V8.13.512.2025.11.28

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/includes.chroot/etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh

@@ -21,7 +21,7 @@ _SAVED_SET_OPTS="$(set +o)"
 
 set -eu
 
-printf "\e[95m[INFO] Starting             : [/etc/initramfs-tools/scripts/init-bottom/0042-ciss-post-decrypt-attest.sh] \n\e[0m"
+printf "\e[95m[INFO] Starting             : [/etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh] \n\e[0m"
 
 ### Declare variables ----------------------------------------------------------------------------------------------------------
 
@@ -176,6 +176,6 @@ fi
 
 eval "${_SAVED_SET_OPTS}"
 
-printf "\e[92m[INFO] Successfully applied : [/etc/initramfs-tools/scripts/init-bottom/0042-ciss-post-decrypt-attest.sh] \n\e[0m"
+printf "\e[92m[INFO] Successfully applied : [/etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh] \n\e[0m"
 
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

docs/CHANGELOG.md

@@ -32,7 +32,7 @@ include_toc: true
 * **Bugfixes**: [0024-ciss-crypt-squash](../config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash)
 * **Bugfixes**: [0026-ciss-early-sysctl](../config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl)
 * **Bugfixes**: [0030-ciss-verify-checksums](../config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums)
-* **Bugfixes**: [0042-ciss-post-decrypt-attest](../config/includes.chroot/etc/initramfs-tools/scripts/init-bottom/0042-ciss-post-decrypt-attest.sh)
+* **Bugfixes**: [0042_ciss_post_decrypt_attest.sh](../config/includes.chroot/etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh)
 
 ## V8.13.432.2025.11.18
 * **Bugfixes**: [0003_cdi_autostart.chroot](../config/hooks/live/0003_cdi_autostart.chroot)
@@ -48,7 +48,7 @@ include_toc: true
 * **Added**: [0022-ciss-overlay-tmpfs.sh](../config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs) + Pre-create constrained tmpfs for OverlayFS upper/work before live-boot mounts overlay.
 * **Added**: [0024-ciss-crypt-squash](../config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash) + Open ``/live/ciss_rootfs.crypt`` (LUKS) and present its SquashFS as ``/run/live/rootfs``.
 * **Added**: [0026-ciss-early-sysctl.sh](../config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl) + Enforce early sysctls before services start.
-* **Added**: [0042-ciss-post-decrypt-attest](../config/includes.chroot/etc/initramfs-tools/scripts/init-bottom/0042-ciss-post-decrypt-attest.sh) + Late rootfs attestation and dmsetup health checking.
+* **Added**: [0042_ciss_post_decrypt_attest.sh](../config/includes.chroot/etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh) + Late rootfs attestation and dmsetup health checking.
 * **Added**: [MAN_CISS_ISO_BOOT_CHAIN.md](MAN_CISS_ISO_BOOT_CHAIN.md)
 * **Added**: [lib_ciss_signatures.sh](../lib/lib_ciss_signatures.sh) + integrated dynamic GPG FPR injection.
 * **Bugfixes**: [0021_dropbear_initramfs.chroot](../config/hooks/live/0021_dropbear_initramfs.chroot) + mv original files to a safe backup location.

lib/lib_ciss_signatures.sh

@@ -17,7 +17,7 @@ guard_sourcing || return "${ERR_GUARD_SRCE}"
 # Module to export GPG FPRs into scripts:
 #  - /etc/initramfs-tools/files/unlock_wrapper.sh
 #  - /usr/lib/live/boot/0030-ciss-verify-checksums
-#  - /etc/initramfs-tools/scripts/init-bottom/0042-ciss-post-decrypt-attest.sh
+#  - /etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh
 # Globals:
 #   BASH_SOURCE
 #   VAR_HANDLER_BUILD_DIR
@@ -34,7 +34,7 @@ ciss_signatures() {
 
   declare -ar _ary_target=(
     "/etc/initramfs-tools/files/unlock_wrapper.sh"
-    "/etc/initramfs-tools/scripts/init-bottom/0042-ciss-post-decrypt-attest.sh"
+    "/etc/initramfs-tools/scripts/init-bottom/0042_ciss_post_decrypt_attest.sh"
     "/usr/lib/live/boot/0030-ciss-verify-checksums"
   )