V8.13.294.2025.10.28

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-29 07:18:21 +01:00 · 2025-10-29 07:17:06 +01:00
5 changed files with 27 additions and 0 deletions
--- a/.pubkey/marc_s_weidner_msw+bot@coreseret.dev_0x8733B021_public.gpg
+++ b/.pubkey/marc_s_weidner_msw+bot@coreseret.dev_0x8733B021_public.gpg
--- a/.pubkey/marc_s_weidner_msw@coresecret.dev_0xE62E84F8_public.gpg
+++ b/.pubkey/marc_s_weidner_msw@coresecret.dev_0xE62E84F8_public.gpg
--- a/config/hooks/live/0001_initramfs_modules.chroot
+++ b/config/hooks/live/0001_initramfs_modules.chroot
@@ -441,6 +441,14 @@ for dir in bin usr/bin; do
  ln -sf busybox "${DESTDIR}/${dir}/sleep"
 done

+
+### Install PGP Signing Keys
+install -m 0444 /root/.ciss/cdlb/keys/0x8733B021_public.gpg "${DESTDIR}/etc/keys/0x8733B021_public.gpg"
+printf "\e[92mSuccessfully executed: [install -m 0444 /root/.ciss/cdlb/keys/0x8733B021_public.gpg %s/etc/keys/0x8733B021_public.gpg] \n\e[0m" "${DESTDIR}"
+install -m 0444 /root/.ciss/cdlb/keys/0xE62E84F8_public.gpg "${DESTDIR}/etc/keys/0xE62E84F8_public.gpg"
+printf "\e[92mSuccessfully executed: [install -m 0444 /root/.ciss/cdlb/keys/0xE62E84F8_public.gpg %s/etc/keys/0xE62E84F8_public.gpg] \n\e[0m" "${DESTDIR}"
+
+
 printf "\e[92mSuccessfully executed: [0001_initramfs_modules.chroot] \n\e[0m"

 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_lb_config_write_trixie.sh
+++ b/lib/lib_lb_config_write_trixie.sh
@@ -107,11 +107,20 @@ lb_config_write_trixie() {
  sed -i 's/LB_CHECKSUMS="sha512 md5"/LB_CHECKSUMS="sha512 sha384 sha256"/1' ./config/binary
  sed -i 's/LB_DM_VERITY=""/LB_DM_VERITY="false"/1' ./config/binary

+
+  ### Update 0030-verify-checksums
  mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot"
  cp -a "${VAR_WORKDIR}/scripts/live-boot/0030-verify-checksums" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
  chmod 0755 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
  chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"

+
+  ### Installing PGP Public Keys for signature verification.
+  mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ciss/cdlb/keys"
+  install -m 0444 -o root -g root "${VAR_WORKDIR}/.pubkey/marc_s_weidner_msw+bot@coreseret.dev_0x8733B021_public.gpg" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ciss/cdlb/keys/0x8733B021_public.gpg"
+  install -m 0444 -o root -g root "${VAR_WORKDIR}/.pubkey/marc_s_weidner_msw@coresecret.dev_0xE62E84F8_public.gpg" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ciss/cdlb/keys/0xE62E84F8_public.gpg"
+
+
  ### https://wiki.debian.org/ReproducibleInstalls/LiveImages
  ### https://reproducible-builds.org/docs/system-images/
  ### https://gitlab.tails.boum.org/tails/tails/-/blob/stable/config/chroot_local-includes/usr/share/tails/build/mksquashfs-excludes
--- a/scripts/usr/lib/live/config/.keep
+++ b/scripts/usr/lib/live/config/.keep
@@ -0,0 +1,10 @@
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-10-28; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
Author	SHA256	Message	Date
Marc S. Weidner	6504aa874e	V8.13.294.2025.10.28 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m44s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-29 07:18:21 +01:00
Marc S. Weidner	b4f7e533e5	V8.13.294.2025.10.28 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-29 07:17:06 +01:00