Snigdha-OS/snigdhaos-archiso
2
0
Fork 0
mirror of https://github.com/Snigdha-OS/snigdhaos-archiso.git synced 2025-09-05 20:26:40 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
07ec99f40f57864187ea175d25e88ba134a94aab
snigdhaos-archiso/archiso/profiledef.sh
eshanized 1303d6d27d 🧹 chore: remove default [1yr ago]
2025-01-11 23:13:28 +05:30

77 lines
2.2 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# shellcheck disable=SC2034
# ISO Information
iso_name="snigdhaos"
iso_publisher="Snigdha OS <https://snigdhaos.org>"
iso_application="Snigdha OS Live/Rescue DVD"
# Date Formatting for ISO Version and Label
iso_version=$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)
iso_label="SNIGDHA_OS_${iso_version//./}" # Removing dots from version to create label
# Install Directory and Boot Modes
install_dir="snigdhaos"
arch="x86_64"
# Boot Modes Supported (BIOS & UEFI)
bootmodes=(
'bios.syslinux.mbr'
'bios.syslinux.eltorito'
'uefi-ia32.systemd-boot.esp'
'uefi-x64.systemd-boot.esp'
'uefi-ia32.systemd-boot.eltorito'
'uefi-x64.systemd-boot.eltorito'
)
# Build Modes
buildmodes=('iso')
# Configuration Files
pacman_conf="pacman.conf"
airootfs_image_type="squashfs"
# Options for Compression and Image Creation
airootfs_image_tool_options=(
'-comp' 'xz'
'-Xbcj' 'x86'
'-b' '1M'
'-Xdict-size' '1M'
)
bootstrap_tarball_compression=(
'zstd'
'-c'
'-T0'
'--auto-threads=logical'
'--long'
'-19'
)
# File Permissions Configuration
# Define secure permissions for system files and directories
file_permissions=(
# System files (shadow, gshadow, etc.) - Sensitive data
["/etc/gshadow"]="0:0:600" # Root-only readable, no writing allowed
["/etc/shadow"]="0:0:400" # Root-only readable, no writing allowed
# Root's home directory (should be private)
["/root"]="0:0:700" # Full access for root only
# Automated script (ensure it is executable by root)
["/root/.automated_script.sh"]="0:0:755" # Readable and executable by root
# Polkit rules and sudoers.d (restrict access to administrators)
["/etc/polkit-1/rules.d"]="0:0:750" # Admin access only
["/etc/sudoers.d"]="0:0:750" # Admin access only
# Grub and snapper tools (ensuring appropriate user access)
["/etc/grub.d/40_custom"]="0:0:755" # Executable for all users
["/usr/local/bin/snigdhaos-snapper"]="0:0:755" # Executable for all users
# NetworkManager dispatcher script (ensure root access)
["/etc/NetworkManager/dispatcher.d/09-timezone"]="0:0:755" # Executable by root
)
# Ensure proper configurations for system security and compression
Reference in New Issue View Git Blame Copy Permalink