V9.14.024.2026.06.11

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh

@@ -123,7 +123,6 @@ if [ -d "${src_dir}" ]; then
 
 fi
 
-
 ### Install Dropbear configuration ---------------------------------------------------------------------------------------------
 install -m 0444 /etc/dropbear/initramfs/dropbear.conf "${DESTDIR}/etc/dropbear/dropbear.conf"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/dropbear.conf %s/etc/dropbear/dropbear.conf] \n\e[0m" "${DESTDIR}"
@@ -146,6 +145,13 @@ printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/ba
 install -m 0444 /etc/banner "${DESTDIR}/etc/dropbear/banner"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/banner %s/etc/dropbear/banner] \n\e[0m" "${DESTDIR}"
 
+### Ensure live-boot runtime scripts in the initramfs are executable -----------------------------------------------------------
+if [ -d "${DESTDIR}/usr/lib/live/boot" ]; then
+
+  find "${DESTDIR}/usr/lib/live/boot" -type f -exec chmod +x -- {} +
+  printf "\e[92mSuccessfully executed: [find %s/usr/lib/live/boot -type f -exec chmod +x -- {} +] \n\e[0m" "${DESTDIR}"
+
+fi
 ### EOS
 
 printf "\e[92mSuccessfully executed: [/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh] \n\e[0m"

config/includes.chroot/usr/lib/live/boot/0042_ciss_post_decrypt_attest

@@ -26,6 +26,7 @@
 set -eu
 
 printf "\e[95m[INFO] Starting             : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] \n\e[0m"
+sleep 2
 
 ### Check panic command availability -------------------------------------------------------------------------------------------
 if ! command -v panic >/dev/null 2>&1; then
@@ -220,7 +221,7 @@ verify_rootfs_payload() {
   payload_size=""
   payload_hash=""
 
-  payload_size="$(awk -F': ' '/^# rootfs-size-bytes: /{print $2; exit}' "${manifest_path}")"
+  payload_size="$(awk '/^# Bytes[[:space:]]*:[[:space:]]Final filesystem[.]squashfs[[:space:]]+[0-9]+[[:space:]]*$/ {print $NF; exit}' "${manifest_path}")"
   payload_hash="$(awk '($0 !~ /^#/ && NF >= 2){print $1; exit}' "${manifest_path}")"
 
   case "${payload_size}" in

config/includes.chroot/usr/lib/live/boot/9990-overlay.sh

@@ -497,8 +497,25 @@ setup_unionfs ()
 
   ### CISS override for /usr/lib/live/boot/0042_ciss_post_decrypt_attest -------------------------------------------------------
   printf "\e[95m[INFO] Calling              : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] ... \n\e[0m"
-  [ -x /usr/lib/live/boot/0042_ciss_post_decrypt_attest ] && /usr/lib/live/boot/0042_ciss_post_decrypt_attest
+  chmod +x /usr/lib/live/boot/0042_ciss_post_decrypt_attest
+  sleep 2
+
+  if [ -x /usr/lib/live/boot/0042_ciss_post_decrypt_attest ]; then
+
+      if ! /usr/lib/live/boot/0042_ciss_post_decrypt_attest; then
+
+        panic "[FATAL] [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] failed."
+
+      fi
+
+  else
+
+    panic "[FATAL] [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] missing or not executable."
+
+  fi
+
   printf "\e[92m[INFO] Calling              : [/usr/lib/live/boot/0042_ciss_post_decrypt_attest] done. \n\e[0m"
+  sleep 2
   ### CISS override for /usr/lib/live/boot/0042_ciss_post_decrypt_attest -------------------------------------------------------
 
   printf "\e[92m[INFO] Successfully applied : [/usr/lib/live/boot/9990-overlay.sh] \n\e[0m"

lib/lib_trap_on_exit.sh

@@ -63,10 +63,10 @@ trap_on_exit() {
 
       print_scr_exit_non_zero "${errcode}" "${errscrt}" "${errline}" "${errfunc}" "${errcmmd}"
 
-      sanitize_debug_logs || true
-
     fi
 
+    sanitize_debug_logs || true
+
     exit "${errcode}"
 
   fi