V9.14.002.2026.06.08

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

lib/cdi_0000_preliminary/0002_usage.sh

@@ -37,9 +37,9 @@ usage() {
   declare var_cols=$(tput cols 2> /dev/null || echo 80)
 
   # shellcheck disable=SC2155
-  declare var_header=$(center "V9.14.000.2026.06.07                                          CISS.debian.installer" "${var_cols}")
+  declare var_header=$(center "V9.14.002.2026.06.08                                          CISS.debian.installer" "${var_cols}")
   # shellcheck disable=SC2155
-  declare var_footer=$(center "V9.14.000.2026.06.07                                          CISS.debian.installer" "${var_cols}")
+  declare var_footer=$(center "V9.14.002.2026.06.08                                          CISS.debian.installer" "${var_cols}")
 
   {
     echo -e "\e[97m${var_header} \e[0m"
@@ -48,8 +48,8 @@ usage() {
     echo -e "\e[92m${VAR_VERSION} \e[0m"
     echo -e "\e[92mA powerful Debian installer for setting up a hardened Debian environment. \e[0m"
     echo
-    echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"
-    echo -e "\e[97m(p) Centurion Press, 2024 - 2025 \e[0m"
+    echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2026 \e[0m"
+    echo -e "\e[97m(p) Centurion Press, 2024 - 2026 \e[0m"
     echo
     echo -e "\e[91mUse only in trusted, non-production environments unless code audited! \e[0m"
     echo
@@ -75,6 +75,12 @@ usage() {
     echo "    - /tmp/.ciss/log/ciss_debian_installer_$$_trace.log"
     echo "    - /tmp/.ciss/log/ciss_debian_installer_$$_var.log"
     echo
+    echo -e "\e[97m  --dropbear-version <YYYY>.<NUMBER> \e[0m"
+    echo "    Set the Dropbear source version used for the hardened Dropbear build."
+    echo "    Also accepts '--dropbear-version=<YYYY>.<NUMBER>'."
+    echo "    Example: --dropbear-version 2026.91"
+    echo "    Defaults to '${VAR_DROPBEAR_VERSION:-2026.91}'."
+    echo
     echo -e "\e[97m  --log, -l <LEVEL> \e[0m"
     echo "    This changes the default log level from 'info' to one of the following values:"
     echo "      debug"

lib/cdi_0000_preliminary/README.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
 **Master Version**: 9.00<br>
-**Build**: V9.14.000.2026.06.07<br>
+**Build**: V9.14.002.2026.06.08<br>
 
 # 2. Preliminary Components – `cdi_0000_preliminary`
 

lib/cdi_0005_guard/README.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *The CISS Debian Installer provides a fully automated and hardened installation process.*<br>
 **Master Version**: 9.00<br>
-**Build**: V9.14.000.2026.06.07<br>
+**Build**: V9.14.002.2026.06.08<br>
 
 # 2. Guarding and Safe Execution – `cdi_0005_guard`
 

lib/cdi_0100_arg/0100_arg_mismatch.sh

@@ -23,17 +23,21 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
 #   VAR_IN_DIALOG_WR
 # Arguments:
 #   1: Message to be printed.
+#   2: Optional exit code.
 #######################################
 arg_mismatch() {
+  declare -i err_code="${2:-${ERR_ARG_MISMATCH}}"
+
   ### Call cleaner if and only if not in auto-install mode.
   if [[ "${VAR_AUTO_INSTALL}" == "false" ]]; then
     ### Dynamically select the cleaner based on the dialog wrapper type.
+    # shellcheck disable=SC2249
     case "${VAR_IN_DIALOG_WR}" in
       box|gauge) "dialog_${VAR_IN_DIALOG_WR}_cleaner" ;;
     esac
   fi
   printf "%b❌ Error: '%s'. %b%b" "${RED}" "${1}" "${RES}" "${NL}" >&2
-  read -pr $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
-  exit "${ERR_ARG_MISMATCH}"
+  read -rp $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
+  exit "${err_code}"
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/cdi_0100_arg/0102_arg_parser.sh

@@ -17,6 +17,7 @@ guard_sourcing || return "${ERR_GUARD_SOURCE}"
 # Globals:
 #   VAR_DEFAULT_LOG_LEVEL
 #   VAR_AUTO_INSTALL
+#   VAR_DROPBEAR_VERSION
 #   VAR_IN_DIALOG_WR
 #   VAR_PRIORITY
 #   VAR_REIONICE_CLASS
@@ -51,6 +52,24 @@ arg_parser() {
           shift 1
           ;;
 
+        --dropbear-version)
+          if [[ -n "${2-}" && "${2}" =~ ^[0-9]{4}\.[0-9]+$ ]]; then
+            declare -gx VAR_DROPBEAR_VERSION="${2}"
+            shift 2
+          else
+            arg_mismatch "--dropbear-version MUST match <YYYY>.<NUMBER>." "${ERR_DROPBEAR_V}"
+          fi
+          ;;
+
+        --dropbear-version=*)
+          if [[ "${argument#*=}" =~ ^[0-9]{4}\.[0-9]+$ ]]; then
+            declare -gx VAR_DROPBEAR_VERSION="${argument#*=}"
+            shift 1
+          else
+            arg_mismatch "--dropbear-version MUST match <YYYY>.<NUMBER>." "${ERR_DROPBEAR_V}"
+          fi
+          ;;
+
         -l | --log)
           case "${2,,}" in
             debug|info|notice|warn|error|critical|fatal|emergency) declare -gx VAR_DEFAULT_LOG_LEVEL="$2"; shift 2 ;;