/age/keys.txt; then - : >| /root/.config/sops/age/keys.txt -fi - chmod 0400 /root/.config/sops/age/keys.txt printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}" diff --git a/config/hooks/live/9910_motd.chroot b/config/hooks/live/9910_motd.chroot index f4e1aee..e658c5b 100644 --- a/config/hooks/live/9910_motd.chroot +++ b/config/hooks/live/9910_motd.chroot @@ -13,8 +13,8 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" -mkdir -p /root/.ciss/dlb/backup/update-motd.d -cp -af /etc/update-motd.d/* /root/.ciss/dlb/backup/update-motd.d +mkdir -p /root/.ciss/cdlb/backup/update-motd.d +cp -af /etc/update-motd.d/* /root/.ciss/cdlb/backup/update-motd.d cat << 'EOF' >| /etc/update-motd.d/10-uname #!/bin/sh diff --git a/config/hooks/live/9920_deleting_invalid_x509.chroot b/config/hooks/live/9920_deleting_invalid_x509.chroot index 0963def..4b8bd1d 100644 --- a/config/hooks/live/9920_deleting_invalid_x509.chroot +++ b/config/hooks/live/9920_deleting_invalid_x509.chroot @@ -14,7 +14,7 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" declare -a search_dirs=("/etc/ssl/certs" "/usr/local/share/ca-certificates" "/usr/share/ca-certificates" "/etc/letsencrypt") -declare backup_dir="/root/.ciss/dlb/backup/certificates" +declare backup_dir="/root/.ciss/cdlb/backup/certificates" declare current_date current_date=$(date +%s) declare -ax expired_certificates=() diff --git a/config/hooks/live/9940_hardening_memory.dump.chroot b/config/hooks/live/9940_hardening_memory.dump.chroot index 346d7af..81c9dc5 100644 --- a/config/hooks/live/9940_hardening_memory.dump.chroot +++ b/config/hooks/live/9940_hardening_memory.dump.chroot @@ -13,8 +13,8 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" -cp -u /etc/security/limits.conf /root/.ciss/dlb/backup/limits.conf.bak -chmod 0644 /root/.ciss/dlb/backup/limits.conf.bak +cp -u /etc/security/limits.conf /root/.ciss/cdlb/backup/limits.conf.bak +chmod 0644 /root/.ciss/cdlb/backup/limits.conf.bak grep -Eq '^[[:space:]]*\*[[:space:]]+soft[[:space:]]+core[[:space:]]+0[[:space:]]*$' /etc/security/limits.conf \ || sed -i -E '/^[[:space:]]*#?[[:space:]]*soft[[:space:]]+core[[:space:]]+0[[:space:]]*$/ i\* soft core 0' /etc/security/limits.conf diff --git a/config/hooks/live/9950_hardening_fail2ban.chroot b/config/hooks/live/9950_hardening_fail2ban.chroot index 037c5d7..3a24675 100644 --- a/config/hooks/live/9950_hardening_fail2ban.chroot +++ b/config/hooks/live/9950_hardening_fail2ban.chroot @@ -15,14 +15,14 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" " cd /root -cp -u /etc/fail2ban/fail2ban.conf /root/.ciss/dlb/backup/fail2ban.conf.bak -chmod 0400 /root/.ciss/dlb/backup/fail2ban.conf.bak +cp -u /etc/fail2ban/fail2ban.conf /root/.ciss/cdlb/backup/fail2ban.conf.bak +chmod 0400 /root/.ciss/cdlb/backup/fail2ban.conf.bak ### https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024305 sed -i 's/#allowipv6 = auto/allowipv6 = auto/1' /etc/fail2ban/fail2ban.conf -mv /etc/fail2ban/jail.d/defaults-debian.conf /root/.ciss/dlb/backup/defaults-debian.conf.bak -chmod 0400 /root/.ciss/dlb/backup/defaults-debian.conf.bak +mv /etc/fail2ban/jail.d/defaults-debian.conf /root/.ciss/cdlb/backup/defaults-debian.conf.bak +chmod 0400 /root/.ciss/cdlb/backup/defaults-debian.conf.bak cat << EOF >| /etc/fail2ban/jail.d/ciss-default.conf # SPDX-Version: 3.0 @@ -205,7 +205,7 @@ EOF ########################################################################################### # Remarks: Logrotate must be updated either # ########################################################################################### -cp -a /etc/logrotate.d/fail2ban /root/.ciss/dlb/backup/fail2ban_logrotate.bak +cp -a /etc/logrotate.d/fail2ban /root/.ciss/cdlb/backup/fail2ban_logrotate.bak cat << EOF >| /etc/logrotate.d/fail2ban /var/log/fail2ban/fail2ban.log { daily diff --git a/config/hooks/live/9980_usb_guard.chroot b/config/hooks/live/9980_usb_guard.chroot index 50cb5b5..f3470ee 100644 --- a/config/hooks/live/9980_usb_guard.chroot +++ b/config/hooks/live/9980_usb_guard.chroot @@ -23,7 +23,7 @@ usbguard generate-policy >> /tmp/rules.conf if [[ -f /etc/usbguard/rules.conf && -s /etc/usbguard/rules.conf ]]; then - mv /etc/usbguard/rules.conf /root/.ciss/dlb/backup/usbguard_rules.conf.bak + mv /etc/usbguard/rules.conf /root/.ciss/cdlb/backup/usbguard_rules.conf.bak cp -a /tmp/rules.conf /etc/usbguard/rules.conf chmod 0600 /etc/usbguard/rules.conf @@ -35,7 +35,7 @@ else fi -cp -a /etc/usbguard/usbguard-daemon.conf /root/.ciss/dlb/backup/usbguard-daemon.conf.bak +cp -a /etc/usbguard/usbguard-daemon.conf /root/.ciss/cdlb/backup/usbguard-daemon.conf.bak #sed -i "s/PresentDevicePolicy=apply-policy/PresentDevicePolicy=allow/" /etc/usbguard/usbguard-daemon.conf rm -f /tmp/rules.conf diff --git a/config/hooks/live/9991_file_permissions.chroot b/config/hooks/live/9991_file_permissions.chroot index 715cd58..b2c0799 100644 --- a/config/hooks/live/9991_file_permissions.chroot +++ b/config/hooks/live/9991_file_permissions.chroot @@ -18,8 +18,8 @@ chmod 0644 /etc/issue chmod 0644 /etc/issue.net if [[ -f /etc/motd ]]; then - cp -a /etc/motd /root/.ciss/dlb/backup/motd.bak - chmod 0644 /root/.ciss/dlb/backup/motd.bak + cp -a /etc/motd /root/.ciss/cdlb/backup/motd.bak + chmod 0644 /root/.ciss/cdlb/backup/motd.bak rm /etc/motd fi @@ -36,7 +36,7 @@ cat << EOF >| /etc/motd EOF -cp -a /etc/login.defs /root/.ciss/dlb/backup/login.defs.bak +cp -a /etc/login.defs /root/.ciss/cdlb/backup/login.defs.bak sed -ri 's/^(#?LOGIN_TIMEOUT)[[:space:]]+[0-9]+/\1 180/' /etc/login.defs sed -i 's/UMASK 022/UMASK 077/' /etc/login.defs diff --git a/config/hooks/live/9993_aide.chroot b/config/hooks/live/9993_aide.chroot index 36a4f40..108699a 100644 --- a/config/hooks/live/9993_aide.chroot +++ b/config/hooks/live/9993_aide.chroot @@ -17,7 +17,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" " export DEBIAN_FRONTEND="noninteractive" INITRD="No" apt-get install -y aide > /dev/null 2>&1 -cp -u /etc/aide/aide.conf /root/.ciss/dlb/backup/aide.conf.bak +cp -u /etc/aide/aide.conf /root/.ciss/cdlb/backup/aide.conf.bak sed -i "s/Checksums = H/Checksums = sha512/" /etc/aide/aide.conf if aideinit > /dev/null 2>&1; then diff --git a/config/hooks/live/9994_password_policy.chroot b/config/hooks/live/9994_password_policy.chroot index 92f5c3f..49e550f 100644 --- a/config/hooks/live/9994_password_policy.chroot +++ b/config/hooks/live/9994_password_policy.chroot @@ -20,8 +20,8 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" " # shellcheck disable=SC2155 declare -r VAR_DATE="$(date +%F)" -cp -a /etc/security/pwquality.conf /root/.ciss/dlb/backup/pwquality.conf.bak -chmod 0644 /root/.ciss/dlb/backup/pwquality.conf.bak +cp -a /etc/security/pwquality.conf /root/.ciss/cdlb/backup/pwquality.conf.bak +chmod 0644 /root/.ciss/cdlb/backup/pwquality.conf.bak cat << EOF >| /etc/security/pwquality.conf # SPDX-Version: 3.0 diff --git a/config/hooks/live/9996_auditd.chroot b/config/hooks/live/9996_auditd.chroot index 494ede8..94f2af2 100644 --- a/config/hooks/live/9996_auditd.chroot +++ b/config/hooks/live/9996_auditd.chroot @@ -29,9 +29,9 @@ cd /root export DEBIAN_FRONTEND="noninteractive" INITRD="No" apt-get install -y auditd -cp -u /etc/audit/audit.rules /root/.ciss/dlb/backup/audit.rules.bak -cp -u /etc/audit/auditd.conf /root/.ciss/dlb/backup/auditd.conf.bak -cp -u /etc/audit/rules.d/audit.rules /root/.ciss/dlb/backup/rules_d_audit.rules.bak +cp -u /etc/audit/audit.rules /root/.ciss/cdlb/backup/audit.rules.bak +cp -u /etc/audit/auditd.conf /root/.ciss/cdlb/backup/auditd.conf.bak +cp -u /etc/audit/rules.d/audit.rules /root/.ciss/cdlb/backup/rules_d_audit.rules.bak rm -rf /etc/audit/rules.d/audit.rules ############################################################### /etc/audit/rules.d/00-base-config.rules diff --git a/config/hooks/live/9997_debsums.chroot b/config/hooks/live/9997_debsums.chroot index 6613487..f8c21d0 100644 --- a/config/hooks/live/9997_debsums.chroot +++ b/config/hooks/live/9997_debsums.chroot @@ -19,8 +19,8 @@ cd /root export DEBIAN_FRONTEND="noninteractive" INITRD="No" apt-get install -y --no-install-recommends debsums -cp -a /etc/default/debsums /root/.ciss/dlb/backup/debsums.bak -chmod 0644 /root/.ciss/dlb/backup/debsums.bak +cp -a /etc/default/debsums /root/.ciss/cdlb/backup/debsums.bak +chmod 0644 /root/.ciss/cdlb/backup/debsums.bak sed -i "s/CRON_CHECK=never/CRON_CHECK=monthly/" /etc/default/debsums if debsums -g > /dev/null 2>&1; then diff --git a/config/hooks/live/9999_interfaces_update.chroot b/config/hooks/live/9999_interfaces_update.chroot index f0fe01c..7bcc938 100644 --- a/config/hooks/live/9999_interfaces_update.chroot +++ b/config/hooks/live/9999_interfaces_update.chroot @@ -16,7 +16,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" " # shellcheck disable=SC2155 declare -r VAR_DATE="$(date +%F)" -mv /etc/network/interfaces /root/.ciss/dlb/backup/interfaces.chroot +mv /etc/network/interfaces /root/.ciss/cdlb/backup/interfaces.chroot rm -f /etc/network/interfaces cat << EOF >| /etc/network/interfaces diff --git a/lib/lib_arg_parser.sh b/lib/lib_arg_parser.sh index b34adae..52e5a24 100644 --- a/lib/lib_arg_parser.sh +++ b/lib/lib_arg_parser.sh @@ -17,6 +17,8 @@ guard_sourcing # Globals: # ARY_HANDLER_JUMPHOST # ARY_HANDLER_NETCUP_IPV6 +# VAR_AGE +# VAR_AGE_KEY # VAR_ARCHITECTURE # VAR_BUILD_LOG # VAR_EARLY_DEBUG @@ -31,6 +33,8 @@ guard_sourcing # VAR_HANDLER_STA # VAR_HASHED_PWD # VAR_ISO8601 +# VAR_LUKS +# VAR_LUKS_KEY # VAR_REIONICE_CLASS # VAR_REIONICE_PRIORITY # VAR_SIGNER @@ -210,6 +214,22 @@ arg_parser() { fi ;; + --key_age=*) + # shellcheck disable=SC2034 + declare -gx VAR_AGE="true" + # shellcheck disable=SC2034 + declare -gx VAR_AGE_KEY="${1#*=}" + shift 1 + ;; + + --key_luks=*) + # shellcheck disable=SC2034 + declare -gx VAR_LUKS="true" + # shellcheck disable=SC2034 + declare -gx VAR_LUKS_KEY="${1#*=}" + shift 1 + ;; + --log-statistics-only) if [[ -n "${2-}" && "${2}" != -* ]]; then if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi diff --git a/lib/lib_primordial.sh b/lib/lib_primordial.sh index ead58df..3712231 100644 --- a/lib/lib_primordial.sh +++ b/lib/lib_primordial.sh @@ -16,6 +16,8 @@ guard_sourcing # Integrate primordial SSH identity files. # Globals: # BASH_SOURCE +# VAR_AGE +# VAR_AGE_KEY # VAR_HANDLER_BUILD_DIR # VAR_SSHFP # VAR_TMP_SECRET @@ -27,6 +29,24 @@ guard_sourcing init_primordial() { printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}" + ### Check for SOPS AGE key integration --------------------------------------------------------------------------------------- + if [[ ! "${VAR_AGE,,}" == "true" ]]; then + + if compgen -G "${VAR_TMP_SECRET}/${VAR_AGE_KEY}" > /dev/null; then + + shred -fzu -n 5 -- "${VAR_TMP_SECRET}/${VAR_AGE_KEY}" + + fi + + else + + install -d -m 0700 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.config/sops/age" + install -m 0400 "${VAR_TMP_SECRET}/${VAR_AGE_KEY}" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.config/sops/age/keys.txt" + shred -fzu -n 5 -- "${VAR_TMP_SECRET}/${VAR_AGE_KEY}" 2>/dev/null || rm -f "${VAR_TMP_SECRET}/${VAR_AGE_KEY}" + + fi + + ### Check for SSH CISS and PhysNet primordial-workflow™ integration ---------------------------------------------------------- if [[ ! "${VAR_SSHFP,,}" == "true" ]]; then if compgen -G "${VAR_TMP_SECRET}/id*" > /dev/null; then @@ -53,6 +73,8 @@ init_primordial() { fi + + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successfully applied. \e[0m\n" "${BASH_SOURCE[0]}" return 0 diff --git a/lib/lib_usage.sh b/lib/lib_usage.sh index efdb6c3..e491044 100644 --- a/lib/lib_usage.sh +++ b/lib/lib_usage.sh @@ -101,6 +101,16 @@ usage() { echo " addresses and / or CCDIR notation. If provided, than it MUST be a separated list." echo " IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd]/64." echo + echo -e "\e[97m --key_age=* \e[0m" + echo " The SOPS AGE private keyring for decryption operations. Change '*' to your desired SOPS AGE key file." + echo " File MUST be placed in:" + echo " " + echo + echo -e "\e[97m --key_luks=* \e[0m" + echo " The LUKS encryption / decryption passphrase for '/'-fs-encryption. Change '*' to your desired passphrase file." + echo " File MUST be placed in:" + echo " " + echo echo -e "\e[97m --log-statistics-only\e[0m" echo " Provides statistic only after successful building a CISS.debian.live-ISO. While enabling '--log-statistics-only'" echo " the argument '--build-directory' MUST be provided." diff --git a/scripts/etc/network/9999_interfaces_update_netcup.chroot b/scripts/etc/network/9999_interfaces_update_netcup.chroot index 6c316e8..de9fbbb 100644 --- a/scripts/etc/network/9999_interfaces_update_netcup.chroot +++ b/scripts/etc/network/9999_interfaces_update_netcup.chroot @@ -14,7 +14,7 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" # sleep 1 -mv /etc/network/interfaces /root/.ciss/dlb/backup/interfaces.chroot +mv /etc/network/interfaces /root/.ciss/cdlb/backup/interfaces.chroot rm -f /etc/network/interfaces cat << 'EOF' >| /etc/network/interfaces diff --git a/var/global.var.sh b/var/global.var.sh index b5417c9..4fb4b18 100644 --- a/var/global.var.sh +++ b/var/global.var.sh @@ -44,6 +44,10 @@ declare -gi VAR_REIONICE_CLASS=2 declare -gi VAR_REIONICE_PRIORITY=4 declare -gr VAR_CHROOT_DIR="chroot" declare -gr VAR_PACKAGES_FILE="chroot.packages.live" +declare -gx VAR_AGE="false" +declare -gx VAR_AGE_KEY="" +declare -gx VAR_LUKS="false" +declare -gx VAR_LUKS_KEY="" declare -gx VAR_SIGNER="false" declare -gx VAR_SIGNING_KEY_FPR="" declare -gx VAR_SIGNING_KEY_PASS=""