diff --git a/.archive/.0000_lib_usage.sh b/.archive/.0000_lib_usage.sh
index ed53ee1..0830693 100644
--- a/.archive/.0000_lib_usage.sh
+++ b/.archive/.0000_lib_usage.sh
@@ -21,7 +21,7 @@ usage() {
clear
cat << EOF
$(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.13.002.2025.08.11\e[0m")
+$(echo -e "\e[92mMaster V8.13.004.2025.08.21\e[0m")
$(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m")
$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
diff --git a/.editorconfig b/.editorconfig
index 164cb8f..6cbc06b 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -25,6 +25,10 @@ charset = utf-8
insert_final_newline = true
trim_trailing_whitespace = true
+[{makefile,*.mk}]
+indent_style = tab
+tab_width = 8
+
[*.md]
end_of_line = lf
# Markdown benefits from a final newline for POSIX tools
diff --git a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
index 3bee0ee..3261c4c 100644
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
attributes:
label: "Version"
description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
- placeholder: "e.g., Master V8.13.002.2025.08.11"
+ placeholder: "e.g., Master V8.13.004.2025.08.21"
validations:
required: true
diff --git a/.gitea/TODO/dockerfile b/.gitea/TODO/dockerfile
index ef7923c..0a9a22a 100644
--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
FROM debian:bookworm
diff --git a/.gitea/TODO/render-md-to-html.yaml b/.gitea/TODO/render-md-to-html.yaml
index 02d6a8c..31ceb4e 100644
--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
name: ๐ Render README.md to README.html.
diff --git a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
index 92d7723..3cec668 100644
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.13.002.2025.08.11
+ version: V8.13.004.2025.08.21
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
index 92d7723..3cec668 100644
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.13.002.2025.08.11
+ version: V8.13.004.2025.08.21
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/trigger/t_generate_PUBLIC.yaml b/.gitea/trigger/t_generate_PUBLIC.yaml
index 92d7723..3cec668 100644
--- a/.gitea/trigger/t_generate_PUBLIC.yaml
+++ b/.gitea/trigger/t_generate_PUBLIC.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.13.002.2025.08.11
+ version: V8.13.004.2025.08.21
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/trigger/t_generate_dns.yaml b/.gitea/trigger/t_generate_dns.yaml
index 92d7723..3cec668 100644
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
build:
counter: 1023
- version: V8.13.002.2025.08.11
+ version: V8.13.004.2025.08.21
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
index 49969c4..342001a 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
name: ๐ Generating a Private Live ISO FLV 0.
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
index a288bcc..366a2be 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
name: ๐ Generating a Private Live ISO FLV 1.
diff --git a/.gitea/workflows/generate_PUBLIC_iso.yaml b/.gitea/workflows/generate_PUBLIC_iso.yaml
index 3638630..5dfa5b1 100644
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
name: ๐ Generating a PUBLIC Live ISO.
diff --git a/.gitea/workflows/linter_char_scripts.yaml b/.gitea/workflows/linter_char_scripts.yaml
index 1e4de1a..0f79486 100644
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
# Gitea Workflow: Shell-Script Linting
#
diff --git a/.gitea/workflows/render-dnssec-status.yaml b/.gitea/workflows/render-dnssec-status.yaml
index 8ebd788..9d0c3ff 100644
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
name: ๐ก๏ธ Retrieve DNSSEC status of coresecret.dev.
diff --git a/.gitea/workflows/render-dot-to-png.yaml b/.gitea/workflows/render-dot-to-png.yaml
index aebc258..3f3c59c 100644
--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
name: ๐ Render Graphviz Diagrams.
diff --git a/.gitignore b/.gitignore
index a8eaff4..80f0895 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,5 +16,6 @@ target/
*.DS_Store
*.log
*.ps1
+config.mk
Thumbs.db
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
diff --git a/.version.properties b/.version.properties
index ac3d839..760fca4 100644
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.13.002.2025.08.11"
+properties_version="V8.13.004.2025.08.21"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
diff --git a/CISS.debian.live.builder.spdx b/CISS.debian.live.builder.spdx
index 9985ce5..ae36704 100644
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.13.002.2025.08.11
+PackageVersion: Master V8.13.004.2025.08.21
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
diff --git a/README.md b/README.md
index fa68e30..f4592eb 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
gitea: none
include_toc: true
---
-[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[](https://git.coresecret.dev/msw/CISS.debian.live.builder)
[](https://eupl.eu/1.2/en/)
[](https://opensource.org/license/eupl-1-2)
@@ -26,7 +26,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -89,7 +89,7 @@ or shell-access, also via the forthcoming `CISS.debian.installer`. Such a versio
provisions the target device from embedded source artifacts, and reboots into a fully encrypted system image. The system then
awaits the decryption passphrase input via an embedded Dropbear SSH server (SSH PubKey only) in the initramfs, exposing no ports
without cryptographic hardened access, while also the `/boot` partition could be encrypted via the built-in support of
-`grub2 (2.12-1~bpo12+1)`.
+`grub2 (2.12-9)`.
This approach provides a fully reproducible, audit-friendly, and tamper-resistant provisioning workflow rooted entirely in
source-defined infrastructure logic.
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
-Example: `V8.13.002.2025.08.11`
+Example: `V8.13.004.2025.08.21`
`x.y.z` represents major (x), minor (y), and patch (z) version increments.
diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh
index ed00f64..b6e604d 100644
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -59,7 +59,7 @@ declare -grx VAR_WORKDIR="$(dirname "${SCRIPT_FULLPATH}")"
exit "${ERR_NOT_USER_0}"
}
-### Not called by sh.
+### Check to be not called by sh.
# shellcheck disable=2312
[[ $(kill -l | grep -c SIG) -eq 0 ]] && {
. ./var/global.var.sh
@@ -67,7 +67,7 @@ declare -grx VAR_WORKDIR="$(dirname "${SCRIPT_FULLPATH}")"
exit "${ERR_UNSPPTBASH}"
}
-### Not sourced.
+### Check to be not sourced.
[[ "${BASH_SOURCE[0]}" != "$0" ]] && {
. ./var/global.var.sh
printf "\e[91mโ This script must be executed, not sourced. Please run '%s' directly! Bye... \e[0m\n" "$0" >&2
@@ -107,13 +107,13 @@ for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/lib_usage.sh ; usa
for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/lib_version.sh; version; exit 0;; esac; done
### ALL CHECKS DONE. READY TO START THE SCRIPT
+source_guard "./var/bash.var.sh"
check_git
for arg in "$@"; do case "${arg,,}" in -d|--debug) . ./meta_sources_debug.sh; debugger "${@}";; esac; done
declare -gx VAR_SETUP="true"
### SOURCING VARIABLES
[[ "${VAR_SETUP}" == true ]] && {
- source_guard "./var/bash.var.sh"
source_guard "./var/color.var.sh"
source_guard "./var/global.var.sh"
}
diff --git a/config.mk.sample b/config.mk.sample
new file mode 100644
index 0000000..c851e43
--- /dev/null
+++ b/config.mk.sample
@@ -0,0 +1,21 @@
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-08-21; WEIDNER, Marc S.;
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.;
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+BUILD_DIR ?=
+PROVIDER_NETCUP_IPV6 ?=
+ROOT_PASSWORD_FILE ?=
+SSH_PORT ?=
+SSH_PUBKEY ?=
+
+### Comma-separated jump hosts (can be empty):
+JUMP_HOSTS ?=
+
+# vim: set ft=make noet ts=8 sw=8
diff --git a/config/includes.chroot/etc/ssh/sshd_config b/config/includes.chroot/etc/ssh/sshd_config
index dacbe65..1be34bb 100644
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
diff --git a/config/includes.chroot/etc/sysctl.d/99_local.hardened b/config/includes.chroot/etc/sysctl.d/99_local.hardened
index 29f63dd..44c27c0 100644
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.002.2025.08.11
+### Version Master V8.13.004.2025.08.21
### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/
diff --git a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
index ac5f451..554b4a2 100644
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.13.002.2025.08.11"
+declare -gr VERSION="Master V8.13.004.2025.08.21"
### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then
diff --git a/config/includes.chroot/preseed/preseed.cfg b/config/includes.chroot/preseed/preseed.cfg
index e8cc91e..5100d29 100644
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/
###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.13.002.2025.08.11 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.13.004.2025.08.21 at: 10:18:37.9542
diff --git a/docs/AUDIT_DNSSEC.md b/docs/AUDIT_DNSSEC.md
index b0373f6..b246dde 100644
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. DNSSEC Status
diff --git a/docs/AUDIT_HAVEGED.md b/docs/AUDIT_HAVEGED.md
index 6fbe502..6d1b964 100644
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Haveged Audit on Netcup RS 2000 G11
diff --git a/docs/AUDIT_LYNIS.md b/docs/AUDIT_LYNIS.md
index 7f16e1d..33c99fb 100644
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Lynis Audit:
diff --git a/docs/AUDIT_SSH.md b/docs/AUDIT_SSH.md
index 1a75f70..c893390 100644
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. SSH Audit by ssh-audit.com
diff --git a/docs/AUDIT_TLS.md b/docs/AUDIT_TLS.md
index 91e6800..69f5e38 100644
--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. TLS Audit:
diff --git a/docs/BOOTPARAMS.md b/docs/BOOTPARAMS.md
index 8d68b82..8eb89a8 100644
--- a/docs/BOOTPARAMS.md
+++ b/docs/BOOTPARAMS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Hardened Kernel Boot Parameters
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 45e225d..e84c000 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,10 +8,13 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Changelog
+## V8.13.004.2025.08.21
+* **Added**: [makefile](../makefile)
+
## V8.13.002.2025.08.11
* **Added**: [lib_source_guard.sh](../lib/lib_source_guard.sh)
* **Added**: [sources.list](../config/includes.chroot/etc/apt/sources.list)
diff --git a/docs/CNET.md b/docs/CNET.md
index d0aea10..e370438 100644
--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Centurion Net - Developer Branch Overview
diff --git a/docs/CODING_CONVENTION.md b/docs/CODING_CONVENTION.md
index dc6255b..1654083 100644
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Coding Style
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index 0c156d6..70622de 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Contributing / participating
diff --git a/docs/CREDITS.md b/docs/CREDITS.md
index 8d22f6d..1b88057 100644
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Credits
diff --git a/docs/DL_PUB_ISO.md b/docs/DL_PUB_ISO.md
index 1490e5e..f7170b4 100644
--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Download the latest PUBLIC CISS.debian.live.ISO
diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md
index 28bf592..43a904e 100644
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2.1. Usage
````text
CISS.debian.live.builder
-Master V8.13.002.2025.08.11
+Master V8.13.004.2025.08.21
A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025
@@ -136,7 +136,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
# 2.2. Contact
````text
CISS.debian.live.builder
-Master V8.13.002.2025.08.11
+Master V8.13.004.2025.08.21
A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
(c) Marc S. Weidner, 2018 - 2025
diff --git a/docs/REFERENCES.md b/docs/REFERENCES.md
index b448d5e..c824ae8 100644
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*
**Master Version**: 8.13
-**Build**: V8.13.002.2025.08.11
+**Build**: V8.13.004.2025.08.21
# 2. Resources
diff --git a/lib/lib_usage.sh b/lib/lib_usage.sh
index 68e507d..a609184 100644
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -35,13 +35,13 @@ usage() {
# shellcheck disable=SC2155
declare var_header=$(center "CLB(1) CISS.debian.live.builder CLB(1)" "${var_cols}")
# shellcheck disable=SC2155
- declare var_footer=$(center "V8.13.002.2025.08.11 2025-08-11 CLB(1)" "${var_cols}")
+ declare var_footer=$(center "V8.13.004.2025.08.21 2025-08-11 CLB(1)" "${var_cols}")
{
echo -e "\e[1;97m${var_header}\e[0m"
echo
echo -e "\e[92mCISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m"
- echo -e "\e[92mMaster V8.13.002.2025.08.11\e[0m"
+ echo -e "\e[92mMaster V8.13.004.2025.08.21\e[0m"
echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m"
echo
echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"
diff --git a/makefile b/makefile
new file mode 100644
index 0000000..8064254
--- /dev/null
+++ b/makefile
@@ -0,0 +1,107 @@
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-08-21; WEIDNER, Marc S.;
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.;
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Use Bash for recipe shells (not /bin/sh)
+SHELL := /usr/bin/bash
+.SHELLFLAGS := -CEeuTo pipefail -O failglob -c
+.ONESHELL :
+.DELETE_ON_ERROR :
+.RECIPEPREFIX := ### Tabstopp
+.DEFAULT_GOAL := live
+
+### Local, unversioned overrides (optional):
+-include config.mk
+
+### Timestamp at parse time (UTC); can be overridden:
+TIMESTAMP ?= $(shell date -u +%Y-%m-%dT%H-%M-%S)
+
+### Core parameters (safe defaults; override in config.mk or via CLI):
+ARCH ?= amd64
+AUTOBUILD ?= 6.12.41+deb13-amd64
+CONTROL ?= $(TIMESTAMP)
+
+### Nice/ionice settings:
+RENICE ?= -19
+REIONICE_CLASS ?= 1
+REIONICE_PRIO ?= 2
+
+### Feature flags (set to empty to disable):
+FLAG_CDI ?= 1
+FLAG_DEBUG ?= 1
+FLAG_DHCP_CENTURION ?= 1
+FLAG_TRIXIE ?= 1
+
+### Reusable canned recipe:
+### Usage: $(call COMPOSE_AND,print) -> prints the fully quoted command
+### $(call COMPOSE_AND,exec) -> execs the command
+define COMPOSE_AND
+ ### Build command as a robust array to avoid word-splitting and globbing issues:
+ cmd=( ./ciss_live_builder.sh )
+ cmd+=( --architecture '$(ARCH)' )
+ cmd+=( --build-directory '$(BUILD_DIR)' )
+ cmd+=( --control '$(CONTROL)' )
+ cmd+=( --root-password-file '$(ROOT_PASSWORD_FILE)' )
+ cmd+=( --ssh-port '$(SSH_PORT)' )
+ cmd+=( --ssh-pubkey '$(SSH_PUBKEY)' )
+ ### Optional flags:
+ [[ -n '$(AUTOBUILD)' ]] && cmd+=( --autobuild=$(AUTOBUILD) )
+ [[ -n '$(FLAG_CDI)' ]] && cmd+=( --cdi )
+ [[ -n '$(FLAG_DEBUG)' ]] && cmd+=( --debug )
+ [[ -n '$(FLAG_DHCP_CENTURION)' ]] && cmd+=( --dhcp-centurion )
+ [[ -n '$(FLAG_TRIXIE)' ]] && cmd+=( --trixie )
+ [[ -n '$(PROVIDER_NETCUP_IPV6)' ]] && cmd+=( --provider-netcup-ipv6 '$(PROVIDER_NETCUP_IPV6)' )
+ [[ -n '$(RENICE)' ]] && cmd+=( --renice-priority '$(RENICE)' )
+ if [[ -n '$(REIONICE_CLASS)' && -n '$(REIONICE_PRIO)' ]]; then
+ cmd+=( --reionice-priority '$(REIONICE_CLASS)' '$(REIONICE_PRIO)' )
+ fi
+ ### Only add the flag if there is actually at least one host:
+ jh_csv='$(strip $(JUMP_HOSTS))'
+ if [[ -n "$$jh_csv" ]]; then
+ ### Disable globbing so [fe80::1] isn't treated as a pattern:
+ set -f
+ IFS=',' read -r -a jh <<< "$$jh_csv"
+ set +f
+ ### Emit a single --jump-host followed by N addresses:
+ cmd+=( --jump-host )
+ for h in "$${jh[@]}"; do
+ [[ -n "$$h" ]] && cmd+=( "$$h" )
+ done
+ fi
+ ## Act according to the requested mode ($(1) = print|exec):
+ case "$(1)" in
+ print)
+ printf '\e[92mCommand to run:\e[0m\n'
+ printf '\e[95m%s ' "$${cmd[@]@Q}"; printf '\e[0m\n'
+ ;;
+ exec|"")
+ printf '\e[92mThe following command is executed: \e[0m\n'
+ printf '\n'
+ printf '\e[95m%s ' "$${cmd[@]@Q}"; printf '\e[0m\n'
+ printf '\n'
+ printf '\e[92mScript is loading ... \e[0m\n'
+ exec "$${cmd[@]}"
+ ;;
+ *)
+ printf 'Unknown mode: %s\n' "$(1)" >&2; exit 2
+ ;;
+ esac
+endef
+
+### Targets that reuse the block:
+.PHONY: dry-run live
+
+dry-run:
+ @$(call COMPOSE_AND,print)
+
+live:
+ @$(call COMPOSE_AND,exec)
+
+# vim: set ft=make noet ts=8 sw=8
diff --git a/scripts/9000-cdi-starter b/scripts/9000-cdi-starter
index 903c15e..47e31d5 100644
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ ๐งช '%s' starting ... \e[0m\n" "
# sleep 1
[[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.13.002.2025.08.11 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.13.004.2025.08.21 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
diff --git a/var/early.var.sh b/var/early.var.sh
index c236e3a..fd8df5c 100644
--- a/var/early.var.sh
+++ b/var/early.var.sh
@@ -14,7 +14,7 @@
# shellcheck disable=SC2155
declare -grx VAR_CONTACT="security@coresecret.eu"
-declare -grx VAR_VERSION="Master V8.13.002.2025.08.11"
+declare -grx VAR_VERSION="Master V8.13.004.2025.08.21"
declare -grx VAR_SYSTEM="$(uname -a)"
declare -gx VAR_EARLY_DEBUG="false"
declare -gx VAR_HANDLER_AUTOBUILD="false"