From ec0ad7e43c2a258eacb87cfbecddf3a2fe14607cb42eea1e389762bcf32ed314 Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Mon, 2 Jun 2025 21:55:46 +0200 Subject: [PATCH] V8.03.256.2025.06.02 Signed-off-by: Marc S. Weidner --- .../generate_PRIVATE_iso_flavour_0.yaml | 6 +-- .../generate_PRIVATE_iso_flavour_1.yaml | 4 +- lib/lib_arg_parser.sh | 49 ++++++++++++++++--- lib/lib_hardening_ultra.sh | 4 +- 4 files changed, 48 insertions(+), 15 deletions(-) diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml index efc07e0..3620538 100644 --- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml +++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml @@ -156,10 +156,10 @@ jobs: --control "${timestamp}" \ --debug \ --dhcp-centurion \ - --jump-host "${{ secrets.CISS_DLB_JUMP_HOSTS }}" \ - --provider-netcup-ipv6 "${{ secrets.CISS_DLB_NETCUP_IPV6 }}" \ + --jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS }} \ + --provider-netcup-ipv6 ${{ secrets.CISS_DLB_NETCUP_IPV6 }} \ --root-password-file /opt/config/password.txt \ - --ssh-port "${{ secrets.CISS_DLB_SSH_PORT }}" \ + --ssh-port ${{ secrets.CISS_DLB_SSH_PORT }} \ --ssh-pubkey /opt/config - name: 📥 Checking Centurion Cloud for existing LIVE ISOs. diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml index bf5fa42..c2ec346 100644 --- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml +++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml @@ -154,9 +154,9 @@ jobs: --architecture amd64 \ --build-directory /opt/livebuild \ --control "${timestamp}" \ - --jump-host "${{ secrets.CISS_DLB_JUMP_HOSTS_1 }}" \ + --jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \ --root-password-file /opt/config/password.txt \ - --ssh-port "${{ secrets.CISS_DLB_SSH_PORT_1 }}" \ + --ssh-port ${{ secrets.CISS_DLB_SSH_PORT_1 }} \ --ssh-pubkey /opt/config - name: 📥 Checking Centurion Cloud for existing LIVE ISOs. diff --git a/lib/lib_arg_parser.sh b/lib/lib_arg_parser.sh index 9e0e096..d961871 100644 --- a/lib/lib_arg_parser.sh +++ b/lib/lib_arg_parser.sh @@ -212,23 +212,56 @@ arg_parser() { ;; --jump-host) - if [[ -n "${2}" && "${2}" != -* ]]; then + if [[ -n "${2}" && "${2}" != -* ]]; then + ### Take the entire blob in raw and split it later + declare raw="${2}" + ### Remove control characters: + raw=$(printf '%s' "${raw}" | tr -d '[:cntrl:]') + ### Split into a temporary array using spaces: + declare split_hosts + IFS=' ' read -r -a split_hosts <<< "${raw}" declare -i count=0 - shift - while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do - declare -g ARY_HANDLER_JUMPHOST+=("$1") - count=$((count + 1)) - shift - done - while [[ "${#}" -gt 0 && "${1}" != -* ]]; do + ### Insert up to ten entries in ARY_HANDLER_JUMPHOST: + declare count h + for h in "${split_hosts[@]}"; do + if [[ ${count} -lt 10 ]]; then + ARY_HANDLER_JUMPHOST+=("${h}") + count=$((count + 1)) + else + break + fi + done + ### Then skip all host values that were originally specified after --jump-host + shift ### Remove: --jump-host + ### Now one must perform as many shifts as there were words in the raw blob: + declare _ + for _ in "${split_hosts[@]}"; do shift done + unset count h raw split_hosts _ else if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi printf "\e[91m❌ Error: --jump-host MUST contain one or up to ten IPs.\e[0m\n" >&2 read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m' exit "${ERR_ARG_MSMTCH}" fi + #if [[ -n "${2}" && "${2}" != -* ]]; then + # declare -i count=0 + # shift + # while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do + # declare -g ARY_HANDLER_JUMPHOST+=("$1") + # count=$((count + 1)) + # shift + # done + # while [[ "${#}" -gt 0 && "${1}" != -* ]]; do + # shift + # done + #else + # if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi + # printf "\e[91m❌ Error: --jump-host MUST contain one or up to ten IPs.\e[0m\n" >&2 + # read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m' + # exit "${ERR_ARG_MSMTCH}" + #fi ;; --log-statistics-only) diff --git a/lib/lib_hardening_ultra.sh b/lib/lib_hardening_ultra.sh index 98ffbeb..e7f5517 100644 --- a/lib/lib_hardening_ultra.sh +++ b/lib/lib_hardening_ultra.sh @@ -148,7 +148,7 @@ hardening_ultra() { declare host for host in "${ARY_HANDLER_JUMPHOST_UNIQUE[@]}"; do ((line++)) - sed -i "${line}a ufw allow from \"${host}\" to any port \"${sshport}\" proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file" + sed -i "${line}a ufw allow from ${host} to any port ${sshport} proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file" done fi @@ -179,7 +179,7 @@ hardening_ultra() { declare host for host in "${ARY_HANDLER_JUMPHOST_UNIQUE[@]}"; do ((line++)) - sed -i "${line}a ufw allow from \"${host}\" to any port \"${sshport}\" proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file" + sed -i "${line}a ufw allow from ${host} to any port ${sshport} proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file" done fi fi