V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-07-24 18:28:35 +02:00
parent e9681e87c5
commit 0a2d983c7d
64 changed files with 525 additions and 1423 deletions
--- a/lib/0010_guard_sourcing.sh
+++ b/lib/0010_guard_sourcing.sh
@@ -16,7 +16,7 @@
 # Globals:
 #   BASH_SOURCE
 # Arguments:
-#   $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically.)
+#   1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically.)
 # Returns:
 #   0: Returns '0' in both cases as they are intended to be successful.
 #######################################
--- a/lib/0030_check_pkgs.sh
+++ b/lib/0030_check_pkgs.sh
@@ -23,6 +23,7 @@ check_pkgs() {
  apt-get update -y > /dev/null 2>&1

  ### Define HashMap: command -> package
+  # shellcheck disable=SC2154
  declare -A hmp_command_packages=(
    [apt-transport-https]=apt-transport-https
    [bzip2]=bzip2
@@ -72,7 +73,7 @@ check_pkgs() {
  fi

  if [[ -z "$(command -v dialog || true)" ]]; then
-    if ! ${VAR_AUTO_INSTALL}; then apt-get install -y --no-install-recommends dialog; fi
+    if ! "${VAR_AUTO_INSTALL}"; then apt-get install -y --no-install-recommends dialog; fi
  fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/0040_check_var.sh
+++ b/lib/0040_check_var.sh
@@ -1,23 +1,25 @@
 #!/bin/bash
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
-# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
-# Unbound Variable Check and call Trap on ERR
+# Unbound Variable Check and call Trap on ERR.
 # Globals:
-#   ERR_UNBOUNDVAR
+#   ERR_UNBOUND_VARIABLE
 # Arguments:
-#   $1: VAR_NAME to check
+#   1: VAR_NAME to check
 # Returns:
-#   "${ERR_UNBOUNDVAR}"
+#   ERR_UNBOUND_VARIABLE
 #######################################
 check_var() {
  declare var_name_to_check="$1"
@@ -29,7 +31,7 @@ check_var() {
    fi
  else
    printf "\e[91m❌ Variable: '%s' is not declared. Exiting Script. \e[0m\n" "${var_name_to_check}" >&2
-    return "${ERR_UNBOUNDVAR}"
+    return "${ERR_UNBOUND_VARIABLE}"
  fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/0050_debug_pre_scan.sh
+++ b/lib/0050_debug_pre_scan.sh
@@ -28,7 +28,7 @@ pre_scan_debug() {

  for i in "${!args[@]}"; do
    if [[ "${args[i]}" == "-d" || "${args[i]}" == "--debug" ]]; then
-      dbg_index=$i
+      dbg_index=${i}
      . "${script_dir}/0051_debug_var_dump.sh"
      declare -grx LOG_VAR="/tmp/ciss_debian_installer_$$_var.log"
      touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
--- a/lib/0051_debug_var_dump.sh
+++ b/lib/0051_debug_var_dump.sh
@@ -22,6 +22,7 @@ guard_sourcing
 dump_vars_initial() {
  # shellcheck disable=SC2155
  declare -grx VAR_DUMP_VARS_INITIAL=$(mktemp)
+  # shellcheck disable=SC2312
  {
    declare var
    while IFS= read -r var; do
@@ -44,13 +45,13 @@ dump_vars_exiting() {
  # shellcheck disable=SC2155
  declare var_dump_vars_final=$(mktemp)
  set +x
+  # shellcheck disable=SC2312
  {
    declare var
    while IFS= read -r var; do
      declare -p "${var}" 2>/dev/null
    done < <(compgen -v | grep -Ev '^(BASH|_).*')
  } | sort >| "${var_dump_vars_final}"
-  set -x

  {
    printf "✅ CISS.debian.installer Config Variable Dump. \n"
@@ -67,6 +68,7 @@ dump_vars_exiting() {
  } >> "${LOG_VAR}"

  comm -13 "${VAR_DUMP_VARS_INITIAL}" "${var_dump_vars_final}" >> "${LOG_VAR}" || true
+  set -x
  rm -f "${VAR_DUMP_VARS_INITIAL}" "${var_dump_vars_final}"
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/0052_debug_trace.sh
+++ b/lib/0052_debug_trace.sh
@@ -16,7 +16,7 @@ guard_sourcing
 # Wrapper for XTRACE Debug.
 # Globals:
 #   BASH_XTRACEFD
-#   LOG_TRACE
+#   LOG_TRC
 #   PS4
 #   SHELLOPTS
 # Arguments:
@@ -26,11 +26,11 @@ debug_trace() {
  ### Set a verbose PS4 prompt including timestamp, source, line, exit status of previous command, and function name
  declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
  # shellcheck disable=SC2155
-  declare -grx LOG_TRACE="/tmp/ciss_debian_installer_$$_trace.log"
-  ### Generates empty LOG_TRACE
-  touch "${LOG_TRACE}" && chmod 0600 "${LOG_TRACE}"
+  declare -grx LOG_TRC="${DIR_LOG}/ciss_debian_installer_$$_trace.log"
+  ### Generates empty LOG_TRC
+  touch "${LOG_TRC}" && chmod 0600 "${LOG_TRC}"
  ### Open file descriptor 42 for writing to the debug log
-  exec 42>| "${LOG_TRACE}"
+  exec 42>| "${LOG_TRC}"
  ### Write Debug Log Header https://www.gnu.org/software/bash/manual/html_node/Bash-Variables
  debug_header "$#" "$*"
  ### Tell Bash to send xtrace output to FD 42
--- a/lib/0053_debug_trace_header.sh
+++ b/lib/0053_debug_trace_header.sh
@@ -35,6 +35,7 @@ guard_sourcing
 debug_trace_header() {
  declare -r arg_counter="$1"
  declare -r arg_string="$2"
+  #shellcheck disable=SC2312
  {
    printf "\e[97m+\e[0m\e[92m%s: CISS.debian.installer Debug XTRACE Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
    printf "\e[97m+\e[0m\e[92m%s: GIT Commit                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_HEAD}"
--- a/lib/0054_debug_trap.sh
+++ b/lib/0054_debug_trap.sh
@@ -15,9 +15,9 @@ guard_sourcing
 declare -g VAR_LAST_CMD=""
 declare -g __preexec_invoke=""
 # shellcheck disable=SC2155
-declare -grx LOG_DEBUG="/tmp/ciss_debian_installer_$$_debug.log"
-### Generates empty LOG_DEBUG
-touch "${LOG_DEBUG}" && chmod 0600 "${LOG_DEBUG}"
+declare -grx LOG_DBG="${DIR_LOG}/ciss_debian_installer_$$_debug.log"
+### Generates empty LOG_DBG
+touch "${LOG_DBG}" && chmod 0600 "${LOG_DBG}"
 ### Write Debug Log Header https://www.gnu.org/software/bash/manual/html_node/Bash-Variables
 debug_trace_header "$#" "$*"
 ### Define patterns and mask replacements
@@ -36,7 +36,7 @@ declare -Ag MASK_PATTERNS=(
 #   BASH_LINENO
 #   BASH_SOURCE
 #   FUNCNAME
-#   LOG_DEBUG
+#   LOG_DBG
 # Arguments:
 #  None
 #######################################
@@ -56,7 +56,7 @@ debug_trap_logger() {
  declare var_line="${BASH_LINENO[i-1]:-?}"
  declare var_script="${BASH_SOURCE[i]:-${BASH_SOURCE[0]}}"
  declare var_script_rel="${var_script#"${PWD}"/}"
-  printf '%s [%s:%s] %s() |%s| RC:%s \n' "${var_ts}" "${var_script_rel}" "${var_line}" "${var_func}" "${var_msg}" "${var_rc}">> "${LOG_DEBUG}"
+  printf '%s [%s:%s] %s() |%s| RC:%s \n' "${var_ts}" "${var_script_rel}" "${var_line}" "${var_func}" "${var_msg}" "${var_rc}">> "${LOG_DBG}"
 }

 #######################################
--- a/lib/0055_debug_trap_header.sh
+++ b/lib/0055_debug_trap_header.sh
@@ -18,7 +18,7 @@
 #   EPOCHREALTIME
 #   EUID
 #   HOSTNAME
-#   LOG_DEBUG
+#   LOG_DBG
 #   PPID
 #   PWD
 #   SHELLOPTS
@@ -34,6 +34,7 @@
 debug_trace_header() {
  declare -r arg_counter="$1"
  declare -r arg_string="$2"
+  # shellcheck disable=SC2312
  {
    printf "\e[97m+\e[0m\e[92m%s: CISS.debian.installer Debug TRAP Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
    printf "\e[97m+\e[0m\e[92m%s: GIT Commit                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_HEAD}"
@@ -58,6 +59,6 @@ debug_trace_header() {
    printf "\e[97m+\e[0m\e[92m%s: BASHOPTS                  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASHOPTS}"
    printf "\e[97m+\e[0m\e[92m%s: SHELLOPTS                 : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${SHELLOPTS}"
    printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
-  } >| "${LOG_DEBUG}"
+  } >| "${LOG_DBG}"
