msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Compare commits

base: msw:096f06ce8d189466debec16609473fc0396f74b65921bba53795a40443d7f230
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable
..
compare: msw:v8.03.644-stable
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable

67 Commits
096f06ce8d ... v8.03.644-

Author SHA256 Message Date
Marc S. Weidner BOT
87b23a87a0 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@4be9861 at 2025-06-07T13:59:46Z on beeac5128259

Generated at : 2025-06-07T13:59:46Z
Runner Host  : beeac5128259
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 4be9861 HEAD -> master
 2025-06-07 13:59:46 +00:00
Marc S. Weidner
4be9861403 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m10s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 15:58:23 +02:00
Marc S. Weidner
3913af49e3 Merge remote-tracking branch 'origin/master' 2025-06-07 15:55:04 +02:00
Marc S. Weidner BOT
7aa82e060b DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@9d40681 at 2025-06-07T13:28:15Z on 44fbbe95eb4c

Generated at : 2025-06-07T13:28:15Z
Runner Host  : 44fbbe95eb4c
Workflow ID  : 💙 Generating a PUBLIC Live ISO.
Git Commit   : 9d40681 HEAD -> master
 2025-06-07 13:28:15 +00:00
Marc S. Weidner BOT
9d40681c01 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@77b73f8 at 2025-06-07T12:39:31Z on ba61aa7d3bf8

Generated at : 2025-06-07T12:39:31Z
Runner Host  : ba61aa7d3bf8
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 77b73f8 HEAD -> master
 2025-06-07 12:39:31 +00:00
Marc S. Weidner
c5ddadc93e V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 14:00:13 +02:00
Marc S. Weidner BOT
77b73f8c5f DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@da8cf02 at 2025-06-07T11:52:30Z on 6b8c44a6e580

Generated at : 2025-06-07T11:52:30Z
Runner Host  : 6b8c44a6e580
Workflow ID  : 🔐 Generating a Private Live ISO FLV 0.
Git Commit   : da8cf02 HEAD -> master
 2025-06-07 11:52:30 +00:00
Marc S. Weidner BOT
da8cf0287d DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@301513c at 2025-06-07T11:05:19Z on b0bc13efe50b

Generated at : 2025-06-07T11:05:19Z
Runner Host  : b0bc13efe50b
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 301513c HEAD -> master
 2025-06-07 11:05:19 +00:00
Marc S. Weidner
301513c07e V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m5s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 48m21s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 47m0s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 48m44s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 13:03:28 +02:00
Marc S. Weidner BOT
31ece936c9 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@a34dbb4 at 2025-06-07T11:00:43Z on 18b4c36b2ecd

Generated at : 2025-06-07T11:00:43Z
Runner Host  : 18b4c36b2ecd
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : a34dbb4 HEAD -> master
 2025-06-07 11:00:43 +00:00
Marc S. Weidner
a34dbb41da V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 12:59:05 +02:00
Marc S. Weidner BOT
bc58199d11 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@7d6a048 at 2025-06-07T08:36:05Z on 0ba6fa05b246

Generated at: 2025-06-07T08:36:05Z
Runner Host : 0ba6fa05b246
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 7d6a048 HEAD -> master
 2025-06-07 08:36:05 +00:00
Marc S. Weidner BOT
7d6a048f17 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c0ea15d at 2025-06-07T08:11:13Z on e1db26fd8aee

Generated at: 2025-06-07T08:11:13Z
Runner Host : e1db26fd8aee
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : c0ea15d HEAD -> master
 2025-06-07 08:11:13 +00:00
Marc S. Weidner
c0ea15d1b5 Merge remote-tracking branch 'origin/master'
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details
2025-06-07 10:07:17 +02:00
Marc S. Weidner
5345c44493 V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 10:07:08 +02:00
Marc S. Weidner BOT
3ce250c1f1 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@52fecb8 at 2025-06-07T08:03:52Z on 8dc9df4c7580

Generated at: 2025-06-07T08:03:52Z
Runner Host : 8dc9df4c7580
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 52fecb8 HEAD -> master
 2025-06-07 08:03:52 +00:00
Marc S. Weidner
52fecb8b6f V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 10:02:37 +02:00
Marc S. Weidner BOT
5175c8245a DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@680ce14 at 2025-06-07T07:51:58Z on 4c6959341a64

Generated at: 2025-06-07T07:51:58Z
Runner Host : 4c6959341a64
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 680ce14 HEAD -> master
 2025-06-07 07:51:58 +00:00
Marc S. Weidner
680ce149d7 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:50:43 +02:00
Marc S. Weidner BOT
a37ef3e143 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@77fd128 at 2025-06-07T07:47:37Z on 7fd54de01000

Generated at: 2025-06-07T07:47:37Z
Runner Host : 7fd54de01000
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 77fd128 HEAD -> master
 2025-06-07 07:47:37 +00:00
Marc S. Weidner
77fd128dbc V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m4s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 49m40s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:46:26 +02:00
Marc S. Weidner BOT
70a97b02fa DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e42acb0 at 2025-06-07T07:44:56Z on 5375c083d2a1

Generated at: 2025-06-07T07:44:56Z
Runner Host : 5375c083d2a1
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : e42acb0 HEAD -> master
 2025-06-07 07:44:57 +00:00
Marc S. Weidner
e42acb0bff Merge remote-tracking branch 'origin/master'
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details
2025-06-07 09:43:46 +02:00
Marc S. Weidner
e079067cb0 V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:43:29 +02:00
Marc S. Weidner BOT
766108d48d DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@28d89d6 at 2025-06-07T07:40:38Z on 0572777c7ea6

Generated at: 2025-06-07T07:40:38Z
Runner Host : 0572777c7ea6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 28d89d6 HEAD -> master
 2025-06-07 07:40:38 +00:00
Marc S. Weidner
28d89d6693 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m19s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:39:03 +02:00
Marc S. Weidner BOT
1282d40191 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@7e065c9 at 2025-06-07T07:05:42Z on 08c6e868345f

Generated at: 2025-06-07T07:05:42Z
Runner Host : 08c6e868345f
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 7e065c9 HEAD -> master
 2025-06-07 07:05:42 +00:00
Marc S. Weidner BOT
7e065c9e5d DEPLOY BOT: 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@4bbb4ea at 2025-06-07T07:05:07Z on 967cb55d3f4b

Generated at: 2025-06-07T07:05:07Z
Runner Host : 967cb55d3f4b
Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit  : 4bbb4ea HEAD -> master
 2025-06-07 07:05:08 +00:00
Marc S. Weidner
4bbb4ead30 V8.03.644.2025.06.07
Some checks failed
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Failing after 2s
Details
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 33s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:03:50 +02:00
Marc S. Weidner BOT
73cd161efd DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@a3862e3 at 2025-06-06T18:14:40Z on 0ffeac58975d

Generated at: 2025-06-06T18:14:40Z
Runner Host : 0ffeac58975d
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : a3862e3 HEAD -> master
 2025-06-06 18:14:40 +00:00
Marc S. Weidner
a3862e3961 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m3s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 20:13:27 +02:00
Marc S. Weidner BOT
9d1b80d648 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@f0b02ed at 2025-06-06T18:03:13Z on 7fe714a6be4e

Generated at: 2025-06-06T18:03:13Z
Runner Host : 7fe714a6be4e
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : f0b02ed HEAD -> master
 2025-06-06 18:03:13 +00:00
Marc S. Weidner
f0b02ed158 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 20:00:27 +02:00
Marc S. Weidner BOT
8256633e5a DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@dc5048f at 2025-06-06T16:33:32Z on bc4923d97e5c

Generated at: 2025-06-06T16:33:32Z
Runner Host : bc4923d97e5c
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : dc5048f HEAD -> master
 2025-06-06 16:33:32 +00:00
Marc S. Weidner
dc5048fb49 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 18:32:04 +02:00
Marc S. Weidner BOT
fec771291f DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@9fb432e at 2025-06-06T15:59:23Z on af17a3e399e0

Generated at: 2025-06-06T15:59:23Z
Runner Host : af17a3e399e0
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 9fb432e HEAD -> master
 2025-06-06 15:59:23 +00:00
Marc S. Weidner
9fb432ed59 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:58:08 +02:00
Marc S. Weidner BOT
57cf13d25f DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@1a5ae42 at 2025-06-06T15:47:11Z on c36a6c20f5c6

Generated at: 2025-06-06T15:47:11Z
Runner Host : c36a6c20f5c6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 1a5ae42 HEAD → master
 2025-06-06 15:47:11 +00:00
Marc S. Weidner
1a5ae42516 V8.03.512.2025.06.06
All checks were successful
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 23s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:45:58 +02:00
Marc S. Weidner BOT
2ed84cac89 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@87203e3 at 2025-06-06T15:26:21Z on 8a23fdd43376

Generated at: 2025-06-06T15:26:21Z
Runner Host : 8a23fdd43376
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 87203e3 HEAD → master
 2025-06-06 15:26:21 +00:00
Marc S. Weidner
87203e343f V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:24:51 +02:00
Marc S. Weidner BOT
b4d3459f4a DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@b3c74ef at 2025-06-06T08:21:26Z on 2d6ce5c1bcc6

Generated at: 2025-06-06T08:21:26Z
Runner Host : 2d6ce5c1bcc6
Workflow ID : 🔐 Generating a Private Live ISO FLV 0.
Git Commit  : b3c74ef HEAD → master
 2025-06-06 08:21:26 +00:00
Marc S. Weidner BOT
b3c74ef219 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c18f630 at 2025-06-06T07:37:32Z on 7fd0c8f69374

Generated at: 2025-06-06T07:37:32Z
Runner Host : 7fd0c8f69374
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : c18f630 HEAD → master
 2025-06-06 07:37:32 +00:00
Marc S. Weidner
c18f630760 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 45m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:36:04 +02:00
Marc S. Weidner
65c921b172 V8.03.512.2025.06.06
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:35:41 +02:00
Marc S. Weidner BOT
a35c93e39e DEPLOY BOT: 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@e59bbfd at 2025-06-06T07:24:31Z on d45a149ed680

Generated at: 2025-06-06T07:24:31Z
Runner Host : d45a149ed680
Workflow ID : 💙 Generating a PUBLIC Live ISO.
Git Commit  : e59bbfd HEAD → master
 2025-06-06 07:24:31 +00:00
Marc S. Weidner BOT
e59bbfd2ec DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@ccae4a2 at 2025-06-06T07:10:08Z on 1f669574f51a

Generated at: 2025-06-06T07:10:08Z
Runner Host : 1f669574f51a
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : ccae4a2 HEAD → master
 2025-06-06 07:10:08 +00:00
Marc S. Weidner
ccae4a2cba V8.03.512.2025.06.06
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m17s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 8m58s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:08:45 +02:00
Marc S. Weidner BOT
187482e85d DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@893fd8b at 2025-06-06T06:45:04Z on 4f8e0db5ed99

Generated at: 2025-06-06T06:45:04Z
Runner Host : 4f8e0db5ed99
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 893fd8b HEAD → master
 2025-06-06 06:45:04 +00:00
Marc S. Weidner
893fd8b1c2 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 08:43:25 +02:00
Marc S. Weidner BOT
0dfda09473 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@2e3c753 at 2025-06-06T06:38:59Z on 033ede6e6e1c

Generated at: 2025-06-06T06:38:59Z
Runner Host : 033ede6e6e1c
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 2e3c753 HEAD → master
 2025-06-06 06:38:59 +00:00
Marc S. Weidner BOT
2e3c753483 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@4552a10 at 2025-06-06T05:53:47Z on 47167775d5cb

Generated at: 2025-06-06T05:53:47Z
Runner Host : 47167775d5cb
Workflow ID : 🔐 Generating a Private Live ISO FLV 0.
Git Commit  : 4552a10 HEAD → master
 2025-06-06 05:53:47 +00:00
Marc S. Weidner BOT
4552a101f5 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e3c959a at 2025-06-06T05:10:23Z on 28cab0873ecc

Generated at: 2025-06-06T05:10:23Z
Runner Host : 28cab0873ecc
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : e3c959a HEAD → master
 2025-06-06 05:10:23 +00:00
Marc S. Weidner
e3c959a6f7 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m13s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 44m42s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 45m11s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 45m32s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 07:09:00 +02:00
Marc S. Weidner BOT
fd4bd7aa31 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@f6d617a at 2025-06-06T04:57:53Z on 6af6ff727fd6

Generated at: 2025-06-06T04:57:53Z
Runner Host : 6af6ff727fd6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : f6d617a HEAD → master
 2025-06-06 04:57:53 +00:00
Marc S. Weidner BOT
f6d617ac5a DEPLOY BOT: 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@ddd5aa3 at 2025-06-06T04:57:21Z on 152ddf3b707a

Generated at: 2025-06-06T04:57:21Z
Runner Host : 152ddf3b707a
Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit  : ddd5aa3 HEAD → master
 2025-06-06 04:57:21 +00:00
Marc S. Weidner
ddd5aa3b49 V8.03.512.2025.06.06
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 33s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 06:56:16 +02:00
Marc S. Weidner BOT
86068a6b7e DEPLOY BOT: 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@31eb503 at 2025-06-05T22:41:05Z on 11931b5ea4ef

Generated at: 2025-06-05T22:41:05Z
Runner Host : 11931b5ea4ef
Workflow ID : 💙 Generating a PUBLIC Live ISO.
Git Commit  : 31eb503 HEAD → master
 2025-06-05 22:41:05 +00:00
Marc S. Weidner BOT
31eb50342a DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@6d2025e at 2025-06-05T21:57:21Z on e2e485d3471a

Generated at: 2025-06-05T21:57:21Z
Runner Host : e2e485d3471a
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 6d2025e HEAD → master
 2025-06-05 21:57:21 +00:00
Marc S. Weidner BOT
6d2025eb40 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@6b9b533 at 2025-06-05T21:14:04Z on a08716fc39d0

Generated at: 2025-06-05T21:14:04Z
Runner Host : a08716fc39d0
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 6b9b533 HEAD → master
 2025-06-05 21:14:04 +00:00
Marc S. Weidner
6b9b533b52 V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m13s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 44m35s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 43m43s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 23:12:44 +02:00
Marc S. Weidner BOT
a54f75d406 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@d6115b9 at 2025-06-05T21:00:24Z on b5fffa7cbf6d

Generated at: 2025-06-05T21:00:24Z
Runner Host : b5fffa7cbf6d
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : d6115b9 HEAD → master
 2025-06-05 21:00:24 +00:00
Marc S. Weidner
d6115b90b5 V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m21s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:58:57 +02:00
Marc S. Weidner
e6920e567a V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m9s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:44:53 +02:00
Marc S. Weidner
3ad1726770 V8.03.400.2025.06.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:38:12 +02:00
Marc S. Weidner
ac579fd862 V8.03.400.2025.06.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m26s
Details
Generating a Private Live ISO FLV 0. / Generating a Private Live ISO FLV 0. (push) Failing after 44m13s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:24:39 +02:00
Marc S. Weidner BOT
b34344ec52 DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@096f06c at 2025-06-05T20:18:50Z on ca01ddafe79f

Generated at: 2025-06-05T20:18:50Z
Runner Host : ca01ddafe79f
Workflow ID : Retrieve DNSSEC status of coresecret.dev.
Git Commit  : 096f06c HEAD → master
 2025-06-05 20:18:50 +00:00
108 changed files with 746 additions and 330 deletions
Expand all files Collapse all files

44
.archive/icon.lib
View File

@@ -2,46 +2,48 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
🔧
⚠️
🚫
🔐
🔒
🔑
✍️
🖥️
🔄
🔁
🌌
🔵
💙
🔍
💡
🔧
🛠️
🏗
⚙️
📐
🧪
📩
📥
📦
📑
📂
🔒
🔐
⚙️
🌌
📀
🎉
🖥️
📂
📩
🔵
😺
🧪
📉
📊
🧾
📀
📉
📋
🕑
🧠
📅
💙
🚫
🔄
🔁
📋
🎯
🔍
💡
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
.editorconfig
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
View File

@@ -25,7 +25,7 @@ body:
attributes:
label: "Version"
description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
placeholder: "e.g., Master V8.03.400.2025.06.05"
placeholder: "e.g., Master V8.03.644.2025.06.07"
validations:
required: true

4
.gitea/ISSUE_TEMPLATE/PULL_REQUEST_TEMPLATE.yaml
View File

@@ -48,8 +48,8 @@ body:
options:
- label: "My edits contain no tabs, use two-space indentation, and no trailing whitespace"
- label: "I have read ~/docs/CONTRIBUTING.md and ~/docs/CODING_CONVENTION.md"
- label: "I have tested this fix or improvement on 2 VMs without issues"
- label: "I have tested this new feature on 2 VMs with and without it to avoid side effects"
- label: "I have tested this fix or improvement on >=2 VMs without issues"
- label: "I have tested this new feature on >=2 VMs with and without it to avoid side effects"
- label: "Documentation and/or 'usage()' and/or 'arg_parser' have been updated for the new feature"
- label: "I added myself to ~/docs/CREDITS.md (alphabetical) and updated ~/docs/CHANGELOG.md"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

69
.gitea/TODO/dockerfile Normal file
View File

@@ -0,0 +1,69 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.644.2025.06.07
FROM debian:bookworm
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y \
apt-transport-https \
apt-utils \
bash \
ca-certificates \
gnupg \
openssl \
sudo \
&& apt-get update -y \
&& apt-get upgrade -y \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p /etc/apt/sources.list.d && touch /etc/apt/sources.list.d/bookworm-backports.list \
&& echo 'deb https://deb.debian.org/debian bookworm-backports main' >| /etc/apt/sources.list.d/bookworm-backports.list \
&& apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends \
autoconf \
automake \
build-essential \
cryptsetup \
curl \
debootstrap \
dosfstools \
efibootmgr \
gettext \
git \
haveged \
libtool \
live-build \
parted \
pkg-config \
ssh \
ssl-cert \
texinfo \
wget \
whois \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
RUN useradd --create-home --shell /bin/bash runner
WORKDIR /home/runner
USER runner
ENTRYPOINT ["bash"]

80
.gitea/TODO/render-md-to-html.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.644.2025.06.07
name: Render README.md to README.html.
name: 🔁 Render README.md to README.html.
permissions:
contents: write
@@ -26,7 +26,7 @@ on:
jobs:
render-md-to-html:
name: Render README.md to README.html.
name: 🔁 Render README.md to README.html.
runs-on: ubuntu-latest
steps:
@@ -111,28 +111,28 @@ jobs:
sudo apt-get update
sudo apt-get install -y pandoc
#- name: ⚙️ Ensure .html/ directory exists.
# shell: bash
# run:
# mkdir -p .html
- name: ⚙️ Ensure .html/ directory exists.
shell: bash
run:
mkdir -p .html
#- name: 🛠️ Render *.md to full standalone HTML.
# shell: bash
# run: |
# set -euo pipefail
# find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do
# out=$(basename "${file%.md}.html")
# pandoc -s "${file}" \
# --metadata title="${file}" \
# --metadata lang=en \
# -f gfm+footnotes \
# -t html5 \
# --no-highlight \
# --strip-comments \
# --wrap=none \
# --lua-filter=.gitea/properties/lua/linkfix.lua \
# -o .html/"${out}"
# done
- name: 🛠️ Render *.md to full standalone HTML.
shell: bash
run: |
set -euo pipefail
find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do
out=$(basename "${file%.md}.html")
pandoc -s "${file}" \
--metadata title="${file}" \
--metadata lang=en \
-f gfm+footnotes \
-t html5 \
--no-highlight \
--strip-comments \
--wrap=none \
--lua-filter=.gitea/properties/lua/linkfix.lua \
-o .html/"${out}"
done
- name: 🛠️ Extract HTML fragment for Gitea for *.md.
shell: bash
@@ -150,6 +150,15 @@ jobs:
-o "${out}"
done
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -168,6 +177,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -197,15 +215,15 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate *.html from *.md [skip ci]
COMMIT_MSG="DEPLOY BOT : 🔁 Auto-Generate *.html from *.md [skip ci]
${CI_HEADER}
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
"
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"

