Merge remote-tracking branch 'origin/master'

V8.03.768.2025.06.23
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-23 18:47:08 +02:00 · 2025-06-23 18:46:10 +02:00 · 2025-06-23 09:04:52 +00:00 · 2025-06-23 08:10:39 +00:00 · 2025-06-23 07:15:10 +00:00 · 2025-06-23 06:21:22 +00:00
83 changed files with 923 additions and 364 deletions
--- a/.archive/icon.lib
+++ b/.archive/icon.lib
@@ -46,4 +46,10 @@
 🧠
 📅
 🎯
 🌐
 🔗
 💬
 ☢️
 ☣️
 •
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
    attributes:
      label: "Version"
      description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.03.768.2025.06.17"
+      placeholder: "e.g., Master V8.03.768.2025.06.23"
    validations:
      required: true
--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.23
 FROM debian:bookworm
--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.23
 name: 🔁 Render README.md to README.html.
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.17
+  version: V8.03.768.2025.06.23
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.17
+  version: V8.03.768.2025.06.23
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PUBLIC.yaml
+++ b/.gitea/trigger/t_generate_PUBLIC.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.17
+  version: V8.03.768.2025.06.23
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.768.2025.06.17
+  version: V8.03.768.2025.06.23
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.22
 name: 🔐 Generating a Private Live ISO FLV 0.
@@ -386,7 +386,7 @@ jobs:
          CISS.debian.live.builder ISO :
            "${VAR_ISO_FILE_NAME}"
          CISS.debian.live.builder ISO sha512 :
-            "${VAR_ISO_FILE_SHA512}"
+            $(< "${VAR_ISO_FILE_SHA512}")
          CISS.debian.live.builder ISO sha512 sign :
            $(< "${SIGNATURE_FILE}")
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.22
 name: 🔐 Generating a Private Live ISO FLV 1.
@@ -383,7 +383,7 @@ jobs:
          CISS.debian.live.builder ISO :
            "${VAR_ISO_FILE_NAME}"
          CISS.debian.live.builder ISO sha512 :
-            "${VAR_ISO_FILE_SHA512}"
+            $(< "${VAR_ISO_FILE_SHA512}")
          CISS.debian.live.builder ISO sha512 sign :
            $(< "${SIGNATURE_FILE}")
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.22
 name: 💙 Generating a PUBLIC Live ISO.
@@ -383,7 +383,7 @@ jobs:
          CISS.debian.live.builder ISO :
            "${VAR_ISO_FILE_NAME}"
          CISS.debian.live.builder ISO sha512 :
-            "${VAR_ISO_FILE_SHA512}"
+            $(< "${VAR_ISO_FILE_SHA512}")
          CISS.debian.live.builder ISO sha512 sign :
            $(< "${SIGNATURE_FILE}")
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.23
 # Gitea Workflow: Shell-Script Linting
 #
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.23
 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.23
 name: 🔁 Render Graphviz Diagrams.
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.768.2025.06.17"
+properties_version="V8.03.768.2025.06.23"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.768.2025.06.17
+PackageVersion: Master V8.03.768.2025.06.23
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
--- a/LINTER_RESULTS.txt
+++ b/LINTER_RESULTS.txt
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-06-17T17:03:33Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-23T06:21:19Z".
