msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.03.400.2025.06.05

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-06-05 20:18:30 +02:00
parent 5eaeb97716
commit 328c58335b
33 changed files with 350 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+1 -1
View File
@@ -27,7 +27,7 @@ body:
attributes:
label: "Version"
description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
placeholder: "e.g., Master V8.03.384.2025.06.03"
placeholder: "e.g., Master V8.03.400.2025.06.05"
validations:
required: true
.gitea/TODO/render-md-to-html.yaml
+1 -1
View File
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.384.2025.06.03
### Version Master V8.03.400.2025.06.05
name: Render README.md to README.html.
.gitea/trigger/t_generate_dns.yaml
+1 -1
View File
@@ -11,5 +11,5 @@
build:
counter: 1023
version: V8.03.384.2025.06.03
version: V8.03.400.2025.06.05
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+104 -2
View File
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.384.2025.06.03
### Version Master V8.03.400.2025.06.05
name: Generating a Private Live ISO FLV 0.
@@ -30,7 +30,7 @@ jobs:
### Run all steps inside Debian Bookworm
container:
image: debian:trixie
image: debian:bookworm
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
@@ -62,6 +62,108 @@ jobs:
wget \
whois
- name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
shell: bash
run: |
urls=(
"https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo "️ Skipping download, package already exists: '${archive_name}'."
fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
echo "✅ Extraction successful: '${archive_name}'."
else
echo "❌ Extraction not successful: '${archive_name}'."
exit 1
fi
else
echo "️ Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
mkdir -p build
cd build || { echo "❌ Could not change to '/build'."; exit 1; }
sudo ../configure > /dev/null 2>&1 || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
echo "✅ All packages were built and installed successfully."
mv_bin=(
"/usr/bin/gpg"
"/usr/bin/gpg-agent"
"/usr/bin/gpgconf"
"/usr/bin/gpg-connect-agent"
"/usr/bin/gpg-wks-client"
"/usr/bin/gpg-preset-passphrase"
)
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
if mv "${bin}" "${bin}.debian-backup"; then
echo "✅ Moved successfully: '${bin}'."
else
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo "️ Does not exist as build binary: '${bin}'."
fi
done
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "/usr/local/bin/${name}" ]]; then
if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
echo "✅ 'update-alternatives' successfully: '${bin}'."
else
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo "️ Does not exist: '/usr/local/bin/${name}'."
fi
done
sudo ldconfig
gpgconf --kill all
/usr/local/bin/gpg-agent --daemon
- name: ⚙️ Check GnuPG Version.
shell: bash
run: |
.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+104 -2
View File
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.384.2025.06.03
### Version Master V8.03.400.2025.06.05
name: Generating a Private Live ISO FLV 1.
@@ -30,7 +30,7 @@ jobs:
### Run all steps inside Debian Bookworm
container:
image: debian:trixie
image: debian:bookworm
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
@@ -62,6 +62,108 @@ jobs:
wget \
whois
- name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
shell: bash
run: |
urls=(
"https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo "️ Skipping download, package already exists: '${archive_name}'."
fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
echo "✅ Extraction successful: '${archive_name}'."
else
echo "❌ Extraction not successful: '${archive_name}'."
exit 1
fi
else
echo "️ Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
mkdir -p build
cd build || { echo "❌ Could not change to '/build'."; exit 1; }
sudo ../configure > /dev/null 2>&1 || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
echo "✅ All packages were built and installed successfully."
mv_bin=(
"/usr/bin/gpg"
"/usr/bin/gpg-agent"
"/usr/bin/gpgconf"
"/usr/bin/gpg-connect-agent"
"/usr/bin/gpg-wks-client"
"/usr/bin/gpg-preset-passphrase"
)
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
if mv "${bin}" "${bin}.debian-backup"; then
echo "✅ Moved successfully: '${bin}'."
else
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo "️ Does not exist as build binary: '${bin}'."
fi
done
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "/usr/local/bin/${name}" ]]; then
if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
echo "✅ 'update-alternatives' successfully: '${bin}'."
else
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo "️ Does not exist: '/usr/local/bin/${name}'."
fi
done
sudo ldconfig
gpgconf --kill all
/usr/local/bin/gpg-agent --daemon
- name: ⚙️ Check GnuPG Version.
shell: bash
run: |
.gitea/workflows/generate_PUBLIC_iso.yaml
+104 -2
View File
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.384.2025.06.03
### Version Master V8.03.400.2025.06.05
name: Generating a PUBLIC Live ISO.
@@ -30,7 +30,7 @@ jobs:
### Run all steps inside Debian Bookworm
container:
image: debian:trixie
image: debian:bookworm
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
@@ -62,6 +62,108 @@ jobs:
wget \
whois
- name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
shell: bash
run: |
urls=(
"https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo "️ Skipping download, package already exists: '${archive_name}'."
fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
echo "✅ Extraction successful: '${archive_name}'."
else
echo "❌ Extraction not successful: '${archive_name}'."
exit 1
fi
else
echo "️ Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
mkdir -p build
cd build || { echo "❌ Could not change to '/build'."; exit 1; }
sudo ../configure > /dev/null 2>&1 || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
echo "✅ All packages were built and installed successfully."
mv_bin=(
"/usr/bin/gpg"
"/usr/bin/gpg-agent"
"/usr/bin/gpgconf"
"/usr/bin/gpg-connect-agent"
"/usr/bin/gpg-wks-client"
"/usr/bin/gpg-preset-passphrase"
)
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
if mv "${bin}" "${bin}.debian-backup"; then
echo "✅ Moved successfully: '${bin}'."
else
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo "️ Does not exist as build binary: '${bin}'."
fi
done
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "/usr/local/bin/${name}" ]]; then
if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
echo "✅ 'update-alternatives' successfully: '${bin}'."
else
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo "️ Does not exist: '/usr/local/bin/${name}'."
fi
done
sudo ldconfig
gpgconf --kill all
/usr/local/bin/gpg-agent --daemon
- name: ⚙️ Check GnuPG Version.
shell: bash
run: |
.gitea/workflows/render-dnssec-status.yaml
+1 -1
View File
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.384.2025.06.03
### Version Master V8.03.400.2025.06.05
name: Retrieve DNSSEC status of coresecret.dev.
.gitea/workflows/render-dot-to-png.yaml
+1 -1
View File
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.384.2025.06.03
### Version Master V8.03.400.2025.06.05
name: Render Graphviz Diagrams.
.version.properties
+1 -1
View File
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu"
properties_version="V8.03.384.2025.06.03"
properties_version="V8.03.400.2025.06.05"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
CISS.debian.live.builder.spdx
+1 -1
View File
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder
PackageVersion: Master V8.03.384.2025.06.03
PackageVersion: Master V8.03.400.2025.06.05
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
README.md
+2 -2
View File
@@ -2,7 +2,7 @@
gitea: none
include_toc: true
---
[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.384.2025.06.03-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.400.2025.06.05-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
&nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
ciss_live_builder.sh
+1 -1
View File
@@ -40,7 +40,7 @@
declare -g VAR_HANDLER_AUTOBUILD="false"
declare -gr VAR_CONTACT="security@coresecret.eu"
declare -gr VAR_VERSION="Master V8.03.384.2025.06.03"
declare -gr VAR_VERSION="Master V8.03.400.2025.06.05"
### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
declare arg
config/hooks/live/9994_password_policy.chroot
+2 -2
View File
@@ -83,12 +83,12 @@ minlen = 20
### The maximum number of allowed consecutive same characters in the new password.
### The check is disabled if the value is 0.
maxrepeat = 2
maxrepeat = 3
### The maximum number of allowed consecutive characters of the same class in the
### new password.
### The check is disabled if the value is 0.
maxclassrepeat = 4
maxclassrepeat = 0
### Whether to check for the words from the passwd entry GECOS string of the user.
### The check is enabled if the value is not 0.
config/includes.chroot/etc/ssh/sshd_config
+1 -1
View File
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.384.2025.06.03
### Version Master V8.03.400.2025.06.05
### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
config/includes.chroot/etc/sysctl.d/99_local.hardened
+1 -1
View File
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.384.2025.06.03
### Version Master V8.03.400.2025.06.05
### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/
config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+1 -1
View File
@@ -10,7 +10,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
declare -gr VERSION="Master V8.03.384.2025.06.03"
declare -gr VERSION="Master V8.03.400.2025.06.05"
### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then
config/includes.chroot/preseed/preseed.cfg
+1 -1
View File
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/
###########################################################################################
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.384.2025.06.03 at: 10:18:37.9542
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.400.2025.06.05 at: 10:18:37.9542
docs/AUDIT_DNSSEC.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. DNSSEC Status
docs/AUDIT_HAVEGED.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Haveged Audit on Netcup RS 2000 G11
docs/AUDIT_LYNIS.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Lynis Audit:
docs/AUDIT_SSH.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. SSH Audit by ssh-audit.com
docs/AUDIT_TLS.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. TLS Audit:
docs/CHANGELOG.md
+6 -1
View File
@@ -8,10 +8,15 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Changelog
## V8.03.400.2025.06.05
* The workflow image was changed to ``debian:bookworm``.
* Added a LIVE ISO workflow routine to build GnuPG from sources, since Bookworm GPG does not recognize key format 5.
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
docs/CNET.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Centurion Net - Developer Branch Overview
docs/CODING_CONVENTION.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Coding Style
docs/CONTRIBUTING.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Contributing / participating
docs/CREDITS.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Credits
docs/DL_PUB_ISO.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO
docs/DOCUMENTATION.md
+2 -2
View File
@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Usage
````text
CISS.debian.live.builder
Master V8.03.384.2025.06.03
Master V8.03.400.2025.06.05
(c) Marc S. Weidner, 2018 - 2025
(p) Centurion Press, 2024 - 2025
docs/REFERENCES.md
+1 -1
View File
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.384.2025.06.03<br>
**Build**: V8.03.400.2025.06.05<br>
# 2. Resources
lib/lib_check_provider.sh
+1 -1
View File
@@ -18,7 +18,7 @@
check_provider() {
clear
cat << 'EOF' >| "${VAR_NOTES}"
Build: Master V8.03.384.2025.06.03
Build: Master V8.03.400.2025.06.05
Press 'EXIT' to continue with CISS.debian.live.builder.
lib/lib_usage.sh
+1 -1
View File
@@ -22,7 +22,7 @@ usage() {
cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m")
$(echo -e "\e[92mMaster V8.03.384.2025.06.03\e[0m")
$(echo -e "\e[92mMaster V8.03.400.2025.06.05\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
$(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
scripts/9000-cdi-starter
+1 -1
View File
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
# sleep 1
[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
printf "CISS.debian.installer Master V8.03.384.2025.06.03 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
printf "CISS.debian.installer Master V8.03.400.2025.06.05 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh