diff --git a/.gitea/trigger/t_generate_dns.yaml b/.gitea/trigger/t_generate_dns.yaml
index dd3b85f..d80b92c 100644
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
build:
counter: 1024
- version: V8.02.768.2025.06.01
+ version: V8.03.127.2025.06.02
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/workflows/generate-iso.yaml b/.gitea/workflows/generate-iso.yaml
index 90bb475..5304828 100644
--- a/.gitea/workflows/generate-iso.yaml
+++ b/.gitea/workflows/generate-iso.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.02.768.2025.06.01
+### Version Master V8.03.127.2025.06.02
name: Generating a private Live ISO.
@@ -160,11 +160,12 @@ jobs:
- name: Checking Centurion Cloud for existing LIVE ISOs.
shell: bash
+ env:
+ NC_BASE: "https://cloud.e2ee.li"
+ SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}"
+ SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
run: |
set -euo pipefail
- NC_BASE="https://cloud.e2ee.li"
- SHARE_TOKEN="${{ secrets.CENTURION_CLOUD_UL_USER }}"
- SHARE_PASS="${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
SHARE_SUBDIR=""
echo "Get directory listing via PROPFIND ..."
@@ -198,10 +199,11 @@ jobs:
- name: Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
shell: bash
+ env:
+ NC_BASE: "https://cloud.e2ee.li"
+ SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}"
+ SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
run: |
- SHARE_TOKEN="${{ secrets.CENTURION_CLOUD_UL_USER }}"
- SHARE_PASS="${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
-
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "โ There must be exactly one .iso file in the directory!"
exit 1
@@ -211,8 +213,8 @@ jobs:
echo "โ
ISO file found: ${VAR_ISO_FILE_NAME}"
fi
- if curl --progress-bar --retry 2 https://cloud.e2ee.li/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
- --upload-file "${VAR_ISO_FILE_PATH}" -u '${SHARE_TOKEN}:${SHARE_PASS}' | cat; then
+ if curl --retry 2 "${NC_BASE}"/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
+ --upload-file "${VAR_ISO_FILE_PATH}" -u '${SHARE_TOKEN}:${SHARE_PASS}'; then
echo "โ
New ISO successfully uploaded."
else
echo "โ Uploading the new ISO failed."
@@ -236,6 +238,7 @@ jobs:
sha512sum "${VAR_ISO_FILE_PATH}" | awk '{print $1}' >| "${VAR_ISO_FILE_SHA512}"
SIGNATURE_FILE="${VAR_ISO_FILE_SHA512}.sign"
touch "${SIGNATURE_FILE}"
+ export GNUPGHOME="$(pwd)/.gnupg"
gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
diff --git a/.gitea/workflows/render-dnssec-status.yaml b/.gitea/workflows/render-dnssec-status.yaml
index f48b3df..14b12de 100644
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.02.768.2025.06.01
+### Version Master V8.03.127.2025.06.02
name: Retrieve the DNSSEC status at the time of updating the repository.
diff --git a/.version.properties b/.version.properties
index f6da7f0..b4b300e 100644
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.hardened.installer framework."
properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.02.768.2025.06.01"
+properties_version="V8.03.127.2025.06.02"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
\ No newline at end of file
diff --git a/CISS.debian.live.builder.spdx b/CISS.debian.live.builder.spdx
index 7b79e2e..45d0036 100644
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.02.768.2025.06.01
+PackageVersion: Master V8.03.127.2025.06.02
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
diff --git a/README.md b/README.md
index b91d720..23f264e 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
gitea: none
include_toc: true
---
-[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
[](https://eupl.eu/1.2/en/)
[](https://opensource.org/license/eupl-1-2)
@@ -26,11 +26,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
-cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`.
+cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. Find here more information to download
+the latest ISO available.
Check out more:
* [CenturionNet Services](https://coresecret.eu/cnet/)
@@ -40,7 +41,7 @@ Check out more:
* [CenturionMeet](https://talk.e2ee.li/)
* [Contact the author](https://coresecret.eu/contact/)
-## 1.1. Notes
+## 1.1. Preliminary Remarks
### 1.1.1. HSM
Please note that all my signing keys are stored in an HSM and that the signing environment is air-gapped. The next step is to
diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh
index 93b209f..ff013d7 100644
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -40,7 +40,7 @@
declare -g VAR_HANDLER_AUTOBUILD="false"
declare -gr VAR_CONTACT="security@coresecret.eu"
-declare -gr VAR_VERSION="Master V8.02.768.2025.06.01"
+declare -gr VAR_VERSION="Master V8.03.127.2025.06.02"
### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
declare arg
diff --git a/config/includes.chroot/etc/ssh/sshd_config b/config/includes.chroot/etc/ssh/sshd_config
index 3818c42..210b6c2 100644
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.02.768.2025.06.01
+### Version Master V8.03.127.2025.06.02
### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
diff --git a/config/includes.chroot/etc/sysctl.d/99_local.hardened b/config/includes.chroot/etc/sysctl.d/99_local.hardened
index 5be1945..13bd66f 100644
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.02.768.2025.06.01
+### Version Master V8.03.127.2025.06.02
### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/
diff --git a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
index 57b4033..b2c7590 100644
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.02.768.2025.06.01"
+declare -gr VERSION="Master V8.03.127.2025.06.02"
### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then
diff --git a/config/includes.chroot/preseed/preseed.cfg b/config/includes.chroot/preseed/preseed.cfg
index 9f06cc8..d9b55d8 100644
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/
###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.02.768.2025.06.01 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.127.2025.06.02 at: 10:18:37.9542
diff --git a/docs/AUDIT_DNSSEC.md b/docs/AUDIT_DNSSEC.md
index 9c9405f..a0cd223 100644
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. DNSSEC Status
diff --git a/docs/AUDIT_HAVEGED.md b/docs/AUDIT_HAVEGED.md
index 9f551db..e80c89f 100644
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. Haveged Audit on Netcup RS 2000 G11
diff --git a/docs/AUDIT_LYNIS.md b/docs/AUDIT_LYNIS.md
index f06d0ef..de1dc45 100644
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. Lynis Audit:
diff --git a/docs/AUDIT_SSH.md b/docs/AUDIT_SSH.md
index ee0b78f..380349c 100644
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. SSH Audit by ssh-audit.com
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index a9b4ea7..402eb39 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# TBA
diff --git a/docs/CODING_CONVENTION.md b/docs/CODING_CONVENTION.md
index f3c33bb..6ff3949 100644
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. Coding Style
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index 9bc9fd3..2e81659 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. Contributors
diff --git a/docs/CREDITS.md b/docs/CREDITS.md
index 3462c4a..2226cc0 100644
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. Credits
diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md
index 81ff950..aaf496d 100644
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. Usage
````text
CISS.debian.live.builder
-Master V8.02.768.2025.06.01
+Master V8.03.127.2025.06.02
(c) Marc S. Weidner, 2018 - 2025
(p) Centurion Press, 2024 - 2025
diff --git a/docs/REFERENCES.md b/docs/REFERENCES.md
index 85dc82c..6f02efe 100644
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.02
-**Build**: V8.02.768.2025.06.01
+**Build**: V8.03.127.2025.06.02
# 2. Resources
diff --git a/lib/lib_check_provider.sh b/lib/lib_check_provider.sh
index 56763ca..ced1e1d 100644
--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -18,7 +18,7 @@
check_provider() {
clear
cat << 'EOF' >| "${VAR_NOTES}"
-Build: Master V8.02.768.2025.06.01
+Build: Master V8.03.127.2025.06.02
Press 'EXIT' to continue with CISS.debian.live.builder.
diff --git a/lib/lib_usage.sh b/lib/lib_usage.sh
index 4828dfc..6875d2e 100644
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -22,7 +22,7 @@ usage() {
cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.02.768.2025.06.01\e[0m")
+$(echo -e "\e[92mMaster V8.03.127.2025.06.02\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
$(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
diff --git a/scripts/9000-cdi-starter b/scripts/9000-cdi-starter
index b2e4254..b361bef 100644
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐งช '%s' starting ... \e[0m\n" "
# sleep 1
[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.02.768.2025.06.01 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.127.2025.06.02 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh