V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-24 20:58:50 +01:00
parent ffb20a7342
commit 17bf5ca5fc
88 changed files with 104 additions and 99 deletions
--- a/func/cdi_1000_helper/1030_check_nic.sh
+++ b/func/cdi_1000_helper/1030_check_nic.sh
@@ -39,7 +39,7 @@ check_nic() {
  clear

  do_log "info" "file_only" "1030() You have selected: '${var_nic}' - proceeding with setup."
-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_1250_yaml/1250_yaml_parser.sh
+++ b/func/cdi_1250_yaml/1250_yaml_parser.sh
@@ -92,7 +92,7 @@ yaml_parser() {
  # shellcheck disable=SC1090
  . "${VAR_PRESEED}"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_1250_yaml/1251_yaml_reader.sh
+++ b/func/cdi_1250_yaml/1251_yaml_reader.sh
@@ -258,7 +258,7 @@ END { print max }
  # shellcheck disable=SC2034
  VAR_USER_ROOT_SPECIFIC="${user_root_specific,,}"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_1250_yaml/1252_yaml_validator.sh
+++ b/func/cdi_1250_yaml/1252_yaml_validator.sh
@@ -219,7 +219,7 @@ yaml_validator() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_1250_yaml/1256_secret_parser.sh
+++ b/func/cdi_1250_yaml/1256_secret_parser.sh
@@ -87,10 +87,7 @@ ciss_secret_varname_from_path() {
  ### Declare Arrays, HashMaps, and Variables.
  declare     var_path="${1:-}"

-  var_path="${var_path//./_}"
-  var_path="${var_path//-/_}"
-  var_path="${var_path//\//_}"
-  var_path="${var_path// /_}"
+  var_path="${var_path//[^A-Za-z0-9_]/_}"
  var_path="${var_path^^}"

  printf 'CISS_SECRET_%s' "${var_path}"
@@ -180,13 +177,18 @@ yaml_secret() {

    ### Read path (up to NUL); break on EOF.
    IFS= read -r -d '' __path <&"${__pipe_fd}" || break
+    echo "${__path}"

    ### Read value (up to NUL); if missing (odd count), treat as empty
    IFS= read -r -d '' __value <&"${__pipe_fd}" || __value=""
+    echo "${__value}"

    ### Drop the leading 'secrets.' prefix for naming.
    __path_wo_prefix="${__path#secrets.}"
+    echo "${__path_wo_prefix}"
+
    __varname="$(ciss_secret_varname_from_path "${__path_wo_prefix}")"
+    echo "${__varname}"

    ### Assign to a global variable, preserving content verbatim (including newlines).
    unset -v "${__varname}"
@@ -199,11 +201,14 @@ yaml_secret() {
  done

  ### Close the producer FD
-  exec {__pipe_fd}>&-
+  exec {__pipe_fd}<&-

  umask "${__umask}"

-  guard_dir && return 0
+  echo "Inside 1256()"
+  sleep 60
+
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_3200_partitioning/3200_partitioning.sh
+++ b/func/cdi_3200_partitioning/3200_partitioning.sh
@@ -402,7 +402,7 @@ partitioning() {
  printf "%s\n" "${ary_paths_unsorted[@]}" >| "${DIR_LOG}/3200_mount_paths_unsorted.log"
  printf "%s\n" "${ARY_PATHS_SORTED[@]}" >| "${DIR_LOG}/3200_mount_paths_sorted.log"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_3200_partitioning/3210_benchmarking_encryption.sh
+++ b/func/cdi_3200_partitioning/3210_benchmarking_encryption.sh
@@ -53,7 +53,7 @@ benchmarking_encryption() {
  # shellcheck disable=SC2155
  declare -girx VAR_KDF_MEMORY=$(awk -F'[ ,]+' '{print $4}' <<<"${var_result}")

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_3200_partitioning/3220_partition_encryption.sh
+++ b/func/cdi_3200_partitioning/3220_partition_encryption.sh
@@ -279,7 +279,7 @@ partition_encryption() {

  [[ -n "${VAR_LUKS_URL}" ]] && unset VAR_TEMP_PLAIN_NC_AUTH

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_3200_partitioning/3240_partition_formatting.sh
+++ b/func/cdi_3200_partitioning/3240_partition_formatting.sh
@@ -138,7 +138,7 @@ partition_formatting() {

  done

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_3200_partitioning/3280_mount_partition.sh
+++ b/func/cdi_3200_partitioning/3280_mount_partition.sh
@@ -384,7 +384,7 @@ mount_partition() {

  done

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_3200_partitioning/3290_uuid_logger.sh
+++ b/func/cdi_3200_partitioning/3290_uuid_logger.sh
@@ -61,7 +61,7 @@ uuid_logger() {

  done

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4000_debootstrap.sh
+++ b/func/cdi_4000_debootstrap/4000_debootstrap.sh
@@ -71,7 +71,7 @@ func_debootstrap() {
    chmod 0700 "${var_target}/root/.ciss/cdi"
    chmod 0700 "${var_target}/root/.ciss/cdi/debootstrap"

-    guard_dir && return 0
+    guard_dir; return 0

  else

--- a/func/cdi_4000_debootstrap/4005_debootstrap_checks.sh
+++ b/func/cdi_4000_debootstrap/4005_debootstrap_checks.sh
@@ -84,7 +84,7 @@ check_debootstrap() {
    } >> ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4010_prepare_mounts.sh
+++ b/func/cdi_4000_debootstrap/4010_prepare_mounts.sh
@@ -124,7 +124,7 @@ prepare_mounts() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4011_prepare_xdg_root.sh
+++ b/func/cdi_4000_debootstrap/4011_prepare_xdg_root.sh
@@ -54,7 +54,7 @@ prepare_xdg_root() {
    unset _xdg_umask
    '

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4015_check_usr_merge.sh
+++ b/func/cdi_4000_debootstrap/4015_check_usr_merge.sh
@@ -48,7 +48,7 @@ check_usr_merge() {
    "
  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4020_remove_x509.sh
+++ b/func/cdi_4000_debootstrap/4020_remove_x509.sh
@@ -44,7 +44,7 @@ remove_x509() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4030_setup_hostname.sh
+++ b/func/cdi_4000_debootstrap/4030_setup_hostname.sh
@@ -80,7 +80,7 @@ EOF

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4035_setup_resolv.sh
+++ b/func/cdi_4000_debootstrap/4035_setup_resolv.sh
@@ -87,7 +87,7 @@ EOF
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4040_setup_timezone.sh
+++ b/func/cdi_4000_debootstrap/4040_setup_timezone.sh
@@ -42,7 +42,7 @@ EOF

  chroot_exec "${var_target}" dpkg-reconfigure -f noninteractive tzdata

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4000_debootstrap/4050_setup_locales.sh
+++ b/func/cdi_4000_debootstrap/4050_setup_locales.sh
@@ -140,7 +140,7 @@ EOF
  chmod 0644 "${var_target}/etc/default/keyboard"
  do_log "info" "file_only" "4050() Keyboard layout updated: 'XKBLAYOUT=${locale_keyboard_xkb_keymap}' -> '${var_target}/etc/default/keyboard'."

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4100_generate_sources.sh
+++ b/func/cdi_4100_base/4100_generate_sources.sh
@@ -187,7 +187,7 @@ Acquire::Retries "3";
 EOF
  sed -i -E 's|^([[:space:]]*)#+|\1//|' "${var_target}/etc/apt/apt.conf.d/91-acquire"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4105_generate_sources_822.sh
+++ b/func/cdi_4100_base/4105_generate_sources_822.sh
@@ -184,7 +184,7 @@ Acquire::Retries "3";
 EOF
  sed -i -E 's|^([[:space:]]*)#+|\1//|' "${var_target}/etc/apt/apt.conf.d/91-acquire"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4110_update_sources.sh
+++ b/func/cdi_4100_base/4110_update_sources.sh
@@ -78,7 +78,7 @@ update_sources() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4120_installation_kernel.sh
+++ b/func/cdi_4100_base/4120_installation_kernel.sh
@@ -42,7 +42,7 @@ installation_kernel() {

    do_log "info" "file_only" "4120() Kernel image: '${VAR_KERNEL}' installed successfully."

-    guard_dir && return 0
+    guard_dir; return 0

  else

@@ -54,7 +54,7 @@ installation_kernel() {

    do_log "info" "file_only" "4120() Kernel image: '${image}' installed successfully."

-    guard_dir && return 0
+    guard_dir; return 0

  fi
 }
--- a/func/cdi_4100_base/4121_installation_initramfs.sh
+++ b/func/cdi_4100_base/4121_installation_initramfs.sh
@@ -98,7 +98,7 @@ EOF
 RESUME=none
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4130_installation_toolset.sh
+++ b/func/cdi_4100_base/4130_installation_toolset.sh
@@ -103,7 +103,7 @@ installation_toolset() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4131_installation_systemd.sh
+++ b/func/cdi_4100_base/4131_installation_systemd.sh
@@ -49,7 +49,7 @@ installation_systemd() {
    systemctl --version 2>&1 | tee -a ${var_logfile} | grep -qi 'systemd' || echo '[WARN]: systemd not verifiable' >> ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4132_installation_machineid.sh
+++ b/func/cdi_4100_base/4132_installation_machineid.sh
@@ -33,7 +33,7 @@ installation_machineid() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4133_installation_masking.sh
+++ b/func/cdi_4100_base/4133_installation_masking.sh
@@ -32,7 +32,7 @@ installation_masking() {
  "
  do_log "info" "file_only" "4133() Masked: [plymouth-start.service plymouth-quit.service plymouth-quit-wait.service plymouth-read-write.service]"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4140_installation_microcode.sh
+++ b/func/cdi_4100_base/4140_installation_microcode.sh
@@ -76,7 +76,7 @@ installation_microcode() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4145_installation_firmware.sh
+++ b/func/cdi_4100_base/4145_installation_firmware.sh
@@ -298,7 +298,7 @@ installation_firmware() {
    apt-get install -y --no-install-recommends --no-install-suggests ${ary_pkgs_resolved[*]} 2>&1 | tee -a ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4150_installation_chrony.sh
+++ b/func/cdi_4100_base/4150_installation_chrony.sh
@@ -77,7 +77,7 @@ installation_chrony() {

  rm -f "${var_of}"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4160_installation_eza.sh
+++ b/func/cdi_4100_base/4160_installation_eza.sh
@@ -54,7 +54,7 @@ EOF
    apt-get install -y --no-install-recommends --no-install-suggests eza 2>&1 | tee -a ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4100_base/4170_installation_lynis.sh
+++ b/func/cdi_4100_base/4170_installation_lynis.sh
@@ -54,7 +54,7 @@ EOF
    apt-get install -y --no-install-recommends --no-install-suggests lynis 2>&1 | tee -a ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4200_boot/4200_generate_fstab.sh
+++ b/func/cdi_4200_boot/4200_generate_fstab.sh
@@ -190,7 +190,7 @@ tmpfs                                      /run                        tmpfs
 # vim: number et ts=2 sw=2 sts=2 ai tw=200 ft=sh
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4200_boot/4205_check_fstab.sh
+++ b/func/cdi_4200_boot/4205_check_fstab.sh
@@ -48,7 +48,7 @@ check_fstab() {
    } 2>&1 | tee -a '"${var_logfile}"'
  '

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4200_boot/4210_generate_crypttab.sh
+++ b/func/cdi_4200_boot/4210_generate_crypttab.sh
@@ -152,7 +152,7 @@ EOF
 # vim: number et ts=2 sw=2 sts=2 ai tw=200 ft=sh
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4200_boot/4220_installation_cryptsetup.sh
+++ b/func/cdi_4200_boot/4220_installation_cryptsetup.sh
@@ -36,7 +36,7 @@ installation_cryptsetup() {
    apt-get install -y --no-install-recommends --no-install-suggests cryptsetup cryptsetup-initramfs 2>&1 | tee -a ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4200_boot/4230_installation_grub.sh
+++ b/func/cdi_4200_boot/4230_installation_grub.sh
@@ -209,7 +209,7 @@ EOF
  fi
  chmod -R 0700 "${TARGET}/etc/grub.d"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4200_boot/4240_update_grub_password.sh
+++ b/func/cdi_4200_boot/4240_update_grub_password.sh
@@ -48,7 +48,7 @@ update_grub_password() {

