V8.02.644.2025.05.31
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / build-dnssec-diagram (push) Successful in 30s
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / build-dnssec-diagram (push) Successful in 30s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -13,15 +13,15 @@
|
||||
#######################################
|
||||
# Updates the Live ISO to use root password authentication for local console access.
|
||||
# Globals:
|
||||
# HANDLER_BUILD_DIR
|
||||
# HASHED_PWD
|
||||
# VAR_HANDLER_BUILD_DIR
|
||||
# VAR_HASHED_PWD
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# 0: In case no root password is desired.
|
||||
#######################################
|
||||
hardening_root_pw() {
|
||||
if [[ -z ${HASHED_PWD} ]]; then
|
||||
if [[ -z ${VAR_HASHED_PWD} ]]; then
|
||||
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ No Root Password for Console set, skipping root password hook.\e[0m\n"
|
||||
# sleep 1
|
||||
return 0
|
||||
@@ -30,7 +30,7 @@ hardening_root_pw() {
|
||||
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Setup Root Password for Console ... \e[0m\n"
|
||||
# sleep 1
|
||||
|
||||
declare cfg_dir="${HANDLER_BUILD_DIR}/config/includes.chroot/etc/live"
|
||||
declare cfg_dir="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/live"
|
||||
declare cfg_file="${cfg_dir}/config.conf"
|
||||
declare dropin_dir="${cfg_dir}/config.conf.d"
|
||||
declare dropin_file="${dropin_dir}/20-root-password.conf"
|
||||
@@ -45,27 +45,27 @@ EOF
|
||||
sed -i -E 's|LIVE_CONFIGS="([^"]*)"|LIVE_CONFIGS="\1 root-password"|' "${cfg_file}"
|
||||
fi
|
||||
|
||||
declare clean_hash="${HASHED_PWD//\"/}"
|
||||
declare clean_hash="${VAR_HASHED_PWD//\"/}"
|
||||
|
||||
printf 'live-config.root-password-hash=%s\n' "${clean_hash}" >| "${dropin_file}"
|
||||
chmod 0600 "${dropin_file}"
|
||||
chown root:root "${dropin_file}"
|
||||
|
||||
mkdir -p "${HANDLER_BUILD_DIR}/config/includes.chroot/root"
|
||||
printf '%s\n' "${clean_hash}" >| "${HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
|
||||
chmod 0600 "${HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
|
||||
chown root:root "${HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
|
||||
mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root"
|
||||
printf '%s\n' "${clean_hash}" >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
|
||||
chmod 0600 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
|
||||
chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
|
||||
|
||||
mkdir -p "${HANDLER_BUILD_DIR}"/config/includes.chroot/etc/systemd/system/getty@tty1.service.d
|
||||
cat << 'EOF' >| "${HANDLER_BUILD_DIR}"/config/includes.chroot/etc/systemd/system/getty@tty1.service.d/override.conf
|
||||
mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/systemd/system/getty@tty1.service.d
|
||||
cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/systemd/system/getty@tty1.service.d/override.conf
|
||||
[Service]
|
||||
ExecStart=
|
||||
#ExecStart=-/usr/sbin/agetty --noclear %I $TERM
|
||||
ExecStart=-agetty --noclear %I $TERM
|
||||
EOF
|
||||
|
||||
mkdir -p "${HANDLER_BUILD_DIR}"/config/includes.chroot/etc
|
||||
cat << 'EOF' >| "${HANDLER_BUILD_DIR}"/config/includes.chroot/etc/securetty
|
||||
mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc
|
||||
cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/securetty
|
||||
tty1
|
||||
tty2
|
||||
tty3
|
||||
@@ -74,21 +74,21 @@ tty5
|
||||
tty6
|
||||
EOF
|
||||
|
||||
mkdir -p "${HANDLER_BUILD_DIR}"/config/includes.chroot/usr/sbin
|
||||
mkdir -p "${HANDLER_BUILD_DIR}"/config/includes.chroot/usr/bin
|
||||
mkdir -p "${HANDLER_BUILD_DIR}"/config/includes.chroot/sbin
|
||||
cp -af /usr/sbin/agetty "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/sbin/agetty"
|
||||
cp -af /usr/sbin/agetty "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/bin/agetty"
|
||||
cp -af /usr/sbin/agetty "${HANDLER_BUILD_DIR}/config/includes.chroot/sbin/agetty"
|
||||
mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/usr/sbin
|
||||
mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/usr/bin
|
||||
mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/sbin
|
||||
cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/sbin/agetty"
|
||||
cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/bin/agetty"
|
||||
cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/sbin/agetty"
|
||||
|
||||
### Hotfix I
|
||||
mkdir -p "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators"
|
||||
cat << 'EOF' >| "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator"
|
||||
mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators"
|
||||
cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator"
|
||||
#!/bin/sh
|
||||
# bypass live-config-getty-generator
|
||||
exit 0
|
||||
EOF
|
||||
chmod +x "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator"
|
||||
chmod +x "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator"
|
||||
|
||||
### Hotfix II
|
||||
#mkdir -p "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators"
|
||||
|
||||
Reference in New Issue
Block a user