V8.13.008.2025.08.22

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

README.md

@@ -389,10 +389,26 @@ apply or revert these controls.
 set -o errexit   # Exit script when a command exits with non-zero status (same as "set -e").
 set -o errtrace  # Inherit ERR traps in subshells (same as "set -E").
 set -o functrace # Inherit DEBUG and RETURN traps in subshells (same as "set -T").
+set -o ignoreeof # An interactive shell will not exit upon reading EOF.
 set -o nounset   # Exit script on use of an undefined variable (same as "set -u").
 set -o pipefail  # Return the exit status of the last failed command in a pipeline.
 set -o noclobber # Prevent overwriting files via redirection (same as "set -C").
 ```
+
+* The following `shopt` options are applied at the beginning of the script (see
+  [Bash Manual, The Shopt Builtin](https://www.gnu.org/software/bash/manual/bash.html#The-Shopt-Builtin)):
+````bash
+shopt -s failglob        # If set, patterns that fail to match filenames during filename expansion result in an expansion error.
+shopt -s inherit_errexit # If set, command substitution inherits the value of the errexit option instead of unsetting it in the
+                         # subshell environment.
+shopt -s lastpipe        # If set, and job control is not active, the shell runs the last command of a pipeline not executed in
+                         # the background in the current shell environment.
+shopt -u expand_aliases  # If set, aliases are expanded as described. This option is enabled by default for interactive shells.
+shopt -u dotglob         # If set, Bash includes filenames beginning with a '.' in the results of filename expansion.
+shopt -u extglob         # If set, enable the extended pattern matching features.
+shopt -u nullglob        # If set, filename expansion patterns that match no files expand to nothing and are removed.
+````
+
 * **Rationale**: These options enforce strict error checking and handling, reducing silent failures and ensuring 
 predictable script behavior.
 
@@ -435,7 +451,8 @@ predictable script behavior.
                           --reionice-priority 1 2 \
                           --root-password-file /opt/gitea/CISS.debian.live.builder/password.txt \
                           --ssh-port 4242 \
-                          --ssh-pubkey /opt/gitea/CISS.debian.live.builder
+                          --ssh-pubkey /opt/gitea/CISS.debian.live.builder \
+                          --trixie
    ````
 4. Locate your ISO in the `--build-directory`.
 5. Boot from the ISO and login to the live image via the console, or the multi-layer secured **coresecret** SSH tunnel.

makefile

@@ -23,7 +23,7 @@ SHELL                := /usr/bin/bash
 ### Timestamp at parse time (UTC); can be overridden:
 TIMESTAMP            ?= $(shell date -u +%Y-%m-%dT%H-%M-%S)
 
-### Core parameters (safe defaults; override in config.mk or via CLI):
+### Core parameters (safe defaults; override in config.mk, rename config.mk.sample to config.mk and apply the remaining values):
 ARCH                 ?= amd64
 AUTOBUILD            ?= 6.12.41+deb13-amd64
 CONTROL              ?= $(TIMESTAMP)

var/bash.var.sh

@@ -24,7 +24,7 @@ set -o pipefail          # Makes pipelines return the exit status of the last co
 ### For all options see https://www.gnu.org/software/bash/manual/bash.html#The-Shopt-Builtin
 shopt -s failglob        # If set, patterns that fail to match filenames during filename expansion result in an expansion error.
 shopt -s inherit_errexit # If set, command substitution inherits the value of the errexit option instead of unsetting it in the
-                         # subshell environment. This option is enabled when POSIX mode is enabled.
+                         # subshell environment.
 shopt -s lastpipe        # If set, and job control is not active, the shell runs the last command of a pipeline not executed in
                          # the background in the current shell environment.
 shopt -u expand_aliases  # If set, aliases are expanded as described. This option is enabled by default for interactive shells.