msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Compare commits

base: msw:25b69d043491a04acf89065b9779a5b1341fbcca7a37a9d5ea19996a8408bc78
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable
..
compare: msw:v8.13.008-stable
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable

52 Commits
25b69d0434 ... v8.13.008-

Author SHA256 Message Date
Marc S. Weidner BOT
f35e3bff4f DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] 
X-CI-Metadata: master@22d6c9a at 2025-08-22T17:41:17Z on 9441b3c6beee

Generated at : 2025-08-22T17:41:17Z
Runner Host  : 9441b3c6beee
Workflow ID  : 🔐 Generating a Private Live ISO TRIXIE.
Git Commit   : 22d6c9a HEAD -> master
 2025-08-22 17:41:17 +00:00
Marc S. Weidner BOT
22d6c9a061 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e3206cc at 2025-08-22T17:26:01Z on c05f954e2ce1

Generated at : 2025-08-22T17:26:01Z
Runner Host  : c05f954e2ce1
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : e3206cc HEAD -> master
 2025-08-22 17:26:01 +00:00
Marc S. Weidner
e3206cc4be V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m48s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 19:23:56 +02:00
Marc S. Weidner BOT
3e5ade4758 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@3d79ff9 at 2025-08-22T17:10:47Z on 53943bbe9153

Generated at : 2025-08-22T17:10:47Z
Runner Host  : 53943bbe9153
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 3d79ff9 HEAD -> master
 2025-08-22 17:10:47 +00:00
Marc S. Weidner
3d79ff973f V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 19:08:33 +02:00
Marc S. Weidner BOT
08653b1398 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@440a393 at 2025-08-22T17:08:10Z on 2b5e5161b3af

Generated at : 2025-08-22T17:08:10Z
Runner Host  : 2b5e5161b3af
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 440a393 HEAD -> master
 2025-08-22 17:08:10 +00:00
Marc S. Weidner
440a393c67 V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m19s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 19:05:44 +02:00
Marc S. Weidner BOT
c1715f896f DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@499bfe9 at 2025-08-22T17:03:44Z on 632fa5ca8d8d

Generated at : 2025-08-22T17:03:44Z
Runner Host  : 632fa5ca8d8d
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 499bfe9 HEAD -> master
 2025-08-22 17:03:44 +00:00
Marc S. Weidner
499bfe9c86 V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m19s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 19:01:19 +02:00
Marc S. Weidner
6b397e27b1 Merge remote-tracking branch 'origin/master' 2025-08-22 18:56:05 +02:00
Marc S. Weidner BOT
0da89626e6 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 0 [skip ci] 
X-CI-Metadata: master@e0b1300 at 2025-08-22T16:55:12Z on 08addb5f6ad8

Generated at : 2025-08-22T16:55:12Z
Runner Host  : 08addb5f6ad8
Workflow ID  : 🔐 Generating a Private Live ISO TRIXIE.
Git Commit   : e0b1300 HEAD -> master
 2025-08-22 16:55:12 +00:00
Marc S. Weidner
9c59edb3cb V8.13.008.2025.08.22 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 18:53:26 +02:00
Marc S. Weidner BOT
e0b1300538 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@d5a3b6e at 2025-08-22T16:12:03Z on 5bc8fde94561

Generated at : 2025-08-22T16:12:03Z
Runner Host  : 5bc8fde94561
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : d5a3b6e HEAD -> master
 2025-08-22 16:12:03 +00:00
Marc S. Weidner
d5a3b6eca5 V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m14s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 46m3s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 18:09:24 +02:00
Marc S. Weidner BOT
fbc6f9e9a9 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@bbc7fcf at 2025-08-22T15:41:10Z on 09a23db32a2c

Generated at : 2025-08-22T15:41:10Z
Runner Host  : 09a23db32a2c
Workflow ID  : 🔐 Generating a Private Live ISO TRIXIE.
Git Commit   : bbc7fcf HEAD -> master
 2025-08-22 15:41:10 +00:00
Marc S. Weidner BOT
bbc7fcfe56 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@7d97dfd at 2025-08-22T14:58:00Z on 2738ac5d67a6

Generated at : 2025-08-22T14:58:00Z
Runner Host  : 2738ac5d67a6
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 7d97dfd HEAD -> master
 2025-08-22 14:58:00 +00:00
Marc S. Weidner
7d97dfd1b4 V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 16:55:47 +02:00
Marc S. Weidner BOT
76b3c4d49e DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@8da33a5 at 2025-08-22T14:54:10Z on fb724d8f285b

Generated at : 2025-08-22T14:54:10Z
Runner Host  : fb724d8f285b
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 8da33a5 HEAD -> master
 2025-08-22 14:54:10 +00:00
Marc S. Weidner
8da33a5e38 V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m50s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 49m56s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 16:51:00 +02:00
Marc S. Weidner BOT
1330ed9cc9 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@25361c6 at 2025-08-22T14:06:08Z on 3da89529bb35

Generated at : 2025-08-22T14:06:08Z
Runner Host  : 3da89529bb35
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 25361c6 HEAD -> master
 2025-08-22 14:06:08 +00:00
Marc S. Weidner
25361c66bf V8.13.008.2025.08.22
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m53s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 45m55s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 16:02:53 +02:00
Marc S. Weidner BOT
e52231a865 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@5decedf at 2025-08-22T12:55:01Z on 67eedbf21ba7

Generated at : 2025-08-22T12:55:01Z
Runner Host  : 67eedbf21ba7
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 5decedf HEAD -> master
 2025-08-22 12:55:02 +00:00
Marc S. Weidner
5decedf83c V8.13.008.2025.08.22
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 36m53s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 14:53:33 +02:00
Marc S. Weidner BOT
003790123e DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@2d3d833 at 2025-08-22T12:14:59Z on 0c6a3b182d92

Generated at : 2025-08-22T12:14:59Z
Runner Host  : 0c6a3b182d92
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 2d3d833 HEAD -> master
 2025-08-22 12:14:59 +00:00
Marc S. Weidner
2d3d8339de V8.13.008.2025.08.22
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 38m23s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 14:13:38 +02:00
Marc S. Weidner BOT
c774974171 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@1020450 at 2025-08-22T12:00:20Z on 4771b8da0ea6

Generated at : 2025-08-22T12:00:20Z
Runner Host  : 4771b8da0ea6
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 1020450 HEAD -> master
 2025-08-22 12:00:20 +00:00
Marc S. Weidner
10204504ae Merge remote-tracking branch 'origin/master'
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details
2025-08-22 13:59:07 +02:00
Marc S. Weidner
00bd9ea193 V8.13.008.2025.08.22 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 13:58:34 +02:00
Marc S. Weidner BOT
dc6f9b0d7b DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@82b9f73 at 2025-08-22T09:41:33Z on 5be26221e043

Generated at : 2025-08-22T09:41:33Z
Runner Host  : 5be26221e043
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 82b9f73 HEAD -> master
 2025-08-22 09:41:33 +00:00
Marc S. Weidner
82b9f7395c V8.13.008.2025.08.22
Some checks failed
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 31s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m5s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 11:40:13 +02:00
Marc S. Weidner BOT
5c16a5a097 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@0ba66ee at 2025-08-22T09:21:40Z on 10441a2ed0bc

Generated at : 2025-08-22T09:21:40Z
Runner Host  : 10441a2ed0bc
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 0ba66ee HEAD -> master
 2025-08-22 09:21:40 +00:00
Marc S. Weidner
0ba66ee264 V8.13.008.2025.08.22
Some checks failed
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 33s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m3s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 11:20:29 +02:00
Marc S. Weidner
f079c2fa48 Merge remote-tracking branch 'origin/master' 2025-08-22 11:17:52 +02:00
Marc S. Weidner
5aaeb98261 V8.13.008.2025.08.22 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 11:17:44 +02:00
Marc S. Weidner BOT
250f4ba671 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@b466852 at 2025-08-22T08:53:05Z on 81733042c287

Generated at : 2025-08-22T08:53:05Z
Runner Host  : 81733042c287
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : b466852 HEAD -> master
 2025-08-22 08:53:05 +00:00
Marc S. Weidner
b466852bca V8.13.008.2025.08.22
Some checks failed
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 4s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 10:51:51 +02:00
Marc S. Weidner BOT
2dae84270a DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@1872d76 at 2025-08-22T08:37:03Z on ffcb49ebb086

Generated at : 2025-08-22T08:37:03Z
Runner Host  : ffcb49ebb086
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 1872d76 HEAD -> master
 2025-08-22 08:37:03 +00:00
Marc S. Weidner
1872d761af V8.13.008.2025.08.22
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 10:35:15 +02:00
Marc S. Weidner BOT
d5f652b059 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@ecdc4ec at 2025-08-22T07:16:12Z on 4a8262fe12f1

Generated at : 2025-08-22T07:16:12Z
Runner Host  : 4a8262fe12f1
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : ecdc4ec HEAD -> master
 2025-08-22 07:16:12 +00:00
Marc S. Weidner
ecdc4ec317 V8.13.008.2025.08.22
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m12s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 37m55s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 09:14:53 +02:00
Marc S. Weidner
ccaf53e6cd V8.13.008.2025.08.22 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 09:14:33 +02:00
Marc S. Weidner BOT
a84acdd685 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@09c4125 at 2025-08-22T07:12:13Z on c23bb276095b

Generated at : 2025-08-22T07:12:13Z
Runner Host  : c23bb276095b
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 09c4125 HEAD -> master
 2025-08-22 07:12:13 +00:00
Marc S. Weidner
09c4125ed2 V8.13.008.2025.08.22
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m9s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 1m17s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 09:10:44 +02:00
Marc S. Weidner BOT
4762db1926 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@862e8e7 at 2025-08-22T06:54:02Z on cc26b52b7cbc

Generated at : 2025-08-22T06:54:02Z
Runner Host  : cc26b52b7cbc
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 862e8e7 HEAD -> master
 2025-08-22 06:54:03 +00:00
Marc S. Weidner
862e8e75bd V8.13.008.2025.08.22
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m9s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 1m23s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 08:52:44 +02:00
Marc S. Weidner BOT
661cbbdb32 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@dd2c6e0 at 2025-08-22T06:41:42Z on 080c5f0b20a9

Generated at : 2025-08-22T06:41:42Z
Runner Host  : 080c5f0b20a9
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : dd2c6e0 HEAD -> master
 2025-08-22 06:41:42 +00:00
Marc S. Weidner
dd2c6e0546 V8.13.008.2025.08.22
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m6s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 33s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 08:40:29 +02:00
Marc S. Weidner BOT
ab75649720 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c23a370 at 2025-08-22T06:39:17Z on b47b5fcde381

Generated at : 2025-08-22T06:39:17Z
Runner Host  : b47b5fcde381
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : c23a370 HEAD -> master
 2025-08-22 06:39:17 +00:00
Marc S. Weidner
c23a3708e8 V8.13.008.2025.08.22
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m5s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 08:38:06 +02:00
Marc S. Weidner BOT
ac8d84eab0 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@5686130 at 2025-08-22T06:37:19Z on b10e861b1709

Generated at : 2025-08-22T06:37:19Z
Runner Host  : b10e861b1709
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 5686130 HEAD -> master
 2025-08-22 06:37:19 +00:00
Marc S. Weidner
5686130913 Merge remote-tracking branch 'origin/master'
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m4s
Details
2025-08-22 08:36:12 +02:00
Marc S. Weidner
5b1ed48c23 V8.13.008.2025.08.22 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-08-22 08:36:01 +02:00
15 changed files with 181 additions and 366 deletions
Expand all files Collapse all files

2
.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml → .gitea/trigger/t_generate_PRIVATE_trixie_0.yaml
View File

@@ -1,5 +1,5 @@
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

2
.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml → .gitea/trigger/t_generate_PRIVATE_trixie_1.yaml
View File

@@ -1,5 +1,5 @@
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

186
.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml → .gitea/workflows/generate_PRIVATE_trixie_0.yaml
View File

@@ -1,5 +1,5 @@
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -11,7 +11,11 @@
### Version Master V8.13.008.2025.08.22 ### Version Master V8.13.008.2025.08.22
name: 🔐 Generating a Private Live ISO FLV 0. name: 🔐 Generating a Private Live ISO TRIXIE.
defaults:
run:
shell: bash
permissions: permissions:
contents: write contents: write
@@ -21,164 +25,34 @@ on:
branches: branches:
- master - master
paths: paths:
- '.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml' - '.gitea/trigger/t_generate_PRIVATE_trixie_0.yaml'
jobs: jobs:
generate-private-ciss-debian-live-iso: generate-private-cdlb-trixie:
name: 🔐 Generating a Private Live ISO FLV 0. name: 🔐 Generating a Private Live ISO TRIXIE.
runs-on: ciss.debian.live.builder.iso.generator runs-on: cdlb.trixie
### Run all steps inside Debian Bookworm
container: container:
image: debian:bookworm image: debian:trixie
steps: steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports. - name: 🛠️ Basic Image Setup.
run: |
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash shell: bash
run: | run: |
apt-get update -y export DEBIAN_FRONTEND=noninteractive
apt-get install -y \ apt-get update
autoconf \ apt-get upgrade -y
automake \ apt-get install -y --no-install-recommends \
build-essential \ apt-utils \
cryptsetup \ bash \
ca-certificates \
curl \ curl \
debootstrap \
dosfstools \
efibootmgr \
gettext \
git \ git \
gnupg \ gnupg \
haveged \ openssh-client \
libbz2-dev \ openssl \
zlib1g-dev \
liblzma-dev \
libtool \
live-build \
parted \
pkg-config \
ssh \
ssl-cert \
sudo \ sudo \
texinfo \ util-linux
wget \
whois \
- name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
shell: bash
run: |
urls=(
"https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
echo "✅ Extraction successful: '${archive_name}'."
else
echo "❌ Extraction not successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
mkdir -p build
cd build || { echo "❌ Could not change to '/build'."; exit 1; }
sudo ../configure > /dev/null 2>&1 || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
"/usr/bin/gpg"
"/usr/bin/gpg-agent"
"/usr/bin/gpgconf"
"/usr/bin/gpg-connect-agent"
"/usr/bin/gpg-wks-client"
"/usr/bin/gpg-preset-passphrase"
)
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
if mv "${bin}" "${bin}.debian-backup"; then
echo "✅ Moved successfully: '${bin}'."
else
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "/usr/local/bin/${name}" ]]; then
if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
echo "✅ 'update-alternatives' successfully: '${bin}'."
else
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
sudo ldconfig
gpgconf --kill all
/usr/local/bin/gpg-agent --daemon
- name: ⚙️ Check GnuPG Version. - name: ⚙️ Check GnuPG Version.
shell: bash shell: bash
@@ -268,9 +142,9 @@ jobs:
set -euo pipefail set -euo pipefail
chmod 0755 ciss_live_builder.sh chmod 0755 ciss_live_builder.sh
timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ") timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64. ### Change "--autobuild=" to the specific kernel version you need: '6.12.41+deb13-amd64'.
./ciss_live_builder.sh \ ./ciss_live_builder.sh \
--autobuild=6.1.0-37-amd64 \ --autobuild=6.12.41+deb13-amd64 \
--architecture amd64 \ --architecture amd64 \
--build-directory /opt/livebuild \ --build-directory /opt/livebuild \
--control "${timestamp}" \ --control "${timestamp}" \
@@ -280,7 +154,8 @@ jobs:
--provider-netcup-ipv6 ${{ secrets.CISS_DLB_NETCUP_IPV6 }} \ --provider-netcup-ipv6 ${{ secrets.CISS_DLB_NETCUP_IPV6 }} \
--root-password-file /opt/config/password.txt \ --root-password-file /opt/config/password.txt \
--ssh-port ${{ secrets.CISS_DLB_SSH_PORT }} \ --ssh-port ${{ secrets.CISS_DLB_SSH_PORT }} \
--ssh-pubkey /opt/config --ssh-pubkey /opt/config \
--trixie
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs. - name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
shell: bash shell: bash
@@ -367,11 +242,12 @@ jobs:
gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}" gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LIVE_ISO_FLV_0.private" VAR_DATE="$(date +%F)"
PRIVATE_FILE="LIVE_ISO_TRIXIE_0.private"
touch "${PRIVATE_FILE}" touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}" cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -435,7 +311,7 @@ jobs:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
run: | run: |
set -euo pipefail set -euo pipefail
PRIVATE_FILE="LIVE_ISO_FLV_0.private" PRIVATE_FILE="LIVE_ISO_TRIXIE_0.private"
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add." git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata. - name: 🔑 Commit and sign changes with CI metadata.
@@ -459,7 +335,7 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}" WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}" CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 0 [skip ci]
${CI_HEADER} ${CI_HEADER}

186
.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml → .gitea/workflows/generate_PRIVATE_trixie_1.yaml
View File

@@ -1,5 +1,5 @@
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -11,7 +11,11 @@
### Version Master V8.13.008.2025.08.22 ### Version Master V8.13.008.2025.08.22
name: 🔐 Generating a Private Live ISO FLV 1. name: 🔐 Generating a Private Live ISO TRIXIE.
defaults:
run:
shell: bash
permissions: permissions:
contents: write contents: write
@@ -21,164 +25,34 @@ on:
branches: branches:
- master - master
paths: paths:
- '.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml' - '.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml'
jobs: jobs:
generate-private-ciss-debian-live-iso: generate-private-cdlb-trixie:
name: 🔐 Generating a Private Live ISO FLV 1. name: 🔐 Generating a Private Live ISO TRIXIE.
runs-on: ciss.debian.live.builder.iso.generator runs-on: cdlb.trixie
### Run all steps inside Debian Bookworm
container: container:
image: debian:bookworm image: debian:trixie
steps: steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports. - name: 🛠️ Basic Image Setup.
run: |
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash shell: bash
run: | run: |
apt-get update -y export DEBIAN_FRONTEND=noninteractive
apt-get install -y \ apt-get update
autoconf \ apt-get upgrade -y
automake \ apt-get install -y --no-install-recommends \
build-essential \ apt-utils \
cryptsetup \ bash \
ca-certificates \
curl \ curl \
debootstrap \
dosfstools \
efibootmgr \
gettext \
git \ git \
gnupg \ gnupg \
haveged \ openssh-client \
libbz2-dev \ openssl \
zlib1g-dev \
liblzma-dev \
libtool \
live-build \
parted \
pkg-config \
ssh \
ssl-cert \
sudo \ sudo \
texinfo \ util-linux
wget \
whois \
- name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
shell: bash
run: |
urls=(
"https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
echo "✅ Extraction successful: '${archive_name}'."
else
echo "❌ Extraction not successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
mkdir -p build
cd build || { echo "❌ Could not change to '/build'."; exit 1; }
sudo ../configure > /dev/null 2>&1 || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
"/usr/bin/gpg"
"/usr/bin/gpg-agent"
"/usr/bin/gpgconf"
"/usr/bin/gpg-connect-agent"
"/usr/bin/gpg-wks-client"
"/usr/bin/gpg-preset-passphrase"
)
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
if mv "${bin}" "${bin}.debian-backup"; then
echo "✅ Moved successfully: '${bin}'."
else
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "/usr/local/bin/${name}" ]]; then
if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
echo "✅ 'update-alternatives' successfully: '${bin}'."
else
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
sudo ldconfig
gpgconf --kill all
/usr/local/bin/gpg-agent --daemon
- name: ⚙️ Check GnuPG Version. - name: ⚙️ Check GnuPG Version.
shell: bash shell: bash
@@ -268,16 +142,17 @@ jobs:
set -euo pipefail set -euo pipefail
chmod 0755 ciss_live_builder.sh chmod 0755 ciss_live_builder.sh
timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ") timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64. ### Change "--autobuild=" to the specific kernel version you need: '6.12.41+deb13-amd64'.
./ciss_live_builder.sh \ ./ciss_live_builder.sh \
--autobuild=6.1.0-37-amd64 \ --autobuild=6.12.41+deb13-amd64 \
--architecture amd64 \ --architecture amd64 \
--build-directory /opt/livebuild \ --build-directory /opt/livebuild \
--control "${timestamp}" \ --control "${timestamp}" \
--jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \ --jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \
--root-password-file /opt/config/password.txt \ --root-password-file /opt/config/password.txt \
--ssh-port ${{ secrets.CISS_DLB_SSH_PORT_1 }} \ --ssh-port ${{ secrets.CISS_DLB_SSH_PORT_1 }} \
--ssh-pubkey /opt/config --ssh-pubkey /opt/config \
--trixie
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs. - name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
shell: bash shell: bash
@@ -364,11 +239,12 @@ jobs:
gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}" gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LIVE_ISO_FLV_1.private" VAR_DATE="$(date +%F)"
PRIVATE_FILE="LIVE_ISO_TRIXIE_1.private"
touch "${PRIVATE_FILE}" touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}" cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -432,7 +308,7 @@ jobs:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
run: | run: |
set -euo pipefail set -euo pipefail
PRIVATE_FILE="LIVE_ISO_FLV_1.private" PRIVATE_FILE="LIVE_ISO_TRIXIE_1.private"
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add." git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata. - name: 🔑 Commit and sign changes with CI metadata.
@@ -456,7 +332,7 @@ jobs:
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}" WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}" CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci]
${CI_HEADER} ${CI_HEADER}

6
.gitea/workflows/linter_char_scripts.yaml
View File

@@ -202,11 +202,12 @@ jobs:
echo -e "⚠️ Linting issues detected:\n" echo -e "⚠️ Linting issues detected:\n"
echo -e "${findings}" echo -e "${findings}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
VAR_DATE="$(date +%F)"
PRIVATE_FILE="LINTER_RESULTS.txt" PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}" touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}" cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -225,11 +226,12 @@ jobs:
else else
echo "✅ No issues found in shell scripts." echo "✅ No issues found in shell scripts."
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
VAR_DATE="$(date +%F)"
PRIVATE_FILE="LINTER_RESULTS.txt" PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}" touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}" cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>

4
LINTER_RESULTS.txt
View File

@@ -1,5 +1,5 @@
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -9,7 +9,7 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-08-22T06:08:16Z" This file was automatically generated by the DEPLOY BOT on: "2025-08-22T17:25:58Z"
✅ The last linter check was successful. ✅ ✅ The last linter check was successful. ✅

16
LIVE_ISO_FLV_0.private → LIVE_ISO_TRIXIE_0.private
View File

@@ -1,5 +1,5 @@
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -9,19 +9,19 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-08-11T20:44:02Z". This file was automatically generated by the DEPLOY BOT on: "2025-08-22T16:55:09Z"
CISS.debian.live.builder ISO : CISS.debian.live.builder ISO :
"ciss-debian-live-2025_08_11T19_54_44Z-amd64.hybrid.iso" "ciss-debian-live-2025_08_22T16_11_02Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 : CISS.debian.live.builder ISO sha512 :
6de2f5be12f73906f704488a38366a242d4c4755dd4bf325e6211b6a7a5f3be1b39315d95963d4565c5230c149024be796a136bd62e3243ee62a7805d6c20c14 35c288d96239804e244cbe99c8ce3895aec39104a7200c2ef7326d38e1ec4eea3bf60b895eaa4d981cb718ae4d27d2d4166f16252b88606a870d14c3db096a37
CISS.debian.live.builder ISO sha512 sign : CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaJpWEgAKCRA85KY4hzOw iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaKig7QAKCRA85KY4hzOw
IQ/xAP9rp/m86hkxhb6i7Beh7g7bxiuQYY5Q1LZX+GHmpqQ/EQEAoUzgn1Tm7+hy IWKWAP0Wlqbi3ArURSGW5m+E+OstdsU7qHjf+e1SVRJ3BGUzaAEAr3ceyHiiA2/7
iaMUnRwNiJ0x77hZxcM6FnSkk2hTuAY= RlXsvZxNgVDaEVSdjmt99dMrZK7DRws=
=9Ot8 =4Oh3
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

16
LIVE_ISO_FLV_1.private → LIVE_ISO_TRIXIE_1.private
View File

@@ -1,5 +1,5 @@
# SPDX-Version: 3.0 # SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -9,19 +9,19 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-08-11T21:40:41Z". This file was automatically generated by the DEPLOY BOT on: "2025-08-22T17:41:13Z"
CISS.debian.live.builder ISO : CISS.debian.live.builder ISO :
"ciss-debian-live-2025_08_11T20_53_16Z-amd64.hybrid.iso" "ciss-debian-live-2025_08_22T16_56_12Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 : CISS.debian.live.builder ISO sha512 :
b8bcba496881e7f4e881b6816975410f6f07bd70f069f73db4ce84d61bb9758a37087753d28b212ed26b163d84176d5df97fdb1d3356a0667e15cf81d388feb6 4925332b61dbd91f0c444624bbe7de586dbd911fbb27b080a99e44ae312c5139afc502d0415d0bef7dfbd1e5461c07e0a0700f7206e746a91cbcb5403ef003e3
CISS.debian.live.builder ISO sha512 sign : CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaJpjWQAKCRA85KY4hzOw iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaKiruQAKCRA85KY4hzOw
IVM1AQD2lkvQOmkcR4LlCk0f6FUcqIMRRlBIwjhDiaWTKjZgeAD/cc4skxFCGmLU IdoTAQDqyOBkGA0xDoLsDvjFSaf3tmzz8mD/5qvsDtF6y/rEWwD/dAXzMOdQjxg8
EhHNg/3ZoE6PGxe4Y5UFuQnJhDZe/w8= IcK+GK6u4k5/HT5bYlCvTy/WxRb5ggQ=
=rwBS =boDM
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

70
README.md
View File

@@ -11,7 +11,7 @@ include_toc: true
[![Static Badge](https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=shellformat&color=%234285F4)](https://github.com/mvdan/sh) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=shellformat&color=%234285F4)](https://github.com/mvdan/sh) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html) [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
&nbsp; &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.2-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.5-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp;
@@ -70,7 +70,16 @@ separate directory tree, employs `DynamicUser` features, and adheres to strict s
rating of **``2.6``**). Docker containers used by runners do not run in privileged mode. Security is further enhanced through the use rating of **``2.6``**). Docker containers used by runners do not run in privileged mode. Security is further enhanced through the use
of both UFW software firewalls and dedicated hardware firewall appliances. of both UFW software firewalls and dedicated hardware firewall appliances.
## 1.2. Immutable Source-of-Truth System ## 1.2. Match Host and Target Versions
Build, for example, a Debian Trixie live image only on a Debian Trixie host. The build toolchain and boot artifacts are
release-specific: ``live-build``, ``live-boot``, ``live-config``, ``debootstrap``, ``kernel/initramfs`` tools, ``mksquashfs``,
``GRUB/ISOLINUX``, and even ``dpkg/apt`` often change defaults and formats between releases (e.g., compression modes, SquashFS
options, hook ordering, systemd/udev behavior). Building on a different host release commonly yields non-reproducible or even
unbootable ISOs (missing modules/firmware, ABI mismatches, divergent paths). Keeping host and target on the same version ensures
reproducible builds, matching dependencies, and compatible boot artifacts.
## 1.3. Immutable Source-of-Truth System
This live ISO establishes a secure, fully deterministic, integrity self-verifying boot environment based entirely on static This live ISO establishes a secure, fully deterministic, integrity self-verifying boot environment based entirely on static
source-code definitions. All configurations, system components, and installation routines are embedded during build time and source-code definitions. All configurations, system components, and installation routines are embedded during build time and
@@ -103,11 +112,11 @@ After build and configuration, the following audit reports can be generated:
* **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations. * **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations.
Type `ssh-audit <IP>:<PORT>`. See example report: **[SSH Audit Report](/docs/AUDIT_SSH.md)** Type `ssh-audit <IP>:<PORT>`. See example report: **[SSH Audit Report](/docs/AUDIT_SSH.md)**
## 1.3. Preview ## 1.4. Preview
![CISS.debian.live.builder](/docs/screenshots/CISS.debian.live.builder_preview.jpeg) ![CISS.debian.live.builder](/docs/screenshots/CISS.debian.live.builder_preview.jpeg)
## 1.4. Caution. Significant information for those considering using D-I. ## 1.5. Caution. Significant information for those considering using D-I.
**The Debian Installer (d-i) will ALWAYS boot a new system.**<br> **The Debian Installer (d-i) will ALWAYS boot a new system.**<br>
@@ -138,7 +147,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
* Logging (rsyslog, journald) ✘ not active, * Logging (rsyslog, journald) ✘ not active,
* preseed control over the network is possible (but without any protection). * preseed control over the network is possible (but without any protection).
## 1.5. Versioning Schema ## 1.6. Versioning Schema
This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date. This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
@@ -149,7 +158,7 @@ Example: `V8.13.008.2025.08.22`
Date (YYYY.MM.DD) denotes the build or release date, facilitating clear tracking of incremental changes and ensuring Date (YYYY.MM.DD) denotes the build or release date, facilitating clear tracking of incremental changes and ensuring
reproducibility and traceability. reproducibility and traceability.
## 1.6. Keywords ## 1.7. Keywords
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this Repo are to be interpreted as described in [[BCP 14](https://www.rfc-editor.org/info/bcp14)], "MAY", and "OPTIONAL" in this Repo are to be interpreted as described in [[BCP 14](https://www.rfc-editor.org/info/bcp14)],
@@ -414,26 +423,27 @@ predictable script behavior.
# 4. Prerequisites # 4. Prerequisites
* **Host**: Debian Bookworm or newer with `live-build` package installed. * **Host**: Debian Trixie with `live-build` and ``debootstrap`` packages installed.
* **Privileges**: Root or sudo access to execute `ciss_live_builder.sh` and related scripts. * **Privileges**: Root or sudo access to execute `ciss_live_builder.sh` and related scripts.
* **Network**: Outbound access to Debian repositories and PTB NTPsec pool. * **Network**: Outbound access to Debian repositories and PTB NTPsec pool.
# 5. Installation & Usage # 5. Installation & Usage
# 5.1. Interactive CLI / Dialog Wrapper ## 5.1. Interactive CLI / Dialog Wrapper
1. Clone the repository: 1. Clone the repository:
```bash ```bash
git clone https://git.coresecret.dev/msw/CISS.debian.live.builder.git git clone https://git.coresecret.dev/msw/CISS.debian.live.builder.git
cd CISS.debian.live.builder cd CISS.debian.live.builder
``` ```
2. Preparation: 2. Preparation:
1. Ensure you are root. 1. Ensure you are root.
2. Create the build directory `mkdir /opt/livebuild`. 2. Create the build directory `mkdir /opt/livebuild`.
3. Place your desired SSH public key in the `authorized_keys` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory. 3. Place your desired SSH public key in the `authorized_keys` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory.
4. Place your desired Password in the `password.txt` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory. 4. Place your desired Password in the `password.txt` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory.
5. Make any other changes you need to. 5. Make any other changes you need to.
3. Run the config builder script `./ciss_live_builder.sh` and the integrated `lb build` command (example): 3. Run the config builder script `./ciss_live_builder.sh` and the integrated `lb build` command (example):
````bash ````bash
@@ -454,6 +464,7 @@ predictable script behavior.
--ssh-pubkey /opt/gitea/CISS.debian.live.builder \ --ssh-pubkey /opt/gitea/CISS.debian.live.builder \
--trixie --trixie
```` ````
4. Locate your ISO in the `--build-directory`. 4. Locate your ISO in the `--build-directory`.
5. Boot from the ISO and login to the live image via the console, or the multi-layer secured **coresecret** SSH tunnel. 5. Boot from the ISO and login to the live image via the console, or the multi-layer secured **coresecret** SSH tunnel.
6. Type `sysp` for the final kernel hardening features. 6. Type `sysp` for the final kernel hardening features.
@@ -461,7 +472,46 @@ predictable script behavior.
8. Finally, audit your environment with `lsadt` for a comprehensive Lynis audit. 8. Finally, audit your environment with `lsadt` for a comprehensive Lynis audit.
9. Type `celp` for some shortcuts. 9. Type `celp` for some shortcuts.
# 5.2. CI/CD Gitea Runner Workflow Example ## 5.2. Make Wrapper, Quick Usage
This repo ships a thin make wrapper around ``./ciss_live_builder.sh``, so you can compose a correctly quoted command and either
preview it or run it.
1. Clone the repository:
```bash
git clone https://git.coresecret.dev/msw/CISS.debian.live.builder.git
cd CISS.debian.live.builder
```
2. Preparation:
1. Ensure you are root.
2. Create the build directory `mkdir /opt/livebuild`.
3. Place your desired SSH public key in the `authorized_keys` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory.
4. Place your desired Password in the `password.txt` file, for example, in the `/opt/gitea/CISS.debian.live.builder` directory.
5. Copy and edit the sample and set your options (no spaces around commas in lists):
````bash
cp config.mk.sample config.mk
````
````bash
BUILD_DIR=/opt/livebuild
ROOT_PASSWORD_FILE=/opt/gitea/CISS.debian.live.builder/password.txt
SSH_PORT=4242
SSH_PUBKEY=/root/.ssh
# Optional
PROVIDER_NETCUP_IPV6=2001:cdb::1
# comma-separated; IPv6 in [] is fine
JUMP_HOSTS=[2001:db8::1],[2001:db8::2]
````
3. Dry-run first (prints the exact command): ````make dry-run````
4. Execute the build: ````make live````
## 5.3. CI/CD Gitea Runner Workflow Example
1. Clone the repository: 1. Clone the repository:

