msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.512.2025.11.28
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m24s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-28 00:44:01 +00:00
parent 25e7ba63ed
commit ec00877857
3 changed files with 5 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config/hooks/live/9999_zzzz.chroot
View File

@@ -20,7 +20,7 @@ rm -f /root/ciss_xdg_tmp.sh
rm -fr /root/build rm -fr /root/build
find /etc /home /root /usr /var -type f -name '.keep' -print -delete find /etc /home /root /usr /var -type f -name '.keep' -print -delete
### Securing '/root/.ciss' ---------------------------------------------------------------------------------------------------------- ### Securing '/root/.ciss' -----------------------------------------------------------------------------------------------------
find /root/.ciss -type d -exec chmod 0700 {} + find /root/.ciss -type d -exec chmod 0700 {} +
find /root/.ciss -type f -exec chmod 0440 {} + find /root/.ciss -type f -exec chmod 0440 {} +
@@ -30,6 +30,10 @@ find /etc/ciss/keys -type f -exec chmod 0440 {} +
### Regenerate the initramfs for the live system kernel ------------------------------------------------------------------------ ### Regenerate the initramfs for the live system kernel ------------------------------------------------------------------------
update-initramfs -u -k all -v update-initramfs -u -k all -v
### Prepare '/etc/resolv.conf' for systemd-networkd ----------------------------------------------------------------------------
rm -f /etc/resolv.conf
ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
### Determine the canonical systemd unit dir inside chroot --------------------------------------------------------------------- ### Determine the canonical systemd unit dir inside chroot ---------------------------------------------------------------------
if [[ -d /lib/systemd/system ]]; then if [[ -d /lib/systemd/system ]]; then

16
config/includes.chroot/etc/resolv.conf
View File

@@ -1,16 +0,0 @@
# bashsupport disable=BP5007
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-11-26; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
ln -s /run/systemd/resolve/stub-resolv.conf /run/systemd/resolve/stub-resolv.conf
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf

1
docs/CHANGELOG.md
View File

@@ -17,7 +17,6 @@ include_toc: true
* **Global**: Transition of license agreements to: * **Global**: Transition of license agreements to:
* [CCLA-1.1.txt](LICENSES/CCLA-1.1.txt) * [CCLA-1.1.txt](LICENSES/CCLA-1.1.txt)
* [CNCL-1.1.txt](LICENSES/CNCL-1.1.txt) * [CNCL-1.1.txt](LICENSES/CNCL-1.1.txt)
* **Added**: [resolv.conf](../config/includes.chroot/etc/resolv.conf)
* **Added**: [90-ciss-ethernet.network](../config/includes.chroot/etc/systemd/network/90-ciss-ethernet.network) * **Added**: [90-ciss-ethernet.network](../config/includes.chroot/etc/systemd/network/90-ciss-ethernet.network)
* **Added**: [90-ciss-networkd.preset](../config/includes.chroot/usr/lib/systemd/system-preset/90-ciss-networkd.preset) * **Added**: [90-ciss-networkd.preset](../config/includes.chroot/usr/lib/systemd/system-preset/90-ciss-networkd.preset)
* **Changed**: [unlock_wrapper.sh](../config/includes.chroot/etc/initramfs-tools/files/unlock_wrapper.sh) * **Changed**: [unlock_wrapper.sh](../config/includes.chroot/etc/initramfs-tools/files/unlock_wrapper.sh)