DEPLOY BOT : 🛡️ Shell Script Linting [skip ci]

X-CI-Metadata: master@4445a0a at 2025-07-15T17:55:22Z on deea7eb4a68b Generated at : 2025-07-15T17:55:22Z Runner Host : deea7eb4a68b Workflow ID : 🛡️ Shell Script Linting Git Commit : 4445a0a HEAD -> master
V8.03.864.2025.07.15
2025-07-15 17:55:22 +00:00 · 2025-07-15 19:53:22 +02:00 · 2025-07-15 17:39:39 +00:00 · 2025-07-15 19:37:16 +02:00 · 2025-07-15 13:01:08 +00:00 · 2025-07-15 12:03:19 +00:00
59 changed files with 580 additions and 596 deletions
--- a/.archive/.0000_lib_usage.sh
+++ b/.archive/.0000_lib_usage.sh
@@ -0,0 +1,142 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 #######################################
 # Usage Wrapper CISS.debian.live.builder
 # Globals:
 #   none
 # Arguments:
 #   $0: Script name
 #######################################
 usage() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
 $(echo -e "\e[92mMaster V8.03.864.2025.07.15\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m")
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
 $(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
 "${0} <option>", where <option> is one or more of:
 $(echo -e "\e[97m  --help, -h\e[0m")
    What you're looking at.
 $(echo -e "\e[97m  --autobuild=*, -a=*\e[0m")
    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
    selector dialog. Change '*' to your desired Linux kernel and trim the
    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.30+bpo-amd64'.
 $(echo -e "\e[97m  --architecture <STRING> one of <amd64 | arm64>\e[0m")
    A string reflecting the architecture of the Live System.
    MUST be provided.
 $(echo -e "\e[97m  --build-directory </path/to/build_directory>\e[0m")
    Where the Debian Live Build Image should be generated.
    MUST be provided.
 $(echo -e "\e[97m  --change-splash <STRING> one of <club | hexagon>\e[0m")
    A string reflecting the GRub Boot Screen Splash you want to use.
    If omitted defaults to "./.archive/background/club.png".
 $(echo -e "\e[97m  --cdi (Experimental Feature)\e[0m")
    This option generates a boot menu entry to start the forthcoming
    'CISS.debian.installer', which will be executed after
    the system has successfully booted up.
 $(echo -e "\e[97m  --contact, -c\e[0m")
    Displays contact information of the author.
 $(echo -e "\e[97m  --control <INTEGER>\e[0m")
    An integer that reflects the version of your Live ISO Image.
    MUST be provided.
 $(echo -e "\e[97m  --debug\e[0m")
    Enables debug logging for the main program routine. Detailed logging
    information are written to "/tmp/ciss_live_builder_$$.log"
 $(echo -e "\e[97m  --dhcp-centurion\e[0m")
    If a DHCP lease is provided, the provider's nameserver will be overridden,
    and only the hardened, privacy-focused Centurion DNS servers will be used:
      - https://dns01.eddns.eu/
      - https://dns02.eddns.de/
      - https://dns03.eddns.eu/
 $(echo -e "\e[97m  --jump-host <IP | IP | ... >\e[0m")
    Provide up to 10 IPs for /etc/host.allow whitelisting of SSH access.
    Could be either IPv4 and / or IPv6 addresses and / or CCDIR notation.
    If provided, than it MUST be a <SPACE> separated list.
    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd]/64.
 $(echo -e "\e[97m  --log-statistics-only\e[0m")
    Provides statistic only after successful building a
    CISS.debian.live-ISO. While enabling "--log-statistics-only"
    the argument "--build-directory" MUST be provided while
    all further options MUST be omitted.
 $(echo -e "\e[97m  --provider-netcup-ipv6\e[0m")
    Activates IPv6 support for Netcup Root Server. One unique
    IPv6 address MUST be provided in this case and MUST be encapsulated
    with [], e.g., [1234::abcd].
 $(echo -e "\e[97m  --renice-priority <PRIORITY>\e[0m")
    Reset the nice priority value of the script and all its children
    to the desired <PRIORITY>. MUST be an integer (between "-19" and 19).
    Negative (higher) values MUST be enclosed in double quotes '"'.
 $(echo -e "\e[97m  --reionice-priority <CLASS> <PRIORITY>\e[0m")
    Reset the ionice priority value of the script and all its children
    to the desired <CLASS>. MUST be an integer:
      1: realtime
      2: best-effort
      3: idle
    Defaults to '2'.
    Whereas <PRIORITY> MUST be an integer as well between:
      0: highest priority and
      7: lowest priority.
    Defaults to '4'.
    A real-time I/O process can significantly slow down other processes
    or even cause them to starve if it continuously requests I/O.
 $(echo -e "\e[97m  --root-password-file </path/to/password.txt>\e[0m")
    Password file for 'root', if given, MUST be a string of 20 to 64 characters,
    and MUST NOT contain the special character '"'.
    If the argument is omitted, no further login authentication is required for
    the local console. The root password is hashed with an 16 Byte '/dev/random'
    generated SALT and SHA512 Hashing function and 8,388,608 rounds. Immediately
    after Hash generation all Variables containing plain password fragments are
    deleted. Password file SHOULD be '0400' and 'root:root' and is deleted without
    further prompt after password hash has been successfully generated via:
    'shred -vfzu 5 -f'.
    No tracing of any plain text password fragment in any debug log.
 $(echo -e "\e[97m  --ssh-port <INTEGER>\e[0m")
    The desired Port SSH should listen to.
    If not provided defaults to Port 22.
 $(echo -e "\e[97m  --ssh-pubkey </path/to/.ssh/>\e[0m")
    Imports the SSH Public Key(s) from the FILE 'authorized_keys' of the
    specified PATH into the Live ISO. MUST be provided.
 $(echo -e "\e[97m  --version, -v\e[0m")
    Displays version of ${0}.
 $(echo -e "\e[93m💡 Notes:\e[0m")
 🔵 You MUST be 'root' to run this script.
 $(echo -e "\e[95m💷 Please consider donating to my work at:\e[0m")
 $(echo -e "\e[95m🌐 https://coresecret.eu/spenden/         \e[0m")
 EOF
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
    attributes:
      label: "Version"
      description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.03.768.2025.06.23"
+      placeholder: "e.g., Master V8.03.864.2025.07.15"
    validations:
      required: true
--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.864.2025.07.15
 FROM debian:bookworm
--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.864.2025.07.15
 name: 🔁 Render README.md to README.html.
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.23
+  version: V8.03.864.2025.07.15
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.23
+  version: V8.03.864.2025.07.15
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PUBLIC.yaml
+++ b/.gitea/trigger/t_generate_PUBLIC.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.23
+  version: V8.03.864.2025.07.15
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.23
+  version: V8.03.864.2025.07.15
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.22
+### Version Master V8.03.864.2025.07.15
 name: 🔐 Generating a Private Live ISO FLV 0.
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.22
+### Version Master V8.03.864.2025.07.15
 name: 🔐 Generating a Private Live ISO FLV 1.
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.22
+### Version Master V8.03.864.2025.07.15
 name: 💙 Generating a PUBLIC Live ISO.
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.864.2025.07.15
 # Gitea Workflow: Shell-Script Linting
 #
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.864.2025.07.15
 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.864.2025.07.15
 name: 🔁 Render Graphviz Diagrams.
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.768.2025.06.23"
+properties_version="V8.03.864.2025.07.15"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.768.2025.06.23
+PackageVersion: Master V8.03.864.2025.07.15
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
--- a/LINTER_RESULTS.txt
+++ b/LINTER_RESULTS.txt
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-06-23T06:21:19Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-07-15T17:55:19Z".
 ✅ The last linter check was successful. ✅
--- a/LIVE_ISO.public
+++ b/LIVE_ISO.public
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-06-23T09:04:49Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-07-15T13:01:05Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_23T08_20_37Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_07_15T12_12_23Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  86a8be09e16299892ae99d195b56a04356bcf5d2202016da8f8fa7441077c43fab68ebefcb8c39b3423f085a74b607907fb691ac71fdef92af33782bd2ac0ce5
+  e94f1f698fb6d6a078d3aed785302ffcad25221c92439e84bb505a39d7b4da50674063cc2f7957cca655afdcdb55871ed4990aebbb096f964336af682891aed0
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFkYsQAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaHZREQAKCRA85KY4hzOw
-IbrbAQDeOIS3QYKIPkMhYlNPIcsJjv/dh3TdYiuQbkvfwVI+/gD/TiB+ska62vJk
+IQE/APsGY1Q8yonOxKTBUxgPPIA7ugHTfub9yWbPLcisC7J+sQEA17e8hmjJSX+O
-LGfwjuaxMC0KHG1/UTICytOeAnTrXAc=
+NpAtnhF4dfZheybcyfJwsscrNtOieAM=
-=qk8B
+=V2i8
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_FLV_0.private
+++ b/LIVE_ISO_FLV_0.private
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-06-23T07:15:07Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-07-15T11:05:11Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_23T06_28_42Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_07_15T10_13_20Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  e0ec5e6be762858378a7eab74634676b1dd431f1cec9f3ecd57778249da4694af2df40dd5adb546360e69ddbad1379200031558ca580f55d9e8c242edb193e2f
+  b18d79055f12e6f61a1d0b46f8648f8097da419701f3366ba127b0eff1bb0d9ef4794b1a59b66ad8d48c3e3812a1fbc81f948a66b913b036cf2b740a778a88cd
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFj++wAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaHY15wAKCRA85KY4hzOw
-IXOYAP9FahdpIrwvHpEAddsem7UDdtO/zOzzDzx+TuycmdFttQEA20BgLvFLCiDr
+Idw3AQDzmYnaCI3OADP+DB+u805S8F+QUmVIcfmUGnM0sDz78gD+I+m+BHte8lzp
-2zYSWBFHsEnlOrMoqUmjwDH/rjV6wAs=
+rwudtbEBn9wZvy2KyFWcxlSCn3go2gU=
-=cssu
+=nGnJ
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_FLV_1.private
+++ b/LIVE_ISO_FLV_1.private
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-06-23T08:10:36Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-07-15T12:03:16Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_23T07_24_33Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_07_15T11_14_23Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  70fc1bcdcf3362278f77344c5c6cf5c682362afaf22e4013026f87d3279a044bcebd830b0958bdfb9c080f06d1f873a61a30ca5e56787d41668c9b758a964ad7
+  a022fe082d5d06db05e4c53f09b59ee57f483a3d2a2a143403d93c27a2d454ec8982ccaeb957f654c0879276befc7d9ab2333f407c8089306348c7a10fd39a20
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFkL/AAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaHZDhAAKCRA85KY4hzOw
-ISe+AQC8m7ZFFP9zYtSae/IjpJy4XtDsnuO4ager49y7BDx38gEAllfQHZiMxelr
+IV0hAQCl7xeM8Art2obImFmhUBKDOLcLifegqY/jKY9729EM/wEAzJTRuLts9Jzy
-qryf1KI+nXUj2EgKtk0vy9SDI6H1KgY=
+PXje4fYxZiNOoFv3hz7Xwt5q9rPn/AE=
-=NdC5
+=S0vW
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.23-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.864.2025.07.15-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -11,8 +11,8 @@ include_toc: true
 [![Static Badge](https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=shellformat&color=%234285F4)](https://github.com/mvdan/sh) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
 &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.23.8-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.2-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.3-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
 This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
-Example: `V8.03.768.2025.06.23`
+Example: `V8.03.864.2025.07.15`
 `x.y.z` represents major (x), minor (y), and patch (z) version increments.
@@ -420,12 +420,13 @@ predictable script behavior.
   5. Make any other changes you need to.
 3. Run the config builder script `./ciss_live_builder.sh` and the integrated `lb build` command (example):
-   ```yaml
+   ````bash
   chmod 0700 ./ciss_live_builder.sh
   timestamp=$(date -u +%Y-%m-%dT%H:%M:%S%z)
   ./ciss_live_builder.sh --architecture amd64 \
                          --build-directory /opt/livebuild \
                          --change-splash hexagon \
-                          --control 384 \
+                          --control "${timestamp}" \
                          --debug \
                          --dhcp-centurion \
                          --jump-host 10.0.0.128 [c0de:4711:0815:4242::1] [2abc:4711:0815:4242::1]/64 \
@@ -435,7 +436,7 @@ predictable script behavior.
                          --root-password-file /opt/gitea/CISS.debian.live.builder/password.txt \
                          --ssh-port 4242 \
                          --ssh-pubkey /opt/gitea/CISS.debian.live.builder
-   ```
+   ````
 4. Locate your ISO in the `--build-directory`.
 5. Boot from the ISO and login to the live image via the console, or the multi-layer secured **coresecret** SSH tunnel.
 6. Type `sysp` for the final kernel hardening features.
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -40,17 +40,19 @@
 [[ ${#} -eq 0 ]] && {
  . ./lib/lib_usage.sh; usage; exit 1; }
-### SOURCING MUST SET EARLY VARIABLES AND GUARD_SOURCING()
+### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING(), CHECK_GIT()
 . ./var/early.var.sh
 . ./lib/lib_guard_sourcing.sh
 . ./lib/lib_git_var.sh
 ### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG
 for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh; usage; exit 0;; esac; done
-for arg in "$@"; do case "${arg,,}" in -v|--version) printf "\e[95mCISS.debian.live.builder Version: %s\e[0m\n" "${VAR_VERSION}"; exit 0;; esac; done
+for arg in "$@"; do case "${arg,,}" in -v|--version) . ./lib/lib_version.sh; version; exit 0;; esac; done
 ### ALL CHECKS DONE. READY TO START THE SCRIPT
-for arg in "$@"; do case "${arg,,}" in -d|--debug)   . ./meta_sources_debug.sh; check_git; debugger "${@}";; esac; done
+check_git
 for arg in "$@"; do case "${arg,,}" in -d|--debug)   . ./meta_sources_debug.sh; debugger "${@}";; esac; done
 declare -gx VAR_SETUP="true"
 ### SOURCING VARIABLES
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.864.2025.07.15
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.23
+### Version Master V8.03.864.2025.07.15
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.03.768.2025.06.23"
+declare -gr VERSION="Master V8.03.864.2025.07.15"
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.23 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.864.2025.07.15 at: 10:18:37.9542
--- a/config/package-lists/live.list.common.chroot
+++ b/config/package-lists/live.list.common.chroot
@@ -26,6 +26,7 @@ ca-certificates
 clamav
 clamav-daemon
 console-setup
 cpuid
 cryptsetup
 cryptsetup-nuke-password
 curl
@@ -49,6 +50,7 @@ expect
 fail2ban
 fdisk
 figlet
 fio
 fzf
 gawk
 gdisk
@@ -111,6 +113,7 @@ speedtest-cli
 squashfs-tools
 ssh
 ssl-cert
 stress
 sudo
 sysstat
 systemd-sysv
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. DNSSEC Status
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Haveged Audit on Netcup RS 2000 G11
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Lynis Audit:
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. SSH Audit by ssh-audit.com
--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. TLS Audit:
@@ -26,313 +26,7 @@ include_toc: true
  Using OpenSSL 1.0.2-bad (Mar 28 2025)  [~179 ciphers]
  on kali:./bin/openssl.Linux.x86_64
- Start 2025-06-23 06:37:04        -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
+ Start 2025-06-23 17:58:48        -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 Further IP addresses:   2a01:4f9:c012:a813:135:181:207:105
 rDNS (135.181.207.105): dns01.eddns.eu.
 Service detected:       HTTP
 Testing protocols via sockets except NPN+ALPN
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 h2, http/1.1 (offered)
 Testing for server implementation bugs
 No bugs found.
 Testing cipher categories
 NULL ciphers (no encryption)                      not offered (OK)
 Anonymous NULL Ciphers (no authentication)        not offered (OK)
 Export ciphers (w/o ADH+NULL)                     not offered (OK)
 LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export)      not offered (OK)
 Triple DES Ciphers / IDEA                         not offered
 Obsoleted CBC ciphers (AES, ARIA etc.)            not offered
 Strong encryption (AEAD ciphers) with no FS       not offered
 Forward Secrecy strong encryption (AEAD ciphers)  offered (OK)
 Testing server's cipher preferences
 Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
 -----------------------------------------------------------------------------------------------------------------------------
 SSLv2
 -
 SSLv3
 -
 TLSv1
 -
 TLSv1.1
 -
 TLSv1.2 (server order)
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 448   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 448   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 TLSv1.3 (server order)
 x1302   TLS_AES_256_GCM_SHA384            ECDH 448   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 448   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 Has server cipher order?     yes (OK) -- TLS 1.3 and below
 Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
 FS is offered (OK) , ciphers follow (client/browser support is important here)
 Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
 -----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 448   AESGCM      256      TLS_AES_256_GCM_SHA384                             available
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 448   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       available
 xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  not a/v
 xcc13   ECDHE-RSA-CHACHA20-POLY1305-OLD   ECDH       ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD    not a/v
 xcc15   DHE-RSA-CHACHA20-POLY1305-OLD     DH         ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD      not a/v
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 521   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              available
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH       AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            not a/v
 xc028   ECDHE-RSA-AES256-SHA384           ECDH       AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              not a/v
 xc024   ECDHE-ECDSA-AES256-SHA384         ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            not a/v
 xc014   ECDHE-RSA-AES256-SHA              ECDH       AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 not a/v
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               not a/v
 xa3     DHE-DSS-AES256-GCM-SHA384         DH         AESGCM      256      TLS_DHE_DSS_WITH_AES_256_GCM_SHA384                not a/v
 x9f     DHE-RSA-AES256-GCM-SHA384         DH         AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                not a/v
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      not a/v
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 448   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256        available
 xccaa   DHE-RSA-CHACHA20-POLY1305         DH         ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256          not a/v
 xc0af   ECDHE-ECDSA-AES256-CCM8           ECDH       AESCCM8     256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8                 not a/v
 xc0ad   ECDHE-ECDSA-AES256-CCM            ECDH       AESCCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM                   not a/v
 xc0a3   DHE-RSA-AES256-CCM8               DH         AESCCM8     256      TLS_DHE_RSA_WITH_AES_256_CCM_8                     not a/v
 xc09f   DHE-RSA-AES256-CCM                DH         AESCCM      256      TLS_DHE_RSA_WITH_AES_256_CCM                       not a/v
 x6b     DHE-RSA-AES256-SHA256             DH         AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                not a/v
 x6a     DHE-DSS-AES256-SHA256             DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA256                not a/v
 x39     DHE-RSA-AES256-SHA                DH         AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   not a/v
 x38     DHE-DSS-AES256-SHA                DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA                   not a/v
 xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH       Camellia    256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384         not a/v
 xc073   ECDHE-ECDSA-CAMELLIA256-SHA384    ECDH       Camellia    256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384       not a/v
 xc4     DHE-RSA-CAMELLIA256-SHA256        DH         Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           not a/v
 xc3     DHE-DSS-CAMELLIA256-SHA256        DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           not a/v
 x88     DHE-RSA-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              not a/v
 x87     DHE-DSS-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA              not a/v
 xc043   DHE-DSS-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384               not a/v
 xc045   DHE-RSA-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384               not a/v
 xc049   ECDHE-ECDSA-ARIA256-CBC-SHA384    ECDH       ARIA        256      TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384           not a/v
 xc04d   ECDHE-RSA-ARIA256-CBC-SHA384      ECDH       ARIA        256      TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384             not a/v
 xc053   DHE-RSA-ARIA256-GCM-SHA384        DH         ARIAGCM     256      TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384               not a/v
 xc057   DHE-DSS-ARIA256-GCM-SHA384        DH         ARIAGCM     256      TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384               not a/v
 xc05d   ECDHE-ECDSA-ARIA256-GCM-SHA384    ECDH       ARIAGCM     256      TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384           not a/v
 xc061   ECDHE-ARIA256-GCM-SHA384          ECDH       ARIAGCM     256      TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384             not a/v
 xc07d   -                                 DH         CamelliaGCM 256      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc081   -                                 DH         CamelliaGCM 256      TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc087   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384       not a/v
 xc08b   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384         not a/v
 x1301   TLS_AES_128_GCM_SHA256            any        AESGCM      128      TLS_AES_128_GCM_SHA256                             not a/v
 x1304   TLS_AES_128_CCM_SHA256            any        AESCCM      128      TLS_AES_128_CCM_SHA256                             not a/v
 x1305   TLS_AES_128_CCM_8_SHA256          any        AESCCM8     128      TLS_AES_128_CCM_8_SHA256                           not a/v
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH       AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              not a/v
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH       AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            not a/v
 xc027   ECDHE-RSA-AES128-SHA256           ECDH       AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              not a/v
 xc023   ECDHE-ECDSA-AES128-SHA256         ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            not a/v
 xc013   ECDHE-RSA-AES128-SHA              ECDH       AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 not a/v
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               not a/v
 xa2     DHE-DSS-AES128-GCM-SHA256         DH         AESGCM      128      TLS_DHE_DSS_WITH_AES_128_GCM_SHA256                not a/v
 x9e     DHE-RSA-AES128-GCM-SHA256         DH         AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                not a/v
 xc0ae   ECDHE-ECDSA-AES128-CCM8           ECDH       AESCCM8     128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8                 not a/v
 xc0ac   ECDHE-ECDSA-AES128-CCM            ECDH       AESCCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM                   not a/v
 xc0a2   DHE-RSA-AES128-CCM8               DH         AESCCM8     128      TLS_DHE_RSA_WITH_AES_128_CCM_8                     not a/v
 xc09e   DHE-RSA-AES128-CCM                DH         AESCCM      128      TLS_DHE_RSA_WITH_AES_128_CCM                       not a/v
 x67     DHE-RSA-AES128-SHA256             DH         AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                not a/v
 x40     DHE-DSS-AES128-SHA256             DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256                not a/v
 x33     DHE-RSA-AES128-SHA                DH         AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   not a/v
 x32     DHE-DSS-AES128-SHA                DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA                   not a/v
 xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH       Camellia    128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256         not a/v
 xc072   ECDHE-ECDSA-CAMELLIA128-SHA256    ECDH       Camellia    128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256       not a/v
 xbe     DHE-RSA-CAMELLIA128-SHA256        DH         Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 xbd     DHE-DSS-CAMELLIA128-SHA256        DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 x9a     DHE-RSA-SEED-SHA                  DH         SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      not a/v
 x99     DHE-DSS-SEED-SHA                  DH         SEED        128      TLS_DHE_DSS_WITH_SEED_CBC_SHA                      not a/v
 x45     DHE-RSA-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              not a/v
 x44     DHE-DSS-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA              not a/v
 xc042   DHE-DSS-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256               not a/v
 xc044   DHE-RSA-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256               not a/v
 xc048   ECDHE-ECDSA-ARIA128-CBC-SHA256    ECDH       ARIA        128      TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256           not a/v
 xc04c   ECDHE-RSA-ARIA128-CBC-SHA256      ECDH       ARIA        128      TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256             not a/v
 xc052   DHE-RSA-ARIA128-GCM-SHA256        DH         ARIAGCM     128      TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256               not a/v
 xc056   DHE-DSS-ARIA128-GCM-SHA256        DH         ARIAGCM     128      TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256               not a/v
 xc05c   ECDHE-ECDSA-ARIA128-GCM-SHA256    ECDH       ARIAGCM     128      TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256           not a/v
 xc060   ECDHE-ARIA128-GCM-SHA256          ECDH       ARIAGCM     128      TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256             not a/v
 xc07c   -                                 DH         CamelliaGCM 128      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc080   -                                 DH         CamelliaGCM 128      TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc086   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256       not a/v
 xc08a   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256         not a/v
 Elliptic curves offered:     secp384r1 secp521r1 X448
 TLS 1.2 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224
 TLS 1.3 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512
 Testing server defaults (Server Hello)
 TLS extensions (standard)    "server name/#0" "max fragment length/#1" "status request/#5" "supported_groups/#10" "EC point formats/#11"
                              "application layer protocol negotiation/#16" "extended master secret/#23" "supported versions/#43" "key share/#51"
                              "renegotiation info/#65281"
 Session Ticket RFC 5077 hint no -- no lifetime advertised
 SSL Session ID support       yes
 Session Resumption           Tickets no, ID: yes
 TLS clock skew               Random values, no fingerprinting possible
 Certificate Compression      none
 Client Authentication        none
 Signature Algorithm          SHA384 with RSA
 Server key size              RSA 4096 bits (exponent is 262147)
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial                       A39CFE0064280D467269C012636F9EE8 (OK: length 16)
 Fingerprints                 SHA1 9E19BE00A07E50CC5DB94A51419D431E845F810A
                              SHA256 92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
 Common Name (CN)             eddns.eu
 subjectAltName (SAN)         eddns.eu dns01.eddns.eu dns02.eddns.de dns03.eddns.eu eddns.de
 Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               Ok
 EV cert (experimental)       no
 Certificate Validity (UTC)   358 >= 60 days (2025-06-16 00:00 --> 2026-06-16 23:59)
 ETS/"eTLS", visibility info  not present
 In pwnedkeys.com DB          not in database
 Certificate Revocation List  --
 OCSP URI                     http://zerossl.ocsp.sectigo.com, not revoked
 OCSP stapling                offered, not revoked
 OCSP must staple extension   supported
 DNS CAA RR (experimental)    available - please check for match with "Issuer" below
                              communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
                              issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
 Certificate Transparency     yes (certificate extension)
 Certificates provided        2
 Issuer                       ZeroSSL RSA Domain Secure Site CA (ZeroSSL from AT)
 Intermediate cert validity   #1: ok > 40 days (2030-01-29 23:59). ZeroSSL RSA Domain Secure Site CA <-- USERTrust RSA Certification Authority
 Intermediate Bad OCSP (exp.) Ok
 Testing HTTP header response @ "/"
 HTTP Status Code             200 OK
 HTTP clock skew              0 sec from localtime
 Strict Transport Security    730 days=63072000 s, includeSubDomains, preload
 Public Key Pinning           --
 Server banner                nginx
 Application banner           --
 Cookie(s)                    (none issued at "/")
 Security headers             X-Frame-Options: SAMEORIGIN
                              X-Content-Type-Options: nosniff
                              Expect-CT: max-age=86400, enforce
                              Permissions-Policy: interest-cohort=()
                              Cross-Origin-Opener-Policy: same-origin
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Embedder-Policy: credentialless
                              X-XSS-Protection: 1; mode=block
                              Access-Control-Allow-Origin: https://dns01.eddns.eu
                              Permissions-Policy: interest-cohort=()
                              Referrer-Policy: same-origin
                              Cache-Control: no-cache
 Reverse Proxy banner         --
 Testing vulnerabilities
 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session ticket extension
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK), no SSLv3 support
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), no protocol below TLS 1.2 offered
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
 Running client simulations (HTTP) via sockets
 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
 ------------------------------------------------------------------------------------------------
 Android 7.0 (native)         No connection
 Android 8.1 (native)         TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
 Android 9.0 (native)         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 10.0 (native)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 11/12 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 13/14 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 15 (native)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Chrome 101 (Win 10)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Chromium 137 (Win 11)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Firefox 100 (Win 10)         TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Firefox 137 (Win 11)         TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 IE 8 Win 7                   No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
 Edge 15 Win 10               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
 Edge 101 Win 10 21H2         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Edge 133 Win 11 23H2         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Safari 18.4 (iOS 18.4)       TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Safari 15.4 (macOS 12.3.1)   TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Safari 18.4 (macOS 15.4)     TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Java 7u25                    No connection
 Java 8u442 (OpenJDK)         TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 Java 11.0.2 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Java 17.0.3 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 Java 21.0.6 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 go 1.17.8                    TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 LibreSSL 3.3.6 (macOS)       TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 OpenSSL 1.0.2e               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       521 bit ECDH (P-521)
 OpenSSL 1.1.1d (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 OpenSSL 3.0.15 (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 OpenSSL 3.5.0 (git)          TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 Apple Mail (16.0)            TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       521 bit ECDH (P-521)
 Thunderbird (91.9)           TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Rating (experimental)
 Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
 Specification documentation  https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
 Protocol Support (weighted)  100 (30)
 Key Exchange     (weighted)  100 (30)
 Cipher Strength  (weighted)  100 (40)
 Final Score                  100
 Overall Grade                A+
 Done 2025-06-23 06:38:43 [ 102s] -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
 25-06-23|root@kali.ed448.eu:/root/gitea/testssl.sh/>>1|~#> ./testssl.sh --show-each --wide --phone-out --full https://git.coresecret.dev/
 #####################################################################
  testssl.sh version 3.2.1 from https://testssl.sh/
  (81471c3 2025-06-15 09:48:31)
  This program is free software. Distribution and modification under
  GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
  Please file bugs @ https://testssl.sh/bugs/
 #####################################################################
  Using OpenSSL 1.0.2-bad (Mar 28 2025)  [~179 ciphers]
  on kali:./bin/openssl.Linux.x86_64
 Start 2025-06-23 06:55:40        -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 Further IP addresses:   2a0a:4cc0:80:330f:152:53:110:40
 rDNS (152.53.110.40):   git.coresecret.dev.
@@ -510,8 +204,8 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 OCSP stapling                offered, not revoked
 OCSP must staple extension   --
 DNS CAA RR (experimental)    available - please check for match with "Issuer" below
-                              iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl, issue=letsencrypt.org;,
+                              communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
-                              issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
+                              issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
 Certificate Transparency     yes (certificate extension)
@@ -623,7 +317,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Final Score                  100
 Overall Grade                A+
- Done 2025-06-23 06:57:01 [  86s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
+ Done 2025-06-23 18:00:16 [  99s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 ````
 ---
--- a/docs/BOOTPARAMS.md
+++ b/docs/BOOTPARAMS.md
@@ -0,0 +1,56 @@
 ---
 gitea: none
 include_toc: true
 ---
 # 1. CISS.debian.live.builder
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
 **Build**: V8.03.864.2025.07.15<br>
 # 2. Hardened Kernel Boot Parameters
 Below is a curated set of kernel boot parameters optimized for CISS Debian Installer. These parameters enhance security posture,
 restrict legacy interfaces, enforce memory initialization, and disable speculative side channels. Each parameter is documented 
 with a short rationale.
 * ``audit=1``: Enable kernel auditing subsystem.
 * ``audit_backlog_limit=8192``: Set audit event buffer depth.
 * ``cfi=kcfi``: Enable Clang's Control Flow Integrity (if supported by kernel).
 * ``debugfs=off``: Disable debugfs mount, prevents access to kernel internals.
 * ``efi=disable_early_pci_dma``: Prevent early PCI DMA via EFI.
 * ``hardened_usercopy=1``: Harden copy_*_user() functions, mitigate heap/memcpy bugs.
 * ``ia32_emulation=0``: Disable 32-bit x86 binary support on 64-bit kernel.
 * ``init_on_alloc=1``: Zero-initialize heap memory on allocation.
 * ``init_on_free=1``: Zero memory on free to prevent reuse data leaks.
 * ``iommu=force``: Enforce use of IOMMU.
 * ``iommu.strict=1``: Enable strict IOMMU mode (always remap).
 * ``iommu.passthrough=0``: Prevent IOMMU passthrough (forces remapping).
 * ``kfence.sample_interval=100``: Enable low-overhead heap-fence sampling.
 * ``kvm.nx_huge_pages=force``: Enforce NX-bit for KVM hugepages to prevent code execution.
 * ``l1d_flush=on``: Flush L1D cache on VM-entry to mitigate cache side-channels.
 * ``lockdown=confidentiality``: Enable kernel lockdown in confidentiality mode.
 * ``loglevel=0``: Silence all kernel messages (only EMERG shown).
 * ``mitigations=auto,nosmt``: Enable all available speculative mitigations, disable SMT.
 * ``mmio_stale_data=full,force,nosmt``: Mitigate MMIO stale data side channel fully.
 * ``nosmt=force``: Force disable Simultaneous Multithreading (SMT/HT).
 * ``oops=panic``: Trigger kernel panic on oops, ensures halt on fault.
 * ``page_alloc.shuffle=1``: Randomize page allocator freelist order.
 * ``page_poison=1``: Fill freed pages with poison patterns to detect UAF.
 * ``panic=-1``: Prevent automatic reboot after panic.
 * ``pti=on``: Enable Page Table Isolation (Meltdown mitigation).
 * ``random.trust_bootloader=off``: Do not trust RNG state from bootloader.
 * ``random.trust_cpu=off``: Do not trust CPU's RDRAND or RDSEED.
 * ``randomize_kstack_offset=on``: Enable randomized kernel stack offset per syscall.
 * ``randomize_va_space=2``: Enable full ASLR for mmap and heap.
 * ``retbleed=auto,nosmt``: Mitigate Retbleed exploit path via branch prediction.
 * ``rodata=on``: Enforce read-only sections for .rodata.
 * ``slab_nomerge``: Disable merging of similar slab caches.
 * ``vdso32=0``: Disable 32-bit vdso mapping (x86 compatibility).
 * ``vsyscall=none``: Disable vsyscall legacy mapping.
 ---
 **[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
 <!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,13 +8,43 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Changelog
-## V8.03.768.2025.06.22
+## V8.03.864.2025.07.15
-* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Lock FD and Artifacts.
+* Updated: [0010_dhcp_supersede.sh](../scripts/0010_dhcp_supersede.sh)
 * Added: [BOOTPARAMS.md](BOOTPARAMS.md)
 * Added: Package ``cpuid``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
 ## V8.03.832.2025.06.25
 * Added: [lib_version.sh](../lib/lib_version.sh)
 * Updated:
  * [lib_contact.sh](../lib/lib_contact.sh)
  * [lib_usage.sh](../lib/lib_usage.sh)
 * Packages added:
  * https://packages.debian.org/bookworm/fio
  * https://packages.debian.org/bookworm/stress 
 * Timezone changed to ``Etc/UTC``
 ## V8.03.832.2025.06.24
 * Updated:
  * [lib_check_provider.sh](../lib/lib_check_provider.sh)
  * [lib_debug_header.sh](../lib/lib_debug_header.sh)
  * [lib_trap_on_err.sh](../lib/lib_trap_on_err.sh)
 * The Debian package ``bat`` will be installed to enable smooth log reading.
 ## V8.03.768.2025.06.23
 * Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Removal of Lock FD and Artifacts.
 * Rearranged VARs sourcing: [early.var.sh](../var/early.var.sh)
 * Rearranged DEBUG XTRACE sourcing: [meta_sources_debug.sh](../meta_sources_debug.sh)
 * Added Git Repo specific VARs: [lib_debug_var_git.sh](../lib/lib_git_var.sh)
 * Added ``guard_sourcing()``: [lib_guard_sourcing.sh](../lib/lib_guard_sourcing.sh)
  * to prevent the caller LIB-file from being sourced twice.
 ## V8.03.768.2025.06.19
--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Centurion Net - Developer Branch Overview
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Coding Style
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Contributing / participating
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Credits
--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Download the latest PUBLIC CISS.debian.live.ISO
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2.1. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.768.2025.06.23
+Master V8.03.864.2025.07.15
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 (c) Marc S. Weidner, 2018 - 2025
@@ -133,7 +133,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 # 2.2. Contact
 ````text
 CISS.debian.live.builder
-Master V8.03.768.2025.06.23
+Master V8.03.864.2025.07.15
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 (c) Marc S. Weidner, 2018 - 2025
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.23<br>
+**Build**: V8.03.864.2025.07.15<br>
 # 2. Resources
--- a/docs/SECURITY/coresecret.dev.png
+++ b/docs/SECURITY/coresecret.dev.png
--- a/lib/lib_check_pkgs.sh
+++ b/lib/lib_check_pkgs.sh
@@ -20,6 +20,10 @@ guard_sourcing
 check_pkgs() {
  apt-get update -y > /dev/null 2>&1
  if [[ -z "$(command -v batcat || true)" ]]; then
    apt-get install -y --no-install-recommends bat
  fi
  if [[ -z "$(command -v lsb_release || true)" ]]; then
    apt-get install -y --no-install-recommends lsb-release
  fi
@@ -45,8 +49,7 @@ check_pkgs() {
  fi
  if [[ -z "$(command -v mkpasswd || true)" ]]; then
-    apt-get update -y
+    apt-get install -y --no-install-recommends whois
    apt-get install --no-install-recommends whois -y
  fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -19,8 +19,9 @@ guard_sourcing
 #######################################
 check_provider() {
  clear
-  cat << 'EOF' >| "${VAR_NOTES}"
+  cat << EOF >| "${VAR_NOTES}"
-Build: Master V8.03.768.2025.06.23
+Build  : ${VAR_VERSION}
 Commit : ${VAR_GIT_REL}
 Press 'EXIT' to continue with CISS.debian.live.builder.
--- a/lib/lib_contact.sh
+++ b/lib/lib_contact.sh
@@ -20,9 +20,9 @@
 contact() {
  clear
  cat << EOF
-$(echo -e "\e[92mCISS.debian.live.builder\e[0m")
+$(echo -e "\e[97m################################################################################ \e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m")
+$(echo -e "\e[92m  CISS.debian.live.builder from https://git.coresecret.dev/msw                   \e[0m")
-$(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
+$(echo -e "\e[92m  A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.     \e[0m")
 $(echo -e "\e[97m  (c) Marc S. Weidner, 2018 - 2025 \e[0m")
 $(echo -e "\e[97m  (p) Centurion Press, 2024 - 2025 \e[0m")
@@ -35,6 +35,7 @@ $(echo -e "\e[95m🔗 https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F4103
 $(echo -e "\e[95m  💷 Please consider donating to my work at: \e[0m")
 $(echo -e "\e[95m  🌐 https://coresecret.eu/spenden/          \e[0m")
 $(echo -e "\e[97m################################################################################ \e[0m")
 EOF
 }
--- a/lib/lib_debug.sh
+++ b/lib/lib_debug.sh
@@ -41,8 +41,10 @@ debugger() {
  declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
  # shellcheck disable=SC2155
  declare -grx LOG_DEBUG="/tmp/ciss_live_builder_$$_debug.log"
-  ### Generates empty LOG_DEBUG
+  declare -grx LOG_VAR="/tmp/ciss_live_builder_$$_var.log"
  ### Generates empty LOG_DEBUG and LOG_VAR
  touch "${LOG_DEBUG}" && chmod 0600 "${LOG_DEBUG}"
  touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
  ### Open file descriptor 42 for writing to the debug log
  exec 42>| "${LOG_DEBUG}"
  ### Write Debug Log Header https://www.gnu.org/software/bash/manual/html_node/Bash-Variables
--- a/lib/lib_debug_header.sh
+++ b/lib/lib_debug_header.sh
@@ -34,7 +34,7 @@ debug_header() {
  declare -r arg_string="$2"
  {
    printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
-    printf "\e[97m+\e[0m\e[92m%s: Git Commit                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_HEAD_FULL}"
+    printf "\e[97m+\e[0m\e[92m%s: Git Commit                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_REL}"
    printf "\e[97m+\e[0m\e[92m%s: Version                   : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_VERSION}"
    printf "\e[97m+\e[0m\e[92m%s: Epoch                     : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EPOCHREALTIME}"
    printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[0]}"
--- a/lib/lib_debug_var_git.sh
+++ b/lib/lib_debug_var_git.sh
--- a/lib/lib_guard_sourcing.sh
+++ b/lib/lib_guard_sourcing.sh
@@ -16,7 +16,7 @@
 # Globals:
 #   BASH_SOURCE
 # Arguments:
-#   $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically.
+#   $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically.)
 # Returns:
 #   0: Returns '0' in both cases as they are intended to be successful.
 #######################################
--- a/lib/lib_lb_config_write.sh
+++ b/lib/lib_lb_config_write.sh
@@ -15,20 +15,12 @@ guard_sourcing
 #######################################
 # Wrapper to write a new 'lb config' environment.
 # Globals:
 #   VAR_HANDLER_ISO_COUNTER
 #   VAR_ARCHITECTURE
 #   VAR_HANDLER_BUILD_DIR
 #   VAR_HANDLER_ISO_COUNTER
 #   VAR_KERNEL
 #   VAR_WORKDIR
 #   VAR_VERSION
-# Arguments:
+#   VAR_WORKDIR
 #  None
 #######################################
 #######################################
 # description
 # Globals:
 # Arguments:
 #  None
 #######################################
@@ -46,8 +38,8 @@ lb_config_write() {
    --backports true \
    --binary-filesystem fat32 \
    --binary-image iso-hybrid \
-    --bootappend-install "auto=true priority=critical clock-setup/utc=true console-setup/ask_detect=false debian-installer/country=US debian-installer/language=en debian-installer/locale=en_US.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/model=pc105 localechooser/supported-locales=en_US.UTF-8 time/zone=Europe/Lisbon splash audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \
+    --bootappend-install "auto=true priority=critical clock-setup/utc=true console-setup/ask_detect=false debian-installer/country=US debian-installer/language=en debian-installer/locale=en_US.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/model=pc105 localechooser/supported-locales=en_US.UTF-8 time/zone=Etc/UTC splash audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \
-    --bootappend-live "boot=live verify-checksums components nocomponents=cdi-starter locales=en_US.UTF-8 keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Europe/Lisbon toram audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \
+    --bootappend-live "boot=live components keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= locales=en_US.UTF-8 nocomponents=cdi-starter noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Etc/UTC toram verify-checksums audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force,nosmt nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none" \
    --bootloaders grub-efi \
    --cache true \
    --checksums sha512 sha256 md5 \
--- a/lib/lib_trap_on_err.sh
+++ b/lib/lib_trap_on_err.sh
@@ -36,6 +36,7 @@ guard_sourcing
 print_file_err() {
  {
    printf "❌ CISS.debian.live.builder Script failed. \n"
    printf "❌ Git Commit             : %s \n" "${VAR_GIT_REL}"
    printf "❌ Version                : %s \n" "${VAR_VERSION}"
    printf "❌ Hostsystem             : %s \n" "${VAR_SYSTEM}"
    printf "❌ Error                  : %s \n" "${ERRCODE}"
@@ -50,7 +51,7 @@ print_file_err() {
    if "${VAR_EARLY_DEBUG}"; then
      printf "❌ Vars Dump saved at     : %s \n" "${LOG_VAR}"
      printf "❌ Debug Log saved at     : %s \n" "${LOG_DEBUG}"
-      printf "❌                   cat %s \n" "${LOG_DEBUG}"
+      printf "❌ batcat --pager='less -r' %s \n" "${LOG_DEBUG}"
    fi
    printf "\n"
  } >> "${LOG_ERROR}"
@@ -79,6 +80,7 @@ print_file_err() {
 #######################################
 print_scr_err() {
  printf "\e[91m❌ CISS.debian.live.builder Script failed. \e[0m\n" >&2
  printf "\e[91m❌ Git Commit             : %s \e[0m\n" "${VAR_GIT_REL}" >&2
  printf "\e[91m❌ Version                : %s \e[0m\n" "${VAR_VERSION}" >&2
  printf "\e[91m❌ Hostsystem             : %s \e[0m\n" "${VAR_SYSTEM}" >&2
  printf "\e[91m❌ Error                  : %s \e[0m\n" "${ERRCODE}" >&2
@@ -91,11 +93,11 @@ print_scr_err() {
  printf "\e[91m❌ Arguments Original     : %s \e[0m\n" "${ARG_STR_ORG_INPUT}" >&2
  printf "\e[91m❌ Arguments Sanitized    : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2
  printf "\e[91m❌ Error Log saved at     : %s \e[0m\n" "${LOG_ERROR}" >&2
-  printf "\e[91m❌                   cat %s \e[0m\n" "${LOG_ERROR}" >&2
+  printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_ERROR}" >&2
  if "${VAR_EARLY_DEBUG}"; then
    printf "\e[91m❌ Vars Dump saved at     : %s \e[0m\n" "${LOG_VAR}" >&2
    printf "\e[91m❌ Debug Log saved at     : %s \e[0m\n" "${LOG_DEBUG}" >&2
-    printf "\e[91m❌                   cat %s \e[0m\n" "${LOG_DEBUG}" >&2
+    printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}" >&2
  fi
  printf "\n"
 }
@@ -117,12 +119,12 @@ print_scr_err() {
 #   $5: ${BASH_COMMAND}
 #######################################
 trap_on_err() {
  trap - ERR
  declare -g ERRCODE="$1"
  declare -g ERRSCRT="$2"
  declare -g ERRLINE="$3"
  declare -g ERRFUNC="$4"
  declare -g ERRCMMD="$5"
  trap - ERR
  if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
  clean_up "${ERRCODE}"
  if ! $VAR_HANDLER_AUTOBUILD; then clean_screen; fi
--- a/lib/lib_trap_on_exit.sh
+++ b/lib/lib_trap_on_exit.sh
@@ -20,8 +20,8 @@ guard_sourcing
 #   $1: $?
 #######################################
 trap_on_exit() {
  declare -r var_trap_on_exit_code="$1"
  trap - EXIT
  declare -r var_trap_on_exit_code="$1"
  if (( var_trap_on_exit_code == 0 )); then
    if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
    clean_up "${var_trap_on_exit_code}"
@@ -57,7 +57,7 @@ print_scr_exit() {
        printf "\e[92m✅ Script Runtime         : %s \e[0m\n" "${SECONDS}"
        printf "\e[92m✅ Vars Dump saved at     : %s \e[0m\n" "${LOG_VAR}"
        printf "\e[92m✅ Debug Log saved at     : %s \e[0m\n" "${LOG_DEBUG}"
-        printf "\e[92m✅                 cat %s \e[0m\n" "${LOG_DEBUG}"
+        printf "\e[92m✅ batcat --pager='less -r' %s \e[0m\n" "${LOG_DEBUG}"
        printf "\n"
      fi
      printf "\e[95m💷 Please consider donating to my work at: \e[0m\n"
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: 2025-06-25; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -12,131 +12,152 @@
 #######################################
 # Usage Wrapper CISS.debian.live.builder
 # Globals:
 #   none
 # Arguments:
 #   $0: Script name
 #######################################
 usage() {
-  clear
+  # shellcheck disable=SC2155
-  cat << EOF
+  declare var_cols=$(tput cols 2>/dev/null || echo 80)
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
 $(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
-$(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
+  #######################################
-$(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
+  # Header, Footer wrapper for dynamically output.
  # Arguments:
  #   $1: Text.
  #   $2: Width of Terminal.
  #######################################
  center() {
    declare var_text="$1"
    declare var_width="$2"
    declare var_padding=$(( (var_width - ${#var_text}) / 2 ))
    printf "%*s%s%*s\n" "${var_padding}" "" "${var_text}" "${var_padding}" ""
  }
-"${0} <option>", where <option> is one or more of:
+  # shellcheck disable=SC2155
  declare var_header=$(center "CLB(1)        CISS.debian.live.builder        CLB(1)" "${var_cols}")
  # shellcheck disable=SC2155
  declare var_footer=$(center "V8.03.864.2025.07.15        2025-06-25        CLB(1)" "${var_cols}")
-$(echo -e "\e[97m  --help, -h\e[0m")
+  {
-    What you're looking at.
+    echo -e "\e[1;97m${var_header}\e[0m"
-
+    echo
-$(echo -e "\e[97m  --autobuild=*, -a=*\e[0m")
+    echo -e "\e[92mCISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m"
-    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
+    echo -e "\e[92mMaster V8.03.864.2025.07.15\e[0m"
-    selector dialog. Change '*' to your desired Linux kernel and trim the
+    echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m"
-    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.30+bpo-amd64'.
+    echo
-
+    echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"
-$(echo -e "\e[97m  --architecture <STRING> one of <amd64 | arm64>\e[0m")
+    echo -e "\e[97m(p) Centurion Press, 2024 - 2025 \e[0m"
-    A string reflecting the architecture of the Live System.
+    echo
-    MUST be provided.
+    echo -e "\e[97m${0} <option>, where <option> is one or more of: \e[0m"
-
+    echo
-$(echo -e "\e[97m  --build-directory </path/to/build_directory>\e[0m")
+    echo -e "\e[97m  --help, -h \e[0m"
-    Where the Debian Live Build Image should be generated.
+    echo "    What you're looking at."
-    MUST be provided.
+    echo
-
+    echo -e "\e[97m  --autobuild=*, -a=* \e[0m"
-$(echo -e "\e[97m  --change-splash <STRING> one of <club | hexagon>\e[0m")
+    echo "    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel"
-    A string reflecting the GRub Boot Screen Splash you want to use.
+    echo "    selector dialog. Change '*' to your desired Linux kernel and trim the"
-    If omitted defaults to "./.archive/background/club.png".
+    echo "    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.30+bpo-amd64'."
-
+    echo
-$(echo -e "\e[97m  --cdi (Experimental Feature)\e[0m")
+    echo -e "\e[97m  --architecture <STRING> one of <amd64 | arm64> \e[0m"
-    This option generates a boot menu entry to start the forthcoming
+    echo "    A string reflecting the architecture of the Live System."
-    'CISS.debian.installer', which will be executed after
+    echo "    MUST be provided."
-    the system has successfully booted up.
+    echo
-
+    echo -e "\e[97m  --build-directory </path/to/build_directory> \e[0m"
-$(echo -e "\e[97m  --contact, -c\e[0m")
+    echo "    Where the Debian Live Build Image should be generated."
-    Displays contact information of the author.
+    echo "    MUST be provided."
-
+    echo
-$(echo -e "\e[97m  --control <INTEGER>\e[0m")
+    echo -e "\e[97m  --change-splash <STRING> one of <club | hexagon>\e[0m"
-    An integer that reflects the version of your Live ISO Image.
+    echo "    A string reflecting the Grub Boot Screen Splash you want to use."
-    MUST be provided.
+    echo "    If omitted defaults to './.archive/background/club.png'."
-
+    echo
-$(echo -e "\e[97m  --debug\e[0m")
+    echo -e "\e[97m  --cdi (Experimental Feature)\e[0m"
-    Enables debug logging for the main program routine. Detailed logging
+    echo "    This option generates a boot menu entry to start the forthcoming"
-    information are written to "/tmp/ciss_live_builder_$$.log"
+    echo "    'CISS.debian.installer', which will be executed after"
-
+    echo "    the system has successfully booted up."
-$(echo -e "\e[97m  --dhcp-centurion\e[0m")
+    echo
-    If a DHCP lease is provided, the provider's nameserver will be overridden,
+    echo -e "\e[97m  --contact, -c\ e[0m"
-    and only the hardened, privacy-focused Centurion DNS servers will be used:
+    echo "    Show author contact information."
-      - https://dns01.eddns.eu/
+    echo
-      - https://dns02.eddns.de/
+    echo -e "\e[97m  --control <INTEGER>\e[0m"
-      - https://dns03.eddns.eu/
+    echo "    An integer that reflects the version of your Live ISO Image."
-
+    echo "    MUST be provided."
-$(echo -e "\e[97m  --jump-host <IP | IP | ... >\e[0m")
+    echo
-    Provide up to 10 IPs for /etc/host.allow whitelisting of SSH access.
+    echo -e "\e[97m  --debug, -d \e[0m"
-    Could be either IPv4 and / or IPv6 addresses and / or CCDIR notation.
+    echo "    Enables debug logging for the main program routine. Detailed logging"
-    If provided, than it MUST be a <SPACE> separated list.
+    echo "    information are written to '/tmp/ciss_live_builder_$$.log'."
-    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd]/64.
+    echo
-
+    echo -e "\e[97m  --dhcp-centurion \e[0m"
-$(echo -e "\e[97m  --log-statistics-only\e[0m")
+    echo "    If a DHCP lease is provided, the provider's nameserver will be overridden,"
-    Provides statistic only after successful building a
+    echo "    and only the hardened, privacy-focused Centurion DNS servers will be used:"
-    CISS.debian.live-ISO. While enabling "--log-statistics-only"
+    echo "      - https://dns01.eddns.eu/"
-    the argument "--build-directory" MUST be provided while
+    echo "      - https://dns02.eddns.de/"
-    all further options MUST be omitted.
+    echo "      - https://dns03.eddns.eu/"
-
+    echo
-$(echo -e "\e[97m  --provider-netcup-ipv6\e[0m")
+    echo -e "\e[97m  --jump-host <IP | IP | ... > \e[0m"
-    Activates IPv6 support for Netcup Root Server. One unique
+    echo "    Provide up to 10 IPs for /etc/host.allow whitelisting of SSH access."
-    IPv6 address MUST be provided in this case and MUST be encapsulated
+    echo "    Could be either IPv4 and / or IPv6 addresses and / or CCDIR notation."
-    with [], e.g., [1234::abcd].
+    echo "    If provided, than it MUST be a <SPACE> separated list."
-
+    echo "    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd]/64."
-$(echo -e "\e[97m  --renice-priority <PRIORITY>\e[0m")
+    echo
-    Reset the nice priority value of the script and all its children
+    echo -e "\e[97m  --log-statistics-only\e[0m"
-    to the desired <PRIORITY>. MUST be an integer (between "-19" and 19).
+    echo "    Provides statistic only after successful building a"
-    Negative (higher) values MUST be enclosed in double quotes '"'.
+    echo "    CISS.debian.live-ISO. While enabling '--log-statistics-only'"
-
+    echo "    the argument '--build-directory' MUST be provided while"
-$(echo -e "\e[97m  --reionice-priority <CLASS> <PRIORITY>\e[0m")
+    echo "    all further options MUST be omitted."
-    Reset the ionice priority value of the script and all its children
+    echo
-    to the desired <CLASS>. MUST be an integer:
+    echo -e "\e[97m  --provider-netcup-ipv6 \e[0m"
-      1: realtime
+    echo "    Activates IPv6 support for Netcup Root Server. One unique"
-      2: best-effort
+    echo "    IPv6 address MUST be provided in this case and MUST be encapsulated"
-      3: idle
+    echo "    with [], e.g., [1234::abcd]."
-    Defaults to '2'.
+    echo
-    Whereas <PRIORITY> MUST be an integer as well between:
+    echo -e "\e[97m  --renice-priority <PRIORITY> \e[0m"
-      0: highest priority and
+    echo "    Reset the nice priority value of the script and all its children"
-      7: lowest priority.
+    echo "    to the desired <PRIORITY>. MUST be an integer (between '-19' and 19)."
-    Defaults to '4'.
+    echo "    Negative (higher) values MUST be enclosed in double quotes '\"'."
-    A real-time I/O process can significantly slow down other processes
+    echo
-    or even cause them to starve if it continuously requests I/O.
+    echo -e "\e[97m  --reionice-priority <CLASS> <PRIORITY> \e[0m"
-
+    echo "    Reset the ionice priority value of the script and all its children"
-$(echo -e "\e[97m  --root-password-file </path/to/password.txt>\e[0m")
+    echo "    to the desired <CLASS>. MUST be an integer:"
-    Password file for 'root', if given, MUST be a string of 20 to 64 characters,
+    echo "      1: realtime"
-    and MUST NOT contain the special character '"'.
+    echo "      2: best-effort"
-    If the argument is omitted, no further login authentication is required for
+    echo "      3: idle"
-    the local console. The root password is hashed with an 16 Byte '/dev/random'
+    echo "    Defaults to '2'."
-    generated SALT and SHA512 Hashing function and 8,388,608 rounds. Immediately
+    echo "    Whereas <PRIORITY> MUST be an integer as well between:"
-    after Hash generation all Variables containing plain password fragments are
+    echo "      0: highest priority and"
-    deleted. Password file SHOULD be '0400' and 'root:root' and is deleted without
+    echo "      7: lowest priority."
-    further prompt after password hash has been successfully generated via:
+    echo "    Defaults to '4'."
-    'shred -vfzu 5 -f'.
+    echo "    A real-time I/O process can significantly slow down other processes"
-    No tracing of any plain text password fragment in any debug log.
+    echo "    or even cause them to starve if it continuously requests I/O."
-
+    echo
-$(echo -e "\e[97m  --ssh-port <INTEGER>\e[0m")
+    echo -e "\e[97m  --root-password-file </path/to/password.txt> \e[0m"
-    The desired Port SSH should listen to.
+    echo "    Password file for 'root', if given, MUST be a string of 20 to 64 characters,"
-    If not provided defaults to Port 22.
+    echo "    and MUST NOT contain the special character '\"'."
-
+    echo "    If the argument is omitted, no further login authentication is required for"
-$(echo -e "\e[97m  --ssh-pubkey </path/to/.ssh/>\e[0m")
+    echo "    the local console. The root password is hashed with an 16 Byte '/dev/random'"
-    Imports the SSH Public Key(s) from the FILE 'authorized_keys' of the
+    echo "    generated SALT and SHA512 Hashing function and 8,388,608 rounds. Immediately"
-    specified PATH into the Live ISO. MUST be provided.
+    echo "    after Hash generation all Variables containing plain password fragments are"
-
+    echo "    deleted. Password file SHOULD be '0400' and 'root:root' and is deleted without"
-$(echo -e "\e[97m  --version, -v\e[0m")
+    echo "    further prompt after password hash has been successfully generated via:"
-    Displays version of ${0}.
+    echo "    'shred -vfzu 5 -f'."
-
+    echo "    'No tracing of any plain text password fragment in any debug log."
-$(echo -e "\e[93m💡 Notes:\e[0m")
+    echo
-🔵 You MUST be 'root' to run this script.
+    echo -e "\e[97m  --ssh-port <INTEGER> \e[0m"
-
+    echo "    The desired Port SSH should listen to."
-$(echo -e "\e[95m💷 Please consider donating to my work at:\e[0m")
+    echo "    If not provided defaults to Port '22'."
-$(echo -e "\e[95m🌐 https://coresecret.eu/spenden/         \e[0m")
+    echo
-
+    echo -e "\e[97m  --ssh-pubkey </path/to/.ssh/> \e[0m"
-EOF
+    echo "    Imports the SSH Public Key from the FILE 'authorized_keys' of the"
    echo "    specified PATH into the Live ISO. MUST be provided."
    echo
    echo -e "\e[97m  --version, -v \e[0m"
    echo "    Show version of ${0}."
    echo
    echo -e "\e[93m💡 Notes:\e[0m"
    echo -e "\e[93m🔵 You MUST be 'root' to run this script.\e[0m"
    echo
    echo -e "\e[95m💷 Please consider donating to my work at: \e[0m"
    echo -e "\e[95m🌐 https://coresecret.eu/spenden/ \e[0m"
    echo
    echo -e "\e[1;97m${var_footer}\e[0m"
  } | less -R
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_version.sh
+++ b/lib/lib_version.sh
@@ -0,0 +1,54 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-06-25; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 #######################################
 # Version Wrapper CISS.debian.live.builder
 # Globals:
 #   VAR_VERSION
 # Arguments:
 #   None
 #######################################
 version() {
  # shellcheck disable=SC2155
  declare -r var_repo_ver="$(git log --format='%h %ci' -1 2>/dev/null | awk '{ print $1" "$2" "$3 }')"
  # shellcheck disable=SC2155
  declare -r var_lb_ver="$(lb -v)"
  # shellcheck disable=SC2155
  declare -r var_ds_ver="$(debootstrap --version)"
  # shellcheck disable=SC2155
  declare -r var_host="$(uname -n)"
  # shellcheck disable=SC2155
  declare -r var_bash_ver="$(bash --version | head -n1 | awk '{print $4" "$5" "$6}')"
  clear
  cat << EOF
 $(echo -e "\e[97m################################################################################ \e[0m")
 $(echo -e "\e[92m  CISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m")
 $(echo -e "\e[92m  A lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m")
  Version : ${VAR_VERSION}
  Git     : ${var_repo_ver}
 $(echo -e "\e[97m  This program is free software. Distribution and modification under  \e[0m")
 $(echo -e "\e[97m  EUPL-1.2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! \e[0m")
  Please file bugs @
 $(echo -e "\e[95m  https://git.coresecret.dev/msw/CISS.debian.live.builder/issues \e[0m")
 $(echo -e "\e[97m################################################################################\e[0m")
  Using   : lb (${var_lb_ver}) debootstrap (${var_ds_ver})
  on      : ${var_host}
  Bash    : ${var_bash_ver}
 EOF
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/meta_sources_debug.sh
+++ b/meta_sources_debug.sh
@@ -10,23 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 ### Prevent this file from being sourced twice. Derive a safe guard-variable name from the script filename.
 var_file_name="${BASH_SOURCE[0]##*/}"
 var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}"
 var_guard_var="_${var_safe_name}_LOADED"
 ### If var_guard_var is already set, abort sourcing.
 if [[ -n "${!var_guard_var:-}" ]]; then
  unset var_file_name var_safe_name var_guard_var
  return 0
 fi
 ### Set var_guard_var and make it readonly+exported
 declare -grx "${var_guard_var}"=1
 unset var_file_name var_safe_name var_guard_var
 ### Sourcing Debug Libs
 . ./lib/lib_debug.sh
 . ./lib/lib_debug_header.sh
 . ./lib/lib_debug_var_git.sh
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/scripts/0010_dhcp_supersede.sh
+++ b/scripts/0010_dhcp_supersede.sh
@@ -21,9 +21,9 @@ fi
 cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/dhcp/dhclient.conf
 # Custom dhclient config to override DHCP DNS
-# dns01.eddns.eu, dns02.eddns.de; dns03.eddns.eu;
+# dns01.eddns.eu, dns02.eddns.de, dns03.eddns.eu;
-supersede domain-name-servers 135.181.207.105, 89.58.62.53; 138.199.237.109;
+supersede domain-name-servers 135.181.207.105, 89.58.62.53, 138.199.237.109;
 EOF
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 # sleep 1
 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.768.2025.06.23 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.864.2025.07.15 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
 if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
  chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
--- a/var/early.var.sh
+++ b/var/early.var.sh
@@ -17,8 +17,9 @@ declare -agx ARY_PARAM_ARRAY=("$@")
 declare -grx VAR_PARAM_COUNT="$#"
 declare -grx VAR_PARAM_STRNG="$*"
 declare -grx VAR_CONTACT="security@coresecret.eu"
-declare -grx VAR_VERSION="Master V8.03.768.2025.06.23"
+declare -grx VAR_VERSION="Master V8.03.864.2025.07.15"
 declare -grx VAR_SYSTEM="$(uname -a)"
 declare -gx  VAR_EARLY_DEBUG="false"
 declare -gx  VAR_HANDLER_AUTOBUILD="false"
 umask 0022
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/var/global.var.sh
+++ b/var/global.var.sh
@@ -17,11 +17,6 @@ declare -gr VAR_KERNEL_TMP="$(mktemp)"
 declare -gr VAR_KERNEL_SRT="$(mktemp)"
 declare -gr VAR_NOTES="$(mktemp)"
 if "${VAR_EARLY_DEBUG}"; then
  declare -gr LOG_VAR="/tmp/ciss_live_builder_$$_var.log"
  touch "${LOG_VAR}" && chmod 0600 "${LOG_VAR}"
 fi
 declare -gr LOG_ERROR="/tmp/ciss_live_builder_$$_error.log"
 touch "${LOG_ERROR}" && chmod 0600 "${LOG_ERROR}"
Author	SHA256	Message	Date
Marc S. Weidner BOT	67d443b695	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@4445a0a at 2025-07-15T17:55:22Z on deea7eb4a68b Generated at : 2025-07-15T17:55:22Z Runner Host : deea7eb4a68b Workflow ID : 🛡️ Shell Script Linting Git Commit : `4445a0a` HEAD -> master	2025-07-15 17:55:22 +00:00
Marc S. Weidner	4445a0ae5c	V8.03.864.2025.07.15 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m51s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-07-15 19:53:22 +02:00
Marc S. Weidner BOT	160fc4bc38	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@ee8e2bc at 2025-07-15T17:39:39Z on 8944fef79dd0 Generated at : 2025-07-15T17:39:39Z Runner Host : 8944fef79dd0 Workflow ID : 🛡️ Shell Script Linting Git Commit : `ee8e2bc` HEAD -> master	2025-07-15 17:39:39 +00:00
Marc S. Weidner	ee8e2bce5c	V8.03.864.2025.07.15 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m4s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-07-15 19:37:16 +02:00
Marc S. Weidner BOT	90e2fd48b8	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@fd406a6 at 2025-07-15T13:01:08Z on 155b6e4acba6 Generated at : 2025-07-15T13:01:08Z Runner Host : 155b6e4acba6 Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `fd406a6` HEAD -> master	2025-07-15 13:01:08 +00:00
Marc S. Weidner BOT	fd406a6628	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@2c4a9c9 at 2025-07-15T12:03:19Z on fd09723188c6 Generated at : 2025-07-15T12:03:19Z Runner Host : fd09723188c6 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `2c4a9c9` HEAD -> master	2025-07-15 12:03:19 +00:00
Marc S. Weidner BOT	2c4a9c95c6	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@898ed7d at 2025-07-15T11:05:15Z on ed8d07632180 Generated at : 2025-07-15T11:05:15Z Runner Host : ed8d07632180 Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `898ed7d` HEAD -> master	2025-07-15 11:05:15 +00:00
Marc S. Weidner BOT	898ed7d599	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@07686fd at 2025-07-15T10:06:12Z on 24eaf98fa23b Generated at : 2025-07-15T10:06:12Z Runner Host : 24eaf98fa23b Workflow ID : 🛡️ Shell Script Linting Git Commit : `07686fd` HEAD -> master	2025-07-15 10:06:12 +00:00
Marc S. Weidner BOT	07686fd15a	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@5bd0c51 at 2025-07-15T10:05:08Z on ab2abe52ded3 Generated at : 2025-07-15T10:05:08Z Runner Host : ab2abe52ded3 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `5bd0c51` HEAD -> master	2025-07-15 10:05:08 +00:00
Marc S. Weidner	5bd0c517a2	V8.03.864.2025.07.15 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 52s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m56s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 1h1m7s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 58m4s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 57m47s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-07-15 12:03:38 +02:00
Marc S. Weidner BOT	f6f1d04a09	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@8f3715f at 2025-06-25T21:18:21Z on e459c2abc8dc Generated at : 2025-06-25T21:18:21Z Runner Host : e459c2abc8dc Workflow ID : 🛡️ Shell Script Linting Git Commit : `8f3715f` HEAD -> master	2025-06-25 21:18:21 +00:00
Marc S. Weidner	8f3715ff74	V8.03.832.2025.06.25 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m38s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-25 23:16:29 +02:00
Marc S. Weidner BOT	bf2252fd66	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@976d953 at 2025-06-25T21:14:00Z on f0432117dbbd Generated at : 2025-06-25T21:14:00Z Runner Host : f0432117dbbd Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `976d953` HEAD -> master	2025-06-25 21:14:00 +00:00
Marc S. Weidner BOT	976d95397c	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@bfa2263 at 2025-06-25T20:22:25Z on 5fb53ad22c54 Generated at : 2025-06-25T20:22:25Z Runner Host : 5fb53ad22c54 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `bfa2263` HEAD -> master	2025-06-25 20:22:25 +00:00
Marc S. Weidner BOT	bfa2263198	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@3c57dfc at 2025-06-25T19:32:17Z on 8d73d968a04b Generated at : 2025-06-25T19:32:17Z Runner Host : 8d73d968a04b Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `3c57dfc` HEAD -> master	2025-06-25 19:32:17 +00:00
Marc S. Weidner BOT	3c57dfcd08	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@7a1f51e at 2025-06-25T18:42:02Z on 2d082d209866 Generated at : 2025-06-25T18:42:02Z Runner Host : 2d082d209866 Workflow ID : 🛡️ Shell Script Linting Git Commit : `7a1f51e` HEAD -> master	2025-06-25 18:42:02 +00:00
Marc S. Weidner	7a1f51e72e	V8.03.832.2025.06.25 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 51m45s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 50m7s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 51m35s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-25 20:40:25 +02:00
Marc S. Weidner BOT	2d838a5b48	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@a77e8e2 at 2025-06-25T14:59:38Z on 0e0da6bc2cd1 Generated at : 2025-06-25T14:59:38Z Runner Host : 0e0da6bc2cd1 Workflow ID : 🛡️ Shell Script Linting Git Commit : `a77e8e2` HEAD -> master	2025-06-25 14:59:38 +00:00
Marc S. Weidner	a77e8e2204	V8.03.832.2025.06.25 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m28s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-25 16:58:05 +02:00
Marc S. Weidner BOT	db1ce0cdbd	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@dda53a4 at 2025-06-25T14:41:30Z on 80989fd12b11 Generated at : 2025-06-25T14:41:30Z Runner Host : 80989fd12b11 Workflow ID : 🛡️ Shell Script Linting Git Commit : `dda53a4` HEAD -> master	2025-06-25 14:41:30 +00:00
Marc S. Weidner	dda53a41aa	V8.03.832.2025.06.25 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m31s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-25 16:39:38 +02:00
Marc S. Weidner BOT	844981489a	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@bcf924a at 2025-06-25T13:01:33Z on c14dd6afdc02 Generated at : 2025-06-25T13:01:33Z Runner Host : c14dd6afdc02 Workflow ID : 🛡️ Shell Script Linting Git Commit : `bcf924a` HEAD -> master	2025-06-25 13:01:33 +00:00
Marc S. Weidner	bcf924a4b7	V8.03.832.2025.06.25 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m51s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-25 14:59:38 +02:00
Marc S. Weidner BOT	70329077a3	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@2ad5087 at 2025-06-25T12:53:29Z on f162d43b1f68 Generated at : 2025-06-25T12:53:29Z Runner Host : f162d43b1f68 Workflow ID : 🛡️ Shell Script Linting Git Commit : `2ad5087` HEAD -> master	2025-06-25 12:53:29 +00:00
Marc S. Weidner	2ad5087b1e	V8.03.832.2025.06.25 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m41s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-25 14:51:09 +02:00
Marc S. Weidner BOT	2631b86196	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@fd63ef7 at 2025-06-25T09:27:51Z on f6cb58e39e13 Generated at : 2025-06-25T09:27:51Z Runner Host : f6cb58e39e13 Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `fd63ef7` HEAD -> master	2025-06-25 09:27:51 +00:00
Marc S. Weidner BOT	fd63ef798b	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@98ceb5d at 2025-06-25T08:51:01Z on b6d66d8a6db7 Generated at : 2025-06-25T08:51:01Z Runner Host : b6d66d8a6db7 Workflow ID : 🛡️ Shell Script Linting Git Commit : `98ceb5d` HEAD -> master	2025-06-25 08:51:01 +00:00
Marc S. Weidner BOT	98ceb5db1a	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@4129d1e at 2025-06-25T08:50:03Z on 9819c5c58d02 Generated at : 2025-06-25T08:50:03Z Runner Host : 9819c5c58d02 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `4129d1e` HEAD -> master	2025-06-25 08:50:03 +00:00
Marc S. Weidner	4129d1ef2b	V8.03.832.2025.06.25 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 35s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m33s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-25 10:49:20 +02:00
Marc S. Weidner BOT	f6a2c5ad49	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@e8161fd at 2025-06-25T08:42:40Z on b1823330795d Generated at : 2025-06-25T08:42:40Z Runner Host : b1823330795d Workflow ID : 🛡️ Shell Script Linting Git Commit : `e8161fd` HEAD -> master	2025-06-25 08:42:40 +00:00
Marc S. Weidner BOT	e8161fdc2d	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@7b79ef1 at 2025-06-25T08:41:39Z on 8759a9db21a0 Generated at : 2025-06-25T08:41:39Z Runner Host : 8759a9db21a0 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `7b79ef1` HEAD -> master	2025-06-25 08:41:39 +00:00
Marc S. Weidner BOT	7b79ef1237	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@9143b78 at 2025-06-25T08:38:18Z on 6254bdfd1ab6 Generated at : 2025-06-25T08:38:18Z Runner Host : 6254bdfd1ab6 Workflow ID : 🛡️ Shell Script Linting Git Commit : `9143b78` HEAD -> master	2025-06-25 08:38:18 +00:00
Marc S. Weidner	9143b7800b	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m37s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 51m18s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-25 10:16:34 +02:00
Marc S. Weidner BOT	0f10a9c271	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@4f7131c at 2025-06-24T22:34:39Z on 56dbb041e6a3 Generated at : 2025-06-24T22:34:39Z Runner Host : 56dbb041e6a3 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `4f7131c` HEAD -> master	2025-06-24 22:34:39 +00:00
Marc S. Weidner BOT	4f7131ca9c	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@70d127d at 2025-06-24T21:45:55Z on ded5508cc4be Generated at : 2025-06-24T21:45:55Z Runner Host : ded5508cc4be Workflow ID : 🛡️ Shell Script Linting Git Commit : `70d127d` HEAD -> master	2025-06-24 21:45:55 +00:00
Marc S. Weidner	70d127dd4c	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 50m15s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 23:44:04 +02:00
Marc S. Weidner BOT	d183dab1a3	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@593faf9 at 2025-06-24T20:29:03Z on f61ff70b4f60 Generated at : 2025-06-24T20:29:03Z Runner Host : f61ff70b4f60 Workflow ID : 🛡️ Shell Script Linting Git Commit : `593faf9` HEAD -> master	2025-06-24 20:29:03 +00:00
Marc S. Weidner	593faf92b8	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 22:27:16 +02:00
Marc S. Weidner BOT	ff1a3390ec	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@3177e1f at 2025-06-24T20:24:22Z on ea1203cfbc73 Generated at : 2025-06-24T20:24:22Z Runner Host : ea1203cfbc73 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `3177e1f` HEAD -> master	2025-06-24 20:24:22 +00:00
Marc S. Weidner BOT	3177e1ff40	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@e8e2fa0 at 2025-06-24T19:33:20Z on 8f31c5504ca5 Generated at : 2025-06-24T19:33:20Z Runner Host : 8f31c5504ca5 Workflow ID : 🛡️ Shell Script Linting Git Commit : `e8e2fa0` HEAD -> master	2025-06-24 19:33:20 +00:00
Marc S. Weidner	e8e2fa0182	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m36s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 52m52s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 21:31:24 +02:00
Marc S. Weidner BOT	dfd59577b2	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@c2d0839 at 2025-06-24T19:21:39Z on e64222ff680c Generated at : 2025-06-24T19:21:39Z Runner Host : e64222ff680c Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `c2d0839` HEAD -> master	2025-06-24 19:21:39 +00:00
Marc S. Weidner BOT	c2d0839cd2	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@f047832 at 2025-06-24T18:29:33Z on 7cf2cc345bba Generated at : 2025-06-24T18:29:33Z Runner Host : 7cf2cc345bba Workflow ID : 🛡️ Shell Script Linting Git Commit : `f047832` HEAD -> master	2025-06-24 18:29:33 +00:00
Marc S. Weidner	f047832cdc	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 53m38s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 20:28:02 +02:00
Marc S. Weidner BOT	668ab7ce9d	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@972749b at 2025-06-24T18:00:57Z on b959bf746d49 Generated at : 2025-06-24T18:00:57Z Runner Host : b959bf746d49 Workflow ID : 🛡️ Shell Script Linting Git Commit : `972749b` HEAD -> master	2025-06-24 18:00:57 +00:00
Marc S. Weidner	972749b607	V8.03.832.2025.06.24 Some checks failed 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m33s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 8m47s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Failing after 8m47s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 8m42s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 19:58:57 +02:00
Marc S. Weidner BOT	4b3918e58d	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@55c2755 at 2025-06-24T08:57:27Z on f797403b8e29 Generated at : 2025-06-24T08:57:27Z Runner Host : f797403b8e29 Workflow ID : 🛡️ Shell Script Linting Git Commit : `55c2755` HEAD -> master	2025-06-24 08:57:27 +00:00
Marc S. Weidner	55c27550c2	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m29s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 10:55:49 +02:00
Marc S. Weidner BOT	dcb05605d6	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@6ebf75a at 2025-06-24T08:55:24Z on 28ea8f9d1fb8 Generated at : 2025-06-24T08:55:24Z Runner Host : 28ea8f9d1fb8 Workflow ID : 🛡️ Shell Script Linting Git Commit : `6ebf75a` HEAD -> master	2025-06-24 08:55:24 +00:00
Marc S. Weidner	6ebf75a91b	V8.03.832.2025.06.24 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 10:53:55 +02:00
Marc S. Weidner BOT	00c3853d4e	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@1411be3 at 2025-06-24T08:52:41Z on 304d6b967c3b Generated at : 2025-06-24T08:52:41Z Runner Host : 304d6b967c3b Workflow ID : 🛡️ Shell Script Linting Git Commit : `1411be3` HEAD -> master	2025-06-24 08:52:41 +00:00
Marc S. Weidner BOT	1411be304d	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@7459585 at 2025-06-24T08:51:53Z on e2cd59453da4 Generated at : 2025-06-24T08:51:53Z Runner Host : e2cd59453da4 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `7459585` HEAD -> master	2025-06-24 08:51:54 +00:00
Marc S. Weidner	7459585d20	V8.03.832.2025.06.24 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 36s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-24 10:50:24 +02:00
Marc S. Weidner BOT	df806d086f	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@4b70ca7 at 2025-06-23T17:05:19Z on 7476c59f00be Generated at : 2025-06-23T17:05:19Z Runner Host : 7476c59f00be Workflow ID : 🛡️ Shell Script Linting Git Commit : `4b70ca7` HEAD -> master	2025-06-23 17:05:20 +00:00
Marc S. Weidner	4b70ca7056	V8.03.768.2025.06.23 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-23 19:03:39 +02:00
Marc S. Weidner BOT	44c3aef43d	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@81f3a89 at 2025-06-23T16:54:52Z on 4ebf85be8b8c Generated at : 2025-06-23T16:54:52Z Runner Host : 4ebf85be8b8c Workflow ID : 🛡️ Shell Script Linting Git Commit : `81f3a89` HEAD -> master	2025-06-23 16:54:52 +00:00
Marc S. Weidner	81f3a89ae5	V8.03.768.2025.06.23 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m27s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-23 18:53:13 +02:00
Marc S. Weidner BOT	d0a38a82b8	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@73d826c at 2025-06-23T16:48:44Z on 066aacd189ab Generated at : 2025-06-23T16:48:44Z Runner Host : 066aacd189ab Workflow ID : 🛡️ Shell Script Linting Git Commit : `73d826c` HEAD -> master	2025-06-23 16:48:44 +00:00