  chroot_exec "${TARGET}" update-grub

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
+++ b/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
@@ -83,7 +83,7 @@ update_grub_bootparameter() {

  chroot_exec "${TARGET}" update-grub

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4300_network/4300_installation_network.sh
+++ b/func/cdi_4300_network/4300_installation_network.sh
@@ -235,7 +235,7 @@ EOF
    dhcpcd -T ${VAR_FINAL_NIC} | tee -a ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4300_network/4305_installation_netsec.sh
+++ b/func/cdi_4300_network/4305_installation_netsec.sh
@@ -33,7 +33,7 @@ installation_netsec() {
    apt-get install -y --no-install-suggests fail2ban ufw 2>&1 | tee -a ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4300_network/4310_dropbear_build.sh
+++ b/func/cdi_4300_network/4310_dropbear_build.sh
@@ -71,7 +71,7 @@ dropbear_build() {

  guard_trace off

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4300_network/4311_dropbear_initramfs.sh
+++ b/func/cdi_4300_network/4311_dropbear_initramfs.sh
@@ -127,7 +127,7 @@ EOF
  chroot_script "${var_target}" "systemctl mask dropbear.service dropbear.socket"
  do_log "info" "file_only" "4311() Masked: [dropbear.service dropbear.socket]"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4300_network/4312_dropbear_setup.sh
+++ b/func/cdi_4300_network/4312_dropbear_setup.sh
@@ -140,7 +140,7 @@ EOF

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4300_network/4320_update_initramfs.sh
+++ b/func/cdi_4300_network/4320_update_initramfs.sh
@@ -45,7 +45,7 @@ update_initramfs() {

  chmod 0400 "${TARGET}/boot/grub/grub.cfg"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4300_network/4330_installation_ssh.sh
+++ b/func/cdi_4300_network/4330_installation_ssh.sh
@@ -207,7 +207,7 @@ esac
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4400_kernel_modules.sh
+++ b/func/cdi_4400_hardening/4400_kernel_modules.sh
@@ -47,7 +47,7 @@ EOF

  do_log "info" "file_only" "4400() Installed: '/usr/lib/modules-load.d/30_security-misc.conf'."

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
@@ -71,7 +71,7 @@ kernel_modprobe() {

  do_log "info" "file_only" "4400() Installed: '/etc/modprobe.d/0000_ciss_debian_installer.conf'."

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4410_kernel_sysctl.sh
+++ b/func/cdi_4400_hardening/4410_kernel_sysctl.sh
@@ -30,7 +30,7 @@ kernel_sysctl() {

  do_log "info" "file_only" "4410() Installed: '/etc/sysctl.d/9999_ciss_debian_installer.hardened'."

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4420_hardening_fail2ban.sh
+++ b/func/cdi_4400_hardening/4420_hardening_fail2ban.sh
@@ -337,7 +337,7 @@ EOF
    fail2ban-client -d >> ${var_logfile} && echo "OK: config parsed" >> ${var_logfile} || echo "ERROR: config invalid" >> ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4430_hardening_files.sh
+++ b/func/cdi_4400_hardening/4430_hardening_files.sh
@@ -67,7 +67,7 @@ uname -snrm
 EOF
  chmod 0755 /etc/update-motd.d/10-uname

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4440_hardening_haveged.sh
+++ b/func/cdi_4400_hardening/4440_hardening_haveged.sh
@@ -44,7 +44,7 @@ DAEMON_ARGS="-w 2048 -v 1"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4442_hardening_jitterentropy.sh
+++ b/func/cdi_4400_hardening/4442_hardening_jitterentropy.sh
@@ -37,7 +37,7 @@ ExecStart=
 ExecStart=/usr/sbin/jitterentropy-rngd --osr=2
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4445_hardening_logrotate.sh
+++ b/func/cdi_4400_hardening/4445_hardening_logrotate.sh
@@ -87,7 +87,7 @@ include /etc/logrotate.d
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4450_hardening_memory.sh
+++ b/func/cdi_4400_hardening/4450_hardening_memory.sh
@@ -111,7 +111,7 @@ EOF
  #   - write_pam_sudo-i()
  # guard_pam_limits

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
@@ -177,7 +177,7 @@ guard_pam_limits() {

  (( var_changed )) && do_log "info" "file_only" "4460() Activated pam_limits.so: (common-session[*])"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4460_hardening_openssl.sh
+++ b/func/cdi_4400_hardening/4460_hardening_openssl.sh
@@ -30,7 +30,7 @@ hardening_openssl() {
  insert_comments "${TARGET}/etc/ssl/openssl.cnf"
  cat "${VAR_SETUP_PATH}/includes/target/etc/ssl/openssl.cnf" >> "${TARGET}/etc/ssl/openssl.cnf"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4470_hardening_ufw.sh
+++ b/func/cdi_4400_hardening/4470_hardening_ufw.sh
@@ -102,7 +102,7 @@ hardening_ufw() {

  chroot_script "${var_target}" "ufw status verbose >> ${var_logfile}"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4480_hardening_usb.sh
+++ b/func/cdi_4400_hardening/4480_hardening_usb.sh
@@ -55,7 +55,7 @@ hardening_usb() {
    #sed -i 's/PresentDevicePolicy=apply-policy/PresentDevicePolicy=allow/' /etc/usbguard/usbguard-daemon.conf
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4400_hardening/4490_hardening_virus.sh
+++ b/func/cdi_4400_hardening/4490_hardening_virus.sh
@@ -33,7 +33,7 @@ hardening_virus() {
    apt-get install -y --no-install-recommends --no-install-suggests rkhunter 2>&1 | tee -a ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4500_user/4500_accounts_preparation.sh
+++ b/func/cdi_4500_user/4500_accounts_preparation.sh
@@ -54,7 +54,7 @@ accounts_preparation() {

  esac

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4500_user/4501_accounts_preparation_ciss.sh
+++ b/func/cdi_4500_user/4501_accounts_preparation_ciss.sh
@@ -58,7 +58,7 @@ accounts_preparation_ciss() {
  insert_comments "${var_target}/etc/skel/.ciss/scan_libwrap"
  insert_comments "${var_target}/etc/skel/.ciss/shortcuts"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4500_user/4502_accounts_preparation_physnet.sh
+++ b/func/cdi_4500_user/4502_accounts_preparation_physnet.sh
@@ -57,7 +57,7 @@ accounts_preparation_physnet() {
  insert_comments "${var_target}/etc/skel/.ciss/scan_libwrap"
  insert_comments "${var_target}/etc/skel/.ciss/shortcuts"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4500_user/4510_accounts_hardening.sh
+++ b/func/cdi_4500_user/4510_accounts_hardening.sh
@@ -109,7 +109,7 @@ accounts_hardening() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4500_user/4520_accounts_setup.sh
+++ b/func/cdi_4500_user/4520_accounts_setup.sh
@@ -471,7 +471,7 @@ EOF
  printf "# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf \n" >> "${var_target}/etc/security/access.conf"
  printf "# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf \n" >> "${var_target}/etc/ssh/sshd_config"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4500_user/4521_accounts_setup_ciss.sh
+++ b/func/cdi_4500_user/4521_accounts_setup_ciss.sh
@@ -78,7 +78,7 @@ accounts_setup_ciss_root() {

  do_log "info" "file_only" "4520() Skeleton: 'root' successfully generated."

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
@@ -136,7 +136,7 @@ accounts_setup_ciss_user() {

  do_log "info" "file_only" "4520() Skeleton: '${var_username}' successfully generated."

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4500_user/4522_accounts_setup_physnet.sh
+++ b/func/cdi_4500_user/4522_accounts_setup_physnet.sh
@@ -76,7 +76,7 @@ accounts_setup_physnet_root() {

  do_log "info" "file_only" "4520() Skeleton: 'root' successfully generated."

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
@@ -131,7 +131,7 @@ accounts_setup_physnet_user() {

  do_log "info" "file_only" "4520() Skeleton: '${var_username}' successfully generated."

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4500_user/4530_accounts_timings.sh
+++ b/func/cdi_4500_user/4530_accounts_timings.sh
@@ -91,7 +91,7 @@ update_shadow() {
  ### Atomic replace.
  mv -f "${var_temp}" "${var_shadow}"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4600_packages/4600_installation_packages.sh
+++ b/func/cdi_4600_packages/4600_installation_packages.sh
@@ -50,7 +50,7 @@ installation_packages() {
    apt-get clean               -y 2>&1 | tee -a ${var_logfile}  # Stronger than autoclean: removes the entire '.deb'-cache.
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4600_packages/4610_installation_security.sh
+++ b/func/cdi_4600_packages/4610_installation_security.sh
@@ -98,7 +98,7 @@ EOF

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4600_packages/4620_installation_verification.sh
+++ b/func/cdi_4600_packages/4620_installation_verification.sh
@@ -379,7 +379,7 @@ EOF

  chroot_exec "${TARGET}" sed -i 's#^\(ENABLED=\).*#\1"true"#' /etc/default/sysstat

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4600_packages/4630_auditing_packages.sh
+++ b/func/cdi_4600_packages/4630_auditing_packages.sh
@@ -97,7 +97,7 @@ auditing_packages() {
    echo +++ >> ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4900_xtended/4900_final_command.sh
+++ b/func/cdi_4900_xtended/4900_final_command.sh
@@ -41,7 +41,7 @@ final_commands() {

  rm -f "${var_target}/root/ciss_xdg_tmp.sh"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4900_xtended/4950_final_logrotate.sh
+++ b/func/cdi_4900_xtended/4950_final_logrotate.sh
@@ -58,7 +58,7 @@ final_logrotate() {
      "${var_file}"
  done

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_4900_xtended/4999_exiting_chroot_system.sh
+++ b/func/cdi_4900_xtended/4999_exiting_chroot_system.sh
@@ -51,7 +51,7 @@ exiting_chroot_system() {

  declare -gx VAR_CHROOT_ACTIVATED="false"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
--- a/func/cdi_5000_recovery/5120_installation_kernel.sh
+++ b/func/cdi_5000_recovery/5120_installation_kernel.sh
@@ -41,7 +41,7 @@ installation_kernel_reco() {

    do_log "info" "file_only" "5120() Kernel image: '${VAR_KERNEL}' installed successfully."

-    guard_dir && return 0
+    guard_dir; return 0

  else

@@ -52,7 +52,7 @@ installation_kernel_reco() {

    do_log "info" "file_only" "5120() Kernel image: '${image}' installed successfully."

-    guard_dir && return 0
+    guard_dir; return 0

  fi

--- a/func/cdi_5000_recovery/5121_installation_initramfs.sh
+++ b/func/cdi_5000_recovery/5121_installation_initramfs.sh
@@ -94,6 +94,6 @@ FSTYPE=${VAR_ROOT_FS}
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF

-  guard_dir && return 0
+  guard_dir; return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_5000_recovery/5130_installation_toolset.sh
+++ b/func/cdi_5000_recovery/5130_installation_toolset.sh
@@ -100,6 +100,6 @@ installation_toolset_reco() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_5000_recovery/5131_installation_systemd.sh
+++ b/func/cdi_5000_recovery/5131_installation_systemd.sh
@@ -48,6 +48,6 @@ installation_systemd_reco() {
    systemctl --version 2>&1 | tee -a ${var_logfile} | grep -qi 'systemd' || echo '[WARN]: systemd not verifiable' >> ${var_logfile}
  "

-  guard_dir && return 0
+  guard_dir; return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_5000_recovery/5132_installation_machineid.sh
+++ b/func/cdi_5000_recovery/5132_installation_machineid.sh
@@ -33,6 +33,6 @@ installation_machineid_reco() {

  fi

-  guard_dir && return 0
+  guard_dir; return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_5000_recovery/5133_installation_masking.sh
+++ b/func/cdi_5000_recovery/5133_installation_masking.sh
@@ -34,6 +34,6 @@ installation_masking_reco() {

  do_log "info" "file_only" "5133() Masked: [plymouth-start.service plymouth-quit.service plymouth-quit-wait.service plymouth-read-write.service]"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_5000_recovery/5999_exiting_chroot_recovery.sh
+++ b/func/cdi_5000_recovery/5999_exiting_chroot_recovery.sh
@@ -43,6 +43,6 @@ exiting_chroot_recovery() {

  declare -gx VAR_CHROOT_ACTIVATED="false"

-  guard_dir && return 0
+  guard_dir; return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh