V9.14.016.2026.06.06

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

lib/lib_secureboot_profile.sh

@@ -9,7 +9,6 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-# shellcheck disable=SC2154,SC2312
 
 guard_sourcing || return "${ERR_GUARD_SRCE}"
 
@@ -41,6 +40,7 @@ secureboot_profile_guard_private_keys() {
       continue
     fi
 
+    # shellcheck disable=SC2312
     while IFS= read -r -d '' private_file; do
 
       printf "\e[91m❌ Refusing private Secure Boot key inside build artifact path: '%s'. \e[0m\n" "${private_file}" >&2
@@ -74,8 +74,8 @@ readonly -f secureboot_profile_guard_private_keys
 secureboot_profile_apply() {
   declare profile="${VAR_CISS_SECUREBOOT_PROFILE,,}"
   declare hooks_dir="${VAR_HANDLER_BUILD_DIR}/config/hooks/live"
-  declare build_uki_hook="${hooks_dir}/zzzz_ciss_build_uki.hook.binary"
-  declare install_uki_hook="${hooks_dir}/9910-ciss-install-uki-into-efi-img.hook.binary"
+  declare build_uki_hook="${hooks_dir}/zzzz_ciss_uki_build.hook.binary"
+  declare install_uki_hook="${hooks_dir}/zzzz_ciss_uki_install.hook.binary"
   declare secureboot_dir="${VAR_WORKDIR}/ciss.secureboot"
   declare secureboot_key="${secureboot_dir}/private/ciss-efi-image.key"
   declare secureboot_cert="${secureboot_dir}/public/ciss-efi-image.crt"
@@ -141,4 +141,5 @@ secureboot_profile_apply() {
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f secureboot_profile_apply
+
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh