msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
0cc73a281f2d37479292d71c4dfbebd2f1c6a9a64e1cc85356fead87eb3d23aa
CISS.debian.live.builder/config/hooks/live/0860_sops.chroot
Marc S. Weidner 60374476ab
Some checks failed
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m6s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m47s
Details
V8.13.512.2025.11.27 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-11-27 08:26:12 +00:00

58 lines
2.4 KiB
Bash
Raw Blame History

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-10-11; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -Ceuo pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
[[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
export DEBIAN_FRONTEND="noninteractive"
export INITRD="No"
SOPS_VER="v3.11.0"
ARCH="$(dpkg --print-architecture)"
case "${ARCH}" in
amd64) SOPS_FILE="sops-${SOPS_VER}.linux.amd64" ;;
arm64) SOPS_FILE="sops-${SOPS_VER}.linux.arm64" ;;
*) echo "Unsupported arch: ${ARCH}" >&2; exit 1 ;;
esac
cd /tmp
curl -fsSLO "https://github.com/getsops/sops/releases/download/${SOPS_VER}/${SOPS_FILE}"
curl -fsSLO "https://github.com/getsops/sops/releases/download/${SOPS_VER}/sops-${SOPS_VER}.checksums.txt"
curl -fsSLO "https://github.com/getsops/sops/releases/download/${SOPS_VER}/sops-${SOPS_VER}.checksums.pem"
curl -fsSLO "https://github.com/getsops/sops/releases/download/${SOPS_VER}/sops-${SOPS_VER}.checksums.sig"
cosign verify-blob "sops-${SOPS_VER}.checksums.txt" \
--certificate "sops-${SOPS_VER}.checksums.pem" \
--signature "sops-${SOPS_VER}.checksums.sig" \
--certificate-identity-regexp="https://github.com/getsops" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"
sha256sum -c "sops-${SOPS_VER}.checksums.txt" --ignore-missing
install -m 0755 "${SOPS_FILE}" /usr/local/bin/sops
sops --version --check-for-updates >| /root/.ciss/cdlb/log/sops.log
age --version >| /root/.ciss/cdlb/log/age.log
rm -f "/tmp/${SOPS_FILE}"
rm -f "/tmp/sops-${SOPS_VER}.checksums.txt"
rm -f "/tmp/sops-${SOPS_VER}.checksums.pem"
rm -f "/tmp/sops-${SOPS_VER}.checksums.sig"
chmod 0400 /root/.config/sops/age/keys.txt
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink