msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.528.2025.12.03
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m4s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-12-03 14:30:25 +01:00
parent a8a7e3994e
commit b8abd17237
8 changed files with 235 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums
View File

@@ -16,7 +16,7 @@
### Modified Version of the original file: ### Modified Version of the original file:
### https://salsa.debian.org/live-team/live-boot 'components/0030-ciss-verify-checksums' ### https://salsa.debian.org/live-team/live-boot 'components/0030-ciss-verify-checksums'
### In case of successful verification of the offered checksum, proceed with booting; otherwise panic. ### If the offered checksum is successfully verified, proceed with booting. Otherwise, panic.
####################################### #######################################
# Modified checksum-integrity and authenticity-verification-script depending on pinned GPG FPR for boot process verification. # Modified checksum-integrity and authenticity-verification-script depending on pinned GPG FPR for boot process verification.

20
config/includes.chroot/usr/lib/live/boot/0042_ciss_post_decrypt_attest
View File

@@ -92,9 +92,9 @@ HASH_FILE="${CDLB_ATTEST_FPR_SHA}"
SIGN_FILE="${CDLB_ATTEST_FPR_SIG}" SIGN_FILE="${CDLB_ATTEST_FPR_SIG}"
KEYFILE="${CDLB_KEY_DIR}/${CDLB_EXP_FPR}.gpg" KEYFILE="${CDLB_KEY_DIR}/${CDLB_EXP_FPR}.gpg"
[ -s "${KEYFILE}" ] || { log_er "0042() : No public key found under: [${CDLB_KEY_DIR}/${CDLB_EXP_FPR}.gpg]"; exit 42; } [ -s "${KEYFILE}" ] || { log_er "0042() : No public key found under: [${CDLB_KEY_DIR}/${CDLB_EXP_FPR}.gpg]"; exit 42; }
[ -s "${HASH_FILE}" ] || { log_er "0042() : Attestation data missing: [${HASH_FILE}]"; exit 42; } [ -s "${HASH_FILE}" ] || { log_er "0042() : Attestation data missing: [${HASH_FILE}]"; exit 42; }
[ -s "${SIGN_FILE}" ] || { log_er "0042() : Attestation signature missing: [${SIGN_FILE}]"; exit 42; } [ -s "${SIGN_FILE}" ] || { log_er "0042() : Attestation signature missing: [${SIGN_FILE}]"; exit 42; }
log_in "0042() : Verifying rootfs attestation with 'gpgv' and inside LUKS encrypted rootfs pinned GPG FPR." log_in "0042() : Verifying rootfs attestation with 'gpgv' and inside LUKS encrypted rootfs pinned GPG FPR."
@@ -108,7 +108,7 @@ if [ "${_CDLB_SIG_FILE_FPR}" = "${CDLB_EXP_FPR}" ]; then
else else
log_er "0042() : Signature FPR mismatch: got: [${_CDLB_SIG_FILE_FPR}] expected: [${CDLB_EXP_FPR}]" log_er "0042() : Signature FPR mismatch: got: [${_CDLB_SIG_FILE_FPR}] expected: [${CDLB_EXP_FPR}]"
#sleep 8 #sleep 8
#panic "[FATAL] Signature FPR mismatch: got: [${_CDLB_SIG_FILE_FPR}] expected: [${CDLB_EXP_FPR}]." #panic "[FATAL] Signature FPR mismatch: got: [${_CDLB_SIG_FILE_FPR}] expected: [${CDLB_EXP_FPR}]."
@@ -127,7 +127,7 @@ if [ -e "${MAP_DEV}" ]; then
else else
log_er "0042() : Top layer is NOT 'crypt'." log_er "0042() : Top layer is NOT 'crypt'."
#sleep 8 #sleep 8
#panic "[FATAL] Top layer is NOT 'crypt'." #panic "[FATAL] Top layer is NOT 'crypt'."
@@ -139,7 +139,7 @@ if [ -e "${MAP_DEV}" ]; then
else else
log_er "0042() : Cipher does not look like AES-XTS." log_er "0042() : Cipher does not look like AES-XTS."
#sleep 8 #sleep 8
#panic "[FATAL] Cipher does not look like AES-XTS." #panic "[FATAL] Cipher does not look like AES-XTS."
@@ -168,10 +168,10 @@ esac
log_in "Checking underlying integrity target: ${CHILD_NAME}" log_in "Checking underlying integrity target: ${CHILD_NAME}"
CHILD_TAB="$(/usr/sbin/dmsetup table --showkeys "${CHILD_NAME}" 2>/dev/null || true)" CHILD_TAB="$(/usr/sbin/dmsetup table --showkeys "${CHILD_NAME}" 2>/dev/null || true)"
printf '%s\n' "${CHILD_TAB}" | grep -q ' integrity ' || { log_er "0042() : Underlying layer is not 'integrity'"; } printf '%s\n' "${CHILD_TAB}" | grep -q ' integrity ' || { log_er "0042() : Underlying layer is not 'integrity'"; }
printf '%s\n' "${CHILD_TAB}" | grep -qi 'hmac' || { log_er "0042() : Integrity target not using keyed MAC (hmac)"; } printf '%s\n' "${CHILD_TAB}" | grep -qi 'hmac' || { log_er "0042() : Integrity target not using keyed MAC (hmac)"; }
printf '%s\n' "${CHILD_TAB}" | grep -qi 'sha512' || { log_er "0042() : Integrity algo not sha512"; } printf '%s\n' "${CHILD_TAB}" | grep -qi 'sha512' || { log_er "0042() : Integrity algo not sha512"; }
printf '%s\n' "${CHILD_TAB}" | grep -Eq '\b4096\b' || { log_er "0042() : Expected 4096-byte sector size not found"; } printf '%s\n' "${CHILD_TAB}" | grep -Eq '\b4096\b' || { log_er "0042() : Expected 4096-byte sector size not found"; }
log_ok "0042() : dm-crypt and dm-integrity(HMAC-SHA512, 4096B) chain looks healthy." log_ok "0042() : dm-crypt and dm-integrity(HMAC-SHA512, 4096B) chain looks healthy."

4
config/includes.chroot/usr/lib/live/boot/9990-main.sh
View File

@@ -15,8 +15,8 @@
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Modified Version of the original file: ### Modified Version of the original file:
### https://salsa.debian.org/live-team/live-boot 'components/9990-main.shh' ### https://salsa.debian.org/live-team/live-boot 'components/9990-main.sh'
### Change behavior to mount already opened ciss_rootfs.crypt (0024-ciss-crypt-squash). ### Change the behavior so that the ciss_rootfs.crypt (0024-ciss-crypt-squash) is mounted when it is opened.
# set -e # set -e

218
config/includes.chroot/usr/lib/live/boot/9990-networking.sh Normal file
View File

@@ -0,0 +1,218 @@
#!/bin/sh
# bashsupport disable=BP5007
# shellcheck disable=SC2249
# shellcheck shell=sh
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-11-12; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Modified Version of the original file:
### https://salsa.debian.org/live-team/live-boot 'components/9990-networking.sh'
### Change the behavior so that the systemd-networkd stack '/etc/resolv.conf' is not overwritten.
# set -e
printf "\e[95m[INFO] Sourcing : [/usr/lib/live/boot/9990-networking.sh] \n\e[0m"
Device_from_bootif ()
{
# Support for Syslinux IPAPPEND parameter
# it sets the BOOTIF variable on the kernel parameter
if [ -n "${BOOTIF}" ]
then
# Pxelinux sets BOOTIF to a value based on the mac address of the
# network card used to PXE boot, so use this value for DEVICE rather
# than a hard-coded device name from initramfs.conf. This facilitates
# network booting when machines may have multiple network cards.
# Pxelinux sets BOOTIF to 01-$mac_address
# Strip off the leading "01-", which isn't part of the mac
# address
temp_mac=${BOOTIF#*-}
# Convert to the typical mac address format by replacing "-" with ":"
bootif_mac=""
IFS='-'
for x in ${temp_mac}
do
if [ -z "${bootif_mac}" ]
then
bootif_mac="${x}"
else
bootif_mac="${bootif_mac}:${x}"
fi
done
unset IFS
# Look for devices with matching mac address and set DEVICE to
# appropriate value if match is found.
for device in /sys/class/net/*
do
if [ -f "${device}/address" ]
then
current_mac=$(cat "${device}/address")
if [ "${bootif_mac}" = "${current_mac}" ]
then
DEVICE=${device##*/}
break
fi
fi
done
fi
}
do_netsetup ()
{
printf "\e[95m[INFO] do_netsetup() : [/usr/lib/live/boot/9990-networking.sh] \n\e[0m"
modprobe -q af_packet # For DHCP
udevadm trigger
udevadm settle
[ -n "${ETHDEV_TIMEOUT}" ] || ETHDEV_TIMEOUT=15
echo "Using timeout of ${ETHDEV_TIMEOUT} seconds for network configuration."
if [ -z "${NETBOOT}" ] && [ -z "${FETCH}" ] && [ -z "${HTTPFS}" ] && [ -z "${FTPFS}" ]
then
# See if we can select the device from BOOTIF
Device_from_bootif
# if ethdevice was not specified on the kernel command line,
# make sure we try to get a working network configuration
# for *every* present network device (except for loopback of course)
if [ -z "${ETHDEVICE}" ]
then
echo "If you want to boot from a specific device use bootoption ethdevice=..."
for device in /sys/class/net/*
do
dev=${device##*/}
if [ "${dev}" != "lo" ]
then
ETHDEVICE="${ETHDEVICE} ${dev}"
fi
done
fi
# Split args of ethdevice=eth0,eth1 into "eth0 eth1"
for device in $(echo "${ETHDEVICE}" | sed 's/,/ /g')
do
devlist="${devlist} ${device}"
done
for dev in ${devlist}
do
echo "Executing ipconfig -t ${ETHDEV_TIMEOUT} ${dev}"
ipconfig -t "${ETHDEV_TIMEOUT}" "${dev}" | tee -a /netboot.config
# if configuration of a device worked, we should have an assigned
# IP address, if so, let's use the device as $DEVICE for later usage.
# Simple and primitive approach, which seems to work fine
if ifconfig "${dev}" | grep -q -E 'inet.*addr:|inet [0-9][0-9]*.[0-9][0-9]*.[0-9][0-9]*.[0-9][0-9]*'
then
export DEVICE="${dev}"
break
fi
done
else
for interface in ${DEVICE}; do
ipconfig -t "${ETHDEV_TIMEOUT}" "${interface}" | tee "/netboot-${interface}.config"
# shellcheck disable=SC1090
[ -e "/run/net-${interface}.conf" ] && . "/run/net-${interface}.conf"
if [ "${IPV4ADDR}" != "0.0.0.0" ]
then
break
fi
done
fi
for interface in ${DEVICE}
do
# source relevant ipconfig output
OLDHOSTNAME=${HOSTNAME}
# shellcheck disable=SC1090
[ -e "/run/net-${interface}.conf" ] && . "/run/net-${interface}.conf"
[ -z "${HOSTNAME}" ] && HOSTNAME="${OLDHOSTNAME}"
export HOSTNAME
if [ -n "${interface}" ]
then
# HWADDR used by do_iscsi from 9990-mount-iscsi.sh
# shellcheck disable=SC2034
HWADDR="$(cat "/sys/class/net/${interface}/address")"
fi
if [ ! -e "/etc/hostname" ] && [ -n "${HOSTNAME}" ]
then
echo "Creating /etc/hostname"
echo "${HOSTNAME}" > /etc/hostname
fi
# Only create /etc/hosts if FQDN is known (to let 'hostname -f' query
# this file). Otherwise, DNS will be queried to determine the FQDN.
if [ ! -e "/etc/hosts" ] && [ -n "${DNSDOMAIN}" ]
then
echo "Creating /etc/hosts"
cat > /etc/hosts <<EOF
127.0.0.1 localhost
127.0.1.1 ${HOSTNAME}.${DNSDOMAIN} ${HOSTNAME}
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOF
fi
if [ ! -e "/etc/resolv.conf" ]
then
echo "Creating /etc/resolv.conf"
if [ -n "${DNSDOMAIN}" ]
then
echo "domain ${DNSDOMAIN}" > /etc/resolv.conf
fi
for i in ${IPV4DNS0} ${IPV4DNS1} ${IPV4DNS1} ${DNSSERVERS}
do
if [ -n "${i}" ] && [ "${i}" != 0.0.0.0 ]
then
echo "nameserver ${i}" >> /etc/resolv.conf
fi
done
if [ -n "${DOMAINSEARCH}" ]
then
echo "search ${DOMAINSEARCH}" >> /etc/resolv.conf
elif [ -n "${DNSDOMAIN}" ]
then
echo "search ${DNSDOMAIN}" >> /etc/resolv.conf
fi
fi
# Check if we have a network device at all
if ! ls /sys/class/net/"${interface}" > /dev/null 2>&1 && \
! ls /sys/class/net/eth0 > /dev/null 2>&1 && \
! ls /sys/class/net/wlan0 > /dev/null 2>&1 && \
! ls /sys/class/net/ath0 > /dev/null 2>&1 && \
! ls /sys/class/net/ra0 > /dev/null 2>&1
then
panic "No supported network device found, maybe a non-mainline driver is required."
fi
done
printf "\e[92m[INFO] Successfully applied : [/usr/lib/live/boot/9990-networking.sh/do_netsetup()] \n\e[0m"
}

2
config/includes.chroot/usr/lib/live/boot/9990-overlay.sh
View File

@@ -16,7 +16,7 @@
### Modified Version of the original file: ### Modified Version of the original file:
### https://salsa.debian.org/live-team/live-boot 'components/9990-overlay.sh' ### https://salsa.debian.org/live-team/live-boot 'components/9990-overlay.sh'
### Change behavior to mount already opened ciss_rootfs.crypt (0024-ciss-crypt-squash). ### Change the behavior so that the ciss_rootfs.crypt (0024-ciss-crypt-squash) is mounted when it is opened.
#set -e #set -e

2
lib/lib_cdi.sh
View File

@@ -44,7 +44,7 @@ cdi() {
tmp_entry="$(mktemp)" tmp_entry="$(mktemp)"
cat << EOF >| "${tmp_entry}" cat << EOF >| "${tmp_entry}"
menuentry "CISS Hardened DI (${VAR_KERNEL})" --hotkey=i { menuentry "CISS Hardened DI (${VAR_KERNEL})" --hotkey=i {
linux /live/vmlinuz-${VAR_KERNEL} boot=live ciss_iso_label=CISS.debian.live ciss_crypt_path=/live/ciss_rootfs.crypt components ip=dhcp keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= locales=en_US.UTF-8 noautologin nottyautologin nox11autologin noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Etc/UTC toram verify-checksums=sha512,sha384 verify-checksums-signatures apparmor=1 security=apparmor audit_backlog_limit=262144 audit=1 debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=integrity loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=0 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none findiso=\${iso_path} linux /live/vmlinuz-${VAR_KERNEL} boot=live ciss_iso_label=CISS.debian.live ciss_crypt_path=/live/ciss_rootfs.crypt components keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= locales=en_US.UTF-8 noautologin nottyautologin nox11autologin noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Etc/UTC toram verify-checksums=sha512,sha384 verify-checksums-signatures apparmor=1 security=apparmor audit_backlog_limit=262144 audit=1 debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=integrity loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=0 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none findiso=\${iso_path}
initrd /live/initrd.img-${VAR_KERNEL} initrd /live/initrd.img-${VAR_KERNEL}
} }
EOF EOF

2
lib/lib_lb_config_write_trixie.sh
View File

@@ -45,7 +45,7 @@ lb_config_write_trixie() {
--binary-filesystem fat32 \ --binary-filesystem fat32 \
--binary-image iso-hybrid \ --binary-image iso-hybrid \
--bootappend-install "auto=true priority=critical clock-setup/utc=true console-setup/ask_detect=false debian-installer/country=US debian-installer/language=en debian-installer/locale=en_US.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/model=pc105 localechooser/supported-locales=en_US.UTF-8 time/zone=Etc/UTC splash audit_backlog_limit=262144 audit=1 debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=integrity loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \ --bootappend-install "auto=true priority=critical clock-setup/utc=true console-setup/ask_detect=false debian-installer/country=US debian-installer/language=en debian-installer/locale=en_US.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/model=pc105 localechooser/supported-locales=en_US.UTF-8 time/zone=Etc/UTC splash audit_backlog_limit=262144 audit=1 debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=integrity loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \
--bootappend-live "boot=live ciss_iso_label=CISS.debian.live ciss_crypt_path=/live/ciss_rootfs.crypt components ip=dhcp keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= locales=en_US.UTF-8 noautologin nottyautologin nox11autologin noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Etc/UTC toram verify-checksums=sha512,sha384 verify-checksums-signatures apparmor=1 security=apparmor audit_backlog_limit=262144 audit=1 debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=integrity loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=0 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none" \ --bootappend-live "boot=live ciss_iso_label=CISS.debian.live ciss_crypt_path=/live/ciss_rootfs.crypt components keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= locales=en_US.UTF-8 noautologin nottyautologin nox11autologin noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Etc/UTC toram verify-checksums=sha512,sha384 verify-checksums-signatures apparmor=1 security=apparmor audit_backlog_limit=262144 audit=1 debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=integrity loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=0 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none" \
--bootloaders grub-efi \ --bootloaders grub-efi \
--cache true \ --cache true \
--checksums sha512 sha384 sha256 \ --checksums sha512 sha384 sha256 \

8
lib/lib_provider_netcup.sh
View File

@@ -19,7 +19,6 @@ guard_sourcing || return "${ERR_GUARD_SRCE}"
# BASH_SOURCE # BASH_SOURCE
# VAR_HANDLER_BUILD_DIR # VAR_HANDLER_BUILD_DIR
# VAR_HANDLER_NETCUP_IPV6 # VAR_HANDLER_NETCUP_IPV6
# VAR_WORKDIR
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
@@ -57,7 +56,7 @@ DNS=138.199.237.109
DNS=2a01:4f9:c012:a813:135:181:207:105 DNS=2a01:4f9:c012:a813:135:181:207:105
DNS=2a0a:4cc0:1:e6:89:58:62:53 DNS=2a0a:4cc0:1:e6:89:58:62:53
DNS=2a01:4f8:c013:8011:138:199:237:109 DNS=2a01:4f8:c013:8011:138:199:237:109
DNSOverTLS=opportunistic DNSOverTLS=yes
DNSSEC=yes DNSSEC=yes
IPv6AcceptRA=no IPv6AcceptRA=no
LinkLocalAddressing=ipv6 LinkLocalAddressing=ipv6
@@ -81,11 +80,6 @@ UseHostname=no
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF EOF
#sed -i "s|MUST_BE_REPLACED|${handler_netcup_ipv6_string}|g" "${VAR_WORKDIR}/scripts/etc/network/9999_interfaces_update_netcup.chroot"
#rm -f "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9999_interfaces_update.chroot"
#cp "${VAR_WORKDIR}/scripts/etc/network/9999_interfaces_update_netcup.chroot" "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9999_interfaces_update.chroot"
#chmod 0755 "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9999_interfaces_update.chroot"
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successfully applied. \e[0m\n" "${BASH_SOURCE[0]}" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successfully applied. \e[0m\n" "${BASH_SOURCE[0]}"
fi fi