diff --git a/config/hooks/live/0005_tmpfile_dublette.chroot b/.archive/0005_tmpfile_dublette.chroot similarity index 100% rename from config/hooks/live/0005_tmpfile_dublette.chroot rename to .archive/0005_tmpfile_dublette.chroot diff --git a/config/hooks/live/0001_initramfs_modules.chroot b/config/hooks/live/0001_initramfs_modules.chroot index 2b59889..70f6f8a 100644 --- a/config/hooks/live/0001_initramfs_modules.chroot +++ b/config/hooks/live/0001_initramfs_modules.chroot @@ -13,17 +13,6 @@ set -Ceuo pipefail printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" -####################################### -# Simple error terminal logger. -# Arguments: -# None -####################################### -log(){ printf '[kbd-fix] %s\n' "$*" >&2; } - -log "Ensuring required packages…" -export DEBIAN_FRONTEND=noninteractive -apt-get install -y --no-install-recommends keyboard-configuration console-setup xkb-data - ####################################### # Get all NIC drivers of the current Host machine. # Globals: @@ -365,47 +354,6 @@ EOF chmod 0755 /etc/initramfs-tools/hooks/ciss_debian_live_builder -log "Writing /etc/default/keyboard" -rm -f /etc/default/keyboard -cat << 'EOF' >| /etc/default/keyboard -XKBMODEL="pc105" -XKBLAYOUT="de" -XKBVARIANT="" -XKBOPTIONS="" -BACKSPACE="guess" -EOF - -### Remove remaps & stale caches. -rm -f /etc/console-setup/remap.inc /etc/console-setup/*remap* 2>/dev/null || true -rm -f /etc/console-setup/cached*.kmap.gz 2>/dev/null || true - -### Rebuild the cached console keymap (cache used at boot, avoids runtime warnings). -LANG=C.UTF-8 setupcon --save-only --force --keyboard-only || true - -### Validate (do not fail to build on known harmless 'Unknown X keysym' warnings). -err="$(mktemp)" -if ! LANG=C.UTF-8 ckbcomp -model pc105 -layout de -variant '' -option '' >/dev/null 2>|"${err}"; then - - printf '[kbd-fix] ERROR: ckbcomp failed hard:\n' >&2 - sed -n '1,200p' "${err}" >&2 - exit 127 - -fi - -if grep -q 'Unknown X keysym "dead_belowmacron"' "${err}"; then - - printf '[kbd-fix] WARN: ignoring xkb warning: Unknown X keysym "dead_belowmacron"\n' >&2 - -fi -rm -f "${err}" - -# Ensure keyboard-setup runs late enough on live systems -install -d /etc/systemd/system/keyboard-setup.service.d -cat > /etc/systemd/system/keyboard-setup.service.d/10-after-localfs.conf <<'EOF' -[Unit] -After=local-fs.target -EOF - ### Regenerate the initramfs for the live system kernel update-initramfs -u -k all -v diff --git a/config/hooks/live/9991_file_permissions.chroot b/config/hooks/live/9991_file_permissions.chroot index aaecd89..b5c4ad1 100644 --- a/config/hooks/live/9991_file_permissions.chroot +++ b/config/hooks/live/9991_file_permissions.chroot @@ -107,6 +107,8 @@ find /root -type f ! -perm /111 -exec chmod 0600 {} + ### Ownership: UID:GID (do not dereference symlinks; stay on this filesystem) find /root -xdev -exec chown -h root:root {} + +rm -f /etc/tmpfiles.d/legacy.conf + printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successfully applied. \e[0m\n" "${0}" exit 0 diff --git a/config/hooks/live/9996_auditd.chroot b/config/hooks/live/9996_auditd.chroot index 0325bee..be4cc02 100644 --- a/config/hooks/live/9996_auditd.chroot +++ b/config/hooks/live/9996_auditd.chroot @@ -389,20 +389,9 @@ cat << EOF >| /etc/systemd/system/audit-rules.service.d/10-ciss.conf # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -#[Service] -#ExecStart= -#ExecStart=/sbin/auditctl -R /etc/audit/audit.rules >/dev/null 2>&1 - -[Unit] -After=auditd.service -ConditionSecurity=audit - [Service] -Type=oneshot ExecStart= -ExecStartPre=/bin/sh -c '/sbin/auditctl -D >/dev/null 2>&1 || true' -ExecStart=/sbin/auditctl -R /etc/audit/audit.rules -RemainAfterExit=yes +ExecStart=/sbin/auditctl -R /etc/audit/audit.rules >/dev/null 2>&1 EOF