V8.13.064.2025.10.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.archive/.0000_lib_usage.sh

@@ -21,7 +21,7 @@ usage() {
   clear
   cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.13.048.2025.10.06\e[0m")
+$(echo -e "\e[92mMaster V8.13.064.2025.10.07\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m")
 
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")

.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml

@@ -25,7 +25,7 @@ body:
     attributes:
       label: "Version"
       description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.13.048.2025.10.06"
+      placeholder: "e.g., Master V8.13.064.2025.10.07"
     validations:
       required: true
 

.gitea/TODO/dockerfile

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 FROM debian:bookworm
 

.gitea/TODO/render-md-to-html.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 name: 🔁 Render README.md to README.html.
 

.gitea/trigger/t_generate_PRIVATE_trixie_0.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.13.048.2025.10.06
+  version: V8.13.064.2025.10.07
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.13.048.2025.10.06
+  version: V8.13.064.2025.10.07
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_PUBLIC.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.13.048.2025.10.06
+  version: V8.13.064.2025.10.07
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_dns.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.13.048.2025.10.06
+  version: V8.13.064.2025.10.07
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/workflows/generate_PRIVATE_trixie_0.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 name: 🔐 Generating a Private Live ISO TRIXIE.
 

.gitea/workflows/generate_PRIVATE_trixie_1.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 name: 🔐 Generating a Private Live ISO TRIXIE.
 

.gitea/workflows/generate_PUBLIC_iso.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 name: 💙 Generating a PUBLIC Live ISO.
 

.gitea/workflows/linter_char_scripts.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 # Gitea Workflow: Shell-Script Linting
 #

.gitea/workflows/render-dnssec-status.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
 

.gitea/workflows/render-dot-to-png.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 name: 🔁 Render Graphviz Diagrams.
 

.version.properties

@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.13.048.2025.10.06"
+properties_version="V8.13.064.2025.10.07"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf

CISS.debian.live.builder.spdx

@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.13.048.2025.10.06
+PackageVersion: Master V8.13.064.2025.10.07
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder

README.md

@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.13.048.2025.10.06-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.13.064.2025.10.07-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
  
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/)  
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2)  
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -151,7 +151,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
 
 This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
 
-Example: `V8.13.048.2025.10.06`
+Example: `V8.13.064.2025.10.07`
 
 `x.y.z` represents major (x), minor (y), and patch (z) version increments.
 

ciss_live_builder.sh

@@ -143,6 +143,7 @@ declare -gx VAR_SETUP="true"
   source_guard "./lib/lib_lb_config_start.sh"
   source_guard "./lib/lib_lb_config_write.sh"
   source_guard "./lib/lib_lb_config_write_trixie.sh"
+  source_guard "./lib/lib_note_target.sh"
   source_guard "./lib/lib_provider_netcup.sh"
   source_guard "./lib/lib_run_analysis.sh"
   source_guard "./lib/lib_sanitizer.sh"
@@ -236,6 +237,7 @@ change_splash
 check_dhcp
 cdi
 provider_netcup
+note_target
 
 ### Start the build process
 set +o errtrace

config/hooks/live/9980_usb_guard.chroot

@@ -12,34 +12,33 @@
 set -Ceuo pipefail
 
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
-# sleep 1
 
 apt-get install -y usbguard
 
-# sleep 1
+### Preparing USBGuard: see https://www.privacy-handbuch.de/handbuch_91a.htm
-
-# Preparing USBGuard: see https://www.privacy-handbuch.de/handbuch_91a.htm
 touch /tmp/rules.conf
 usbguard generate-policy >> /tmp/rules.conf
 
 if [[ -f /etc/usbguard/rules.conf && -s /etc/usbguard/rules.conf ]]; then
+
   mv /etc/usbguard/rules.conf /root/.ciss/dlb/backup/usbguard_rules.conf.bak
   cp -a /tmp/rules.conf /etc/usbguard/rules.conf
   chmod 0600 /etc/usbguard/rules.conf
+
 else
+
   rm -f /etc/usbguard/rules.conf
   cp -a /tmp/rules.conf /etc/usbguard/rules.conf
   chmod 0600 /etc/usbguard/rules.conf
+
 fi
 
 cp -a /etc/usbguard/usbguard-daemon.conf /root/.ciss/dlb/backup/usbguard-daemon.conf.bak
-sed -i "s/PresentDevicePolicy=apply-policy/PresentDevicePolicy=allow/" /etc/usbguard/usbguard-daemon.conf
+#sed -i "s/PresentDevicePolicy=apply-policy/PresentDevicePolicy=allow/" /etc/usbguard/usbguard-daemon.conf
-# sleep 1
 
 rm -f /tmp/rules.conf
 
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
-# sleep 1
 
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

config/includes.chroot/etc/ssh/sshd_config

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig

config/includes.chroot/etc/sysctl.d/99_local.hardened

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.13.048.2025.10.06
+### Version Master V8.13.064.2025.10.07
 
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/

config/includes.chroot/preseed/.iso/preseed_hash_generator.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-declare -gr VERSION="Master V8.13.048.2025.10.06"
+declare -gr VERSION="Master V8.13.064.2025.10.07"
 
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then

config/includes.chroot/preseed/preseed.cfg

@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.13.048.2025.10.06 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.13.064.2025.10.07 at: 10:18:37.9542

config/includes.chroot/root/.bashrc

@@ -11,8 +11,8 @@
 
 [[ $- != *i* ]] && return
 
-### Never use errexit/pipefail in interactive shells
+### Never use 'errexit' | 'nounset' | 'pipefail' in interactive shells.
-set +o errexit +o pipefail
+set +o errexit +o nounset +o pipefail
 
 trap ' "${SHELL}" /root/.ciss/clean_logout.sh ' EXIT
 source /root/.ciss/alias
@@ -20,9 +20,6 @@ source /root/.ciss/f2bchk.sh
 source /root/.ciss/shortcuts
 source /root/.ciss/scan_libwrap
 
-### Never use 'errexit' | 'nounset' | 'pipefail' in interactive shells.
-set +o errexit +o nounset +o pipefail
-
 ### History
 touch /tmp/.bash_history
 chmod 0660 /tmp/.bash_history
@@ -62,23 +59,15 @@ alias cp="cp -iv"
 alias mv='mv -iv'
 alias rm='rm -iv'
 
-### Welcome message after login
-printf "\n"
-printf "\e[91m🔐 Coresecret Channel Established. \e[0m\n"
-printf "\e[92m✅ Welcome back\e[0m"
-printf "\e[95m '%s' \e[0m" "${USER}"; printf "\e[92m! Type\e[0m"; printf "\e[95m 'celp'\e[0m"; printf "\e[92m for shortcuts. \e[0m\n"
-printf "\n"
-printf "\n"
-
 ### Welcome message after login.
-#printf "\n"
+printf "%b" "${NL}"
-#printf "%s🔐 Coresecret Channel Established. %s%s" "${CRED}" "${CRES}" "${NL}"
+printf "%b🔐 Coresecret Channel Established. %b%b" "${CRED}" "${CRES}" "${NL}"
-#printf "%s✅ Welcome back %s " "${CGRE}" "${CRES}"
+printf "%b✅ Welcome back %b " "${CGRE}" "${CRES}"
-#printf "%s'%s'%s" "${CMAG}" "${USER}" "${CRES}"
+printf "%b'%s'%b" "${CMAG}" "${USER}" "${CRES}"
-#printf "%s! Type%s " "${CGRE}" "${CRES}"
+printf "%b! Type%b" "${CGRE}" "${CRES}"
-#printf "%s'celp'%s " "${CMAG}" "${CRES}"
+printf "%b 'celp'%b" "${CMAG}" "${CRES}"
-#printf "%sfor shortcuts. %s%s" "${CGRE}" "${CRES}" "${NL}"
+printf "%b for shortcuts. %b%b" "${CGRE}" "${CRES}" "${NL}"
-#printf "\n"
+printf "%b" "${NL}"
-#printf "\n"
+printf "%b" "${NL}"
 
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

docs/AUDIT_DNSSEC.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. DNSSEC Status
 

docs/AUDIT_HAVEGED.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Haveged Audit on Netcup RS 2000 G11
 

docs/AUDIT_LYNIS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Lynis Audit:
 

docs/AUDIT_SSH.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. SSH Audit by ssh-audit.com
 

docs/AUDIT_TLS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. TLS Audit:
 ````text

docs/BOOTPARAMS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Hardened Kernel Boot Parameters
 

docs/CHANGELOG.md

@@ -8,10 +8,18 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Changelog
 
+## V8.13.064.2025.10.07
+* **Added**: Verbose status information screen on successful completion.
+* **Added**: Verbose status information in 'CISS.debian.live.iso.'
+* **Updated**: [9000-cdi-starter](../scripts/9000-cdi-starter)
+* **Updated**: [9980_usb_guard.chroot](../config/hooks/live/9980_usb_guard.chroot)
+* **Updated**: [lib_cdi.sh](../lib/lib_cdi.sh) Unified Kernel bootparameter.
+* **Updated**: [lib_lb_config_write_trixie.sh](../lib/lib_lb_config_write_trixie.sh) Unified Kernel bootparameter.
+
 ## V8.13.048.2025.10.06
 * **Updated**: Debian 13 LIVE ISO workflows to use Kernel: ``6.16.3+deb13-amd64``
 * **Updated**: Debian 13 LIVE ISO workflows to use argument: ``--cdi``

docs/CNET.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Centurion Net - Developer Branch Overview
 

docs/CODING_CONVENTION.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Coding Style
 

docs/CONTRIBUTING.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Contributing / participating
 

docs/CREDITS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Credits
 

docs/DL_PUB_ISO.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Download the latest PUBLIC CISS.debian.live.ISO
 

docs/DOCUMENTATION.md

@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2.1. Usage
 ````text
 CISS.debian.live.builder
-Master V8.13.048.2025.10.06
+Master V8.13.064.2025.10.07
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 
 (c) Marc S. Weidner, 2018 - 2025
@@ -136,7 +136,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 # 2.2. Contact
 ````text
 CISS.debian.live.builder
-Master V8.13.048.2025.10.06
+Master V8.13.064.2025.10.07
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 
 (c) Marc S. Weidner, 2018 - 2025

docs/REFERENCES.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.048.2025.10.06<br>
+**Build**: V8.13.064.2025.10.07<br>
 
 # 2. Resources
 

lib/lib_arg_parser.sh

@@ -13,7 +13,7 @@
 guard_sourcing
 
 #######################################
-# Argument Parser
+# Argument Parser.
 # Globals:
 #   ARY_HANDLER_JUMPHOST
 #   ARY_HANDLER_NETCUP_IPV6

lib/lib_cdi.sh

@@ -44,7 +44,7 @@ cdi() {
     tmp_entry="$(mktemp)"
     cat << EOF >| "${tmp_entry}"
 menuentry "CISS Hardened DI (${VAR_KERNEL})" --hotkey=i {
-        linux /live/vmlinuz-${VAR_KERNEL} boot=live verify-checksums live-config.components splash nopersistence toram ramdisk-size=1024M swap=true noeject locales=en_US.UTF-8 keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= timezone=Etc/UTC audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none findiso=\${iso_path}
+        linux /live/vmlinuz-${VAR_KERNEL} boot=live verify-checksums live-config.components splash nopersistence toram ramdisk-size=1024M swap=true noeject locales=en_US.UTF-8 keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= timezone=Etc/UTC audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=0 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none findiso=\${iso_path}
         initrd /live/initrd.img-${VAR_KERNEL}
 }
 EOF

lib/lib_check_pkgs.sh

@@ -72,6 +72,11 @@ check_pkgs() {
 
   fi
 
+  # shellcheck disable=SC2034,SC2155
+  declare -gr VAR_LB_VER="$(lb -v)"
+  # shellcheck disable=SC2034,SC2155
+  declare -gr VAR_DS_VER="$(debootstrap --version)"
+
   return 0
 }
 ### Prevents accidental 'unset -f'.

lib/lib_lb_config_write_trixie.sh

@@ -23,6 +23,8 @@ guard_sourcing
 #   VAR_WORKDIR
 # Arguments:
 #   None
+# Returns:
+#   0: on success
 #######################################
 lb_config_write_trixie() {
   printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Writing new config ... \e[0m\n"
@@ -39,7 +41,7 @@ lb_config_write_trixie() {
     --binary-filesystem fat32 \
     --binary-image iso-hybrid \
     --bootappend-install "auto=true priority=critical clock-setup/utc=true console-setup/ask_detect=false debian-installer/country=US debian-installer/language=en debian-installer/locale=en_US.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/model=pc105 localechooser/supported-locales=en_US.UTF-8 time/zone=Etc/UTC splash audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \
-    --bootappend-live "boot=live components keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= locales=en_US.UTF-8 noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Etc/UTC toram verify-checksums audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force,nosmt nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none" \
+    --bootappend-live "boot=live components keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= locales=en_US.UTF-8 noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Etc/UTC toram verify-checksums audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=0 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none" \
     --bootloaders grub-efi \
     --cache true \
     --checksums sha512 sha256 md5 \
@@ -111,5 +113,10 @@ lb_config_write_trixie() {
   chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
 
   printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Writing new config done.\e[0m\n"
+
+  return 0
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f lb_config_write_trixie
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_note_target.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-10-07; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+#######################################
+# Version file generator for '/root/cdlb.txt' of Live ISO.
+# Globals:
+#   VAR_VERSION
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+note_target() {
+
+  cat << EOF >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/cdlb.txt"
+################################################################################
+  This CISS.debian.live ISO was built by:
+
+  CISS.debian.live.builder from https://git.coresecret.dev/msw
+  A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
+
+  Version     : ${VAR_VERSION}
+  Git         : ${VAR_GIT_REL}
+  Date        : ${VAR_DATE_INFO}
+  Host        : ${VAR_HOST}
+  Bash        : ${VAR_BASH_VER}
+  Debootstrap : ${VAR_DS_VER}
+  Live-Build  : ${VAR_LB_VER}
+
+  This program is free software. Distribution and modification under
+  EUPL-1.2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
+
+  Please file bugs @
+  https://git.coresecret.dev/msw/CISS.debian.live.builder/issues
+
+  Contact
+  https://coresecret.eu/
+  security@coresecret.eu
+  PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD
+  https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD
+
+  Please consider donating to my work at:
+  https://coresecret.eu/spenden/
+################################################################################
+EOF
+
+  return 0
+}
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f note_target
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_run_analysis.sh

@@ -15,15 +15,18 @@ guard_sourcing
 #######################################
 # Wrapper for statistic functions of the final build.
 # Globals:
-#   ERR_UNCRITICAL
 #   VAR_BUILD_LOG
 #   VAR_CHROOT_DIR
 #   VAR_HANDLER_BUILD_DIR
 #   VAR_PACKAGES_FILE
 # Arguments:
 #   None
+# Returns:
+#   0: on success
+#   ERR_UNCRITICAL: on failure
 #######################################
 run_analysis() {
+  clear
   # shellcheck disable=SC2164
   cd "${VAR_HANDLER_BUILD_DIR}"
   # shellcheck disable=SC2155
@@ -51,12 +54,14 @@ run_analysis() {
   declare squash_cpu_used="$(grep -m1 -oP 'Using \K[0-9]+' "${VAR_BUILD_LOG}")"
 
   if [[ -f "${VAR_BUILD_LOG}" ]]; then
+
     # shellcheck disable=SC2155
     declare start_line=$(grep 'lb build' "${VAR_BUILD_LOG}" | head -n1 || true)
     # shellcheck disable=SC2155
     declare end_line=$(grep 'lb source' "${VAR_BUILD_LOG}" | tail -n1 || true)
 
     if [[ -n "${start_line}" && -n "${end_line}" ]]; then
+
       # shellcheck disable=SC2155
       declare start_epoch=$(echo "${start_line}" | sed -E 's/^\[([0-9:-]+ [0-9:]+)\].*/\1/' | xargs -I{} date -d "{}" +%s)
       # shellcheck disable=SC2155
@@ -69,15 +74,21 @@ run_analysis() {
       declare duration_rest=$((duration_sec % 60))
       # shellcheck disable=SC2155
       declare build_duration=$(printf "%02dm:%02ds" "${duration_min}" "${duration_rest}")
+
     else
+
       declare build_duration="(Timestamp not found)"
+
     fi
+
   else
+
     declare build_duration="(No log file found)"
+
   fi
 
   # shellcheck disable=SC2155
-  declare sha_sum=$(sha256sum "$iso_file" | tee "$iso_file.sha256" | awk '{print $1}')
+  declare sha_sum=$(sha256sum "${iso_file}" | tee "${iso_file}.sha256" | awk '{print $1}')
   # shellcheck disable=SC2155
   declare time=$(date '+%Y-%m-%d %H:%M:%S')
 
@@ -94,5 +105,10 @@ run_analysis() {
   printf "\e[92m----------------------------------------------------------------------------------------\e[0m\n"
   printf "\e[97m📅 Analysis Time     : %s \e[0m\n" "${time}"
   printf "\e[92m✅ Analysis completed.\e[0m\n"
+
+  return 0
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f run_analysis
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_trap_on_err.sh

@@ -15,19 +15,23 @@ guard_sourcing
 #######################################
 # Print Error Message for Trap on 'ERR' in ${ERROR_LOG}
 # Globals:
-#   VAR_PARAM_COUNT
-#   VAR_PARAM_STRNG
-#   VAR_ARG_SANITIZED
-#   LOG_DEBUG
 #   ERRCMMD
 #   ERRCODE
 #   ERRFUNC
 #   ERRLINE
 #   ERRSCRT
+#   LOG_DEBUG
 #   LOG_ERROR
 #   LOG_VAR
 #   SECONDS
+#   VAR_ARG_SANITIZED
+#   VAR_BASH_VER
+#   VAR_DS_VER
 #   VAR_EARLY_DEBUG
+#   VAR_GIT_REL
+#   VAR_LB_VER
+#   VAR_PARAM_COUNT
+#   VAR_PARAM_STRNG
 #   VAR_SYSTEM
 #   VAR_VERSION
 # Arguments:
@@ -39,6 +43,9 @@ print_file_err() {
     printf "❌ Git Commit             : %s \n" "${VAR_GIT_REL}"
     printf "❌ Version                : %s \n" "${VAR_VERSION}"
     printf "❌ Hostsystem             : %s \n" "${VAR_SYSTEM}"
+    printf "❌ Bash                   : %s \n" "${VAR_BASH_VER}"
+    printf "❌ Live-Build             : %s \n" "${VAR_LB_VER}"
+    printf "❌ Debootstrap            : %s \n" "${VAR_DS_VER}"
     printf "❌ Error                  : %s \n" "${ERRCODE}"
     printf "❌ Line                   : %s \n" "${ERRLINE}"
     printf "❌ Script                 : %s \n" "${ERRSCRT}"
@@ -48,31 +55,42 @@ print_file_err() {
     printf "❌ Arguments Counter      : %s \n" "${VAR_PARAM_COUNT}"
     printf "❌ Arguments Original     : %s \n" "${VAR_PARAM_STRNG}"
     printf "❌ Arguments Sanitized    : %s \n" "${VAR_ARG_SANITIZED}"
+
     if "${VAR_EARLY_DEBUG}"; then
+
       printf "❌ Vars Dump saved at     : %s \n" "${LOG_VAR}"
       printf "❌ Debug Log saved at     : %s \n" "${LOG_DEBUG}"
       printf "❌ batcat --pager='less -r' %s \n" "${LOG_DEBUG}"
+
     fi
+
     printf "\n"
   } >> "${LOG_ERROR}"
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f print_file_err
 
 #######################################
 # Print Error Message for Trap on 'ERR' on Terminal
 # Globals:
-#   VAR_PARAM_COUNT
-#   VAR_PARAM_STRNG
-#   VAR_ARG_SANITIZED
-#   LOG_DEBUG
 #   ERRCMMD
 #   ERRCODE
 #   ERRFUNC
 #   ERRLINE
 #   ERRSCRT
+#   LOG_DEBUG
 #   LOG_ERROR
 #   LOG_VAR
 #   SECONDS
+#   VAR_ARG_SANITIZED
+#   VAR_BASH_VER
+#   VAR_DS_VER
 #   VAR_EARLY_DEBUG
+#   VAR_GIT_REL
+#   VAR_LB_VER
+#   VAR_PARAM_COUNT
+#   VAR_PARAM_STRNG
 #   VAR_SYSTEM
 #   VAR_VERSION
 # Arguments:
@@ -83,6 +101,9 @@ print_scr_err() {
   printf "\e[91m❌ Git Commit             : %s \e[0m\n" "${VAR_GIT_REL}" >&2
   printf "\e[91m❌ Version                : %s \e[0m\n" "${VAR_VERSION}" >&2
   printf "\e[91m❌ Hostsystem             : %s \e[0m\n" "${VAR_SYSTEM}" >&2
+  printf "\e[91m❌ Bash                   : %s \e[0m\n" "${VAR_BASH_VER}" >&2
+  printf "\e[91m❌ Live-Build             : %s \e[0m\n" "${VAR_LB_VER}" >&2
+  printf "\e[91m❌ Debootstrap            : %s \e[0m\n" "${VAR_DS_VER}" >&2
   printf "\e[91m❌ Error                  : %s \e[0m\n" "${ERRCODE}" >&2
   printf "\e[91m❌ Line                   : %s \e[0m\n" "${ERRLINE}" >&2
   printf "\e[91m❌ Script                 : %s \e[0m\n" "${ERRSCRT}" >&2
@@ -94,13 +115,20 @@ print_scr_err() {
   printf "\e[91m❌ Arguments Sanitized    : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2
   printf "\e[91m❌ Error Log saved at     : %s \e[0m\n" "${LOG_ERROR}" >&2
   printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_ERROR}" >&2
+
   if "${VAR_EARLY_DEBUG}"; then
+
     printf "\e[91m❌ Vars Dump saved at     : %s \e[0m\n" "${LOG_VAR}" >&2
     printf "\e[91m❌ Debug Log saved at     : %s \e[0m\n" "${LOG_DEBUG}" >&2
     printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}" >&2
+
   fi
+
   printf "\n"
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f print_scr_err
 
 #######################################
 # Trap function to be called on 'ERR'.
@@ -112,14 +140,15 @@ print_scr_err() {
 #   ERRSCRT
 #   VAR_EARLY_DEBUG
 # Arguments:
-#   $1: $?
+#   1: $?
-#   $2: ${BASH_SOURCE[0]}
+#   2: ${BASH_SOURCE[0]}
-#   $3: ${LINENO}
+#   3: ${LINENO}
-#   $4: ${FUNCNAME[0]:-main}
+#   4: ${FUNCNAME[0]:-main}
-#   $5: ${BASH_COMMAND}
+#   5: ${BASH_COMMAND}
 #######################################
 trap_on_err() {
   trap - DEBUG ERR INT TERM
+
   declare -g ERRCODE="$1"
   declare -g ERRSCRT="$2"
   declare -g ERRLINE="$3"
@@ -129,11 +158,18 @@ trap_on_err() {
   declare -g ERRTRAP="true"
 
   if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
+
   clean_up "${ERRCODE}"
+
   if ! "${VAR_HANDLER_AUTOBUILD}"; then clean_screen; fi
+
   print_file_err
+
   print_scr_err
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f trap_on_err
 
 #######################################
 # Gather all user-defined variables (name and value)
@@ -175,4 +211,7 @@ dump_user_vars() {
   comm -13 "${VAR_DUMP_VARS_INITIAL}" "${dump_vars_final}" >> "${LOG_VAR}" || true
   rm "${VAR_DUMP_VARS_INITIAL}" "${dump_vars_final}"
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f dump_user_vars
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_trap_on_exit.sh

@@ -17,20 +17,32 @@ guard_sourcing
 # Globals:
 #   VAR_EARLY_DEBUG
 # Arguments:
-#   $1: $?
+#   1: $?
 #######################################
 trap_on_exit() {
   trap - DEBUG ERR EXIT INT TERM
+
   declare -r var_trap_on_exit_code="$1"
+
   if (( var_trap_on_exit_code == 0 )); then
+
     if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
+
     clean_up "${var_trap_on_exit_code}"
+
     print_scr_exit "${var_trap_on_exit_code}"
+
     exit "${var_trap_on_exit_code}"
+
   else
+
     exit "${var_trap_on_exit_code}"
+
   fi
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f trap_on_exit
 
 #######################################
 # Print Success Message for Trap on 'EXIT' on 'stdout'.
@@ -38,32 +50,56 @@ trap_on_exit() {
 #   LOG_DEBUG
 #   LOG_VAR
 #   SECONDS
+#   VAR_BASH_VER
+#   VAR_DS_VER
 #   VAR_EARLY_DEBUG
+#   VAR_GIT_REL
 #   VAR_HANDLER_BUILD_DIR
+#   VAR_LB_VER
 #   VAR_SCRIPT_SUCCESS
+#   VAR_SYSTEM
+#   VAR_VERSION
 # Arguments:
-#   $1: ${var_trap_on_exit_code} of trap_on_exit()
+#   1: ${var_trap_on_exit_code} of trap_on_exit()
 #######################################
 print_scr_exit() {
   declare -r var_print_scr_exit_code="$1"
+
   if (( var_print_scr_exit_code == 0 )); then
+
     if [[ "${VAR_SCRIPT_SUCCESS}" == "true" ]]; then
+
       printf "\n"
-      printf "\e[92m✅ CISS.debian.live.builder Script successful. \e[0m\n"
+      printf "\e[92m✅ CISS.debian.live.builder Script successfully completed. \e[0m\n"
+      printf "\e[92m✅ Git Commit             : %s \e[0m\n" "${VAR_GIT_REL}"
+      printf "\e[92m✅ Version                : %s \e[0m\n" "${VAR_VERSION}"
+      printf "\e[92m✅ Hostsystem             : %s \e[0m\n" "${VAR_SYSTEM}"
+      printf "\e[92m✅ Bash                   : %s \e[0m\n" "${VAR_BASH_VER}"
+      printf "\e[92m✅ Live-Build             : %s \e[0m\n" "${VAR_LB_VER}"
+      printf "\e[92m✅ Debootstrap            : %s \e[0m\n" "${VAR_DS_VER}"
       printf "\e[92m✅ Aide Initial DB at     : %s \e[0m\n" "${VAR_HANDLER_BUILD_DIR}/.integrity/"
       printf "\e[92m✅ Exited with Status     : %s \e[0m\n" "${var_print_scr_exit_code}"
       printf "\n"
+
       if [[ "${VAR_EARLY_DEBUG}" == "true" ]]; then
+
         printf "\e[92m✅ Script Runtime         : %s \e[0m\n" "${SECONDS}"
         printf "\e[92m✅ Vars Dump saved at     : %s \e[0m\n" "${LOG_VAR}"
         printf "\e[92m✅ Debug Log saved at     : %s \e[0m\n" "${LOG_DEBUG}"
         printf "\e[92m✅ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}"
         printf "\n"
+
       fi
+
       printf "\e[95m💷 Please consider donating to my work at: \e[0m\n"
       printf "\e[95m🔗 https://coresecret.eu/spenden/          \e[0m\n"
       printf "\n"
+
     fi
+
   fi
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f print_scr_exit
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_usage.sh

@@ -13,7 +13,7 @@
 #######################################
 # Usage Wrapper CISS.debian.live.builder
 # Arguments:
-#   $0: Script name
+#   0: Script name
 #######################################
 usage() {
   # shellcheck disable=SC2155
@@ -22,8 +22,8 @@ usage() {
   #######################################
   # Header, Footer wrapper for dynamical output.
   # Arguments:
-  #   $1: Text.
+  #   1: Text.
-  #   $2: Width of Terminal.
+  #   2: Width of Terminal.
   #######################################
   center() {
     declare var_text="$1"
@@ -35,13 +35,13 @@ usage() {
   # shellcheck disable=SC2155
   declare var_header=$(center "CLB(1)                        CISS.debian.live.builder                        CLB(1)" "${var_cols}")
   # shellcheck disable=SC2155
-  declare var_footer=$(center "V8.13.048.2025.10.06                        2025-08-11                        CLB(1)" "${var_cols}")
+  declare var_footer=$(center "V8.13.064.2025.10.07                        2025-10-07                        CLB(1)" "${var_cols}")
 
   {
     echo -e "\e[1;97m${var_header}\e[0m"
     echo
     echo -e "\e[92mCISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m"
-    echo -e "\e[92mMaster V8.13.048.2025.10.06\e[0m"
+    echo -e "\e[92mMaster V8.13.064.2025.10.07\e[0m"
     echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m"
     echo
     echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"

scripts/9000-cdi-starter

@@ -39,13 +39,13 @@ main() {
   declare -r repo_url="https://git.coresecret.dev/msw/CISS.debian.installer.git"
   declare -r repo_dir="/root/git/CISS.debian.installer"
 
-  install -d -m 0700 /root/.cdi/log
+  install -d -m 0700 /root/.ciss/cdi/log
   # shellcheck disable=SC2155
-  declare -r log="/root/.cdi/log/9000-cdi-starter_$(date +'%F_%H-%M-%S').log"
+  declare -r log="/root/.ciss/cdi/log/9000-cdi-starter_$(date +'%F_%H-%M-%S').log"
   # shellcheck disable=SC2312
   exec > >(tee -a "${log}") 2>&1
 
-  printf "CISS.debian.installer Master V8.13.048.2025.10.06 is up! \n" >| /root/.cdi/log/auto_start_begin_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+  printf "CISS.debian.installer Master V8.13.064.2025.10.07 is up! \n" >| /root/.cdi/log/auto_start_begin_"$(date +"%Y-%m-%d_%H-%M-%S")".log
 
   net_wait
 
@@ -66,7 +66,7 @@ main() {
 #  --reionice-priority 1 0 \
 #  --renice-priority "-19"
 
-  printf "CISS.debian.installer Master V8.13.048.2025.10.06 successfully executed! \n" >| /root/.cdi/log/auto_start_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+  printf "CISS.debian.installer Master V8.13.064.2025.10.07 successfully executed! \n" >| /root/.cdi/log/auto_start_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
 
   exit 0
 }

var/early.var.sh

@@ -14,7 +14,7 @@
 
 # shellcheck disable=SC2155
 declare -grx VAR_CONTACT="security@coresecret.eu"
-declare -grx VAR_VERSION="Master V8.13.048.2025.10.06"
+declare -grx VAR_VERSION="Master V8.13.064.2025.10.07"
 declare -grx VAR_SYSTEM="$(uname -a)"
 declare -gx  VAR_EARLY_DEBUG="false"
 declare -gx  VAR_HANDLER_AUTOBUILD="false"

var/global.var.sh

@@ -9,19 +9,19 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
+# shellcheck disable=SC2155,SC2034
 
 guard_sourcing
 
 ### Definition of MUST set global variables.
-# shellcheck disable=SC2155
+declare -gr VAR_BASH_VER="$(bash --version | head -n1 | awk '{print $4" "$5" "$6}')"
-declare -gr VAR_ISO8601="$(date +%Y_%m_%d_%H_%M_%S)"
+declare -gr VAR_HOST="$(uname -n)"
-# shellcheck disable=SC2155
+declare -gr VAR_DATE_EPOCH="$(date -u +%s)"
+declare -gr VAR_ISO8601="$(date -u -d "@${VAR_DATE_EPOCH}" '+%Y-%m-%dT%H:%M:%SZ')"
+declare -gr VAR_DATE_INFO="$(date -u -d "@${VAR_DATE_EPOCH}" '+%Y-%m-%dT%H:%M:%S %z')"
 declare -gr VAR_KERNEL_INF="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_KERNEL_TMP="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_KERNEL_SRT="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_NOTES="$(mktemp)"
 
 declare -gr LOG_ERROR="/tmp/ciss_live_builder_$$_error.log"
@@ -79,4 +79,5 @@ declare -g ERRSCRT="" # = ${BASH_SOURCE[0]}    = $2 = ERRSCRT
 declare -g ERRLINE="" # = ${LINENO}            = $3 = ERRLINE
 declare -g ERRFUNC="" # = ${FUNCNAME[0]:-main} = $4 = ERRFUNC
 declare -g ERRCMMD="" # = ${$BASH_COMMAND}     = $5 = ERRCMMD
+
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh