V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/cdi_4200_boot/4200_generate_fstab.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
-guard_sourcing
+guard_sourcing || return "${ERR_GUARD_SOURCE}"
 
 #######################################
 # Wrapper to write '/etc/fstab' entries.
@@ -169,11 +169,10 @@ EOF
   mkdir -p "${TARGET}/media/cdrom0"
   cat << 'EOF' >> "${TARGET}/etc/fstab"
 
-/dev/sr0                                   /media/cdrom0               auto              noauto,nofail,ro,user,x-systemd.automount,x-systemd.device-timeout=0                                0 0
-#/dev/sr0                                  /media/cdrom0               udf,iso9660       user,noauto                                                                                         0 0
+# /dev/sr0                                 /media/cdrom0               auto              noauto,nofail,ro,user,x-systemd.automount,x-systemd.device-timeout=0                                0 0                                                                                        0 0
 
 EOF
-  do_log "info" "file_only" "4200() fstab entry generated: '/dev/sr0  /media/cdrom0  udf,iso9660  user,noauto  0 0'."
+  do_log "info" "file_only" "4200() fstab entry generated: '/dev/sr0  /media/cdrom0  auto  noauto,nofail,ro,user,x-systemd.automount,x-systemd.device-timeout=0  0 0'."
 
   cat << 'EOF' >> "${TARGET}/etc/fstab"
 ### Secure tmpfs mounts for a hardened system

func/cdi_4200_boot/4205_check_fstab.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
-guard_sourcing
+guard_sourcing || return "${ERR_GUARD_SOURCE}"
 
 #######################################
 # Basic '/etc/fstab' checks inside chroot.

func/cdi_4200_boot/4210_generate_crypttab.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
-guard_sourcing
+guard_sourcing || return "${ERR_GUARD_SOURCE}"
 
 #######################################
 # '/etc/crypttab' entry writer and logger.

func/cdi_4200_boot/4220_installation_cryptsetup.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
-guard_sourcing
+guard_sourcing || return "${ERR_GUARD_SOURCE}"
 
 #######################################
 # Installation of 'cryptsetup' and 'cryptsetup-initramfs' after '/etc/crypttab' generation.

func/cdi_4200_boot/4230_installation_grub.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
-guard_sourcing
+guard_sourcing || return "${ERR_GUARD_SOURCE}"
 
 #######################################
 # --- UEFI GRUB Installation Strategy ---

func/cdi_4200_boot/4240_update_grub_password.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 
-guard_sourcing
+guard_sourcing || return "${ERR_GUARD_SOURCE}"
 
 #######################################
 # Append the GRUB superuser block to '/etc/grub.d/40_custom'.

func/cdi_4200_boot/4250_update_grub_bootparameter.sh

@@ -13,7 +13,7 @@
 ### Options in "GRUB_CMDLINE_LINUX" are always effective, (incl. recovery).
 ### Options in "GRUB_CMDLINE_LINUX_DEFAULT" are effective ONLY during normal boot (NOT during recovery mode).
 
-guard_sourcing
+guard_sourcing || return "${ERR_GUARD_SOURCE}"
 
 #######################################
 # Hardening: update the Grub boot parameter and the Dropbear and Nuke parameters if opted in.