2
docs/DOCUMENTATION.md
View File

@@ -121,7 +121,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
specified PATH into the Live ISO. MUST be provided. specified PATH into the Live ISO. MUST be provided.
--trixie --trixie
Create a Debian Trixie Live ISO. Experimental Feature. Create a Debian Trixie Live ISO.
--version, -v --version, -v
Displays version of ./ciss_live_builder.sh. Displays version of ./ciss_live_builder.sh.

16
lib/lib_arg_priority_check.sh
View File

@@ -23,22 +23,30 @@ guard_sourcing
####################################### #######################################
arg_priority_check() { arg_priority_check() {
declare var declare var
# Check if nice PRIORITY is set and adjust nice priority. ### Check if nice PRIORITY is set and adjust nice priority.
if [[ -n ${VAR_HANDLER_PRIORITY} ]]; then if [[ "${VAR_HANDLER_PRIORITY:-}" -ne 0 ]]; then
if command -v renice >/dev/null; then
renice "${VAR_HANDLER_PRIORITY}" -p "$$" renice "${VAR_HANDLER_PRIORITY}" -p "$$"
var=$(ps -o ni= -p $$) > /dev/null 2>&1 var=$(ps -o ni= -p $$) > /dev/null 2>&1
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ New renice value: %s\e[0m\n" "${var}" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ New renice value: %s\e[0m\n" "${var}"
# sleep 1 # sleep 1
unset var unset var
else
printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ renice not installed (util-linux) \e[0m\n"
fi
fi fi
# Check if ionice PRIORITY is set and adjust ionice priority. ### Check if ionice PRIORITY is set and adjust ionice priority.
if [[ -n ${VAR_REIONICE_CLASS} ]]; then if [[ "${VAR_REIONICE_CLASS:-}" -ne 2 ]]; then
if command -v ionice >/dev/null; then
ionice -c"${VAR_REIONICE_CLASS:-2}" -n"${VAR_REIONICE_PRIORITY:-4}" -p "$$" ionice -c"${VAR_REIONICE_CLASS:-2}" -n"${VAR_REIONICE_PRIORITY:-4}" -p "$$"
var=$(ionice -p $$) > /dev/null 2>&1 var=$(ionice -p $$) > /dev/null 2>&1
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ New ionice value: %s\e[0m\n" "${var}" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ New ionice value: %s\e[0m\n" "${var}"
# sleep 1 # sleep 1
unset var unset var
else
printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ ionice not installed (util-linux) \e[0m\n"
fi
fi fi
} }
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

16
lib/lib_trap_on_err.sh
View File

@@ -16,7 +16,7 @@ guard_sourcing
# Print Error Message for Trap on 'ERR' in ${ERROR_LOG} # Print Error Message for Trap on 'ERR' in ${ERROR_LOG}
# Globals: # Globals:
# VAR_PARAM_COUNT # VAR_PARAM_COUNT
# VAR_PARAM_STRING # VAR_PARAM_STRNG
# VAR_ARG_SANITIZED # VAR_ARG_SANITIZED
# LOG_DEBUG # LOG_DEBUG
# ERRCMMD # ERRCMMD
@@ -46,7 +46,7 @@ print_file_err() {
printf "❌ Command : %s \n" "${ERRCMMD}" printf "❌ Command : %s \n" "${ERRCMMD}"
printf "❌ Script Runtime : %s \n" "${SECONDS}" printf "❌ Script Runtime : %s \n" "${SECONDS}"
printf "❌ Arguments Counter : %s \n" "${VAR_PARAM_COUNT}" printf "❌ Arguments Counter : %s \n" "${VAR_PARAM_COUNT}"
printf "❌ Arguments Original : %s \n" "${VAR_PARAM_STRING}" printf "❌ Arguments Original : %s \n" "${VAR_PARAM_STRNG}"
printf "❌ Arguments Sanitized : %s \n" "${VAR_ARG_SANITIZED}" printf "❌ Arguments Sanitized : %s \n" "${VAR_ARG_SANITIZED}"
if "${VAR_EARLY_DEBUG}"; then if "${VAR_EARLY_DEBUG}"; then
printf "❌ Vars Dump saved at : %s \n" "${LOG_VAR}" printf "❌ Vars Dump saved at : %s \n" "${LOG_VAR}"
@@ -61,7 +61,7 @@ print_file_err() {
# Print Error Message for Trap on 'ERR' on Terminal # Print Error Message for Trap on 'ERR' on Terminal
# Globals: # Globals:
# VAR_PARAM_COUNT # VAR_PARAM_COUNT
# VAR_PARAM_STRING # VAR_PARAM_STRNG
# VAR_ARG_SANITIZED # VAR_ARG_SANITIZED
# LOG_DEBUG # LOG_DEBUG
# ERRCMMD # ERRCMMD
@@ -90,7 +90,7 @@ print_scr_err() {
printf "\e[91m❌ Command : %s \e[0m\n" "${ERRCMMD}" >&2 printf "\e[91m❌ Command : %s \e[0m\n" "${ERRCMMD}" >&2
printf "\e[91m❌ Script Runtime : %s \e[0m\n" "${SECONDS}" >&2 printf "\e[91m❌ Script Runtime : %s \e[0m\n" "${SECONDS}" >&2
printf "\e[91m❌ Arguments Counter : %s \e[0m\n" "${VAR_PARAM_COUNT}" >&2 printf "\e[91m❌ Arguments Counter : %s \e[0m\n" "${VAR_PARAM_COUNT}" >&2
printf "\e[91m❌ Arguments Original : %s \e[0m\n" "${VAR_PARAM_STRING}" >&2 printf "\e[91m❌ Arguments Original : %s \e[0m\n" "${VAR_PARAM_STRNG}" >&2
printf "\e[91m❌ Arguments Sanitized : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2 printf "\e[91m❌ Arguments Sanitized : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2
printf "\e[91m❌ Error Log saved at : %s \e[0m\n" "${LOG_ERROR}" >&2 printf "\e[91m❌ Error Log saved at : %s \e[0m\n" "${LOG_ERROR}" >&2
printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_ERROR}" >&2 printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_ERROR}" >&2
@@ -119,15 +119,18 @@ print_scr_err() {
# $5: ${BASH_COMMAND} # $5: ${BASH_COMMAND}
####################################### #######################################
trap_on_err() { trap_on_err() {
trap - ERR trap - DEBUG ERR INT TERM
declare -g ERRCODE="$1" declare -g ERRCODE="$1"
declare -g ERRSCRT="$2" declare -g ERRSCRT="$2"
declare -g ERRLINE="$3" declare -g ERRLINE="$3"
declare -g ERRFUNC="$4" declare -g ERRFUNC="$4"
declare -g ERRCMMD="$5" declare -g ERRCMMD="$5"
# shellcheck disable=SC2034
declare -g ERRTRAP="true"
if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
clean_up "${ERRCODE}" clean_up "${ERRCODE}"
if ! $VAR_HANDLER_AUTOBUILD; then clean_screen; fi if ! "${VAR_HANDLER_AUTOBUILD}"; then clean_screen; fi
print_file_err print_file_err
print_scr_err print_scr_err
} }
@@ -148,6 +151,7 @@ dump_user_vars() {
set +x set +x
{ {
declare var declare var
# shellcheck disable=SC2312
while IFS= read -r var; do while IFS= read -r var; do
declare -p "${var}" 2>/dev/null declare -p "${var}" 2>/dev/null
done < <(compgen -v | grep -Ev '^(BASH|_).*') done < <(compgen -v | grep -Ev '^(BASH|_).*')

2
lib/lib_trap_on_exit.sh
View File

@@ -20,7 +20,7 @@ guard_sourcing
# $1: $? # $1: $?
####################################### #######################################
trap_on_exit() { trap_on_exit() {
trap - EXIT trap - DEBUG ERR EXIT INT TERM
declare -r var_trap_on_exit_code="$1" declare -r var_trap_on_exit_code="$1"
if (( var_trap_on_exit_code == 0 )); then if (( var_trap_on_exit_code == 0 )); then
if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi

2
lib/lib_usage.sh
View File

@@ -149,7 +149,7 @@ usage() {
echo " specified PATH into the Live ISO. MUST be provided." echo " specified PATH into the Live ISO. MUST be provided."
echo echo
echo -e "\e[97m --trixie \e[0m" echo -e "\e[97m --trixie \e[0m"
echo " Create a Debian Trixie Live ISO. Experimental Feature" echo " Create a Debian Trixie Live ISO."
echo echo
echo -e "\e[97m --version, -v \e[0m" echo -e "\e[97m --version, -v \e[0m"
echo " Show version of ${0}." echo " Show version of ${0}."

1
var/global.var.sh
View File

@@ -36,7 +36,6 @@ declare -g VAR_SSHPORT=""
declare -g VAR_SSHPUBKEY="" declare -g VAR_SSHPUBKEY=""
declare -g VAR_SCRIPT_SUCCESS="false" declare -g VAR_SCRIPT_SUCCESS="false"
declare -g VAR_SUITE="bookworm" declare -g VAR_SUITE="bookworm"
declare -g VAR_HANDLER_PRIORITY=""
declare -g VAR_HANDLER_NETCUP_IPV6="false" declare -g VAR_HANDLER_NETCUP_IPV6="false"
declare -g VAR_HASHED_PWD="" declare -g VAR_HASHED_PWD=""
declare -gi VAR_HANDLER_STA=0 declare -gi VAR_HANDLER_STA=0