msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Compare commits

base: msw:ea76e9d5cbdc1c04bea4cd239cf8b3a030f932378ec2204f63f06e9c802db02d
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable
...
compare: msw:v8.03.644-stable
Branches Tags
msw:master
msw:v8.13.142-stable msw:v8.13.008-stable msw:v8.03.864-stable msw:v8.03.832-stable msw:v8.03.768-stable msw:v8.03.644-stable

178 Commits
ea76e9d5cb ... v8.03.644-

Author SHA256 Message Date
Marc S. Weidner BOT
87b23a87a0 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@4be9861 at 2025-06-07T13:59:46Z on beeac5128259

Generated at : 2025-06-07T13:59:46Z
Runner Host  : beeac5128259
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 4be9861 HEAD -> master
 2025-06-07 13:59:46 +00:00
Marc S. Weidner
4be9861403 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m10s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 15:58:23 +02:00
Marc S. Weidner
3913af49e3 Merge remote-tracking branch 'origin/master' 2025-06-07 15:55:04 +02:00
Marc S. Weidner BOT
7aa82e060b DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@9d40681 at 2025-06-07T13:28:15Z on 44fbbe95eb4c

Generated at : 2025-06-07T13:28:15Z
Runner Host  : 44fbbe95eb4c
Workflow ID  : 💙 Generating a PUBLIC Live ISO.
Git Commit   : 9d40681 HEAD -> master
 2025-06-07 13:28:15 +00:00
Marc S. Weidner BOT
9d40681c01 DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@77b73f8 at 2025-06-07T12:39:31Z on ba61aa7d3bf8

Generated at : 2025-06-07T12:39:31Z
Runner Host  : ba61aa7d3bf8
Workflow ID  : 🔐 Generating a Private Live ISO FLV 1.
Git Commit   : 77b73f8 HEAD -> master
 2025-06-07 12:39:31 +00:00
Marc S. Weidner
c5ddadc93e V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 14:00:13 +02:00
Marc S. Weidner BOT
77b73f8c5f DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@da8cf02 at 2025-06-07T11:52:30Z on 6b8c44a6e580

Generated at : 2025-06-07T11:52:30Z
Runner Host  : 6b8c44a6e580
Workflow ID  : 🔐 Generating a Private Live ISO FLV 0.
Git Commit   : da8cf02 HEAD -> master
 2025-06-07 11:52:30 +00:00
Marc S. Weidner BOT
da8cf0287d DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@301513c at 2025-06-07T11:05:19Z on b0bc13efe50b

Generated at : 2025-06-07T11:05:19Z
Runner Host  : b0bc13efe50b
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : 301513c HEAD -> master
 2025-06-07 11:05:19 +00:00
Marc S. Weidner
301513c07e V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m5s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 48m21s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 47m0s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 48m44s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 13:03:28 +02:00
Marc S. Weidner BOT
31ece936c9 DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@a34dbb4 at 2025-06-07T11:00:43Z on 18b4c36b2ecd

Generated at : 2025-06-07T11:00:43Z
Runner Host  : 18b4c36b2ecd
Workflow ID  : 🛡️ Shell Script Linting
Git Commit   : a34dbb4 HEAD -> master
 2025-06-07 11:00:43 +00:00
Marc S. Weidner
a34dbb41da V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 12:59:05 +02:00
Marc S. Weidner BOT
bc58199d11 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@7d6a048 at 2025-06-07T08:36:05Z on 0ba6fa05b246

Generated at: 2025-06-07T08:36:05Z
Runner Host : 0ba6fa05b246
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 7d6a048 HEAD -> master
 2025-06-07 08:36:05 +00:00
Marc S. Weidner BOT
7d6a048f17 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c0ea15d at 2025-06-07T08:11:13Z on e1db26fd8aee

Generated at: 2025-06-07T08:11:13Z
Runner Host : e1db26fd8aee
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : c0ea15d HEAD -> master
 2025-06-07 08:11:13 +00:00
Marc S. Weidner
c0ea15d1b5 Merge remote-tracking branch 'origin/master'
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details
2025-06-07 10:07:17 +02:00
Marc S. Weidner
5345c44493 V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 10:07:08 +02:00
Marc S. Weidner BOT
3ce250c1f1 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@52fecb8 at 2025-06-07T08:03:52Z on 8dc9df4c7580

Generated at: 2025-06-07T08:03:52Z
Runner Host : 8dc9df4c7580
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 52fecb8 HEAD -> master
 2025-06-07 08:03:52 +00:00
Marc S. Weidner
52fecb8b6f V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 10:02:37 +02:00
Marc S. Weidner BOT
5175c8245a DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@680ce14 at 2025-06-07T07:51:58Z on 4c6959341a64

Generated at: 2025-06-07T07:51:58Z
Runner Host : 4c6959341a64
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 680ce14 HEAD -> master
 2025-06-07 07:51:58 +00:00
Marc S. Weidner
680ce149d7 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:50:43 +02:00
Marc S. Weidner BOT
a37ef3e143 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@77fd128 at 2025-06-07T07:47:37Z on 7fd54de01000

Generated at: 2025-06-07T07:47:37Z
Runner Host : 7fd54de01000
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 77fd128 HEAD -> master
 2025-06-07 07:47:37 +00:00
Marc S. Weidner
77fd128dbc V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m4s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 49m40s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:46:26 +02:00
Marc S. Weidner BOT
70a97b02fa DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e42acb0 at 2025-06-07T07:44:56Z on 5375c083d2a1

Generated at: 2025-06-07T07:44:56Z
Runner Host : 5375c083d2a1
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : e42acb0 HEAD -> master
 2025-06-07 07:44:57 +00:00
Marc S. Weidner
e42acb0bff Merge remote-tracking branch 'origin/master'
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details
2025-06-07 09:43:46 +02:00
Marc S. Weidner
e079067cb0 V8.03.644.2025.06.07 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:43:29 +02:00
Marc S. Weidner BOT
766108d48d DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@28d89d6 at 2025-06-07T07:40:38Z on 0572777c7ea6

Generated at: 2025-06-07T07:40:38Z
Runner Host : 0572777c7ea6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 28d89d6 HEAD -> master
 2025-06-07 07:40:38 +00:00
Marc S. Weidner
28d89d6693 V8.03.644.2025.06.07
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m19s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:39:03 +02:00
Marc S. Weidner BOT
1282d40191 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@7e065c9 at 2025-06-07T07:05:42Z on 08c6e868345f

Generated at: 2025-06-07T07:05:42Z
Runner Host : 08c6e868345f
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 7e065c9 HEAD -> master
 2025-06-07 07:05:42 +00:00
Marc S. Weidner BOT
7e065c9e5d DEPLOY BOT: 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@4bbb4ea at 2025-06-07T07:05:07Z on 967cb55d3f4b

Generated at: 2025-06-07T07:05:07Z
Runner Host : 967cb55d3f4b
Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit  : 4bbb4ea HEAD -> master
 2025-06-07 07:05:08 +00:00
Marc S. Weidner
4bbb4ead30 V8.03.644.2025.06.07
Some checks failed
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Failing after 2s
Details
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 33s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m8s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-07 09:03:50 +02:00
Marc S. Weidner BOT
73cd161efd DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@a3862e3 at 2025-06-06T18:14:40Z on 0ffeac58975d

Generated at: 2025-06-06T18:14:40Z
Runner Host : 0ffeac58975d
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : a3862e3 HEAD -> master
 2025-06-06 18:14:40 +00:00
Marc S. Weidner
a3862e3961 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m3s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 20:13:27 +02:00
Marc S. Weidner BOT
9d1b80d648 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@f0b02ed at 2025-06-06T18:03:13Z on 7fe714a6be4e

Generated at: 2025-06-06T18:03:13Z
Runner Host : 7fe714a6be4e
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : f0b02ed HEAD -> master
 2025-06-06 18:03:13 +00:00
Marc S. Weidner
f0b02ed158 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 20:00:27 +02:00
Marc S. Weidner BOT
8256633e5a DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@dc5048f at 2025-06-06T16:33:32Z on bc4923d97e5c

Generated at: 2025-06-06T16:33:32Z
Runner Host : bc4923d97e5c
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : dc5048f HEAD -> master
 2025-06-06 16:33:32 +00:00
Marc S. Weidner
dc5048fb49 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 18:32:04 +02:00
Marc S. Weidner BOT
fec771291f DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@9fb432e at 2025-06-06T15:59:23Z on af17a3e399e0

Generated at: 2025-06-06T15:59:23Z
Runner Host : af17a3e399e0
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 9fb432e HEAD -> master
 2025-06-06 15:59:23 +00:00
Marc S. Weidner
9fb432ed59 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:58:08 +02:00
Marc S. Weidner BOT
57cf13d25f DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@1a5ae42 at 2025-06-06T15:47:11Z on c36a6c20f5c6

Generated at: 2025-06-06T15:47:11Z
Runner Host : c36a6c20f5c6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 1a5ae42 HEAD → master
 2025-06-06 15:47:11 +00:00
Marc S. Weidner
1a5ae42516 V8.03.512.2025.06.06
All checks were successful
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 23s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:45:58 +02:00
Marc S. Weidner BOT
2ed84cac89 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@87203e3 at 2025-06-06T15:26:21Z on 8a23fdd43376

Generated at: 2025-06-06T15:26:21Z
Runner Host : 8a23fdd43376
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 87203e3 HEAD → master
 2025-06-06 15:26:21 +00:00
Marc S. Weidner
87203e343f V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 17:24:51 +02:00
Marc S. Weidner BOT
b4d3459f4a DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@b3c74ef at 2025-06-06T08:21:26Z on 2d6ce5c1bcc6

Generated at: 2025-06-06T08:21:26Z
Runner Host : 2d6ce5c1bcc6
Workflow ID : 🔐 Generating a Private Live ISO FLV 0.
Git Commit  : b3c74ef HEAD → master
 2025-06-06 08:21:26 +00:00
Marc S. Weidner BOT
b3c74ef219 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@c18f630 at 2025-06-06T07:37:32Z on 7fd0c8f69374

Generated at: 2025-06-06T07:37:32Z
Runner Host : 7fd0c8f69374
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : c18f630 HEAD → master
 2025-06-06 07:37:32 +00:00
Marc S. Weidner
c18f630760 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 45m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:36:04 +02:00
Marc S. Weidner
65c921b172 V8.03.512.2025.06.06
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:35:41 +02:00
Marc S. Weidner BOT
a35c93e39e DEPLOY BOT: 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@e59bbfd at 2025-06-06T07:24:31Z on d45a149ed680

Generated at: 2025-06-06T07:24:31Z
Runner Host : d45a149ed680
Workflow ID : 💙 Generating a PUBLIC Live ISO.
Git Commit  : e59bbfd HEAD → master
 2025-06-06 07:24:31 +00:00
Marc S. Weidner BOT
e59bbfd2ec DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@ccae4a2 at 2025-06-06T07:10:08Z on 1f669574f51a

Generated at: 2025-06-06T07:10:08Z
Runner Host : 1f669574f51a
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : ccae4a2 HEAD → master
 2025-06-06 07:10:08 +00:00
Marc S. Weidner
ccae4a2cba V8.03.512.2025.06.06
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m17s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 8m58s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 09:08:45 +02:00
Marc S. Weidner BOT
187482e85d DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@893fd8b at 2025-06-06T06:45:04Z on 4f8e0db5ed99

Generated at: 2025-06-06T06:45:04Z
Runner Host : 4f8e0db5ed99
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 893fd8b HEAD → master
 2025-06-06 06:45:04 +00:00
Marc S. Weidner
893fd8b1c2 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m15s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 08:43:25 +02:00
Marc S. Weidner BOT
0dfda09473 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@2e3c753 at 2025-06-06T06:38:59Z on 033ede6e6e1c

Generated at: 2025-06-06T06:38:59Z
Runner Host : 033ede6e6e1c
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 2e3c753 HEAD → master
 2025-06-06 06:38:59 +00:00
Marc S. Weidner BOT
2e3c753483 DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@4552a10 at 2025-06-06T05:53:47Z on 47167775d5cb

Generated at: 2025-06-06T05:53:47Z
Runner Host : 47167775d5cb
Workflow ID : 🔐 Generating a Private Live ISO FLV 0.
Git Commit  : 4552a10 HEAD → master
 2025-06-06 05:53:47 +00:00
Marc S. Weidner BOT
4552a101f5 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@e3c959a at 2025-06-06T05:10:23Z on 28cab0873ecc

Generated at: 2025-06-06T05:10:23Z
Runner Host : 28cab0873ecc
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : e3c959a HEAD → master
 2025-06-06 05:10:23 +00:00
Marc S. Weidner
e3c959a6f7 V8.03.512.2025.06.06
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m13s
Details
🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 44m42s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 45m11s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 45m32s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 07:09:00 +02:00
Marc S. Weidner BOT
fd4bd7aa31 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@f6d617a at 2025-06-06T04:57:53Z on 6af6ff727fd6

Generated at: 2025-06-06T04:57:53Z
Runner Host : 6af6ff727fd6
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : f6d617a HEAD → master
 2025-06-06 04:57:53 +00:00
Marc S. Weidner BOT
f6d617ac5a DEPLOY BOT: 🛡️ Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@ddd5aa3 at 2025-06-06T04:57:21Z on 152ddf3b707a

Generated at: 2025-06-06T04:57:21Z
Runner Host : 152ddf3b707a
Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev.
Git Commit  : ddd5aa3 HEAD → master
 2025-06-06 04:57:21 +00:00
Marc S. Weidner
ddd5aa3b49 V8.03.512.2025.06.06
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 33s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m6s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-06 06:56:16 +02:00
Marc S. Weidner BOT
86068a6b7e DEPLOY BOT: 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@31eb503 at 2025-06-05T22:41:05Z on 11931b5ea4ef

Generated at: 2025-06-05T22:41:05Z
Runner Host : 11931b5ea4ef
Workflow ID : 💙 Generating a PUBLIC Live ISO.
Git Commit  : 31eb503 HEAD → master
 2025-06-05 22:41:05 +00:00
Marc S. Weidner BOT
31eb50342a DEPLOY BOT: 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@6d2025e at 2025-06-05T21:57:21Z on e2e485d3471a

Generated at: 2025-06-05T21:57:21Z
Runner Host : e2e485d3471a
Workflow ID : 🔐 Generating a Private Live ISO FLV 1.
Git Commit  : 6d2025e HEAD → master
 2025-06-05 21:57:21 +00:00
Marc S. Weidner BOT
6d2025eb40 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@6b9b533 at 2025-06-05T21:14:04Z on a08716fc39d0

Generated at: 2025-06-05T21:14:04Z
Runner Host : a08716fc39d0
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : 6b9b533 HEAD → master
 2025-06-05 21:14:04 +00:00
Marc S. Weidner
6b9b533b52 V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m13s
Details
🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 44m35s
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 43m43s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 23:12:44 +02:00
Marc S. Weidner BOT
a54f75d406 DEPLOY BOT: 🛡️ Shell Script Linting [skip ci] 
X-CI-Metadata: master@d6115b9 at 2025-06-05T21:00:24Z on b5fffa7cbf6d

Generated at: 2025-06-05T21:00:24Z
Runner Host : b5fffa7cbf6d
Workflow ID : 🛡️ Shell Script Linting
Git Commit  : d6115b9 HEAD → master
 2025-06-05 21:00:24 +00:00
Marc S. Weidner
d6115b90b5 V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m21s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:58:57 +02:00
Marc S. Weidner
e6920e567a V8.03.400.2025.06.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m9s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:44:53 +02:00
Marc S. Weidner
3ad1726770 V8.03.400.2025.06.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:38:12 +02:00
Marc S. Weidner
ac579fd862 V8.03.400.2025.06.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m26s
Details
Generating a Private Live ISO FLV 0. / Generating a Private Live ISO FLV 0. (push) Failing after 44m13s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:24:39 +02:00
Marc S. Weidner BOT
b34344ec52 DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@096f06c at 2025-06-05T20:18:50Z on ca01ddafe79f

Generated at: 2025-06-05T20:18:50Z
Runner Host : ca01ddafe79f
Workflow ID : Retrieve DNSSEC status of coresecret.dev.
Git Commit  : 096f06c HEAD → master
 2025-06-05 20:18:50 +00:00
Marc S. Weidner
096f06ce8d V8.03.400.2025.06.05
Some checks failed
Generating a Private Live ISO FLV 0. / Generating a Private Live ISO FLV 0. (push) Failing after 18s
Details
Retrieve DNSSEC status of coresecret.dev. / Retrieve DNSSEC status of coresecret.dev. (push) Successful in 32s
Details
Render Graphviz Diagrams. / Render Graphviz Diagrams. (push) Successful in 21s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 1m5s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:17:42 +02:00
Marc S. Weidner
88df9116cf V8.03.400.2025.06.05 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 22:14:09 +02:00
Marc S. Weidner BOT
ac0c4a113f DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@e6187d4 at 2025-06-05T19:17:14Z on f6750375f289

Generated at: 2025-06-05T19:17:14Z
Runner Host : f6750375f289
Workflow ID : Generating a Private Live ISO FLV 1.
Git Commit  : e6187d4 HEAD → master
 2025-06-05 19:17:14 +00:00
Marc S. Weidner
e6187d42d4 V8.03.400.2025.06.05
All checks were successful
Generating a Private Live ISO FLV 1. / Generating a Private Live ISO FLV 1. (push) Successful in 49m41s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 20:27:36 +02:00
Marc S. Weidner
dddd3121b8 V8.03.400.2025.06.05 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 20:26:59 +02:00
Marc S. Weidner
6dde775de7 V8.03.400.2025.06.05
Some checks failed
Generating a Private Live ISO FLV 1. / Generating a Private Live ISO FLV 1. (push) Failing after 43s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 20:22:58 +02:00
Marc S. Weidner BOT
972a55a0fd DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@2c14afd at 2025-06-05T18:22:11Z on e99cbc734104

Generated at: 2025-06-05T18:22:11Z
Runner Host : e99cbc734104
Workflow ID : Retrieve DNSSEC status of coresecret.dev.
Git Commit  : 2c14afd HEAD → master
 2025-06-05 18:22:11 +00:00
Marc S. Weidner
2c14afded0 V8.03.400.2025.06.05
All checks were successful
Retrieve DNSSEC status of coresecret.dev. / Retrieve DNSSEC status of coresecret.dev. (push) Successful in 31s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 20:21:12 +02:00
Marc S. Weidner
6a03ff4c11 Merge remote-tracking branch 'origin/master' 2025-06-05 20:18:38 +02:00
Marc S. Weidner
328c58335b V8.03.400.2025.06.05 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-05 20:18:30 +02:00
Marc S. Weidner BOT
e0530bbef4 DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@5eaeb97 at 2025-06-05T10:15:19Z on 3678a796af40

Generated at: 2025-06-05T10:15:19Z
Runner Host : 3678a796af40
Workflow ID : Retrieve DNSSEC status of coresecret.dev.
Git Commit  : 5eaeb97 HEAD → master
 2025-06-05 10:15:19 +00:00
Marc S. Weidner
5eaeb97716 V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 22:23:47 +02:00
Marc S. Weidner
174cc1da8d V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 19:10:33 +02:00
Marc S. Weidner BOT
a568fae68d DEPLOY BOT: Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@1a4a26c at 2025-06-03T12:10:48Z on 45dd993559ed

Generated at: 2025-06-03T12:10:48Z
Runner Host : 45dd993559ed
Workflow ID : Generating a PUBLIC Live ISO.
Git Commit  : 1a4a26c HEAD → master
 2025-06-03 12:10:48 +00:00
Marc S. Weidner
1a4a26c4af V8.03.384.2025.06.03
All checks were successful
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Successful in 38m44s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 13:32:03 +02:00
Marc S. Weidner
9fb636b87c V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 13:31:19 +02:00
Marc S. Weidner
a5219c6754 V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 10:44:59 +02:00
Marc S. Weidner
96504a40fb Merge remote-tracking branch 'origin/master' 2025-06-03 10:43:19 +02:00
Marc S. Weidner
661ae7cb7f V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 10:43:02 +02:00
Marc S. Weidner BOT
813229d505 DEPLOY BOT: Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@1edb11a at 2025-06-03T08:35:18Z on b87d476d247e

Generated at: 2025-06-03T08:35:18Z
Runner Host : b87d476d247e
Workflow ID : Generating a PUBLIC Live ISO.
Git Commit  : 1edb11a HEAD → master
 2025-06-03 08:35:18 +00:00
Marc S. Weidner
1edb11ac9a V8.03.384.2025.06.03
All checks were successful
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Successful in 38m50s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 09:56:17 +02:00
Marc S. Weidner
a71cfe67b4 V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 01:51:27 +02:00
Marc S. Weidner
78687ffa78 V8.03.384.2025.06.03
All checks were successful
Render Graphviz Diagrams. / Render Graphviz Diagrams. (push) Successful in 22s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 01:48:58 +02:00
Marc S. Weidner BOT
3695b2d305 DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@25669a0 at 2025-06-02T23:44:43Z on fd06815829c5

  Generated at: 2025-06-02T23:44:43Z
  Runner Host : fd06815829c5
  Workflow ID : Generating a Private Live ISO FLV 1.
  Git Commit  : 25669a0 HEAD → master
 2025-06-02 23:44:43 +00:00
Marc S. Weidner
25669a0253 V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 01:43:01 +02:00
Marc S. Weidner BOT
614284e025 DEPLOY BOT: DEPLOY BOT: Auto-Generate PNG from *.dot. [skip ci] 
X-CI-Metadata: master@bf7254e at 2025-06-02T23:36:32Z on feeb01cd39e5

  Generated at: 2025-06-02T23:36:32Z
  Runner Host : feeb01cd39e5
  Workflow ID : Render Graphviz Diagrams.
  Git Commit  : bf7254e HEAD → master
 2025-06-02 23:36:32 +00:00
Marc S. Weidner
bf7254ecc3 V8.03.384.2025.06.03
All checks were successful
Render Graphviz Diagrams. / Render Graphviz Diagrams. (push) Successful in 22s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 01:35:49 +02:00
Marc S. Weidner BOT
fcf27c1661 DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@8534849 at 2025-06-02T23:05:17Z on 417780182e81

  Generated at: 2025-06-02T23:05:17Z
  Runner Host : 417780182e81
  Workflow ID : Generating a Private Live ISO FLV 0.
  Git Commit  : 8534849 HEAD → master
 2025-06-02 23:05:17 +00:00
Marc S. Weidner
8534849ec9 V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 00:59:33 +02:00
Marc S. Weidner BOT
4e3ac644f1 DEPLOY BOT: DEPLOY BOT: Auto-Generate PNG from *.dot. [skip ci] 
X-CI-Metadata: master@0a4a2c4 at 2025-06-02T22:58:09Z on d7d28b74be57

  Generated at: 2025-06-02T22:58:09Z
  Runner Host : d7d28b74be57
  Workflow ID : Render Graphviz Diagrams.
  Git Commit  : 0a4a2c4 HEAD → master
 2025-06-02 22:58:09 +00:00
Marc S. Weidner
0a4a2c4149 V8.03.384.2025.06.03
All checks were successful
Render Graphviz Diagrams. / Render Graphviz Diagrams. (push) Successful in 27s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 00:57:19 +02:00
Marc S. Weidner BOT
c359695199 DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@c067ddb at 2025-06-02T22:26:40Z on 54a8b2be3d72

  Generated at: 2025-06-02T22:26:40Z
  Runner Host : 54a8b2be3d72
  Workflow ID : Retrieve DNSSEC status of coresecret.dev.
  Git Commit  : c067ddb HEAD → master
 2025-06-02 22:26:40 +00:00
Marc S. Weidner BOT
c067ddbda5 DEPLOY BOT: DEPLOY BOT: Auto-Generate PNG from *.dot. [skip ci] 
X-CI-Metadata: master@10786fd at 2025-06-02T22:26:32Z on 11232c4bfe6e

  Generated at: 2025-06-02T22:26:32Z
  Runner Host : 11232c4bfe6e
  Workflow ID : Render Graphviz Diagrams.
  Git Commit  : 10786fd HEAD → master
 2025-06-02 22:26:32 +00:00
Marc S. Weidner
10786fdb9b V8.03.384.2025.06.03
Some checks failed
Render Graphviz Diagrams. / Render Graphviz Diagrams. (push) Successful in 22s
Details
Retrieve DNSSEC status of coresecret.dev. / Retrieve DNSSEC status of coresecret.dev. (push) Successful in 32s
Details
Generating a Private Live ISO FLV 0. / Generating a Private Live ISO FLV 0. (push) Successful in 39m14s
Details
Generating a Private Live ISO FLV 1. / Generating a Private Live ISO FLV 1. (push) Successful in 39m26s
Details
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Failing after 7h14m20s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 00:25:47 +02:00
Marc S. Weidner
834ea8798e V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 00:24:36 +02:00
Marc S. Weidner BOT
4c5bc32cae DEPLOY BOT: Auto-Generate PUBLIC LIVE ISO [skip ci] 
X-CI-Metadata: master@43e333f at 2025-06-02T21:38:26Z on 38513361df30

  Generated at: 2025-06-02T21:38:26Z
  Runner Host : 38513361df30
  Workflow ID : Generating a PUBLIC Live ISO.
  Git Commit  : 43e333f HEAD → master
 2025-06-02 21:38:26 +00:00
Marc S. Weidner
43e333fa8b V8.03.256.2025.06.02
All checks were successful
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Successful in 37m24s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 22:54:02 +02:00
Marc S. Weidner
5e45fd1cf7 V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 22:52:15 +02:00
Marc S. Weidner BOT
f71bd4931b DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] 
X-CI-Metadata: master@f6f2ad0 at 2025-06-02T20:49:41Z on 6f8225f74f4d

  Generated at: 2025-06-02T20:49:41Z
  Runner Host : 6f8225f74f4d
  Workflow ID : Generating a Private Live ISO FLV 1.
  Git Commit  : f6f2ad0 HEAD → master
 2025-06-02 20:49:41 +00:00
Marc S. Weidner
f6f2ad06e1 V8.03.256.2025.06.02
All checks were successful
Generating a Private Live ISO FLV 1. / Generating a Private Live ISO FLV 1. (push) Successful in 37m58s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 22:11:41 +02:00
Marc S. Weidner
4e6cf1973a V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 22:11:13 +02:00
Marc S. Weidner
a64b388193 V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 22:03:37 +02:00
Marc S. Weidner
ec0ad7e43c V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 21:55:46 +02:00
Marc S. Weidner BOT
5348b0c969 DEPLOY BOT: Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] 
X-CI-Metadata: master@efe189a at 2025-06-02T19:37:29Z on b04b316c7f06

  Generated at: 2025-06-02T19:37:29Z
  Runner Host : b04b316c7f06
  Workflow ID : Generating a Private Live ISO FLV 0.
  Git Commit  : efe189a HEAD → master
 2025-06-02 19:37:29 +00:00
Marc S. Weidner
efe189a3db V8.03.256.2025.06.02
All checks were successful
Generating a Private Live ISO FLV 0. / Generating a Private Live ISO FLV 0. (push) Successful in 38m16s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 20:59:15 +02:00
Marc S. Weidner
88e489463d V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 20:58:23 +02:00
Marc S. Weidner
2d1d029a79 V8.03.256.2025.06.02
Some checks failed
Generating a Private Live ISO FLV 0. / Generating a Private Live ISO FLV 0. (push) Failing after 1m32s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 20:45:51 +02:00
Marc S. Weidner
595bc5b5db V8.03.256.2025.06.02
Some checks failed
Generating a Private Live ISO FLV 1. / Generating a Private Live ISO FLV 1. (push) Failing after 14m26s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 20:17:45 +02:00
Marc S. Weidner
c3a67f3d41 V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 20:11:58 +02:00
Marc S. Weidner
a0d6e1a29c V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 19:30:26 +02:00
Marc S. Weidner
645952ec90 V8.03.256.2025.06.02
Some checks failed
Generating a Private Live ISO FLV 1. / Generating a Private Live ISO FLV 1. (push) Failing after 14m35s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 18:50:37 +02:00
Marc S. Weidner
c0166be195 V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 18:36:11 +02:00
Marc S. Weidner
81f6c797b1 V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 18:34:17 +02:00
Marc S. Weidner
8c5d45515d V8.03.256.2025.06.02
Some checks failed
Generating a PUBLIC Live ISO. / Generating a PUBLIC Live ISO. (push) Has been cancelled
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 18:28:31 +02:00
Marc S. Weidner
d914111ebe V8.03.256.2025.06.02
All checks were successful
Generating a Private Live ISO FLV 0. / Generating a Private Live ISO FLV 0. (push) Successful in 37m34s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 17:28:49 +02:00
Marc S. Weidner
5f1c26d6ff V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 17:27:34 +02:00
Marc S. Weidner
7e9bf2047b V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 17:25:13 +02:00
Marc S. Weidner
75b80cf71e V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 17:04:08 +02:00
Marc S. Weidner
6c0c6524ef V8.03.256.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 17:03:10 +02:00
Marc S. Weidner BOT
7fadba9cc2 DEPLOY BOT: Auto-Generate *.html from *.md [skip ci] 
X-CI-Metadata: master@291cbe2 at 2025-06-02T15:01:40Z on 9c5c5e3592be

  Generated at: 2025-06-02T15:01:40Z
  Runner Host : 9c5c5e3592be
  Workflow ID : Render README.md to README.html.
  Git Commit  : 291cbe2 HEAD → master
 2025-06-02 15:01:40 +00:00
Marc S. Weidner
291cbe267b V8.03.256.2025.06.02
All checks were successful
Render README.md to README.html. / Render README.md to README.html. (push) Successful in 23s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 17:01:11 +02:00
Marc S. Weidner BOT
5d331772b8 DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@db073e5 at 2025-06-02T14:55:08Z on d215d9172530

  Generated at: 2025-06-02T14:55:08Z
  Runner Host : d215d9172530
  Workflow ID : Retrieve DNSSEC status of coresecret.dev.
  Git Commit  : db073e5 HEAD → master
 2025-06-02 14:55:08 +00:00
Marc S. Weidner BOT
db073e5b90 DEPLOY BOT: Auto-Generate *.html from *.md [skip ci] 
X-CI-Metadata: master@87096d4 at 2025-06-02T14:54:59Z on b74a6979afc0

  Generated at: 2025-06-02T14:54:59Z
  Runner Host : b74a6979afc0
  Workflow ID : Render README.md to README.html.
  Git Commit  : 87096d4 HEAD → master
 2025-06-02 14:54:59 +00:00
Marc S. Weidner
87096d41fd V8.03.256.2025.06.02
All checks were successful
Render README.md to README.html. / Render README.md to README.html. (push) Successful in 23s
Details
Retrieve DNSSEC status of coresecret.dev. / Retrieve DNSSEC status of coresecret.dev. (push) Successful in 31s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 16:44:27 +02:00
Marc S. Weidner
d2b97771c4 V8.03.150.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 15:55:20 +02:00
Marc S. Weidner BOT
eb865fe402 DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 
X-CI-Metadata: master@21c608b at 2025-06-02T13:52:48Z on 5f1df7451f47

  Generated at: 2025-06-02T13:52:48Z
  Runner Host : 5f1df7451f47
  Workflow ID : Retrieve the DNSSEC status at the time of updating the repository.
  Git Commit  : 21c608b HEAD → master
 2025-06-02 13:52:48 +00:00
Marc S. Weidner
21c608b7d9 V8.03.150.2025.06.02
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / Retrieve the DNSSEC status at the time of updating the repository. (push) Successful in 33s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 15:52:10 +02:00
Marc S. Weidner
f7fd74226f V8.03.148.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 15:51:03 +02:00
Marc S. Weidner
3210601f48 V8.03.148.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 15:42:14 +02:00
Marc S. Weidner
274ed71e38 Merge remote-tracking branch 'origin/master' 2025-06-02 15:30:05 +02:00
Marc S. Weidner
e489cadff4 V8.03.145.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 15:29:47 +02:00
Marc S. Weidner BOT
671146bba6 DEPLOY BOT: Auto-Generate *.html from *.md [skip ci] 2025-06-02 07:54:46 +00:00
Marc S. Weidner
1cb4a9610b V8.03.145.2025.06.02
All checks were successful
Render README.md to README.html / Render README.md to README.html (push) Successful in 23s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:54:16 +02:00
Marc S. Weidner
0854f6dfc3 Merge remote-tracking branch 'origin/master' 2025-06-02 09:53:57 +02:00
Marc S. Weidner
77ad158da0 V8.03.144.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:53:50 +02:00
Marc S. Weidner BOT
2632755c2c DEPLOY BOT: Auto-Generate *.html from *.md [skip ci] 2025-06-02 07:48:25 +00:00
Marc S. Weidner
ef8fbbc0dc V8.03.143.2025.06.02
All checks were successful
Render README.md to README.html / Render README.md to README.html (push) Successful in 20s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:47:58 +02:00
Marc S. Weidner
24454656a9 V8.03.142.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:47:23 +02:00
Marc S. Weidner
39c7d4cfe3 V8.03.141.2025.06.02
Some checks failed
Render README.md to README.html / Render README.md to README.html (push) Failing after 21s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:46:01 +02:00
Marc S. Weidner
2a9c358c84 V8.03.140.2025.06.02
Some checks failed
Render README.md to README.html / Render README.md to README.html (push) Failing after 21s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:44:23 +02:00
Marc S. Weidner
1b955288ce V8.03.139.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:39:21 +02:00
Marc S. Weidner BOT
a86bac8963 DEPLOY BOT: Auto-Generate *.html from *.md [skip ci] 2025-06-02 07:32:11 +00:00
Marc S. Weidner
8dc2bc97cd V8.03.139.2025.06.02
All checks were successful
Render README.md to README.html / Render README.md to README.html (push) Successful in 27s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:31:38 +02:00
Marc S. Weidner
f4ab7e31aa V8.03.138.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:31:17 +02:00
Marc S. Weidner
d89d392f2b V8.03.137.2025.06.02
Some checks failed
Render README.md to README.html / Render README.md to README.html (push) Failing after 19s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:27:57 +02:00
Marc S. Weidner
76c89ceb6e V8.03.136.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:27:38 +02:00
Marc S. Weidner
45892b2b30 V8.03.135.2025.06.02
Some checks failed
Render README.md to README.html / Render README.md to README.html (push) Failing after 20s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:26:31 +02:00
Marc S. Weidner
14654df207 V8.03.134.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:26:04 +02:00
Marc S. Weidner
8262d183a8 V8.03.133.2025.06.02
Some checks failed
Render README.md to README.html / Render README.md to README.html (push) Failing after 22s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:24:42 +02:00
Marc S. Weidner
19c62fc004 V8.03.133.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:22:24 +02:00
Marc S. Weidner
93e672b8e9 Merge remote-tracking branch 'origin/master' 2025-06-02 09:08:54 +02:00
Marc S. Weidner
419ec0d657 V8.03.133.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 09:08:15 +02:00
Marc S. Weidner BOT
fcfebca037 DEPLOY BOT: Auto-Generate LIVE ISO [skip ci] 2025-06-02 07:05:05 +00:00
Marc S. Weidner
6e2a6ef755 V8.03.133.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 08:34:14 +02:00
Marc S. Weidner
44ba715e79 V8.03.132.2025.06.02
All checks were successful
Generating a private Live ISO. / Generating a private Live ISO. (push) Successful in 38m19s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 08:26:47 +02:00
Marc S. Weidner
20328492d5 V8.03.131.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 08:26:26 +02:00
Marc S. Weidner
625eedffa8 V8.03.130.2025.06.02
Some checks failed
Generating a private Live ISO. / Generating a private Live ISO. (push) Failing after 53s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 08:24:47 +02:00
Marc S. Weidner
764c7ea85b Merge remote-tracking branch 'origin/master' 2025-06-02 08:24:06 +02:00
Marc S. Weidner
d9fa7301fe V8.03.129.2025.06.02 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 08:23:44 +02:00
Marc S. Weidner BOT
06b08ed606 DEPLOY BOT: Auto-Generate LIVE ISO [skip ci] 2025-06-02 06:13:09 +00:00
Marc S. Weidner
4c8c2c9454 V8.03.128.2025.06.02
All checks were successful
Generating a private Live ISO. / Generating a private Live ISO. (push) Successful in 36m39s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 07:36:28 +02:00
Marc S. Weidner BOT
6b05aeac7b DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci] 2025-06-02 05:34:38 +00:00
Marc S. Weidner
404ed4926f V8.03.127.2025.06.02
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / Retrieve the DNSSEC status at the time of updating the repository. (push) Successful in 34s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-02 07:33:21 +02:00
Marc S. Weidner
7647c935c7 V8.02.768.2025.06.01 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-01 21:53:18 +02:00
Marc S. Weidner
81ce39943d V8.02.768.2025.06.01
Some checks failed
Generating a private Live ISO. / Generating a private Live ISO. (push) Failing after 36m11s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-01 21:40:49 +02:00
Marc S. Weidner
025dc110a0 V8.02.768.2025.06.01 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-01 21:40:23 +02:00
Marc S. Weidner
be1af2bbfe V8.02.768.2025.06.01 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-01 21:37:10 +02:00
Marc S. Weidner
cd65d2035f V8.02.768.2025.06.01 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-01 21:00:58 +02:00
Marc S. Weidner
e6edc3c4fb V8.02.768.2025.06.01
Some checks failed
Generating a private Live ISO. / Generating a private Live ISO. (push) Failing after 34m39s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-01 20:28:02 +02:00
Marc S. Weidner
9d76712941 V8.02.768.2025.06.01 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-01 20:27:16 +02:00
Marc S. Weidner
33c0515dbf V8.02.768.2025.06.01
Some checks failed
Generating a private Live ISO. / Generating a private Live ISO. (push) Failing after 0s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-01 20:25:44 +02:00
169 changed files with 3726 additions and 685 deletions
Expand all files Collapse all files

43
.archive/icon.lib
View File

@@ -2,41 +2,48 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
🔧
⚠️
🚫
🔐
🔒
🔑 🔑
✍️
🖥️ 🖥️
🔄
🔁
🌌
🔵
💙
🔍
💡
🔧
🛠️ 🛠️
🏗
⚙️
📐
🧪
📩
📥 📥
📦 📦
📑 📑
📂 📂
🔒 📀
🔐
⚙️
🌌
🎉 🎉
🖥️
🔑
📂
📩
🔵
😺 😺
🧪 📉
📊 📊
🧾 🧾
📀 📋
📉 🕑
🧠 🧠
📅 📅
💙 🎯
🚫
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
.editorconfig
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

8
.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -12,9 +12,7 @@
name: "Bug Report" name: "Bug Report"
about: "Create a report to help us improve" about: "Create a report to help us improve"
title: "[BUG | possible BUG]: " title: "[BUG | possible BUG]: "
labels: "bug:to be reproduced,bug:needs triage/confirmation" assignees: "MSW"
assignees: ""
---
body: body:
# Instructions for the reporter # Instructions for the reporter
- type: markdown - type: markdown
@@ -27,7 +25,7 @@ body:
attributes: attributes:
label: "Version" label: "Version"
description: "Which version are you running? Use `./ciss_live_builder.sh -v`." description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
placeholder: "e.g., Master V8.02.080.2025.05.19" placeholder: "e.g., Master V8.03.644.2025.06.07"
validations: validations:
required: true required: true

8
.gitea/ISSUE_TEMPLATE/PULL_REQUEST_TEMPLATE.yaml
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -12,7 +12,7 @@
name: "Standard-PR" name: "Standard-PR"
about: "Please answer the following questions before submitting the PR." about: "Please answer the following questions before submitting the PR."
title: "[PR]: " title: "[PR]: "
ref: "master" assignees: "MSW"
body: body:
- type: markdown - type: markdown
attributes: attributes:
@@ -48,8 +48,8 @@ body:
options: options:
- label: "My edits contain no tabs, use two-space indentation, and no trailing whitespace" - label: "My edits contain no tabs, use two-space indentation, and no trailing whitespace"
- label: "I have read ~/docs/CONTRIBUTING.md and ~/docs/CODING_CONVENTION.md" - label: "I have read ~/docs/CONTRIBUTING.md and ~/docs/CODING_CONVENTION.md"
- label: "I have tested this fix or improvement on 2 VMs without issues" - label: "I have tested this fix or improvement on >=2 VMs without issues"
- label: "I have tested this new feature on 2 VMs with and without it to avoid side effects" - label: "I have tested this new feature on >=2 VMs with and without it to avoid side effects"
- label: "Documentation and/or 'usage()' and/or 'arg_parser' have been updated for the new feature" - label: "Documentation and/or 'usage()' and/or 'arg_parser' have been updated for the new feature"
- label: "I added myself to ~/docs/CREDITS.md (alphabetical) and updated ~/docs/CHANGELOG.md" - label: "I added myself to ~/docs/CREDITS.md (alphabetical) and updated ~/docs/CHANGELOG.md"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

69
.gitea/TODO/dockerfile Normal file
View File

@@ -0,0 +1,69 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.644.2025.06.07
FROM debian:bookworm
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y \
apt-transport-https \
apt-utils \
bash \
ca-certificates \
gnupg \
openssl \
sudo \
&& apt-get update -y \
&& apt-get upgrade -y \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p /etc/apt/sources.list.d && touch /etc/apt/sources.list.d/bookworm-backports.list \
&& echo 'deb https://deb.debian.org/debian bookworm-backports main' >| /etc/apt/sources.list.d/bookworm-backports.list \
&& apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends \
autoconf \
automake \
build-essential \
cryptsetup \
curl \
debootstrap \
dosfstools \
efibootmgr \
gettext \
git \
haveged \
libtool \
live-build \
parted \
pkg-config \
ssh \
ssl-cert \
texinfo \
wget \
whois \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
RUN useradd --create-home --shell /bin/bash runner
WORKDIR /home/runner
USER runner
ENTRYPOINT ["bash"]

241
.gitea/TODO/render-md-to-html.yaml Normal file
View File

@@ -0,0 +1,241 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.644.2025.06.07
name: 🔁 Render README.md to README.html.
permissions:
contents: write
on:
push:
branches:
- master
paths:
- "README.md"
- '.gitea/properties/lua/linkfix.lua'
jobs:
render-md-to-html:
name: 🔁 Render README.md to README.html.
runs-on: ubuntu-latest
steps:
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: |
set -euo pipefail
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
### Generate SSH Config for git.coresecret.dev Custom-Port
cat <<EOF >| ~/.ssh/config
Host git.coresecret.dev
HostName git.coresecret.dev
Port 42842
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
set -euo pipefail
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
shell: bash
run: |
set -euo pipefail
git reset --hard
git clean -fd
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}"
echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
gpg --batch --import ci-bot.sec.asc
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev"
git config commit.gpgsign true
git config gpg.program gpg
git config gpg.format openpgp
- name: ⚙️ Convert APT sources to HTTPS.
shell: bash
run: |
set -euo pipefail
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
- name: 🛠️ Install Pandoc & Dependencies.
shell: bash
run: |
set -euo pipefail
sudo apt-get update
sudo apt-get install -y pandoc
- name: ⚙️ Ensure .html/ directory exists.
shell: bash
run:
mkdir -p .html
- name: 🛠️ Render *.md to full standalone HTML.
shell: bash
run: |
set -euo pipefail
find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do
out=$(basename "${file%.md}.html")
pandoc -s "${file}" \
--metadata title="${file}" \
--metadata lang=en \
-f gfm+footnotes \
-t html5 \
--no-highlight \
--strip-comments \
--wrap=none \
--lua-filter=.gitea/properties/lua/linkfix.lua \
-o .html/"${out}"
done
- name: 🛠️ Extract HTML fragment for Gitea for *.md.
shell: bash
run: |
set -euo pipefail
find . \( -path "*/.*" -prune \) -o -type f -name "README.md" -print | while read file; do
out="${file%.md}.html"
pandoc "${file}" \
-f gfm+footnotes \
-t html5 \
--no-highlight \
--strip-comments \
--wrap=none \
--lua-filter=.gitea/properties/lua/linkfix.lua \
-o "${out}"
done
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
git add *.html || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🔁 Auto-Generate *.html from *.md [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

6
.gitea/trigger/t_generate_iso.yaml → .gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
build: build:
counter: 1054 counter: 1023
version: V8.02.768.2025.06.01 version: V8.03.644.2025.06.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

15
.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml Normal file
View File

@@ -0,0 +1,15 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
build:
counter: 1023
version: V8.03.644.2025.06.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

15
.gitea/trigger/t_generate_PUBLIC.yaml Normal file
View File

@@ -0,0 +1,15 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
build:
counter: 1023
version: V8.03.644.2025.06.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

6
.gitea/trigger/t_generate_dns.yaml
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
build: build:
counter: 1024 counter: 1023
version: V8.02.768.2025.06.01 version: V8.03.644.2025.06.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

280
.gitea/workflows/generate-iso.yaml
View File

@@ -1,280 +0,0 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.02.768.2025.06.01
name: Generating a private Live ISO.
permissions:
contents: write
on:
push:
branches:
- master
paths:
- '.gitea/trigger/t_generate_iso.yaml'
jobs:
generate-private-ciss-debian-live-iso:
name: Generating a private Live ISO.
runs-on: ciss.debian.live.builder
### Run all steps inside Debian Bookworm
container:
image: debian:trixie
steps:
- name: Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update
- name: Installing Build Tools.
shell: bash
run: |
apt-get update
apt-get install -y \
cryptsetup \
curl \
debootstrap \
dosfstools \
efibootmgr \
gnupg \
git \
gpgv \
haveged \
live-build \
parted \
ssh \
ssl-cert \
wget \
whois
- name: Check GnuPG Version.
run: |
shell: bash
gpg --version
- name: Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: |
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
### Generate SSH Config for git.coresecret.dev Custom-Port
cat <<EOF >| ~/.ssh/config
Host git.coresecret.dev
HostName git.coresecret.dev
Port 42842
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
run: |
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
- name: Cleaning the workspace.
shell: bash
run: |
git reset --hard
git clean -fd
- name: Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}"
echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
gpg --batch --import ci-bot.sec.asc
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev"
git config commit.gpgsign true
git config gpg.program gpg
git config gpg.format openpgp
- name: Preparing the build environment.
shell: bash
run: |
mkdir -p opt/config
mkdir -p opt/livebuild
touch opt/config/password.txt && chmod 0600 opt/config/password.txt
touch opt/config/authorized_keys && chmod 0600 opt/config/authorized_keys
echo "${{ secrets.CISS_DLB_ROOT_PWD }}" >| opt/config/password.txt
echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY }}" >| opt/config/authorized_keys
- name: Preparing Centurion Cloud for LIVE ISO Upload.
shell: bash
run: |
set -euo pipefail
NC_BASE="https://cloud.e2ee.li"
SHARE_TOKEN="${{ secrets.CENTURION_CLOUD_UL_USER }}"
SHARE_PASS="${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
SHARE_SUBDIR=""
echo "Get directory listing via PROPFIND ..."
curl -s \
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
-X PROPFIND \
-H "Depth: 1" \
"${NC_BASE}/public.php/webdav/${SHARE_SUBDIR}" \
-o propfind_public.xml
echo "Filter .iso files from the PROPFIND response ..."
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo "Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
if curl -s \
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
-X DELETE "${FILE_URL}"; then
echo " ✅ Successfully deleted: $(basename "${href}")"
else
echo " ❌ Error: $(basename "${href}") could not be deleted"
fi
done < public_iso_list.txt
else
echo "No old ISO files found to delete."
fi
rm -f propfind_public.xml public_iso_list.txt
- name: Starting CISS.debian.live.builder. This may take a while ...
shell: bash
run: |
chmod 0755 ciss_live_builder.sh
timestamp=$(date -u +"%Y_%m_%d_%H_%M_Z")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
./ciss_live_builder.sh \
--autobuild=6.12.22+bpo-amd64 \
--architecture amd64 \
--build-directory /opt/livebuild \
--control "${timestamp}" \
--debug \
--dhcp-centurion \
--jump-host "${{ secrets.CISS_DLB_JUMP_HOSTS }}" \
--provider-netcup-ipv6 "${{ secrets.CISS_DLB_NETCUP_IPV6 }}" \
--root-password-file opt/config/password.txt \
--ssh-port 42842 \
--ssh-pubkey opt/config
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!"
exit 1
else
VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
fi
- name: Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
shell: bash
run: |
curl --progress-bar \
--retry 2 \
https://cloud.e2ee.li/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
--upload-file "${VAR_ISO_FILE_PATH}" \
-u '${SHARE_TOKEN}:${SHARE_PASS}' | cat
if [[ $? -eq 0 ]]; then
echo "✅ New ISO successfully uploaded."
else
echo "❌ Uploading the new ISO failed."
exit 1
fi
- name: Generating a hash of ISO and signing with the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
VAR_ISO_FILE_SHA512="${VAR_ISO_FILE_PATH}.sha512"
sha512sum "${VAR_ISO_FILE}" | awk '{print $1}' >| "${VAR_ISO_FILE_SHA512}"
VAR_ISO_FILE_SHA512=$(< "${VAR_ISO_FILE_SHA512}")
SIGNATURE_FILE="${VAR_ISO_FILE_SHA512}.sign"
gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
rm -f "${VAR_ISO_FILE_PATH}"
- name: Generate a success message file to push back into the repository.
shell: bash
run: |
PRIVATE_FILE="LIVE_ISO.private"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-31; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
CISS.debian.live.builder ISO :
"${VAR_ISO_FILE}"
CISS.debian.live.builder ISO sha512 :
"${VAR_ISO_FILE_SHA512}"
CISS.debian.live.builder ISO sha512 sign :
$(< "${SIGNATURE_FILE}")
EOF
- name: Stage generated files.
shell: bash
run: |
git add "${PRIVATE_FILE}"
env:
GIT_SSH_COMMAND: "ssh -p 42842"
- name: Commit and Sign changes.
shell: bash
run: |
export GNUPGHOME="$(pwd)/.gnupg"
git commit -S -m "DEPLOY BOT: Auto-Generate LIVE ISO [skip ci]" || echo "No Changes, nothing to Sign or to Commit."
env:
GIT_SSH_COMMAND: "ssh -p 42842"
- name: Push back to Repository.
shell: bash
run: |
git push origin HEAD:${GITHUB_REF_NAME}
env:
GIT_SSH_COMMAND: "ssh -p 42842"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

485
.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml Normal file
View File

@@ -0,0 +1,485 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.644.2025.06.07
name: 🔐 Generating a Private Live ISO FLV 0.
permissions:
contents: write
on:
push:
branches:
- master
paths:
- '.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml'
jobs:
generate-private-ciss-debian-live-iso:
name: 🔐 Generating a Private Live ISO FLV 0.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
image: debian:bookworm
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update -y
apt-get install -y \
autoconf \
automake \
build-essential \
cryptsetup \
curl \
debootstrap \
dosfstools \
efibootmgr \
gettext \
git \
gnupg \
haveged \
libbz2-dev \
zlib1g-dev \
liblzma-dev \
libtool \
live-build \
parted \
pkg-config \
ssh \
ssl-cert \
sudo \
texinfo \
wget \
whois \
- name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
shell: bash
run: |
urls=(
"https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
echo "✅ Extraction successful: '${archive_name}'."
else
echo "❌ Extraction not successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
mkdir -p build
cd build || { echo "❌ Could not change to '/build'."; exit 1; }
sudo ../configure > /dev/null 2>&1 || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
"/usr/bin/gpg"
"/usr/bin/gpg-agent"
"/usr/bin/gpgconf"
"/usr/bin/gpg-connect-agent"
"/usr/bin/gpg-wks-client"
"/usr/bin/gpg-preset-passphrase"
)
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
if mv "${bin}" "${bin}.debian-backup"; then
echo "✅ Moved successfully: '${bin}'."
else
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "/usr/local/bin/${name}" ]]; then
if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
echo "✅ 'update-alternatives' successfully: '${bin}'."
else
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
sudo ldconfig
gpgconf --kill all
/usr/local/bin/gpg-agent --daemon
- name: ⚙️ Check GnuPG Version.
shell: bash
run: |
gpg --version
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: |
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
### Generate SSH Config for git.coresecret.dev Custom-Port
cat <<EOF >| ~/.ssh/config
Host git.coresecret.dev
HostName git.coresecret.dev
Port 42842
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
shell: bash
run: |
git reset --hard
git clean -fd
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}"
echo "${{ secrets.PGP_PUBKEY_CENTURION_ROOT_2025_X448 }}" >| centurion-root.PUB.asc
gpg --batch --import centurion-root.PUB.asc
echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
gpg --batch --import ci-bot.sec.asc
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev"
git config commit.gpgsign true
git config gpg.program gpg
git config gpg.format openpgp
- name: ⚙️ Preparing the build environment.
shell: bash
run: |
set -euo pipefail
mkdir -p /opt/config
mkdir -p /opt/livebuild
touch /opt/config/password.txt && chmod 0600 /opt/config/password.txt
touch /opt/config/authorized_keys && chmod 0600 /opt/config/authorized_keys
echo "${{ secrets.CISS_DLB_ROOT_PWD }}" >| /opt/config/password.txt
echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY }}" >| /opt/config/authorized_keys
- name: 🛠️ Starting CISS.debian.live.builder. This may take a while ...
shell: bash
run: |
set -euo pipefail
chmod 0755 ciss_live_builder.sh
timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
./ciss_live_builder.sh \
--autobuild=6.12.22+bpo-amd64 \
--architecture amd64 \
--build-directory /opt/livebuild \
--control "${timestamp}" \
--debug \
--dhcp-centurion \
--jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS }} \
--provider-netcup-ipv6 ${{ secrets.CISS_DLB_NETCUP_IPV6 }} \
--root-password-file /opt/config/password.txt \
--ssh-port ${{ secrets.CISS_DLB_SSH_PORT }} \
--ssh-pubkey /opt/config
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
shell: bash
env:
NC_BASE: "https://cloud.e2ee.li"
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}"
SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
run: |
set -euo pipefail
SHARE_SUBDIR=""
echo "📥 Get directory listing via PROPFIND ..."
curl -s \
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
-X PROPFIND \
-H "Depth: 1" \
"${NC_BASE}/public.php/webdav/${SHARE_SUBDIR}" \
-o propfind_public.xml
echo "📥 Filter .iso files from the PROPFIND response ..."
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
if curl -s \
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
-X DELETE "${FILE_URL}"; then
echo " ✅ Successfully deleted: $(basename "${href}")"
else
echo " ❌ Error: $(basename "${href}") could not be deleted"
fi
done < public_iso_list.txt
else
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
shell: bash
env:
NC_BASE: "https://cloud.e2ee.li"
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER }}"
SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD }}"
run: |
set -euo pipefail
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!"
exit 1
else
VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
fi
AUTH="${SHARE_TOKEN}:${SHARE_PASS}"
if curl --retry 2 "${NC_BASE}"/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
--upload-file "${VAR_ISO_FILE_PATH}" --user "${AUTH}" > /dev/null 2>&1; then
echo "✅ New ISO successfully uploaded."
else
echo "❌ Uploading the new ISO failed."
exit 1
fi
- name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
shell: bash
run: |
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!"
exit 1
else
VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
fi
VAR_ISO_FILE_SHA512="${VAR_ISO_FILE_NAME}.sha512"
touch "${VAR_ISO_FILE_SHA512}"
sha512sum "${VAR_ISO_FILE_PATH}" | awk '{print $1}' >| "${VAR_ISO_FILE_SHA512}"
SIGNATURE_FILE="${VAR_ISO_FILE_SHA512}.sign"
touch "${SIGNATURE_FILE}"
export GNUPGHOME="$(pwd)/.gnupg"
gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LIVE_ISO_FLV_0.private"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
CISS.debian.live.builder ISO :
"${VAR_ISO_FILE_NAME}"
CISS.debian.live.builder ISO sha512 :
"${VAR_ISO_FILE_SHA512}"
CISS.debian.live.builder ISO sha512 sign :
$(< "${SIGNATURE_FILE}")
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
PRIVATE_FILE="LIVE_ISO_FLV_0.private"
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

482
.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml Normal file
View File

@@ -0,0 +1,482 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.512.2025.06.06
name: 🔐 Generating a Private Live ISO FLV 1.
permissions:
contents: write
on:
push:
branches:
- master
paths:
- '.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml'
jobs:
generate-private-ciss-debian-live-iso:
name: 🔐 Generating a Private Live ISO FLV 1.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
image: debian:bookworm
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update -y
apt-get install -y \
autoconf \
automake \
build-essential \
cryptsetup \
curl \
debootstrap \
dosfstools \
efibootmgr \
gettext \
git \
gnupg \
haveged \
libbz2-dev \
zlib1g-dev \
liblzma-dev \
libtool \
live-build \
parted \
pkg-config \
ssh \
ssl-cert \
sudo \
texinfo \
wget \
whois \
- name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
shell: bash
run: |
urls=(
"https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
echo "✅ Extraction successful: '${archive_name}'."
else
echo "❌ Extraction not successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
mkdir -p build
cd build || { echo "❌ Could not change to '/build'."; exit 1; }
sudo ../configure > /dev/null 2>&1 || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
"/usr/bin/gpg"
"/usr/bin/gpg-agent"
"/usr/bin/gpgconf"
"/usr/bin/gpg-connect-agent"
"/usr/bin/gpg-wks-client"
"/usr/bin/gpg-preset-passphrase"
)
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
if mv "${bin}" "${bin}.debian-backup"; then
echo "✅ Moved successfully: '${bin}'."
else
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "/usr/local/bin/${name}" ]]; then
if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
echo "✅ 'update-alternatives' successfully: '${bin}'."
else
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
sudo ldconfig
gpgconf --kill all
/usr/local/bin/gpg-agent --daemon
- name: ⚙️ Check GnuPG Version.
shell: bash
run: |
gpg --version
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: |
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
### Generate SSH Config for git.coresecret.dev Custom-Port
cat <<EOF >| ~/.ssh/config
Host git.coresecret.dev
HostName git.coresecret.dev
Port 42842
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
shell: bash
run: |
git reset --hard
git clean -fd
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}"
echo "${{ secrets.PGP_PUBKEY_CENTURION_ROOT_2025_X448 }}" >| centurion-root.PUB.asc
gpg --batch --import centurion-root.PUB.asc
echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
gpg --batch --import ci-bot.sec.asc
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev"
git config commit.gpgsign true
git config gpg.program gpg
git config gpg.format openpgp
- name: ⚙️ Preparing the build environment.
shell: bash
run: |
set -euo pipefail
mkdir -p /opt/config
mkdir -p /opt/livebuild
touch /opt/config/password.txt && chmod 0600 /opt/config/password.txt
touch /opt/config/authorized_keys && chmod 0600 /opt/config/authorized_keys
echo "${{ secrets.CISS_DLB_ROOT_PWD_1 }}" >| /opt/config/password.txt
echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY_1 }}" >| /opt/config/authorized_keys
- name: 🛠️ Starting CISS.debian.live.builder. This may take a while ...
shell: bash
run: |
set -euo pipefail
chmod 0755 ciss_live_builder.sh
timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
./ciss_live_builder.sh \
--autobuild=6.12.22+bpo-amd64 \
--architecture amd64 \
--build-directory /opt/livebuild \
--control "${timestamp}" \
--jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \
--root-password-file /opt/config/password.txt \
--ssh-port ${{ secrets.CISS_DLB_SSH_PORT_1 }} \
--ssh-pubkey /opt/config
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
shell: bash
env:
NC_BASE: "https://cloud.e2ee.li"
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER_1 }}"
SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD_1 }}"
run: |
set -euo pipefail
SHARE_SUBDIR=""
echo "📥 Get directory listing via PROPFIND ..."
curl -s \
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
-X PROPFIND \
-H "Depth: 1" \
"${NC_BASE}/public.php/webdav/${SHARE_SUBDIR}" \
-o propfind_public.xml
echo "📥 Filter .iso files from the PROPFIND response ..."
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
if curl -s \
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
-X DELETE "${FILE_URL}"; then
echo " ✅ Successfully deleted: $(basename "${href}")"
else
echo " ❌ Error: $(basename "${href}") could not be deleted"
fi
done < public_iso_list.txt
else
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
shell: bash
env:
NC_BASE: "https://cloud.e2ee.li"
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER_1 }}"
SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD_1 }}"
run: |
set -euo pipefail
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!"
exit 1
else
VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
fi
AUTH="${SHARE_TOKEN}:${SHARE_PASS}"
if curl --retry 2 "${NC_BASE}"/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
--upload-file "${VAR_ISO_FILE_PATH}" --user "${AUTH}" > /dev/null 2>&1; then
echo "✅ New ISO successfully uploaded."
else
echo "❌ Uploading the new ISO failed."
exit 1
fi
- name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
shell: bash
run: |
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!"
exit 1
else
VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
fi
VAR_ISO_FILE_SHA512="${VAR_ISO_FILE_NAME}.sha512"
touch "${VAR_ISO_FILE_SHA512}"
sha512sum "${VAR_ISO_FILE_PATH}" | awk '{print $1}' >| "${VAR_ISO_FILE_SHA512}"
SIGNATURE_FILE="${VAR_ISO_FILE_SHA512}.sign"
touch "${SIGNATURE_FILE}"
export GNUPGHOME="$(pwd)/.gnupg"
gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LIVE_ISO_FLV_1.private"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
CISS.debian.live.builder ISO :
"${VAR_ISO_FILE_NAME}"
CISS.debian.live.builder ISO sha512 :
"${VAR_ISO_FILE_SHA512}"
CISS.debian.live.builder ISO sha512 sign :
$(< "${SIGNATURE_FILE}")
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
PRIVATE_FILE="LIVE_ISO_FLV_1.private"
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

482
.gitea/workflows/generate_PUBLIC_iso.yaml Normal file
View File

@@ -0,0 +1,482 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.644.2025.06.07
name: 💙 Generating a PUBLIC Live ISO.
permissions:
contents: write
on:
push:
branches:
- master
paths:
- '.gitea/trigger/t_generate_PUBLIC.yaml'
jobs:
generate-private-ciss-debian-live-iso:
name: 💙 Generating a PUBLIC Live ISO.
runs-on: ciss.debian.live.builder.iso.generator
### Run all steps inside Debian Bookworm
container:
image: debian:bookworm
steps:
- name: 🛠️ Basic Image Setup and enable Bookworm Backports.
run: |
apt-get update -y
apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
echo 'deb https://deb.debian.org/debian bookworm-backports main' \
>| /etc/apt/sources.list.d/bookworm-backports.list
apt-get update -y
apt-get upgrade -y
- name: 🛠️ Installing Build Tools.
shell: bash
run: |
apt-get update -y
apt-get install -y \
autoconf \
automake \
build-essential \
cryptsetup \
curl \
debootstrap \
dosfstools \
efibootmgr \
gettext \
git \
gnupg \
haveged \
libbz2-dev \
zlib1g-dev \
liblzma-dev \
libtool \
live-build \
parted \
pkg-config \
ssh \
ssl-cert \
sudo \
texinfo \
wget \
whois \
- name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
shell: bash
run: |
urls=(
"https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
"https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
"https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
)
wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
gpg --batch --import signature_key.asc
for url in "${urls[@]}"; do
archive_name="${url##*/}"
pkg_name="${archive_name%.tar.bz2}"
echo "🔄 Processing ${pkg_name}"
if [[ ! -f "${archive_name}" ]]; then
echo "📥 Downloading: '${archive_name}'."
if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
echo "✅ Download successful: '${archive_name}'."
else
echo "❌ Download NOT successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping download, package already exists: '${archive_name}'."
fi
if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
if [[ ! -d "${pkg_name}" ]]; then
echo "📂 Extracting: '${archive_name}'."
if tar -xjf "${archive_name}"; then
echo "✅ Extraction successful: '${archive_name}'."
else
echo "❌ Extraction not successful: '${archive_name}'."
exit 1
fi
else
echo "💡 Skipping directory, already exists: '${pkg_name}'."
fi
echo "🏗️ Build and install the package: '${pkg_name}'."
cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
mkdir -p build
cd build || { echo "❌ Could not change to '/build'."; exit 1; }
sudo ../configure > /dev/null 2>&1 || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
echo "✅ Successful build and installation of '${pkg_name}'."
echo "-------------------------------------------------------------------------------------"
done
rm -f signature_key.asc
echo "✅ All packages were built and installed successfully."
mv_bin=(
"/usr/bin/gpg"
"/usr/bin/gpg-agent"
"/usr/bin/gpgconf"
"/usr/bin/gpg-connect-agent"
"/usr/bin/gpg-wks-client"
"/usr/bin/gpg-preset-passphrase"
)
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
if mv "${bin}" "${bin}.debian-backup"; then
echo "✅ Moved successfully: '${bin}'."
else
echo "❌ Moved NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist as build binary: '${bin}'."
fi
done
for bin in "${mv_bin[@]}"; do
name="${bin##*/}"
if [[ -f "/usr/local/bin/${name}" ]]; then
if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
echo "✅ 'update-alternatives' successfully: '${bin}'."
else
echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
fi
else
echo "💡 Does not exist: '/usr/local/bin/${name}'."
fi
done
sudo ldconfig
gpgconf --kill all
/usr/local/bin/gpg-agent --daemon
- name: ⚙️ Check GnuPG Version.
shell: bash
run: |
gpg --version
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: |
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
### Generate SSH Config for git.coresecret.dev Custom-Port
cat <<EOF >| ~/.ssh/config
Host git.coresecret.dev
HostName git.coresecret.dev
Port 42842
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
shell: bash
run: |
git reset --hard
git clean -fd
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}"
echo "${{ secrets.PGP_PUBKEY_CENTURION_ROOT_2025_X448 }}" >| centurion-root.PUB.asc
gpg --batch --import centurion-root.PUB.asc
echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
gpg --batch --import ci-bot.sec.asc
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev"
git config commit.gpgsign true
git config gpg.program gpg
git config gpg.format openpgp
- name: ⚙️ Preparing the build environment.
shell: bash
run: |
set -euo pipefail
mkdir -p /opt/config
mkdir -p /opt/livebuild
touch /opt/config/password.txt && chmod 0600 /opt/config/password.txt
touch /opt/config/authorized_keys && chmod 0600 /opt/config/authorized_keys
echo 'Mvnz#zENbf2vsAYEAbfPcnbDcmct7XefPXfRJxSQQH' >| /opt/config/password.txt
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSY 2025_ciss.debian.live.ISO_PUBLIC_ONLY' >| /opt/config/authorized_keys
- name: 🛠️ Starting CISS.debian.live.builder. This may take a while ...
shell: bash
run: |
set -euo pipefail
sed -i '/^hardening_ssh.*/d' ciss_live_builder.sh
chmod 0755 ciss_live_builder.sh
timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
./ciss_live_builder.sh \
--autobuild=6.12.22+bpo-amd64 \
--architecture amd64 \
--build-directory /opt/livebuild \
--control "${timestamp}" \
--root-password-file /opt/config/password.txt \
--ssh-port 42137 \
--ssh-pubkey /opt/config
- name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
shell: bash
env:
NC_BASE: "https://cloud.e2ee.li"
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER_PUBLIC }}"
SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD_PUBLIC }}"
run: |
set -euo pipefail
SHARE_SUBDIR=""
echo "📥 Get directory listing via PROPFIND ..."
curl -s \
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
-X PROPFIND \
-H "Depth: 1" \
"${NC_BASE}/public.php/webdav/${SHARE_SUBDIR}" \
-o propfind_public.xml
echo "📥 Filter .iso files from the PROPFIND response ..."
grep -oP '(?<=<d:href>)[^<]+\.iso(?=</d:href>)' propfind_public.xml >| public_iso_list.txt || true
if [[ -f public_iso_list.txt && -s public_iso_list.txt ]]; then
echo "💡 Old ISO files found and deleted :"
while IFS= read -r href; do
FILE_URL="${NC_BASE}${href}"
echo " Delete: ${FILE_URL}"
if curl -s \
--user "${SHARE_TOKEN}:${SHARE_PASS}" \
-X DELETE "${FILE_URL}"; then
echo " ✅ Successfully deleted: $(basename "${href}")"
else
echo " ❌ Error: $(basename "${href}") could not be deleted"
fi
done < public_iso_list.txt
else
echo "💡 No old ISO files found to delete."
fi
- name: 🛠️ Upload the ISO file to the Centurion Cloud (cloud.e2ee.li) via WebDAV.
shell: bash
env:
NC_BASE: "https://cloud.e2ee.li"
SHARE_TOKEN: "${{ secrets.CENTURION_CLOUD_UL_USER_PUBLIC }}"
SHARE_PASS: "${{ secrets.CENTURION_CLOUD_UL_PASSWD_PUBLIC }}"
run: |
set -euo pipefail
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!"
exit 1
else
VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
fi
AUTH="${SHARE_TOKEN}:${SHARE_PASS}"
if curl --retry 2 "${NC_BASE}"/public.php/webdav/"${VAR_ISO_FILE_NAME}" \
--upload-file "${VAR_ISO_FILE_PATH}" --user "${AUTH}" > /dev/null 2>&1; then
echo "✅ New ISO successfully uploaded."
else
echo "❌ Uploading the new ISO failed."
exit 1
fi
- name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file.
shell: bash
run: |
if [[ $(ls /opt/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then
echo "❌ There must be exactly one .iso file in the directory!"
exit 1
else
VAR_ISO_FILE_PATH=$(ls /opt/livebuild/*.iso)
VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}")
echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}"
fi
VAR_ISO_FILE_SHA512="${VAR_ISO_FILE_NAME}.sha512"
touch "${VAR_ISO_FILE_SHA512}"
sha512sum "${VAR_ISO_FILE_PATH}" | awk '{print $1}' >| "${VAR_ISO_FILE_SHA512}"
SIGNATURE_FILE="${VAR_ISO_FILE_SHA512}.sign"
touch "${SIGNATURE_FILE}"
export GNUPGHOME="$(pwd)/.gnupg"
gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LIVE_ISO.public"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
CISS.debian.live.builder ISO :
"${VAR_ISO_FILE_NAME}"
CISS.debian.live.builder ISO sha512 :
"${VAR_ISO_FILE_SHA512}"
CISS.debian.live.builder ISO sha512 sign :
$(< "${SIGNATURE_FILE}")
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
PRIVATE_FILE="LIVE_ISO.public"
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

339
.gitea/workflows/linter_char_scripts.yaml Normal file
View File

@@ -0,0 +1,339 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.644.2025.06.07
# Gitea Workflow: Shell-Script Linting
#
# This workflow scans all '*.sh', '*.zsh', '*.chroot' and all files with Shebang (#!) for:
# 1. Windows CRLF line endings
# 2. unauthorized control characters (C0 control characters except \t, \n)
# 3. non-ASCII (ambiguous UTF) characters
#
# Findings are collected and at the end of the run with file, line number,
# and the respective character in the Runner output.
name: 🛡️ Shell Script Linting
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
shell-script-linter:
name: 🛡️ Shell Script Linting
runs-on: ubuntu-latest
steps:
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: |
set -euo pipefail
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
### Generate SSH Config for git.coresecret.dev Custom-Port
cat <<EOF >| ~/.ssh/config
Host git.coresecret.dev
HostName git.coresecret.dev
Port 42842
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
set -euo pipefail
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
shell: bash
run: |
set -euo pipefail
git reset --hard
git clean -fd
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}"
echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
gpg --batch --import ci-bot.sec.asc
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev"
git config commit.gpgsign true
git config gpg.program gpg
git config gpg.format openpgp
- name: ⚙️ Convert APT sources to HTTPS.
shell: bash
run: |
set -euo pipefail
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
- name: 🛠️ Install dependencies.
shell: bash
run: |
### Install grep with Perl-regex support, falls noch nicht vorhanden
apt-get update
apt-get upgrade -y
apt-get install -y grep
- name: 🔍 Lint shell scripts
shell: bash
run: |
# -------------------------------
# STEP 1: Find target files.
#
# We capture:
# - All files '*.sh', '*.zsh', '*.chroot'
# - All files whose first line begins with "#!" (shebang)
# -------------------------------
mapfile -t files_to_check < <(
find . \
-path './.git' -prune -o \
-type f \( \
-iname '*.sh' -o \
-iname '*.zsh' -o \
-iname '*.chroot' -o \
-exec grep -Iq '^#!' {} \; \
\) -print
)
# -------------------------------
# STEP 2: Regex definitions
#
# - CRLF_REGEX Carriage Return (\r) for Windows CRLF
# - CTRL_REGEX C0 control characters except Tab (\x09) and Newline (\x0A)
# - Range: [\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]
# - NON_ASCII_REGEX All bytes -> 0x7F, except emoji characters in defined ranges
#
# Emoji ranges that we exclude:
# - \x{1F300}-\x{1F5FF} Misc Symbols & Pictographs
# - \x{1F600}-\x{1F64F} Emoticons
# - \x{1F680}-\x{1F6FF} Transport & Map Symbols
# - \x{1F900}-\x{1F9FF} Supplemental Symbols & Pictographs
# - \x{2600}-\x{26FF} Miscellaneous Symbols
# - \x{2700}-\x{27BF} Dingbats
# -------------------------------
CRLF_REGEX=$'\r'
CTRL_REGEX='[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]'
NON_ASCII_REGEX='(?![\x{1F300}-\x{1F5FF}\x{1F600}-\x{1F64F}\x{1F680}-\x{1F6FF}\x{1F900}-\x{1F9FF}\x{2600}-\x{26FF}\x{2700}-\x{27BF}])[^\x00-\x7F]'
# -------------------------------
# STEP 3: Accumulator for findings
# -------------------------------
findings=""
# -------------------------------
# STEP 4: Perform all checks for each file
# -------------------------------
for file in "${files_to_check[@]}"; do
#
# 4.1: CRLF detection
# grep -nP returns "lineno:<line with CR>"
# -------------------------------
while IFS=: read -r lineno _rest; do
findings+="${file}: CRLF-found at line ${lineno}: <CR>"$'\n'
done < <(grep -nP "${CRLF_REGEX}" "${file}" || true)
#
# 4.2: Unallowed control characters
# grep -nP -o returns "lineno:<matched-char>"
# -------------------------------
while IFS=: read -r lineno char; do
findings+="${file}: control-char at line ${lineno}: ${char}"$'\n'
done < <(grep -nP -o "${CTRL_REGEX}" "${file}" || true)
#
# 4.3: Non-ASCII characters with emoji exception
# grep -nP -o returns "lineno:<matched-char>"
# -------------------------------
while IFS=: read -r lineno char; do
findings+="${file}: non-ascii at line ${lineno}: ${char}"$'\n'
done < <(grep -nP -o "${NON_ASCII_REGEX}" "${file}" || true)
done
# -------------------------------
# STEP 5: Output results
# -------------------------------
if [[ -n "${findings}" ]]; then
echo -e "⚠️ Linting issues detected:\n"
echo -e "${findings}"
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
⚠️ The last linter check was NOT successful. ⚠️
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
else
echo "✅ No issues found in shell scripts."
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
PRIVATE_FILE="LINTER_RESULTS.txt"
touch "${PRIVATE_FILE}"
cat << EOF >| "${PRIVATE_FILE}"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
✅ The last linter check was successful. ✅
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
EOF
fi
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
PRIVATE_FILE="LINTER_RESULTS.txt"
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🛡️ Shell Script Linting [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

157
.gitea/workflows/render-dnssec-status.yaml
View File

@@ -2,16 +2,16 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.02.768.2025.06.01 ### Version Master V8.03.644.2025.06.07
name: Retrieve the DNSSEC status at the time of updating the repository. name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
permissions: permissions:
contents: write contents: write
@@ -25,14 +25,15 @@ on:
jobs: jobs:
build-dnssec-diagram: build-dnssec-diagram:
name: Retrieve the DNSSEC status at the time of updating the repository. name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Prepare SSH Setup, SSH Deploy Key, Known Hosts, config. - name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash shell: bash
run: | run: |
rm -rf ~/.ssh set -euo pipefail
mkdir -p ~/.ssh rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key ### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519 echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
@@ -54,36 +55,27 @@ jobs:
chmod 600 ~/.ssh/config chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843 ### https://github.com/actions/checkout/issues/1843
- name: Use manual clone via SSH to circumvent Gitea SHA-256 object issues. - name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash shell: bash
run: |
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
env: env:
### GITHUB_REF_NAME contains the branch name from the push event. ### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
set -euo pipefail
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: Clean workspace. - name: 🛠️ Cleaning the workspace.
shell: bash shell: bash
run: | run: |
set -euo pipefail
git reset --hard git reset --hard
git clean -fd git clean -fd
- name: Convert APT sources to HTTPS. - name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
- name: Install DNSViz.
shell: bash
run: |
sudo apt-get update
sudo apt-get install -y dnsviz
- name: Import CI PGP DEPLOY ONLY Key.
shell: bash shell: bash
run: | run: |
set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files. ### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg" export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}" mkdir -m 700 "${GNUPGHOME}"
@@ -93,9 +85,10 @@ jobs:
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}') KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf" echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: Configure Git for signed CI DEPLOY commits. - name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash shell: bash
run: | run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg" export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT" git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev" git config user.email "msw+bot@coresecret.dev"
@@ -103,43 +96,123 @@ jobs:
git config gpg.program gpg git config gpg.program gpg
git config gpg.format openpgp git config gpg.format openpgp
- name: Ensure docs/SECURITY/ directory exists. - name: ⚙️ Convert APT sources to HTTPS.
shell: bash
run: |
set -euo pipefail
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
- name: 🛠️ Install DNSViz.
shell: bash
run: |
sudo apt-get update
sudo apt-get install -y dnsviz
- name: ⚙️ Ensure docs/SECURITY/ directory exists.
shell: bash shell: bash
run: | run: |
mkdir -p docs/SECURITY/ mkdir -p docs/SECURITY/
rm -f docs/SECURITY/coresecret.dev.png rm -f docs/SECURITY/coresecret.dev.png
- name: Prepare DNS Cache. - name: 🛠️ Prepare DNS Cache.
shell: bash shell: bash
run: | run: |
sudo apt-get install -y dnsutils sudo apt-get install -y dnsutils
dig +dnssec +multi coresecret.dev @8.8.8.8 dig +dnssec +multi coresecret.dev @8.8.8.8
- name: Retrieve Zone Dump and generate .png Visualization. - name: 🛠️ Retrieve Zone Dump and generate .png Visualization.
shell: bash shell: bash
run: | run: |
dnsviz probe -s 8.8.8.8 -R SOA,A,AAAA,CAA,CDS,CDNSKEY,LOC,HTTPS,MX,NS,TXT coresecret.dev >| coresecret.dev.json dnsviz probe -s 8.8.8.8 -R SOA,A,AAAA,CAA,CDS,CDNSKEY,LOC,HTTPS,MX,NS,TXT coresecret.dev >| coresecret.dev.json
dnsviz graph -T png < coresecret.dev.json >| docs/SECURITY/coresecret.dev.png dnsviz graph -T png < coresecret.dev.json >| docs/SECURITY/coresecret.dev.png
- name: Stage generated files. - name: 🚧 Stash local changes (including untracked).
shell: bash shell: bash
run: |
git add docs/SECURITY/*.png
env: env:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
- name: Commit and Sign changes.
shell: bash
run: | run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg" export GNUPGHOME="$(pwd)/.gnupg"
git commit -S -m "DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci]" || echo "No Changes, nothing to Sign or to Commit."
env:
GIT_SSH_COMMAND: "ssh -p 42842"
- name: Push back to Repository. echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash shell: bash
run: |
git push origin HEAD:${GITHUB_REF_NAME}
env: env:
GIT_SSH_COMMAND: "ssh -p 42842" GIT_SSH_COMMAND: "ssh -p 42842"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
git add docs/SECURITY/*.png || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

211
.gitea/workflows/render-dot-to-png.yaml Normal file
View File

@@ -0,0 +1,211 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.644.2025.06.07
name: 🔁 Render Graphviz Diagrams.
permissions:
contents: write
on:
push:
branches:
- master
paths:
- "**/*.gv"
- "**/*.dot"
jobs:
build-graphiz-diagrams:
name: 🔁 Render Graphviz Diagrams.
runs-on: ubuntu-latest
steps:
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: |
set -euo pipefail
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
### Generate SSH Config for git.coresecret.dev Custom-Port
cat <<EOF >| ~/.ssh/config
Host git.coresecret.dev
HostName git.coresecret.dev
Port 42842
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
set -euo pipefail
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
shell: bash
run: |
set -euo pipefail
git reset --hard
git clean -fd
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}"
echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
gpg --batch --import ci-bot.sec.asc
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev"
git config commit.gpgsign true
git config gpg.program gpg
git config gpg.format openpgp
- name: ⚙️ Convert APT sources to HTTPS.
shell: bash
run: |
set -euo pipefail
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
- name: 🛠️ Install Graphviz.
shell: bash
run: |
set -euo pipefail
sudo apt-get update
sudo apt-get install -y graphviz
- name: 🛠️ Render all .dot / .gv to PNG.
shell: bash
run: |
set -euo pipefail
find . -type f \( -name "*.dot" -o -name "*.gv" \) | while read file; do
out="${file%.*}.png"
dot -Tpng "${file}" -o "${out}"
done
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Temporarily store any local modifications or untracked files.
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
echo "🔄 Fetching origin/master ..."
git fetch origin master
echo "🔁 Merging origin/master into current branch ..."
git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
echo "📋 Post-merge status :"
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
### Apply previously stashed changes.
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
git add *.png || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
export GNUPGHOME="$(pwd)/.gnupg"
if git diff --cached --quiet; then
echo "✔️ No staged changes to commit."
else
echo "📝 Committing changes with GPG signature ..."
### CI Metadata
TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
HOSTNAME="$(hostname -f || hostname)"
GIT_SHA="$(git rev-parse --short HEAD)"
GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
COMMIT_MSG="DEPLOY BOT : 🔁 Auto-Generate PNG from *.dot. [skip ci]
${CI_HEADER}
Generated at : ${TIMESTAMP_UTC}
Runner Host : ${HOSTNAME}
Workflow ID : ${WORKFLOW_ID}
Git Commit : ${GIT_SHA} HEAD -> ${GIT_REF}
"
echo "🔏 Commit message :"
echo "${COMMIT_MSG}"
git commit -S -m "${COMMIT_MSG}"
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
set -euo pipefail
echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

