msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.02.768.2025.06.01

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-06-01 20:23:19 +02:00
parent 6e1cf484ee
commit ea76e9d5cb
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.gitea/workflows/render-dnssec-status.yaml
View File

@@ -29,6 +29,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Prepare SSH Setup, SSH Deploy Key, Known Hosts, config.
shell: bash
run: |
rm -rf ~/.ssh
mkdir -p ~/.ssh
@@ -54,6 +55,7 @@ jobs:
### https://github.com/actions/checkout/issues/1843
- name: Use manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
run: |
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
@@ -62,21 +64,25 @@ jobs:
GITHUB_REF_NAME: ${{ github.ref_name }}
- name: Clean workspace.
shell: bash
run: |
git reset --hard
git clean -fd
- name: Convert APT sources to HTTPS.
shell: bash
run: |
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
- name: Install DNSViz.
shell: bash
run: |
sudo apt-get update
sudo apt-get install -y dnsviz
- name: Import CI PGP DEPLOY ONLY Key.
shell: bash
run: |
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
@@ -86,9 +92,9 @@ jobs:
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
shell: bash
- name: Configure Git for signed CI DEPLOY commits.
shell: bash
run: |
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
@@ -98,27 +104,32 @@ jobs:
git config gpg.format openpgp
- name: Ensure docs/SECURITY/ directory exists.
shell: bash
run: |
mkdir -p docs/SECURITY/
rm -f docs/SECURITY/coresecret.dev.png
- name: Prepare DNS Cache.
shell: bash
run: |
sudo apt-get install -y dnsutils
dig +dnssec +multi coresecret.dev @8.8.8.8
- name: Retrieve Zone Dump and generate .png Visualization.
shell: bash
run: |
dnsviz probe -s 8.8.8.8 -R SOA,A,AAAA,CAA,CDS,CDNSKEY,LOC,HTTPS,MX,NS,TXT coresecret.dev >| coresecret.dev.json
dnsviz graph -T png < coresecret.dev.json >| docs/SECURITY/coresecret.dev.png
- name: Stage generated files.
shell: bash
run: |
git add docs/SECURITY/*.png
env:
GIT_SSH_COMMAND: "ssh -p 42842"
- name: Commit and Sign changes.
shell: bash
run: |
export GNUPGHOME="$(pwd)/.gnupg"
git commit -S -m "DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci]" || echo "No Changes, nothing to Sign or to Commit."
@@ -126,6 +137,7 @@ jobs:
GIT_SSH_COMMAND: "ssh -p 42842"
- name: Push back to Repository.
shell: bash
run: |
git push origin HEAD:${GITHUB_REF_NAME}
env:

2
var/global.var.sh
View File

@@ -55,7 +55,7 @@ declare -ga ARY_HANDLER_JUMPHOST_UNIQUE=()
declare -gir ERR_UNCRITICAL=127
declare -gir ERR_NOT_USER_0=128 # Not running as root
declare -gir ERR_FLOCK_WRTG=129 # Cannot open lockfile for writing
declare -gir ERR_FLOCK_COLL=130 # Script is already running
declare -gir ERR_FLOCK_COLL=130 # The Script is already running
declare -gir ERR_SPLASH_PNG=200 # --change-splash MUST be 'club' or 'hexagon'
declare -gir ERR_CONTROL_CT=201 # --control MUST be an integer between '1' and '65535'
declare -gir ERR_RENICE_PRI=202 # --renice-priority MUST an integer between '-19' and '19'