2
.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
View File

@@ -11,5 +11,5 @@
build:
counter: 1023
version: V8.03.384.2025.06.03
version: V8.03.644.2025.06.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

4
.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu
build:
counter: 1024
version: V8.03.400.2025.06.05
counter: 1023
version: V8.03.644.2025.06.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_PUBLIC.yaml
View File

@@ -11,5 +11,5 @@
build:
counter: 1023
version: V8.03.384.2025.06.03
version: V8.03.644.2025.06.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitea/trigger/t_generate_dns.yaml
View File

@@ -11,5 +11,5 @@
build:
counter: 1023
version: V8.03.400.2025.06.05
version: V8.03.644.2025.06.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

71
.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.644.2025.06.07
name: Generating a Private Live ISO FLV 0.
name: 🔐 Generating a Private Live ISO FLV 0.
permissions:
contents: write
@@ -25,8 +25,8 @@ on:
jobs:
generate-private-ciss-debian-live-iso:
name: Generating a Private Live ISO FLV 0.
runs-on: ciss.debian.live.builder
name: 🔐 Generating a Private Live ISO FLV 0.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
@@ -35,17 +35,17 @@ jobs:
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update
apt-get upgrade
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update
apt-get update -y
apt-get install -y \
autoconf \
automake \
@@ -85,22 +85,27 @@ jobs:
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo " Skipping download, package already exists: '${archive_name}'."
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
@@ -110,7 +115,7 @@ jobs:
exit 1
fi
else
echo " Skipping directory, already exists: '${pkg_name}'."
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
@@ -124,15 +129,15 @@ jobs:
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
@@ -153,7 +158,7 @@ jobs:
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo " Does not exist as build binary: '${bin}'."
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
@@ -166,7 +171,7 @@ jobs:
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo " Does not exist: '/usr/local/bin/${name}'."
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
@@ -299,7 +304,7 @@ jobs:
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo " Old ISO files found and deleted :"
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
@@ -312,7 +317,7 @@ jobs:
fi
done < public_iso_list.txt
else
echo " No old ISO files found to delete."
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
@@ -388,6 +393,15 @@ jobs:
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -406,6 +420,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -436,14 +459,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci]
COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

73
.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.512.2025.06.06
name: Generating a Private Live ISO FLV 1.
name: 🔐 Generating a Private Live ISO FLV 1.
permissions:
contents: write
@@ -21,12 +21,12 @@ on:
branches:
- master
paths:
- '.gitea/trigger/.t_generate_PRIVATE_iso_flavour_1.yaml'
- '.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml'
jobs:
generate-private-ciss-debian-live-iso:
name: Generating a Private Live ISO FLV 1.
runs-on: ciss.debian.live.builder
name: 🔐 Generating a Private Live ISO FLV 1.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
@@ -35,17 +35,17 @@ jobs:
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update
apt-get upgrade
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update
apt-get update -y
apt-get install -y \
autoconf \
automake \
@@ -85,22 +85,27 @@ jobs:
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo " Skipping download, package already exists: '${archive_name}'."
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
@@ -110,7 +115,7 @@ jobs:
exit 1
fi
else
echo " Skipping directory, already exists: '${pkg_name}'."
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
@@ -124,15 +129,15 @@ jobs:
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
@@ -153,7 +158,7 @@ jobs:
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo " Does not exist as build binary: '${bin}'."
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
@@ -166,7 +171,7 @@ jobs:
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo " Does not exist: '/usr/local/bin/${name}'."
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
@@ -296,7 +301,7 @@ jobs:
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo " Old ISO files found and deleted :"
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
@@ -309,7 +314,7 @@ jobs:
fi
done < public_iso_list.txt
else
echo " No old ISO files found to delete."
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
@@ -385,6 +390,15 @@ jobs:
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -403,6 +417,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -433,14 +456,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci]
COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

73
.gitea/workflows/generate_PUBLIC_iso.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.644.2025.06.07
name: Generating a PUBLIC Live ISO.
name: 💙 Generating a PUBLIC Live ISO.
permissions:
contents: write
@@ -21,12 +21,12 @@ on:
branches:
- master
paths:
- '.gitea/trigger/.t_generate_PUBLIC.yaml'
- '.gitea/trigger/t_generate_PUBLIC.yaml'
jobs:
generate-private-ciss-debian-live-iso:
name: Generating a PUBLIC Live ISO.
runs-on: ciss.debian.live.builder
name: 💙 Generating a PUBLIC Live ISO.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
@@ -35,17 +35,17 @@ jobs:
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update
apt-get upgrade
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update
apt-get update -y
apt-get install -y \
autoconf \
automake \
@@ -85,22 +85,27 @@ jobs:
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo " Skipping download, package already exists: '${archive_name}'."
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
@@ -110,7 +115,7 @@ jobs:
exit 1
fi
else
echo " Skipping directory, already exists: '${pkg_name}'."
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
@@ -124,15 +129,15 @@ jobs:
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}"; \
echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}"; \
echo "✅ Removed build artifacts: '${pkg_name}'."
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
@@ -153,7 +158,7 @@ jobs:
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo " Does not exist as build binary: '${bin}'."
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
@@ -166,7 +171,7 @@ jobs:
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo " Does not exist: '/usr/local/bin/${name}'."
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
@@ -296,7 +301,7 @@ jobs:
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo " Old ISO files found and deleted :"
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
@@ -309,7 +314,7 @@ jobs:
fi
done < public_iso_list.txt
else
echo " No old ISO files found to delete."
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
@@ -385,6 +390,15 @@ jobs:
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -403,6 +417,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -433,14 +456,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate PUBLIC LIVE ISO [skip ci]
COMMIT_MSG="DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

179
.gitea/workflows/linter_char_scripts.yaml
View File

@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.644.2025.06.07
# Gitea Workflow: Shell-Script Linting
#
@@ -70,7 +70,7 @@ jobs:
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
set -euo pipefail
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/PRIVATE_TESTING_CISS.debian.live.builder.git .
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
@@ -127,32 +127,34 @@ jobs:
#
# We capture:
# - All files '*.sh', '*.zsh', '*.chroot'
# - All files whose first line begins with #! (shebang)
# - All files whose first line begins with "#!" (shebang)
# -------------------------------
mapfile -t files_to_check < <(
find . -type f \( \
-iname '*.sh' -o \
-iname '*.zsh' -o \
-iname '*.chroot' -o \
-exec grep -Iq '^#!' {} \; \
\) -print
find . \
-path './.git' -prune -o \
-type f \( \
-iname '*.sh' -o \
-iname '*.zsh' -o \
-iname '*.chroot' -o \
-exec grep -Iq '^#!' {} \; \
\) -print
)
# -------------------------------
# STEP 2: Regex definitions
#
# - CRLF_REGEX Carriage Return (\r) for Windows CRLF
# - CTRL_REGEX C0 control characters except Tab (\x09) and Newline (\x0A)
# Range: [\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]
# - NON_ASCII_REGEX All bytes > 0x7F, except emoji characters in defined ranges
# - CRLF_REGEX Carriage Return (\r) for Windows CRLF
# - CTRL_REGEX C0 control characters except Tab (\x09) and Newline (\x0A)
# - Range: [\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]
# - NON_ASCII_REGEX All bytes -> 0x7F, except emoji characters in defined ranges
#
# Emoji ranges that we exclude:
# - \x{1F300}-\x{1F5FF} (Misc Symbols & Pictographs)
# - \x{1F600}-\x{1F64F} (Emoticons)
# - \x{1F680}-\x{1F6FF} (Transport & Map Symbols)
# - \x{1F900}-\x{1F9FF} (Supplemental Symbols & Pictographs)
# - \x{2600}-\x{26FF} (Miscellaneous Symbols)
# - \x{2700}-\x{27BF} (Dingbats)
# - \x{1F300}-\x{1F5FF} Misc Symbols & Pictographs
# - \x{1F600}-\x{1F64F} Emoticons
# - \x{1F680}-\x{1F6FF} Transport & Map Symbols
# - \x{1F900}-\x{1F9FF} Supplemental Symbols & Pictographs
# - \x{2600}-\x{26FF} Miscellaneous Symbols
# - \x{2700}-\x{27BF} Dingbats
# -------------------------------
CRLF_REGEX=$'\r'
@@ -170,7 +172,7 @@ jobs:
for file in "${files_to_check[@]}"; do
#
# 4.1: CRLF detection
# grep -nP returns lineno:<line with CR>
# grep -nP returns "lineno:<line with CR>"
# -------------------------------
while IFS=: read -r lineno _rest; do
findings+="${file}: CRLF-found at line ${lineno}: <CR>"$'\n'
@@ -178,7 +180,7 @@ jobs:
#
# 4.2: Unallowed control characters
# grep -nP -o returns lineno:<matched-char>
# grep -nP -o returns "lineno:<matched-char>"
# -------------------------------
while IFS=: read -r lineno char; do
findings+="${file}: control-char at line ${lineno}: ${char}"$'\n'
@@ -186,7 +188,7 @@ jobs:
#
# 4.3: Non-ASCII characters with emoji exception
# grep -nP -o returns lineno:<matched-char>
# grep -nP -o returns "lineno:<matched-char>"
# -------------------------------
while IFS=: read -r lineno char; do
findings+="${file}: non-ascii at line ${lineno}: ${char}"$'\n'
@@ -199,8 +201,139 @@ jobs:
if [[ -n "${findings}" ]]; then
echo -e "⚠️ Linting issues detected:\n"
echo -e "${findings}"
exit 1
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
⚠️ The last linter check was NOT successful. ⚠️
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
else
echo "✅ No issues found in shell scripts."
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
✅ The last linter check was successful. ✅
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
fi
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
PRIVATE_FILE="LINTER_RESULTS.txt"
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🛡️ Shell Script Linting [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

34
.gitea/workflows/render-dnssec-status.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.644.2025.06.07
name: Retrieve DNSSEC status of coresecret.dev.
name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
permissions:
contents: write
@@ -25,7 +25,7 @@ on:
jobs:
build-dnssec-diagram:
name: Retrieve DNSSEC status of coresecret.dev.
name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
runs-on: ubuntu-latest
steps:
@@ -127,6 +127,15 @@ jobs:
dnsviz probe -s 8.8.8.8 -R SOA,A,AAAA,CAA,CDS,CDNSKEY,LOC,HTTPS,MX,NS,TXT coresecret.dev >| coresecret.dev.json
dnsviz graph -T png < coresecret.dev.json >| docs/SECURITY/coresecret.dev.png
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -145,6 +154,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -174,14 +192,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci]
COMMIT_MSG="DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

34
.gitea/workflows/render-dot-to-png.yaml
View File

@@ -9,9 +9,9 @@
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.644.2025.06.07
name: Render Graphviz Diagrams.
name: 🔁 Render Graphviz Diagrams.
permissions:
contents: write
@@ -26,7 +26,7 @@ on:
jobs:
build-graphiz-diagrams:
name: Render Graphviz Diagrams.
name: 🔁 Render Graphviz Diagrams.
runs-on: ubuntu-latest
steps:
@@ -120,6 +120,15 @@ jobs:
dot -Tpng "${file}" -o "${out}"
done
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
@@ -138,6 +147,15 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
@@ -167,14 +185,14 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT: DEPLOY BOT: Auto-Generate PNG from *.dot. [skip ci]
COMMIT_MSG="DEPLOY BOT : 🔁 Auto-Generate PNG from *.dot. [skip ci]
${CI_HEADER}
Generated at: ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD ${GIT_REF}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"

2
.gitignore vendored
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
.version.properties
View File

@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu"
properties_version="V8.03.400.2025.06.05"
properties_version="V8.03.644.2025.06.07"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf

2
CISS.debian.live.builder.spdx
View File

@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder
PackageVersion: Master V8.03.400.2025.06.05
PackageVersion: Master V8.03.644.2025.06.07
PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder

16
LINTER_RESULTS.txt Normal file
View File

@@ -0,0 +1,16 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-07T13:59:44Z".
✅ The last linter check was successful. ✅
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

16
LIVE_ISO.public
View File

@@ -2,26 +2,26 @@
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-03T12:10:46Z".
This file was automatically generated by the DEPLOY BOT on: "2025-06-07T13:28:13Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_03T11_33_11Z-amd64.hybrid.iso"
"ciss-debian-live-2025_06_07T12_48_35Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_03T11_33_11Z-amd64.hybrid.iso.sha512"
"ciss-debian-live-2025_06_07T12_48_35Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaD7mRgAKCRA85KY4hzOw
IcORAP4lGjiHbnMe3CQWMH+Tz2Z4Mp/kLXbh3K2+j6agrK1rHQEA/d1NJ9npprJN
2TKYjeFA1sAPA/LvgAdVXKKfTlhsyww=
=PjlU
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaEQ+bQAKCRA85KY4hzOw
IdnhAQC+NGhgMMPqZgS51p59kCYSoGLDzodY7TtFOJOxLo5LeAD/bgJifC51JFju
RKy7e3am5Z80cAGZJ1RFliRgjJVZeAU=
=P9Qk
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

16
LIVE_ISO_FLV_0.private
View File

@@ -2,26 +2,26 @@
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-02T23:05:15Z".
This file was automatically generated by the DEPLOY BOT on: "2025-06-07T11:52:28Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_02T22_27_09Z-amd64.hybrid.iso"
"ciss-debian-live-2025_06_07T11_12_45Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_02T22_27_09Z-amd64.hybrid.iso.sha512"
"ciss-debian-live-2025_06_07T11_12_45Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaD4uKwAKCRA85KY4hzOw
IQ/pAQCVmu7uuOLHWrWM4XSX/t6nD/0WLZk68aR829FhF7hqaAD7Bve8jHudhvlv
ewg9APapMOqKaM2aDowmuR8ONHJktAU=
=meXV
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaEQn/AAKCRA85KY4hzOw
IeMFAP0ZsIuEHFz3EgDpk1rN066VZ2nGrx3NvQenvjg5EQsRNAD+MNlJ4JE9zk17
pvWF+r0l2K7P6CmxlK7WZFU2Hs6KYwc=
=6azh
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

16
LIVE_ISO_FLV_1.private
View File

@@ -2,26 +2,26 @@
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-05T19:17:12Z".
This file was automatically generated by the DEPLOY BOT on: "2025-06-07T12:39:29Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_05T18_36_07Z-amd64.hybrid.iso"
"ciss-debian-live-2025_06_07T12_01_03Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_05T18_36_07Z-amd64.hybrid.iso.sha512"
"ciss-debian-live-2025_06_07T12_01_03Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaEHtOAAKCRA85KY4hzOw
IXO2AQC73XTi/UMGPOMQggNfFdC/D8C16l09hgrdsq+3pWsNKwD+PeJhzSwmlMRB
+3xze9K4Jw+5LOVcdGT8hkA/WmvY1ww=
=eaNF
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaEQzAQAKCRA85KY4hzOw
IedVAQDj71Q0oAweOhYGabzgECIwgIxHPypvidif0fnjucGuIgD+O5XAvFsPnUzQ
7lXvBLPURbSoa5//sgkXL3Pmik2vvwk=
=TJPq
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

6
README.md
View File

@@ -2,7 +2,7 @@
gitea: none
include_toc: true
---
[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.400.2025.06.05-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.644.2025.06.07-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
&nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -121,7 +121,7 @@ The following happens in all cases:
* The installer kernel (/install/vmlinuz) + initrd.gz are started.
* The existing live system is exited.
* The memory is overwritten.
* All running processes e.g., firewall, hardened SSH access, etc. pp. cease to exist.
* All running processes - e.g., firewall, hardened SSH access, etc. pp. - cease to exist.
The Debian Installer loads:
* its own kernel,

4
ciss_live_builder.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -40,7 +40,7 @@
declare -g VAR_HANDLER_AUTOBUILD="false"
declare -gr VAR_CONTACT="security@coresecret.eu"
declare -gr VAR_VERSION="Master V8.03.400.2025.06.05"
declare -gr VAR_VERSION="Master V8.03.644.2025.06.07"
### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
declare arg

2
config/bootloaders/grub-efi/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/bootloaders/grub-pc/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0000_generate_backup_dir.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

10
config/hooks/live/0001_initramfs_modules.chroot
View File

@@ -148,7 +148,7 @@ cat << 'EOF' >| /etc/initramfs-tools/initramfs.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -207,9 +207,9 @@ COMPRESS=zstd
# Defaults vary by compressor.
#
# Valid values are:
# 19 for gzip|bzip2|lzma|lzop
# 09 for lz4|xz
# 019 for zstd
# 1-9 for gzip|bzip2|lzma|lzop
# 0-9 for lz4|xz
# 0-19 for zstd
# COMPRESSLEVEL=3
#
@@ -253,7 +253,7 @@ cat << 'EOF' >> /etc/initramfs-tools/hooks/ciss_debian_live_builder
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/0002_verify_checksums.chroot
View File

@@ -27,7 +27,7 @@ cat << 'EOF' >| "${src}"
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

39
config/hooks/live/0003_install_backports.chroot Normal file
View File

@@ -0,0 +1,39 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -C -e -u -o pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1
DEBIAN_FRONTEND=noninteractive \
apt-get update && \
DEBIAN_FRONTEND=noninteractive \
apt-get install -y --no-install-recommends \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
-t bookworm-backports \
btrfs-progs \
curl \
debootstrap \
iproute2 \
ncat \
nmap \
ssh \
systemd \
systemd-sysv \
whois
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
# sleep 1
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
config/hooks/live/0820_kernel_hardening_checker.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0840_ufw_abuse_ipdb_reporter.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/1024_git_clone_ciss_2025_debian_installer.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9920_deleting_invalid_x509.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9940_hardening_memory.dump.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

4
config/hooks/live/9950_fail2ban_hardening.chroot
View File

@@ -30,7 +30,7 @@ cat << 'EOF' >| /etc/fail2ban/jail.d/centurion-default.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
@@ -46,7 +46,7 @@ findtime = 24h
bantime = 24h
### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
### Jump host mistyped 13 times: no ban, only after four attempts [sshd]
### Jump host mistyped 1-3 times: no ban, only after four attempts [sshd]
[sshd]
enabled = true

1
config/hooks/live/9991_file_permissions.chroot
View File

@@ -39,6 +39,7 @@ EOF
cp -a /etc/login.defs /root/.ciss/dlb/backup/login.defs.bak
sed -i 's/LOGIN_TIMEOUT 60/LOGIN_TIMEOUT 180/' /etc/login.defs
sed -i 's/UMASK 022/UMASK 077/' /etc/login.defs
sed -i 's/PASS_MAX_DAYS 99999/PASS_MAX_DAYS 16384/' /etc/login.defs
sed -i 's/PASS_MIN_DAYS 0/PASS_MIN_DAYS 1/' /etc/login.defs

2
config/hooks/live/9992_password_expiration.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/9993_aide.chroot
View File

@@ -14,7 +14,7 @@ set -C -e -u -o pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1
apt-get install -y aide
apt-get install -y aide > /dev/null 2>&1
cp -u /etc/aide/aide.conf /root/.ciss/dlb/backup/aide.conf.bak
sed -i "s/Checksums = H/Checksums = sha512/" /etc/aide/aide.conf

8
config/hooks/live/9994_password_policy.chroot
View File

@@ -26,7 +26,7 @@ cat << 'EOF' >| /etc/security/pwquality.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -34,7 +34,7 @@ cat << 'EOF' >| /etc/security/pwquality.conf
# SPDX-Security-Contact: security@coresecret.eu
### Current recommendations for '/etc/security/pwquality.conf' based on common best practices,
### including NIST SP 80063B, https://pages.nist.gov/800-63-3/sp800-63b.html
### including NIST SP 800-63B, https://pages.nist.gov/800-63-3/sp800-63b.html
### and weighing usability against security.
### Configuration for systemwide password quality limits
@@ -46,7 +46,7 @@ difok = 4
### Length over complexity: Studies show that longer passphrases are significantly more
### resistant to brute-force and dictionary attacks. NIST recommends at least eight characters
### but advises longer passphrases (e.g., 1264) for increased security. Twenty characters strike a
### but advises longer passphrases (e.g., 12-64) for increased security. Twenty characters strike a
### good balance between security and user convenience.
### Minimum acceptable size for the new password (plus one if
### credits are not disabled, which is the default). (See pam_cracklib manual.)
@@ -54,7 +54,7 @@ difok = 4
minlen = 20
### dcredit = 0, ucredit = 0, lcredit = 0, ocredit = 0, minclass = 0
### NIST SP 80063B advises against rigid complexity rules (numbers, symbols, uppercase)
### NIST SP 800-63B advises against rigid complexity rules (numbers, symbols, uppercase)
### because they can lead users to adopt predictable patterns (e.g., "Pa$$word!").
### Length and dictionary checks are more effective.

2
config/includes.binary/boot/grub/config.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/includes.chroot/etc/live/config.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/etc/modprobe.d/30-cendev-hardening.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/etc/network/interfaces
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

4
config/includes.chroot/etc/ssh/sshd_config
View File

@@ -2,14 +2,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.644.2025.06.07
### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig

4
config/includes.chroot/etc/sysctl.d/99_local.hardened
View File

@@ -2,14 +2,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.400.2025.06.05
### Version Master V8.03.644.2025.06.07
### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/

2
config/includes.chroot/etc/systemd/system/getty@tty1.service.d/override.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/0_di_preseed_include_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/1_di_preseed_early_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/2_di_partman_early_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/3_di_preseed_late_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/di_scripting_flexibility.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

6
config/includes.chroot/preseed/.ash/di_scripting_password.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -26,13 +26,13 @@ grep -o '[!-~]' /dev/urandom | tr -d '\n' | head -c64 >> "${TMP_PASSPHRASE_FILE}
DEB_INSTALLER_CRYPT_INC_FILE=$(mktemp)
readonly DEB_INSTALLER_CRYPT_INC_FILE
# Read the first line (the passphrase) POSIX-compliant
# Read the first line (the passphrase) - POSIX-compliant
# IFS= prevents leading/trailing spaces from being truncated,
# -r ensures that backslashes are not interpreted.
IFS= read -r passphrase < "${TMP_PASSPHRASE_FILE}"
# A single printf call with exactly one redirect
# ShellCheck-compliant and valid in POSIX-sh
# - ShellCheck-compliant and valid in POSIX-sh
printf 'd-i partman-crypto/passphrase string %s\n' "${passphrase}" >> "$DEB_INSTALLER_CRYPT_INC_FILE"
printf 'd-i partman-crypto/passphrase-again string %s\n' "${passphrase}" >> "$DEB_INSTALLER_CRYPT_INC_FILE"

2
config/includes.chroot/preseed/.ash/di_scripting_ssh.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/.directories.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/apt.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/base.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/finished.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/firmware.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/locale.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/modules.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/network.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/packages.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/partitioning.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/security.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/software.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/ssh.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/time.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/user.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.iso/iso.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

4
config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
View File

@@ -3,14 +3,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
declare -gr VERSION="Master V8.03.400.2025.06.05"
declare -gr VERSION="Master V8.03.644.2025.06.07"
### VERY EARLY CHECK FOR DEBUGGING
if [[ $* == *" --debug "* ]]; then

2
config/includes.chroot/preseed/.lib/sshd_config.lib
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.

4
config/includes.chroot/preseed/preseed.cfg
View File

@@ -4,7 +4,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024â€2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024â€"2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
# Please consider donating to my work at: https://coresecret.eu/spenden/
###########################################################################################
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.400.2025.06.05 at: 10:18:37.9542
# Written by: ./preseed_hash_generator.sh Version: Master V8.03.644.2025.06.07 at: 10:18:37.9542

2
config/includes.chroot/root/.bashrc
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

4
config/includes.chroot/root/.ciss/alias
View File

@@ -3,14 +3,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
###########################################################################################
########################################################################################### Alpha
#######################################
# Outputs a 16-character random printable string
# Arguments:

2
config/includes.chroot/root/.ciss/clean_logout.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/root/.ciss/scan_libwrap
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/includes.chroot/root/.ciss/shortcuts
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/package-lists/live.list.amd64.chroot
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/package-lists/live.list.arm64.chroot
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/package-lists/live.list.common.chroot
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
docs/AUDIT_DNSSEC.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. DNSSEC Status

2
docs/AUDIT_HAVEGED.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Haveged Audit on Netcup RS 2000 G11

2
docs/AUDIT_LYNIS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Lynis Audit:

2
docs/AUDIT_SSH.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. SSH Audit by ssh-audit.com

2
docs/AUDIT_TLS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. TLS Audit:

47
docs/CHANGELOG.md
View File

@@ -8,26 +8,59 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Changelog
## V8.03.644.2025.06.07
* Updated workflows ISO Generators Runners.
* Installing ``bookworm-backports`` Versions of:
* ``btrfs-progs``
* ``curl``
* ``debootstrap``
* ``iproute2``
* ``ncat``
* ``nmap``
* ``ssh``
* ``systemd``
* ``systemd-sysv``
* ``whois``
* Changed default: ``/etc/login.defs`` ``LOGIN_TIMEOUT 60`` to: ``LOGIN_TIMEOUT 180``
* LIVE ISO generated by workflow tested against:
* Netcup Root Server
* Proxmox
* LIVE ISO generated by script tested against:
* Netcup Root Server
## V8.03.512.2025.06.06
* Updated workflows:
1. ``git stash push``
2. ``git fetch origin master``
3. ``git merge --no-edit origin/master``
4. ``git stash pop``
* Changed workflows ISO Generators routines ``🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.``
* added ``wget --https-only`` flag
* added verification step
## V8.03.400.2025.06.05
* The workflow image was changed to ``debian:bookworm``.
* The workflow ISO Generators image was changed to ``debian:bookworm``.
* Added a LIVE ISO workflow routine to build GnuPG from sources, since Bookworm GPG does not recognize key format 5.
* Changed verbosity of:
* [9993_aide.chroot](../config/hooks/live/9993_aide.chroot)
* [9997_debsums.chroot](../config/hooks/live/9997_debsums.chroot)
* Added basic linter checks for:
* '*.sh',
* '*.zsh',
* '*.chroot',
* all files with Shebang (#!) for:
* **``*.sh``**,
* **``*.zsh``**,
* **``*.chroot``**,
* all files with Shebang **``#``**! for:
* Windows CRLF line endings
* unauthorized control characters (C0 control characters except \t, \n)
* non-ASCII (ambiguous UTF) characters
[linter_char_scripts.yaml](../.gitea/workflows/linter_char_scripts.yaml)
* [linter_char_scripts.yaml](../.gitea/workflows/linter_char_scripts.yaml)
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**

2
docs/CNET.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Centurion Net - Developer Branch Overview

2
docs/CODING_CONVENTION.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Coding Style

2
docs/CONTRIBUTING.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Contributing / participating

2
docs/CREDITS.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Credits

2
docs/DL_PUB_ISO.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Download the latest PUBLIC CISS.debian.live.ISO

4
docs/DOCUMENTATION.md
View File

@@ -8,12 +8,12 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Usage
````text
CISS.debian.live.builder
Master V8.03.400.2025.06.05
Master V8.03.644.2025.06.07
(c) Marc S. Weidner, 2018 - 2025
(p) Centurion Press, 2024 - 2025

4
docs/LICENSES/CC-BY-NC-ND-4.0.txt
View File

@@ -1,6 +1,6 @@
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Creative Commons Corporation (Creative Commons) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an as-is basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible.
Creative Commons Corporation ("Creative Commons") is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an "as-is" basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible.
Using Creative Commons Public Licenses
@@ -150,6 +150,6 @@ Section 8 - Interpretation.
d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority.
Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the Licensor. Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at creativecommons.org/policies, Creative Commons does not authorize the use of the trademark Creative Commons or any other trademark or logo of Creative Commons without its prior written consent, including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses.
Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the "Licensor." Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at creativecommons.org/policies, Creative Commons does not authorize the use of the trademark "Creative Commons" or any other trademark or logo of Creative Commons without its prior written consent, including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses.
Creative Commons may be contacted at creativecommons.org.

2
docs/REFERENCES.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.400.2025.06.05<br>
**Build**: V8.03.644.2025.06.07<br>
# 2. Resources

BIN
docs/SECURITY/coresecret.dev.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 179 KiB

After

Width:  |  Height:  |  Size: 179 KiB

6
docs/graphviz/ciss.debian.live.builder.dot
View File

@@ -138,15 +138,15 @@ digraph CISS_debian_live_builder {
// Jump Host → Hidden-Master
Jump_Host -> Hidden_Master [color=green];
// Hidden-Master → Name servers (each green with the label HMAC SHA512)
// Hidden-Master → Name servers (each green with the label "HMAC SHA512")
Hidden_Master -> ns00 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns01 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns02 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns03 [color=green, label="HMAC SHA512"];
// Red arrows DNSSEC from name server cluster (ns_anchor) → B cluster (b_big_anchor)
// Red arrows "DNSSEC" from name server cluster (ns_anchor) → B cluster (b_big_anchor)
ns_anchor -> b_big_anchor [color=red, label="DNSSEC"];
// Red arrow DNSSEC from nameserver cluster (ns_anchor) → cloud cluster (cloud_anchor)
// Red arrow "DNSSEC" from nameserver cluster (ns_anchor) → cloud cluster (cloud_anchor)
ns_anchor -> cloud_anchor [color=red, label="DNSSEC"];
// Red arrows from TLS Internet → B-Cluster and cloud

20
lib/lib_check_provider.sh
View File

@@ -18,37 +18,37 @@
check_provider() {
clear
cat << 'EOF' >| "${VAR_NOTES}"
Build: Master V8.03.400.2025.06.05
Build: Master V8.03.644.2025.06.07
Press 'EXIT' to continue with CISS.debian.live.builder.
When you provision ISO images using the Netcup provider, you MUST always supply a globally unique identifier
for each image via the --control argument. If you omit this flag or reuse an existing identifier, Netcup's
backend will automatically locate and mount the oldest ISO carrying that same name. In practice, this means
you might believe you're booting a freshly uploaded image, but in fact the system silently reattaches an
earlier oneleading to confusing failures and wasted troubleshooting time.
you might believe you're booting a freshly uploaded image, but in fact, the system silently reattaches an
earlier one-leading to confusing failures and wasted troubleshooting time.
A separate but related issue emerges when booting certain Debian "cloud" kernel imagesspecifically those
matching the patterns *.+bpo-cloud-amd64 or *.+bpo-cloud-arm64on a Netcup G11 instance or on a Hetzner VM.
A separate but related issue emerges when booting certain Debian "cloud" kernel images-specifically those
matching the patterns *.+bpo-cloud-amd64 or *.+bpo-cloud-arm64-on a Netcup G11 instance or on a Hetzner VM.
After the initramfs is loaded, the console output often becomes garbled or completely unreadable. This is not
due to a kernel panic, but rather to a mismatch between the framebuffer mode expected by the initramfs and the
one actually provided by the virtual hardware. Common workarounds, like editing the boot entry (e) and appending
'nomodeset', or
'vga=0x318',
- 'nomodeset', or
- 'vga=0x318',
do not resolve the issue because they address legacy VGA modes rather than the EFI framebuffer parameters used
in modern cloud images.
To mitigate this, you can:
Use a plain Debian kernel (e.g., linux-image-amd64) instead of the bpo-cloud variants, which are optimized
- Use a plain Debian kernel (e.g., linux-image-amd64) instead of the bpo-cloud variants, which are optimized
for cloud-init but presume a different console setup.
Explicitly set an EFI-compatible framebuffer by adding something like 'video=efifb:mode=auto' to the kernel
- Explicitly set an EFI-compatible framebuffer by adding something like 'video=efifb:mode=auto' to the kernel
command line. This aligns the initramfs console driver with the actual firmware framebuffer.
Build a custom initramfs that includes the correct video modules or switches back to a serial console. For
- Build a custom initramfs that includes the correct video modules or switches back to a serial console. For
example, adding 'console=ttyS0,115200' can force all early messages to the serial port bypassing the
graphical framebuffer entirely.
EOF

Some files were not shown because too many files have changed in this diff Show More