msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V9.14.024.2026.06.11

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2026-06-11 17:11:22 +01:00
parent 9ef535554a
commit 97596fbcba
63 changed files with 767 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/DOCUMENTATION.md
+11 -7
View File
@@ -8,14 +8,14 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 9.14<br>
**Build**: V9.14.022.2026.06.10<br>
**Build**: V9.14.024.2026.06.11<br>
# 2.1. Usage
````text
CDLB(1) CISS.debian.live.builder CDLB(1)
CISS.debian.live.builder from https://git.coresecret.dev/msw
Master V9.14.022.2026.06.10
Master V9.14.024.2026.06.11
A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
(c) Marc S. Weidner, 2018 - 2026
@@ -37,6 +37,7 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
--build-directory </path/to/build_directory>
Where the Debian Live Build Image should be generated. RECOMMENDED path: </opt/cdlb>
Cleanup is destructive inside the exact builder-owned path and requires '.ciss-live-builder-owned'.
MUST be provided.
--change-splash <STRING> one of <club | hexagon>
@@ -57,6 +58,7 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
--debug, -d
Enables debug logging for the main program routine. Detailed logging information are written to:
</tmp/ciss_live_builder_1801049.log>
After xtrace is stopped and its debug FD is closed, a final exact-value redaction pass sanitizes logs.
--dhcp-centurion
If a DHCP lease is provided, the provider's name server will be overridden and the hardened, privacy-focused
@@ -86,12 +88,12 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
--key_age=*
The SOPS AGE private keyring for decryption operations. Change '*' to your desired SOPS AGE key file.
File MUST be placed in:
This MUST be a filename only and MUST be placed in the root-owned tmpfs secret root:
</dev/shm/cdlb_secrets>
--key_luks=*
The LUKS encryption / decryption passphrase for '/'-fs-encryption. Change '*' to your desired passphrase file.
File MUST be placed in:
This MUST be a filename only and MUST be placed in the root-owned tmpfs secret root:
</dev/shm/cdlb_secrets>
--log-statistics-only
@@ -140,7 +142,8 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
--root-password-file </dev/shm/cdlb_secrets/password.txt>>
Password file for 'root', if given, MUST be a string of 42 to 64 characters.
If the argument is omitted, no further login authentication is required for the local console.
MUST be placed in:
The path MUST be absolute, regular, non-symlink, root-owned, and mode 0400 after normalization.
RECOMMENDED path:
</dev/shm/cdlb_secrets/password.txt>
--secure-boot-profile <STRING> one of <debian-shim | ciss-uki>
@@ -156,7 +159,7 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
specified via '--signing_key=*'. If the keyring is protected, then provide the passphrase in its own file.
Specify the fingerprint of the key to use via '--signing_key_fpr=*'.
Optionally import an offline GPG CA signing public key via: '--signing_ca=*'.
Change '*' to your desired files / fingerprint. Files MUST be placed in:
Change '*' to your desired filename-only files / fingerprint. Files MUST be placed in:
</dev/shm/cdlb_secrets>
--sshfp
@@ -171,6 +174,7 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
--ssh-pubkey </dev/shm/cdlb_secrets/>
Imports the SSH Public Key from the file 'authorized_keys' into the Live ISO.
Directory MUST be absolute, regular, non-symlink, root-owned, and not group/world-writable.
Key file MUST be placed in:
</dev/shm/cdlb_secrets/authorized_keys>
@@ -186,7 +190,7 @@ A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.
💷 Please consider donating to my work at:
🌐 https://coresecret.eu/spenden/
V9.14.022.2026.06.10 2026-05-17 CDLB(1)
V9.14.024.2026.06.11 2026-05-17 CDLB(1)
````
# 3. Booting