#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-10-10; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu guard_sourcing ####################################### # Updates the Live ISO to use root password authentication for local console access. # Globals: # VAR_HANDLER_BUILD_DIR # VAR_HASHED_PWD # Arguments: # None # Returns: # 0: In case no root password is desired. ####################################### hardening_root_pw() { if [[ -z ${VAR_HASHED_PWD} ]]; then printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… No Root Password for Console set, skipping root password hook.\e[0m\n" return 0 fi printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐Ÿงช Setup Root Password for Console ... \e[0m\n" declare cfg_dir="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/live" declare dropin_dir="${cfg_dir}/config.conf.d" mkdir -p "${dropin_dir}" declare clean_hash="${VAR_HASHED_PWD//\"/}" mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root" printf '%s\n' "${clean_hash}" >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd" chmod 0600 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd" chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd" mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/systemd/system/getty@tty1.service.d cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/systemd/system/getty@tty1.service.d/override.conf [Service] ExecStart= #ExecStart=-/usr/sbin/agetty --noclear %I $TERM ExecStart=-agetty --noclear %I $TERM EOF mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/securetty tty1 tty2 EOF mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/usr/sbin mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/usr/bin mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/sbin cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/sbin/agetty" cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/bin/agetty" cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/sbin/agetty" ### Hotfix I mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators" cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator" #!/bin/sh # bypass live-config-getty-generator exit 0 EOF chmod +x "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator" ### Hotfix II #mkdir -p "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators" #touch "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator" #chmod -x "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ โœ… Setup Root Password for Console done. \e[0m\n" } # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh