msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
71fb53d40c3055d399fb0727f7b58853778fa63397d48a7852feee2ca2af1b49
CISS.debian.live.builder/config/hooks/live/0860_sops.chroot
Marc S. Weidner f0ee12513f
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m0s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m22s
Details
V8.13.416.2025.11.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-11-17 06:42:57 +01:00

58 lines
2.3 KiB
Bash
Raw Blame History

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-10-11; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -Ceuo pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
[[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
export DEBIAN_FRONTEND="noninteractive"
export INITRD="No"
SOPS_VER="v3.11.0"
ARCH="$(dpkg --print-architecture)"
case "${ARCH}" in
amd64) SOPS_FILE="sops-${SOPS_VER}.linux.amd64" ;;
arm64) SOPS_FILE="sops-${SOPS_VER}.linux.arm64" ;;
*) echo "Unsupported arch: ${ARCH}" >&2; exit 1 ;;
esac
cd /tmp
curl -fsSLO "https://github.com/getsops/sops/releases/download/${SOPS_VER}/${SOPS_FILE}"
curl -fsSLO "https://github.com/getsops/sops/releases/download/${SOPS_VER}/sops-${SOPS_VER}.checksums.txt"
curl -fsSLO "https://github.com/getsops/sops/releases/download/${SOPS_VER}/sops-${SOPS_VER}.checksums.pem"
curl -fsSLO "https://github.com/getsops/sops/releases/download/${SOPS_VER}/sops-${SOPS_VER}.checksums.sig"
cosign verify-blob "sops-${SOPS_VER}.checksums.txt" \
--certificate "sops-${SOPS_VER}.checksums.pem" \
--signature "sops-${SOPS_VER}.checksums.sig" \
--certificate-identity-regexp="https://github.com/getsops" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"
sha256sum -c "sops-${SOPS_VER}.checksums.txt" --ignore-missing
install -m 0755 "${SOPS_FILE}" /usr/local/bin/sops
sops --version --check-for-updates >| /root/.ciss/cdlb/log/sops.log
age --version >| /root/.ciss/cdlb/log/age.log
rm -f "/tmp/${SOPS_FILE}"
rm -f "/tmp/sops-${SOPS_VER}.checksums.txt"
rm -f "/tmp/sops-${SOPS_VER}.checksums.pem"
rm -f "/tmp/sops-${SOPS_VER}.checksums.sig"
chmod 0400 /root/.config/sops/age/keys.txt
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink