msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Compare commits

base: msw:096f06ce8d189466debec16609473fc0396f74b65921bba53795a40443d7f230
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable
...
compare: msw:v8.03.768-stable
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable

98 Commits
096f06ce8d ... v8.03.768-

Author SHA256 Message Date
Marc S. Weidner BOT
3e5681cb90 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c21a25f at 2025-06-17T17:03:36Z on 31b30f152ad6

Generated at : 2025-06-17T17:03:36Z
Runner Host  : 31b30f152ad6
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : c21a25f HEAD -> master
 2025-06-17 17:03:36 +00:00
Marc S. Weidner
c21a25f938 V8.03.768.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m27s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-17 19:02:03 +02:00
Marc S. Weidner
a5552f7079 Merge remote-tracking branch 'origin/master' 2025-06-17 18:56:24 +02:00
Marc S. Weidner
999fa7e11e V8.03.768.2025.06.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-17 18:56:15 +02:00
Marc S. Weidner BOT
7d8bab47ff DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@6e33d74 at 2025-06-17T16:33:13Z on a84f597e933a

Generated at : 2025-06-17T16:33:13Z
Runner Host  : a84f597e933a
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 6e33d74 HEAD -> master
 2025-06-17 16:33:13 +00:00
Marc S. Weidner
6e33d74922 V8.03.768.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m22s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-17 18:31:45 +02:00
Marc S. Weidner BOT
b718b1e8c8 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c7d5407 at 2025-06-17T16:28:14Z on 863110c5e7c7

Generated at : 2025-06-17T16:28:14Z
Runner Host  : 863110c5e7c7
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : c7d5407 HEAD -> master
 2025-06-17 16:28:14 +00:00
Marc S. Weidner
c7d5407119 V8.03.768.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m27s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-17 18:26:21 +02:00
Marc S. Weidner BOT
2f25ad8e31 DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@ec5f343 at 2025-06-17T14:54:37Z on 880f9b9d21a3

Generated at : 2025-06-17T14:54:37Z
Runner Host  : 880f9b9d21a3
Workflow ID  : 💙 Generating a PUBLIC Live ISO.
Git Commit   : ec5f343 HEAD -> master
 2025-06-17 14:54:37 +00:00
Marc S. Weidner BOT
ec5f343bfa DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@22220bb at 2025-06-17T14:03:37Z on bafbb2900f16

Generated at : 2025-06-17T14:03:37Z
Runner Host  : bafbb2900f16
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 22220bb HEAD -> master
 2025-06-17 14:03:37 +00:00
Marc S. Weidner BOT
22220bb3e0 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@ad7a12e at 2025-06-17T13:12:06Z on 6e730393370b

Generated at : 2025-06-17T13:12:06Z
Runner Host  : 6e730393370b
Workflow ID  : 🔐 Generating a Private Live ISO FLV 0.
Git Commit   : ad7a12e HEAD -> master
 2025-06-17 13:12:06 +00:00
Marc S. Weidner BOT
ad7a12ea92 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@03f0b4d at 2025-06-17T12:22:00Z on 07d789f6cde4

Generated at : 2025-06-17T12:22:00Z
Runner Host  : 07d789f6cde4
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 03f0b4d HEAD -> master
 2025-06-17 12:22:00 +00:00
Marc S. Weidner BOT
03f0b4df09 DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@0ef7fcb at 2025-06-17T12:21:11Z on 675c666aacea

Generated at : 2025-06-17T12:21:11Z
Runner Host  : 675c666aacea
Workflow ID  : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit   : 0ef7fcb HEAD -> master
 2025-06-17 12:21:11 +00:00
Marc S. Weidner
0ef7fcb146 V8.03.768.2025.06.17
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 35s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 51m40s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 51m26s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 50m59s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-17 14:19:05 +02:00
Marc S. Weidner BOT
ea2a7627e2 DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@b38e0c8 at 2025-06-11T19:46:50Z on 5be55a0d2464

Generated at : 2025-06-11T19:46:50Z
Runner Host  : 5be55a0d2464
Workflow ID  : 💙 Generating a PUBLIC Live ISO.
Git Commit   : b38e0c8 HEAD -> master
 2025-06-11 19:46:50 +00:00
Marc S. Weidner BOT
b38e0c8476 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@8409a8e at 2025-06-11T18:57:26Z on 409faf9f44c1

Generated at : 2025-06-11T18:57:26Z
Runner Host  : 409faf9f44c1
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 8409a8e HEAD -> master
 2025-06-11 18:57:26 +00:00
Marc S. Weidner BOT
8409a8eb8a DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@2b73132 at 2025-06-11T18:08:02Z on 610c91c1207c

Generated at : 2025-06-11T18:08:02Z
Runner Host  : 610c91c1207c
Workflow ID  : 🔐 Generating a Private Live ISO FLV 0.
Git Commit   : 2b73132 HEAD -> master
 2025-06-11 18:08:02 +00:00
Marc S. Weidner BOT
2b73132851 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@1769e13 at 2025-06-11T17:20:40Z on 1ce7b9e07f3b

Generated at : 2025-06-11T17:20:40Z
Runner Host  : 1ce7b9e07f3b
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 1769e13 HEAD -> master
 2025-06-11 17:20:40 +00:00
Marc S. Weidner BOT
1769e13708 DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@7eb8fb8 at 2025-06-11T17:19:38Z on df49d93beb71

Generated at : 2025-06-11T17:19:38Z
Runner Host  : df49d93beb71
Workflow ID  : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit   : 7eb8fb8 HEAD -> master
 2025-06-11 17:19:38 +00:00
Marc S. Weidner
7eb8fb8754 V8.03.768.2025.06.11
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 35s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m39s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 49m7s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 49m24s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 49m23s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-11 19:17:47 +02:00
Marc S. Weidner
1fda52e948 V8.03.768.2025.06.11 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-11 19:16:51 +02:00
Marc S. Weidner BOT
6d12da9566 DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@2b8deaf at 2025-06-09T23:03:26Z on 541caa50b8e9

Generated at : 2025-06-09T23:03:26Z
Runner Host  : 541caa50b8e9
Workflow ID  : 💙 Generating a PUBLIC Live ISO.
Git Commit   : 2b8deaf HEAD -> master
 2025-06-09 23:03:26 +00:00
Marc S. Weidner BOT
2b8deafabc DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@3a8e624 at 2025-06-09T22:16:21Z on 3c94b0ce9f9b

Generated at : 2025-06-09T22:16:21Z
Runner Host  : 3c94b0ce9f9b
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 3a8e624 HEAD -> master
 2025-06-09 22:16:21 +00:00
Marc S. Weidner BOT
3a8e624f57 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@eac8f62 at 2025-06-09T21:29:12Z on 5faff8dc6e26

Generated at : 2025-06-09T21:29:12Z
Runner Host  : 5faff8dc6e26
Workflow ID  : 🔐 Generating a Private Live ISO FLV 0.
Git Commit   : eac8f62 HEAD -> master
 2025-06-09 21:29:12 +00:00
Marc S. Weidner BOT
eac8f62459 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@fadece6 at 2025-06-09T20:42:11Z on be4dd281175d

Generated at : 2025-06-09T20:42:11Z
Runner Host  : be4dd281175d
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : fadece6 HEAD -> master
 2025-06-09 20:42:11 +00:00
Marc S. Weidner BOT
fadece63ca DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@68eb879 at 2025-06-09T20:41:27Z on 55df2b5118e1

Generated at : 2025-06-09T20:41:27Z
Runner Host  : 55df2b5118e1
Workflow ID  : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit   : 68eb879 HEAD -> master
 2025-06-09 20:41:27 +00:00
Marc S. Weidner
68eb879c8a V8.03.768.2025.06.09
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 34s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m19s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 48m28s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 47m5s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 47m5s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-09 22:38:15 +02:00
Marc S. Weidner BOT
64689d00b2 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@7172b4f at 2025-06-07T17:57:16Z on b04492b21523

Generated at : 2025-06-07T17:57:16Z
Runner Host  : b04492b21523
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 7172b4f HEAD -> master
 2025-06-07 17:57:16 +00:00
Marc S. Weidner
7172b4fee9 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 19:55:41 +02:00
Marc S. Weidner BOT
ec6066f620 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e164a03 at 2025-06-07T15:27:29Z on ea435a870a0e

Generated at : 2025-06-07T15:27:29Z
Runner Host  : ea435a870a0e
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : e164a03 HEAD -> master
 2025-06-07 15:27:29 +00:00
Marc S. Weidner
e164a039fa V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m3s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 17:26:01 +02:00
Marc S. Weidner BOT
87b23a87a0 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@4be9861 at 2025-06-07T13:59:46Z on beeac5128259

Generated at : 2025-06-07T13:59:46Z
Runner Host  : beeac5128259
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 4be9861 HEAD -> master
 2025-06-07 13:59:46 +00:00
Marc S. Weidner
4be9861403 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m10s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 15:58:23 +02:00
Marc S. Weidner
3913af49e3 Merge remote-tracking branch 'origin/master' 2025-06-07 15:55:04 +02:00
Marc S. Weidner BOT
7aa82e060b DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@9d40681 at 2025-06-07T13:28:15Z on 44fbbe95eb4c

Generated at : 2025-06-07T13:28:15Z
Runner Host  : 44fbbe95eb4c
Workflow ID  : 💙 Generating a PUBLIC Live ISO.
Git Commit   : 9d40681 HEAD -> master
 2025-06-07 13:28:15 +00:00
Marc S. Weidner BOT
9d40681c01 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@77b73f8 at 2025-06-07T12:39:31Z on ba61aa7d3bf8

Generated at : 2025-06-07T12:39:31Z
Runner Host  : ba61aa7d3bf8
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 77b73f8 HEAD -> master
 2025-06-07 12:39:31 +00:00
Marc S. Weidner
c5ddadc93e V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 14:00:13 +02:00
Marc S. Weidner BOT
77b73f8c5f DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@da8cf02 at 2025-06-07T11:52:30Z on 6b8c44a6e580

Generated at : 2025-06-07T11:52:30Z
Runner Host  : 6b8c44a6e580
Workflow ID  : 🔐 Generating a Private Live ISO FLV 0.
Git Commit   : da8cf02 HEAD -> master
 2025-06-07 11:52:30 +00:00
Marc S. Weidner BOT
da8cf0287d DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@301513c at 2025-06-07T11:05:19Z on b0bc13efe50b

Generated at : 2025-06-07T11:05:19Z
Runner Host  : b0bc13efe50b
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 301513c HEAD -> master
 2025-06-07 11:05:19 +00:00
Marc S. Weidner
301513c07e V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m5s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 48m21s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 47m0s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 48m44s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 13:03:28 +02:00
Marc S. Weidner BOT
31ece936c9 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@a34dbb4 at 2025-06-07T11:00:43Z on 18b4c36b2ecd

Generated at : 2025-06-07T11:00:43Z
Runner Host  : 18b4c36b2ecd
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : a34dbb4 HEAD -> master
 2025-06-07 11:00:43 +00:00
Marc S. Weidner
a34dbb41da V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 12:59:05 +02:00
Marc S. Weidner BOT
bc58199d11 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@7d6a048 at 2025-06-07T08:36:05Z on 0ba6fa05b246

Generated at: 2025-06-07T08:36:05Z
Runner Host : 0ba6fa05b246
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 7d6a048 HEAD -> master
 2025-06-07 08:36:05 +00:00
Marc S. Weidner BOT
7d6a048f17 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c0ea15d at 2025-06-07T08:11:13Z on e1db26fd8aee

Generated at: 2025-06-07T08:11:13Z
Runner Host : e1db26fd8aee
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : c0ea15d HEAD -> master
 2025-06-07 08:11:13 +00:00
Marc S. Weidner
c0ea15d1b5 Merge remote-tracking branch 'origin/master'
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details
2025-06-07 10:07:17 +02:00
Marc S. Weidner
5345c44493 V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 10:07:08 +02:00
Marc S. Weidner BOT
3ce250c1f1 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@52fecb8 at 2025-06-07T08:03:52Z on 8dc9df4c7580

Generated at: 2025-06-07T08:03:52Z
Runner Host : 8dc9df4c7580
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 52fecb8 HEAD -> master
 2025-06-07 08:03:52 +00:00
Marc S. Weidner
52fecb8b6f V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 10:02:37 +02:00
Marc S. Weidner BOT
5175c8245a DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@680ce14 at 2025-06-07T07:51:58Z on 4c6959341a64

Generated at: 2025-06-07T07:51:58Z
Runner Host : 4c6959341a64
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 680ce14 HEAD -> master
 2025-06-07 07:51:58 +00:00
Marc S. Weidner
680ce149d7 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:50:43 +02:00
Marc S. Weidner BOT
a37ef3e143 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@77fd128 at 2025-06-07T07:47:37Z on 7fd54de01000

Generated at: 2025-06-07T07:47:37Z
Runner Host : 7fd54de01000
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 77fd128 HEAD -> master
 2025-06-07 07:47:37 +00:00
Marc S. Weidner
77fd128dbc V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m4s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 49m40s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:46:26 +02:00
Marc S. Weidner BOT
70a97b02fa DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e42acb0 at 2025-06-07T07:44:56Z on 5375c083d2a1

Generated at: 2025-06-07T07:44:56Z
Runner Host : 5375c083d2a1
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : e42acb0 HEAD -> master
 2025-06-07 07:44:57 +00:00
Marc S. Weidner
e42acb0bff Merge remote-tracking branch 'origin/master'
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details
2025-06-07 09:43:46 +02:00
Marc S. Weidner
e079067cb0 V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:43:29 +02:00
Marc S. Weidner BOT
766108d48d DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@28d89d6 at 2025-06-07T07:40:38Z on 0572777c7ea6

Generated at: 2025-06-07T07:40:38Z
Runner Host : 0572777c7ea6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 28d89d6 HEAD -> master
 2025-06-07 07:40:38 +00:00
Marc S. Weidner
28d89d6693 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m19s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:39:03 +02:00
Marc S. Weidner BOT
1282d40191 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@7e065c9 at 2025-06-07T07:05:42Z on 08c6e868345f

Generated at: 2025-06-07T07:05:42Z
Runner Host : 08c6e868345f
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 7e065c9 HEAD -> master
 2025-06-07 07:05:42 +00:00
Marc S. Weidner BOT
7e065c9e5d DEPLOY BOT: 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@4bbb4ea at 2025-06-07T07:05:07Z on 967cb55d3f4b

Generated at: 2025-06-07T07:05:07Z
Runner Host : 967cb55d3f4b
Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit  : 4bbb4ea HEAD -> master
 2025-06-07 07:05:08 +00:00
Marc S. Weidner
4bbb4ead30 V8.03.644.2025.06.07
Some checks failed
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Failing after 2s
Details
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 33s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:03:50 +02:00
Marc S. Weidner BOT
73cd161efd DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@a3862e3 at 2025-06-06T18:14:40Z on 0ffeac58975d

Generated at: 2025-06-06T18:14:40Z
Runner Host : 0ffeac58975d
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : a3862e3 HEAD -> master
 2025-06-06 18:14:40 +00:00
Marc S. Weidner
a3862e3961 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m3s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 20:13:27 +02:00
Marc S. Weidner BOT
9d1b80d648 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@f0b02ed at 2025-06-06T18:03:13Z on 7fe714a6be4e

Generated at: 2025-06-06T18:03:13Z
Runner Host : 7fe714a6be4e
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : f0b02ed HEAD -> master
 2025-06-06 18:03:13 +00:00
Marc S. Weidner
f0b02ed158 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 20:00:27 +02:00
Marc S. Weidner BOT
8256633e5a DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@dc5048f at 2025-06-06T16:33:32Z on bc4923d97e5c

Generated at: 2025-06-06T16:33:32Z
Runner Host : bc4923d97e5c
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : dc5048f HEAD -> master
 2025-06-06 16:33:32 +00:00
Marc S. Weidner
dc5048fb49 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 18:32:04 +02:00
Marc S. Weidner BOT
fec771291f DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@9fb432e at 2025-06-06T15:59:23Z on af17a3e399e0

Generated at: 2025-06-06T15:59:23Z
Runner Host : af17a3e399e0
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 9fb432e HEAD -> master
 2025-06-06 15:59:23 +00:00
Marc S. Weidner
9fb432ed59 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:58:08 +02:00
Marc S. Weidner BOT
57cf13d25f DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@1a5ae42 at 2025-06-06T15:47:11Z on c36a6c20f5c6

Generated at: 2025-06-06T15:47:11Z
Runner Host : c36a6c20f5c6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 1a5ae42 HEAD → master
 2025-06-06 15:47:11 +00:00
Marc S. Weidner
1a5ae42516 V8.03.512.2025.06.06
All checks were successful
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 23s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:45:58 +02:00
Marc S. Weidner BOT
2ed84cac89 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@87203e3 at 2025-06-06T15:26:21Z on 8a23fdd43376

Generated at: 2025-06-06T15:26:21Z
Runner Host : 8a23fdd43376
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 87203e3 HEAD → master
 2025-06-06 15:26:21 +00:00
Marc S. Weidner
87203e343f V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:24:51 +02:00
Marc S. Weidner BOT
b4d3459f4a DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@b3c74ef at 2025-06-06T08:21:26Z on 2d6ce5c1bcc6

Generated at: 2025-06-06T08:21:26Z
Runner Host : 2d6ce5c1bcc6
Workflow ID : 🔐 Generating a Private Live ISO FLV 0.
Git Commit  : b3c74ef HEAD → master
 2025-06-06 08:21:26 +00:00
Marc S. Weidner BOT
b3c74ef219 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c18f630 at 2025-06-06T07:37:32Z on 7fd0c8f69374

Generated at: 2025-06-06T07:37:32Z
Runner Host : 7fd0c8f69374
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : c18f630 HEAD → master
 2025-06-06 07:37:32 +00:00
Marc S. Weidner
c18f630760 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 45m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:36:04 +02:00
Marc S. Weidner
65c921b172 V8.03.512.2025.06.06
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:35:41 +02:00
Marc S. Weidner BOT
a35c93e39e DEPLOY BOT: 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@e59bbfd at 2025-06-06T07:24:31Z on d45a149ed680

Generated at: 2025-06-06T07:24:31Z
Runner Host : d45a149ed680
Workflow ID : 💙 Generating a PUBLIC Live ISO.
Git Commit  : e59bbfd HEAD → master
 2025-06-06 07:24:31 +00:00
Marc S. Weidner BOT
e59bbfd2ec DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@ccae4a2 at 2025-06-06T07:10:08Z on 1f669574f51a

Generated at: 2025-06-06T07:10:08Z
Runner Host : 1f669574f51a
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : ccae4a2 HEAD → master
 2025-06-06 07:10:08 +00:00
Marc S. Weidner
ccae4a2cba V8.03.512.2025.06.06
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m17s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 8m58s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:08:45 +02:00
Marc S. Weidner BOT
187482e85d DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@893fd8b at 2025-06-06T06:45:04Z on 4f8e0db5ed99

Generated at: 2025-06-06T06:45:04Z
Runner Host : 4f8e0db5ed99
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 893fd8b HEAD → master
 2025-06-06 06:45:04 +00:00
Marc S. Weidner
893fd8b1c2 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 08:43:25 +02:00
Marc S. Weidner BOT
0dfda09473 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@2e3c753 at 2025-06-06T06:38:59Z on 033ede6e6e1c

Generated at: 2025-06-06T06:38:59Z
Runner Host : 033ede6e6e1c
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 2e3c753 HEAD → master
 2025-06-06 06:38:59 +00:00
Marc S. Weidner BOT
2e3c753483 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@4552a10 at 2025-06-06T05:53:47Z on 47167775d5cb

Generated at: 2025-06-06T05:53:47Z
Runner Host : 47167775d5cb
Workflow ID : 🔐 Generating a Private Live ISO FLV 0.
Git Commit  : 4552a10 HEAD → master
 2025-06-06 05:53:47 +00:00
Marc S. Weidner BOT
4552a101f5 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e3c959a at 2025-06-06T05:10:23Z on 28cab0873ecc

Generated at: 2025-06-06T05:10:23Z
Runner Host : 28cab0873ecc
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : e3c959a HEAD → master
 2025-06-06 05:10:23 +00:00
Marc S. Weidner
e3c959a6f7 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m13s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 44m42s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 45m11s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 45m32s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 07:09:00 +02:00
Marc S. Weidner BOT
fd4bd7aa31 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@f6d617a at 2025-06-06T04:57:53Z on 6af6ff727fd6

Generated at: 2025-06-06T04:57:53Z
Runner Host : 6af6ff727fd6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : f6d617a HEAD → master
 2025-06-06 04:57:53 +00:00
Marc S. Weidner BOT
f6d617ac5a DEPLOY BOT: 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@ddd5aa3 at 2025-06-06T04:57:21Z on 152ddf3b707a

Generated at: 2025-06-06T04:57:21Z
Runner Host : 152ddf3b707a
Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit  : ddd5aa3 HEAD → master
 2025-06-06 04:57:21 +00:00
Marc S. Weidner
ddd5aa3b49 V8.03.512.2025.06.06
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 33s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 06:56:16 +02:00
Marc S. Weidner BOT
86068a6b7e DEPLOY BOT: 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@31eb503 at 2025-06-05T22:41:05Z on 11931b5ea4ef

Generated at: 2025-06-05T22:41:05Z
Runner Host : 11931b5ea4ef
Workflow ID : 💙 Generating a PUBLIC Live ISO.
Git Commit  : 31eb503 HEAD → master
 2025-06-05 22:41:05 +00:00
Marc S. Weidner BOT
31eb50342a DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@6d2025e at 2025-06-05T21:57:21Z on e2e485d3471a

Generated at: 2025-06-05T21:57:21Z
Runner Host : e2e485d3471a
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 6d2025e HEAD → master
 2025-06-05 21:57:21 +00:00
Marc S. Weidner BOT
6d2025eb40 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@6b9b533 at 2025-06-05T21:14:04Z on a08716fc39d0

Generated at: 2025-06-05T21:14:04Z
Runner Host : a08716fc39d0
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 6b9b533 HEAD → master
 2025-06-05 21:14:04 +00:00
Marc S. Weidner
6b9b533b52 V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m13s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 44m35s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 43m43s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 23:12:44 +02:00
Marc S. Weidner BOT
a54f75d406 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@d6115b9 at 2025-06-05T21:00:24Z on b5fffa7cbf6d

Generated at: 2025-06-05T21:00:24Z
Runner Host : b5fffa7cbf6d
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : d6115b9 HEAD → master
 2025-06-05 21:00:24 +00:00
Marc S. Weidner
d6115b90b5 V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m21s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:58:57 +02:00
Marc S. Weidner
e6920e567a V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m9s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:44:53 +02:00
Marc S. Weidner
3ad1726770 V8.03.400.2025.06.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:38:12 +02:00
Marc S. Weidner
ac579fd862 V8.03.400.2025.06.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m26s
Details
Generating a Private Live ISO FLV 0. / Generating a Private Live ISO FLV 0. (push) Failing after 44m13s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:24:39 +02:00
Marc S. Weidner BOT
b34344ec52 DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@096f06c at 2025-06-05T20:18:50Z on ca01ddafe79f

Generated at: 2025-06-05T20:18:50Z
Runner Host : ca01ddafe79f
Workflow ID : Retrieve DNSSEC status of coresecret.dev.
Git Commit  : 096f06c HEAD → master
 2025-06-05 20:18:50 +00:00
112 changed files with 909 additions and 355 deletions
Expand all files Collapse all files

44
.archive/icon.lib
View File

@@ -2,46 +2,48 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
🔧
⚠️
🚫
🔐
🔒
🔑
✍️
🖥️
🔄
🔁
🌌
🔵
💙
🔍
💡
🔧
🛠️
🏗
⚙️
📐
🧪
📩
📥
📦
📑
📂
🔒
🔐
⚙️
🌌
📀
🎉
🖥️
📂
📩
🔵
😺
🧪
📉
📊
🧾
📀
📉
📋
🕑
🧠
📅
💙
🚫
🔄
🔁
📋
🎯
🔍
💡
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
.editorconfig
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
View File

@@ -25,7 +25,7 @@ body:
attributes:
label: "Version"
description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
placeholder: "e.g., Master V8.03.400.2025.06.05"
placeholder: "e.g., Master V8.03.768.2025.06.17"
validations:
required: true

4
.gitea/ISSUE_TEMPLATE/PULL_REQUEST_TEMPLATE.yaml
View File

@@ -48,8 +48,8 @@ body:
options:
- label: "My edits contain no tabs, use two-space indentation, and no trailing whitespace"
- label: "I have read ~/docs/CONTRIBUTING.md and ~/docs/CODING_CONVENTION.md"
- label: "I have tested this fix or improvement on 2 VMs without issues"
- label: "I have tested this new feature on 2 VMs with and without it to avoid side effects"
- label: "I have tested this fix or improvement on >=2 VMs without issues"
- label: "I have tested this new feature on >=2 VMs with and without it to avoid side effects"
- label: "Documentation and/or 'usage()' and/or 'arg_parser' have been updated for the new feature"
- label: "I added myself to ~/docs/CREDITS.md (alphabetical) and updated ~/docs/CHANGELOG.md"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

69
.gitea/TODO/dockerfile Normal file
View File

@@ -0,0 +1,69 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.768.2025.06.17
FROM debian:bookworm
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y \
apt-transport-https \
apt-utils \
bash \
ca-certificates \
gnupg \
openssl \
sudo \
&& apt-get update -y \
&& apt-get upgrade -y \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p /etc/apt/sources.list.d && touch /etc/apt/sources.list.d/bookworm-backports.list \
&& echo 'deb https://deb.debian.org/debian bookworm-backports main' >| /etc/apt/sources.list.d/bookworm-backports.list \
&& apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends \
autoconf \
automake \
build-essential \
cryptsetup \
curl \
debootstrap \
dosfstools \
efibootmgr \
gettext \
git \
haveged \
libtool \
live-build \
parted \
pkg-config \
ssh \
ssl-cert \
texinfo \
wget \
whois \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
RUN useradd --create-home --shell /bin/bash runner
WORKDIR /home/runner
USER runner
ENTRYPOINT ["bash"]

80
.gitea/TODO/render-md-to-html.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
name: Render README.md to README.html.
name: 🔁 Render README.md to README.html.
permissions:
contents: write
@@ -26,7 +26,7 @@ on:
jobs:
render-md-to-html:
name: Render README.md to README.html.
name: 🔁 Render README.md to README.html.
runs-on: ubuntu-latest
steps:
@@ -111,28 +111,28 @@ jobs:
sudo apt-get update
sudo apt-get install -y pandoc
#- name: ⚙️ Ensure .html/ directory exists.
# shell: bash
# run:
# mkdir -p .html
- name: ⚙️ Ensure .html/ directory exists.
shell: bash
run:
mkdir -p .html
#- name: 🛠️ Render *.md to full standalone HTML.
# shell: bash
# run: |
# set -euo pipefail
# find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do
# out=$(basename "${file%.md}.html")
# pandoc -s "${file}" \
# --metadata title="${file}" \
# --metadata lang=en \
# -f gfm+footnotes \
# -t html5 \
# --no-highlight \
# --strip-comments \
# --wrap=none \
# --lua-filter=.gitea/properties/lua/linkfix.lua \
# -o .html/"${out}"
# done
- name: 🛠️ Render *.md to full standalone HTML.
shell: bash
run: |
set -euo pipefail
find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do
out=$(basename "${file%.md}.html")
pandoc -s "${file}" \
--metadata title="${file}" \
--metadata lang=en \
-f gfm+footnotes \
-t html5 \
--no-highlight \
--strip-comments \
--wrap=none \
--lua-filter=.gitea/properties/lua/linkfix.lua \
-o .html/"${out}"
done
- name: 🛠️ Extract HTML fragment for Gitea for *.md.
shell: bash
@@ -150,6 +150,15 @@ jobs:
-o "${out}"
done
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -168,6 +177,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -197,15 +215,15 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate *.html from *.md [skip ci]
COMMIT_MSG="DEPLOY BOT : 🔁 Auto-Generate *.html from *.md [skip ci]
${CI_HEADER}
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
"
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"

2
.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
View File

@@ -11,5 +11,5 @@
build:
counter: 1023
version: V8.03.384.2025.06.03
version: V8.03.768.2025.06.17
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

4
.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu
build:
counter: 1024
version: V8.03.400.2025.06.05
counter: 1023
version: V8.03.768.2025.06.17
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_PUBLIC.yaml
View File

@@ -11,5 +11,5 @@
build:
counter: 1023
version: V8.03.384.2025.06.03
version: V8.03.768.2025.06.17
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_dns.yaml
View File

@@ -11,5 +11,5 @@
build:
counter: 1023
version: V8.03.400.2025.06.05
version: V8.03.768.2025.06.17
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

73
.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
name: Generating a Private Live ISO FLV 0.
name: 🔐 Generating a Private Live ISO FLV 0.
permissions:
contents: write
@@ -25,8 +25,8 @@ on:
jobs:
generate-private-ciss-debian-live-iso:
name: Generating a Private Live ISO FLV 0.
runs-on: ciss.debian.live.builder
name: 🔐 Generating a Private Live ISO FLV 0.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
@@ -35,17 +35,17 @@ jobs:
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update
apt-get upgrade
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update
apt-get update -y
apt-get install -y \
autoconf \
automake \
@@ -85,22 +85,27 @@ jobs:
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo " Skipping download, package already exists: '${archive_name}'."
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
@@ -110,7 +115,7 @@ jobs:
exit 1
fi
else
echo " Skipping directory, already exists: '${pkg_name}'."
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
@@ -124,15 +129,15 @@ jobs:
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
@@ -153,7 +158,7 @@ jobs:
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo " Does not exist as build binary: '${bin}'."
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
@@ -166,7 +171,7 @@ jobs:
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo " Does not exist: '/usr/local/bin/${name}'."
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
@@ -265,7 +270,7 @@ jobs:
timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
./ciss_live_builder.sh \
--autobuild=6.12.22+bpo-amd64 \
--autobuild=6.12.30+bpo-amd64 \
--architecture amd64 \
--build-directory /opt/livebuild \
--control "${timestamp}" \
@@ -299,7 +304,7 @@ jobs:
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo " Old ISO files found and deleted :"
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
@@ -312,7 +317,7 @@ jobs:
fi
done < public_iso_list.txt
else
echo " No old ISO files found to delete."
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
@@ -388,6 +393,15 @@ jobs:
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -406,6 +420,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -436,14 +459,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci]
COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

75
.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
name: Generating a Private Live ISO FLV 1.
name: 🔐 Generating a Private Live ISO FLV 1.
permissions:
contents: write
@@ -21,12 +21,12 @@ on:
branches:
- master
paths:
- '.gitea/trigger/.t_generate_PRIVATE_iso_flavour_1.yaml'
- '.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml'
jobs:
generate-private-ciss-debian-live-iso:
name: Generating a Private Live ISO FLV 1.
runs-on: ciss.debian.live.builder
name: 🔐 Generating a Private Live ISO FLV 1.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
@@ -35,17 +35,17 @@ jobs:
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update
apt-get upgrade
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update
apt-get update -y
apt-get install -y \
autoconf \
automake \
@@ -85,22 +85,27 @@ jobs:
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo " Skipping download, package already exists: '${archive_name}'."
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
@@ -110,7 +115,7 @@ jobs:
exit 1
fi
else
echo " Skipping directory, already exists: '${pkg_name}'."
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
@@ -124,15 +129,15 @@ jobs:
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
@@ -153,7 +158,7 @@ jobs:
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo " Does not exist as build binary: '${bin}'."
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
@@ -166,7 +171,7 @@ jobs:
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo " Does not exist: '/usr/local/bin/${name}'."
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
@@ -265,7 +270,7 @@ jobs:
timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
./ciss_live_builder.sh \
--autobuild=6.12.22+bpo-amd64 \
--autobuild=6.12.30+bpo-amd64 \
--architecture amd64 \
--build-directory /opt/livebuild \
--control "${timestamp}" \
@@ -296,7 +301,7 @@ jobs:
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo " Old ISO files found and deleted :"
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
@@ -309,7 +314,7 @@ jobs:
fi
done < public_iso_list.txt
else
echo " No old ISO files found to delete."
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
@@ -385,6 +390,15 @@ jobs:
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -403,6 +417,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -433,14 +456,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci]
COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

75
.gitea/workflows/generate_PUBLIC_iso.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
name: Generating a PUBLIC Live ISO.
name: 💙 Generating a PUBLIC Live ISO.
permissions:
contents: write
@@ -21,12 +21,12 @@ on:
branches:
- master
paths:
- '.gitea/trigger/.t_generate_PUBLIC.yaml'
- '.gitea/trigger/t_generate_PUBLIC.yaml'
jobs:
generate-private-ciss-debian-live-iso:
name: Generating a PUBLIC Live ISO.
runs-on: ciss.debian.live.builder
name: 💙 Generating a PUBLIC Live ISO.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
@@ -35,17 +35,17 @@ jobs:
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update
apt-get upgrade
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update
apt-get update -y
apt-get install -y \
autoconf \
automake \
@@ -85,22 +85,27 @@ jobs:
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo " Skipping download, package already exists: '${archive_name}'."
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
@@ -110,7 +115,7 @@ jobs:
exit 1
fi
else
echo " Skipping directory, already exists: '${pkg_name}'."
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
@@ -124,15 +129,15 @@ jobs:
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
@@ -153,7 +158,7 @@ jobs:
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo " Does not exist as build binary: '${bin}'."
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
@@ -166,7 +171,7 @@ jobs:
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo " Does not exist: '/usr/local/bin/${name}'."
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
@@ -266,7 +271,7 @@ jobs:
timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
./ciss_live_builder.sh \
--autobuild=6.12.22+bpo-amd64 \
--autobuild=6.12.30+bpo-amd64 \
--architecture amd64 \
--build-directory /opt/livebuild \
--control "${timestamp}" \
@@ -296,7 +301,7 @@ jobs:
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo " Old ISO files found and deleted :"
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
@@ -309,7 +314,7 @@ jobs:
fi
done < public_iso_list.txt
else
echo " No old ISO files found to delete."
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
@@ -385,6 +390,15 @@ jobs:
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -403,6 +417,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -433,14 +456,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate PUBLIC LIVE ISO [skip ci]
COMMIT_MSG="DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

179
.gitea/workflows/linter_char_scripts.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
# Gitea Workflow: Shell-Script Linting
#
@@ -70,7 +70,7 @@ jobs:
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
set -euo pipefail
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/PRIVATE_TESTING_CISS.debian.live.builder.git .
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
@@ -127,32 +127,34 @@ jobs:
#
# We capture:
# - All files '*.sh', '*.zsh', '*.chroot'
# - All files whose first line begins with #! (shebang)
# - All files whose first line begins with "#!" (shebang)
# -------------------------------
mapfile -t files_to_check < <(
find . -type f \( \
-iname '*.sh' -o \
-iname '*.zsh' -o \
-iname '*.chroot' -o \
-exec grep -Iq '^#!' {} \; \
\) -print
find . \
-path './.git' -prune -o \
-type f \( \
-iname '*.sh' -o \
-iname '*.zsh' -o \
-iname '*.chroot' -o \
-exec grep -Iq '^#!' {} \; \
\) -print
)
# -------------------------------
# STEP 2: Regex definitions
#
# - CRLF_REGEX Carriage Return (\r) for Windows CRLF
# - CTRL_REGEX C0 control characters except Tab (\x09) and Newline (\x0A)
# Range: [\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]
# - NON_ASCII_REGEX All bytes > 0x7F, except emoji characters in defined ranges
# - CRLF_REGEX Carriage Return (\r) for Windows CRLF
# - CTRL_REGEX C0 control characters except Tab (\x09) and Newline (\x0A)
# - Range: [\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]
# - NON_ASCII_REGEX All bytes -> 0x7F, except emoji characters in defined ranges
#
# Emoji ranges that we exclude:
# - \x{1F300}-\x{1F5FF} (Misc Symbols & Pictographs)
# - \x{1F600}-\x{1F64F} (Emoticons)
# - \x{1F680}-\x{1F6FF} (Transport & Map Symbols)
# - \x{1F900}-\x{1F9FF} (Supplemental Symbols & Pictographs)
# - \x{2600}-\x{26FF} (Miscellaneous Symbols)
# - \x{2700}-\x{27BF} (Dingbats)
# - \x{1F300}-\x{1F5FF} Misc Symbols & Pictographs
# - \x{1F600}-\x{1F64F} Emoticons
# - \x{1F680}-\x{1F6FF} Transport & Map Symbols
# - \x{1F900}-\x{1F9FF} Supplemental Symbols & Pictographs
# - \x{2600}-\x{26FF} Miscellaneous Symbols
# - \x{2700}-\x{27BF} Dingbats
# -------------------------------
CRLF_REGEX=$'\r'
@@ -170,7 +172,7 @@ jobs:
for file in "${files_to_check[@]}"; do
#
# 4.1: CRLF detection
# grep -nP returns lineno:<line with CR>
# grep -nP returns "lineno:<line with CR>"
# -------------------------------
while IFS=: read -r lineno _rest; do
findings+="${file}: CRLF-found at line ${lineno}: <CR>"$'\n'
@@ -178,7 +180,7 @@ jobs:
#
# 4.2: Unallowed control characters
# grep -nP -o returns lineno:<matched-char>
# grep -nP -o returns "lineno:<matched-char>"
# -------------------------------
while IFS=: read -r lineno char; do
findings+="${file}: control-char at line ${lineno}: ${char}"$'\n'
@@ -186,7 +188,7 @@ jobs:
#
# 4.3: Non-ASCII characters with emoji exception
# grep -nP -o returns lineno:<matched-char>
# grep -nP -o returns "lineno:<matched-char>"
# -------------------------------
while IFS=: read -r lineno char; do
findings+="${file}: non-ascii at line ${lineno}: ${char}"$'\n'
@@ -199,8 +201,139 @@ jobs:
if [[ -n "${findings}" ]]; then
echo -e "⚠️ Linting issues detected:\n"
echo -e "${findings}"
exit 1
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
⚠️ The last linter check was NOT successful. ⚠️
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
else
echo "✅ No issues found in shell scripts."
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
✅ The last linter check was successful. ✅
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
fi
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
PRIVATE_FILE="LINTER_RESULTS.txt"
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🛡️ Shell Script Linting [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

34
.gitea/workflows/render-dnssec-status.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
name: Retrieve DNSSEC status of coresecret.dev.
name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
permissions:
contents: write
@@ -25,7 +25,7 @@ on:
jobs:
build-dnssec-diagram:
name: Retrieve DNSSEC status of coresecret.dev.
name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
runs-on: ubuntu-latest
steps:
@@ -127,6 +127,15 @@ jobs:
dnsviz probe -s 8.8.8.8 -R SOA,A,AAAA,CAA,CDS,CDNSKEY,LOC,HTTPS,MX,NS,TXT coresecret.dev >| coresecret.dev.json
dnsviz graph -T png < coresecret.dev.json >| docs/SECURITY/coresecret.dev.png
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -145,6 +154,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -174,14 +192,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci]
COMMIT_MSG="DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

34
.gitea/workflows/render-dot-to-png.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
name: Render Graphviz Diagrams.
name: 🔁 Render Graphviz Diagrams.
permissions:
contents: write
@@ -26,7 +26,7 @@ on:
jobs:
build-graphiz-diagrams:
name: Render Graphviz Diagrams.
name: 🔁 Render Graphviz Diagrams.
runs-on: ubuntu-latest
steps:
@@ -120,6 +120,15 @@ jobs:
dot -Tpng "${file}" -o "${out}"
done
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -138,6 +147,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -167,14 +185,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: DEPLOY BOT: Auto-Generate PNG from *.dot. [skip ci]
COMMIT_MSG="DEPLOY BOT : 🔁 Auto-Generate PNG from *.dot. [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

2
.gitignore vendored
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
.version.properties
View File

@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu"
properties_version="V8.03.400.2025.06.05"
properties_version="V8.03.768.2025.06.17"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf

2
CISS.debian.live.builder.spdx
View File

@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder
PackageVersion: Master V8.03.400.2025.06.05
PackageVersion: Master V8.03.768.2025.06.17
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder

16
LINTER_RESULTS.txt Normal file
View File

@@ -0,0 +1,16 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-17T17:03:33Z".
✅ The last linter check was successful. ✅
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

16
LIVE_ISO.public
View File

@@ -2,26 +2,26 @@
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-03T12:10:46Z".
This file was automatically generated by the DEPLOY BOT on: "2025-06-17T14:54:34Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_03T11_33_11Z-amd64.hybrid.iso"
"ciss-debian-live-2025_06_17T14_12_22Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_03T11_33_11Z-amd64.hybrid.iso.sha512"
"ciss-debian-live-2025_06_17T14_12_22Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaD7mRgAKCRA85KY4hzOw
IcORAP4lGjiHbnMe3CQWMH+Tz2Z4Mp/kLXbh3K2+j6agrK1rHQEA/d1NJ9npprJN
2TKYjeFA1sAPA/LvgAdVXKKfTlhsyww=
=PjlU
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFGBqgAKCRA85KY4hzOw
IYthAQDYHWvmctdnn39QGj0cdLgPkqMd3JTtC+goiM2BO6UAoQD/SM4ObHSBQ9ZO
tQ5Wj5SzmMyMqFB9UIFizaEH0RcBEgk=
=zTxU
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

16
LIVE_ISO_FLV_0.private
View File

@@ -2,26 +2,26 @@
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-02T23:05:15Z".
This file was automatically generated by the DEPLOY BOT on: "2025-06-17T13:12:03Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_02T22_27_09Z-amd64.hybrid.iso"
"ciss-debian-live-2025_06_17T12_29_48Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_02T22_27_09Z-amd64.hybrid.iso.sha512"
"ciss-debian-live-2025_06_17T12_29_48Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaD4uKwAKCRA85KY4hzOw
IQ/pAQCVmu7uuOLHWrWM4XSX/t6nD/0WLZk68aR829FhF7hqaAD7Bve8jHudhvlv
ewg9APapMOqKaM2aDowmuR8ONHJktAU=
=meXV
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFFpowAKCRA85KY4hzOw
IQmsAQC7nsyQvaiBPjFjze0arnTSyJ0X45OElMH6vwWeOPCYwgEAgoPURpD9KBWX
TDSR3bhZqdaFTJYAQfguXxDI0wff8Aw=
=BqaA
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

16
LIVE_ISO_FLV_1.private
View File

@@ -2,26 +2,26 @@
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-05T19:17:12Z".
This file was automatically generated by the DEPLOY BOT on: "2025-06-17T14:03:33Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_05T18_36_07Z-amd64.hybrid.iso"
"ciss-debian-live-2025_06_17T13_20_50Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_05T18_36_07Z-amd64.hybrid.iso.sha512"
"ciss-debian-live-2025_06_17T13_20_50Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaEHtOAAKCRA85KY4hzOw
IXO2AQC73XTi/UMGPOMQggNfFdC/D8C16l09hgrdsq+3pWsNKwD+PeJhzSwmlMRB
+3xze9K4Jw+5LOVcdGT8hkA/WmvY1ww=
=eaNF
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFF1tQAKCRA85KY4hzOw
IbsWAP9Zk6J3kFfRVASMGnT4h2Joak31pmX5p3Ron4mRDserMgEArhu1axOkGlyI
MPD3Zw/YEZeRSRtGLPFPfEEq8zAmIQo=
=b16D
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

8
README.md
View File

@@ -2,7 +2,7 @@
gitea: none
include_toc: true
---
[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.400.2025.06.05-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.17-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
&nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -37,7 +37,7 @@ changes and made publicly available for download. The latest generic ISO is avai
Check out more:
* [CenturionNet Services](https://coresecret.eu/cnet/)
* [CenturionDNS Resolver](https://dns.eddns.eu/)
* [CenturionDNS Resolver](https://eddns.eu/)
* [CenturionDNS Blocklist](https://dns.eddns.eu/blocklists/centurion_titanium_ultimate.txt)
* [CenturionNet Status](https://uptime.coresecret.eu/)
* [CenturionMeet](https://talk.e2ee.li/)
@@ -121,7 +121,7 @@ The following happens in all cases:
* The installer kernel (/install/vmlinuz) + initrd.gz are started.
* The existing live system is exited.
* The memory is overwritten.
* All running processes e.g., firewall, hardened SSH access, etc. pp. cease to exist.
* All running processes - e.g., firewall, hardened SSH access, etc. pp. - cease to exist.
The Debian Installer loads:
* its own kernel,

5
ciss_live_builder.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -40,7 +40,8 @@
declare -g VAR_HANDLER_AUTOBUILD="false"
declare -gr VAR_CONTACT="security@coresecret.eu"
declare -gr VAR_VERSION="Master V8.03.400.2025.06.05"
declare -gr VAR_VERSION="Master V8.03.768.2025.06.17"
for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *) PATH="${PATH}:${dir}" ;; esac; done; export PATH; unset dir
### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
declare arg

2
config/bootloaders/grub-efi/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/bootloaders/grub-pc/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0000_generate_backup_dir.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

10
config/hooks/live/0001_initramfs_modules.chroot
View File

@@ -148,7 +148,7 @@ cat << 'EOF' >| /etc/initramfs-tools/initramfs.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -207,9 +207,9 @@ COMPRESS=zstd
# Defaults vary by compressor.
#
# Valid values are:
# 19 for gzip|bzip2|lzma|lzop
# 09 for lz4|xz
# 019 for zstd
# 1-9 for gzip|bzip2|lzma|lzop
# 0-9 for lz4|xz
# 0-19 for zstd
# COMPRESSLEVEL=3
#
@@ -253,7 +253,7 @@ cat << 'EOF' >> /etc/initramfs-tools/hooks/ciss_debian_live_builder
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/0002_verify_checksums.chroot
View File

@@ -27,7 +27,7 @@ cat << 'EOF' >| "${src}"
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

39
config/hooks/live/0003_install_backports.chroot Normal file
View File

@@ -0,0 +1,39 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -C -e -u -o pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1
DEBIAN_FRONTEND=noninteractive \
apt-get update && \
DEBIAN_FRONTEND=noninteractive \
apt-get install -y --no-install-recommends \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
-t bookworm-backports \
btrfs-progs \
curl \
debootstrap \
iproute2 \
ncat \
nmap \
ssh \
systemd \
systemd-sysv \
whois
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
# sleep 1
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
config/hooks/live/0820_kernel_hardening_checker.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0840_ufw_abuse_ipdb_reporter.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/1024_git_clone_ciss_2025_debian_installer.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9920_deleting_invalid_x509.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9940_hardening_memory.dump.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

4
config/hooks/live/9950_fail2ban_hardening.chroot
View File

@@ -30,7 +30,7 @@ cat << 'EOF' >| /etc/fail2ban/jail.d/centurion-default.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
@@ -46,7 +46,7 @@ findtime = 24h
bantime = 24h
### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
### Jump host mistyped 13 times: no ban, only after four attempts [sshd]
### Jump host mistyped 1-3 times: no ban, only after four attempts [sshd]
[sshd]
enabled = true

8
config/hooks/live/9985_clamav.chroot
View File

@@ -32,8 +32,8 @@ ReadOnlyPaths=/
ReadWritePaths=/var/lib/clamav /var/log/clamav /var/run/clamav /run/clamav
MemoryDenyWriteExecute=yes
MemoryLimit=512M
CPUShares=512
#MemoryLimit=4096M
#CPUShares=512
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
@@ -58,8 +58,8 @@ ReadOnlyPaths=/
ReadWritePaths=/var/lib/clamav /var/log/clamav /var/run/clamav
MemoryDenyWriteExecute=yes
MemoryLimit=512M
CPUShares=512
#MemoryLimit=4096M
#CPUShares=512
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes

10
config/hooks/live/9990_final_purge.chroot
View File

@@ -16,13 +16,13 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
apt-get update -y
apt-get purge -y exim4 exim4-daemon-light exim4-base exim4-config \
qemu-guest-agent rmail sendmail-base sendmail-bin sendmail-cf sensible-mda sendmail-doc
apt-get purge -y exim4 exim4-daemon-light exim4-base exim4-config qemu-guest-agent rmail
#sendmail-base sendmail-bin sendmail-cf sensible-mda sendmail-doc
apt-mark hold exim4 exim4-daemon-light exim4-base exim4-config \
qemu-guest-agent rmail sendmail-base sendmail-bin sendmail-cf sensible-mda sendmail-doc
apt-mark hold exim4 exim4-daemon-light exim4-base exim4-config qemu-guest-agent rmail
#sendmail-base sendmail-bin sendmail-cf sensible-mda sendmail-doc
dpkg --get-selections | grep deinstall >> /tmp/deinstall.log || true
dpkg --get-selections | grep deinstall >| /tmp/deinstall.log || true
if [[ -s /tmp/deinstall.log ]]; then
printf "\n"

1
config/hooks/live/9991_file_permissions.chroot
View File

@@ -39,6 +39,7 @@ EOF
cp -a /etc/login.defs /root/.ciss/dlb/backup/login.defs.bak
sed -ri 's/^(#?LOGIN_TIMEOUT)[[:space:]]+[0-9]+/\1 180/' /etc/login.defs
sed -i 's/UMASK 022/UMASK 077/' /etc/login.defs
sed -i 's/PASS_MAX_DAYS 99999/PASS_MAX_DAYS 16384/' /etc/login.defs
sed -i 's/PASS_MIN_DAYS 0/PASS_MIN_DAYS 1/' /etc/login.defs

2
config/hooks/live/9992_password_expiration.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/9993_aide.chroot
View File

@@ -14,7 +14,7 @@ set -C -e -u -o pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1
apt-get install -y aide
apt-get install -y aide > /dev/null 2>&1
cp -u /etc/aide/aide.conf /root/.ciss/dlb/backup/aide.conf.bak
sed -i "s/Checksums = H/Checksums = sha512/" /etc/aide/aide.conf

10
config/hooks/live/9994_password_policy.chroot
View File

@@ -26,7 +26,7 @@ cat << 'EOF' >| /etc/security/pwquality.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -34,7 +34,7 @@ cat << 'EOF' >| /etc/security/pwquality.conf
# SPDX-Security-Contact: security@coresecret.eu
### Current recommendations for '/etc/security/pwquality.conf' based on common best practices,
### including NIST SP 80063B, https://pages.nist.gov/800-63-3/sp800-63b.html
### including NIST SP 800-63B, https://pages.nist.gov/800-63-3/sp800-63b.html
### and weighing usability against security.
### Configuration for systemwide password quality limits
@@ -46,15 +46,15 @@ difok = 4
### Length over complexity: Studies show that longer passphrases are significantly more
### resistant to brute-force and dictionary attacks. NIST recommends at least eight characters
### but advises longer passphrases (e.g., 1264) for increased security. Twenty characters strike a
### but advises longer passphrases (e.g., 12-64) for increased security. Twenty characters strike a
### good balance between security and user convenience.
### Minimum acceptable size for the new password (plus one if
### credits are not disabled, which is the default). (See pam_cracklib manual.)
### Cannot be set to a lower value than 6.
minlen = 20
minlen = 40
### dcredit = 0, ucredit = 0, lcredit = 0, ocredit = 0, minclass = 0
### NIST SP 80063B advises against rigid complexity rules (numbers, symbols, uppercase)
### NIST SP 800-63B advises against rigid complexity rules (numbers, symbols, uppercase)
### because they can lead users to adopt predictable patterns (e.g., "Pa$$word!").
### Length and dictionary checks are more effective.

2
config/includes.binary/boot/grub/config.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/includes.chroot/etc/live/config.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/etc/modprobe.d/30-cendev-hardening.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/etc/network/interfaces
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

6
config/includes.chroot/etc/ssh/sshd_config
View File

@@ -2,14 +2,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
@@ -51,7 +51,7 @@ MaxSessions 2
MaxStartups 08:64:16
### Restrict each individual source IP to only 4 unauthenticated connection slot
### in the concurrent MaxStartups pool, preventing one IP from monopolizing slots.
PerSourceMaxStartups 4
PerSourceMaxStartups 8
ClientAliveInterval 300
ClientAliveCountMax 2

4
config/includes.chroot/etc/sysctl.d/99_local.hardened
View File

@@ -2,14 +2,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.768.2025.06.17
### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/

2
config/includes.chroot/etc/systemd/system/getty@tty1.service.d/override.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/0_di_preseed_include_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/1_di_preseed_early_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/2_di_partman_early_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/3_di_preseed_late_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/di_scripting_flexibility.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

6
config/includes.chroot/preseed/.ash/di_scripting_password.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -26,13 +26,13 @@ grep -o '[!-~]' /dev/urandom | tr -d '\n' | head -c64 >> "${TMP_PASSPHRASE_FILE}
DEB_INSTALLER_CRYPT_INC_FILE=$(mktemp)
readonly DEB_INSTALLER_CRYPT_INC_FILE
# Read the first line (the passphrase) POSIX-compliant
# Read the first line (the passphrase) - POSIX-compliant
# IFS= prevents leading/trailing spaces from being truncated,
# -r ensures that backslashes are not interpreted.
IFS= read -r passphrase < "${TMP_PASSPHRASE_FILE}"
# A single printf call with exactly one redirect
# ShellCheck-compliant and valid in POSIX-sh
# - ShellCheck-compliant and valid in POSIX-sh
printf 'd-i partman-crypto/passphrase string %s\n' "${passphrase}" >> "$DEB_INSTALLER_CRYPT_INC_FILE"
printf 'd-i partman-crypto/passphrase-again string %s\n' "${passphrase}" >> "$DEB_INSTALLER_CRYPT_INC_FILE"

2
config/includes.chroot/preseed/.ash/di_scripting_ssh.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/.directories.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/apt.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/base.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/finished.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/firmware.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/locale.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/modules.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/network.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/packages.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/partitioning.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/security.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/software.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/ssh.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/time.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/user.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.iso/iso.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

4
config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
View File

@@ -3,14 +3,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
declare -gr VERSION="Master V8.03.400.2025.06.05"
declare -gr VERSION="Master V8.03.768.2025.06.17"
### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then

2
config/includes.chroot/preseed/.lib/sshd_config.lib
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.

4
config/includes.chroot/preseed/preseed.cfg
View File

@@ -4,7 +4,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024â€2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024â€"2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/
###########################################################################################
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.400.2025.06.05 at: 10:18:37.9542
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.17 at: 10:18:37.9542

3
config/includes.chroot/root/.bashrc
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -33,6 +33,7 @@
trap ' "${SHELL}" /root/.ciss/clean_logout.sh ' 0
source /root/.ciss/alias
source /root/.ciss/f2bchk.sh
source /root/.ciss/shortcuts
source /root/.ciss/scan_libwrap

37
config/includes.chroot/root/.ciss/alias
View File

@@ -3,14 +3,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
###########################################################################################
########################################################################################### Alpha
#######################################
# Outputs a 16-character random printable string
# Arguments:
@@ -158,14 +158,22 @@ genpasswdhash() {
# shellcheck disable=SC2317
scurl() {
if [[ $# -ne 2 ]]; then
printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>. \e[0m\n" >&2
printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>.\e[0m\n" >&2
return 1
fi
if ! curl --proto '=https' --tlsv1.3 -sSf -o "${2}" "${1}"; then
printf "\e[91m❌ Error: Download failed for URL: '%s'. \e[0m\n" "${1}" >&2
declare url="$1"
declare output_path="$2"
if ! curl --doh-url "https://dns01.eddns.eu/dns-query" \
--doh-cert-status \
--tlsv1.3 \
-sSf \
-o "${output_path}" \
"${url}"
then
printf "\e[91m❌ Error: Download failed for URL: '%s'.\e[0m\n" "${url}" >&2
return 2
fi
return 0
}
###########################################################################################
@@ -177,14 +185,23 @@ scurl() {
# shellcheck disable=SC2317
swget() {
if [[ $# -ne 2 ]]; then
printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>. \e[0m\n" >&2
printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>.\e[0m\n" >&2
return 1
fi
if ! wget --no-clobber --https-only --secure-protocol=TLSv1_3 -qO "${2}" "${1}"; then
printf "\e[91m❌ Error: Download failed for URL: '%s'. \e[0m\n" "${1}" >&2
declare url="$1"
declare output_path="$2"
mkdir -p "$(dirname "${output_path}")"
if ! wget --show-progress \
--no-clobber \
--https-only \
--secure-protocol=TLSv1_3 \
-qO "${output_path}" \
"${url}"
then
printf "\e[91m❌ Error: Download failed for URL: '%s'.\e[0m\n" "$url" >&2
return 2
fi
return 0
}
###########################################################################################

2
config/includes.chroot/root/.ciss/clean_logout.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

87
config/includes.chroot/root/.ciss/f2bchk.sh Normal file
View File

@@ -0,0 +1,87 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
#######################################
# Wrapper for fail2ban filter checks against logs.
# Usage: f2bchk --mode=ignored || --mode=matched || --mode=missed \
# --filter=/etc/fail2ban/filter.d/ufw.aggressive.conf \
# --log=/var/log/ufw.log \
# --output=/tmp/f2bchk.log
# Globals:
# DEFAULT_FILTER
# DEFAULT_LOG
# DEFAULT_MODE
# Arguments:
# None
# Returns:
# 1 In case of any errors
#######################################
f2bchk(){
# Declare default values (readonly)
declare -r DEFAULT_MODE="matched"
declare -r DEFAULT_FILTER="/etc/fail2ban/filter.d/ufw.aggressive.conf"
declare -r DEFAULT_LOG="/var/log/ufw.log"
declare mode="${DEFAULT_MODE}"
declare filter="${DEFAULT_FILTER}"
declare log="${DEFAULT_LOG}"
declare output=""
declare arg=""
for arg in "$@"; do
case "${arg}" in
--mode=*) mode="${arg#--mode=}";;
--filter=*) filter="${arg#--filter=}";;
--log=*) log="${arg#--log=}";;
--output=*) output="${arg#--output=}";;
*)
printf "\e[31m[ERROR]\e[0m Unknown argument: %s\n" "${arg}"
return 1
;;
esac
done
declare flag suffix
case "${mode}" in
ignored) flag="--print-all-ignored"; suffix="all.ignored";;
matched) flag="--print-all-matched"; suffix="all.matched";;
missed) flag="--print-all-missed"; suffix="all.missed";;
*)
printf "\e[31m[ERROR]\e[0m Invalid mode: %s\n" "${mode}"
return 1
;;
esac
if [[ -z "${output}" ]]; then
declare filter_name="${filter##*/}"
filter_name="${filter_name%.conf}"
output="/tmp/${filter_name}.${suffix}.log"
fi
if [[ ! -r "${log}" ]]; then
printf "\e[31m[ERROR]\e[0m Log file '%s' not found or not readable.\n" "${log}"
return 1
fi
if [[ ! -r "${filter}" ]]; then
printf "\e[31m[ERROR]\e[0m Filter file '%s' not found or not readable.\n" "${filter}"
return 1
fi
printf "\e[33m[INFO]\e[0m Running: fail2ban-regex %s %s %s\n" "${log}" "${filter}" "${flag}"
if fail2ban-regex "${log}" "${filter}" "${flag}" >| "${output}"; then
printf "\e[32m[SUCCESS]\e[0m Saved log to %s\n" "$output"
printf "You can view it with: cat %s\n" "$output"
else
printf "\e[31m[ERROR]\e[0m fail2ban-regex execution failed.\n"
return 1
fi
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
config/includes.chroot/root/.ciss/scan_libwrap
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/includes.chroot/root/.ciss/shortcuts
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/package-lists/live.list.amd64.chroot
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/package-lists/live.list.arm64.chroot
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/package-lists/live.list.common.chroot
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
docs/AUDIT_DNSSEC.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. DNSSEC Status

2
docs/AUDIT_HAVEGED.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Haveged Audit on Netcup RS 2000 G11

2
docs/AUDIT_LYNIS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Lynis Audit:

2
docs/AUDIT_SSH.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. SSH Audit by ssh-audit.com

2
docs/AUDIT_TLS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. TLS Audit:

62
docs/CHANGELOG.md
View File

@@ -8,26 +8,74 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Changelog
## V8.03.768.2025.06.17
* Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.30+bpo-amd64``
## V8.03.768.2025.06.11
* Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.27+bpo-amd64``
## V8.03.768.2025.06.09
* Added: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
* Updated: [alias](../config/includes.chroot/root/.ciss/alias)
* ``scurl()``
* ``swget()``
## V8.03.644.2025.06.07
* Updated workflows ISO Generators Runners.
* Installing ``bookworm-backports`` Versions of:
* ``btrfs-progs``
* ``curl``
* ``debootstrap``
* ``iproute2``
* ``ncat``
* ``nmap``
* ``ssh``
* ``systemd``
* ``systemd-sysv``
* ``whois``
* Changed default: ``/etc/login.defs`` ``LOGIN_TIMEOUT 60`` to: ``LOGIN_TIMEOUT 180``
* LIVE ISO generated by workflow tested against:
* Netcup Root Server
* Proxmox
* LIVE ISO generated by script tested against:
* Netcup Root Server
## V8.03.512.2025.06.06
* Updated workflows:
1. ``git stash push``
2. ``git fetch origin master``
3. ``git merge --no-edit origin/master``
4. ``git stash pop``
* Changed workflows ISO Generators routines ``🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.``
* added ``wget --https-only`` flag
* added verification step
## V8.03.400.2025.06.05
* The workflow image was changed to ``debian:bookworm``.
* The workflow ISO Generators image was changed to ``debian:bookworm``.
* Added a LIVE ISO workflow routine to build GnuPG from sources, since Bookworm GPG does not recognize key format 5.
* Changed verbosity of:
* [9993_aide.chroot](../config/hooks/live/9993_aide.chroot)
* [9997_debsums.chroot](../config/hooks/live/9997_debsums.chroot)
* Added basic linter checks for:
* '*.sh',
* '*.zsh',
* '*.chroot',
* all files with Shebang (#!) for:
* **``*.sh``**,
* **``*.zsh``**,
* **``*.chroot``**,
* all files with Shebang **``#``**! for:
* Windows CRLF line endings
* unauthorized control characters (C0 control characters except \t, \n)
* non-ASCII (ambiguous UTF) characters
[linter_char_scripts.yaml](../.gitea/workflows/linter_char_scripts.yaml)
* [linter_char_scripts.yaml](../.gitea/workflows/linter_char_scripts.yaml)
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**

2
docs/CNET.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Centurion Net - Developer Branch Overview

2
docs/CODING_CONVENTION.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Coding Style

2
docs/CONTRIBUTING.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Contributing / participating

2
docs/CREDITS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Credits

2
docs/DL_PUB_ISO.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO

4
docs/DOCUMENTATION.md
View File

@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Usage
````text
CISS.debian.live.builder
Master V8.03.400.2025.06.05
Master V8.03.768.2025.06.17
(c) Marc S. Weidner, 2018 - 2025
(p) Centurion Press, 2024 - 2025

4
docs/LICENSES/CC-BY-NC-ND-4.0.txt
View File

@@ -1,6 +1,6 @@
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Creative Commons Corporation (Creative Commons) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an as-is basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible.
Creative Commons Corporation ("Creative Commons") is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an "as-is" basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible.
Using Creative Commons Public Licenses
@@ -150,6 +150,6 @@ Section 8 - Interpretation.
d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority.
Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the Licensor. Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at creativecommons.org/policies, Creative Commons does not authorize the use of the trademark Creative Commons or any other trademark or logo of Creative Commons without its prior written consent, including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses.
Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the "Licensor." Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at creativecommons.org/policies, Creative Commons does not authorize the use of the trademark "Creative Commons" or any other trademark or logo of Creative Commons without its prior written consent, including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses.
Creative Commons may be contacted at creativecommons.org.

2
docs/REFERENCES.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.768.2025.06.17<br>
# 2. Resources

Some files were not shown because too many files have changed in this diff Show More