msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
ebf351fa43d9ca76a539990e666b1adce6d13c8c5ded3e4014ef9387d0c99d2e
CISS.debian.live.builder/config/hooks/live/0020_dropbear_build.chroot
Marc S. Weidner ebf351fa43
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details
V8.13.400.2025.11.08 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-11-09 16:42:30 +01:00

58 lines
2.2 KiB
Bash
Raw Blame History

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-10-11; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -Ceuo pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
### Declare Arrays, HashMaps, and Variables.
declare var_dropbear_version="2025.88"
declare var_build_dir="/root/build"
declare var_logfile="${var_build_dir}/_build.log"
tar xjf "/root/dropbear/dropbear-${var_dropbear_version}.tar.bz2" -C "/root/build"
cp "/root/dropbear/localoptions.h" "${var_build_dir}"
cd "${var_build_dir}"
### Flag Purpose:
# -fPIE : Generate position-independent executable code
# -pie : Link the executable as PIE (so that ASLR works)
# -static : Fully statically linked against musl
# -s : Strip unnecessary symbols directly during linking
# -Wl,-z,relro,-z,now: Enables full RELRO (symbol resolution at program startup)
# shellcheck disable=SC2016,SC2312
setsid bash -c '
### Sterile environment for the build-process.
export -n SHELLOPTS
set +u
unset PATH_SEPARATOR
PATH_SEPARATOR=":"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
CC=musl-gcc \
CFLAGS="-Os -fPIE -Wno-undef -fstack-protector-strong -D_FORTIFY_SOURCE=2" \
LDFLAGS="-static -pie -s -Wl,-z,relro,-z,now" \
./configure \
--enable-static \
--enable-openpty \
--disable-pam \
--disable-zlib
# shellcheck disable=2312
make -j"$(nproc)"
' >> "${var_logfile}" 2>&1
rm -rf /root/dropbear
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink