msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
c80b45417f0950e56b33eafae87e9b8167f2824dd1bbefd809b85944c521d183
CISS.debian.live.builder/config/hooks/live/0020_dropbear_build.chroot
T
msw 6307bc2b7c V9.14.002.2026.05.13 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2026-05-17 13:34:00 +01:00

101 lines
3.4 KiB
Bash
Raw Blame History

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-10-11; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -Ceuo pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
[[ -r /root/ciss_xdg_tmp.sh ]] && . /root/ciss_xdg_tmp.sh
export DEBIAN_FRONTEND="noninteractive"
export INITRD="No"
### Declare Arrays, HashMaps, and Variables.
declare var_dropbear_env="/root/dropbear.env"
[[ -r "${var_dropbear_env}" ]] || {
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ ERROR: Missing Dropbear environment file: [%s] \e[0m\n" "${var_dropbear_env}" >&2
exit 43
}
# shellcheck disable=SC1090
. "${var_dropbear_env}"
declare var_dropbear_version="${DROPBEAR_VERSION:?DROPBEAR_VERSION is not set}"
[[ "${var_dropbear_version}" =~ ^[0-9]{4}\.[0-9]+$ ]] || {
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ ERROR: Invalid Dropbear version: [%s] \e[0m\n" "${var_dropbear_version}" >&2
exit 43
}
declare var_tar="/root/dropbear/dropbear-${var_dropbear_version}.tar.bz2"
declare var_build_dir="/root/build/dropbear-${var_dropbear_version}"
declare var_logfile="/root/.ciss/cdlb/log/0020_dropbear_build.log"
mkdir -p "/root/build"
[[ -r "${var_tar}" ]] || {
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ ERROR: Missing Dropbear tarball: [%s] \e[0m\n" "${var_tar}" >&2
exit 43
}
cp "${var_tar}" "/root/build"
tar xjf "${var_tar}" -C "/root/build"
cp "/root/dropbear/localoptions.h" "${var_build_dir}"
cd "${var_build_dir}"
### Flag Purpose:
# -fPIE : Generate position-independent executable code
# -pie : Link the executable as PIE (so that ASLR works)
# -static : Fully statically linked against musl
# -s : Strip unnecessary symbols directly during linking
# -Wl,-z,relro,-z,now: Enables full RELRO (symbol resolution at program startup)
# shellcheck disable=SC2016,SC2312
if ! setsid bash -c '
### Sterile environment for the build-process.
export -n SHELLOPTS || true
set +u
unset PATH_SEPARATOR
PATH_SEPARATOR=":"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
if ! command -v musl-gcc >/dev/null 2>&1; then
echo "ERROR: musl-gcc not found. Install musl-tools in chroot." >&2
exit 1
fi
CC=musl-gcc \
CFLAGS="-Os -fPIE -Wno-undef -fstack-protector-strong -D_FORTIFY_SOURCE=2" \
LDFLAGS="-static -pie -s -Wl,-z,relro,-z,now" \
./configure \
--enable-static \
--enable-openpty \
--disable-pam \
--disable-zlib
# shellcheck disable=2312
make -j"$(nproc)"
' >| "${var_logfile}" 2>&1
then
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Dropbear build failed. See [%s] \e[0m\n" "${var_logfile}" >&2
tail -n 42 "${var_logfile}" >&2 || true
exit 42
fi
rm -rf /root/dropbear
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink