msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.440.2025.11.19
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m6s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-25 15:03:16 +00:00
parent 0c1a1858d5
commit f80905f95b
3 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/hooks/live/0000_basic_chroot_setup.chroot
View File

@@ -209,7 +209,6 @@ export INITRD="No"
apt-get update -qq
apt-get install -y --no-install-suggests libpam-systemd
### Installing microcode updates -----------------------------------------------------------------------------------------------
if [[ -f /root/.architecture ]]; then
@@ -233,6 +232,9 @@ ln -sf /dev/null /etc/systemd/system/apt-show-versions.timer
ln -sf /dev/null /etc/systemd/system/apt-show-versions.service
rm -f /etc/cron.daily/apt-show-versions || true
### Remove original '/usr/lib/live/boot/0030-verify-checksums' -----------------------------------------------------------------
[[ -e /usr/lib/live/boot/0030-verify-checksums ]] && rm -f /usr/lib/live/boot/0030-verify-checksums
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
exit 0

3
lib/lib_ciss_upgrades_boot.sh
View File

@@ -63,6 +63,9 @@ ciss_upgrades_boot() {
mv "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums.sha512sum.txt.sig" \
"${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/ciss/signatures/0030-ciss-verify-checksums.sha512sum.txt.sig"
[[ -e "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums" ]] && \
rm -f "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successfully applied. \e[0m\n" "${BASH_SOURCE[0]}"
return 0

23
lib/lib_ciss_upgrades_build.sh
View File

@@ -25,10 +25,29 @@ guard_sourcing || return "${ERR_GUARD_SRCE}"
ciss_upgrades_build() {
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}"
### CISS signing binary-checksums override.
### CISS 0030-ciss-verify-checksums override. --------------------------------------------------------------------------------
if [[ -e /usr/lib/live/boot/0030-verify-checksums ]]; then
mkdir -p /usr/lib/live/backup
if [[ -e /usr/lib/live/backup/0030-verify-checksums.original ]]; then
rm -f /usr/lib/live/boot/0030-verify-checksums
else
mv /usr/lib/live/boot/0030-verify-checksums /usr/lib/live/backup/0030-verify-checksums.original
fi
fi
### CISS signing binary-checksums override. ----------------------------------------------------------------------------------
if [[ ! -e /usr/lib/live/build/binary_checksums.original ]]; then
cp /usr/lib/live/build/binary_checksums /usr/lib/live/build/binary_checksums.original
chmod 0444 /usr/lib/live/build/binary_checksums.original
fi
rm -f /usr/lib/live/build/binary_checksums
@@ -38,8 +57,10 @@ ciss_upgrades_build() {
### https://reproducible-builds.org/docs/system-images/
### https://gitlab.tails.boum.org/tails/tails/-/blob/stable/config/chroot_local-includes/usr/share/tails/build/mksquashfs-excludes
if [[ ! -e /usr/lib/live/build/binary_rootfs.original ]]; then
cp /usr/lib/live/build/binary_rootfs /usr/lib/live/build/binary_rootfs.original
chmod 0444 /usr/lib/live/build/binary_rootfs.original
fi
rm -f /usr/lib/live/build/binary_rootfs