#!/usr/bin/env bash set -euo pipefail OUT_DIR="/var/log/saikyo-evidence" TS="$(date -u +%Y%m%dT%H%M%SZ 2>/dev/null || date +%s)" OUT_FILE="${OUT_DIR}/saikyo-evidence-${TS}.log" mkdir -p "${OUT_DIR}" 2>/dev/null || true chmod 0755 "${OUT_DIR}" 2>/dev/null || true dumpln() { printf '\n==== %s ====\n' "$1" } { echo "saikyo_evidence_version=1" echo "timestamp_utc=${TS}" dumpln "os-release" cat /etc/os-release 2>/dev/null || true dumpln "lsb-release" cat /etc/lsb-release 2>/dev/null || true dumpln "uname" uname -a 2>/dev/null || true dumpln "dpkg saikyo packages" dpkg -l 2>/dev/null | grep -i saikyo || true dumpln "apt sources" if [ -f /etc/apt/sources.list ]; then echo "--- /etc/apt/sources.list ---" sed -n '1,200p' /etc/apt/sources.list 2>/dev/null || true fi if [ -d /etc/apt/sources.list.d ]; then echo "--- /etc/apt/sources.list.d ---" ls -la /etc/apt/sources.list.d 2>/dev/null || true for f in /etc/apt/sources.list.d/*; do [ -e "$f" ] || continue echo "--- $f ---" sed -n '1,200p' "$f" 2>/dev/null || true done fi dumpln "apt sources forbidden patterns" grep -RIn --line-number -E 'deb\.debian\.org|security\.debian\.org|cdrom:|archive\.ubuntu\.com' /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/null || true dumpln "apt periodic config" if [ -f /etc/apt/apt.conf.d/20saikyo-periodic ]; then echo "20saikyo-periodic=present" cat /etc/apt/apt.conf.d/20saikyo-periodic 2>/dev/null || true else echo "20saikyo-periodic=MISSING" fi dumpln "auto update units state" for u in apt-daily.timer apt-daily-upgrade.timer unattended-upgrades.service packagekit-offline-update.timer packagekit-offline-update.service; do echo "unit=${u} enabled=$(systemctl is-enabled "$u" 2>/dev/null || echo unknown) active=$(systemctl is-active "$u" 2>/dev/null || echo unknown) masked=$(systemctl is-masked "$u" 2>/dev/null || echo unknown)" done dumpln "packagekit state" echo "packagekit enabled=$(systemctl is-enabled packagekit.service 2>/dev/null || echo unknown) active=$(systemctl is-active packagekit.service 2>/dev/null || echo unknown) masked=$(systemctl is-masked packagekit.service 2>/dev/null || echo unknown)" dumpln "system timers (filtered)" systemctl list-timers --all 2>/dev/null | grep -E 'apt|unattended|packagekit|flatpak|snap' || true dumpln "license" if command -v saikyo-license >/dev/null 2>&1; then echo "saikyo-license=present" if /usr/sbin/saikyo-license verify >/dev/null 2>&1; then echo "license_verify=ok" else echo "license_verify=fail" fi else echo "saikyo-license=missing" fi dumpln "secure boot" if command -v mokutil >/dev/null 2>&1; then mokutil --sb-state 2>&1 || true mokutil --list-enrolled 2>/dev/null || true else echo "mokutil=missing" fi dumpln "branding files" ls -la /usr/share/saikyo-os 2>/dev/null || true ls -la /usr/share/wallpapers/Saikyo/contents/images 2>/dev/null || true ls -la /usr/share/sddm/themes/Saikyo 2>/dev/null || true dumpln "visible Debian/Plasma strings (best effort)" grep -RIn --line-number -E '\bDebian\b|\bPlasma\b' /usr/share/applications /usr/share/metainfo 2>/dev/null | head -n 50 || true } >"${OUT_FILE}" 2>/dev/null chmod 0644 "${OUT_FILE}" 2>/dev/null || true ln -sfn "$(basename "${OUT_FILE}")" "${OUT_DIR}/latest.log" 2>/dev/null || true echo "Wrote ${OUT_FILE}" exit 0