From be1af2bbfe04eac067312dad60c44b051a3e3744870f72695557e92c086300f8 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Sun, 1 Jun 2025 21:37:10 +0200
Subject: [PATCH] V8.02.768.2025.06.01

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 .gitea/workflows/generate-iso.yaml | 62 +++++++++++++++++-------------
 1 file changed, 35 insertions(+), 27 deletions(-)

diff --git a/.gitea/workflows/generate-iso.yaml b/.gitea/workflows/generate-iso.yaml
index 6fa63fe..ddca1c8 100644
--- a/.gitea/workflows/generate-iso.yaml
+++ b/.gitea/workflows/generate-iso.yaml
@@ -157,16 +157,8 @@ jobs:
             --root-password-file opt/config/password.txt \
             --ssh-port 42842 \
             --ssh-pubkey opt/config
-          if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
-            echo "❌ There must be exactly one .iso file in the directory!"
-            exit 1
-          else
-            VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
-            VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
-            echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
-          fi
 
-      - name: Preparing Centurion Cloud for LIVE ISO Upload.
+      - name: Checking Centurion Cloud for existing LIVE ISOs.
         shell: bash
         run: |
           set -euo pipefail
@@ -207,36 +199,51 @@ jobs:
       - name: Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
         shell: bash
         run: |
-          curl --progress-bar \
-            --retry 2 \
-            https://cloud.e2ee.li/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
-            --upload-file "${VAR_ISO_FILE_PATH}" \
-            -u '${SHARE_TOKEN}:${SHARE_PASS}' | cat
-          if [[ $? -eq 0 ]]; then
+          SHARE_TOKEN="${{ secrets.CENTURION_CLOUD_UL_USER }}"
+          SHARE_PASS="${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
+
+          if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
+            echo "❌ There must be exactly one .iso file in the directory!"
+            exit 1
+          else
+            VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
+            VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
+            echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
+          fi
+
+          if curl --progress-bar --retry 2 https://cloud.e2ee.li/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
+          --upload-file "${VAR_ISO_FILE_PATH}" -u '${SHARE_TOKEN}:${SHARE_PASS}' | cat; then
             echo "✅ New ISO successfully uploaded."
           else
             echo "❌ Uploading the new ISO failed."
             exit 1
           fi
 
-      - name: Generating a hash of ISO and signing with the 'CI PGP DEPLOY ONLY' key.
+      - name: Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
         shell: bash
         run: |
-          VAR_ISO_FILE_SHA512="${VAR_ISO_FILE_PATH}.sha512"
-          sha512sum "${VAR_ISO_FILE}" | awk '{print $1}' >| "${VAR_ISO_FILE_SHA512}"
-          VAR_ISO_FILE_SHA512=$(< "${VAR_ISO_FILE_SHA512}")
-          SIGNATURE_FILE="${VAR_ISO_FILE_SHA512}.sign"
-          gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
-          rm -f "${VAR_ISO_FILE_PATH}"
+          if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
+            echo "❌ There must be exactly one .iso file in the directory!"
+            exit 1
+          else
+            VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
+            VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
+            echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
+          fi
 
-      - name: Generate a success message file to push back into the repository.
-        shell: bash
-        run: |
+          VAR_ISO_FILE_SHA512="${VAR_ISO_FILE_NAME}.sha512"
+          touch "${VAR_ISO_FILE_SHA512}"
+          sha512sum "${VAR_ISO_FILE_PATH}" | awk '{print $1}' >| "${VAR_ISO_FILE_SHA512}"
+          SIGNATURE_FILE="${VAR_ISO_FILE_SHA512}.sign"
+          touch "${SIGNATURE_FILE}"
+          gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
+
+          timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
           PRIVATE_FILE="LIVE_ISO.private"
           touch "${PRIVATE_FILE}"
           cat << EOF >| "${PRIVATE_FILE}"
           # SPDX-Version: 3.0
-          # SPDX-CreationInfo: 2025-05-31; WEIDNER, Marc S.; <msw@coresecret.dev>
+          # SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
           # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
           # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
           # SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -249,7 +256,7 @@ jobs:
           This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
 
           CISS.debian.live.builder ISO :
-            "${VAR_ISO_FILE}"
+            "${VAR_ISO_FILE_NAME}"
           CISS.debian.live.builder ISO sha512 :
             "${VAR_ISO_FILE_SHA512}"
           CISS.debian.live.builder ISO sha512 sign :
@@ -259,6 +266,7 @@ jobs:
       - name: Stage generated files.
         shell: bash
         run: |
+          PRIVATE_FILE="LIVE_ISO.private"
           git add "${PRIVATE_FILE}"
         env:
           GIT_SSH_COMMAND: "ssh -p 42842"