V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/partitioning.yaml

@@ -81,7 +81,7 @@ recipe:
           primary: primary
         2:
           begin: "1024MiB"
-          end: "2GiB"
+          end: "3GiB"
           bootable: false
           encryption:
             enable: true
@@ -111,7 +111,7 @@ recipe:
             path: "/boot"
           primary: primary
         3:
-          begin: "2GiB"
+          begin: "3GiB"
           end: "10GiB"
           bootable: false
           encryption:

.preseed/preseed.yaml

@@ -517,57 +517,117 @@ security:
 # Software installation
 ################################################################################################################################
 software:
+  ##############################################################################################################################
+  ### Installed by 4000_debootstrap.sh
+  ##############################################################################################################################
+  # bash
+  # ca-certificates
+  # coreutils
+  # e2fsprogs
+  # kmod
+  # locales
+  # nano
+  # openssl
+  # passwd
+  # procps
+  # sed
+  # tar
+  # tzdata
+  # util-linux
+  # vim-common
+  ##############################################################################################################################
+  ### Installed by 4110_update_sources.sh
+  ##############################################################################################################################
+  # unattended-upgrades
+  ##############################################################################################################################
+  ### Installed by 4130_installation_toolset.sh
+  ##############################################################################################################################
+  # apt-show-versions
+  # bc
+  # bind9-dnsutils
+  # bsdmainutils
+  # btrfs-progs
+  # busybox
+  # bzip2
+  # cryptsetup
+  # cryptsetup-initramfs
+  # dirmngr
+  # dmsetup
+  # dosfstools
+  # efibootmgr
+  # fdisk
+  # file
+  # gawk
+  # gdisk
+  # gnupg
+  # grep
+  # gzip
+  # haveged
+  # initramfs-tools
+  # iproute2
+  # iputils-ping
+  # jq
+  # kbd
+  # keyutils
+  # libpam-pwquality
+  # logrotate
+  # lsb-release
+  # parted
+  # pciutils
+  # pwgen
+  # sudo
+  # tar
+  # tree
+  # unzip
+  # usbutils
+  # wget
+  # whois
+  # zsh
+  # zstd
+  ##############################################################################################################################
+  ### Installed by 4140_installation_microcode.sh
+  ##############################################################################################################################
+  # amd64-microcode
+  # intel-microcode
+  ##############################################################################################################################
+  ### Installed by 4150_installation_chrony.sh
+  ##############################################################################################################################
+  # chrony
+  ##############################################################################################################################
+  ### Installed by 4230_update_grub.sh
+  ##############################################################################################################################
+  # grub2
+  # grub2-common
+  # grub-efi-amd64 || grub-efi-arm64 || grub-efi-ia32
+  ##############################################################################################################################
+  ### Installed by 4310_dropbear_build.sh
+  ##############################################################################################################################
+  # dropbear
+  # dropbear-initramfs
+  ##############################################################################################################################
+  ### Installed by 4420_installation_ssh.sh
+  ##############################################################################################################################
+  # ssh
   ##############################################################################################################################
   # core software
   ##############################################################################################################################
-  - apt-show-versions
-  - apt-transport-https
   - apt-utils
-  - bash
   - bash-completion
   - bat
-  - bind9-dnsutils
-  - bc
-  - ca-certificates
-  - coreutils
   - debconf
   - debconf-utils
   - dialog
-  - efibootmgr
   - fzf
-  - gawk
   - git
-  - grub2
-  - grub2-common
   - knot-dnssecutils
   - knot-dnsutils
   - libpam-google-authenticator
-  - libpam-pwquality
   - locate
-  - logrotate
-  - lsb-release
-  - nano
-  - openssl
   - rsyslog
   - screen
-  - shellcheck
   - software-properties-common
   - spectre-meltdown-checker
-  - ssh
-  - sudo
   - sysstat
-  - tree
-  #- unattended-upgrades
-  - whois
-  - zsh
-  ## software dev
-  #- build-essential
-  #- clang
-  #- debootstrap
-  #- linux-source
-  #- lld
-  #- makedev
-  #- ssl-cert
   ##############################################################################################################################
   # documentation
   ##############################################################################################################################
@@ -577,18 +637,12 @@ software:
   ##############################################################################################################################
   # encryption
   ##############################################################################################################################
-  - dirmngr
-  - gnupg
-  - haveged
   - pollinate
   ##############################################################################################################################
   # files
   ##############################################################################################################################
-  - curl
   - rsnapshot
   - rsync
-  - unzip
-  - wget
   - zip
   ##############################################################################################################################
   # malware detection
@@ -603,38 +657,19 @@ software:
   - dhcpdump
   - dhcping
   - iftop
-  - iproute2
-  - iputils-ping
   - mtr
   - ncat
   - net-tools
   - nmap
   - tshark
-  - ufw
-  ##############################################################################################################################
-  # parser
-  ##############################################################################################################################
-  #- jq
-  #- yq
   ##############################################################################################################################
   # partitioning
   ##############################################################################################################################
-  - btrfs-progs
-  - cryptsetup
-  - cryptsetup-nuke-password
-  - dmsetup
-  - dosfstools
-  - fdisk
-  - gdisk
-  - lvm2
   - mdadm
-  - parted
   ##############################################################################################################################
   # password
   ##############################################################################################################################
   - keychain
-  - makepasswd
-  - pwgen
   - wamerican
   - wbritish
   - wfrench
@@ -643,6 +678,18 @@ software:
   # security
   ##############################################################################################################################
   - fail2ban
+  - ufw
+  ##############################################################################################################################
+  # sw dev
+  ##############################################################################################################################
+  #- build-essential
+  #- clang
+  #- debootstrap
+  #- linux-source
+  #- lld
+  #- makedev
+  - shellcheck
+  #- ssl-cert
   ##############################################################################################################################
   # tools
   ##############################################################################################################################
@@ -676,7 +723,6 @@ ntp:
     - "ptbtime2.ptb.de"
     - "ptbtime1.ptb.de"
     - "ntp13.metas.ch"
-    - "ntp1.tecnico.ulisboa.pt"
     - "time-c-b.nist.gov"
     - "sth1.ntp.se"
     - "ntp0.fau.de"

ciss_debian_installer.sh

@@ -175,8 +175,8 @@ trap 'trap_err  "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${B
 trap 'trap_int' INT TERM
 
 ### INTERACTIVE MODE NOTES AND KERNEL SELECTION.
-# TODO: Update /lib/cdi_0110_interactive/0110_check_kernel.sh   & sourcing
 # TODO: Update /lib/cdi_0110_interactive/0115_check_provider.sh & sourcing
+check_provider
 #if ! "${VAR_AUTO_INSTALL}"; then check_provider; fi
 #if ! "${VAR_AUTO_INSTALL}"; then check_kernel; fi
 

func/cdi_3200_partitioning/3200_partitioning.sh

@@ -146,10 +146,12 @@ partitioning() {
         var_begin="2MiB"
       fi
 
-      ### Assign the landing zone of the last partition and reserve 16 MiB for GPT and mdadm binary metadata.
+      ### Assign the landing zone of the last partition and reserve 64 MiB for GPT and mdadm binary metadata.
+      ### There is no mandatory upper limit, but for particularly critical systems (FDE, RAID-6 setups, dm-integrity, etc.),
+      ### more generous reserves between 32 and 64 MiB are recommended.
       if [[ "${var_end,,}" == "max" ]]; then
         var_dev_size=$(blockdev --getsize64 "/dev/${var_dev}")
-        var_dev_end=$(( var_dev_size - 16 * 1024 * 1024 ))
+        var_dev_end=$(( var_dev_size - 64 * 1024 * 1024 ))
         var_end_mib=$(( var_dev_end / 1024 / 1024 ))
         var_end_arg="${var_end_mib}MiB"
       else

func/cdi_4100_base_installation/4110_update_sources.sh

@@ -32,17 +32,24 @@ update_sources() {
   ### Update generated sources.
   # shellcheck disable=SC2312
   do_in_target_script "${TARGET}" "apt-get update 2>&1 | tee -a ${var_logfile}; echo ExitCode: \$? >> ${var_logfile}"
-
   do_log "info" "file_only" "4110() Sources lists: updated successfully."
 
+
+  ### Update unattended, security or no unattended updates at all.
   if [[ "${apt_updates_policy,,}" == "unattended" ]]; then
 
-    do_in_target "${TARGET}" apt-get install -y unattended-upgrades
+    do_in_target_script "${TARGET}" "
+      apt-get install -y --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
+      echo ExitCode: \$? >> ${var_logfile}
+    "
     do_log "info" "file_only" "4110() The update policy was set at installation time to: '${apt_updates_policy}'."
 
   elif [[ "${apt_updates_policy,,}" == "security" ]]; then
 
-    do_in_target "${TARGET}" apt-get install -y unattended-upgrades
+    do_in_target_script "${TARGET}" "
+      apt-get install -y --no-install-suggests unattended-upgrades 2>&1 | tee -a ${var_logfile}
+      echo ExitCode: \$? >> ${var_logfile}
+    "
 
     # shellcheck disable=SC2016
     sed -i 's/^[[:space:]]*"origin=Debian,codename=\${distro_codename},label=Debian";/\/\/ &/' "${TARGET}/etc/apt/apt.conf.d/50unattended-upgrades"

func/cdi_4100_base_installation/4120_installation_kernel.sh

@@ -29,10 +29,29 @@ installation_kernel() {
 
   touch "${TARGET}${var_logfile}" && chmod 0600 "${TARGET}${var_logfile}"
 
-  do_in_target_script "${TARGET}" "apt-get install -y ${image} 2>&1 | tee -a ${var_logfile}; echo ExitCode: \$? >> ${var_logfile}"
+  if [[ -n "${VAR_KERNEL}" ]]; then
+
+    do_in_target_script "${TARGET}" "
+      apt-get install -y --no-install-recommends --no-install-suggests ${VAR_KERNEL} 2>&1 | tee -a ${var_logfile}
+      echo ExitCode: \$? >> ${var_logfile}
+    "
+
+    do_log "info" "file_only" "4120() Kernel image: '${VAR_KERNEL}' installed successfully."
+
+    return 0
+
+  else
+
+    do_in_target_script "${TARGET}" "
+      apt-get install -y --no-install-recommends --no-install-suggests ${image} 2>&1 | tee -a ${var_logfile}
+      echo ExitCode: \$? >> ${var_logfile}
+    "
 
     do_log "info" "file_only" "4120() Kernel image: '${image}' installed successfully."
 
     return 0
+
+  fi
+
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_4100_base_installation/4130_installation_toolset.sh

@@ -26,11 +26,14 @@ installation_toolset() {
   ### Declare Arrays, HashMaps, and Variables.
   # shellcheck disable=SC2154
   declare -A  hmp_tool_pkg=(
+    [apt-show-versions]="apt-show-versions"
+    [bc]="bc"
     [dig]="bind9-dnsutils"
     [host]="bind9-dnsutils"
     [hexdump]="bsdmainutils"
     [btrfs]="btrfs-progs"
     [busybox]="busybox"
+    [bunzip2]="bzip2"
     [base64]="coreutils"
     [cat]="coreutils"
     [chmod]="coreutils"
@@ -39,31 +42,47 @@ installation_toolset() {
     [echo]="coreutils"
     [ln]="coreutils"
     [mkdir]="coreutils"
-    [cryptsetup]="cryptsetup-initramfs"
+    [cryptsetup]="cryptsetup"
+    [cryptsetup-initramfs]="cryptsetup-initramfs"
     [curl]="curl"
+    [dirmngr]="dirmngr"
+    [dmsetup]="dmsetup"
+    [fsck.vfat]="dosfstools"
+    [mkfs.vfat]="dosfstools"
     [e2label]="e2fsprogs"
     [tune2fs]="e2fsprogs"
     [fsck]="e2fsprogs"
+    [efibootmgr]="efibootmgr"
     [fdisk]="fdisk"
     [file]="file"
     [awk]="gawk"
+    [gdisk]="gdisk"
+    [gnupg]="gnupg"
     [grep]="grep"
     [gzip]="gzip"
+    [haveged]="haveged"
     [update-initramfs]="initramfs-tools"
     [ip]="iproute2"
     [ping]="iputils-ping"
     [jq]="jq"
+    [loadkeys]="kbd"
+    [setfont]="kbd"
+    [keyctl]="keyutils"
     [modprobe]="kmod"
+    [libpam-pwquality]="libpam-pwquality"
+    [logrotate]="logrotate"
     [lsb_release]="lsb-release"
     [parted]="parted"
     [chpasswd]="passwd"
     [chsh]="passwd"
     [lspci]="pciutils"
     [sysctl]="procps"
+    [pwgen]="pwgen"
     [sed]="sed"
     [sudo]="sudo"
     [tar]="tar"
     [tree]="tree"
+    [unzip]="unzip"
     [lsusb]="usbutils"
     [blkid]="util-linux"
     [dmesg]="util-linux"
@@ -102,7 +121,7 @@ installation_toolset() {
     do_log "debug" "file_only" "4130() [ary_unique_pkgs]='${ary_unique_pkgs[*]}'."
 
     do_in_target_script "${TARGET}" "
-      apt-get install -y --no-install-recommends ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
+      apt-get install -y --no-install-recommends --no-install-suggests ${ary_unique_pkgs[*]} 2>&1 | tee -a ${var_logfile}
       echo ExitCode: \$? >> ${var_logfile}
     "
 

func/cdi_4100_base_installation/4131_installation_systemd.sh

@@ -30,13 +30,17 @@ installation_systemd() {
 
   if ! do_in_target_script "${TARGET}" "type -P systemctl >/dev/null"; then
     do_log "info" "file_only" "4131() 'systemctl' NOT found, installing 'systemd' and dependencies."
+
     do_in_target_script "${TARGET}" "
       apt-get update 2>&1 | tee -a ${var_logfile}
-      apt-get install -y --no-install-recommends systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
+      apt-get install -y --no-install-recommends --no-install-suggests systemd systemd-sysv dbus 2>&1 | tee -a ${var_logfile}
       echo ExitCode: \$? >> ${var_logfile}
     "
+
   else
+
     do_log "info" "file_only" "4131() 'systemctl' found, skipping installation."
+
   fi
 
   do_in_target_script "${TARGET}" "

func/cdi_4100_base_installation/4140_installation_microcode.sh

@@ -24,6 +24,9 @@ guard_sourcing
 installation_microcode() {
   ### Declare Arrays, HashMaps, and Variables.
   declare     var_microcode_pkgs="" var_whereiam="" var_cpu_vendor=""
+  declare -r  var_logfile="/root/.ciss/cdi/log/4140_installation_microcode.log"
+
+  touch "${TARGET}${var_logfile}" && chmod 0600 "${TARGET}${var_logfile}"
 
   # shellcheck disable=SC2312
   if [[ -x "$(command -v virt-what)" ]]; then
@@ -48,17 +51,23 @@ installation_microcode() {
 
     if ! do_in_target_script "${TARGET}" "dpkg -s ${var_microcode_pkgs} >/dev/null 2>&1"; then
 
-      do_in_target "${TARGET}" apt-get install -y "${var_microcode_pkgs}"
+      do_in_target_script "${TARGET}" "
+        apt-get install -y --no-install-recommends --no-install-suggests ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
+        echo ExitCode: \$? >> ${var_logfile}
+      "
 
     else
 
-      do_in_target "${TARGET}" apt-get install -y --only-upgrade "${var_microcode_pkgs}"
+      do_in_target_script "${TARGET}" "
+        apt-get install -y --no-install-recommends --no-install-suggests --only-upgrade ${var_microcode_pkgs} 2>&1 | tee -a ${var_logfile}
+        echo ExitCode: \$? >> ${var_logfile}
+      "
 
     fi
 
   else
 
-    do_log "info" "file_only" "4140() Skipping microcode install (${var_whereiam}, ${var_microcode_pkgs:-none})"
+    do_log "info" "file_only" "4140() Skipping microcode install [${var_whereiam}, ${var_microcode_pkgs:-none}]."
 
   fi
 

func/cdi_4100_base_installation/4150_installation_chrony.sh

@@ -29,6 +29,9 @@ installation_chrony() {
   ### Declare Arrays, HashMaps, and Variables.
   # shellcheck disable=SC2155
   declare     var_of=$(mktemp var_of.XXXXXXXX) var_ntp_server=""
+  declare -r  var_logfile="/root/.ciss/cdi/log/4150_installation_chrony.log"
+
+  touch "${TARGET}${var_logfile}" && chmod 0600 "${TARGET}${var_logfile}"
 
   for var_ntp_server in "${ARY_NTPSRVR[@]}"; do
 
@@ -39,7 +42,11 @@ installation_chrony() {
   printf "# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh %b" "${NL}" >> "${var_of}"
 
   mkdir -p "${TARGET}/var/log/chrony"
-  do_in_target_script "${TARGET}" "apt-get install -y --no-install-recommends chrony"
+
+  do_in_target_script "${TARGET}" "
+    apt-get install -y --no-install-recommends --no-install-suggests chrony 2>&1 | tee -a ${var_logfile}
+    echo ExitCode: \$? >> ${var_logfile}
+  "
 
   if [[ ! -e "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service" ]]; then
 
@@ -53,8 +60,11 @@ installation_chrony() {
   install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/chrony/chrony.cnf" "${TARGET}/etc/chrony/chrony.conf"
   cat "${var_of}" >> "${TARGET}/etc/chrony/chrony.conf"
 
-  do_log "debug" "file_only" "4150() Executing: [do_in_target ${TARGET} chronyd -Q -f /etc/chrony/chrony.conf]."
+  do_log "debug" "file_only" "4150() Executing: [do_in_target_script ${TARGET} chronyd -Q -f /etc/chrony/chrony.conf]."
-  do_in_target "${TARGET}" chronyd -Q -f /etc/chrony/chrony.conf
+  do_in_target_script "${TARGET}" "
+    chronyd -Q -f /etc/chrony/chrony.conf 2>&1 | tee -a ${var_logfile}
+    echo ExitCode: \$? >> ${var_logfile}
+  "
 
   do_log "info" "file_only" "4150() Chrony NTPsec client installed."
 

lib/cdi_0110_interactive/0110_check_kernel.sh

@@ -10,39 +10,44 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
-# TODO: Update this module
-
 guard_sourcing
 
 #######################################
-# Kernel Image Selector
+# Kernel Image Selector.
 # Globals:
-#   VAR_ARCHITECTURE
 #   VAR_KERNEL
 #   VAR_KERNEL_SRT
 #   VAR_KERNEL_TMP
 # Arguments:
 #   None
 # Returns:
-#   42: Sorting Error.
+#   0: on success
+#   42: On sorting Error.
 #######################################
 check_kernel() {
-  clear
   declare -i counter=1
-  declare first_string=""
+  declare    first_string="" line="" name="" options="" var_cpu_vendor=""
-  declare line=""
-  declare -gx VAR_KERNEL=""
-  declare name=""
-  declare options=""
 
-  if [[ ${VAR_ARCHITECTURE} != arm64 ]]; then
+  # shellcheck disable=SC2312
+  var_cpu_vendor=$(</proc/cpuinfo grep 'vendor_id' | head -n1 | cut -d: -f2 | xargs)
+
+  case "${var_cpu_vendor}" in
+
+    *AuthenticAMD*)
+      # shellcheck disable=SC2312
       apt-cache search linux-image | grep linux-image | grep amd64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
-  else
+      ;;
+
+    *GenuineIntel*)
+      # shellcheck disable=SC2312
       apt-cache search linux-image | grep linux-image | grep arm64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
-  fi
+      ;;
+
+    *)                do_log "info" "file_only" "4140() Unknown or unsupported CPU vendor: '${var_cpu_vendor}', skipping." ;;
+  esac
 
   sort --output="${VAR_KERNEL_SRT}" "${VAR_KERNEL_TMP}" || {
-    printf "❌ Error check_kernel() Line 40 sort failed\n" >&2
+    printf "❌ Error 0110_check_kernel.sh Line 52 sort failed\n" >&2
     # shellcheck disable=SC2162
     read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
     return 42
@@ -55,22 +60,23 @@ check_kernel() {
       ((counter++))
     done < "${VAR_KERNEL_SRT}"
 
-  # shellcheck disable=SC2155
+  # shellcheck disable=SC2034
-  if declare -g VAR_KERNEL=$(dialog \
+  if VAR_KERNEL=$(dialog \
                           --no-collapse \
                           --ascii-lines \
                           --clear \
-                          --backtitle "CISS.debian.live.builder" \
+                          --backtitle "CISS.debian.installer powered by CoreSecret.eu" \
-                          --title "Select the Kernel for the CISS Hardened Debian Live Image ISO" \
+                          --title "Select the Kernel for the CISS.debian.installer" \
                           --radiolist "Kernel available \n *+bpo*       : Debian Backported Kernel \n *cloud*      : Special lightweight images for KVM \n *unsigned*   : Unsigned Kernel \n *preempt_rt* : Special Kernel for real-time-computing \n Not unsigned marked are MS signed Kernel for Secure Boot \n" 0 0 "${options[@]}" 3>&1 1>&2 2>&3 3>&-); then
-    clear
+
+    do_log "info" "file_only" "0110() Kernel image selected interactively: '${VAR_KERNEL}'."
+
   else
-    clear
+
-    if [[ "${VAR_ARCHITECTURE}" == "amd64" ]]; then
+    VAR_KERNEL=""
-      declare -gr VAR_KERNEL="amd64"
+
-    elif [[ "${VAR_ARCHITECTURE}" == "arm64" ]]; then
-      declare -gr VAR_KERNEL="arm64"
-    fi
   fi
+
+  return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/cdi_0200_dialog/0200_dialog_helper.sh

@@ -49,7 +49,7 @@ dialog_gauge() {
   setsid dialog --no-collapse \
                 --ascii-lines \
                 --keep-tite \
-                --title "CISS.debian.installer" \
+                --title "CISS.debian.installer powered by CoreSecret.eu" \
                 --gauge "Starting installation..." \
                 10 70 0 \
                 < "${PIPE_DIALOG_GAUGE}" &
@@ -97,7 +97,7 @@ dialog_box() {
   setsid dialog --colors \
                 --ascii-lines \
                 --title "Installation Progress" \
-                --backtitle "CISS.2025.debian.installer" \
+                --backtitle "CISS.debian.installer powered by CoreSecret.eu" \
                 --programbox "${ROWS_USE}" "${COLS_USE}" \
                 < "${PIPE_DIALOG_BOX}" &
   declare -gx PID_DIALOG_BOX="$!"

meta_loader_lib.sh

@@ -41,7 +41,7 @@ source_guard "./lib/cdi_0100_arg/0103_arg_priority_check.sh"
 source_guard "./lib/cdi_0100_arg/0104_arg_passphrase_modules.sh"
 source_guard "./lib/cdi_0100_arg/0105_arg_nuke_converter.sh"
 
-#source_guard "./lib/0110_check_kernel.sh"
+source_guard "./lib/0110_check_kernel.sh"
 #source_guard "./lib/0115_check_provider.sh"
 
 source_guard "./lib/cdi_0200_dialog/0200_dialog_helper.sh"

var/global.var.sh

@@ -60,7 +60,10 @@ declare -gix VAR_PRIORITY=0
 declare -gix VAR_REIONICE_CLASS=2
 declare -gix VAR_REIONICE_PRIORITY=4
 
-### CHROOT ACTIVATION 4020()
+### 4010_prepare_mounts.sh
 declare -gx VAR_CHROOT_ACTIVATED="false"
 
+### 4120_installation_kernel.sh
+declare -gx VAR_KERNEL=""
+
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh