V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/preseed.yaml

@@ -644,7 +644,7 @@ software:
 # Portugal    : https://si.tecnico.ulisboa.pt/en/servicos/servidores-e-dados/ntp/
 # Portugal    : ntp1.tecnico.ulisboa.pt ntp2.tecnico.ulisboa.pt
 # Sweden      : https://www.netnod.se/swedish-distributed-time-service
-# Sweden      : nts.netnod.se
+# Sweden      : sth1.ntp.se
 # Switzerland : https://www.metas.ch/metas/de/home/fabe/zeit-und-frequenz/time-dissemination.html
 # Switzerland : ntp11.metas.ch ntp12.metas.ch ntp13.metas.ch
 # USA         : https://tf.nist.gov/tf-cgi/servers.cgi
@@ -656,7 +656,7 @@ ntp:
     - "ptbtime2.ptb.de"
     - "ptbtime1.ptb.de"
     - "ntp13.metas.ch"
-    - "ntp2.tecnico.ulisboa.pt"
+    - "ntp1.tecnico.ulisboa.pt"
     - "time-c-b.nist.gov"
     - "sth1.ntp.se"
     - "ntp0.fau.de"

ciss_debian_installer.sh

@@ -29,31 +29,31 @@
 ### PRELIMINARY CHECKS
 [ -z "${BASH_VERSINFO[0]}" ] && {
   . ./meta_loader_early.sh
-  printf "%s❌ Please make sure you are using 'bash'! Bye... %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Please make sure you are using 'bash'! Bye... %s%s" "${RED}" "${RES}" "${NL}" >&2
   exit "${ERR_UNSUPPORTED_BASH}"
   }
 
 [[ ${EUID} -ne 0 ]] && {
   . ./meta_loader_early.sh
-  printf "%s❌ Please make sure you are 'root'! Bye... %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Please make sure you are 'root'! Bye... %s%s" "${RED}" "${RES}" "${NL}" >&2
   exit "${ERR_USER_IS_NOT_ROOT}"
   }
 
 [[ $(kill -l | grep -c SIG) -eq 0 ]] && {
   . ./meta_loader_early.sh
-  printf "%s❌ Please make sure you are calling the script without leading 'sh'! Bye... %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Please make sure you are calling the script without leading 'sh'! Bye... %s%s" "${RED}" "${RES}" "${NL}" >&2
   exit "${ERR_UNSUPPORTED_BASH}"
   }
 
 [[ ${BASH_VERSINFO[0]} -lt 5 ]] && {
   . ./meta_loader_early.sh
-  printf "%s❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... %s%s" "${C_RED}" "${BASH_VERSION}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... %s%s" "${RED}" "${BASH_VERSION}" "${RES}" "${NL}" >&2
   exit "${ERR_UNSUPPORTED_BASH}"
   }
 
 [[ ${BASH_VERSINFO[0]} -le 5 ]] && [[ ${BASH_VERSINFO[1]} -le 1 ]] && {
   . ./meta_loader_early.sh
-  printf "%s❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... %s%s" "${C_RED}" "${BASH_VERSION}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... %s%s" "${RED}" "${BASH_VERSION}" "${RES}" "${NL}" >&2
   exit "${ERR_UNSUPPORTED_BASH}"
   }
 
@@ -87,12 +87,12 @@ pre_scan_debug "$@"
 
 ### ADVISORY LOCK
 exec 127>/var/lock/ciss_debian_installer.lock || {
-  printf "%s❌ Cannot open lockfile for writing! Bye... %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Cannot open lockfile for writing! Bye... %s%s" "${RED}" "${RES}" "${NL}" >&2
   exit "${ERR_FLOCK_PROTECTED}"
 }
 
 if ! flock -x -n 127; then
-  printf "%s❌ Another instance is running! Bye...%s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Another instance is running! Bye...%s%s" "${RED}" "${RES}" "${NL}" >&2
   exit "${ERR_FLOCK_COLLISION}"
 fi
 

func/1083_helper_print.sh

@@ -15,27 +15,27 @@ guard_sourcing
 #######################################
 # Wrapper around 'printf' for clean code.
 # Globals:
-#   C_RES
+#   RES
 # Arguments:
-#   1: One of "${C_BLA}" | "${C_RED}" | "${C_GRE}" | "${C_YEL}" | "${C_BLU}" | "${C_MAG}" | "${C_CYA}" | "${C_WHI}"
+#   1: One of "${BLA}" | "${RED}" | "${GRE}" | "${YEL}" | "${BLU}" | "${MAG}" | "${CYA}" | "${WHI}"
 #   2: Text string to print on terminal.
 #######################################
 do_print_color() {
-  printf "%s\n" "${1}${2}${C_RES}"
+  printf "%s\n" "${1}${2}${RES}"
 }
 
 #######################################
 # Wrapper around 'printf' for clean, uniform terminal output and line fold for long text strings for better readability.
 # Globals:
-#   C_RES
+#   RES
 # Arguments:
-#   1: One of "${C_BLA}" | "${C_RED}" | "${C_GRE}" | "${C_YEL}" | "${C_BLU}" | "${C_MAG}" | "${C_CYA}" | "${C_WHI}"
+#   1: One of "${BLA}" | "${RED}" | "${GRE}" | "${YEL}" | "${BLU}" | "${MAG}" | "${CYA}" | "${WHI}"
 #   2: Text string to print on terminal.
 #######################################
 do_print_fold() {
   declare var_color="$1"; shift
   declare var_msg_string="$*"
-  declare var_formatted_string="${var_color}${var_msg_string}${C_RES}"
+  declare var_formatted_string="${var_color}${var_msg_string}${RES}"
   printf "%b\n" "${var_formatted_string}" | fold -s -w 76 | sed '1! s/^/    /'
 }
 

func/1120_logging_modules.sh

@@ -49,23 +49,23 @@ do_should_log() {
 #######################################
 # Log level color retriever.
 # Globals:
-#   C_BLU
+#   BLU
 #   C_GRN
-#   C_MAG
+#   MAG
-#   C_RED
+#   RED
-#   C_WHI
+#   WHI
-#   C_YEL
+#   YEL
 # Arguments:
 #   1: "${LOG_LEVEL}" one of: "debug" | "info" | "notice" | "warn" | "error" | "critical" | "fatal" | "emergency"
 #######################################
 do_get_log_color() {
   case "${1,,}" in
-    debug) echo "${C_WHI}" ;;
+    debug) echo "${WHI}" ;;
     info) echo "${C_GRN}" ;;
-    notice) echo "${C_YEL}" ;;
+    notice) echo "${YEL}" ;;
-    warn | error | critical) echo "${C_RED}" ;;
+    warn | error | critical) echo "${RED}" ;;
-    fatal | emergency) echo "${C_MAG}" ;;
+    fatal | emergency) echo "${MAG}" ;;
-    *) echo "${C_BLU}" ;;
+    *) echo "${BLU}" ;;
   esac
 }
 

func/4220_setup_sudo.sh

@@ -12,15 +12,12 @@
 
 guard_sourcing
 
-# Setup sudo user account
+#######################################
+# Setup sudo.
+# Arguments:
+#   None
+#######################################
 setup_sudo() {
-
+  return 0
-
-  if [[ ${accounts_user_login,,} == "true" ]]; then
-    do_in_target "${TARGET}" /bin/bash -c "apt-get install -y sudo && usermod -aG sudo ${accounts_user_name}"
-    do_log "info" "false" "Command: 'apt-get install -y sudo && usermod -aG sudo ${accounts_user_name}' executed in: '${TARGET}'."
-  fi
-
-
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/4230_setup_chrony.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Setup chrony NTPSec client.
+# Globals:
+#   ARY_NTPSRVR
+#   DIR_BAK
+#   NL
+#   TARGET
+#   VAR_SETUP_PATH
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+setup_chrony() {
+  # shellcheck disable=SC2155
+  declare var_of="$(mktemp --tmpdir --mode=0600 /tmp/var_of.XXXXXXXX)"
+  declare var_ntp_server
+
+  for var_ntp_server in "${ARY_NTPSRVR[@]}"; do
+    printf "server %s iburst nts minpoll 5 maxpoll 9 %s" "${var_ntp_server}" "${NL}" >> "${var_of}"
+  done
+  printf "# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh %s" "${NL}" >> "${var_of}"
+
+  # do_remove_service "systemd-timesyncd.service" "systemd-timesyncd"
+
+  mkdir -p "${TARGET}/var/log/chrony"
+  do_in_target "${TARGET}" apt-get install chrony -y
+
+  if [[ ! -e "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service" ]]; then
+    ln -s "${TARGET}/lib/systemd/system/chrony.service" "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service"
+  fi
+
+  mkdir -p "${DIR_BAK}/etc/chrony"
+  mv "${TARGET}/etc/chrony/chrony.conf" "${DIR_BAK}/etc/chrony/chrony.conf.bak"
+
+  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/etc/chrony/chrony.cnf" "${TARGET}/etc/chrony/chrony.conf"
+  cat "${var_of}" >> "${TARGET}/etc/chrony/chrony.conf"
+
+  do_log "info" "false" "Chrony NTPsec client installed."
+
+  rm -f "${var_of}"
+  unset var_of
+
+  return 0
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

includes/etc/chrony/chrony.cnf

@@ -0,0 +1,33 @@
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+# Include configuration files found in /etc/chrony/conf.d.
+confdir /etc/chrony/conf.d
+driftfile /var/lib/chrony/chrony.drift
+keyfile /etc/chrony/chrony.keys
+logdir /var/log/chrony
+ntsdumpdir /var/lib/chrony
+sourcedir /run/chrony-dhcp
+sourcedir /etc/chrony/sources.d
+
+log tracking measurements statistics
+
+authselectmode require
+
+leapsectz right/UTC
+
+leapsecmode system
+
+maxupdateskew 100.0
+
+rtcsync
+
+makestep 1 3

lib/0060_trap_err.sh

@@ -53,7 +53,7 @@ print_file_err() {
     printf "❌ Arguments Counter   : %s %s" "${ARGUMENTS_COUNT}" "${NL}"
     printf "❌ Arguments Original  : %s %s" "${ARG_STR_ORG_INPUT}" "${NL}"
     printf "❌ Arguments Sanitized : %s %s" "${VAR_ARG_SANITIZED}" "${NL}"
-    if [[ "${VAR_DEBUG_TRACE}" || "${VAR_DEBUG_TRAP}" ]]; then
+    if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
       printf "❌ Vars Dump saved at  : %s %s" "${LOG_VAR}" "${NL}"
     fi
     if "${VAR_DEBUG_TRAP}"; then
@@ -73,8 +73,8 @@ print_file_err() {
 # Globals:
 #   ARGUMENTS_COUNT
 #   ARG_STR_ORG_INPUT
-#   C_RED
+#   RED
-#   C_RES
+#   RES
 #   ERRCMMD
 #   ERRCODE
 #   ERRFUNC
@@ -96,32 +96,32 @@ print_file_err() {
 #  None
 #######################################
 print_scr_err() {
-  printf "%s❌ CISS.debian.installer Script failed. %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ CISS.debian.installer Script failed. %s%s" "${RED}" "${RES}" "${NL}" >&2
-  printf "%s❌ GIT Commit          : %s %s%s" "${C_RED}" "${VAR_GIT_HEAD}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ GIT Commit          : %s %s%s" "${RED}" "${VAR_GIT_HEAD}" "${RES}" "${NL}" >&2
-  printf "%s❌ Version             : %s %s%s" "${C_RED}" "${VAR_VERSION}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Version             : %s %s%s" "${RED}" "${VAR_VERSION}" "${RES}" "${NL}" >&2
-  printf "%s❌ Hostsystem          : %s %s%s" "${C_RED}" "${VAR_SYSTEM}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Hostsystem          : %s %s%s" "${RED}" "${VAR_SYSTEM}" "${RES}" "${NL}" >&2
-  printf "%s❌ Error               : %s %s%s" "${C_RED}" "${ERRCODE}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Error               : %s %s%s" "${RED}" "${ERRCODE}" "${RES}" "${NL}" >&2
-  printf "%s❌ Line                : %s %s%s" "${C_RED}" "${ERRLINE}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Line                : %s %s%s" "${RED}" "${ERRLINE}" "${RES}" "${NL}" >&2
-  printf "%s❌ Script              : %s %s%s" "${C_RED}" "${ERRSCRT}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Script              : %s %s%s" "${RED}" "${ERRSCRT}" "${RES}" "${NL}" >&2
-  printf "%s❌ Function            : %s %s%s" "${C_RED}" "${ERRFUNC}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Function            : %s %s%s" "${RED}" "${ERRFUNC}" "${RES}" "${NL}" >&2
-  printf "%s❌ Command             : %s %s%s" "${C_RED}" "${ERRCMMD}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Command             : %s %s%s" "${RED}" "${ERRCMMD}" "${RES}" "${NL}" >&2
-  printf "%s❌ Script PID          : %s %s%s" "${C_RED}" "${$}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Script PID          : %s %s%s" "${RED}" "${$}" "${RES}" "${NL}" >&2
-  printf "%s❌ Script Runtime      : %s %s%s" "${C_RED}" "${SECONDS}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Script Runtime      : %s %s%s" "${RED}" "${SECONDS}" "${RES}" "${NL}" >&2
-  printf "%s❌ Arguments Counter   : %s %s%s" "${C_RED}" "${ARGUMENTS_COUNT}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Arguments Counter   : %s %s%s" "${RED}" "${ARGUMENTS_COUNT}" "${RES}" "${NL}" >&2
-  printf "%s❌ Arguments Original  : %s %s%s" "${C_RED}" "${ARG_STR_ORG_INPUT}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Arguments Original  : %s %s%s" "${RED}" "${ARG_STR_ORG_INPUT}" "${RES}" "${NL}" >&2
-  printf "%s❌ Arguments Sanitized : %s %s%s" "${C_RED}" "${VAR_ARG_SANITIZED}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Arguments Sanitized : %s %s%s" "${RED}" "${VAR_ARG_SANITIZED}" "${RES}" "${NL}" >&2
-  printf "%s❌ Error Log saved at  : %s %s%s" "${C_RED}" "${LOG_ERROR}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Error Log saved at  : %s %s%s" "${RED}" "${LOG_ERROR}" "${RES}" "${NL}" >&2
-  printf "%s❌                   cat %s %s%s" "${C_RED}" "${LOG_ERROR}" "${C_RES}" "${NL}" >&2
+  printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_ERROR}" "${RES}" "${NL}" >&2
-  if [[ "${VAR_DEBUG_TRACE}" || "${VAR_DEBUG_TRAP}" ]]; then
+  if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
-    printf "%s❌ Vars Dump saved at  : %s %s%s" "${C_RED}" "${LOG_VAR}" "${C_RES}" "${NL}" >&2
+    printf "%s❌ Vars Dump saved at  : %s %s%s" "${RED}" "${LOG_VAR}" "${RES}" "${NL}" >&2
   fi
   if "${VAR_DEBUG_TRAP}"; then
-    printf "%s❌ Debug Log saved at  : %s %s%s" "${C_RED}" "${LOG_DEBUG}" "${C_RES}" "${NL}" >&2
+    printf "%s❌ Debug Log saved at  : %s %s%s" "${RED}" "${LOG_DEBUG}" "${RES}" "${NL}" >&2
-    printf "%s❌                   cat %s %s%s" "${C_RED}" "${LOG_DEBUG}" "${C_RES}" "${NL}" >&2
+    printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_DEBUG}" "${RES}" "${NL}" >&2
   fi
   if "${VAR_DEBUG_TRACE}"; then
-    printf "%s❌ Debug Log saved at  : %s %s%s" "${C_RED}" "${LOG_TRACE}" "${C_RES}" "${NL}" >&2
+    printf "%s❌ Debug Log saved at  : %s %s%s" "${RED}" "${LOG_TRACE}" "${RES}" "${NL}" >&2
-    printf "%s❌                   cat %s %s%s" "${C_RED}" "${LOG_TRACE}" "${C_RES}" "${NL}" >&2
+    printf "%s❌                   cat %s %s%s" "${RED}" "${LOG_TRACE}" "${RES}" "${NL}" >&2
   fi
   printf "%s" "${NL}"
 }
@@ -151,7 +151,7 @@ trap_err() {
   declare -g ERRLINE="$3"
   declare -g ERRFUNC="$4"
   declare -g ERRCMMD="$5"
-  if [[ "${VAR_DEBUG_TRACE}" || "${VAR_DEBUG_TRAP}" ]]; then dump_vars_exiting; fi
+  if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then dump_vars_exiting; fi
   case "${VAR_IN_DIALOG_WR}" in
     box   ) dialog_box_cleaner   ;;
     gauge ) dialog_gauge_cleaner ;;

lib/0070_trap_exit.sh

@@ -28,7 +28,7 @@ trap_exit() {
   fi
 
   if (( var_trap_on_exit_code == 0 )); then
-    if [[ "${VAR_DEBUG_TRACE}" || "${VAR_DEBUG_TRAP}" ]]; then dump_vars_exiting; fi
+    if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then dump_vars_exiting; fi
     clean_up "${var_trap_on_exit_code}"
     print_scr_exit "${var_trap_on_exit_code}"
     exit "${var_trap_on_exit_code}"
@@ -58,7 +58,7 @@ print_scr_exit() {
       printf "\e[92m✅ CISS.debian.installer Script successful. \e[0m\n"
       printf "\e[92m✅ Exited with Status : %s \e[0m\n" "${var_print_scr_exit_code}"
       printf "\n"
-      if [[ "${VAR_DEBUG_TRACE}" || "${VAR_DEBUG_TRAP}" ]]; then
+      if [[ "${VAR_DEBUG_TRACE}" == "true" || "${VAR_DEBUG_TRAP}" == "true" ]]; then
         printf "\e[92m✅ Vars Dump saved at : %s \e[0m\n" "${LOG_VAR}"
         printf "\e[92m✅                  cat %s \e[0m\n" "${LOG_VAR}"
       fi

lib/0100_arg_mismatch.sh

@@ -15,8 +15,8 @@ guard_sourcing
 #######################################
 # Wrapper for mismatched Arguments.
 # Globals:
-#   C_RED
+#   RED
-#   C_RES
+#   RES
 #   ERR_ARG_MISMATCH
 #   NL
 #   VAR_AUTO_INSTALL
@@ -34,7 +34,7 @@ arg_mismatch() {
         ;;
     esac
   fi
-  printf "%s❌ Error: '%s'. %s%s" "${C_RED}" "${1}" "${C_RES}" "${NL}" >&2
+  printf "%s❌ Error: '%s'. %s%s" "${RED}" "${1}" "${RES}" "${NL}" >&2
   read -pr $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
   exit "${ERR_ARG_MISMATCH}"
 }

lib/0101_arg_sanitizer.sh

@@ -29,8 +29,8 @@ arg_check() {
 #######################################
 # Function to sanitize a single argument
 # Globals:
-#   C_RED
+#   RED
-#   C_RES
+#   RES
 #   ERR_UNSAFE_CHARACTER
 #   LOG_ERROR
 #   NL
@@ -55,9 +55,9 @@ sanitize_arg() {
       box   ) dialog_box_cleaner   ;;
       gauge ) dialog_gauge_cleaner ;;
     esac
-    printf "%s❌ Control character   : '%s'. %s%s" "${C_RED}" "${disallowed_ctrl}" "${C_RES}" "${NL}" >&2
+    printf "%s❌ Control character   : '%s'. %s%s" "${RED}" "${disallowed_ctrl}" "${RES}" "${NL}" >&2
-    printf "%s❌         in argument : '%s'. %s%s" "${C_RED}" "${input}" "${C_RES}" "${NL}" >&2
+    printf "%s❌         in argument : '%s'. %s%s" "${RED}" "${input}" "${RES}" "${NL}" >&2
-    printf "%s❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
+    printf "%s❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s%s" "${RED}" "${RES}" "${NL}" >&2
     # shellcheck disable=SC2162
     read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
     exit "${ERR_UNSAFE_CHARACTER}"
@@ -79,9 +79,9 @@ sanitize_arg() {
       box   ) dialog_box_cleaner   ;;
       gauge ) dialog_gauge_cleaner ;;
     esac
-    printf "%s❌ Invalid character   : '%s'. %s%s" "${C_RED}" "${disallowed//?/& }" "${C_RES}" "${NL}" >&2
+    printf "%s❌ Invalid character   : '%s'. %s%s" "${RED}" "${disallowed//?/& }" "${RES}" "${NL}" >&2
-    printf "%s❌         in argument : '%s'. %s%s" "${C_RED}" "${input}" "${C_RES}" "${NL}" >&2
+    printf "%s❌         in argument : '%s'. %s%s" "${RED}" "${input}" "${RES}" "${NL}" >&2
-    printf "%s❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s%s" "${C_RED}" "${C_RES}" "${NL}" >&2
+    printf "%s❌ Allowed Characters  : 'a-z A-Z 0-9 . _ / = [ ] : \" - + space' %s%s" "${RED}" "${RES}" "${NL}" >&2
     # shellcheck disable=SC2162
     read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
     exit "${ERR_UNSAFE_CHARACTER}"

lib/0103_arg_priority_check.sh

@@ -15,8 +15,8 @@ guard_sourcing
 #######################################
 # Check and setup Script Priorities
 # Globals:
-#   C_GRE
+#   GRE
-#   C_RES
+#   RES
 #   NL
 #   VAR_PRIORITY
 #   VAR_REIONICE_CLASS
@@ -30,14 +30,14 @@ arg_priority_check() {
   if [[ -n ${VAR_PRIORITY} ]]; then
     renice "${VAR_PRIORITY}" -p "$$"
     var=$(ps -o ni= -p $$) > /dev/null 2>&1
-    printf "%s✅ New renice value: '%s'. %s%s" "${C_GRE}" "${var}" "${C_RES}" "${NL}"
+    printf "%s✅ New renice value: '%s'. %s%s" "${GRE}" "${var}" "${RES}" "${NL}"
   fi
 
   # Check if ionice PRIORITY is set and adjust ionice priority.
   if [[ -n ${VAR_REIONICE_CLASS} ]]; then
     ionice -c"${VAR_REIONICE_CLASS:-2}" -n"${VAR_REIONICE_PRIORITY:-4}" -p "$$"
     var=$(ionice -p $$) > /dev/null 2>&1
-    printf "%s✅ New ionice value: '%s'. %s%s" "${C_GRE}" "${var}" "${C_RES}" "${NL}"
+    printf "%s✅ New ionice value: '%s'. %s%s" "${GRE}" "${var}" "${RES}" "${NL}"
   fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

source/func/3.8.6.functions_installation_setup_chrony.sh

@@ -1,91 +0,0 @@
-#!/bin/bash
-# SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-02-13; WEIDNER, Marc S.; <cendev@coresecret.eu>
-# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.installer.git
-# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
-# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
-# SPDX-FileType: SOURCE
-# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
-# SPDX-PackageName: CISS.2025.hardened.installer
-# SPDX-Security-Contact: security@coresecret.eu
-
-###########################################################################################
-# 3.8.6. Functions - installation - setup chrony                                          #
-###########################################################################################
-
-###########################################################################################
-# Setup chrony NTPSec client
-# Globals:
-#   DIR_BAK
-#   MODULE_ERR
-#   MODULE_TXT
-#   NTPSRVR
-#   TARGET
-# Arguments:
-#   None
-###########################################################################################
-3_8_6_functions_installation_setup_crony() {
-  declare -g -x MODULE_ERR="3_8_6_functions_installation_setup_chrony"
-  declare -g -x MODULE_TXT="Installing 'chrony client'"
-  do_show_header "${MODULE_TXT}"
-
-  # Create NTPSec Server file from Array 'NTPSRVR'
-
-  # shellcheck disable=SC2155
-  declare OUTPUT_FILE=$(mktemp /tmp/ntp_servers.XXXXXX)
-
-  declare NTPSERVER
-
-  for NTPSERVER in "${NTPSRVR[@]}"; do
-    echo "server ${NTPSERVER} iburst nts minpoll 5 maxpoll 9" >> "${OUTPUT_FILE}"
-  done
-
-  # do_remove_service "systemd-timesyncd.service" "systemd-timesyncd"
-
-  mkdir -p "${TARGET}"/var/log/chrony
-  do_in_target "${TARGET}" apt-get install chrony -y
-  do_log "info" "true" "Command: 'apt-get install chrony -y' executed in: '${TARGET}'."
-
-  if [ ! -e "${TARGET}/etc/systemd/system/multi-user.target.wants/chrony.service" ]; then
-    ln -s "${TARGET}"/lib/systemd/system/chrony.service "${TARGET}"/etc/systemd/system/multi-user.target.wants/chrony.service
-  fi
-
-  mv "${TARGET}"/etc/chrony/chrony.conf "${DIR_BAK}"chrony.conf.bak
-  chmod 644 "${DIR_BAK}"chrony.conf.bak
-  touch "${TARGET}"/etc/chrony/chrony.conf
-
-  cat << EOF >> "${TARGET}"/etc/chrony/chrony.conf
-# Include configuration files found in /etc/chrony/conf.d.
-confdir /etc/chrony/conf.d
-driftfile /var/lib/chrony/chrony.drift
-keyfile /etc/chrony/chrony.keys
-logdir /var/log/chrony
-ntsdumpdir /var/lib/chrony
-sourcedir /run/chrony-dhcp
-sourcedir /etc/chrony/sources.d
-
-log tracking measurements statistics
-
-authselectmode require
-
-leapsectz right/UTC
-
-leapsecmode system
-
-maxupdateskew 100.0
-
-rtcsync
-
-makestep 1 3
-
-EOF
-
-  cat "${OUTPUT_FILE}" >> "${TARGET}"/etc/chrony/chrony.conf
-
-  chmod 644 /etc/chrony/chrony.conf
-  do_log "info" "false" "Chrony NTPsec client installed."
-
-  do_show_footer "${MODULE_TXT}"
-}
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh:

var/colors.var.sh

@@ -10,15 +10,16 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
-declare -grx C_BLA='\e[90m' # Beautiful black for the techno fans.
+declare -grx BLA='\e[90m' # Beautiful black for the techno fans.
-declare -grx C_RED='\e[91m' # Bright red.
+declare -grx RED='\e[91m' # Bright red.
-declare -grx C_GRE='\e[92m' # Vibrant green.
+declare -grx GRE='\e[92m' # Vibrant green.
-declare -grx C_YEL='\e[93m' # Fancy yellow
+declare -grx YEL='\e[93m' # Fancy yellow
-declare -grx C_BLU='\e[94m' # Organic blue.
+declare -grx BLU='\e[94m' # Organic blue.
-declare -grx C_MAG='\e[95m' # Super gay magenta.
+declare -grx MAG='\e[95m' # Super gay magenta.
-declare -grx C_CYA='\e[96m' # Lovely cyan.
+declare -grx CYA='\e[96m' # Lovely cyan.
-declare -grx C_WHI='\e[97m' # Fantastic color mix.
+declare -grx WHI='\e[97m' # Fantastic color mix.
-declare -grx C_RES='\e[0m'  # Forget everything.
+declare -grx RES='\e[0m'  # Forget everything.
-declare -grx NL='\n'        # Print a crystal clear new line.
+declare -grx TAB='\t'     # Insert a fresh tabulator.
+declare -grx NL='\n'      # Print a crystal clear new line.
 
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

var/global.var.sh

@@ -13,10 +13,10 @@
 ### Definition of MUST set global Variables
 
 # shellcheck disable=SC2155
-declare -grx VAR_KERNEL_INF="$(mktemp)"
+declare -grx VAR_KERNEL_INF="$(mktemp --tmpdir --mode=0600 /tmp/var_kernel_inf.XXXXXXXX)"
-declare -grx VAR_KERNEL_TMP="$(mktemp)"
+declare -grx VAR_KERNEL_TMP="$(mktemp --tmpdir --mode=0600 /tmp/var_kernel_tmp.XXXXXXXX)"
-declare -grx VAR_KERNEL_SRT="$(mktemp)"
+declare -grx VAR_KERNEL_SRT="$(mktemp --tmpdir --mode=0600 /tmp/var_kernel_srt.XXXXXXXX)"
-declare -grx VAR_NOTES="$(mktemp)"
+declare -grx VAR_NOTES="$(mktemp --tmpdir --mode=0600 /tmp/var_notes.XXXXXXXX)"
 declare -grx LOG_ERROR="/tmp/ciss_debian_installer_$$_error.log"
 declare -grx VAR_SETUP_CONF="preseed.yaml"
 declare -grx VAR_SETUP_PART="partitioning.yaml"
@@ -55,8 +55,9 @@ declare -grx VAR_H='"'
 
 ### 1250_yaml_parser.sh:
   ### Indexed Arrays for 'Debian Packages' to install and 'NTPSec Server' to use.
-declare -agx ARY_PACKAGES=()
+#declare -ag ARY_BOOTPARAM=()
-declare -agx ARY_NTPSRVR=()
+#declare -ag ARY_PACKAGES=()
+#declare -ag ARY_NTPSRVR=()
 
 ### 1251_yaml_reader.sh:
   ### Variable for highest device count e.g., /dev/sdf = "f"