V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-07-31 23:04:30 +02:00
parent 930f47f827
commit 45ff672479
103 changed files with 1011 additions and 266 deletions
--- a/docs/MANPAGES.md
+++ b/docs/MANPAGES.md
@@ -0,0 +1,22 @@
+---
+gitea: none
+include_toc: true
+---
+
+# 1. CISS.debian.installer
+
+**Centurion Intelligence Consulting Agency Information Security Standard**<br>
+*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
+**Master Version**: 8.00<br>
+**Build**: V8.00.000.2025.06.17<br>
+
+# 2. ToC
+
+- [BOOTPARAMS.md](man/BOOTPARAMS.md)
+- [DEBUG_HANDLING.md](man/DEBUG_HANDLING.md)
+- [ERROR_HANDLING.md](man/ERROR_HANDLING.md)
+- [LINTER_CHAR.md](man/LINTER_CHAR.md)
+
+---
+**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
+<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
--- a/docs/man/DEBUG_HANDLING.md
+++ b/docs/man/DEBUG_HANDLING.md
@@ -23,7 +23,7 @@ structured logs with full environmental metadata and deterministic command evalu

 ## 2.2. Component Modules

-### 2.2.1 [0050_debug_pre_scan.sh](../../lib/0050_debug_pre_scan.sh)
+### 2.2.1 [0050_debug_pre_scan.sh](../../lib/cdi_0050_debug/0050_debug_pre_scan.sh)

 **Purpose**: Parses the script's argument vector (`$@`) to detect and initialize debug mode before the main installer logic 
 executes.
@@ -36,7 +36,7 @@ executes.
 - Explicitly sets the necessary global flags: `VAR_DEBUG_TRACE` and/or `VAR_DEBUG_TRAP`.


-### 2.2.2. [0051_debug_var_dump.sh](../../lib/0051_debug_var_dump.sh)
+### 2.2.2. [0051_debug_var_dump.sh](../../lib/cdi_0050_debug/0051_debug_var_dump.sh)

 **Functions**:
 - `dump_vars_initial()`: Captures the initial state of all non-internal variables.
@@ -52,7 +52,7 @@ executes.
 - Operates with `set +x` to avoid leaking secrets to stdout.
 - Temporary files are created with `mktemp` and removed after usage.

-### 2.2.3. [0052_debug_trace.sh](../../lib/0052_debug_trace.sh)
+### 2.2.3. [0052_debug_trace.sh](../../lib/cdi_0050_debug/0052_debug_trace.sh)

 **Purpose**: Initializes Bash's `xtrace` (`set -x`) with rich metadata formatting and redirects output to `LOG_TRC`.

@@ -70,7 +70,7 @@ executes.
 - Serves as a non-interfering, shell-native audit mechanism.
 - Avoid collision with terminal output or stderr logging.

-### 2.2.4. [0053_debug_trace_header.sh](../../lib/0053_debug_trace_header.sh)
+### 2.2.4. [0053_debug_trace_header.sh](../../lib/cdi_0050_debug/0053_debug_trace_header.sh)

 **Purpose**: Prints an extensive contextual header to `LOG_TRC`, including:

@@ -82,7 +82,7 @@ executes.

 This header facilitates offline analysis and correlates script execution to external events or CI/CD timelines.

-### 2.2.5. [0054_debug_trap.sh](../../lib/0054_debug_trap.sh)
+### 2.2.5. [0054_debug_trap.sh](../../lib/cdi_0050_debug/0054_debug_trap.sh)

 **Purpose**: Implements runtime-level command introspection using the `DEBUG` trap.

@@ -101,7 +101,7 @@ This header facilitates offline analysis and correlates script execution to exte
 - Designed to be safely enabled in production with obfuscation of credentials and secrets.
 - Provides a temporal correlation of command execution and exit codes.

-### 2.2.6. [0055_debug_trap_header.sh](../../lib/0055_debug_trap_header.sh)
+### 2.2.6. [0055_debug_trap_header.sh](../../lib/cdi_0050_debug/0055_debug_trap_header.sh)

 **Purpose**: Similar to `debug_trace_header()`, this module prints an elaborate preamble into the `LOG_DBG` file.

--- a/docs/man/ERROR_HANDLING.md
+++ b/docs/man/ERROR_HANDLING.md
@@ -44,7 +44,7 @@ exhaustive state introspection. The defined options anticipate and actively prev
 conditions or shell misbehavior.


-## 2.3. [0060_trap_err.sh](../../lib/0060_trap_err.sh)
+## 2.3. [0060_trap_err.sh](../../lib/cdi_0060_traps/0060_trap_err.sh)

 ### 2.3.1. Purpose

@@ -68,7 +68,7 @@ anomalies precisely, log them comprehensively, and expose them to the console an
 - Integrates gracefully with dialog-driven user interfaces (e.g., `dialog_box_cleaner`, `dialog_gauge_cleaner`).
 - Evaluates `VAR_DEBUG_TRACE` and `VAR_DEBUG_TRAP` to determine the scope of runtime introspection.

-## 2.4. [0070_trap_exit.sh](../../lib/0070_trap_exit.sh)
+## 2.4. [0070_trap_exit.sh](../../lib/cdi_0060_traps/0070_trap_exit.sh)

 ### 2.4.1. Purpose

@@ -95,7 +95,7 @@ error. Notably, it complements `trap_err()` by catching unbound variable errors
 - Isolates early trap context via local read-only declarations to avoid overwriting.
 - Ensures that debug logs and variable states are flushed before exit.

-## 2.5. [0080_trap_int.sh](../../lib/0080_trap_int.sh)
+## 2.5. [0080_trap_int.sh](../../lib/cdi_0060_traps/0080_trap_int.sh)

 ### 2.5.1. Purpose

--- a/docs/man/LINTER_CHAR.md
+++ b/docs/man/LINTER_CHAR.md
@@ -0,0 +1,52 @@
+---
+gitea: none
+include_toc: true
+---
+
+# 1. CISS.debian.installer
+
+**Centurion Intelligence Consulting Agency Information Security Standard**<br>
+*The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
+**Master Version**: 8.00<br>
+**Build**: V8.00.000.2025.06.17<br>
+
+# 2. Git Workflow Linter — Character Set Policy Enforcement
+
+## 2.1. Overview
+
+The **[linter_char_scripts.yaml](../../.gitea/workflows/linter_char_scripts.yaml)** defines a declarative policy framework for 
+sanitizing and validating character scripts within a Git repository. It enforces linguistic and typographic constraints at the 
+commit level, preventing the introduction of ambiguous, non-printable, homoglyphic, or non-standard Unicode character classes. 
+This mechanism enhances both the integrity and auditability of the codebase, particularly in contexts where multilingual input,
+identity obfuscation, or supply-chain risk (e.g., Trojan Source attacks) must be mitigated.
+
+## 2.2. Purpose
+
+The core intent of this linter is to:
+
+- **Detect forbidden Unicode scripts or codepoints** within staged files.
+- **Ensure locale-hygienic commits** by permitting only explicitly whitelisted language/script groups.
+- **Enforce character uniformity** across source files, configuration, and metadata.
+- **Block malicious or ambiguous glyph injection**, including bidirectional override, homoglyph attacks, or zero-width characters.
+
+## 2.3. Security Considerations
+
+This linter serves as a preventive supply-chain control by reducing exposure to:
+
+- Invisible character injection (e.g. \u200e, \u202e)
+- Homoglyphic substitution (e.g. Cyrillic а vs. Latin a)
+- Bidirectional override attacks (Trojan Source)
+- Untraceable backdoors hidden in user comments or unused string literals
+
+It complements traditional static analysis and code review processes by operating at a syntactic level of representation, 
+thus neutralizing attacks that bypass semantic inspection.
+
+## 2.4. Conclusion
+The ``linter_char_scripts.yaml`` is a vital component of the **CISS.debian.installer** secure development lifecycle. It defines 
+a robust, extensible, and policy-driven control layer against linguistic abuse and typographic ambiguity in version-controlled 
+assets. Its utility is especially salient in multi-language environments, cryptographic infrastructure code, and supply-chain 
+sensitive repositories.
+
+---
+**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
+<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->