V9.14.016.2026.06.06

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums

@@ -77,6 +77,8 @@ Verify_checksums() {
 
   LIVE_VERIFY_CHECKSUMS_SIGNATURES="false"
 
+  _CHECKSUM_LOG=""
+
   _KEYFILE=""
 
   _MP=""
@@ -249,7 +251,7 @@ Verify_checksums() {
             if /usr/bin/gpgv --keyring "${_KEYFILE}" --status-fd 1 "${_CHECKSUM_SIGNATURE}" "${_CHECKSUM}"; then
 
               _RETURN_PGP="${?}"
-              log_in "Checking signature of: [${_CHECKSUM}] successful."
+              log_ok "Checking signature of: [${_CHECKSUM}] successful."
 
             else
 
@@ -265,15 +267,22 @@ Verify_checksums() {
           fi
 
           # shellcheck disable=SC2312
-          if grep -v '^#' "${_CHECKSUM}" | /usr/bin/"${_DIGEST}"sum -c > "${_TTY}"; then
+          _CHECKSUM_LOG="/run/ciss-${_DIGEST}sum-check.log"
+          if grep -v '^#' "${_CHECKSUM}" | LC_ALL=C /usr/bin/"${_DIGEST}"sum -c > "${_CHECKSUM_LOG}" 2>&1; then
 
             _RETURN_SHA="${?}"
+            cat "${_CHECKSUM_LOG}" > "${_TTY}"
             log_ok "Found: [/usr/bin/${_DIGEST}sum] successful verified: [${_CHECKSUM}]"
 
           else
 
             _RETURN_SHA="${?}"
+            cat "${_CHECKSUM_LOG}" > "${_TTY}"
             log_er "Found: [/usr/bin/${_DIGEST}sum] unsuccessful verified: [${_CHECKSUM}]"
+            log_er "Checksum verification failed. Failed entries:"
+            if ! grep -E ': FAILED$|FAILED open or read|No such file or directory|WARNING:' "${_CHECKSUM_LOG}" >&2; then
+              cat "${_CHECKSUM_LOG}" >&2
+            fi
 
           fi
 

docs/CHANGELOG.md

@@ -16,6 +16,9 @@ include_toc: true
 * **Changed**: [zzzz_ciss_uki_build.hook.binary](../config/hooks/live/zzzz_ciss_uki_build.hook.binary)
 * **Changed**: [zzzz_ciss_uki_install.hook.binary](../config/hooks/live/zzzz_ciss_uki_install.hook.binary)
 * **Changed**: [lib_secureboot_profile.sh](../lib/lib_secureboot_profile.sh)
+* **Changed**: [binary_checksums.sh](../scripts/usr/lib/live/build/binary_checksums.sh) added ``\! -path './boot/grub/grub_eltorito' \``
+* **Changed**: [lib_trap_on_exit.sh](../lib/lib_trap_on_exit.sh) changed ``if [[ "${ERRTRAP}" != "true" ]]; then`` shellcheck SC2335
+* **Changed**: [0030-ciss-verify-checksums](../config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums) increased verbosity of sha---sum verification.
 
 ## V9.14.008.2026.06.04
 * **Added**: [zzzz_ciss_uki_build.hook.binary](../config/hooks/live/zzzz_ciss_uki_build.hook.binary)

lib/lib_trap_on_exit.sh

@@ -38,7 +38,7 @@ trap_on_exit() {
 
   trap - DEBUG ERR EXIT INT TERM
 
-  ### Defensive shell behavior inside trap.
+  ### Defensive shell behavior inside the trap.
   set +e +o pipefail
 
   if (( errcode == 0 )); then
@@ -53,7 +53,7 @@ trap_on_exit() {
 
   else
 
-    if [[ ! "${ERRTRAP}" == "true" ]]; then
+    if [[ "${ERRTRAP}" != "true" ]]; then
 
       if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
 
@@ -72,7 +72,7 @@ trap_on_exit() {
 readonly -f trap_on_exit
 
 #######################################
-# Print success message for trap on 'EXIT' on 'stdout'.
+# Print a success message for the trap on 'EXIT' on 'stdout'.
 # Globals:
 #   LOG_DEBUG
 #   LOG_VAR
@@ -131,7 +131,7 @@ print_scr_exit() {
 readonly -f print_scr_exit
 
 #######################################
-# Trap on 'EXIT' handler for 'non-0' exit-code.
+# Trap on the 'EXIT' handler for 'non-0' exit-code.
 # Globals:
 #   BASHOPTS
 #   EPOCHREALTIME

scripts/usr/lib/live/build/binary_checksums.sh

@@ -17,7 +17,7 @@
 
 ## Modified Version of the original file:
 
-## live-build(7) - System Build Scripts
+## Live-build(7) - System Build Scripts
 ## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
@@ -50,7 +50,7 @@ if [ "${LB_CHECKSUMS}" = "none" ]; then
 fi
 
 if [ "${LB_INITRAMFS}" = "dracut-live" ]; then
-	### The checksums will be generated by binary_iso.
+	### Binary_iso will generate the checksums.
 	exit 0
 fi
 
@@ -85,7 +85,8 @@ for CHECKSUM in ${LB_CHECKSUMS}; do
 	find . -type f \
 		\! -path './isolinux/isolinux.bin' \
 		\! -path './boot/boot.bin' \
-		\! -path './boot/grub/stage2_eltorito' \
+		\! -path './boot/grub/grub_eltorito' \
+    \! -path './boot/grub/stage2_eltorito' \
     \! -path './live/filesystem.squashfs' \
 		\! -path './*SUMS' \
 		\! -path './*sum.txt' \