2
.gitignore vendored
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

8
.version.properties
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -10,10 +10,10 @@
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
properties_SPDX-Version="3.0" properties_SPDX-Version="3.0"
properties_SPDX-ExternalRef="GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git" properties_SPDX-ExternalRef="GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git"
properties_SPDX-FileCopyrightText="20242025; WEIDNER, Marc S.; <msw@coresecret.dev>" properties_SPDX-FileCopyrightText="2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>"
properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0" properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
properties_SPDX-LicenseComment="This file is part of the CISS.hardened.installer framework." properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
properties_SPDX-PackageName="CISS.debian.live.builder" properties_SPDX-PackageName="CISS.debian.live.builder"
properties_SPDX-Security-Contact="security@coresecret.eu" properties_SPDX-Security-Contact="security@coresecret.eu"
properties_version="V8.02.768.2025.06.01" properties_version="V8.03.644.2025.06.07"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf

2
CISS.debian.live.builder.spdx
View File

@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
Created: 2025-05-07T12:00:00Z Created: 2025-05-07T12:00:00Z
Package: CISS.debian.live.builder Package: CISS.debian.live.builder
PackageName: CISS.debian.live.builder PackageName: CISS.debian.live.builder
PackageVersion: Master V8.02.768.2025.06.01 PackageVersion: Master V8.03.644.2025.06.07
PackageSupplier: Organization: Centurion Intelligence Consulting Agency PackageSupplier: Organization: Centurion Intelligence Consulting Agency
PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder

16
LINTER_RESULTS.txt Normal file
View File

@@ -0,0 +1,16 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-07T13:59:44Z".
✅ The last linter check was successful. ✅
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

27
LIVE_ISO.public Normal file
View File

@@ -0,0 +1,27 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-07T13:28:13Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_07T12_48_35Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_07T12_48_35Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaEQ+bQAKCRA85KY4hzOw
IdnhAQC+NGhgMMPqZgS51p59kCYSoGLDzodY7TtFOJOxLo5LeAD/bgJifC51JFju
RKy7e3am5Z80cAGZJ1RFliRgjJVZeAU=
=P9Qk
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

27
LIVE_ISO_FLV_0.private Normal file
View File

@@ -0,0 +1,27 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-07T11:52:28Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_07T11_12_45Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_07T11_12_45Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaEQn/AAKCRA85KY4hzOw
IeMFAP0ZsIuEHFz3EgDpk1rN066VZ2nGrx3NvQenvjg5EQsRNAD+MNlJ4JE9zk17
pvWF+r0l2K7P6CmxlK7WZFU2Hs6KYwc=
=6azh
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

27
LIVE_ISO_FLV_1.private Normal file
View File

@@ -0,0 +1,27 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
This file was automatically generated by the DEPLOY BOT on: "2025-06-07T12:39:29Z".
CISS.debian.live.builder ISO :
"ciss-debian-live-2025_06_07T12_01_03Z-amd64.hybrid.iso"
CISS.debian.live.builder ISO sha512 :
"ciss-debian-live-2025_06_07T12_01_03Z-amd64.hybrid.iso.sha512"
CISS.debian.live.builder ISO sha512 sign :
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaEQzAQAKCRA85KY4hzOw
IedVAQDj71Q0oAweOhYGabzgECIwgIxHPypvidif0fnjucGuIgD+O5XAvFsPnUzQ
7lXvBLPURbSoa5//sgkXL3Pmik2vvwk=
=TJPq
-----END PGP SIGNATURE-----
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text

82
README.md
View File

@@ -2,7 +2,7 @@
gitea: none gitea: none
include_toc: true include_toc: true
--- ---
[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.02.768.2025.06.01-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder) [![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.644.2025.06.07-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
&nbsp; &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
[![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp; [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -25,12 +25,15 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br> **Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br> *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.02<br> **Master Version**: 8.03<br>
**Build**: V8.02.768.2025.06.01<br> **Build**: V8.03.644.2025.06.07<br>
This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. cloud deployment or unattended installations via the forthcoming `CISS.debian.installer`. Additionally, automated CI workflows
based on Gitea Actions are provided, enabling reproducible ISO generation. A generic ISO is automatically built upon significant
changes and made publicly available for download. The latest generic ISO is available at:
**[PUBLIC CISS.debian.live.ISO](/docs/DL_PUB_ISO.md)**
Check out more: Check out more:
* [CenturionNet Services](https://coresecret.eu/cnet/) * [CenturionNet Services](https://coresecret.eu/cnet/)
@@ -40,20 +43,32 @@ Check out more:
* [CenturionMeet](https://talk.e2ee.li/) * [CenturionMeet](https://talk.e2ee.li/)
* [Contact the author](https://coresecret.eu/contact/) * [Contact the author](https://coresecret.eu/contact/)
## 1.1. Notes ## 1.1. Preliminary Remarks
### 1.1.1. HSM ### 1.1.1. HSM
Please note that all my signing keys are stored in an HSM and that the signing environment is air-gapped. The next step is to Please note that all my signing keys are stored in an HSM and that the signing environment is air-gapped. The next step is to
move to a room-gapped environment. ^^ move to a room-gapped environment. ^^
### 1.1.2. HSTS and DNSSEC ### 1.1.2. DNSSEC, HSTS, TLS
Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https://hstspreload.org/) and always serves the headers: Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https://hstspreload.org/) and always serves the headers:
````nginx configuration pro ````nginx configuration pro
add_header Expect-CT "max-age=86400, enforce" always; add_header Expect-CT "max-age=86400, enforce" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
```` ````
Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md)
* Additionally, the entire zone is dual-signed with **DNSSEC**. See the current **DNSSEC** status at: **[DNSSEC Audit Report](/docs/AUDIT_DNSSEC.md)**
* A comprehensive TLS audit of the **`git.coresecret.dev`** Gitea server is also available. See: **[TLS Audit Report](/docs/AUDIT_TLS.md)**
* The infrastructure of the **`CISS.debian.live.builder`** building system is visualized here. See: **[Centurion Net](/docs/CNET.md)**
### 1.1.3. Gitea Action Runner Hardening
The CI runners operate on a dedicated host system located in a completely separate Autonomous System (AS). This host is solely
dedicated to providing CI runners and does not perform any other tasks. Each runner is hermetically isolated from others using
non-privileged, shell-less user accounts with no direct login capability. Additionally, each runner executes within its own
separate directory tree, employs `DynamicUser` features, and adheres to strict systemd hardening policies (achieving a ``systemd-analyze security``
rating of **``2.6``**). Docker containers used by runners do not run in privileged mode. Security is further enhanced through the use
of both UFW software firewalls and dedicated hardware firewall appliances.
## 1.2. Immutable Source-of-Truth System ## 1.2. Immutable Source-of-Truth System
@@ -81,18 +96,18 @@ source-defined infrastructure logic.<br>
After build and configuration, the following audit reports can be generated: After build and configuration, the following audit reports can be generated:
* **Haveged Audit Report**: Validates entropy daemon health and confirms '/dev/random' seeding performance. * **Haveged Audit Report**: Validates entropy daemon health and confirms `/dev/random` seeding performance.
Type `chkhvg` at the prompt. See example report: [Haveged Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_HAVEGED.md) Type `chkhvg` at the prompt. See example report: **[Haveged Audit Report](/docs/AUDIT_HAVEGED.md)**
* **Lynis Audit Report**: Outputs a detailed security score and recommendations, confirming a 91%+ hardening baseline. * **Lynis Audit Report**: Outputs a detailed security score and recommendations, confirming a 91%+ hardening baseline.
Type `lsadt` at the prompt. See example report: [Lynis Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_LYNIS.md) Type `lsadt` at the prompt. See example report: **[Lynis Audit Report](/docs/AUDIT_LYNIS.md)**
* **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations. * **SSH Audit Report**: Verifies SSH daemon configuration against the latest best-practice cipher, KEX, and MAC recommendations.
Type `ssh-audit <IP>:<PORT>`. See example report: [SSH Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_SSH.md) Type `ssh-audit <IP>:<PORT>`. See example report: **[SSH Audit Report](/docs/AUDIT_SSH.md)**
## 1.2. Preview ## 1.3. Preview
![CISS.debian.live.builder](/docs/screenshots/CISS.debian.live.builder_preview.jpeg) ![CISS.debian.live.builder](/docs/screenshots/CISS.debian.live.builder_preview.jpeg)
## 1.3. Caution. Significant information for those considering using D-I. ## 1.4. Caution. Significant information for those considering using D-I.
**The Debian Installer (d-i) will ALWAYS boot a new system.**<br> **The Debian Installer (d-i) will ALWAYS boot a new system.**<br>
@@ -106,7 +121,7 @@ The following happens in all cases:
* The installer kernel (/install/vmlinuz) + initrd.gz are started. * The installer kernel (/install/vmlinuz) + initrd.gz are started.
* The existing live system is exited. * The existing live system is exited.
* The memory is overwritten. * The memory is overwritten.
* All running processes e.g., firewall, hardened SSH access, etc. pp. cease to exist. * All running processes - e.g., firewall, hardened SSH access, etc. pp. - cease to exist.
The Debian Installer loads: The Debian Installer loads:
* its own kernel, * its own kernel,
@@ -123,6 +138,17 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
* Logging (rsyslog, journald) ✘ not active, * Logging (rsyslog, journald) ✘ not active,
* preseed control over the network is possible (but without any protection). * preseed control over the network is possible (but without any protection).
## 1.5. Versioning Schema
This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
Example: `8.03.384.2025.06.03`
`x.y.z` represents major (x), minor (y), and patch (z) version increments.
Date (YYYY.MM.DD) denotes the build or release date, facilitating clear tracking of incremental changes and ensuring
reproducibility and traceability.
# 2. Features & Rationale # 2. Features & Rationale
Below is a breakdown of each hardening component, with a summary of why each is critical to your security posture. Below is a breakdown of each hardening component, with a summary of why each is critical to your security posture.
@@ -453,10 +479,10 @@ predictable script behavior.
#... #...
- name: Preparing the build environment. - name: Preparing the build environment.
run: | run: |
rm -rf opt/{config,livebuild} mkdir -p /opt/config
mkdir -p opt/{config,livebuild} mkdir -p /opt/livebuild
echo "${{ secrets.CHANGE_ME }}" >| opt/config/password.txt echo "${{ secrets.CHANGE_ME }}" >| /opt/config/password.txt
echo "${{ secrets.CHANGE_ME }}" >| opt/config/authorized_keys echo "${{ secrets.CHANGE_ME }}" >| /opt/config/authorized_keys
#... #...
- name: Starting CISS.debian.live.builder. This may take a while ... - name: Starting CISS.debian.live.builder. This may take a while ...
run: | run: |
@@ -464,18 +490,16 @@ predictable script behavior.
timestamp=$(date -u +"%Y_%m_%d_%H_%M_Z") timestamp=$(date -u +"%Y_%m_%d_%H_%M_Z")
### Change "--autobuild=" to the specific kernel version you need: '6.12.22+bpo-amd64'. ### Change "--autobuild=" to the specific kernel version you need: '6.12.22+bpo-amd64'.
./ciss_live_builder.sh \ ./ciss_live_builder.sh \
--autobuild=CHANGE_ME \ --autobuild=CHANGE_ME \
--architecture CHANGE_ME \ --architecture CHANGE_ME \
--build-directory opt/livebuild \ --build-directory /opt/livebuild \
--control "${timestamp}" \ --control "${timestamp}" \
--jump-host "${{ secrets.CHANGE_ME }}" \ --jump-host "${{ secrets.CHANGE_ME }}" \
--renice-priority "-19" \ --root-password-file /opt/config/password.txt \
--reionice-priority 1 2 \ --ssh-port CHANGE_ME \
--root-password-file opt/config/password.txt \ --ssh-pubkey /opt/config
--ssh-port CHANGE_ME \
--ssh-pubkey opt/config
#... #...
### SKIP OR ADAPT ALL REMAINING STEPS ### SKIP OR CHANGE ALL REMAINING STEPS
``` ```
# 6. Licensing & Compliance # 6. Licensing & Compliance

4
ciss_live_builder.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -40,7 +40,7 @@
declare -g VAR_HANDLER_AUTOBUILD="false" declare -g VAR_HANDLER_AUTOBUILD="false"
declare -gr VAR_CONTACT="security@coresecret.eu" declare -gr VAR_CONTACT="security@coresecret.eu"
declare -gr VAR_VERSION="Master V8.02.768.2025.06.01" declare -gr VAR_VERSION="Master V8.03.644.2025.06.07"
### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING ### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
declare arg declare arg

2
config/bootloaders/grub-efi/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/bootloaders/grub-pc/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0000_generate_backup_dir.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

16
config/hooks/live/0001_initramfs_modules.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -48,7 +48,7 @@ cat << EOF >| /etc/initramfs-tools/modules
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -113,7 +113,7 @@ cat << 'EOF' >| /etc/initramfs-tools/update-initramfs.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -148,7 +148,7 @@ cat << 'EOF' >| /etc/initramfs-tools/initramfs.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -207,9 +207,9 @@ COMPRESS=zstd
# Defaults vary by compressor. # Defaults vary by compressor.
# #
# Valid values are: # Valid values are:
# 19 for gzip|bzip2|lzma|lzop # 1-9 for gzip|bzip2|lzma|lzop
# 09 for lz4|xz # 0-9 for lz4|xz
# 019 for zstd # 0-19 for zstd
# COMPRESSLEVEL=3 # COMPRESSLEVEL=3
# #
@@ -253,7 +253,7 @@ cat << 'EOF' >> /etc/initramfs-tools/hooks/ciss_debian_live_builder
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

4
config/hooks/live/0002_verify_checksums.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -27,7 +27,7 @@ cat << 'EOF' >| "${src}"
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

39
config/hooks/live/0003_install_backports.chroot Normal file
View File

@@ -0,0 +1,39 @@
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -C -e -u -o pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1
DEBIAN_FRONTEND=noninteractive \
apt-get update && \
DEBIAN_FRONTEND=noninteractive \
apt-get install -y --no-install-recommends \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
-t bookworm-backports \
btrfs-progs \
curl \
debootstrap \
iproute2 \
ncat \
nmap \
ssh \
systemd \
systemd-sysv \
whois
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
# sleep 1
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

2
config/hooks/live/0050_activate_root.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/0080_keyboard_layout.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0090_haveged.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0120_set_hostname.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0130_machineid.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

10
config/hooks/live/0400_eza_install.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -133,14 +133,6 @@ symlink_path: {foreground: Cyan}
control_char: {foreground: Red} control_char: {foreground: Red}
broken_symlink: {foreground: Red} broken_symlink: {foreground: Red}
broken_path_overlay: {foreground: Default, is_underlined: true} broken_path_overlay: {foreground: Default, is_underlined: true}
filenames:
# Custom filename-based overrides
# Cargo.toml: {icon: {glyph: 🦀}}
extensions:
# Custom extension-based overrides
# rs: {filename: {foreground: Red}, icon: {glyph: 🦀}}
EOF EOF
chmod 0644 "/root/eza-themes/themes/centurion.yml" chmod 0644 "/root/eza-themes/themes/centurion.yml"

2
config/hooks/live/0800_lynis_setup.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0810_chrony_setup.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0820_kernel_hardening_checker.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

4
config/hooks/live/0822_ssh_restart_hook.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -29,7 +29,7 @@ cat << 'EOF' >| /usr/local/bin/restart-ssh.sh
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0825_my_sqltuner_perl.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0830_download_yq.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0835_testssl.sh.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0840_ufw_abuse_ipdb_reporter.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0845_harbian_audit.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/0850_ssh_audit.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/0855_dnsviz.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/0900_ufw_setup.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/1024_git_clone_ciss_2025_debian_installer.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9900_process_accounting.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/9910_motd.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/9920_deleting_invalid_x509.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9930_hardening_ssh.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9940_hardening_memory.dump.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

6
config/hooks/live/9950_fail2ban_hardening.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -30,7 +30,7 @@ cat << 'EOF' >| /etc/fail2ban/jail.d/centurion-default.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <cendev@coresecret.eu> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
@@ -46,7 +46,7 @@ findtime = 24h
bantime = 24h bantime = 24h
### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused] ### SSH Handling: Foreign IP (not in /etc/hosts.allow): refused to connect: immediate ban [sshd-refused]
### Jump host mistyped 13 times: no ban, only after four attempts [sshd] ### Jump host mistyped 1-3 times: no ban, only after four attempts [sshd]
[sshd] [sshd]
enabled = true enabled = true

2
config/hooks/live/9960_disable_services.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9970_remove_exim.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9980_usb_guard.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9985_clamav.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/hooks/live/9990_final_purge.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

3
config/hooks/live/9991_file_permissions.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -39,6 +39,7 @@ EOF
cp -a /etc/login.defs /root/.ciss/dlb/backup/login.defs.bak cp -a /etc/login.defs /root/.ciss/dlb/backup/login.defs.bak
sed -i 's/LOGIN_TIMEOUT 60/LOGIN_TIMEOUT 180/' /etc/login.defs
sed -i 's/UMASK 022/UMASK 077/' /etc/login.defs sed -i 's/UMASK 022/UMASK 077/' /etc/login.defs
sed -i 's/PASS_MAX_DAYS 99999/PASS_MAX_DAYS 16384/' /etc/login.defs sed -i 's/PASS_MAX_DAYS 99999/PASS_MAX_DAYS 16384/' /etc/login.defs
sed -i 's/PASS_MIN_DAYS 0/PASS_MIN_DAYS 1/' /etc/login.defs sed -i 's/PASS_MIN_DAYS 0/PASS_MIN_DAYS 1/' /etc/login.defs

2
config/hooks/live/9992_password_expiration.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

6
config/hooks/live/9993_aide.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -14,12 +14,12 @@ set -C -e -u -o pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1 # sleep 1
apt-get install -y aide apt-get install -y aide > /dev/null 2>&1
cp -u /etc/aide/aide.conf /root/.ciss/dlb/backup/aide.conf.bak cp -u /etc/aide/aide.conf /root/.ciss/dlb/backup/aide.conf.bak
sed -i "s/Checksums = H/Checksums = sha512/" /etc/aide/aide.conf sed -i "s/Checksums = H/Checksums = sha512/" /etc/aide/aide.conf
if aideinit; then if aideinit > /dev/null 2>&1; then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ 'aideinit' successful. \e[0m\n" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ 'aideinit' successful. \e[0m\n"
else else
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ 'aideinit' NOT successful. \e[0m\n" >&2 printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ 'aideinit' NOT successful. \e[0m\n" >&2

20
config/hooks/live/9994_password_policy.chroot
View File

@@ -3,15 +3,15 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### NIST recommends at least eight characters but advises longer passphrases (e.g., 1264) for increased security. ### NIST recommends at least eight characters but advises longer passphrases (e.g., 12-64) for increased security.
### NIST SP 80063B, https://pages.nist.gov/800-63-3/sp800-63b.html ### NIST SP 800-63B, https://pages.nist.gov/800-63-3/sp800-63b.html
set -C -e -u -o pipefail set -C -e -u -o pipefail
@@ -26,7 +26,7 @@ cat << 'EOF' >| /etc/security/pwquality.conf
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -34,7 +34,7 @@ cat << 'EOF' >| /etc/security/pwquality.conf
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Current recommendations for '/etc/security/pwquality.conf' based on common best practices, ### Current recommendations for '/etc/security/pwquality.conf' based on common best practices,
### including NIST SP 80063B, https://pages.nist.gov/800-63-3/sp800-63b.html ### including NIST SP 800-63B, https://pages.nist.gov/800-63-3/sp800-63b.html
### and weighing usability against security. ### and weighing usability against security.
### Configuration for systemwide password quality limits ### Configuration for systemwide password quality limits
@@ -46,7 +46,7 @@ difok = 4
### Length over complexity: Studies show that longer passphrases are significantly more ### Length over complexity: Studies show that longer passphrases are significantly more
### resistant to brute-force and dictionary attacks. NIST recommends at least eight characters ### resistant to brute-force and dictionary attacks. NIST recommends at least eight characters
### but advises longer passphrases (e.g., 1264) for increased security. Twenty characters strike a ### but advises longer passphrases (e.g., 12-64) for increased security. Twenty characters strike a
### good balance between security and user convenience. ### good balance between security and user convenience.
### Minimum acceptable size for the new password (plus one if ### Minimum acceptable size for the new password (plus one if
### credits are not disabled, which is the default). (See pam_cracklib manual.) ### credits are not disabled, which is the default). (See pam_cracklib manual.)
@@ -54,8 +54,8 @@ difok = 4
minlen = 20 minlen = 20
### dcredit = 0, ucredit = 0, lcredit = 0, ocredit = 0, minclass = 0 ### dcredit = 0, ucredit = 0, lcredit = 0, ocredit = 0, minclass = 0
### NIST SP 80063B advises against rigid complexity rules (numbers, symbols, uppercase) ### NIST SP 800-63B advises against rigid complexity rules (numbers, symbols, uppercase)
### because they can lead users to adopt predictable patterns (e.g., Pa$$word!). ### because they can lead users to adopt predictable patterns (e.g., "Pa$$word!").
### Length and dictionary checks are more effective. ### Length and dictionary checks are more effective.
### The maximum credit for having digits in the new password. If less than 0 ### The maximum credit for having digits in the new password. If less than 0
@@ -83,12 +83,12 @@ minlen = 20
### The maximum number of allowed consecutive same characters in the new password. ### The maximum number of allowed consecutive same characters in the new password.
### The check is disabled if the value is 0. ### The check is disabled if the value is 0.
maxrepeat = 2 maxrepeat = 3
### The maximum number of allowed consecutive characters of the same class in the ### The maximum number of allowed consecutive characters of the same class in the
### new password. ### new password.
### The check is disabled if the value is 0. ### The check is disabled if the value is 0.
maxclassrepeat = 4 maxclassrepeat = 0
### Whether to check for the words from the passwd entry GECOS string of the user. ### Whether to check for the words from the passwd entry GECOS string of the user.
### The check is enabled if the value is not 0. ### The check is enabled if the value is not 0.

2
config/hooks/live/9995_sysstat.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/hooks/live/9996_auditd.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

4
config/hooks/live/9997_debsums.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -22,7 +22,7 @@ cp -a /etc/default/debsums /root/.ciss/dlb/backup/debsums.bak
chmod 0644 /root/.ciss/dlb/backup/debsums.bak chmod 0644 /root/.ciss/dlb/backup/debsums.bak
sed -i "s/CRON_CHECK=never/CRON_CHECK=monthly/" /etc/default/debsums sed -i "s/CRON_CHECK=never/CRON_CHECK=monthly/" /etc/default/debsums
if debsums -g; then if debsums -g > /dev/null 2>&1; then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ 'debsums -g' successful. \e[0m\n" printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ 'debsums -g' successful. \e[0m\n"
else else
# Omit false negative error output to stdout and stderr, as no problematic errors occur on startup. # Omit false negative error output to stdout and stderr, as no problematic errors occur on startup.

4
config/hooks/live/9998_sources_list.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
@@ -25,7 +25,7 @@ cat << 'EOF' >| /etc/apt/sources.list
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <cendev@coresecret.eu> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.

4
config/hooks/live/9999_interfaces_update.chroot
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -22,7 +22,7 @@ cat << 'EOF' >| /etc/network/interfaces
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.binary/boot/grub/config.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.

2
config/includes.chroot/etc/live/config.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/etc/modprobe.d/30-cendev-hardening.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/etc/network/interfaces
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

4
config/includes.chroot/etc/ssh/sshd_config
View File

@@ -2,14 +2,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.02.768.2025.06.01 ### Version Master V8.03.644.2025.06.07
### https://www.ssh-audit.com/ ### https://www.ssh-audit.com/
### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig

4
config/includes.chroot/etc/sysctl.d/99_local.hardened
View File

@@ -2,14 +2,14 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.02.768.2025.06.01 ### Version Master V8.03.644.2025.06.07
### https://docs.kernel.org/ ### https://docs.kernel.org/
### https://github.com/a13xp0p0v/kernel-hardening-checker/ ### https://github.com/a13xp0p0v/kernel-hardening-checker/

2
config/includes.chroot/etc/systemd/system/getty@tty1.service.d/override.conf
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/0_di_preseed_include_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/1_di_preseed_early_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/2_di_partman_early_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/3_di_preseed_late_command.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.ash/di_scripting_flexibility.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

6
config/includes.chroot/preseed/.ash/di_scripting_password.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
@@ -26,13 +26,13 @@ grep -o '[!-~]' /dev/urandom | tr -d '\n' | head -c64 >> "${TMP_PASSPHRASE_FILE}
DEB_INSTALLER_CRYPT_INC_FILE=$(mktemp) DEB_INSTALLER_CRYPT_INC_FILE=$(mktemp)
readonly DEB_INSTALLER_CRYPT_INC_FILE readonly DEB_INSTALLER_CRYPT_INC_FILE
# Read the first line (the passphrase) POSIX-compliant # Read the first line (the passphrase) - POSIX-compliant
# IFS= prevents leading/trailing spaces from being truncated, # IFS= prevents leading/trailing spaces from being truncated,
# -r ensures that backslashes are not interpreted. # -r ensures that backslashes are not interpreted.
IFS= read -r passphrase < "${TMP_PASSPHRASE_FILE}" IFS= read -r passphrase < "${TMP_PASSPHRASE_FILE}"
# A single printf call with exactly one redirect # A single printf call with exactly one redirect
# ShellCheck-compliant and valid in POSIX-sh # - ShellCheck-compliant and valid in POSIX-sh
printf 'd-i partman-crypto/passphrase string %s\n' "${passphrase}" >> "$DEB_INSTALLER_CRYPT_INC_FILE" printf 'd-i partman-crypto/passphrase string %s\n' "${passphrase}" >> "$DEB_INSTALLER_CRYPT_INC_FILE"
printf 'd-i partman-crypto/passphrase-again string %s\n' "${passphrase}" >> "$DEB_INSTALLER_CRYPT_INC_FILE" printf 'd-i partman-crypto/passphrase-again string %s\n' "${passphrase}" >> "$DEB_INSTALLER_CRYPT_INC_FILE"

2
config/includes.chroot/preseed/.ash/di_scripting_ssh.sh
View File

@@ -3,7 +3,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/.directories.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/apt.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/base.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/finished.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/firmware.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/grub.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/locale.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/modules.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/network.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/packages.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/partitioning.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/security.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/software.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/ssh.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

2
config/includes.chroot/preseed/.cfg/time.cfg
View File

@@ -2,7 +2,7 @@
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev> # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE # SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.

Some files were not shown because too many files have changed in this diff Show More