diff --git a/config/hooks/live/9998_sources_list_trixie.chroot b/config/hooks/live/9998_sources_list_trixie.chroot index 3a5009c..2d719ff 100644 --- a/config/hooks/live/9998_sources_list_trixie.chroot +++ b/config/hooks/live/9998_sources_list_trixie.chroot @@ -125,10 +125,10 @@ EOF fi apt-get update -qq -apt-get upgrade -y -apt-get autoclean -y -apt-get autopurge -y -apt-get autoremove -y +apt-get dist-upgrade -y # (= apt full-upgrade) allow installs/replacements/removals. +apt-get autoremove --purge -y # 'autopurge' == 'autoremove --purge'; don't run both. +apt-get clean -y # Stronger than autoclean: removes the entire '.deb'-cache. +rm -rf /var/lib/apt/lists/* # shrink image; apt will repopulate on next 'apt update'. printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}" diff --git a/config/includes.chroot/etc/login.defs b/config/includes.chroot/etc/login.defs index e20f543..b284e9b 100644 --- a/config/includes.chroot/etc/login.defs +++ b/config/includes.chroot/etc/login.defs @@ -171,8 +171,6 @@ CHFN_RESTRICT rwh # the PAM modules configuration. # ENCRYPT_METHOD YESCRYPT -SHA_CRYPT_MIN_ROUNDS 8388608 -SHA_CRYPT_MAX_ROUNDS 8388608 # # Should login be allowed if we can't cd to the home directory? @@ -206,7 +204,9 @@ NONEXISTENT /nonexistent USERGROUPS_ENAB yes # -# Added by CISS.debian.live.builder for redundance -UMASK 077 +# Added by CISS.debian.live.builder for redundancy +UMASK 027 +SHA_CRYPT_MIN_ROUNDS 8388608 +SHA_CRYPT_MAX_ROUNDS 8388608 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf diff --git a/config/package-lists/live.list.amd64.chroot b/config/package-lists/live.list.amd64.chroot index 1b37196..9634490 100644 --- a/config/package-lists/live.list.amd64.chroot +++ b/config/package-lists/live.list.amd64.chroot @@ -8,5 +8,8 @@ # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu + +amd64-microcode grub-efi-amd64-signed -# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh \ No newline at end of file + +# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/package-lists/live.list.arm64.chroot b/config/package-lists/live.list.arm64.chroot index d7029a0..5c9966b 100644 --- a/config/package-lists/live.list.arm64.chroot +++ b/config/package-lists/live.list.arm64.chroot @@ -8,5 +8,7 @@ # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu + grub-efi-arm64-signed -# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh \ No newline at end of file + +# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/package-lists/live.list.common.chroot b/config/package-lists/live.list.common.chroot index b0b79ed..334a96d 100644 --- a/config/package-lists/live.list.common.chroot +++ b/config/package-lists/live.list.common.chroot @@ -69,6 +69,7 @@ git gnupg htop iftop +intel-microcode iproute2 iputils-ping jitterentropy-rngd diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index cff4d98..0f96de3 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -15,6 +15,11 @@ include_toc: true ## V8.13.272.2025.10.22 * **Updated**: [0090_jitterentropy.chroot](../config/hooks/live/0090_jitterentropy.chroot) removed --sp800-90b * **Updated**: [9996_auditd.chroot](../config/hooks/live/9996_auditd.chroot) unified auditd configuration, removed success rules +* **Updated**: [9998_sources_list_trixie.chroot](../config/hooks/live/9998_sources_list_trixie.chroot) + apt-get dist-upgrade -y +* **Updated**: [login.defs](../config/includes.chroot/etc/login.defs) +* **Updated**: [live.list.amd64.chroot](../config/package-lists/live.list.amd64.chroot) + amd64-microcode +* **Updated**: [live.list.common.chroot](../config/package-lists/live.list.common.chroot) + intel-microcode +* **Updated**: [9999-cdi-starter](../scripts/9999-cdi-starter) ## V8.13.256.2025.10.21 * **Updated**: [0007_update_logrotate.chroot](../config/hooks/live/0007_update_logrotate.chroot) diff --git a/scripts/9999-cdi-starter b/scripts/9999-cdi-starter index eaffdfb..e742426 100644 --- a/scripts/9999-cdi-starter +++ b/scripts/9999-cdi-starter @@ -74,7 +74,7 @@ main() { [[ -d "${repo_dir}" ]] && rm -rf "${repo_dir}" - git clone --depth 1 "${repo_url}" "${repo_dir}" + git clone "${repo_url}" "${repo_dir}" chmod 0700 "${repo_dir}/ciss_debian_installer.sh"