V9.14.004.2026.06.09

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2026-06-09 18:34:48 +01:00
parent a1a45a282a
commit 27635c84ae
34 changed files with 96 additions and 59 deletions
@@ -25,7 +25,7 @@ body:
    attributes:
      label: "Version"
      description: "Which version are you running? Use `./setup.sh -v`."
-      placeholder: "e.g., Master V9.14.002.2026.06.08"
+      placeholder: "e.g., Master V9.14.004.2026.06.09"
    validations:
      required: true

@@ -11,5 +11,5 @@

 build:
  counter: 1023
-  version: V9.14.002.2026.06.08
+  version: V9.14.004.2026.06.09
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V9.14.002.2026.06.08
+### Version Master V9.14.004.2026.06.09

 # Gitea Workflow: Shell-Script Linting
 #
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V9.14.002.2026.06.08
+### Version Master V9.14.004.2026.06.09

 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V9.14.002.2026.06.08
+### Version Master V9.14.004.2026.06.09

 name: 🔁 Render Graphviz Diagrams.

@@ -11,7 +11,7 @@
 #
 #
 # This file contains all required Secrets, Tokens and Public and Private Keys for the CISS.debian.installer
-# Master V9.14.002.2026.06.08
+# Master V9.14.004.2026.06.09
 # YAML specification: 1.2
 #
 secrets:
@@ -19,7 +19,7 @@ secrets:
  created_at: "2025-10-23"
  created_for: "host_domain_tld"
  name: "CISS.debian.installer"
-  version: "V9.14.002.2026.06.08"
+  version: "V9.14.004.2026.06.09"
  x_files: "false"
  ################################################################################################################################
  # Grub bootloader passphrase
@@ -11,7 +11,7 @@
 %YAML 1.2
 ---
 # This file contains configurations for the CISS.debian.installer
-# Master V9.14.002.2026.06.08
+# Master V9.14.004.2026.06.09
 # YAML specification: 1.2
 #
 preseed:
@@ -19,7 +19,7 @@ preseed:
  created_at: "2025-10-23"
  created_for: "host_domain_tld"
  name: "CISS.debian.installer"
-  version: "V9.14.002.2026.06.08"
+  version: "V9.14.004.2026.06.09"
 #
 ################################################################################################################################
 # APT settings
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.installer"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V9.14.002.2026.06.08"
+properties_version="V9.14.004.2026.06.09"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-06-17T12:00:00Z
 Package: CISS.debian.installer
 PackageName: CISS.debian.installer
-PackageVersion: Master V9.14.002.2026.06.08
+PackageVersion: Master V9.14.004.2026.06.09
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.installer
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.installer
@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V9.14.002.2026.06.08-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.installer)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V9.14.004.2026.06.09-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.installer)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -26,8 +26,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 This is a digitally signed, self-verifying shell script for installing a hardened Debian Bookworm server environment, based on 
 the latest server and service hardening best practices. Compared to the original Debian installer, this installer offers much 
@@ -0,0 +1,33 @@
+                                          .-=+*###%%###*+=-:.
+                                      :=*%%@@@@@@@@@@@@@@@@@%#*-.
+                                   :+%@@@@%%%%@@@@@@@@%%%%%%@@@@@%*:
+                                 -#@@@%%%%@@@@%#****#%%@@@%%@@%#+=-:.
+                               .#@@%%%%%@@#+:..:::-::::-=#@@%=.
+                              -%@%%%%%%@#: .=*%@@@@@@%#+-.:=
+                             =@%%%%%%%@= .*@@@@%%%%%%%@@@%=
+                            :@%%%%%%%@+ :%@%%%%%%%%%%%%%%@@#%+
+                            #%%%%%%%%%  #@%%%%%%%%%%%%%%%%%@@%.
+                           -@%%%%%%%@#  %%%%%%%%%%%%%%%%%@@@%@*
+                           *%%%%%%%%@%  *@%%%%%%%%%%%%%%%#*#%%@:
+                           *@%%%%%%%%@- :@%%%%%%%%%%%%%%%%-   ..
+                           *%%%%%%%%%%#. +@%%%%%%%%%%%%%%@@*.
+                           -@%%%%%%%%%@-  #%%%%%%%%@@@@@%%%@@%%%+
+                            %%%%%%%%%%:   -@%%%%%@@%**#%@%%%%@%@%
+                            -@%%%%%%@+    :@%%%@@*:     =@%%%%%%:
+                             +@%%%%%@.    +@%%@#:        #@%%%@-
+                              *@%%@@=    :%%@@+          *%%%@#
+                               =@%#-    :%@@#-          :@@%%%-
+                                ..     =@%*-            .+#%@%.
+                                      :+-.                 .=*
+
+  ____ ___ ____ ____      _      _     _               _           _        _ _
+ / ___|_ _/ ___/ ___|  __| | ___| |__ (_) __ _ _ __   (_)_ __  ___| |_ __ _| | | ___ _ __
+| |    | |\___ \___ \ / _` |/ _ \ '_ \| |/ _` | '_ \  | | '_ \/ __| __/ _` | | |/ _ \ '__|
+| |___ | | ___) |__) | (_| |  __/ |_) | | (_| | | | |_| | | | \__ \ || (_| | | |  __/ |
+ \____|___|____/____(_)__,_|\___|_.__/|_|\__,_|_| |_(_)_|_| |_|___/\__\__,_|_|_|\___|_|
+
+Debian Trixie | Hardened Debian Installer | Headless | CISS Primordial Workflow
+
+Preparing Installer...
+
+Please wait...
@@ -121,6 +121,10 @@ source_guard "./lib/cdi_0010_basic/0010_color_echo.sh"
 clear

 ### ALL CHECKS DONE. READY TO START THE SCRIPT.
+printf '\033[95m'
+cat bootscreen.txt
+printf '\033[0m\n'
+sleep 4
 # shellcheck disable=SC2155
 declare -grx VAR_DIALOG=$(mktemp var_dialog.XXXXXXXX)
 color_echo "${GRE}" "CISS.DEBIAN.INSTALLER PREPARATION: ALL CHECKS DONE. READY TO START THE SCRIPT"
@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. DNSSEC Status

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. TLS Audit:

@@ -7,12 +7,12 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Changelog

-## V9.14.002.2026.06.08
+## V9.14.004.2026.06.09

 * Initial Release

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Centurion Net - Developer Branch Overview

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Purpose

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Contributing / participating

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Credits

@@ -7,13 +7,13 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Usage
 ````text
 CISS.debian.installer
-Master V9.14.002.2026.06.08
+Master V9.14.004.2026.06.09

 (c) Marc S. Weidner, 2018 - 2026
 (p) Centurion Press, 2024 - 2026
@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. ToC

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Resources

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Hardened Kernel Boot Parameters

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>


 # 2. Debugging and Tracing Infrastructure
@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Global Environment and Error Handling in CISS.debian.installer

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Git Workflow Linter — Character Set Policy Enforcement

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Interplay Between Global Hardening Settings and TRAP Mechanisms

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. [1080_helper_chroot.sh](../1080_helper_chroot.sh)
 **Scope:** This note explains *what to use when* among
@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. [4000_debootstrap.sh](../4000_debootstrap.sh)
 This module provisions a minimal Debian userspace into the installers target root (`$TARGET`) using `debootstrap`.
@@ -37,9 +37,9 @@ usage() {
  declare var_cols=$(tput cols 2> /dev/null || echo 80)

  # shellcheck disable=SC2155
-  declare var_header=$(center "V9.14.002.2026.06.08                                          CISS.debian.installer" "${var_cols}")
+  declare var_header=$(center "V9.14.004.2026.06.09                                          CISS.debian.installer" "${var_cols}")
  # shellcheck disable=SC2155
-  declare var_footer=$(center "V9.14.002.2026.06.08                                          CISS.debian.installer" "${var_cols}")
+  declare var_footer=$(center "V9.14.004.2026.06.09                                          CISS.debian.installer" "${var_cols}")

  {
    echo -e "\e[97m${var_header} \e[0m"
@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Preliminary Components – `cdi_0000_preliminary`

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. Guarding and Safe Execution – `cdi_0005_guard`

@@ -7,8 +7,8 @@ include_toc: true

 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
-**Master Version**: 9.00<br>
-**Build**: V9.14.002.2026.06.08<br>
+**Master Version**: 9.14<br>
+**Build**: V9.14.004.2026.06.09<br>

 # 2. [bash.var.sh](../bash.var.sh)
 This module establishes the global execution profile for all modules of the `CISS.debian.installer`. It is sourced at the very 
@@ -24,7 +24,7 @@ declare -grx VAR_BASH_VER="$(bash --version | head -n1 | awk '{
 declare -grx VAR_CONTACT="security@coresecret.eu"
 # shellcheck disable=SC2155
 declare -grx VAR_DS_VER="$(debootstrap --version)"
-declare -grx VAR_VERSION="Master V9.14.002.2026.06.08"
+declare -grx VAR_VERSION="Master V9.14.004.2026.06.09"
 # shellcheck disable=SC2155
 declare -grx VAR_SYSTEM="$(uname -mnosv)"
 declare -gx VAR_ARG_SANITIZED=""