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/0060_trap_err.sh
+++ b/lib/0060_trap_err.sh
@@ -15,16 +15,16 @@ guard_sourcing
 #######################################
 # Print Error Message for Trap on 'ERR' in '${ERROR_LOG}'.
 # Globals:
-#   ARGUMENTS_COUNT
+#   VAR_PARAM_COUNT
 #   ARG_STR_ORG_INPUT
 #   ERRCMMD
 #   ERRCODE
 #   ERRFUNC
 #   ERRLINE
 #   ERRSCRT
-#   LOG_DEBUG
-#   LOG_ERROR
-#   LOG_TRACE
+#   LOG_DBG
+#   LOG_ERR
+#   LOG_TRC
 #   LOG_VAR
 #   NL
 #   SECONDS
@@ -50,28 +50,28 @@ print_file_err() {
    printf "❌ Command             : %s %s" "${ERRCMMD}" "${NL}"
    printf "❌ Script PID          : %s %s" "${$}" "${NL}"
    printf "❌ Script Runtime      : %s %s" "${SECONDS}" "${NL}"
-    printf "❌ Arguments Counter   : %s %s" "${ARGUMENTS_COUNT}" "${NL}"
+    printf "❌ Arguments Counter   : %s %s" "${VAR_PARAM_COUNT}" "${NL}"
    printf "❌ Arguments Original  : %s %s" "${ARG_STR_ORG_INPUT}" "${NL}"
    printf "❌ Arguments Sanitized : %s %s" "${VAR_ARG_SANITIZED}" "${NL}"
    if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
      printf "❌ Vars Dump saved at  : %s %s" "${LOG_VAR}" "${NL}"
    fi
    if "${VAR_DEBUG_TRAP}"; then
-      printf "❌ DEBUG Log saved at  : %s %s" "${LOG_DEBUG}" "${NL}"
-      printf "❌                   cat %s %s" "${LOG_DEBUG}" "${NL}"
+      printf "❌ DEBUG Log saved at  : %s %s" "${LOG_DBG}" "${NL}"
+      printf "❌                   cat %s %s" "${LOG_DBG}" "${NL}"
    fi
    if "${VAR_DEBUG_TRACE}"; then
-      printf "❌ TRACE Log saved at  : %s %s" "${LOG_TRACE}" "${NL}"
-      printf "❌                   cat %s %s" "${LOG_TRACE}" "${NL}"
+      printf "❌ TRACE Log saved at  : %s %s" "${LOG_TRC}" "${NL}"
+      printf "❌                   cat %s %s" "${LOG_TRC}" "${NL}"
    fi
    printf "%s" "${NL}"
-  } >> "${LOG_ERROR}"
+  } >> "${LOG_ERR}"
 }

 #######################################
 # Print Error Message for Trap on 'ERR' on Terminal.
 # Globals:
-#   ARGUMENTS_COUNT
+#   VAR_PARAM_COUNT
 #   ARG_STR_ORG_INPUT
 #   RED
 #   RES
@@ -80,9 +80,9 @@ print_file_err() {
 #   ERRFUNC
 #   ERRLINE
 #   ERRSCRT
-#   LOG_DEBUG
-#   LOG_ERROR
-#   LOG_TRACE
+#   LOG_DBG
+#   LOG_ERR
+#   LOG_TRC
 #   LOG_VAR
 #   NL
 #   SECONDS
@@ -107,21 +107,21 @@ print_scr_err() {
  printf "%s❌ Command             : %s %s%s" "${RED}" "${ERRCMMD}" "${RES}" "${NL}" >&2
  printf "%s❌ Script PID          : %s %s%s" "${RED}" "${$}" "${RES}" "${NL}" >&2
  printf "%s❌ Script Runtime      : %s %s%s" "${RED}" "${SECONDS}" "${RES}" "${NL}" >&2
-  printf "%s❌ Arguments Counter   : %s %s%s" "${RED}" "${ARGUMENTS_COUNT}" "${RES}" "${NL}" >&2
+  printf "%s❌ Arguments Counter   : %s %s%s" "${RED}" "${VAR_PARAM_COUNT}" "${RES}" "${NL}" >&2
  printf "%s❌ Arguments Original  : %s %s%s" "${RED}" "${ARG_STR_ORG_INPUT}" "${RES}" "${NL}" >&2
  printf "%s❌ Arguments Sanitized : %s %s%s" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" >&2
-  printf "%s❌ Error Log saved at  : %s %s%s" "${RED}" "${LOG_ERROR}" "${RES}" "${NL}" >&2
-  printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_ERROR}" "${RES}" "${NL}" >&2
+  printf "%s❌ Error Log saved at  : %s %s%s" "${RED}" "${LOG_ERR}" "${RES}" "${NL}" >&2
+  printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_ERR}" "${RES}" "${NL}" >&2
  if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
    printf "%s❌ Vars Dump saved at  : %s %s%s" "${RED}" "${LOG_VAR}" "${RES}" "${NL}" >&2
  fi
  if "${VAR_DEBUG_TRAP}"; then
-    printf "%s❌ Debug Log saved at  : %s %s%s" "${RED}" "${LOG_DEBUG}" "${RES}" "${NL}" >&2
-    printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_DEBUG}" "${RES}" "${NL}" >&2
+    printf "%s❌ Debug Log saved at  : %s %s%s" "${RED}" "${LOG_DBG}" "${RES}" "${NL}" >&2
+    printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_DBG}" "${RES}" "${NL}" >&2
  fi
  if "${VAR_DEBUG_TRACE}"; then
-    printf "%s❌ Debug Log saved at  : %s %s%s" "${RED}" "${LOG_TRACE}" "${RES}" "${NL}" >&2
-    printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_TRACE}" "${RES}" "${NL}" >&2
+    printf "%s❌ Debug Log saved at  : %s %s%s" "${RED}" "${LOG_TRC}" "${RES}" "${NL}" >&2
+    printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_TRC}" "${RES}" "${NL}" >&2
  fi
  printf "%s" "${NL}"
 }
--- a/lib/0070_trap_exit.sh
+++ b/lib/0070_trap_exit.sh
@@ -34,6 +34,7 @@ trap_exit() {
    exit "${var_trap_on_exit_code}"
  else
    clean_up "${var_trap_on_exit_code}"
+    print_scr_exit "${var_trap_on_exit_code}"
    exit "${var_trap_on_exit_code}"
  fi
 }
@@ -41,8 +42,8 @@ trap_exit() {
 #######################################
 # Print Success Message for Trap on 'EXIT' on 'stdout'.
 # Globals:
-#   LOG_DEBUG
-#   LOG_TRACE
+#   LOG_DBG
+#   LOG_TRC
 #   LOG_VAR
 #   VAR_DEBUG_TRACE
 #   VAR_DEBUG_TRAP
@@ -53,7 +54,7 @@ trap_exit() {
 print_scr_exit() {
  declare -r var_print_scr_exit_code="$1"
  if (( var_print_scr_exit_code == 0 )); then
-    if [[ "${VAR_SCRIPT_SUCCESS}" == true ]]; then
+    if [[ "${VAR_SCRIPT_SUCCESS}" == "true" ]]; then
      printf "\n"
      printf "\e[92m✅ CISS.debian.installer Script successful. \e[0m\n"
      printf "\e[92m✅ Exited with Status : %s \e[0m\n" "${var_print_scr_exit_code}"
@@ -63,12 +64,12 @@ print_scr_exit() {
        printf "\e[92m✅                  cat %s \e[0m\n" "${LOG_VAR}"
      fi
      if "${VAR_DEBUG_TRAP}"; then
-        printf "\e[92m✅ DEBUG Log saved at : %s \e[0m\n" "${LOG_DEBUG}"
-        printf "\e[92m✅                  cat %s \e[0m\n" "${LOG_DEBUG}"
+        printf "\e[92m✅ DEBUG Log saved at : %s \e[0m\n" "${LOG_DBG}"
+        printf "\e[92m✅                  cat %s \e[0m\n" "${LOG_DBG}"
      fi
      if "${VAR_DEBUG_TRACE}"; then
-        printf "\e[92m✅ TRACE Log saved at : %s \e[0m\n" "${LOG_TRACE}"
-        printf "\e[92m✅                  cat %s \e[0m\n" "${LOG_TRACE}"
+        printf "\e[92m✅ TRACE Log saved at : %s \e[0m\n" "${LOG_TRC}"
+        printf "\e[92m✅                  cat %s \e[0m\n" "${LOG_TRC}"
      fi
      printf "\n"
      printf "\e[95m💷 Please consider donating to my work at: \e[0m\n"
--- a/lib/0090_clean_up.sh
+++ b/lib/0090_clean_up.sh
@@ -13,7 +13,7 @@
 #######################################
 # Clean Up Wrapper on Trap on 'EXIT'.
 # Globals:
-#   LOG_ERROR
+#   LOG_ERR
 #   VAR_KERNEL_INF
 #   VAR_KERNEL_SRT
 #   VAR_KERNEL_TMP
@@ -33,6 +33,6 @@ clean_up() {
  exec 127>&-
  # Remove the lockfile artifact.
  rm -f /run/lock/ciss_debian_installer.lock
-  if (( var_clean_exit_code == 0 )); then rm -f -- "${LOG_ERROR}"; fi
+  if (( var_clean_exit_code == 0 )); then rm -f -- "${LOG_ERR}"; fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/0100_arg_mismatch.sh
+++ b/lib/0100_arg_mismatch.sh
@@ -26,12 +26,10 @@ guard_sourcing
 #######################################
 arg_mismatch() {
  ### Call cleaner if and only if not in auto-install mode.
-  if [[ "${VAR_AUTO_INSTALL}" == false ]]; then
+  if [[ "${VAR_AUTO_INSTALL}" == "false" ]]; then
    ### Dynamically select the cleaner based on the dialog wrapper type.
    case "${VAR_IN_DIALOG_WR}" in
-      box|gauge)
-        "dialog_${VAR_IN_DIALOG_WR}_cleaner"
-        ;;
+      box|gauge) "dialog_${VAR_IN_DIALOG_WR}_cleaner" ;;
    esac
  fi
  printf "%s❌ Error: '%s'. %s%s" "${RED}" "${1}" "${RES}" "${NL}" >&2
--- a/lib/0101_arg_sanitizer.sh
+++ b/lib/0101_arg_sanitizer.sh
@@ -32,7 +32,7 @@ arg_check() {
 #   RED
 #   RES
 #   ERR_UNSAFE_CHARACTER
-#   LOG_ERROR
+#   LOG_ERR
 #   NL
 #   VAR_IN_DIALOG_WR
 # Arguments:
@@ -43,14 +43,15 @@ sanitize_arg() {
  declare disallowed_ctrl=""
  ### Step 1: Check for control characters
  if printf '%s' "${input}" | grep -qP '[[:cntrl:]]'; then
+    # shellcheck disable=SC2312
    disallowed_ctrl=$(printf '%s' "${input}" | sed -n 's/[^[:cntrl:]]//gp' | sed $'s/./&\\n/g' \
-      | while read -r c; do printf "%02X " "'$c"; done)
+      | while read -r c; do printf "%02X " "'${c}"; done)
    {
      printf "❌ Control character   : '%s'. %s" "${disallowed_ctrl}" "${NL}"
      printf "❌         in argument : '%s'. %s" "${input}" "${NL}"
      printf "❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s" "${NL}"
      printf "%s" "${NL}"
-    } >> "${LOG_ERROR}"
+    } >> "${LOG_ERR}"
    case "${VAR_IN_DIALOG_WR}" in
      box   ) dialog_box_cleaner   ;;
      gauge ) dialog_gauge_cleaner ;;
@@ -74,7 +75,7 @@ sanitize_arg() {
      printf "❌         in argument : '%s'. %s" "${input}" "${NL}"
      printf "❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s" "${NL}"
      printf "%s" "${NL}"
-    } >> "${LOG_ERROR}"
+    } >> "${LOG_ERR}"
    case "${VAR_IN_DIALOG_WR}" in
      box   ) dialog_box_cleaner   ;;
      gauge ) dialog_gauge_cleaner ;;
--- a/lib/0102_arg_parser.sh
+++ b/lib/0102_arg_parser.sh
@@ -15,7 +15,7 @@ guard_sourcing
 #######################################
 # Argument Parser
 # Globals:
-#   DEFAULT_LOG_LEVEL
+#   VAR_DEFAULT_LOG_LEVEL
 #   VAR_AUTO_INSTALL
 #   VAR_IN_DIALOG_WR
 #   VAR_PRIORITY
@@ -53,28 +53,9 @@ arg_parser() {

        -l | --log)
          case "${2,,}" in
-            info)
-              declare -gx DEFAULT_LOG_LEVEL="$2"
-              shift 2
-              ;;
-            notice)
-              declare -gx DEFAULT_LOG_LEVEL="$2"
-              shift 2
-              ;;
-            warn)
-              declare -gx DEFAULT_LOG_LEVEL="$2"
-              shift 2
-              ;;
-            error)
-              declare -gx DEFAULT_LOG_LEVEL="$2"
-              shift 2
-              ;;
-            emergency)
-              declare -gx DEFAULT_LOG_LEVEL="$2"
-              shift 2
-              ;;
+            info|notice|warn|error|emergency) declare -gx VAR_DEFAULT_LOG_LEVEL="$2"; shift 2 ;;
            *)
-              if [[ "${VAR_AUTO_INSTALL}" == false && "${VAR_IN_DIALOG_WR}" == true ]]; then dialog_gauge_cleaner; fi
+              if [[ "${VAR_AUTO_INSTALL}" == "false" && "${VAR_IN_DIALOG_WR}" == true ]]; then dialog_box_cleaner; fi
              usage
              ;;
            esac
@@ -121,7 +102,11 @@ arg_parser() {
          ;;

        *)
-          if [[ "${VAR_AUTO_INSTALL}" == false && "${VAR_IN_DIALOG_WR}" == true ]]; then dialog_gauge_cleaner; fi
+          if [[ "${VAR_AUTO_INSTALL}" == "false" && "${VAR_IN_DIALOG_WR}" == "box" ]]; then
+            dialog_box_cleaner
+          elif [[ "${VAR_AUTO_INSTALL}" == "false" && "${VAR_IN_DIALOG_WR}" == "gauge" ]]; then
+            dialog_gauge_cleaner
+          fi
          usage
          ;;
    esac
--- a/lib/0103_arg_priority_check.sh
+++ b/lib/0103_arg_priority_check.sh
@@ -30,14 +30,14 @@ arg_priority_check() {
  if [[ -n ${VAR_PRIORITY} ]]; then
    renice "${VAR_PRIORITY}" -p "$$"
    var=$(ps -o ni= -p $$) > /dev/null 2>&1
-    printf "%s✅ New renice value: '%s'. %s%s" "${GRE}" "${var}" "${RES}" "${NL}"
+    do_log "info" "true" "New renice value: '${var}'."
  fi

-  # Check if ionice PRIORITY is set and adjust ionice priority.
+  ### Check if ionice PRIORITY is set and adjust ionice priority.
  if [[ -n ${VAR_REIONICE_CLASS} ]]; then
    ionice -c"${VAR_REIONICE_CLASS:-2}" -n"${VAR_REIONICE_PRIORITY:-4}" -p "$$"
    var=$(ionice -p $$) > /dev/null 2>&1
-    printf "%s✅ New ionice value: '%s'. %s%s" "${GRE}" "${var}" "${RES}" "${NL}"
+    do_log "info" "true" "New ionice value: '${var}'."
  fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/0110_check_kernel.sh
+++ b/lib/0110_check_kernel.sh
@@ -1,15 +1,17 @@
 #!/bin/bash
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Kernel Image Selector
 # Globals:
--- a/lib/0120_check_provider.sh
+++ b/lib/0120_check_provider.sh
@@ -1,15 +1,17 @@
 #!/bin/bash
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+guard_sourcing
+
 #######################################
 # Notes Textbox
 # Arguments:
--- a/lib/lib_cdi.sh
+++ b/lib/lib_cdi.sh
@@ -1,62 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# CISS.2025.debian.installer GRUB and Autostart Generator
-# Globals:
-#   BASH_SOURCE
-#   VAR_HANDLER_BUILD_DIR
-#   VAR_HANDLER_CDI
-#   VAR_KERNEL
-#   VAR_WORKDIR
-# Arguments:
-#  None
-#######################################
-cdi() {
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}"
-
-  if [[ "${VAR_HANDLER_CDI}" == "true" ]]; then
-
-    if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/config" ]]; then
-      mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/config"
-    fi
-
-    cp "${VAR_WORKDIR}/scripts/9000-cdi-starter" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/config/9000-cdi-starter"
-    chmod 0750 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/config/9000-cdi-starter"
-    chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/config/9000-cdi-starter"
-
-    declare tmp_entry
-    tmp_entry="$(mktemp)"
-    cat << EOF >| "${tmp_entry}"
-menuentry "CISS Hardened DI (${VAR_KERNEL})" --hotkey=i {
-        linux /live/vmlinuz-${VAR_KERNEL} boot=live verify-checksums live-config.components splash nopersistence toram ramdisk-size=1024M swap=true noeject locales=en_US.UTF-8 keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= timezone=Europe/Lisbon audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none findiso=\${iso_path}
-        initrd /live/initrd.img-${VAR_KERNEL}
-}
-EOF
-    sed -i "/#MUST_BE_REPLACED/{
-  r ${tmp_entry}
-  d
-}" "${VAR_HANDLER_BUILD_DIR}/config/bootloaders/grub-efi/grub.cfg"
-
-    sed -i "/#MUST_BE_REPLACED/{
-  r ${tmp_entry}
-  d
-}" "${VAR_HANDLER_BUILD_DIR}/config/bootloaders/grub-pc/grub.cfg"
-
-    rm -f "${tmp_entry}"
-  else
-    # shellcheck disable=SC1003
-    sed -i '/#MUST_BE_REPLACED/c\\' "${VAR_HANDLER_BUILD_DIR}/config/bootloaders/grub-efi/grub.cfg"
-  fi
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successful applied. \e[0m\n" "${BASH_SOURCE[0]}"
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_change_splash.sh
+++ b/lib/lib_change_splash.sh
@@ -1,37 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Change Grub Boot Screen Splash
-# Globals:
-#   VAR_HANDLER_BUILD_DIR
-#   VAR_HANDLER_SPLASH
-#   VAR_WORKDIR
-# Arguments:
-#  None
-#######################################
-change_splash() {
-  if [[ ${VAR_HANDLER_SPLASH} == "club" ]]; then
-    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Grub Splash 'club.png' selected ...\e[0m\n"
-    cp -af "${VAR_WORKDIR}"/.archive/background/club.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/splash.png
-    cp -af "${VAR_WORKDIR}"/.archive/background/club.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/grub-efi/splash.png
-    cp -af "${VAR_WORKDIR}"/.archive/background/club.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/grub-pc/splash.png
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Grub Splash 'club.png' selected done. \e[0m\n"
-  elif [[ ${VAR_HANDLER_SPLASH} == "hexagon" ]]; then
-    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Grub Splash 'hexagon.png' selected ...\e[0m\n"
-    cp -af "${VAR_WORKDIR}"/.archive/background/hexagon.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/splash.png
-    cp -af "${VAR_WORKDIR}"/.archive/background/hexagon.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/grub-efi/splash.png
-    cp -af "${VAR_WORKDIR}"/.archive/background/hexagon.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/grub-pc/splash.png
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Grub Splash 'hexagon.png' selected done. \e[0m\n"
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_dhcp.sh
+++ b/lib/lib_check_dhcp.sh
@@ -1,26 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Check if hardened Centurion DNS servers are desired.
-# Globals:
-#   VAR_HANDLER_DHCP
-#   VAR_WORKDIR
-# Arguments:
-#  None
-#######################################
-check_dhcp() {
-  if [[ ${VAR_HANDLER_DHCP} -eq 1 ]]; then
-    chmod +x "${VAR_WORKDIR}"/scripts/0010_dhcp_supersede.sh && "${VAR_WORKDIR}"/scripts/0010_dhcp_supersede.sh
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_hooks.sh
+++ b/lib/lib_check_hooks.sh
@@ -1,37 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Check and apply 0755 Permissions on every ./config/hooks/live/*.chroot file
-# Globals:
-#   ERR_UNCRITICAL
-#   VAR_WORKDIR
-# Arguments:
-#  None
-#######################################
-check_hooks() {
-  declare ifs
-  ifs=$'\n\t'
-  shopt -s nullglob
-  declare -a files=("${VAR_WORKDIR}"/config/hooks/live/*.chroot)
-
-  if (( ${#files[@]} == 0 )); then
-    printf "\e[91m❌ No '*.chroot' files found in '%s/config/hooks/live'. \e[0m\n" "${VAR_WORKDIR}" >&2
-    exit "${ERR_UNCRITICAL}"
-  fi
-
-  declare file
-  for file in "${files[@]}"; do
-    chmod 0755 "${file}"
-  done
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_stats.sh
+++ b/lib/lib_check_stats.sh
@@ -1,27 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Check if analysis run is desired only.
-# Globals:
-#   VAR_HANDLER_STA
-# Arguments:
-#  None
-#######################################
-check_stats() {
-  if [[ ${VAR_HANDLER_STA} -eq 1 ]]; then
-    clear
-    run_analysis
-    exit 0
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_copy_integrity.sh
+++ b/lib/lib_copy_integrity.sh
@@ -1,38 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Copy Initial ISO aide Database into Host System
-# Globals:
-#   BASH_SOURCE
-#   VAR_HANDLER_BUILD_DIR
-# Arguments:
-#  None
-# Returns:
-#   0 : Aide Init DB copying successful.
-#######################################
-copy_db() {
-  # printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${BASH_SOURCE[0]}"
-
-  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/.integrity" ]]; then
-    mkdir -p "${VAR_HANDLER_BUILD_DIR}/.integrity"
-  fi
-
-  if cp -p "${VAR_HANDLER_BUILD_DIR}/chroot/var/lib/aide/"* "${VAR_HANDLER_BUILD_DIR}/.integrity/"; then
-    chmod 0400 "${VAR_HANDLER_BUILD_DIR}/.integrity/"*
-    # printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successful applied. \e[0m\n" "${BASH_SOURCE[0]}"
-    return 0
-  else
-    printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ '%s' NOT successful applied. \e[0m\n" "${BASH_SOURCE[0]}"
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_hardening_root_pw.sh
+++ b/lib/lib_hardening_root_pw.sh
@@ -1,101 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Updates the Live ISO to use root password authentication for local console access.
-# Globals:
-#   VAR_HANDLER_BUILD_DIR
-#   VAR_HASHED_PWD
-# Arguments:
-#  None
-# Returns:
-#   0: In case no root password is desired.
-#######################################
-hardening_root_pw() {
-  if [[ -z ${VAR_HASHED_PWD} ]]; then
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ No Root Password for Console set, skipping root password hook.\e[0m\n"
-    # sleep 1
-    return 0
-  fi
-
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Setup Root Password for Console ... \e[0m\n"
-  # sleep 1
-
-  declare cfg_dir="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/live"
-  declare cfg_file="${cfg_dir}/config.conf"
-  declare dropin_dir="${cfg_dir}/config.conf.d"
-  declare dropin_file="${dropin_dir}/20-root-password.conf"
-
-  mkdir -p "${dropin_dir}"
-
-  cat << 'EOF' >| "${dropin_dir}"/10-disable-autologin.conf
-live-config.noautologin
-EOF
-
-  if ! grep -q 'LIVE_CONFIGS=.*root-password' "${cfg_file}"; then
-    sed -i -E 's|LIVE_CONFIGS="([^"]*)"|LIVE_CONFIGS="\1 root-password"|' "${cfg_file}"
-  fi
-
-  declare clean_hash="${VAR_HASHED_PWD//\"/}"
-
-  printf 'live-config.root-password-hash=%s\n' "${clean_hash}" >| "${dropin_file}"
-  chmod 0600 "${dropin_file}"
-  chown root:root "${dropin_file}"
-
-  mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root"
-  printf '%s\n' "${clean_hash}" >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
-  chmod 0600 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
-  chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.pwd"
-
-  mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/systemd/system/getty@tty1.service.d
-  cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/systemd/system/getty@tty1.service.d/override.conf
-[Service]
-ExecStart=
-#ExecStart=-/usr/sbin/agetty --noclear %I $TERM
-ExecStart=-agetty --noclear %I $TERM
-EOF
-
-  mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc
-  cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/securetty
-tty1
-tty2
-tty3
-tty4
-tty5
-tty6
-EOF
-
-  mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/usr/sbin
-  mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/usr/bin
-  mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/sbin
-  cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/sbin/agetty"
-  cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/bin/agetty"
-  cp -af /usr/sbin/agetty "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/sbin/agetty"
-
-  ### Hotfix I
-  mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators"
-  cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator"
-#!/bin/sh
-# bypass live-config-getty-generator
-exit 0
-EOF
-  chmod +x "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator"
-
-  ### Hotfix II
-  #mkdir -p "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators"
-  #touch "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator"
-  #chmod -x "${HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/systemd/system-generators/live-config-getty-generator"
-
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Setup Root Password for Console done. \e[0m\n"
-  # sleep 1
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_hardening_ssh.sh
+++ b/lib/lib_hardening_ssh.sh
@@ -1,63 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# SSH Hardening Ultra via TCP Wrapper
-# Globals:
-#   ARY_HANDLER_JUMPHOST
-#   VAR_WORKDIR
-# Arguments:
-#  None
-#######################################
-hardening_ssh() {
-  if ((${#ARY_HANDLER_JUMPHOST[@]} > 0)); then
-    declare allowed=""
-    cat << 'EOF' >| "${VAR_WORKDIR}/hosts.allow"
-# /etc/hosts.allow: list of hosts that are allowed to access the system.
-#                   See the manual pages hosts_access(5) and hosts_options(5).
-#
-# Example:    ALL: LOCAL @some_netgroup
-#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
-#
-# If you're going to protect the portmapper use the name "rpcbind" for the
-# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
-#
-
-EOF
-
-    allowed=$(echo "${ARY_HANDLER_JUMPHOST[*]}" | tr '\n' ' ')
-    printf 'sshd: %s\n' "${allowed}" >> "${VAR_WORKDIR}/hosts.allow"
-
-    cat << 'EOF' >| "${VAR_WORKDIR}/hosts.deny"
-# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
-#                  See the manual pages hosts_access(5) and hosts_options(5).
-#
-# Example:    ALL: some.host.name, .some.domain
-#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
-#
-# If you're going to protect the portmapper use the name "rpcbind" for the
-# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
-#
-# The PARANOID wildcard matches any host whose name does not match its
-# address.
-#
-# You may wish to enable this to ensure any programs that don't
-# validate looked-up hostnames still leave understandable logs. In past
-# versions of Debian, this has been the default.
-# ALL: PARANOID
-
-ALL: ALL
-
-EOF
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_hardening_ultra.sh
+++ b/lib/lib_hardening_ultra.sh
@@ -1,221 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Wrapper for accompanying all CISS.debian.hardening features into the Live ISO image.
-# Globals:
-#   ARY_HANDLER_JUMPHOST
-#   ARY_HANDLER_JUMPHOST_UNIQUE
-#   VAR_ARCHITECTURE
-#   VAR_HANDLER_BUILD_DIR
-#   VAR_SSHPORT
-#   VAR_SSHPUBKEY
-#   VAR_WORKDIR
-# Arguments:
-#  None
-#######################################
-hardening_ultra() {
-  # shellcheck disable=SC2164
-  cd "${VAR_WORKDIR}"
-
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/bootloaders ... \e[0m\n"
-  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/bootloaders" ]]; then
-    mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/bootloaders"
-    cp -af ./config/bootloaders "${VAR_HANDLER_BUILD_DIR}/config"
-  else
-    cp -af ./config/bootloaders "${VAR_HANDLER_BUILD_DIR}/config"
-  fi
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/bootloaders done.\e[0m\n"
-
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/includes.binary ... \e[0m\n"
-  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.binary/boot/grub" ]]; then
-    mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.binary/boot/grub"
-    cp -af ./config/includes.binary "${VAR_HANDLER_BUILD_DIR}/config"
-  else
-    cp -af ./config/includes.binary "${VAR_HANDLER_BUILD_DIR}/config"
-  fi
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/includes.binary done.\e[0m\n"
-
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/hooks/live ... \e[0m\n"
-  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/hooks/live" ]]; then
-    mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/hooks/live"
-    cp -af ./config/hooks/live "${VAR_HANDLER_BUILD_DIR}/config/hooks"
-  else
-    cp -af ./config/hooks/live "${VAR_HANDLER_BUILD_DIR}/config/hooks"
-  fi
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/hooks/live done.\e[0m\n"
-
-  if [[ -d "${VAR_WORKDIR}/config/hooks/early" ]]; then
-    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/hooks/early ... \e[0m\n"
-    if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/hooks/early" ]]; then
-      mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/hooks/early"
-      cp -af ./config/hooks/early "${VAR_HANDLER_BUILD_DIR}/config/hooks"
-    else
-      cp -af ./config/hooks/early "${VAR_HANDLER_BUILD_DIR}/config/hooks"
-    fi
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/hooks/early done.\e[0m\n"
-  fi
-
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/includes.chroot ... \e[0m\n"
-  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" ]]; then
-    mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot"
-    cp -af ./config/includes.chroot "${VAR_HANDLER_BUILD_DIR}/config"
-  else
-    cp -af ./config/includes.chroot "${VAR_HANDLER_BUILD_DIR}/config"
-  fi
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/includes.chroot done.\e[0m\n"
-
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Copying ./config/package-lists ... \e[0m\n"
-  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/package-lists" ]]; then
-    mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/package-lists"
-  fi
-  cp -af ./config/package-lists/live.list.common.chroot "${VAR_HANDLER_BUILD_DIR}/config/package-lists/live.list.chroot"
-
-  case "${VAR_ARCHITECTURE}" in
-    amd64)
-      declare arch_list="./config/package-lists/live.list.amd64.chroot"
-      declare arch_comment="# amd64 specific packages"
-      ;;
-    arm64)
-      declare arch_list="./config/package-lists/live.list.arm64.chroot"
-      declare arch_comment="# arm64 specific packages"
-      ;;
-    *)
-      printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Unsupported architecture '%s'.\e[0m\n" "${VAR_ARCHITECTURE}"
-      exit 1
-      ;;
-  esac
-
-  declare pkgs
-    mapfile -t pkgs < <(
-    grep -v '^\s*#' "${arch_list}" | sed '/^\s*$/d'
-  )
-
-  awk -v comment="${arch_comment}" -v n_pkgs="${#pkgs[@]}" -v pkgs="$(printf '%s\n' "${pkgs[@]}")" '
-    BEGIN {
-      split(pkgs, pkg_arr, "\n")
-      inserted = 0
-    }
-    {
-    # Detect the vim-modeline (last line marker)
-    if ($0 ~ /^# vim:.*$/ && !inserted) {
-      print comment
-      for (i = 1; i <= length(pkg_arr); i++) {
-        print pkg_arr[i]
-      }
-      inserted = 1
-    }
-    print
-    }
-    ' "${VAR_HANDLER_BUILD_DIR}/config/package-lists/live.list.chroot" > temp && mv temp "${VAR_HANDLER_BUILD_DIR}/config/package-lists/live.list.chroot"
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Copying ./config/package-lists done.\e[0m\n"
-
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Updating SSH Keys, Ports ... \e[0m\n"
-  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh"  ]]; then
-
-    mkdir -p  "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh"
-    cp -af "${VAR_SSHPUBKEY}/authorized_keys" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh"
-    chmod 0600 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh/authorized_keys"
-    chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh/authorized_keys"
-
-    declare -r sshport="${VAR_SSHPORT:-22}"
-
-    sed -i "s|^port      = MUST_BE_SET|port      = ${sshport}|" "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9950_fail2ban_hardening.chroot"
-    sed -i "s|^declare -r SSHPORT=\"MUST_BE_SET\"|declare -r SSHPORT=\"${sshport}\"|" "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/0900_ufw_setup.chroot"
-    sed -i "s|^Port MUST_BE_CHANGED|Port ${sshport}|" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/ssh/sshd_config"
-
-    if [[ ${#ARY_HANDLER_JUMPHOST[@]} -gt 0 ]]; then
-
-      declare file="${VAR_HANDLER_BUILD_DIR}/config/hooks/live/0900_ufw_setup.chroot"
-      sed -i "/^ufw allow in \"\${SSHPORT}\"\/tcp comment 'Incoming SSH (Custom-Port)'$/d" "${file}"
-      declare line
-      line=$(grep -n '^ufw default deny forward$' "${file}" | cut -d: -f1)
-
-      if [[ -z "${line}" ]]; then
-        printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌'ufw default deny forward' not found in: '%s'\e[0m\n" "${file}" >&2
-        exit 1
-      fi
-
-      declare host
-      for host in "${ARY_HANDLER_JUMPHOST_UNIQUE[@]}"; do
-        ((line++))
-        sed -i "${line}a ufw allow from ${host} to any port ${sshport} proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file"
-      done
-    fi
-
-  else
-
-    cp -af "${VAR_SSHPUBKEY}/authorized_keys" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh"
-    chmod 0600 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh/authorized_keys"
-    chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh/authorized_keys"
-
-    declare -r sshport="${VAR_SSHPORT:-22}"
-
-    sed -i "s|^port      = MUST_BE_SET|port      = ${sshport}|" "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9950_fail2ban_hardening.chroot"
-    sed -i "s|^declare -r SSHPORT=\"MUST_BE_SET\"|declare -r SSHPORT=\"$sshport\"|" "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/0900_ufw_setup.chroot"
-    sed -i "s|^Port MUST_BE_CHANGED|Port ${sshport}|" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/ssh/sshd_config"
-
-    if [[ ${#ARY_HANDLER_JUMPHOST_UNIQUE[@]} -gt 0 ]]; then
-
-      declare file="${VAR_HANDLER_BUILD_DIR}/config/hooks/live/0900_ufw_setup.chroot"
-      sed -i "/^ufw allow in \"\${SSHPORT}\"\/tcp comment 'Incoming SSH (Custom-Port)'$/d" "${file}"
-      declare line
-      line=$(grep -n '^ufw default deny forward$' "${file}" | cut -d: -f1)
-
-      if [[ -z "${line}" ]]; then
-        printf "\e[91m❌ Error: 'ufw default deny forward' not found in: '%s'\e[0m\n" "${file}" >&2
-        exit 1
-      fi
-
-      declare host
-      for host in "${ARY_HANDLER_JUMPHOST_UNIQUE[@]}"; do
-        ((line++))
-        sed -i "${line}a ufw allow from ${host} to any port ${sshport} proto tcp comment \"Incoming SSH ([${host}]:${sshport})\"" "$file"
-      done
-    fi
-  fi
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Updating SSH Keys, Ports done. \e[0m\n"
-
-  if [[ -f "${VAR_WORKDIR}/hosts.allow" ]]; then
-    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 SSH Hardening Ultra ... \e[0m\n"
-    cp -af "${VAR_WORKDIR}/hosts.allow" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc"
-    cp -af "${VAR_WORKDIR}/hosts.deny" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc"
-    chmod 0644 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/hosts.allow"
-    chmod 0644 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/hosts.deny"
-    rm -f "${VAR_WORKDIR}/hosts.allow"
-    rm -f "${VAR_WORKDIR}/hosts.deny"
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ SSH Hardening Ultra done.\e[0m\n"
-  fi
-
-  if ((${#ARY_HANDLER_JUMPHOST[@]} > 0)); then
-    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Updating fail2ban Jumphosts IPs ... \e[0m\n"
-    # Join array entries with spaces, preserving any newlines
-    declare ips="${ARY_HANDLER_JUMPHOST[*]}"
-    # Flatten to a single line and strip literal brackets []
-    declare flat_ips
-    flat_ips=$(printf "%s" "${ips}" | tr '\n' ' ' | tr -d '[]')
-    # flat_ips now contains e.g., "123.128.111.42 2a03:ffff:0815:4711:... 2a03:.../64"
-
-    # Perform an in-place replacement of MUST_BE_SET with the cleaned list
-    sed -i -e "s|^\(ignoreip[[:space:]]*=[[:space:]]*127\.0\.0\.0/8 ::1[[:space:]]*\)MUST_BE_SET|\1${flat_ips}|" \
-        "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9950_fail2ban_hardening.chroot"
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Updating fail2ban Jumphosts IPs done. \e[0m\n"
-  else
-    printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 No jump hosts configured, removing placeholder ... \e[0m\n"
-    sed -i \
-        -e "s|^\(ignoreip[[:space:]]*=[[:space:]]*127\.0\.0\.0/8 ::1\)[[:space:]]*MUST_BE_SET|\1|" \
-        -e "s|\(ignoreip[[:space:]]*=[[:space:]]*127\.0\.0\.0/8 ::1\)[[:space:]]*$|\1|" \
-        "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9950_fail2ban_hardening.chroot"
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Placeholder removed. \e[0m\n"
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_helper_ip.sh
+++ b/lib/lib_helper_ip.sh
@@ -1,36 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# IP Notation cleaner for pure IP output only
-# Globals:
-#   ARY_HANDLER_JUMPHOST
-#   ARY_HANDLER_JUMPHOST_UNIQUE
-# Arguments:
-#  None
-#######################################
-clean_ip() {
-  declare host
-  declare stripped
-  for host in "${ARY_HANDLER_JUMPHOST[@]}"; do
-    # Remove leading '[' and trailing ']'
-    stripped="${host#\[}"
-    stripped="${stripped%\]}"
-    # Skip if it contains a slash (CIDR range)
-    if [[ ${stripped} == */*   ]]; then
-        continue
-    fi
-    # Directly append, no duplicate check
-    declare -ga ARY_HANDLER_JUMPHOST_UNIQUE+=("${stripped}")
-  done
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_lb_build_start.sh
+++ b/lib/lib_lb_build_start.sh
@@ -1,46 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Wrapper to write a new 'lb config' environment.
