DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci]

X-CI-Metadata: master@4f7131c at 2025-06-24T22:34:39Z on 56dbb041e6a3

Generated at : 2025-06-24T22:34:39Z
Runner Host  : 56dbb041e6a3
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 4f7131c HEAD -> master

.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml

@@ -25,7 +25,7 @@ body:
     attributes:
       label: "Version"
       description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.03.768.2025.06.19"
+      placeholder: "e.g., Master V8.03.832.2025.06.24"
     validations:
       required: true
 

.gitea/TODO/dockerfile

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 FROM debian:bookworm
 

.gitea/TODO/render-md-to-html.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 name: 🔁 Render README.md to README.html.
 

.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml

@@ -10,6 +10,6 @@
 # SPDX-Security-Contact: security@coresecret.eu
 
 build:
-  counter: 1023
-  version: V8.03.768.2025.06.19
+  counter: 1024
+  version: V8.03.832.2025.06.24
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.03.768.2025.06.19
+  version: V8.03.832.2025.06.24
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_PUBLIC.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.03.768.2025.06.19
+  version: V8.03.832.2025.06.24
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/trigger/t_generate_dns.yaml

@@ -11,5 +11,5 @@
 
 build:
   counter: 1023
-  version: V8.03.768.2025.06.19
+  version: V8.03.832.2025.06.24
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 name: 🔐 Generating a Private Live ISO FLV 0.
 
@@ -386,7 +386,7 @@ jobs:
           CISS.debian.live.builder ISO :
             "${VAR_ISO_FILE_NAME}"
           CISS.debian.live.builder ISO sha512 :
-            "${VAR_ISO_FILE_SHA512}"
+            $(< "${VAR_ISO_FILE_SHA512}")
           CISS.debian.live.builder ISO sha512 sign :
             $(< "${SIGNATURE_FILE}")
 

.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 name: 🔐 Generating a Private Live ISO FLV 1.
 
@@ -383,7 +383,7 @@ jobs:
           CISS.debian.live.builder ISO :
             "${VAR_ISO_FILE_NAME}"
           CISS.debian.live.builder ISO sha512 :
-            "${VAR_ISO_FILE_SHA512}"
+            $(< "${VAR_ISO_FILE_SHA512}")
           CISS.debian.live.builder ISO sha512 sign :
             $(< "${SIGNATURE_FILE}")
 

.gitea/workflows/generate_PUBLIC_iso.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 name: 💙 Generating a PUBLIC Live ISO.
 
@@ -383,7 +383,7 @@ jobs:
           CISS.debian.live.builder ISO :
             "${VAR_ISO_FILE_NAME}"
           CISS.debian.live.builder ISO sha512 :
-            "${VAR_ISO_FILE_SHA512}"
+            $(< "${VAR_ISO_FILE_SHA512}")
           CISS.debian.live.builder ISO sha512 sign :
             $(< "${SIGNATURE_FILE}")
 

.gitea/workflows/linter_char_scripts.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 # Gitea Workflow: Shell-Script Linting
 #

.gitea/workflows/render-dnssec-status.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
 

.gitea/workflows/render-dot-to-png.yaml

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 name: 🔁 Render Graphviz Diagrams.
 

.version.properties

@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.768.2025.06.19"
+properties_version="V8.03.832.2025.06.24"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf

CISS.debian.live.builder.spdx

@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.768.2025.06.19
+PackageVersion: Master V8.03.832.2025.06.24
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder

LINTER_RESULTS.txt

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-This file was automatically generated by the DEPLOY BOT on: "2025-06-19T05:53:18Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-24T21:45:52Z".
 
 ✅ The last linter check was successful. ✅
 

LIVE_ISO.public

@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-This file was automatically generated by the DEPLOY BOT on: "2025-06-18T21:50:56Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-23T09:04:49Z".
 
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_18T21_08_53Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_06_23T08_20_37Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  "ciss-debian-live-2025_06_18T21_08_53Z-amd64.hybrid.iso.sha512"
+  86a8be09e16299892ae99d195b56a04356bcf5d2202016da8f8fa7441077c43fab68ebefcb8c39b3423f085a74b607907fb691ac71fdef92af33782bd2ac0ce5
 CISS.debian.live.builder ISO sha512 sign :
   -----BEGIN PGP SIGNATURE-----
 
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFM0wAAKCRA85KY4hzOw
-IQbyAQCtRTyJPrZgrrlJNBtLkLQzK83InAGExjyCgpwIO0NvIgEA/bzBIriY74gt
-o+P3J3uIWvM2dg+y/ZmZs2zTxWrpbAQ=
-=V25c
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFkYsQAKCRA85KY4hzOw
+IbrbAQDeOIS3QYKIPkMhYlNPIcsJjv/dh3TdYiuQbkvfwVI+/gD/TiB+ska62vJk
+LGfwjuaxMC0KHG1/UTICytOeAnTrXAc=
+=qk8B
 -----END PGP SIGNATURE-----
 
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

LIVE_ISO_FLV_0.private

@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-This file was automatically generated by the DEPLOY BOT on: "2025-06-18T20:08:42Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-24T19:21:36Z".
 
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_18T19_25_04Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_06_24T18_36_59Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  "ciss-debian-live-2025_06_18T19_25_04Z-amd64.hybrid.iso.sha512"
+  3ca5a9635ef74a48f6d8f31696ec56e56ee95eff5317df95976e22d31e331bc503422602e24a9eaddfc30212acf6ebe96af51e94298c4c7c49c839c62abb6c2f
 CISS.debian.live.builder ISO sha512 sign :
   -----BEGIN PGP SIGNATURE-----
 
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFMcygAKCRA85KY4hzOw
-IXmrAQDVXbrxCMSGAwBdMW2/ktkAhK3EabLM1PQp5YFNYs2ZrQEA5ChaDVFGRAv7
-osOt0jAIgBg76hB9etM8QR8HNpNQAAo=
-=gi+h
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFr6wAAKCRA85KY4hzOw
+IbgHAP4p9jlF9jZkYIw/0H8j07QUWNHxeUz2r2UXp8aN2gUEBwEAxqbznJhH8li8
+40g5sWwGLmBjlidIOe0NxeMUBkuMlQg=
+=gq5w
 -----END PGP SIGNATURE-----
 
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

LIVE_ISO_FLV_1.private

@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-This file was automatically generated by the DEPLOY BOT on: "2025-06-18T21:00:01Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-24T22:34:36Z".
 
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_18T20_17_51Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_06_24T21_53_22Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  "ciss-debian-live-2025_06_18T20_17_51Z-amd64.hybrid.iso.sha512"
+  581d951c8ab4d8e7afd2d727f8e64bd6fff51d005b84b9800e941da8dae654985bae500e056f02729d6b274ba330dfdbec59fd5ec2c8b18c3bbf37433b73c154
 CISS.debian.live.builder ISO sha512 sign :
   -----BEGIN PGP SIGNATURE-----
 
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFMo0QAKCRA85KY4hzOw
-IRsmAP4xwgNtkP08BV/x7nrsgqSAzywxsXsAMkyrebfQMtjx6QEA5amGDGiYBEUs
-eMj3+inIpA+76hSSl1zbpp6NKuyapQY=
-=BvRU
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFsn/AAKCRA85KY4hzOw
+IUvMAP9P1U6lblhdZ9tSROvYXRXcv0IEg2rVo3fMx9T5fozLewEAgxxo0+J1Nlvu
+KVZOdiuc6xdxkBHWYaA2kSXZKI+qAwA=
+=2H0C
 -----END PGP SIGNATURE-----
 
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

README.md

@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.19-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.832.2025.06.24-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
  
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/)  
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2)  
@@ -11,8 +11,8 @@ include_toc: true
 [![Static Badge](https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=shellformat&color=%234285F4)](https://github.com/mvdan/sh)  
 [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
  
-[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.23.8-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/)  
-[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly)  
+[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.2-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/)  
+[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.3-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly)  
 [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/)  
 [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de)  
 [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/)  
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
 
 This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
 
-Example: `V8.03.768.2025.06.19`
+Example: `V8.03.832.2025.06.24`
 
 `x.y.z` represents major (x), minor (y), and patch (z) version increments.
 

ciss_live_builder.sh

@@ -40,23 +40,20 @@
 [[ ${#} -eq 0 ]] && {
   . ./lib/lib_usage.sh; usage; exit 1; }
 
-declare -gx VAR_CONTACT="security@coresecret.eu"
-declare -gx VAR_VERSION="Master V8.03.768.2025.06.19"
+### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING(), CHECK_GIT()
+. ./var/early.var.sh
+. ./lib/lib_guard_sourcing.sh
+. ./lib/lib_git_var.sh
 
-### CHECK FOR CONTACT, HELP, AND VERSION STRING
+### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG
 for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh; usage; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -v|--version) printf "\e[95mCISS.debian.live.builder Version: %s\e[0m\n" "${VAR_VERSION}"; exit 0;; esac; done
-declare -gx VAR_SETUP="true"
 
-### CHECK FOR XTRACE DEBUG
-if [[ $* == *" --debug "* ]]; then
-  . ./lib/lib_debug.sh
-  . ./lib/lib_debug_header.sh
-  debugger "${@}"
-else
-  declare -gx VAR_EARLY_DEBUG="false"
-fi
+### ALL CHECKS DONE. READY TO START THE SCRIPT
+check_git
+for arg in "$@"; do case "${arg,,}" in -d|--debug)   . ./meta_sources_debug.sh; debugger "${@}";; esac; done
+declare -gx VAR_SETUP="true"
 
 ### SOURCING VARIABLES
 [[ "${VAR_SETUP}" == true ]] && {
@@ -109,9 +106,7 @@ if ! flock -x -n 127; then
 fi
 
 ### CHECK FOR AUTOBUILD MODE
-declare -gx VAR_HANDLER_AUTOBUILD="false"
-for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -gx VAR_HANDLER_AUTOBUILD="true"; declare -gx VAR_KERNEL="${arg#*=}";; esac; done
-unset arg
+for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -gx VAR_HANDLER_AUTOBUILD="true"; declare -gx VAR_KERNEL="${arg#*=}";; esac; done; unset arg
 for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *) PATH="${PATH}:${dir}" ;; esac; done; export PATH; unset dir
 
 ### CHECKING REQUIRED PACKAGES

config/includes.chroot/etc/ssh/sshd_config

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig

config/includes.chroot/etc/sysctl.d/99_local.hardened

@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-### Version Master V8.03.768.2025.06.19
+### Version Master V8.03.832.2025.06.24
 
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/

config/includes.chroot/preseed/.iso/preseed_hash_generator.sh

@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-declare -gr VERSION="Master V8.03.768.2025.06.19"
+declare -gr VERSION="Master V8.03.832.2025.06.24"
 
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then

config/includes.chroot/preseed/preseed.cfg

@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.19 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.832.2025.06.24 at: 10:18:37.9542

config/includes.chroot/root/.ciss/alias

@@ -149,13 +149,16 @@ genpasswdhash() {
   mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608
 }
 
-###########################################################################################
-# Globals: Wrapper for secure curl
+#######################################
+# Wrapper for secure curl
 # Arguments:
 #  $1: URL from which to download a specific file
 #  $2: /path/to/file to be saved to
-###########################################################################################
-# shellcheck disable=SC2317
+# Returns:
+#   0: Download successful
+#   1: Usage error
+#   2: Download failure
+#######################################
 scurl() {
   if [[ $# -ne 2 ]]; then
     printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>.\e[0m\n" >&2
@@ -176,13 +179,16 @@ scurl() {
   return 0
 }
 
-###########################################################################################
-# Globals: Wrapper for secure wget
+#######################################
+# Wrapper for secure wget
 # Arguments:
 #  $1: URL from which to download a specific file
 #  $2: /path/to/file to be saved to
-###########################################################################################
-# shellcheck disable=SC2317
+# Returns:
+#   0: Download successful
+#   1: Usage error
+#   2: Download failure
+#######################################
 swget() {
   if [[ $# -ne 2 ]]; then
     printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>.\e[0m\n" >&2
@@ -204,24 +210,22 @@ swget() {
   return 0
 }
 
-###########################################################################################
-# Globals: Wrapper for loading CISS.2025 hardened Kernel Parameters
+#######################################
+# Wrapper for loading CISS.2025 hardened Kernel Parameters
 # Arguments:
-#  none
-###########################################################################################
-# shellcheck disable=SC2317
+#  None
+#######################################
 sysp() {
   sysctl -p /etc/sysctl.d/99_local.hardened
   # sleep 1
   sysctl -a | grep -E 'kernel|vm|net' > /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
 }
 
-###########################################################################################
-# Globals: Wrapper for tree
+#######################################
+# Wrapper for tree
 # Arguments:
 #  $1: Depth of Directory Listing
-###########################################################################################
-# shellcheck disable=SC2317
+#######################################
 trel() {
   declare depth=${1:-3}
   tree -C -h --dirsfirst -L "${depth}"

config/package-lists/live.list.common.chroot

@@ -21,6 +21,7 @@ bc
 bind9-dnsutils
 bsdmainutils
 btrfs-progs
+bzip2
 ca-certificates
 clamav
 clamav-daemon
@@ -42,9 +43,11 @@ dirmngr
 dmsetup
 dnsviz
 dosfstools
+e2fsprogs
 efibootmgr
 expect
 fail2ban
+fdisk
 figlet
 fzf
 gawk
@@ -79,6 +82,7 @@ man
 man-db
 manpages
 manpages-dev
+mdadm
 mtr
 nano
 ncat
@@ -110,11 +114,13 @@ ssl-cert
 sudo
 sysstat
 systemd-sysv
+tar
 tree
 tshark
 ufw
 unattended-upgrades
 unzip
+util-linux
 virt-what
 wamerican
 wbritish
@@ -122,6 +128,9 @@ wfrench
 wget
 whois
 wngerman
+xfsprogs
+xz-utils
+yq
 zip
 zsh
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

docs/AUDIT_DNSSEC.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. DNSSEC Status
 

docs/AUDIT_HAVEGED.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Haveged Audit on Netcup RS 2000 G11
 

docs/AUDIT_LYNIS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Lynis Audit:
 

docs/AUDIT_SSH.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. SSH Audit by ssh-audit.com
 

docs/AUDIT_TLS.md

@@ -8,14 +8,14 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. TLS Audit:
 
 ````text
 #####################################################################
-  testssl.sh version 3.2rc4 from https://testssl.sh/dev/
-  (6746fa5 2025-04-18 13:17:50)
+  testssl.sh version 3.2.1 from https://testssl.sh/
+  (81471c3 2025-06-15 09:48:31)
 
   This program is free software. Distribution and modification under
   GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
@@ -26,7 +26,7 @@ include_toc: true
   Using OpenSSL 1.0.2-bad (Mar 28 2025)  [~179 ciphers]
   on kali:./bin/openssl.Linux.x86_64
 
- Start 2025-06-02 18:04:19        -->> 152.53.110.40:443 (coresecret.dev) <<--
+ Start 2025-06-23 17:58:48        -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 
  Further IP addresses:   2a0a:4cc0:80:330f:152:53:110:40
  rDNS (152.53.110.40):   git.coresecret.dev.
@@ -193,17 +193,21 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
                               SHA256 76B6FFCE607D8514F676C286C7C76B90F5B7AE7D041631F2EF2F0079AF8D24AC
  Common Name (CN)             coresecret.dev
  subjectAltName (SAN)         coresecret.dev git.coresecret.dev lab.coresecret.dev run.coresecret.dev www.coresecret.dev
- Trust (hostname)             Ok via SAN and CN (same w/o SNI)
+ Trust (hostname)             Ok via SAN (same w/o SNI)
  Chain of trust               Ok
  EV cert (experimental)       no
- Certificate Validity (UTC)   174 >= 60 days (2025-05-28 09:56 --> 2025-11-23 22:59)
+ Certificate Validity (UTC)   153 >= 60 days (2025-05-28 09:56 --> 2025-11-23 22:59)
  ETS/"eTLS", visibility info  not present
  In pwnedkeys.com DB          not in database
  Certificate Revocation List  http://crl.buypass.no/crl/BPClass2CA5.crl, not revoked
  OCSP URI                     http://ocsp.buypass.com, not revoked
  OCSP stapling                offered, not revoked
  OCSP must staple extension   --
- DNS CAA RR (experimental)    not offered
+ DNS CAA RR (experimental)    available - please check for match with "Issuer" below
+                              communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
+                              issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
+                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
+                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
  Certificate Transparency     yes (certificate extension)
  Certificates provided        2
  Issuer                       Buypass Class 2 CA 5 (Buypass AS-983163327 from NO)
@@ -213,23 +217,27 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 
  Testing HTTP header response @ "/"
 
- HTTP Status Code             301 Moved Permanently, redirecting to "https://git.coresecret.dev"
+ HTTP Status Code             200 OK
  HTTP clock skew              0 sec from localtime
  Strict Transport Security    730 days=63072000 s, includeSubDomains, preload
  Public Key Pinning           --
  Server banner                nginx
  Application banner           --
- Cookie(s)                    (none issued at "/") -- maybe better try target URL of 30x
+ Cookie(s)                    2 issued: 2/2 secure, 2/2 HttpOnly
  Security headers             X-Frame-Options: SAMEORIGIN
                               X-Content-Type-Options: nosniff
+                              Content-Security-Policy: default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self';
+                                frame-src 'self'; frame-ancestors 'self'; img-src 'self' data: https://badges.coresecret.dev
+                                https://uml.coresecret.dev; manifest-src 'self'; media-src 'self' data: https://badges.coresecret.dev
+                                https://uml.coresecret.dev; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'none';
                               Expect-CT: max-age=86400, enforce
                               Permissions-Policy: interest-cohort=()
-                              Cross-Origin-Opener-Policy: same-origin
-                              Cross-Origin-Resource-Policy: same-origin
-                              Cross-Origin-Embedder-Policy: require-corp
+                              Cross-Origin-Opener-Policy: cross-origin
+                              Cross-Origin-Resource-Policy: cross-origin
+                              Cross-Origin-Embedder-Policy: unsafe-none
                               X-XSS-Protection: 1; mode=block
                               Permissions-Policy: interest-cohort=()
-                              Referrer-Policy: same-origin
+                              Referrer-Policy: no-referrer
                               Cache-Control: no-cache
  Reverse Proxy banner         --
 
@@ -268,6 +276,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
  Android 10.0 (native)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
  Android 11/12 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
  Android 13/14 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
+ Android 15 (native)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
  Chrome 101 (Win 10)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
  Chromium 137 (Win 11)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
  Firefox 100 (Win 10)         TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
@@ -308,7 +317,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
  Final Score                  100
  Overall Grade                A+
 
- Done 2025-06-02 18:05:51 [  95s] -->> 152.53.110.40:443 (coresecret.dev) <<--
+ Done 2025-06-23 18:00:16 [  99s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 ````
 
 ---

docs/CHANGELOG.md

@@ -8,10 +8,27 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Changelog
 
+## V8.03.832.2025.06.24
+
+* Updated:
+  * [lib_check_provider.sh](../lib/lib_check_provider.sh)
+  * [lib_debug_header.sh](../lib/lib_debug_header.sh)
+  * [lib_trap_on_err.sh](../lib/lib_trap_on_err.sh)
+* The Debian package ``bat`` will be installed to enable smooth log reading.
+
+## V8.03.768.2025.06.23
+
+* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Removal of Lock FD and Artifacts.
+* Rearranged VARs sourcing: [early.var.sh](../var/early.var.sh)
+* Rearranged DEBUG XTRACE sourcing: [meta_sources_debug.sh](../meta_sources_debug.sh)
+* Added Git Repo specific VARs: [lib_debug_var_git.sh](../lib/lib_git_var.sh)
+* Added ``guard_sourcing()``: [lib_guard_sourcing.sh](../lib/lib_guard_sourcing.sh)
+  * to prevent the caller LIB-file from being sourced twice.
+
 ## V8.03.768.2025.06.19
 
 * Minor main script improvements.

docs/CNET.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Centurion Net - Developer Branch Overview
 

docs/CODING_CONVENTION.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Coding Style
 

docs/CONTRIBUTING.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Contributing / participating
 

docs/CREDITS.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Credits
 

docs/DL_PUB_ISO.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Download the latest PUBLIC CISS.debian.live.ISO
 

docs/DOCUMENTATION.md

@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2.1. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.768.2025.06.19
+Master V8.03.832.2025.06.24
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 
 (c) Marc S. Weidner, 2018 - 2025
@@ -133,7 +133,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 # 2.2. Contact
 ````text
 CISS.debian.live.builder
-Master V8.03.768.2025.06.19
+Master V8.03.832.2025.06.24
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 
 (c) Marc S. Weidner, 2018 - 2025

docs/REFERENCES.md

@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.19<br>
+**Build**: V8.03.832.2025.06.24<br>
 
 # 2. Resources
 

lib/lib_arg_parser.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Argument Parser
 # Globals:

lib/lib_arg_priority_check.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Check and setup Script Priorities
 # Globals:

lib/lib_boot_screen.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Set up a gauge Dialog Wrapper.
 # Globals:

lib/lib_cdi.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # CISS.2025.debian.installer GRUB and Autostart Generator
 # Globals:

lib/lib_change_splash.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Change Grub Boot Screen Splash
 # Globals:

lib/lib_check_dhcp.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Check if hardened Centurion DNS servers are desired.
 # Globals:

lib/lib_check_hooks.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Check and apply 0755 Permissions on every ./config/hooks/live/*.chroot file
 # Globals:

lib/lib_check_kernel.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Kernel Image Selector
 # Globals:

lib/lib_check_pkgs.sh

@@ -10,13 +10,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Check for required Deb Packages to run the script.
 # Arguments:
 #  None
 #######################################
 check_pkgs() {
-  apt-get update -y
+  apt-get update -y > /dev/null 2>&1
+
+  if [[ -z "$(command -v batcat || true)" ]]; then
+    apt-get install -y --no-install-recommends bat
+  fi
 
   if [[ -z "$(command -v lsb_release || true)" ]]; then
     apt-get install -y --no-install-recommends lsb-release
@@ -43,8 +49,7 @@ check_pkgs() {
   fi
 
   if [[ -z "$(command -v mkpasswd || true)" ]]; then
-    apt-get update -y
-    apt-get install --no-install-recommends whois -y
+    apt-get install -y --no-install-recommends whois
   fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_check_provider.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Notes Textbox
 # Arguments:
@@ -17,8 +19,9 @@
 #######################################
 check_provider() {
   clear
-  cat << 'EOF' >| "${VAR_NOTES}"
-Build: Master V8.03.768.2025.06.19
+  cat << EOF >| "${VAR_NOTES}"
+Build  : ${VAR_VERSION}
+Commit : ${VAR_GIT_REL}
 
 Press 'EXIT' to continue with CISS.debian.live.builder.
 

lib/lib_check_stats.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Check if analysis run is desired only.
 # Globals:

lib/lib_check_var.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Unbound Variable Check and call Trap on ERR
 # Globals:

lib/lib_clean_screen.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Terminal cleaner before Trap on Error
 # Arguments:

lib/lib_clean_up.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Clean Up Wrapper on Trap on 'ERR' and 'EXIT'.
 # Globals:
@@ -26,6 +28,11 @@ clean_up() {
   rm -f -- "${VAR_KERNEL_INF}"
   rm -f -- "${VAR_KERNEL_SRT}"
   rm -f -- "${VAR_KERNEL_TMP}"
+  # Release advisory lock on FD 127.
+  flock -u 127
+  # Close file descriptor 127.
+  exec 127>&-
+  # Remove the lockfile artifact.
   rm -f /run/lock/ciss_live_builder.lock
   if (( clean_exit_code == 0 )); then rm -f -- "${LOG_ERROR}"; fi
   if [[ -f "${VAR_WORKDIR}/hosts.allow" ]]; then

lib/lib_contact.sh

@@ -21,7 +21,7 @@ contact() {
   clear
   cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.19\e[0m")
+$(echo -e "\e[92mMaster V8.03.832.2025.06.24\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
 
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")

lib/lib_copy_integrity.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Copy Initial ISO aide Database into Host System
 # Globals:

lib/lib_debug.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Debugger Wrapper for xtrace to Debug Log
 # Globals:
@@ -34,13 +36,15 @@ debugger() {
       declare -p "${var}" 2>/dev/null
     done < <(compgen -v | grep -Ev '^(BASH|_).*')
   } | sort >| "${VAR_DUMP_VARS_INITIAL}"
-  declare -gx VAR_EARLY_DEBUG=true
+  declare -gx VAR_EARLY_DEBUG="true"
   ### Set a verbose PS4 prompt including timestamp, source, line, exit status, and function name
-  declare -grx PS4='\e[97m+\e[0m\e[96m$(date +%T.%4N)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
+  declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
   # shellcheck disable=SC2155
   declare -grx LOG_DEBUG="/tmp/ciss_live_builder_$$_debug.log"
-  ### Generates empty LOG_DEBUG
+  declare -grx LOG_VAR="/tmp/ciss_live_builder_$$_var.log"
+  ### Generates empty LOG_DEBUG and LOG_VAR
   touch "${LOG_DEBUG}" && chmod 0600 "${LOG_DEBUG}"
+  touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
   ### Open file descriptor 42 for writing to the debug log
   exec 42>| "${LOG_DEBUG}"
   ### Write Debug Log Header https://www.gnu.org/software/bash/manual/html_node/Bash-Variables

lib/lib_debug_header.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Generates Debug Log Header
 # Globals:
@@ -31,26 +33,29 @@ debug_header() {
   declare -r arg_counter="$1"
   declare -r arg_string="$2"
   {
-    printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date +%T.%4N)"
-    printf "\e[97m+\e[0m\e[92m%s: Version                   : %s \e[0m\n" "$(date +%T.%4N)" "${VAR_VERSION}"
-    printf "\e[97m+\e[0m\e[92m%s: Epoch                     : %s \e[0m\n" "$(date +%T.%4N)" "${EPOCHREALTIME}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release          : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[0]}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash MIN Version          : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[1]}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash Patch Level          : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[2]}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash Build Version        : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[3]}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash Release              : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[4]}"
-    printf "\e[97m+\e[0m\e[92m%s: UID                       : %s \e[0m\n" "$(date +%T.%4N)" "${UID}"
-    printf "\e[97m+\e[0m\e[92m%s: EUID                      : %s \e[0m\n" "$(date +%T.%4N)" "${EUID}"
-    printf "\e[97m+\e[0m\e[92m%s: Hostname                  : %s \e[0m\n" "$(date +%T.%4N)" "${HOSTNAME}"
-    printf "\e[97m+\e[0m\e[92m%s: Script name               : %s \e[0m\n" "$(date +%T.%4N)" "$0"
-    printf "\e[97m+\e[0m\e[92m%s: Argument Counter          : %s \e[0m\n" "$(date +%T.%4N)" "${arg_counter}"
-    printf "\e[97m+\e[0m\e[92m%s: Argument String Original  : %s \e[0m\n" "$(date +%T.%4N)" "${arg_string}"
-    printf "\e[97m+\e[0m\e[92m%s: Script PID                : %s \e[0m\n" "$(date +%T.%4N)" "$$"
-    printf "\e[97m+\e[0m\e[92m%s: Script Parent PID         : %s \e[0m\n" "$(date +%T.%4N)" "${PPID}"
-    printf "\e[97m+\e[0m\e[92m%s: Script work DIR           : %s \e[0m\n" "$(date +%T.%4N)" "${PWD}"
-    printf "\e[97m+\e[0m\e[92m%s: Shell Options             : %s \e[0m\n" "$(date +%T.%4N)" "$-"
-    printf "\e[97m+\e[0m\e[92m%s: BASHOPTS                  : %s \e[0m\n" "$(date +%T.%4N)" "${BASHOPTS}"
-    printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date +%T.%4N)"
+    printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
+    printf "\e[97m+\e[0m\e[92m%s: Git Commit                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_REL}"
+    printf "\e[97m+\e[0m\e[92m%s: Version                   : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_VERSION}"
+    printf "\e[97m+\e[0m\e[92m%s: Epoch                     : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EPOCHREALTIME}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[0]}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash MIN Version          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[1]}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash Patch Level          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[2]}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash Build Version        : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[3]}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash Release              : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[4]}"
+    printf "\e[97m+\e[0m\e[92m%s: UID                       : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${UID}"
+    printf "\e[97m+\e[0m\e[92m%s: EUID                      : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EUID}"
+    printf "\e[97m+\e[0m\e[92m%s: Hostname                  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${HOSTNAME}"
+    printf "\e[97m+\e[0m\e[92m%s: Hostsystem                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_SYSTEM}"
+    printf "\e[97m+\e[0m\e[92m%s: Script name               : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$0"
+    printf "\e[97m+\e[0m\e[92m%s: Argument Counter          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_counter}"
+    printf "\e[97m+\e[0m\e[92m%s: Argument String Original  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_string}"
+    printf "\e[97m+\e[0m\e[92m%s: Script PID                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$$"
+    printf "\e[97m+\e[0m\e[92m%s: Script Parent PID         : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${PPID}"
+    printf "\e[97m+\e[0m\e[92m%s: Script work DIR           : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${PWD}"
+    printf "\e[97m+\e[0m\e[92m%s: Shell Options             : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$-"
+    printf "\e[97m+\e[0m\e[92m%s: BASHOPTS                  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASHOPTS}"
+    printf "\e[97m+\e[0m\e[92m%s: SHELLOPTS                 : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${SHELLOPTS}"
+    printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
   } >&42
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_git_var.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Define Git Repo related Variables.
+# Globals:
+#   VAR_GIT_HEAD
+#   VAR_GIT_REL
+#   VAR_GIT_REL_DATE
+#   VAR_GIT_REL_DATE_TIME
+#   VAR_GIT_REL_SHORT
+# Arguments:
+#   None
+#######################################
+check_git() {
+  # shellcheck disable=SC2155
+  if git rev-parse --is-inside-work-tree &>/dev/null; then
+    declare -grx VAR_GIT_REL="$(git log --format='%h %ci' -1 2>/dev/null | awk '{ print $1" "$2" "$3 }')"
+    declare -grx VAR_GIT_REL_SHORT="${VAR_GIT_REL%% *}"
+    declare -grx VAR_GIT_REL_DATE_TIME="${VAR_GIT_REL#* }"
+    declare -grx VAR_GIT_REL_DATE="${VAR_GIT_REL_DATE_TIME% *}"
+    declare -grx VAR_GIT_HEAD_FULL="$(git rev-parse HEAD)"
+  fi
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_guard_sourcing.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+#######################################
+# Prevent the caller LIB-file from being sourced twice.
+# Derive a safe guard-variable name from the caller script filename.
+# Globals:
+#   BASH_SOURCE
+# Arguments:
+#   $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically.)
+# Returns:
+#   0: Returns '0' in both cases as they are intended to be successful.
+#######################################
+guard_sourcing() {
+  ### Determine the caller script (the library being sourced).
+  declare var_src="${1:-${BASH_SOURCE[1]}}"
+  ### Strip path, keep only filename
+  declare var_file_name="${var_src##*/}"
+  ### Sanitize to valid var name.
+  declare var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}"
+  ### Build guard-variable name.
+  declare var_guard_var="_${var_safe_name}_LOADED"
+
+  ### If already loaded, abort sourcing
+  if [[ -n "${!var_guard_var:-}" ]]; then
+    return 0
+  fi
+
+  ### Mark as loaded (readonly + exported)
+  declare -grx "${var_guard_var}"=1
+  return 0
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

lib/lib_hardening_root_pw.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Updates the Live ISO to use root password authentication for local console access.
 # Globals:

lib/lib_hardening_ssh.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # SSH Hardening Ultra via TCP Wrapper
 # Globals:

lib/lib_hardening_ultra.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Wrapper for accompanying all CISS.debian.hardening features into the Live ISO image.
 # Globals:

lib/lib_helper_ip.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # IP Notation cleaner for pure IP output only
 # Globals:

lib/lib_lb_build_start.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Wrapper to write a new 'lb config' environment.
 # Globals:

lib/lib_lb_config_start.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Wrapper for 'lb config' - set up a build environment or deleting old build artifacts.
 # Globals:

lib/lib_lb_config_write.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Wrapper to write a new 'lb config' environment.
 # Globals:

lib/lib_provider_netcup.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Notes Textbox
 # Arguments:

lib/lib_run_analysis.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Wrapper for statistic functions of the final build.
 # Globals:

lib/lib_sanitizer.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Argument Check Wrapper
 # Arguments:

lib/lib_trap_on_err.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Print Error Message for Trap on 'ERR' in ${ERROR_LOG}
 # Globals:
@@ -34,8 +36,9 @@
 print_file_err() {
   {
     printf "❌ CISS.debian.live.builder Script failed. \n"
+    printf "❌ Git Commit             : %s \n" "${VAR_GIT_REL}"
     printf "❌ Version                : %s \n" "${VAR_VERSION}"
-    printf "❌ Environment         : %s \n" "${VAR_SYSTEM}"
+    printf "❌ Hostsystem             : %s \n" "${VAR_SYSTEM}"
     printf "❌ Error                  : %s \n" "${ERRCODE}"
     printf "❌ Line                   : %s \n" "${ERRLINE}"
     printf "❌ Script                 : %s \n" "${ERRSCRT}"
@@ -48,7 +51,7 @@ print_file_err() {
     if "${VAR_EARLY_DEBUG}"; then
       printf "❌ Vars Dump saved at     : %s \n" "${LOG_VAR}"
       printf "❌ Debug Log saved at     : %s \n" "${LOG_DEBUG}"
-      printf "❌                   cat %s \n" "${LOG_DEBUG}"
+      printf "❌ batcat --pager='less -r' %s \n" "${LOG_DEBUG}"
     fi
     printf "\n"
   } >> "${LOG_ERROR}"
@@ -77,8 +80,9 @@ print_file_err() {
 #######################################
 print_scr_err() {
   printf "\e[91m❌ CISS.debian.live.builder Script failed. \e[0m\n" >&2
+  printf "\e[91m❌ Git Commit             : %s \e[0m\n" "${VAR_GIT_REL}" >&2
   printf "\e[91m❌ Version                : %s \e[0m\n" "${VAR_VERSION}" >&2
-  printf "\e[91m❌ Environment         : %s \e[0m\n" "${VAR_SYSTEM}" >&2
+  printf "\e[91m❌ Hostsystem             : %s \e[0m\n" "${VAR_SYSTEM}" >&2
   printf "\e[91m❌ Error                  : %s \e[0m\n" "${ERRCODE}" >&2
   printf "\e[91m❌ Line                   : %s \e[0m\n" "${ERRLINE}" >&2
   printf "\e[91m❌ Script                 : %s \e[0m\n" "${ERRSCRT}" >&2
@@ -89,11 +93,11 @@ print_scr_err() {
   printf "\e[91m❌ Arguments Original     : %s \e[0m\n" "${ARG_STR_ORG_INPUT}" >&2
   printf "\e[91m❌ Arguments Sanitized    : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2
   printf "\e[91m❌ Error Log saved at     : %s \e[0m\n" "${LOG_ERROR}" >&2
-  printf "\e[91m❌                   cat %s \e[0m\n" "${LOG_ERROR}" >&2
+  printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_ERROR}" >&2
   if "${VAR_EARLY_DEBUG}"; then
     printf "\e[91m❌ Vars Dump saved at     : %s \e[0m\n" "${LOG_VAR}" >&2
     printf "\e[91m❌ Debug Log saved at     : %s \e[0m\n" "${LOG_DEBUG}" >&2
-    printf "\e[91m❌                   cat %s \e[0m\n" "${LOG_DEBUG}" >&2
+    printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}" >&2
   fi
   printf "\n"
 }
@@ -115,12 +119,12 @@ print_scr_err() {
 #   $5: ${BASH_COMMAND}
 #######################################
 trap_on_err() {
+  trap - ERR
   declare -g ERRCODE="$1"
   declare -g ERRSCRT="$2"
   declare -g ERRLINE="$3"
   declare -g ERRFUNC="$4"
   declare -g ERRCMMD="$5"
-  trap - ERR
   if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
   clean_up "${ERRCODE}"
   if ! $VAR_HANDLER_AUTOBUILD; then clean_screen; fi

lib/lib_trap_on_exit.sh

@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
+guard_sourcing
+
 #######################################
 # Trap function to be called on 'EXIT'.
 # Globals:
@@ -18,20 +20,20 @@
 #   $1: $?
 #######################################
 trap_on_exit() {
-  declare -r trap_on_exit_code="$1"
   trap - EXIT
-  if (( trap_on_exit_code == 0 )); then
+  declare -r var_trap_on_exit_code="$1"
+  if (( var_trap_on_exit_code == 0 )); then
     if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
-    clean_up "${trap_on_exit_code}"
-    print_scr_exit "${trap_on_exit_code}"
-    exit 0
+    clean_up "${var_trap_on_exit_code}"
+    print_scr_exit "${var_trap_on_exit_code}"
+    exit "${var_trap_on_exit_code}"
   else
-    exit "${trap_on_exit_code}"
+    exit "${var_trap_on_exit_code}"
   fi
 }
 
 #######################################
-# Print Success Message for Trap on 'EXIT' on 'stdout'
+# Print Success Message for Trap on 'EXIT' on 'stdout'.
 # Globals:
 #   LOG_DEBUG
 #   LOG_VAR
@@ -40,22 +42,22 @@ trap_on_exit() {
 #   VAR_HANDLER_BUILD_DIR
 #   VAR_SCRIPT_SUCCESS
 # Arguments:
-#   $1: ${trap_on_exit_code} of trap_on_exit()
+#   $1: ${var_trap_on_exit_code} of trap_on_exit()
 #######################################
 print_scr_exit() {
-  declare -r print_scr_exit_code="$1"
-  if (( print_scr_exit_code == 0 )); then
+  declare -r var_print_scr_exit_code="$1"
+  if (( var_print_scr_exit_code == 0 )); then
     if [[ "${VAR_SCRIPT_SUCCESS}" == "true" ]]; then
       printf "\n"
       printf "\e[92m✅ CISS.debian.live.builder Script successful. \e[0m\n"
-      printf "\e[92m✅ Aide Initial DB at: %s \e[0m\n" "${VAR_HANDLER_BUILD_DIR}/.integrity/"
-      printf "\e[92m✅ Exited with Status: %s \e[0m\n" "${print_scr_exit_code}"
+      printf "\e[92m✅ Aide Initial DB at     : %s \e[0m\n" "${VAR_HANDLER_BUILD_DIR}/.integrity/"
+      printf "\e[92m✅ Exited with Status     : %s \e[0m\n" "${var_print_scr_exit_code}"
       printf "\n"
       if [[ "${VAR_EARLY_DEBUG}" == "true" ]]; then
         printf "\e[92m✅ Script Runtime         : %s \e[0m\n" "${SECONDS}"
-        printf "\e[92m✅ Vars Dump saved at: %s \e[0m\n" "${LOG_VAR}"
-        printf "\e[92m✅ Debug Log saved at: %s \e[0m\n" "${LOG_DEBUG}"
-        printf "\e[92m✅                 cat %s \e[0m\n" "${LOG_DEBUG}"
+        printf "\e[92m✅ Vars Dump saved at     : %s \e[0m\n" "${LOG_VAR}"
+        printf "\e[92m✅ Debug Log saved at     : %s \e[0m\n" "${LOG_DEBUG}"
+        printf "\e[92m✅ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}"
         printf "\n"
       fi
       printf "\e[95m💷 Please consider donating to my work at: \e[0m\n"

lib/lib_usage.sh

@@ -21,7 +21,7 @@ usage() {
   clear
   cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.19\e[0m")
+$(echo -e "\e[92mMaster V8.03.832.2025.06.24\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
 
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")

meta_sources_debug.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Sourcing Debug Libs
+. ./lib/lib_debug.sh
+. ./lib/lib_debug_header.sh
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

scripts/9000-cdi-starter

@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 # sleep 1
 
 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.768.2025.06.19 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.832.2025.06.24 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
 
 if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
   chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh

var/early.var.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+
+### Definition of MUST set early Variables
+
+# shellcheck disable=SC2155
+declare -agx ARY_PARAM_ARRAY=("$@")
+declare -grx VAR_PARAM_COUNT="$#"
+declare -grx VAR_PARAM_STRNG="$*"
+declare -grx VAR_CONTACT="security@coresecret.eu"
+declare -grx VAR_VERSION="Master V8.03.832.2025.06.24"
+declare -grx VAR_SYSTEM="$(uname -a)"
+declare -gx  VAR_EARLY_DEBUG="false"
+declare -gx  VAR_HANDLER_AUTOBUILD="false"
+umask 0022
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

var/global.var.sh

@@ -10,24 +10,13 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 
-# shellcheck disable=SC2155
-declare -gr VAR_SYSTEM="$(uname -a)"
 # shellcheck disable=SC2155
 declare -gr VAR_ISO8601="$(date +%Y_%m_%d_%H_%M_%S)"
-# shellcheck disable=SC2155
 declare -gr VAR_KERNEL_INF="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_KERNEL_TMP="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_KERNEL_SRT="$(mktemp)"
-# shellcheck disable=SC2155
 declare -gr VAR_NOTES="$(mktemp)"
 
-if "${VAR_EARLY_DEBUG}"; then
-  declare -gr LOG_VAR="/tmp/ciss_live_builder_$$_var.log"
-  touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
-fi
-
 declare -gr LOG_ERROR="/tmp/ciss_live_builder_$$_error.log"
 touch "${LOG_ERROR}" && chmod 0600 "${LOG_ERROR}"