V8.13.400.2025.11.08

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/hooks/live/0020_dropbear_build.chroot

@@ -9,10 +9,20 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -Ceuxo pipefail
+set -Ceuo pipefail
 
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 
+[[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
+export DEBIAN_FRONTEND="noninteractive" INITRD="No"
+
+apt-get install -y --no-install-recommends musl musl-dev musl-tool
+
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ apt-get install -y --no-install-recommends musl musl-dev musl-tool \e[0m\n"
+sleep 16
+
+set -x
+
 ### Declare Arrays, HashMaps, and Variables.
 declare var_dropbear_version="2025.88"
 declare var_build_dir="/root/build"
@@ -51,6 +61,8 @@ setsid bash -c '
 
   rm -rf /root/dropbear
 
+
+
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 
 exit 0

lib/lib_primordial.sh

@@ -21,6 +21,7 @@ guard_sourcing || return "${ERR_GUARD_SRCE}"
 #   VAR_HANDLER_BUILD_DIR
 #   VAR_SSHFP
 #   VAR_TMP_SECRET
+#   VAR_WORKDIR
 # Arguments:
 #   None
 # Returns:
@@ -31,11 +32,11 @@ init_primordial() {
 
   declare     var_dropbear_version="2025.88"
 
-  install -d -m 0700 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/build"
+  install -d -m 0755 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/build"
-  install -d -m 0700 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/dropbear"
+  install -d -m 0755 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/dropbear"
-  install    -m 0400 "${VAR_WORKDIR}/upgrades/dropbear/dropbear-${var_dropbear_version}.tar.bz2" \
+  install    -m 0444 "${VAR_WORKDIR}/upgrades/dropbear/dropbear-${var_dropbear_version}.tar.bz2" \
     "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/dropbear/dropbear-${var_dropbear_version}.tar.bz2"
-  install    -m 0400 "${VAR_WORKDIR}/upgrades/dropbear/localoptions.h" \
+  install    -m 0444 "${VAR_WORKDIR}/upgrades/dropbear/localoptions.h" \
     "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/dropbear/localoptions.h"
 
 
@@ -80,7 +81,7 @@ readonly -f init_primordial
 #   1: ssh_host_key or id file
 # Returns:
 #   0: on success
-#   1: on failure
+#   ERR_SANITIZING: on failure
 #######################################
 normalize_ssh_key_file() {
   declare var_key_file="" var_tmp_file=""
@@ -132,7 +133,7 @@ readonly -f normalize_ssh_key_file
 #   1: directory
 # Returns:
 #   0: on success
-#   1: on failure
+#   ERR_SANITIZING: on failure
 #######################################
 normalize_ssh_keys_in_dir() {
   declare var_key_dir="" var_key_file=""
@@ -152,7 +153,7 @@ normalize_ssh_keys_in_dir() {
 
     if ! normalize_ssh_key_file "${var_key_file}"; then
       shopt -u nullglob dotglob
-      return 1
+      return "${ERR_SANITIZING}"
     fi
 
   done