msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V9.14.024.2026.06.11
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2026-06-11 21:15:37 +01:00
parent 666111df0e
commit bd5c7729a2
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/includes.chroot/usr/lib/live/boot/0042_ciss_post_decrypt_attest
+7 -3
View File
@@ -26,7 +26,6 @@
set -eu
printf "\e[95m[INFO] Starting : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] \n\e[0m"
sleep 2
### Check panic command availability -------------------------------------------------------------------------------------------
if ! command -v panic >/dev/null 2>&1; then
@@ -188,7 +187,6 @@ stream_rootfs_payload() {
block_size=1048576
full_blocks=$((payload_size / block_size))
remainder=$((payload_size % block_size))
remainder_offset=$((full_blocks * block_size))
if [ "${full_blocks}" -gt 0 ]; then
@@ -198,7 +196,7 @@ stream_rootfs_payload() {
if [ "${remainder}" -gt 0 ]; then
dd if="${payload_device}" bs=1 skip="${remainder_offset}" count="${remainder}" 2>/dev/null || return 1
dd if="${payload_device}" bs="${block_size}" skip="${full_blocks}" count=1 2>/dev/null | dd bs=1 count="${remainder}" 2>/dev/null || return 1
fi
@@ -286,11 +284,17 @@ HASH_FILE="${CDLB_ROOTFS_ATTEST_MANIFEST}"
SIGN_FILE="${CDLB_ROOTFS_ATTEST_SIGNATURE}"
KEYFILE="${CDLB_KEY_DIR}/${CDLB_EXP_FPR}.gpg"
log_in "0042() : Validating [${KEYFILE}]"
require_attestation_file "Public key" "${KEYFILE}"
log_in "0042() : Validating [${HASH_FILE}]"
require_attestation_file "Rootfs attestation manifest" "${HASH_FILE}"
log_in "0042() : Validating [${SIGN_FILE}]"
require_attestation_file "Rootfs attestation signature" "${SIGN_FILE}"
log_in "0042() : Validating [${CDLB_MAPPER_DEV}]"
require_rootfs_payload_device "${CDLB_MAPPER_DEV}"
log_ok "0042() : Rootfs attestation inputs are present and readable."
log_in "0042() : Verifying rootfs attestation manifest with 'gpgv' and pinned GPG FPR."
if ! _STATUS="$(/usr/bin/gpgv --keyring "${KEYFILE}" --status-fd 1 "${SIGN_FILE}" "${HASH_FILE}" 2>&1)"; then
config/includes.chroot/usr/lib/live/boot/9990-overlay.sh
-2
View File
@@ -498,7 +498,6 @@ setup_unionfs ()
### CISS override for /usr/lib/live/boot/0042_ciss_post_decrypt_attest -------------------------------------------------------
printf "\e[95m[INFO] Calling : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] ... \n\e[0m"
chmod +x /usr/lib/live/boot/0042_ciss_post_decrypt_attest
sleep 2
if [ -x /usr/lib/live/boot/0042_ciss_post_decrypt_attest ]; then
@@ -515,7 +514,6 @@ setup_unionfs ()
fi
printf "\e[92m[INFO] Calling : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] done. \n\e[0m"
sleep 2
### CISS override for /usr/lib/live/boot/0042_ciss_post_decrypt_attest -------------------------------------------------------
printf "\e[92m[INFO] Successfully applied : [/usr/lib/live/boot/9990-overlay.sh] \n\e[0m"