V8.13.016.2025.09.28

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-09-28 16:29:27 +01:00
parent f35e3bff4f
commit ec6e791b9d
38 changed files with 90 additions and 211 deletions
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
    attributes:
      label: "Version"
      description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.13.008.2025.08.22"
+      placeholder: "e.g., Master V8.13.016.2025.09.28"
    validations:
      required: true

--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.016.2025.09.28

 FROM debian:bookworm

--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.016.2025.09.28

 name: 🔁 Render README.md to README.html.

--- a/.gitea/trigger/t_generate_PRIVATE_trixie_0.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_trixie_0.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1023
-  version: V8.13.008.2025.08.22
+  version: V8.13.016.2025.09.28
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1023
-  version: V8.13.008.2025.08.22
+  version: V8.13.016.2025.09.28
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PUBLIC.yaml
+++ b/.gitea/trigger/t_generate_PUBLIC.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1023
-  version: V8.13.008.2025.08.22
+  version: V8.13.016.2025.09.28
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@

 build:
  counter: 1023
-  version: V8.13.008.2025.08.22
+  version: V8.13.016.2025.09.28
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate_PRIVATE_trixie_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_trixie_0.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.016.2025.09.28

 name: 🔐 Generating a Private Live ISO TRIXIE.

@@ -144,7 +144,7 @@ jobs:
          timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
          ### Change "--autobuild=" to the specific kernel version you need: '6.12.41+deb13-amd64'.
          ./ciss_live_builder.sh \
-            --autobuild=6.12.41+deb13-amd64 \
+            --autobuild=6.12.48+deb13-amd64 \
            --architecture amd64 \
            --build-directory /opt/livebuild \
            --control "${timestamp}" \
--- a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.016.2025.09.28

 name: 🔐 Generating a Private Live ISO TRIXIE.

@@ -144,7 +144,7 @@ jobs:
          timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
          ### Change "--autobuild=" to the specific kernel version you need: '6.12.41+deb13-amd64'.
          ./ciss_live_builder.sh \
-            --autobuild=6.12.41+deb13-amd64 \
+            --autobuild=6.12.48+deb13-amd64 \
            --architecture amd64 \
            --build-directory /opt/livebuild \
            --control "${timestamp}" \
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,10 +9,14 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.016.2025.09.28

 name: 💙 Generating a PUBLIC Live ISO.

+defaults:
+  run:
+    shell: bash
+
 permissions:
  contents: write

@@ -24,161 +28,31 @@ on:
      - '.gitea/trigger/t_generate_PUBLIC.yaml'

 jobs:
-  generate-private-ciss-debian-live-iso:
+  generate-public-cdlb-trixie:
    name: 💙 Generating a PUBLIC Live ISO.
-    runs-on: ciss.debian.live.builder.iso.generator
+    runs-on: cdlb.trixie

-    ### Run all steps inside Debian Bookworm
    container:
-      image: debian:bookworm
+      image: debian:trixie

    steps:
-      - name: 🛠️ Basic Image Setup and enable Bookworm Backports.
-        run: |
-          apt-get update -y
-          apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
-          echo 'deb https://deb.debian.org/debian bookworm-backports main' \
-            >| /etc/apt/sources.list.d/bookworm-backports.list
-          apt-get update -y
-          apt-get upgrade -y
-
-      - name: 🛠️ Installing Build Tools.
+      - name: 🛠️ Basic Image Setup.
        shell: bash
        run: |
-          apt-get update -y
-          apt-get install -y \
-            autoconf \
-            automake \
-            build-essential \
-            cryptsetup \
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update
+          apt-get upgrade -y
+          apt-get install -y --no-install-recommends \
+            apt-utils \
+            bash \
+            ca-certificates \
            curl \
-            debootstrap \
-            dosfstools \
-            efibootmgr \
-            gettext \
            git \
            gnupg \
-            haveged \
-            libbz2-dev \
-            zlib1g-dev \
-            liblzma-dev \
-            libtool \
-            live-build \
-            parted \
-            pkg-config \
-            ssh \
-            ssl-cert \
+            openssh-client \
+            openssl \
            sudo \
-            texinfo \
-            wget \
-            whois \
-
-      - name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
-        shell: bash
-        run: |
-          urls=(
-            "https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
-            "https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
-            "https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
-            "https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
-            "https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
-            "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
-          )
-
-          wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
-          gpg --batch --import signature_key.asc
-
-          for url in "${urls[@]}"; do
-            archive_name="${url##*/}"
-            pkg_name="${archive_name%.tar.bz2}"
-            echo "🔄 Processing ${pkg_name}"
-            if [[ ! -f "${archive_name}" ]]; then
-              echo "📥 Downloading: '${archive_name}'."
-              if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
-                echo "✅ Download successful: '${archive_name}'."
-              else
-                echo "❌ Download NOT successful: '${archive_name}'."
-                exit 1
-              fi
-            else
-              echo "💡 Skipping download, package already exists: '${archive_name}'."
-            fi
-
-            if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
-
-            if [[ ! -d "${pkg_name}" ]]; then
-              echo "📂 Extracting: '${archive_name}'."
-              if tar -xjf "${archive_name}"; then
-                echo "✅ Extraction successful: '${archive_name}'."
-              else
-                echo "❌ Extraction not successful: '${archive_name}'."
-                exit 1
-              fi
-            else
-              echo "💡 Skipping directory, already exists: '${pkg_name}'."
-            fi
-
-            echo "🏗️ Build and install the package: '${pkg_name}'."
-            cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
-            mkdir -p build
-            cd build || { echo "❌ Could not change to '/build'."; exit 1; }
-
-            sudo ../configure > /dev/null 2>&1  || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
-            make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
-            sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
-
-            cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
-
-            rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
-            rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
-            echo "✅ Successful build and installation of '${pkg_name}'."
-            echo "-------------------------------------------------------------------------------------"
-
-          done
-
-          rm -f signature_key.asc
-
-          echo "✅ All packages were built and installed successfully."
-
-          mv_bin=(
-            "/usr/bin/gpg"
-            "/usr/bin/gpg-agent"
-            "/usr/bin/gpgconf"
-            "/usr/bin/gpg-connect-agent"
-            "/usr/bin/gpg-wks-client"
-            "/usr/bin/gpg-preset-passphrase"
-          )
-
-          for bin in "${mv_bin[@]}"; do
-            name="${bin##*/}"
-            if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
-              if mv "${bin}" "${bin}.debian-backup"; then
-                echo "✅ Moved successfully: '${bin}'."
-              else
-                echo "❌ Moved NOT successfully: '${bin}'."
-              fi
-            else
-              echo "💡 Does not exist as build binary: '${bin}'."
-            fi
-          done
-
-          for bin in "${mv_bin[@]}"; do
-            name="${bin##*/}"
-            if [[ -f "/usr/local/bin/${name}" ]]; then
-              if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
-                echo "✅ 'update-alternatives' successfully: '${bin}'."
-              else
-                echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
-              fi
-            else
-              echo "💡 Does not exist: '/usr/local/bin/${name}'."
-            fi
-          done
-
-          sudo ldconfig
-
-          gpgconf --kill all
-          /usr/local/bin/gpg-agent --daemon
+            util-linux

      - name: ⚙️ Check GnuPG Version.
        shell: bash
@@ -271,13 +145,14 @@ jobs:
          timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
          ### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
          ./ciss_live_builder.sh \
-            --autobuild=6.1.0-37-amd64 \
+            --autobuild=6.12.48+deb13-amd64 \
            --architecture amd64 \
            --build-directory /opt/livebuild \
            --control "${timestamp}" \
            --root-password-file /opt/config/password.txt \
            --ssh-port 42137 \
-            --ssh-pubkey /opt/config
+            --ssh-pubkey /opt/config \
+            --trixie

      - name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
        shell: bash
@@ -364,11 +239,12 @@ jobs:
          gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"

          timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+          VAR_DATE="$(date +%F)"
          PRIVATE_FILE="LIVE_ISO.public"
          touch "${PRIVATE_FILE}"
          cat << EOF >| "${PRIVATE_FILE}"
          # SPDX-Version: 3.0
-          # SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
+          # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
          # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
          # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
          # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.016.2025.09.28

 # Gitea Workflow: Shell-Script Linting
 #
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.016.2025.09.28

 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.

--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu

-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.016.2025.09.28

 name: 🔁 Render Graphviz Diagrams.