V8.04.002.2025.08.11

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml

@@ -10,6 +10,6 @@
 # SPDX-Security-Contact: security@coresecret.eu
 
 build:
-  counter: 1023
+  counter: 1024
   version: V8.04.002.2025.08.11
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml

@@ -270,7 +270,7 @@ jobs:
           timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
           ### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
           ./ciss_live_builder.sh \
-            --autobuild=6.12.38+deb12-amd64 \
+            --autobuild=6.1.0-37-amd64 \
             --architecture amd64 \
             --build-directory /opt/livebuild \
             --control "${timestamp}" \

.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml

@@ -270,7 +270,7 @@ jobs:
           timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
           ### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
           ./ciss_live_builder.sh \
-            --autobuild=6.12.38+deb12-amd64 \
+            --autobuild=6.1.0-37-amd64 \
             --architecture amd64 \
             --build-directory /opt/livebuild \
             --control "${timestamp}" \

.gitea/workflows/generate_PUBLIC_iso.yaml

@@ -271,7 +271,7 @@ jobs:
           timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
           ### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
           ./ciss_live_builder.sh \
-            --autobuild=6.12.38+deb12-amd64 \
+            --autobuild=6.1.0-37-amd64 \
             --architecture amd64 \
             --build-directory /opt/livebuild \
             --control "${timestamp}" \

config/hooks/live/9950_fail2ban_hardening.chroot

@@ -33,8 +33,8 @@ cat << 'EOF' >| /etc/fail2ban/jail.d/centurion-default.conf
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
-# SPDX-PackageName: CISS.2025.debian.live.builder
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
 [DEFAULT]

config/hooks/live/9998_sources_list_bookworm.chroot

@@ -28,8 +28,8 @@ cat << 'EOF' >| /etc/apt/sources.list
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
-# SPDX-PackageName: CISS.2025.debian.live.builder
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 #-----------------------------------------------------------------------------------------#
 #                                  OFFICIAL DEBIAN REPOS
@@ -56,4 +56,4 @@ printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e
 # sleep 1
 
 exit 0
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

config/hooks/live/9998_sources_list_trixie.chroot

@@ -20,34 +20,86 @@ if [[ -f /etc/apt/sources.list ]]; then
   mv /etc/apt/sources.list /root/.ciss/dlb/backup/sources.list.bak
 fi
 
-cat << 'EOF' >| /etc/apt/sources.list
+cat << EOF >| /etc/apt/sources.list.d/trixie.sources
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-CreationInfo: 2025-08-11; WEIDNER, Marc S.; <cendev@coresecret.eu>
 # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
-# SPDX-PackageName: CISS.2025.debian.live.builder
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-#-----------------------------------------------------------------------------------------#
-#                                  OFFICIAL DEBIAN REPOS
-#-----------------------------------------------------------------------------------------#
 
-### Debian Main Repos Bookworm
+Types: deb deb-src
+URIs: https://deb.debian.org/debian/
+Suites: trixie
+Components: main contrib non-free non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
 
-deb https://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
-deb-src https://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+EOF
 
-deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
-deb-src http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+cat << EOF >| /etc/apt/sources.list.d/trixie-security.sources
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-08-11; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
 
-deb https://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
-deb-src https://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
+Types: deb deb-src
+URIs: https://security.debian.org/debian-security/
+Suites: trixie-security
+Components: main contrib non-free non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
 
-deb https://deb.debian.org/debian/ trixie-backports main contrib non-free non-free-firmware
-deb-src https://deb.debian.org/debian/ trixie-backports main contrib non-free non-free-firmware
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+EOF
+
+cat << EOF >| /etc/apt/sources.list.d/trixie-updates.sources
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-08-11; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+Types: deb deb-src
+URIs: https://deb.debian.org/debian/
+Suites: trixie-updates
+Components: main contrib non-free non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+EOF
+
+cat << EOF >| /etc/apt/sources.list.d/trixie-backports.sources
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-08-11; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+Types: deb deb-src
+URIs: https://deb.debian.org/debian/
+Suites: trixie-backports
+Components: main contrib non-free non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
 
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF

config/includes.chroot/preseed/.lib/sshd_config.lib

@@ -5,8 +5,8 @@
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
-# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
-# SPDX-PackageName: CISS.2025.debian.live.builder
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
 Include /etc/ssh/sshd_config.d/*.conf
@@ -115,4 +115,4 @@ HostbasedAuthentication no
 # PermitUserEnvironment no
 # IgnoreUserKnownHosts no
 
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

docs/CHANGELOG.md

@@ -13,102 +13,102 @@ include_toc: true
 # 2. Changelog
 
 ## V8.04.002.2025.08.11
-* Added: [lib_source_guard.sh](../lib/lib_source_guard.sh)
-* Updated: [bash.var.sh](../var/bash.var.sh)
-* Updated: Support for Debian Trixie via Argument ``--trixie``
-* Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.38+deb12-amd64``
+* **Added**: [lib_source_guard.sh](../lib/lib_source_guard.sh)
+* **Updated**: [bash.var.sh](../var/bash.var.sh)
+* **Updated**: Support for Debian Trixie via Argument ``--trixie``
+* **Updated**: LIVE ISO workflows to use Kernel: ``linux-image-6.1.0-37-amd64``
 
 ## V8.03.920.2025.08.07
 
-* Updated: [lib_arg_parser.sh](../lib/lib_arg_parser.sh)
-* Updated: [ciss_live_builder.sh](../ciss_live_builder.sh)
-* Updated: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
+* **Updated**: [lib_arg_parser.sh](../lib/lib_arg_parser.sh)
+* **Updated**: [ciss_live_builder.sh](../ciss_live_builder.sh)
+* **Updated**: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
 
 ## V8.03.912.2025.07.23
 
-* Updated: [alias](../config/includes.chroot/root/.ciss/alias)
-* Updated: [clean_logout.sh](../config/includes.chroot/root/.ciss/clean_logout.sh)
-* Updated: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
-* Updated: [scan_libwrap](../config/includes.chroot/root/.ciss/scan_libwrap)
-* Updated: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
-* Updated: [.bashrc](../config/includes.chroot/root/.bashrc)
+* **Updated**: [alias](../config/includes.chroot/root/.ciss/alias)
+* **Updated**: [clean_logout.sh](../config/includes.chroot/root/.ciss/clean_logout.sh)
+* **Updated**: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
+* **Updated**: [scan_libwrap](../config/includes.chroot/root/.ciss/scan_libwrap)
+* **Updated**: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
+* **Updated**: [.bashrc](../config/includes.chroot/root/.bashrc)
 
 ## V8.03.896.2025.07.22
 
-* Added: [.shellcheckrc](../.shellcheckrc)
-* Bugfixes: [ciss_live_builder.sh](../ciss_live_builder.sh)
-* Updated: [0810_chrony_setup.chroot](../config/hooks/live/0810_chrony_setup.chroot)
+* **Added**: [.shellcheckrc](../.shellcheckrc)
+* **Bugfixes**: [ciss_live_builder.sh](../ciss_live_builder.sh)
+* **Updated**: [0810_chrony_setup.chroot](../config/hooks/live/0810_chrony_setup.chroot)
 
 ## V8.03.880.2025.07.19
 
-* Updated: [alias](../config/includes.chroot/root/.ciss/alias)
-* Updated: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
-* Added: Package ``ncdu``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
-* Added: ``TrustedUserCAKeys none``: [sshd_config](../config/includes.chroot/etc/ssh/sshd_config)
+* **Updated**: [alias](../config/includes.chroot/root/.ciss/alias)
+* **Updated**: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
+* **Added**: Package ``ncdu``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
+* **Added**: ``TrustedUserCAKeys none``: [sshd_config](../config/includes.chroot/etc/ssh/sshd_config)
 
 ## V8.03.864.2025.07.15
 
-* Updated: [0010_dhcp_supersede.sh](../scripts/0010_dhcp_supersede.sh)
-* Added: [BOOTPARAMS.md](BOOTPARAMS.md)
-* Added: Package ``cpuid``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
+* **Updated**: [0010_dhcp_supersede.sh](../scripts/0010_dhcp_supersede.sh)
+* **Added**: [BOOTPARAMS.md](BOOTPARAMS.md)
+* **Added**: Package ``cpuid``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
 
 ## V8.03.832.2025.06.25
 
-* Added: [lib_version.sh](../lib/lib_version.sh)
-* Updated:
+* **Added**: [lib_version.sh](../lib/lib_version.sh)
+* **Updated**:
   * [lib_contact.sh](../lib/lib_contact.sh)
   * [lib_usage.sh](../lib/lib_usage.sh)
-* Packages added:
+* **Packages added**:
   * https://packages.debian.org/bookworm/fio
   * https://packages.debian.org/bookworm/stress 
-* Timezone changed to ``Etc/UTC``
+* **Updated**: Timezone changed to ``Etc/UTC``
 
 ## V8.03.832.2025.06.24
 
-* Updated:
+* **Updated**:
   * [lib_check_provider.sh](../lib/lib_check_provider.sh)
   * [lib_debug_header.sh](../lib/lib_debug_header.sh)
   * [lib_trap_on_err.sh](../lib/lib_trap_on_err.sh)
-* The Debian package ``bat`` will be installed to enable smooth log reading.
+* **Added**: The Debian package ``bat`` will be installed to enable smooth log reading.
 
 ## V8.03.768.2025.06.23
 
-* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Removal of Lock FD and Artifacts.
+* **Updated**: [lib_clean_up.sh](../lib/lib_clean_up.sh): Removal of Lock FD and Artifacts.
 * Rearranged VARs sourcing: [early.var.sh](../var/early.var.sh)
 * Rearranged DEBUG XTRACE sourcing: [meta_sources_debug.sh](../meta_sources_debug.sh)
-* Added Git Repo specific VARs: [lib_debug_var_git.sh](../lib/lib_git_var.sh)
-* Added ``guard_sourcing()``: [lib_guard_sourcing.sh](../lib/lib_guard_sourcing.sh)
-  * to prevent the caller LIB-file from being sourced twice.
+* **Added**: Git Repo specific VARs: [lib_debug_var_git.sh](../lib/lib_git_var.sh)
+* **Added**: ``guard_sourcing()``: [lib_guard_sourcing.sh](../lib/lib_guard_sourcing.sh)
+  to prevent the caller LIB-file from being sourced twice.
 
 ## V8.03.768.2025.06.19
 
 * Minor main script improvements.
-* Updated [lib_usage.sh](../lib/lib_usage.sh) output.
+* **Updated**: [lib_usage.sh](../lib/lib_usage.sh) output.
 
 ## V8.03.768.2025.06.18
 
 * Minor main script improvements.
-* Updated contact section.
+* **Updated**: Contact section.
 * Integrated third ``dns03.eddns.eu`` Centurion DNS Resolver.
 
 ## V8.03.768.2025.06.17
 
-* Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.30+bpo-amd64``
+* **Updated**: LIVE ISO workflows to use Kernel: ``linux-image-6.12.30+bpo-amd64``
 
 ## V8.03.768.2025.06.11
 
-* Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.27+bpo-amd64``
+* **Updated**: LIVE ISO workflows to use Kernel: ``linux-image-6.12.27+bpo-amd64``
 
 ## V8.03.768.2025.06.09
 
-* Added: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
-* Updated: [alias](../config/includes.chroot/root/.ciss/alias)
+* **Added**: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
+* **Updated**: [alias](../config/includes.chroot/root/.ciss/alias)
   * ``scurl()``
   * ``swget()``
 
 ## V8.03.644.2025.06.07
 
-* Updated workflows ISO Generators Runners. 
+* **Updated**: Workflows ISO Generators Runners. 
 * Installing ``bookworm-backports`` Versions of:
   * ``btrfs-progs``
   * ``curl``
@@ -129,7 +129,7 @@ include_toc: true
 
 ## V8.03.512.2025.06.06
 
-* Updated workflows: 
+* **Updated**: Workflows: 
   1. ``git stash push``
   2. ``git fetch origin master``
   3. ``git merge --no-edit origin/master``