msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.404.2025.11.10
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 58s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-10 18:59:00 +01:00
parent fa588fcfe2
commit e3dc26858d
11 changed files with 596 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/lib_arg_parser.sh
View File

@@ -354,7 +354,7 @@ arg_parser() {
declare perms
perms=$(stat -c '%a' "${pw_file}")
if [[ "${perms}" -ne 400 ]]; then
chmod 400 "${pw_file}" || {
chmod 0400 "${pw_file}" || {
if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
printf "\e[91m❌ Error: --root-password-file failed to set permissions 0400 on '%s'.\e[0m\n" "${pw_file}" >&2
# shellcheck disable=SC2162

2
lib/lib_cdi.sh
View File

@@ -30,6 +30,8 @@ cdi() {
if [[ "${VAR_HANDLER_CDI}" == "true" ]]; then
install -m 0400 -o root -g root /dev/null /root/.cdi
if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/local/sbin" ]]; then
mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/local/sbin"

11
lib/lib_clean_up.sh
View File

@@ -66,7 +66,7 @@ clean_up() {
fi
### Kill gpg-agent and remove artifacts securely.
if [[ ! "${VAR_CDLB_INSIDE_RUNNER}" == "true" ]]; then
if [[ "${VAR_CDLB_INSIDE_RUNNER}" != "true" ]]; then
if [[ -n "${GNUPGHOME:-}" && -d "${GNUPGHOME}" ]]; then
@@ -96,17 +96,16 @@ clean_up() {
find "${VAR_TMP_SECRET}" -xdev -type f -print0 | xargs -0 --no-run-if-empty shred -fzu -n 5 --
find "${VAR_TMP_SECRET}" -xdev -depth -type d -empty -delete
# TODO: Activate shred
### Securely shred all regular files below ./includes.chroot, then remove empty dirs.
#if [[ -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" ]]; then
if [[ -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" ]]; then
# shellcheck disable=SC2312
# find "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" -xdev -type f -print0 | xargs -0 --no-run-if-empty shred -fzu -n 5 --
find "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" -xdev -type f -print0 | xargs -0 --no-run-if-empty shred -fzu -n 5 --
### Remove empty directories (bottom-up).
# find "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" -depth -xdev -type d -empty -delete
find "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" -depth -xdev -type d -empty -delete
#fi
fi
eval "${_old_nullglob}" 2>/dev/null || true
eval "${_old_dotglob}" 2>/dev/null || true