From 100024b6bbb10a7092f03e68787528d920a293a13b15638a5f95a9a1cda3ae7b Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Fri, 30 May 2025 07:43:32 +0200
Subject: [PATCH] V8.02.512.2025.05.30

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 README.md                               |   6 +-
 scripts/9000-cdi-starter                |  28 +++++++
 scripts/live-boot/0030-verify-checksums | 104 ++++++++++++++++++++++++
 3 files changed, 135 insertions(+), 3 deletions(-)
 create mode 100644 scripts/9000-cdi-starter
 create mode 100644 scripts/live-boot/0030-verify-checksums

diff --git a/README.md b/README.md
index 85d8e09..68ea532 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.02.512.2025.05.30-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.installer)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.02.512.2025.05.30-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -18,8 +18,8 @@ include_toc: true
 [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/SocialMedia-@coresecret_eu-white?style=plastic&logo=x&logoColor=white&logoSize=auto&label=SocialMedia&color=%23000000)](https://x.com/coresecret_eu) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Donation-Donation-white?style=plastic&logo=sepa&logoColor=white&logoSize=auto&label=&color=%230F243E)](https://coresecret.eu/spenden/) &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/bitcoin-Bitcoin-white?style=plastic&logo=bitcoin&logoColor=white&logoSize=auto&label=Donation&color=%23F7931A)](https://coresecret.eu/spenden/) &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/simplex-Simplex-white?style=plastic&logo=simplex&logoColor=white&logoSize=auto&label=Contact&color=%23000000)](https://simplex.chat/) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/bitcoin-Bitcoin-white?style=plastic&logo=bitcoin&logoColor=white&logoSize=auto&label=Donation&color=%23F7931A)](https://coresecret.eu/spenden/#bitcoin) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/simplex-Simplex-white?style=plastic&logo=simplex&logoColor=white&logoSize=auto&label=Contact&color=%23000000)](https://coresecret.eu/contact/#simplex) &nbsp;
 
 # 1. CISS.debian.live.builder
 
diff --git a/scripts/9000-cdi-starter b/scripts/9000-cdi-starter
new file mode 100644
index 0000000..e2dd7cb
--- /dev/null
+++ b/scripts/9000-cdi-starter
@@ -0,0 +1,28 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+set -C -e -u -o pipefail
+
+printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
+# sleep 1
+
+[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
+printf "CISS.debian.installer Master V8.02.512.2025.05.30 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+
+if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
+  chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
+  0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
+fi
+
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successful applied. \e[0m\n" "${0}"
+# sleep 1
+exit 0
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
diff --git a/scripts/live-boot/0030-verify-checksums b/scripts/live-boot/0030-verify-checksums
new file mode 100644
index 0000000..7fe106d
--- /dev/null
+++ b/scripts/live-boot/0030-verify-checksums
@@ -0,0 +1,104 @@
+#!/bin/sh
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Changed the version of https://salsa.debian.org/live-team/live-boot 'components/0030-verify-checksums'
+### In case of successful verification of one of the offered checksums, proceed with booting, else panic.
+
+#######################################
+# Live build ISO with the modified checksum verification script for continuing the boot process.
+# Globals:
+#   LIVE_BOOT_CMDLINE
+#   LIVE_VERIFY_CHECKSUMS
+#   LIVE_VERIFY_CHECKSUMS_DIGESTS
+#   _CHECKSUM
+#   _CHECKSUMS
+#   _DIGEST
+#   _MOUNTPOINT
+#   _PARAMETER
+#   _RETURN
+#   _TTY
+# Arguments:
+#   $1: ${_PARAMETER}
+# Returns:
+#   0 : Successful Verification
+#######################################
+Verify_checksums() {
+  for _PARAMETER in ${LIVE_BOOT_CMDLINE}; do
+    case "${_PARAMETER}" in
+      live-boot.verify-checksums=* | verify-checksums=*)
+        LIVE_VERIFY_CHECKSUMS="true"
+        LIVE_VERIFY_CHECKSUMS_DIGESTS="${_PARAMETER#*verify-checksums=}"
+        ;;
+
+      live-boot.verify-checksums | verify-checksums)
+        LIVE_VERIFY_CHECKSUMS="true"
+        ;;
+    esac
+  done
+
+  case "${LIVE_VERIFY_CHECKSUMS}" in
+    true) ;;
+
+    *)
+      return 0
+      ;;
+  esac
+
+  _MOUNTPOINT="${1}"
+
+  LIVE_VERIFY_CHECKSUMS_DIGESTS="${LIVE_VERIFY_CHECKSUMS_DIGESTS:-sha512 sha384 sha256}"
+  _TTY="/dev/tty8"
+
+  log_begin_msg "Verifying checksums"
+
+  # shellcheck disable=SC2164
+  cd "${_MOUNTPOINT}"
+
+  for _DIGEST in $(echo "${LIVE_VERIFY_CHECKSUMS_DIGESTS}" | sed -e 's|,| |g'); do
+    # shellcheck disable=SC2060
+    _CHECKSUMS="$(echo "${_DIGEST}" | tr [a-z] [A-Z])SUMS ${_DIGEST}sum.txt"
+
+    for _CHECKSUM in ${_CHECKSUMS}; do
+      if [ -e "${_CHECKSUM}" ]; then
+        echo "Found ${_CHECKSUM}..." > "${_TTY}"
+
+        if [ -e "/bin/${_DIGEST}sum" ]; then
+          echo "Checking ${_CHECKSUM}..." > "${_TTY}"
+
+          # Verify checksums
+          grep -v '^#' "${_CHECKSUM}" | /bin/"${_DIGEST}"sum -c > "${_TTY}"
+          _RETURN="${?}"
+
+          # Stop after the first verification
+          # break 2
+        else
+          echo "Not found /bin/${_DIGEST}sum..." > "${_TTY}"
+        fi
+      fi
+    done
+  done
+
+  log_end_msg
+
+  case "${_RETURN}" in
+    0)
+      log_success_msg "Verification sha512 sha384 sha256 successful, continuing booting in 10 seconds."
+      sleep 10
+      return 0
+      ;;
+
+    *)
+      panic "Verification failed, $(basename ${_TTY}) for more information."
+      ;;
+  esac
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh