Snigdha-OS/snigdhaos-archiso
2
0
Fork 0
mirror of https://github.com/Snigdha-OS/snigdhaos-archiso.git synced 2025-09-06 20:55:15 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

🧹 chore: remove default [1yr ago]

Browse Source
This commit is contained in:
eshanized
2025-01-11 23:13:28 +05:30
parent 8f30e08b44
commit 1303d6d27d
1 changed files with 65 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
archiso/profiledef.sh
View File

@@ -1,29 +1,76 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=SC2034 # shellcheck disable=SC2034
# ISO Information
iso_name="snigdhaos" iso_name="snigdhaos"
iso_label="SNIGDHA_OS_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)"
iso_publisher="Snigdha OS <https://snigdhaos.org>" iso_publisher="Snigdha OS <https://snigdhaos.org>"
iso_application="Snigdha OS Live/Rescue DVD" iso_application="Snigdha OS Live/Rescue DVD"
iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)"
# Date Formatting for ISO Version and Label
iso_version=$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)
iso_label="SNIGDHA_OS_${iso_version//./}" # Removing dots from version to create label
# Install Directory and Boot Modes
install_dir="snigdhaos" install_dir="snigdhaos"
buildmodes=('iso')
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito'
'uefi-ia32.systemd-boot.esp' 'uefi-x64.systemd-boot.esp'
'uefi-ia32.systemd-boot.eltorito' 'uefi-x64.systemd-boot.eltorito')
arch="x86_64" arch="x86_64"
# Boot Modes Supported (BIOS & UEFI)
bootmodes=(
'bios.syslinux.mbr'
'bios.syslinux.eltorito'
'uefi-ia32.systemd-boot.esp'
'uefi-x64.systemd-boot.esp'
'uefi-ia32.systemd-boot.eltorito'
'uefi-x64.systemd-boot.eltorito'
)
# Build Modes
buildmodes=('iso')
# Configuration Files
pacman_conf="pacman.conf" pacman_conf="pacman.conf"
airootfs_image_type="squashfs" airootfs_image_type="squashfs"
airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M')
bootstrap_tarball_compression=('zstd' '-c' '-T0' '--auto-threads=logical' '--long' '-19') # Options for Compression and Image Creation
file_permissions=( airootfs_image_tool_options=(
["/etc/gshadow"]="0:0:600" '-comp' 'xz'
["/etc/shadow"]="0:0:400" '-Xbcj' 'x86'
["/root"]="0:0:700" '-b' '1M'
["/root/.automated_script.sh"]="0:0:755" '-Xdict-size' '1M'
["/etc/polkit-1/rules.d"]="0:0:750"
["/etc/sudoers.d"]="0:0:750"
["/etc/grub.d/40_custom"]="0:0:755"
["/usr/local/bin/snigdhaos-snapper"]="0:0:755"
["/etc/NetworkManager/dispatcher.d/09-timezone"]="0:0:755"
) )
bootstrap_tarball_compression=(
'zstd'
'-c'
'-T0'
'--auto-threads=logical'
'--long'
'-19'
)
# File Permissions Configuration
# Define secure permissions for system files and directories
file_permissions=(
# System files (shadow, gshadow, etc.) - Sensitive data
["/etc/gshadow"]="0:0:600" # Root-only readable, no writing allowed
["/etc/shadow"]="0:0:400" # Root-only readable, no writing allowed
# Root's home directory (should be private)
["/root"]="0:0:700" # Full access for root only
# Automated script (ensure it is executable by root)
["/root/.automated_script.sh"]="0:0:755" # Readable and executable by root
# Polkit rules and sudoers.d (restrict access to administrators)
["/etc/polkit-1/rules.d"]="0:0:750" # Admin access only
["/etc/sudoers.d"]="0:0:750" # Admin access only
# Grub and snapper tools (ensuring appropriate user access)
["/etc/grub.d/40_custom"]="0:0:755" # Executable for all users
["/usr/local/bin/snigdhaos-snapper"]="0:0:755" # Executable for all users
# NetworkManager dispatcher script (ensure root access)
["/etc/NetworkManager/dispatcher.d/09-timezone"]="0:0:755" # Executable by root
)
# Ensure proper configurations for system security and compression