V8.02.644.2025.05.31

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

README.md

@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.02.512.2025.05.30-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.02.644.2025.05.31-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
  
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/)  
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2)  
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.02<br>
-**Build**: V8.02.512.2025.05.30<br>
+**Build**: V8.02.644.2025.05.31<br>
 
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -43,14 +43,13 @@ Check out more:
 > Please note that all my signing keys are stored in an HSM and that the signing environment is air-gapped.
 > The next step is to move to a room-gapped environment.
 
-Please note that `coresecret.dev` is included in the HSTS Preload list and always serves the headers:
+Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https://hstspreload.org/) and always serves the headers:
 ````nginx configuration pro
 add_header Expect-CT                 "max-age=86400, enforce"                       always;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 ````
 Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md)
 
-
 ## 1.1. Immutable Source-of-Truth System
 
 This live ISO establishes a secure, fully deterministic, integrity self-verifying boot environment based entirely on static
@@ -367,15 +366,17 @@ predictable script behavior.
 
 # 5. Installation & Usage
 
+# 5.1. Interactive CLI / Dialog Wrapper
+
 1. Clone the repository:
 
    ```bash
-   git clone https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
-   cd CISS.2025.debian.live.builder
+   git clone https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+   cd CISS.debian.live.builder
    ```
-2. Run the config builder and the integrated `lb build` command (example):
+2. Edit the '.gitea/workflows/generate-iso.yaml' file according to your requirements.
 
-   ```bash
+   ```yaml
    ./ciss_live_builder.sh --architecture amd64 \
                           --build-directory /opt/livebuild \
                           --change-splash hexagon \
@@ -397,6 +398,10 @@ predictable script behavior.
 7. Finally, audit your environment with `lsadt` for a comprehensive Lynis audit.
 8. Type `celp` for some shortcuts.
 
+# 5.2. CI/CD Gitea Runner Workflow Example
+
+1. tba
+
 # 6. Licensing & Compliance
 
 This repository is fully SPDX-compliant. All source files include appropriate SPDX license identifiers and headers to ensure