-# Globals:
-#   ERR_UNCRITICAL
-#   VAR_BUILD_LOG
-#   VAR_HANDLER_BUILD_DIR
-# Arguments:
-#  None
-#######################################
-lb_build_start() {
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🔨 Start Build... Log file: %s \e[0m\n" "${VAR_BUILD_LOG}"
-  # sleep 1
-
-  # shellcheck disable=SC2164
-  cd "${SCRIPT_BASEPATH}"
-  # shellcheck disable=SC2164
-  cd "${VAR_HANDLER_BUILD_DIR}"
-
-  if lb build --color 2>&1 | tee "${VAR_BUILD_LOG}"; then
-    printf "\e[92m✅ Build successfully completed.\e[0m\n"
-  else
-    printf "\e[91m❌ Build failed!\e[0m\n" >&2
-    exit "${ERR_UNCRITICAL}"
-  fi
-
-  # shellcheck disable=SC2155
-  declare iso_file=$(find . -maxdepth 1 -type f -name "*.iso" | sort | tail -n1)
-
-  if [[ -z ${iso_file} || ! -f ${iso_file}     ]]; then
-    printf "\e[91m❌ No ISO Image found.\e[0m\n" >&2
-    exit "${ERR_UNCRITICAL}"
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_lb_config_start.sh
+++ b/lib/lib_lb_config_start.sh
@@ -1,55 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Wrapper for 'lb config' - set up a build environment or deleting old build artifacts.
-# Globals:
-#   VAR_HANDLER_BUILD_DIR
-# Arguments:
-#   $0: Script-name
-#######################################
-lb_config_start() {
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
-
-  if [[ ! -d ${VAR_HANDLER_BUILD_DIR} ]]; then
-    mkdir -p "${VAR_HANDLER_BUILD_DIR}"
-    # shellcheck disable=SC2164
-    cd "${VAR_HANDLER_BUILD_DIR}"
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' created. \e[0m\n" "${VAR_HANDLER_BUILD_DIR}"
-  else
-    # shellcheck disable=SC2164
-    cd "${VAR_HANDLER_BUILD_DIR}"
-  fi
-
-  if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/.build" ]]; then
-    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Preparing environment ... \e[0m\n"
-    # Start lb config in a completely detached shell
-    bash -c "lb config" &
-    disown
-    sleep 1
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Preparing environment done.\e[0m\n"
-  else
-    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Deleting former config, binary and cache ... \e[0m\n"
-    rm -f ./config/binary
-    rm -f ./config/bootstrap
-    rm -f ./config/chroot
-    rm -f ./config/common
-    rm -f ./config/source
-    rm -f ./*.{contents,files,iso,bz2,packages}
-    # Start lb clean in a completely detached shell
-    bash -c "lb clean && lb clean --binary --cache" &
-    disown
-    sleep 1
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Deleting former config, binary and cache done.\e[0m\n"
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_lb_config_write.sh
+++ b/lib/lib_lb_config_write.sh
@@ -1,121 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Wrapper to write a new 'lb config' environment.
-# Globals:
-#   VAR_HANDLER_ISO_COUNTER
-#   VAR_ARCHITECTURE
-#   VAR_HANDLER_BUILD_DIR
-#   VAR_KERNEL
-#   VAR_WORKDIR
-#   VAR_VERSION
-# Arguments:
-#  None
-#######################################
-
-#######################################
-# description
-# Globals:
-
-# Arguments:
-#  None
-#######################################
-lb_config_write() {
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Writing new config ... \e[0m\n"
-
-  lb config \
-    --apt apt \
-    --apt-indices true \
-    --apt-recommends true \
-    --apt-secure true \
-    --apt-source-archives true \
-    --architecture "${VAR_ARCHITECTURE}" \
-    --archive-areas main contrib non-free non-free-firmware \
-    --backports true \
-    --binary-filesystem fat32 \
-    --binary-image iso-hybrid \
-    --bootappend-install "auto=true priority=critical clock-setup/utc=true console-setup/ask_detect=false debian-installer/country=US debian-installer/language=en debian-installer/locale=en_US.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/model=pc105 localechooser/supported-locales=en_US.UTF-8 time/zone=Europe/Lisbon splash audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \
-    --bootappend-live "boot=live verify-checksums components nocomponents=cdi-starter locales=en_US.UTF-8 keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Europe/Lisbon toram audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \
-    --bootloaders grub-efi \
-    --cache true \
-    --checksums sha512 sha256 md5 \
-    --chroot-filesystem squashfs \
-    --chroot-squashfs-compression-level 22 \
-    --chroot-squashfs-compression-type zstd \
-    --color \
-    --compression bzip2 \
-    --debconf-frontend noninteractive \
-    --debconf-priority critical \
-    --debian-installer cdrom \
-    --debian-installer-distribution bookworm \
-    --debian-installer-gui true \
-    --debian-installer-preseedfile "preseed.cfg" \
-    --debug \
-    --distribution bookworm \
-    --distribution-binary bookworm \
-    --distribution-chroot bookworm \
-    --firmware-binary true \
-    --firmware-chroot true \
-    --hdd-label "CENTURIONLIVE" \
-    --image-name "ciss-debian-live-${VAR_HANDLER_ISO_COUNTER}" \
-    --initramfs "live-boot" \
-    --initramfs-compression gzip \
-    --initsystem systemd \
-    --iso-application "CISS.debian.live.builder: ${VAR_VERSION} - Debian-Live-Build: 20230502 - Debian-Installer: bookworm" \
-    --iso-preparer '(C) 2018-2025, Centurion Intelligence Consulting Agency (TM), Lisboa, Portugal' \
-    --iso-publisher '(P) 2018-2025, Centurion Press (TM) - powered by https://coresecret.eu/ - contact@coresecret.eu' \
-    --iso-volume 'CISS.debian.live' \
-    --linux-flavours "${VAR_KERNEL}" \
-    --linux-packages linux-image \
-    --loadlin true \
-    --memtest memtest86+ \
-    --mirror-binary 'https://deb/debian.org/debian/' \
-    --mirror-binary-security 'https://security.debian.org/' \
-    --mirror-bootstrap 'https://deb.debian.org/debian/' \
-    --mirror-chroot 'https://deb.debian.org/debian/' \
-    --mirror-chroot-security 'https://security.debian.org/' \
-    --mirror-debian-installer 'https://deb.debian.org/debian/' \
-    --mode debian \
-    --parent-archive-areas main contrib non-free non-free-firmware \
-    --parent-debian-installer-distribution bookworm \
-    --parent-distribution bookworm \
-    --parent-distribution-binary bookworm \
-    --parent-distribution-chroot bookworm \
-    --parent-mirror-binary 'https://deb.debian.org/debian/' \
-    --parent-mirror-binary-security 'https://security.debian.org/' \
-    --parent-mirror-bootstrap 'https://deb.debian.org/debian/' \
-    --parent-mirror-chroot 'https://deb.debian.org/debian/' \
-    --parent-mirror-chroot-security 'https://security.debian.org/' \
-    --parent-mirror-debian-installer 'https://deb.debian.org/debian/' \
-    --security true \
-    --system live \
-    --source false \
-    --source-images tar \
-    --uefi-secure-boot auto \
-    --updates true \
-    --utc-time true \
-    --verbose
-
-  sleep 1
-
-  sed -i 's/LB_CHECKSUMS="sha512 md5"/LB_CHECKSUMS="sha512 sha384 sha256"/1' ./config/binary
-  sed -i 's/LB_DM_VERITY=""/LB_DM_VERITY="false"/1' ./config/binary
-
-  mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/usr/lib/live/boot
-  cp -a "${VAR_WORKDIR}/scripts/live-boot/0030-verify-checksums" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
-  chmod 0755 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
-  chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
-
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Writing new config done.\e[0m\n"
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_provider_netcup.sh
+++ b/lib/lib_provider_netcup.sh
@@ -1,45 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Notes Textbox
-# Arguments:
-#  None
-#######################################
-provider_netcup() {
-  if "${VAR_HANDLER_NETCUP_IPV6}"; then
-    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}"
-
-    declare handler_netcup_ipv6_string="${ARY_HANDLER_NETCUP_IPV6[*]}"
-
-    mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/network/interfaces.d
-
-    cat << EOF >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/network/interfaces.d/99-netcup-static
-### Static IPv6 Address for Netcup Root Server
-iface ens3 inet6 static
-    address ${handler_netcup_ipv6_string}/128
-    ### dns01.eddns.eu dns02.eddns.de
-    dns-nameservers 2a01:4f9:c012:a813:135:181:207:105 2a0a:4cc0:1:e6:89:58:62:53
-    gateway fe80::1
-
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
-EOF
-
-  sed -i "s|MUST_BE_REPLACED|${handler_netcup_ipv6_string}|g" "${VAR_WORKDIR}/scripts/etc/network/9999_interfaces_update_netcup.chroot"
-  rm -f "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9999_interfaces_update.chroot"
-  cp "${VAR_WORKDIR}/scripts/etc/network/9999_interfaces_update_netcup.chroot" "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9999_interfaces_update.chroot"
-  chmod 0755 "${VAR_HANDLER_BUILD_DIR}/config/hooks/live/9999_interfaces_update.chroot"
-
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successful applied. \e[0m\n" "${BASH_SOURCE[0]}"
-  fi
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_run_analysis.sh
+++ b/lib/lib_run_analysis.sh
@@ -1,96 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-07; WEIDNER, Marc S.; <msw@coresecret.dev>
-# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
-# SPDX-FileContributor: ZIMNOL, Andre H.; Private Contributor
-# SPDX-FileCopyrightText: 2025; ZIMNOL, Andre H.; <debian@zimnol.eu>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
-# SPDX-PackageName: CISS.debian.live.builder
-# SPDX-Security-Contact: security@coresecret.eu
-
-#######################################
-# Wrapper for statistic functions of the final build.
-# Globals:
-#   ERR_UNCRITICAL
-#   VAR_BUILD_LOG
-#   VAR_CHROOT_DIR
-#   VAR_HANDLER_BUILD_DIR
-#   VAR_PACKAGES_FILE
-# Arguments:
-#  None
-#######################################
-run_analysis() {
-  # shellcheck disable=SC2164
-  cd "${VAR_HANDLER_BUILD_DIR}"
-  # shellcheck disable=SC2155
-  declare iso_file=$(find . -maxdepth 1 -name "*.iso" -printf "%f\n" | sort | tail -n1)
-
-  if [[ -z ${iso_file} || ! -f ${iso_file}  ]]; then
-    printf "\e[91m❌ No ISO Image found.\e[0m\n" >&2
-    exit "${ERR_UNCRITICAL}"
-  fi
-
-  printf "\e[92m📊 Start analysis of : %s ... \e[0m\n" "${iso_file}"
-  # shellcheck disable=SC2155
-  declare iso_size_hr=$(du -h "${iso_file}" | awk '{print $1}')
-  # shellcheck disable=SC2155
-  declare iso_size_bytes=$(du -b "${iso_file}" | awk '{print $1}')
-  # shellcheck disable=SC2155
-  declare chroot_size_hr=$(du -sh "${VAR_CHROOT_DIR}" 2> /dev/null | awk '{print $1}')
-  # shellcheck disable=SC2155
-  declare chroot_size_bytes=$(du -sb "${VAR_CHROOT_DIR}" 2> /dev/null | awk '{print $1}')
-  # shellcheck disable=SC2155
-  declare compression=$(awk -v iso="${iso_size_bytes}" -v chroot="${chroot_size_bytes}" 'BEGIN { printf "%.2f%%", 100 * iso / chroot }')
-  # shellcheck disable=SC2155
-  declare package_count=$(wc -l < "${VAR_PACKAGES_FILE}" 2> /dev/null || echo "nicht gefunden")
-  # shellcheck disable=SC2155
-  declare squash_cpu_used="$(grep -m1 -oP 'Using \K[0-9]+' "${VAR_BUILD_LOG}")"
-
-  if [[ -f "${VAR_BUILD_LOG}" ]]; then
-    # shellcheck disable=SC2155
-    declare start_line=$(grep 'lb build' "${VAR_BUILD_LOG}" | head -n1 || true)
-    # shellcheck disable=SC2155
-    declare end_line=$(grep 'lb source' "${VAR_BUILD_LOG}" | tail -n1 || true)
-
-    if [[ -n "${start_line}" && -n "${end_line}" ]]; then
-      # shellcheck disable=SC2155
-      declare start_epoch=$(echo "${start_line}" | sed -E 's/^\[([0-9:-]+ [0-9:]+)\].*/\1/' | xargs -I{} date -d "{}" +%s)
-      # shellcheck disable=SC2155
-      declare end_epoch=$(echo "${end_line}" | sed -E 's/^\[([0-9:-]+ [0-9:]+)\].*/\1/' | xargs -I{} date -d "{}" +%s)
-      # shellcheck disable=SC2155
-      declare duration_sec=$((end_epoch - start_epoch))
-      # shellcheck disable=SC2155
-      declare duration_min=$((duration_sec / 60))
-      # shellcheck disable=SC2155
-      declare duration_rest=$((duration_sec % 60))
-      # shellcheck disable=SC2155
-      declare build_duration=$(printf "%02dm:%02ds" "${duration_min}" "${duration_rest}")
-    else
-      declare build_duration="(Timestamp not found)"
-    fi
-  else
-    declare build_duration="(No log file found)"
-  fi
-
-  # shellcheck disable=SC2155
-  declare sha_sum=$(sha256sum "$iso_file" | tee "$iso_file.sha256" | awk '{print $1}')
-  # shellcheck disable=SC2155
-  declare time=$(date '+%Y-%m-%d %H:%M:%S')
-
-  printf "\e[92m🧾 === Build summary === \e[0m\n"
-  printf "\e[92m----------------------------------------------------------------------------------------\e[0m\n"
-  printf "\e[97m📦 ISO-File          : %s \e[0m\n" "${iso_file}"
-  printf "\e[97m📀 ISO-Size          : %s \e[0m\n" "${iso_size_hr}"
-  printf "\e[97m📂 Chroot-Size       : %s \e[0m\n" "${chroot_size_hr}"
-  printf "\e[97m📉 Compression-level : %s \e[0m\n" "${compression}"
-  printf "\e[97m📦 Packages          : %s \e[0m\n" "${package_count}"
-  printf "\e[97m🕐 Build Time        : %s \e[0m\n" "${build_duration}"
-  printf "\e[97m🧠 CPUs for SquashFS : %s \e[0m\n" "${squash_cpu_used}"
-  printf "\e[97m🔐 SHA256SUM         : %s \e[0m\n" "${sha_sum}"
-  printf "\e[92m----------------------------------------------------------------------------------------\e[0m\n"
-  printf "\e[97m📅 Analysis Time     : %s \e[0m\n" "${time}"
-  printf "\e[92m✅ Analysis completed.\e[0m\n"
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh