From 33e92a4315baae7126b6db298657729beb6da980c45aadf2f3906da9bbfe37ad Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Fri, 7 Nov 2025 17:55:41 +0100
Subject: [PATCH] V8.13.392.2025.11.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 ciss_live_builder.sh | 14 +++++++++-----
 lib/lib_gnupg.sh     | 12 ++++++------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh
index 20fa66f..b11f88e 100644
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -91,27 +91,28 @@ declare -grx  VAR_WORKDIR="$(dirname "${VAR_SETUP_FULL}")"               # '/roo
   exit 1
 }
 
-### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING(), CHECK_GIT().
+### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING().
 . ./var/early.var.sh
 . ./lib/lib_guard_sourcing.sh
 . ./lib/lib_source_guard.sh
 
+### SECURING ENVIRONMENT.
+source_guard "./var/bash.var.sh"
+
 ### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG.
 for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh   ; contact; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh     ; usage  ; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/lib_version.sh   ; version; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -d|--debug)   . ./meta_sources_debug.sh; debugger "${@}";; esac; done
 
-### CHECKING REQUIRED PACKAGES.
-check_pkgs
+### SECURING SECRETS ARTIFACTS.
+find "${VAR_TMP_SECRET}" -type f -exec chmod 0400 {} +
 
 ### ALL CHECKS DONE. READY TO START THE SCRIPT.
-find "${VAR_TMP_SECRET}" -type f -exec chmod 0400 {} +
 declare -grx VAR_SETUP="true"
 
 ### SOURCING VARIABLES.
 [[ "${VAR_SETUP}" == true ]] && {
-  source_guard "./var/bash.var.sh"
   source_guard "./var/color.var.sh"
   source_guard "./var/global.var.sh"
 }
@@ -154,6 +155,9 @@ declare -grx VAR_SETUP="true"
   source_guard "./lib/lib_usage.sh"
 }
 
+### CHECKING REQUIRED PACKAGES.
+check_pkgs
+
 ### ADVISORY LOCK.
 exec 127>/var/lock/ciss_live_builder.lock || {
   printf "\e[91m❌ Cannot open lockfile for writing! Bye... \e[0m\n" >&2
diff --git a/lib/lib_gnupg.sh b/lib/lib_gnupg.sh
index 61a7dcc..038e62f 100644
--- a/lib/lib_gnupg.sh
+++ b/lib/lib_gnupg.sh
@@ -51,24 +51,24 @@ init_gnupg() {
       # shellcheck disable=SC2174
       mkdir -p -m 0700 "${GNUPGHOME}"
 
-      cat << EOF >> "${GNUPGHOME}/gpg-agent.conf"
+      cat << EOF >| "${GNUPGHOME}/gpg-agent.conf"
 allow-loopback-pinentry
 pinentry-program /usr/bin/pinentry-tty
 EOF
 
-      gpgconf --kill gpg-agent || true
+      gpgconf --kill gpg-agent   2>&1 || true
+      gpgconf --create-socketdir 2>&1 || true
 
-      if ! gpgconf --launch gpg-agent >/dev/null 2>&1; then
+      if ! gpgconf --launch gpg-agent >| /tmp/cdlb_gpg-agent.log 2>&1; then
 
         printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ Failed to launch gpg-agent. \e[0m\n"
-        umask "${__umask}"
-        return "${ERR_GPG__AGENT}"
+
 
       fi
 
     else
 
-      printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ VAR_CDLB_INSIDE_RUNNER: [%s] \e[0m\n" "${VAR_CDLB_INSIDE_RUNNER}"
+      printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ VAR_CDLB_INSIDE_RUNNER: [%s] leaving GNUPGHOME untouched.\e[0m\n" "${VAR_CDLB_INSIDE_RUNNER}"
 
     fi