Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -6,7 +6,9 @@ include_toc: true
|
|||||||
# 1. CISS.debian.live.builder
|
# 1. CISS.debian.live.builder
|
||||||
|
|
||||||
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
|
||||||
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
|
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
|
||||||
|
**Master Version**: 9.14<br>
|
||||||
|
**Build**: V9.14.018.2026.06.07<br>
|
||||||
|
|
||||||
# 2. Purpose
|
# 2. Purpose
|
||||||
|
|
||||||
@@ -45,7 +47,7 @@ Identify the affected phase before changing behavior:
|
|||||||
* `config/includes.chroot/usr/lib/live/boot/*`: live-boot runtime scripts.
|
* `config/includes.chroot/usr/lib/live/boot/*`: live-boot runtime scripts.
|
||||||
* `scripts/*`: source files copied into the generated image or used by build helpers.
|
* `scripts/*`: source files copied into the generated image or used by build helpers.
|
||||||
|
|
||||||
Do not add ad-hoc phase arguments to live-boot or initramfs scripts. Execution phase must be controlled by the directory and
|
Do not add ad-hoc phase arguments to live-boot or initramfs scripts. The execution phase must be controlled by the directory and
|
||||||
hook placement expected by Debian tooling.
|
hook placement expected by Debian tooling.
|
||||||
|
|
||||||
# 5. Bash style
|
# 5. Bash style
|
||||||
@@ -70,7 +72,7 @@ hook placement expected by Debian tooling.
|
|||||||
|
|
||||||
Follow the existing repository naming style:
|
Follow the existing repository naming style:
|
||||||
|
|
||||||
* Global variables are uppercase and initialized before use.
|
* Global variables are uppercased and initialized before use.
|
||||||
* Global arrays use the `ARY_` prefix where this convention already applies.
|
* Global arrays use the `ARY_` prefix where this convention already applies.
|
||||||
* Other established global prefixes include `C_`, `ERR_`, `HMP_`, `LOG_`, `PID_`, `PIPE_`, and `VAR_`.
|
* Other established global prefixes include `C_`, `ERR_`, `HMP_`, `LOG_`, `PID_`, `PIPE_`, and `VAR_`.
|
||||||
* Local variables are lowercase and initialized before use.
|
* Local variables are lowercase and initialized before use.
|
||||||
@@ -87,7 +89,7 @@ Follow the existing repository naming style:
|
|||||||
* Do not print secrets, private keys, passphrases, tokens, or sensitive environment values.
|
* Do not print secrets, private keys, passphrases, tokens, or sensitive environment values.
|
||||||
* Use restrictive permissions for generated secret material.
|
* Use restrictive permissions for generated secret material.
|
||||||
* Prefer `mktemp` for temporary files and clean them up with traps when appropriate.
|
* Prefer `mktemp` for temporary files and clean them up with traps when appropriate.
|
||||||
* Do not create persistent state unless the behavior is intentional and documented.
|
* Do not create a persistent state unless the behavior is intentional and documented.
|
||||||
|
|
||||||
# 8. Dependencies and downloads
|
# 8. Dependencies and downloads
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user