From 678c91748fd3f4a44a7ebf696d09f415b974bd9914fbe5025799bf0bf0fee3e3 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Fri, 7 Nov 2025 18:23:26 +0100
Subject: [PATCH] V8.13.392.2025.11.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 .gitea/workflows/generate_PRIVATE_trixie_1.yaml | 4 ++--
 .gitea/workflows/linter_char_scripts.yaml       | 8 ++++----
 ciss_live_builder.sh                            | 7 ++++---
 lib/lib_clean_up.sh                             | 2 +-
 lib/lib_gnupg.sh                                | 3 +--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml
index c4f06b8..7f4d1b0 100644
--- a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml
@@ -131,7 +131,7 @@ jobs:
           set +x
           set -euo pipefail
           umask 0077
-          GNUPGHOME="/dev/shm/gnupg.${GITHUB_RUN_ID}.${GITHUB_JOB}"
+          GNUPGHOME="${PWD}/gnupg.${GITHUB_RUN_ID}.${GITHUB_JOB}"
           # shellcheck disable=SC2174
           mkdir -p -m 0700 "${GNUPGHOME}"
           echo "GNUPGHOME=${GNUPGHOME}"  >> "${GITHUB_ENV}"
@@ -150,7 +150,7 @@ jobs:
 
       - name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
         run: |
-          set +x
+          #set +x
           set -euo pipefail
           git config user.name "Marc S. Weidner BOT"
           git config user.email "msw+bot@coresecret.dev"
diff --git a/.gitea/workflows/linter_char_scripts.yaml b/.gitea/workflows/linter_char_scripts.yaml
index a3b55ce..f7441f3 100644
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -89,7 +89,7 @@ jobs:
         run: |
           set -euo pipefail
           ### GPG-Home relative to the Runner Workspace to avoid changing global files.
-          export GNUPGHOME="$(pwd)/.gnupg"
+          export GNUPGHOME="$(PWD)/.gnupg"
           mkdir -m 700 "${GNUPGHOME}"
           echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
           gpg --batch --import ci-bot.sec.asc
@@ -101,7 +101,7 @@ jobs:
         shell: bash
         run: |
           set -euo pipefail
-          export GNUPGHOME="$(pwd)/.gnupg"
+          export GNUPGHOME="$(PWD)/.gnupg"
           git config user.name "Marc S. Weidner BOT"
           git config user.email "msw+bot@coresecret.dev"
           git config commit.gpgsign true
@@ -268,7 +268,7 @@ jobs:
           GIT_SSH_COMMAND: "ssh -p 42842"
         run: |
           set -euo pipefail
-          export GNUPGHOME="$(pwd)/.gnupg"
+          export GNUPGHOME="$(PWD)/.gnupg"
 
           echo "🔄 Fetching origin/master ..."
           git fetch origin master
@@ -304,7 +304,7 @@ jobs:
           GIT_SSH_COMMAND: "ssh -p 42842"
         run: |
           set -euo pipefail
-          export GNUPGHOME="$(pwd)/.gnupg"
+          export GNUPGHOME="$(PWD)/.gnupg"
 
           if git diff --cached --quiet; then
             echo "✔️ No staged changes to commit."
diff --git a/ciss_live_builder.sh b/ciss_live_builder.sh
index b11f88e..e64733f 100644
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -105,12 +105,13 @@ for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh     ;
 for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/lib_version.sh   ; version; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -d|--debug)   . ./meta_sources_debug.sh; debugger "${@}";; esac; done
 
+### ALL CHECKS DONE. READY TO START THE SCRIPT.
+printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}"
+declare -grx VAR_SETUP="true"
+
 ### SECURING SECRETS ARTIFACTS.
 find "${VAR_TMP_SECRET}" -type f -exec chmod 0400 {} +
 
-### ALL CHECKS DONE. READY TO START THE SCRIPT.
-declare -grx VAR_SETUP="true"
-
 ### SOURCING VARIABLES.
 [[ "${VAR_SETUP}" == true ]] && {
   source_guard "./var/color.var.sh"
diff --git a/lib/lib_clean_up.sh b/lib/lib_clean_up.sh
index 6d105e7..5fe71aa 100644
--- a/lib/lib_clean_up.sh
+++ b/lib/lib_clean_up.sh
@@ -62,7 +62,7 @@ clean_up() {
   # Kill gpg-agent and remove artifacts securely.
   if [[ ! "${VAR_CDLB_INSIDE_RUNNER}" == "true" ]]; then
 
-    if [[ -n "${GNUPGHOME:-}" && -d "${GNUPGHOME}" && "${GNUPGHOME}" == /dev/shm/cdlb_*_gnupg ]]; then
+    if [[ -n "${GNUPGHOME:-}" && -d "${GNUPGHOME}" ]]; then
 
       gpgconf --kill gpg-agent >/dev/null 2>&1 || true
 
diff --git a/lib/lib_gnupg.sh b/lib/lib_gnupg.sh
index 038e62f..5abb4b6 100644
--- a/lib/lib_gnupg.sh
+++ b/lib/lib_gnupg.sh
@@ -46,7 +46,7 @@ init_gnupg() {
 
       printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ VAR_CDLB_INSIDE_RUNNER: [%s] \e[0m\n" "${VAR_CDLB_INSIDE_RUNNER}"
 
-      declare -grx GNUPGHOME="/dev/shm/cdlb_${VAR_ISO8601}_gnupg"
+      declare -grx GNUPGHOME="/${VAR_WORKDIR}/cdlb_${VAR_ISO8601}_gnupg"
 
       # shellcheck disable=SC2174
       mkdir -p -m 0700 "${GNUPGHOME}"
@@ -63,7 +63,6 @@ EOF
 
         printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ Failed to launch gpg-agent. \e[0m\n"
 
-
       fi
 
     else