V9.14.016.2026.06.06

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/hooks/live/zzzz_ciss_uki_build.hook.binary

@@ -9,34 +9,41 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
+# shellcheck disable=SC2312
 set -Ceuo pipefail
 
+# Final live-build binary hook for the CISS UKI build. When the ciss-uki Secure Boot profile is active, this hook selects the
+# complete kernel/initrd pair, reads the live kernel command line, optionally embeds separate early microcode, creates unsigned
+# and signed Unified Kernel Images with ukify, verifies the signed UKI with 'sbverify', writes a manifest, and refuses private
+# Secure Boot key material in build artifact paths.
+
 #######################################
-# Prints failure message.
+# Prints a fatal error message and terminates the hook.
 # Globals:
 #   None
 # Arguments:
-#   1: Message to print
+#   1: Error message
 # Returns:
-#   42: on failure
+#   42: always exits with failure
 #######################################
 die() {
-  declare message="$1"
-  printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ %s \e[0m\n" "${message}" >&2
+  declare message="${1}"
+  printf "\e[91m❌ %s \e[0m\n" "${message}" >&2
   exit 42
 }
 
 #######################################
-# Checking command to execute for existence.
+# Checks whether a required command exists.
 # Globals:
 #   None
 # Arguments:
-#   1: Command
+#   1: Command name
 # Returns:
 #   0: on success
+#   42: if the command is missing
 #######################################
 require_command() {
-  declare command_name="$1"
+  declare command_name="${1}"
 
   command -v "${command_name}" >/dev/null 2>&1 || die "Required command not found: '${command_name}'."
 
@@ -44,18 +51,19 @@ require_command() {
 }
 
 #######################################
-# Checking file for existence.
+# Checks whether a required file exists.
 # Globals:
 #   None
 # Arguments:
-#   1: /PATH/TO/FILE
-#   2: Description
+#   1: File path
+#   2: Human-readable file description
 # Returns:
 #   0: on success
+#   42: if the file is missing
 #######################################
 require_file() {
-  declare file_path="$1"
-  declare description="$2"
+  declare file_path="${1}"
+  declare description="${2}"
 
   [[ -f "${file_path}" ]] || die "Missing ${description}: '${file_path}'."
 
@@ -63,18 +71,19 @@ require_file() {
 }
 
 #######################################
-# Checking file for existence.
+# Reads the single LB_BOOTAPPEND_LIVE value from a live-build binary configuration file.
 # Globals:
 #   None
 # Arguments:
-#   1: /PATH/TO/FILE
-#   2: Description
+#   1: live-build binary configuration file
+#   2: Output variable name for the kernel command line
 # Returns:
 #   0: on success
+#   42: if the file is missing, the entry is ambiguous, or the value is empty
 #######################################
 read_bootappend_live() {
-  declare config_file="$1"
-  declare output_var="$2"
+  declare config_file="${1}"
+  declare output_var="${2}"
   declare -a matches=()
   declare value=""
 
@@ -99,10 +108,22 @@ read_bootappend_live() {
   return 0
 }
 
+#######################################
+# Collects kernel and initrd candidates from one artifact directory.
+# Globals:
+#   None
+# Arguments:
+#   1: Artifact directory
+#   2: Output variable name for the selected kernel path
+#   3: Output variable name for the selected initrd path
+# Returns:
+#   0: on success, including when the directory does not exist
+#   42: if more than one kernel or initrd candidate exists
+#######################################
 collect_artifacts_from_dir() {
-  declare artifact_dir="$1"
-  declare kernel_output_var="$2"
-  declare initrd_output_var="$3"
+  declare artifact_dir="${1}"
+  declare kernel_output_var="${2}"
+  declare initrd_output_var="${3}"
   declare -a kernels=()
   declare -a initrds=()
 
@@ -129,6 +150,17 @@ collect_artifacts_from_dir() {
   return 0
 }
 
+#######################################
+# Selects the kernel/initrd pair used to build the UKI.
+# Globals:
+#   None
+# Arguments:
+#   1: Output variable name for the selected kernel path
+#   2: Output variable name for the selected initrd path
+# Returns:
+#   0: on success
+#   42: if no complete pair exists, the final pair is incomplete, or candidates are ambiguous
+#######################################
 select_kernel_initrd_pair() {
   declare kernel_output_var="$1"
   declare initrd_output_var="$2"
@@ -140,7 +172,7 @@ select_kernel_initrd_pair() {
   collect_artifacts_from_dir "binary/live" binary_kernel binary_initrd
 
   if [[ -n "${binary_kernel}" && -n "${binary_initrd}" ]]; then
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Using final binary/live kernel and initrd artifacts. \e[0m\n"
+    printf "\e[92m✅ Using final binary/live kernel and initrd artifacts. \e[0m\n"
     printf -v "${kernel_output_var}" "%s" "${binary_kernel}"
     printf -v "${initrd_output_var}" "%s" "${binary_initrd}"
     return 0
@@ -150,11 +182,11 @@ select_kernel_initrd_pair() {
     die "Incomplete binary/live kernel/initrd pair. Refusing to mix final and fallback artifacts."
   fi
 
-  printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ [WARN] No complete binary/live kernel/initrd pair found; checking chroot/boot fallback. \e[0m\n"
+  printf "\e[93m❌ No complete binary/live kernel/initrd pair found; checking chroot/boot fallback. \e[0m\n"
   collect_artifacts_from_dir "chroot/boot" fallback_kernel fallback_initrd
 
   if [[ -n "${fallback_kernel}" && -n "${fallback_initrd}" ]]; then
-    printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ [WARN] Using chroot/boot fallback artifacts because binary/live has no complete pair. \e[0m\n"
+    printf "\e[93m❌ Using chroot/boot fallback artifacts because binary/live has no complete pair. \e[0m\n"
     printf -v "${kernel_output_var}" "%s" "${fallback_kernel}"
     printf -v "${initrd_output_var}" "%s" "${fallback_initrd}"
     return 0
@@ -163,9 +195,20 @@ select_kernel_initrd_pair() {
   die "No complete kernel/initrd pair found in binary/live or chroot/boot."
 }
 
+#######################################
+# Finds an optional separate early microcode cpio next to the selected initrd.
+# Globals:
+#   None
+# Arguments:
+#   1: Artifact directory
+#   2: Output variable name for the selected microcode cpio path
+# Returns:
+#   0: on success, including when no separate microcode cpio exists
+#   42: if more than one separate microcode cpio candidate exists
+#######################################
 collect_optional_microcode() {
-  declare artifact_dir="$1"
-  declare output_var="$2"
+  declare artifact_dir="${1}"
+  declare output_var="${2}"
   declare -a microcode_candidates=()
 
   mapfile -d '' -t microcode_candidates < <(
@@ -181,6 +224,16 @@ collect_optional_microcode() {
   return 0
 }
 
+#######################################
+# Refuses private Secure Boot key material in generated artifact paths.
+# Globals:
+#   None
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#   42: if a private Secure Boot key is found below a guarded path
+#######################################
 guard_private_key_leaks() {
   declare -a guard_roots=(binary chroot config/includes.binary config/includes.chroot config/includes.installer)
   declare guard_root=""
@@ -201,6 +254,22 @@ guard_private_key_leaks() {
   return 0
 }
 
+#######################################
+# Builds unsigned and signed CISS UKIs for the ciss-uki Secure Boot profile.
+# Globals:
+#   PWD
+#   VAR_CISS_SECUREBOOT_DIR
+#   VAR_CISS_SECUREBOOT_EFI_CERT
+#   VAR_CISS_SECUREBOOT_EFI_KEY
+#   VAR_CISS_SECUREBOOT_PROFILE
+#   VAR_HANDLER_BUILD_DIR
+#   VAR_WORKDIR
+# Arguments:
+#   None
+# Returns:
+#   0: on success or when the active Secure Boot profile does not require a CISS UKI
+#   42: on validation, artifact selection, UKI build, signing, or verification failure
+#######################################
 main() {
   declare profile="${VAR_CISS_SECUREBOOT_PROFILE:-debian-shim}"
   declare build_dir="${VAR_HANDLER_BUILD_DIR:-${PWD}}"
@@ -226,11 +295,11 @@ main() {
   declare -a ukify_args=()
 
   if [[ "${profile}" != "ciss-uki" ]]; then
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Secure Boot profile '%s'; skipping CISS UKI build. \e[0m\n" "${profile}"
+    printf "\e[92m✅ Secure Boot profile '%s'; skipping CISS UKI build. \e[0m\n" "${profile}"
     return 0
   fi
 
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Building CISS Secure Boot UKI ... \e[0m\n"
+  printf "\e[95m🧪 Building CISS Secure Boot UKI ... \e[0m\n"
 
   cd "${build_dir}"
 
@@ -280,18 +349,18 @@ main() {
   )
 
   if [[ -n "${microcode_initrd}" ]]; then
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Embedding separate early microcode cpio before normal initrd: '%s'. \e[0m\n" "${microcode_initrd}"
+    printf "\e[92m✅ Embedding separate early microcode cpio before normal initrd: '%s'. \e[0m\n" "${microcode_initrd}"
     ukify_args+=(--initrd="${microcode_initrd}")
   else
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] No separate early microcode cpio found; using normal initrd only. \e[0m\n"
+    printf "\e[92m✅ No separate early microcode cpio found; using normal initrd only. \e[0m\n"
   fi
 
   ukify_args+=(--initrd="${initrd_path}")
 
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Creating unsigned UKI: '%s'. \e[0m\n" "${unsigned_uki}"
+  printf "\e[95m🧪 Creating unsigned UKI: '%s'. \e[0m\n" "${unsigned_uki}"
   ukify "${ukify_args[@]}" --output="${unsigned_uki}"
 
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Creating signed UKI: '%s'. \e[0m\n" "${signed_uki}"
+  printf "\e[95m🧪 Creating signed UKI: '%s'. \e[0m\n" "${signed_uki}"
   ukify "${ukify_args[@]}" \
     --secureboot-private-key="${secureboot_key}" \
     --secureboot-certificate="${secureboot_cert}" \
@@ -316,8 +385,8 @@ main() {
     sbverify --cert "${secureboot_cert}" "${signed_uki}"
   } >| "${manifest}" 2>&1
 
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] UKI inspection and signature verification written to '%s'. \e[0m\n" "${manifest}"
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] CISS Secure Boot UKI build completed. \e[0m\n"
+  printf "\e[92m✅ UKI inspection and signature verification written to '%s'. \e[0m\n" "${manifest}"
+  printf "\e[92m✅ CISS Secure Boot UKI build completed. \e[0m\n"
 
   return 0
 }

config/hooks/live/zzzz_ciss_uki_install.hook.binary

@@ -9,10 +9,29 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
+# shellcheck disable=SC2312
 set -Ceuo pipefail
 
+# Final live-build binary hook for CISS UKI installation. When the ciss-uki Secure Boot profile is active, this hook selects
+# the single signed CISS UKI, rebuilds the FAT EFI boot image with it as EFI/BOOT/BOOTX64.EFI, verifies the installed copy,
+# mirrors it into the ISO EFI tree when available, writes an installation manifest, and refuses private Secure Boot key
+# material in build artifact paths.
+
 declare TMP_DIR=""
 
+#######################################
+# Removes the temporary EFI image work directory if it is inside the expected Secure Boot output tree.
+# Globals:
+#   PWD
+#   TMP_DIR
+#   VAR_HANDLER_BUILD_DIR
+# Arguments:
+#   None
+# Returns:
+#   0: on success or when no temporary directory exists
+#   42: if the temporary directory is outside the expected cleanup root
+#   non-zero: if removal of the expected temporary directory fails under strict mode
+#######################################
 cleanup() {
   declare build_dir="${VAR_HANDLER_BUILD_DIR:-${PWD}}"
 
@@ -22,7 +41,7 @@ cleanup() {
         rm -rf -- "${TMP_DIR}"
         ;;
       *)
-        printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ [FATAL] Refusing to clean unexpected temporary path: '%s'. \e[0m\n" "${TMP_DIR}" >&2
+        printf "\e[91m❌ Refusing to clean unexpected temporary path: '%s'. \e[0m\n" "${TMP_DIR}" >&2
         return 42
         ;;
     esac
@@ -30,14 +49,32 @@ cleanup() {
 
   return 0
 }
-trap cleanup EXIT
 
+#######################################
+# Prints a fatal error message and terminates the hook.
+# Globals:
+#   None
+# Arguments:
+#   1: Error message
+# Returns:
+#   42: always exits with failure
+#######################################
 die() {
   declare message="$1"
-  printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ [FATAL] %s \e[0m\n" "${message}" >&2
+  printf "\e[91m❌ %s \e[0m\n" "${message}" >&2
   exit 42
 }
 
+#######################################
+# Checks whether a required command exists.
+# Globals:
+#   None
+# Arguments:
+#   1: Command name
+# Returns:
+#   0: on success
+#   42: if the command is missing
+#######################################
 require_command() {
   declare command_name="$1"
 
@@ -46,6 +83,17 @@ require_command() {
   return 0
 }
 
+#######################################
+# Checks whether a required file exists.
+# Globals:
+#   None
+# Arguments:
+#   1: File path
+#   2: Human-readable file description
+# Returns:
+#   0: on success
+#   42: if the file is missing
+#######################################
 require_file() {
   declare file_path="$1"
   declare description="$2"
@@ -55,6 +103,17 @@ require_file() {
   return 0
 }
 
+#######################################
+# Selects the single signed CISS UKI generated by the CISS UKI build hook.
+# Globals:
+#   None
+# Arguments:
+#   1: CISS UKI output directory
+#   2: Output variable name for the selected signed UKI path
+# Returns:
+#   0: on success
+#   42: if the UKI directory is missing or does not contain exactly one signed UKI
+#######################################
 select_signed_uki() {
   declare uki_dir="$1"
   declare output_var="$2"
@@ -73,6 +132,16 @@ select_signed_uki() {
   return 0
 }
 
+#######################################
+# Refuses private Secure Boot key material in generated artifact paths.
+# Globals:
+#   None
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#   42: if a private Secure Boot key is found below a guarded path
+#######################################
 guard_private_key_leaks() {
   declare -a guard_roots=(binary chroot config/includes.binary config/includes.chroot config/includes.installer)
   declare guard_root=""
@@ -93,6 +162,17 @@ guard_private_key_leaks() {
   return 0
 }
 
+#######################################
+# Mirrors the signed UKI into the ISO EFI tree as the removable-media bootloader when that tree exists.
+# Globals:
+#   None
+# Arguments:
+#   1: Signed UKI path
+#   2: Output variable name for the ISO EFI tree BOOTX64 path, or an empty value when no tree exists
+# Returns:
+#   0: on success, including when no ISO EFI tree exists
+#   non-zero: if directory creation or file installation fails under strict mode
+#######################################
 install_iso_tree_bootx64() {
   declare signed_uki="$1"
   declare output_var="$2"
@@ -109,9 +189,9 @@ install_iso_tree_bootx64() {
 
   if [[ -n "${iso_tree_bootx64}" ]]; then
     install -m 0644 "${signed_uki}" "${iso_tree_bootx64}"
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Mirrored signed UKI into ISO EFI tree: '%s'. \e[0m\n" "${iso_tree_bootx64}"
+    printf "\e[92m✅ Mirrored signed UKI into ISO EFI tree: '%s'. \e[0m\n" "${iso_tree_bootx64}"
   else
-    printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ [WARN] No binary/EFI tree found; only EFI boot image was updated. \e[0m\n"
+    printf "\e[93m❌ No binary/EFI tree found; only EFI boot image was updated. \e[0m\n"
   fi
 
   printf -v "${output_var}" "%s" "${iso_tree_bootx64}"
@@ -119,6 +199,24 @@ install_iso_tree_bootx64() {
   return 0
 }
 
+#######################################
+# Installs the signed CISS UKI into the EFI boot image for the ciss-uki Secure Boot profile.
+# Globals:
+#   PWD
+#   SOURCE_DATE_EPOCH
+#   TMP_DIR
+#   VAR_CISS_SECUREBOOT_DIR
+#   VAR_CISS_SECUREBOOT_EFI_CERT
+#   VAR_CISS_SECUREBOOT_PROFILE
+#   VAR_HANDLER_BUILD_DIR
+#   VAR_WORKDIR
+# Arguments:
+#   None
+# Returns:
+#   0: on success or when the active Secure Boot profile does not require CISS UKI installation
+#   42: on explicit validation, comparison, or signature verification failure
+#   non-zero: if an external tool, installation command, or manifest write fails under strict mode
+#######################################
 main() {
   declare profile="${VAR_CISS_SECUREBOOT_PROFILE:-debian-shim}"
   declare build_dir="${VAR_HANDLER_BUILD_DIR:-${PWD}}"
@@ -142,11 +240,11 @@ main() {
   declare volid=""
 
   if [[ "${profile}" != "ciss-uki" ]]; then
-    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Secure Boot profile '%s'; skipping CISS UKI EFI installation. \e[0m\n" "${profile}"
+    printf "\e[92m✅ Secure Boot profile '%s'; skipping CISS UKI EFI installation. \e[0m\n" "${profile}"
     return 0
   fi
 
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Installing CISS signed UKI into EFI boot image ... \e[0m\n"
+  printf "\e[95m🧪 Installing CISS signed UKI into EFI boot image ... \e[0m\n"
 
   cd "${build_dir}"
 
@@ -191,7 +289,7 @@ main() {
   fi
   printf -v volid "%08x" "$((source_epoch % 4294967296))"
 
-  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] Rebuilding EFI boot image with signed UKI as EFI/BOOT/BOOTX64.EFI. \e[0m\n"
+  printf "\e[95m🧪 Rebuilding EFI boot image with signed UKI as EFI/BOOT/BOOTX64.EFI. \e[0m\n"
   mkfs.msdos -C "${tmp_img}" "${blocks}" -i "${volid}" >/dev/null
   mmd -i "${tmp_img}" "::EFI"
   mmd -i "${tmp_img}" "::EFI/BOOT"
@@ -237,12 +335,13 @@ main() {
     sbverify --cert "${secureboot_cert}" "${extracted_uki}"
   } >| "${manifest}" 2>&1
 
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] EFI image installation verification written to '%s'. \e[0m\n" "${manifest}"
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ [INFO] CISS signed UKI installed as EFI/BOOT/BOOTX64.EFI. \e[0m\n"
+  printf "\e[92m✅ EFI image installation verification written to '%s'. \e[0m\n" "${manifest}"
+  printf "\e[92m✅ CISS signed UKI installed as EFI/BOOT/BOOTX64.EFI. \e[0m\n"
 
   return 0
 }
 
 main "$@"
+cleanup
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

config/includes.chroot/etc/ssh/ssh_known_hosts

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-# Version Master V9.14.008.2026.06.04
+# Version Master V9.14.016.2026.06.06
 
 [git.coresecret.dev]:42842 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQA107AVmg1D/jnyXiqbPf38zQRl8s3c+PM1zbfpeQl
 [git.coresecret.dev]:42842 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYD9ysmMWZlejUnxu0qOzeWcIYezoFLbYdo6ffGUL5kqOBAYb+5CF4bJLUpA93XFYVF+TbrcMV1yJh6JaHFL0VU5CvgAzruCeedx0c4qUV6lWcJUGNk5K0yb9n2Wosdy6F/zTOxL9KXBt/TV+cscsen2Dahvx0ctMKgNbu+vvUcWxHf9lOkbYoF/uA/nW5CVXy5XUPVUDFUhEeKXL85+6gid5AEMfYT8aRl5YDGvo1iMBmBYOljN4S7MnRe14qbAZG0GDGvF22eHbSU2pILcFIjc2Lo/S5Ox/MJpbLAqpFlLPTKgr6F7yVwfNMSNwl05ysUOZfrQKSXzCU6+lfqKYCwemLALyG/n1ernpp7/8W/2RYoz3fd+TQyfhW++rx3yUHpYCkTv9A4LRYZYGSAWKMHSBEYq3EcATQUxQi0xpwmcR+u0uC9F9eta5Bim+sBZD6F2hgPJ5xgYT8LFm880g1YadAwBoD4TAkqSvl+jYW0VA2GH9CknKHJ36gc/X4eeUHDC1Hf/E8M5RBj4D6NuHfeVRik/ahHmoCqKQUW7VU/EBsWFsngDiLEHcV71iMtWiUddWOHwoAPHIzn6p9HTeLCxTwsPMG5UDGK/S9HUozqDXxexRtqbcFa7DWuzRvZ1bcZ2VQsaafuzKCkkc4NjC7h1wssel7q9aeYPFg+1vS6Q==

config/includes.chroot/etc/ssh/sshd_config

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-# Version Master V9.14.008.2026.06.04
+# Version Master V9.14.016.2026.06.06
 
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig

config/includes.chroot/etc/sysctl.d/90-ciss-local.hardened

@@ -11,7 +11,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-# Version Master V9.14.008.2026.06.04
+# Version Master V9.14.016.2026.06.06
 
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/

config/includes.chroot/preseed/.iso/preseed_hash_generator.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-declare -gr VERSION="Master V9.14.008.2026.06.04"
+declare -gr VERSION="Master V9.14.016.2026.06.06"
 
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then

config/includes.chroot/preseed/preseed.cfg

@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V9.14.008.2026.06.04 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V9.14.016.2026.06.06 at: 10:18:37.9542