msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.528.2025.12.03
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m2s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-12-03 16:13:22 +01:00
parent 1ff53fa378
commit ccaaa0a949
4 changed files with 44 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
config/hooks/live/0000_basic_chroot_setup.chroot
View File

@@ -258,6 +258,23 @@ ln -sf /lib/systemd/system/systemd-resolved.service /etc/systemd/system/multi-us
ln -sf /lib/systemd/system/systemd-resolved.socket /etc/systemd/system/sockets.target.wants/systemd-resolved.socket ln -sf /lib/systemd/system/systemd-resolved.socket /etc/systemd/system/sockets.target.wants/systemd-resolved.socket
cat << EOF >| /etc/systemd/system/ciss-fix-resolvconf.service
[Unit]
Description=Force systemd-resolved stub resolv.conf
After=network-online.target
Before=apt-daily.service
[Service]
Type=oneshot
ExecStart=/usr/bin/rm -f /etc/resolv.conf
ExecStart=/usr/bin/ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
[Install]
WantedBy=multi-user.target
EOF
ln -sf /etc/systemd/system/ciss-fix-resolvconf.service /etc/systemd/system/multi-user.target.wants/ciss-fix-resolvconf.service
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
exit 0 exit 0

4
config/includes.chroot/usr/lib/live/boot/0042_ciss_post_decrypt_attest
View File

@@ -78,7 +78,7 @@ KEYFILE="${CDLB_KEY_DIR}/${CDLB_EXP_FPR}.gpg"
log_in "0042() : Verifying rootfs attestation with 'gpgv' and inside LUKS encrypted rootfs pinned GPG FPR." log_in "0042() : Verifying rootfs attestation with 'gpgv' and inside LUKS encrypted rootfs pinned GPG FPR."
_STATUS="$(gpgv --no-default-keyring --keyring "${KEYFILE}" --status-fd 1 --verify "${SIGN_FILE}" "${HASH_FILE}" 2>/dev/null)" _STATUS="$(/usr/bin/gpgv --keyring "${KEYFILE}" --status-fd 1 "${SIGN_FILE}" "${HASH_FILE}")"
_CDLB_SIG_FILE_FPR="$(printf '%s\n' "${_STATUS}" | awk '/^\[GNUPG:\] VALIDSIG /{print $3; exit}')" _CDLB_SIG_FILE_FPR="$(printf '%s\n' "${_STATUS}" | awk '/^\[GNUPG:\] VALIDSIG /{print $3; exit}')"
### Compare against pinned and expected fingerprint. --------------------------------------------------------------------------- ### Compare against pinned and expected fingerprint. ---------------------------------------------------------------------------
@@ -96,7 +96,7 @@ fi
### 'dmsetup' health check ----------------------------------------------------------------------------------------------------- ### 'dmsetup' health check -----------------------------------------------------------------------------------------------------
MAP_DEV="/dev/mapper/${CDLB_MAPPER_NAME}" MAP_DEV="/dev/mapper/${CDLB_MAPPER_NAME}"
if [ -e "${MAP_DEV}" ]; then if [ -b "${MAP_DEV}" ]; then
log_in "0042() : Checking dmsetup table for ${MAP_DEV}" log_in "0042() : Checking dmsetup table for ${MAP_DEV}"

2
lib/lib_provider_netcup.sh
View File

@@ -56,7 +56,7 @@ DNS=138.199.237.109
DNS=2a01:4f9:c012:a813:135:181:207:105 DNS=2a01:4f9:c012:a813:135:181:207:105
DNS=2a0a:4cc0:1:e6:89:58:62:53 DNS=2a0a:4cc0:1:e6:89:58:62:53
DNS=2a01:4f8:c013:8011:138:199:237:109 DNS=2a01:4f8:c013:8011:138:199:237:109
DNSOverTLS=yes DNSOverTLS=opportunistic
DNSSEC=yes DNSSEC=yes
IPv6AcceptRA=no IPv6AcceptRA=no
LinkLocalAddressing=ipv6 LinkLocalAddressing=ipv6