 ✅ The last linter check was successful. ✅
--- a/LIVE_ISO.public
+++ b/LIVE_ISO.public
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-06-17T14:54:34Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-23T09:04:49Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_17T14_12_22Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_06_23T08_20_37Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  "ciss-debian-live-2025_06_17T14_12_22Z-amd64.hybrid.iso.sha512"
+  86a8be09e16299892ae99d195b56a04356bcf5d2202016da8f8fa7441077c43fab68ebefcb8c39b3423f085a74b607907fb691ac71fdef92af33782bd2ac0ce5
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFGBqgAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFkYsQAKCRA85KY4hzOw
-IYthAQDYHWvmctdnn39QGj0cdLgPkqMd3JTtC+goiM2BO6UAoQD/SM4ObHSBQ9ZO
+IbrbAQDeOIS3QYKIPkMhYlNPIcsJjv/dh3TdYiuQbkvfwVI+/gD/TiB+ska62vJk
-tQ5Wj5SzmMyMqFB9UIFizaEH0RcBEgk=
+LGfwjuaxMC0KHG1/UTICytOeAnTrXAc=
-=zTxU
+=qk8B
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_FLV_0.private
+++ b/LIVE_ISO_FLV_0.private
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-06-17T13:12:03Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-23T07:15:07Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_17T12_29_48Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_06_23T06_28_42Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  "ciss-debian-live-2025_06_17T12_29_48Z-amd64.hybrid.iso.sha512"
+  e0ec5e6be762858378a7eab74634676b1dd431f1cec9f3ecd57778249da4694af2df40dd5adb546360e69ddbad1379200031558ca580f55d9e8c242edb193e2f
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFFpowAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFj++wAKCRA85KY4hzOw
-IQmsAQC7nsyQvaiBPjFjze0arnTSyJ0X45OElMH6vwWeOPCYwgEAgoPURpD9KBWX
+IXOYAP9FahdpIrwvHpEAddsem7UDdtO/zOzzDzx+TuycmdFttQEA20BgLvFLCiDr
-TDSR3bhZqdaFTJYAQfguXxDI0wff8Aw=
+2zYSWBFHsEnlOrMoqUmjwDH/rjV6wAs=
-=BqaA
+=cssu
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_FLV_1.private
+++ b/LIVE_ISO_FLV_1.private
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-06-17T14:03:33Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-06-23T08:10:36Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_06_17T13_20_50Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_06_23T07_24_33Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  "ciss-debian-live-2025_06_17T13_20_50Z-amd64.hybrid.iso.sha512"
+  70fc1bcdcf3362278f77344c5c6cf5c682362afaf22e4013026f87d3279a044bcebd830b0958bdfb9c080f06d1f873a61a30ca5e56787d41668c9b758a964ad7
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFF1tQAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaFkL/AAKCRA85KY4hzOw
-IbsWAP9Zk6J3kFfRVASMGnT4h2Joak31pmX5p3Ron4mRDserMgEArhu1axOkGlyI
+ISe+AQC8m7ZFFP9zYtSae/IjpJy4XtDsnuO4ager49y7BDx38gEAllfQHZiMxelr
-MPD3Zw/YEZeRSRtGLPFPfEEq8zAmIQo=
+qryf1KI+nXUj2EgKtk0vy9SDI6H1KgY=
-=b16D
+=NdC5
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.17-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.768.2025.06.23-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -12,7 +12,7 @@ include_toc: true
 [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.23.8-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.1.1-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,13 +142,20 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
 This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
-Example: `8.03.384.2025.06.03`
+Example: `V8.03.768.2025.06.23`
 `x.y.z` represents major (x), minor (y), and patch (z) version increments.
 Date (YYYY.MM.DD) denotes the build or release date, facilitating clear tracking of incremental changes and ensuring 
 reproducibility and traceability.
 ## 1.6. Keywords
 The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
 "MAY", and "OPTIONAL" in this Repo are to be interpreted as described in [[BCP 14](https://www.rfc-editor.org/info/bcp14)], 
 [[RFC2119](https://datatracker.ietf.org/doc/html/rfc2119)], [[RFC8174](https://datatracker.ietf.org/doc/html/rfc8174)] when,
 and only when, they appear in all capitals, as shown here.
 # 2. Features & Rationale
 Below is a breakdown of each hardening component, with a summary of why each is critical to your security posture.
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -37,66 +37,87 @@
  . ./var/global.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
 [[ ${BASH_VERSINFO[0]} -le 5 ]] && [[ ${BASH_VERSINFO[1]} -le 1 ]] && {
  . ./var/global.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
 [[ ${#} -eq 0 ]] && {
  . ./lib/lib_usage.sh; usage; exit 1; }
-declare -g VAR_HANDLER_AUTOBUILD="false"
+### SOURCING MUST SET EARLY VARIABLES AND GUARD_SOURCING()
-declare -gr VAR_CONTACT="security@coresecret.eu"
+. ./var/early.var.sh
-declare -gr VAR_VERSION="Master V8.03.768.2025.06.17"
+. ./lib/lib_guard_sourcing.sh
 for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *) PATH="${PATH}:${dir}" ;; esac; done; export PATH; unset dir
-### VERY EARLY CHECK FOR AUTO-BUILD, CONTACT, USAGE, AND VERSION STRING
+### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG
-declare arg
+for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
-if [[ ${#} -eq 0 ]]; then . ./lib/lib_usage.sh; usage; exit 1; fi
+for arg in "$@"; do case "${arg,,}" in -h|--help)    . ./lib/lib_usage.sh; usage; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -g VAR_HANDLER_AUTOBUILD=true; declare -g VAR_KERNEL="${arg#*=}";; esac; done
 for arg in "$@"; do case "${arg,,}" in -c|--contact) printf "\e[95mCISS.debian.live.builder Contact: %s\e[0m\n" "${VAR_CONTACT}"; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -h|--help) . ./lib/lib_usage.sh; usage; exit 0;; esac; done
 for arg in "$@"; do case "${arg,,}" in -v|--version) printf "\e[95mCISS.debian.live.builder Version: %s\e[0m\n" "${VAR_VERSION}"; exit 0;; esac; done
 unset arg
-### VERY EARLY CHECK FOR XTRACE DEBUGGING
+### ALL CHECKS DONE. READY TO START THE SCRIPT
-if [[ $* == *" --debug "* ]]; then
+for arg in "$@"; do case "${arg,,}" in -d|--debug)   . ./meta_sources_debug.sh; check_git; debugger "${@}";; esac; done
-  . ./lib/lib_debug.sh
+declare -gx VAR_SETUP="true"
  debugger "${@}"
 else
  declare -grx VAR_EARLY_DEBUG=false
 fi
-### Advisory Lock
+### SOURCING VARIABLES
-exec 127>/var/lock/ciss_live_builder.lock || {
+[[ "${VAR_SETUP}" == true ]] && {
  . ./var/bash.var.sh
  . ./var/color.var.sh
  . ./var/global.var.sh
 }
 ### SOURCING LIBRARIES
 [[ "${VAR_SETUP}" == true ]] && {
  . ./lib/lib_arg_parser.sh
  . ./lib/lib_arg_priority_check.sh
  . ./lib/lib_boot_screen.sh
  . ./lib/lib_cdi.sh
  . ./lib/lib_change_splash.sh
  . ./lib/lib_check_dhcp.sh
  . ./lib/lib_check_hooks.sh
  . ./lib/lib_check_kernel.sh
  . ./lib/lib_check_pkgs.sh
  . ./lib/lib_check_provider.sh
  . ./lib/lib_check_stats.sh
  . ./lib/lib_check_var.sh
  . ./lib/lib_clean_screen.sh
  . ./lib/lib_clean_up.sh
  . ./lib/lib_copy_integrity.sh
  . ./lib/lib_hardening_root_pw.sh
  . ./lib/lib_hardening_ssh.sh
  . ./lib/lib_hardening_ultra.sh
  . ./lib/lib_helper_ip.sh
  . ./lib/lib_lb_build_start.sh
  . ./lib/lib_lb_config_start.sh
  . ./lib/lib_lb_config_write.sh
  . ./lib/lib_provider_netcup.sh
  . ./lib/lib_run_analysis.sh
  . ./lib/lib_sanitizer.sh
  . ./lib/lib_trap_on_err.sh
  . ./lib/lib_trap_on_exit.sh
  . ./lib/lib_usage.sh
 }
 ### ADVISORY LOCK
 exec 127>/var/lock/ciss_live_builder.lock || {
  printf "\e[91m❌ Cannot open lockfile for writing! Bye... \e[0m\n" >&2
  exit "${ERR_FLOCK_WRTG}"
 }
 if ! flock -x -n 127; then
  . ./var/global.var.sh
  printf "\e[91m❌ Another instance is running! Bye...\e[0m\n" >&2
  exit "${ERR_FLOCK_COLL}"
 fi
-### Checking required packages
+### CHECK FOR AUTOBUILD MODE
-. ./lib/lib_check_pkgs.sh
+for arg in "$@"; do case "${arg,,}" in -a=*|--autobuild=*) declare -gx VAR_HANDLER_AUTOBUILD="true"; declare -gx VAR_KERNEL="${arg#*=}";; esac; done; unset arg
 for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *) PATH="${PATH}:${dir}" ;; esac; done; export PATH; unset dir
 ### CHECKING REQUIRED PACKAGES
 check_pkgs
-### Dialog Output for Initialization
+### DIALOG OUTPUT FOR INITIALIZATION
-if ! $VAR_HANDLER_AUTOBUILD; then . ./lib/lib_boot_screen.sh && boot_screen; fi
+if ! $VAR_HANDLER_AUTOBUILD; then boot_screen; fi
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nUpdating variables ... \nXXX\n05\n" >&3; fi
+if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nInitialization done ... \nXXX\n15\n" >&3; fi
 . ./var/global.var.sh
 . ./var/colors.var.sh
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nEnabling Bash Error Handling ... \nXXX\n15\n" >&3; fi
+if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nAdditional initialization ... \nXXX\n30\n" >&3; fi
 ### For all options see https://www.gnu.org/software/bash/manual/bash.html#The-Set-Builtin
 set -o errexit   # Exit script when a command exits with non-zero status, the same as "set -e".
 set -o errtrace  # Any traps on ERR are inherited in a subshell environment, the same as "set -E".
 set -o functrace # Any traps on DEBUG and RETURN are inherited in a subshell environment, the same as "set -T".
 set -o nounset   # Exit script on use of an undefined variable, the same as "set -u".
 set -o pipefail  # Makes pipelines return the exit status of the last command in the pipe that failed.
 set -o noclobber # Prevent overwriting, the same as "set -C".
 ### Updating Status of Dialog Gauge Bar
 if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nAdditional initialization ... \nXXX\n25\n" >&3; fi
 ### Initialization
 declare -gr ARGUMENTS_COUNT="$#"
 declare -gr ARG_STR_ORG_INPUT="$*"
@@ -109,42 +130,13 @@ declare -grx SCRIPT_BASEPATH="$(dirname "${SCRIPT_FULLPATH}")"
 declare -grx VAR_WORKDIR="$(dirname "${SCRIPT_FULLPATH}")"
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nSourcing Libraries ... \nXXX\n50\n" >&3; fi
+if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nActivate traps ... \nXXX\n50\n" >&3; fi
-. ./lib/lib_arg_parser.sh
+### Following the CISS Bash naming and ordering scheme:
 . ./lib/lib_arg_priority_check.sh
 . ./lib/lib_cdi.sh
 . ./lib/lib_change_splash.sh
 . ./lib/lib_check_dhcp.sh
 . ./lib/lib_check_hooks.sh
 . ./lib/lib_check_kernel.sh
 . ./lib/lib_check_provider.sh
 . ./lib/lib_check_stats.sh
 . ./lib/lib_check_var.sh
 . ./lib/lib_clean_screen.sh
 . ./lib/lib_clean_up.sh
 . ./lib/lib_copy_integrity.sh
 . ./lib/lib_hardening_root_pw.sh
 . ./lib/lib_hardening_ssh.sh
 . ./lib/lib_hardening_ultra.sh
 . ./lib/lib_helper_ip.sh
 . ./lib/lib_lb_build_start.sh
 . ./lib/lib_lb_config_start.sh
 . ./lib/lib_lb_config_write.sh
 . ./lib/lib_provider_netcup.sh
 . ./lib/lib_run_analysis.sh
 . ./lib/lib_sanitizer.sh
 . ./lib/lib_trap_on_err.sh
 . ./lib/lib_trap_on_exit.sh
 . ./lib/lib_usage.sh
 ### Updating Status of Dialog Gauge Bar
 if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nActivate traps ... \nXXX\n55\n" >&3; fi
 ### Following the CISS Bash naming and ordering scheme
 trap 'trap_on_exit "$?"' EXIT
 trap 'trap_on_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' ERR
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nSanitizing Arguments ... \nXXX\n70\n" >&3; fi
+if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nSanitizing Arguments ... \nXXX\n75\n" >&3; fi
 arg_check "$@"
 declare -ar ARY_ARG_SANITIZED=("$@")
 declare -gr VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}"
@@ -160,6 +152,7 @@ clean_ip
 ### Updating Status of Dialog Gauge Bar
 if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nInitialization completed ... \nXXX\n100\n" >&3; sleep 1; fi
 ### Turn off Dialog Wrapper
 if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
 ### MAIN Program
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.23
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.768.2025.06.17
+### Version Master V8.03.768.2025.06.23
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.03.768.2025.06.17"
+declare -gr VERSION="Master V8.03.768.2025.06.23"
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.17 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.03.768.2025.06.23 at: 10:18:37.9542
--- a/config/includes.chroot/root/.ciss/alias
+++ b/config/includes.chroot/root/.ciss/alias
@@ -149,13 +149,16 @@ genpasswdhash() {
  mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608
 }
-###########################################################################################
+#######################################
-# Globals: Wrapper for secure curl
+# Wrapper for secure curl
 # Arguments:
 #  $1: URL from which to download a specific file
 #  $2: /path/to/file to be saved to
-###########################################################################################
+# Returns:
-# shellcheck disable=SC2317
+#   0: Download successful
 #   1: Usage error
 #   2: Download failure
 #######################################
 scurl() {
  if [[ $# -ne 2 ]]; then
    printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>.\e[0m\n" >&2
@@ -176,13 +179,16 @@ scurl() {
  return 0
 }
-###########################################################################################
+#######################################
-# Globals: Wrapper for secure wget
+# Wrapper for secure wget
 # Arguments:
 #  $1: URL from which to download a specific file
 #  $2: /path/to/file to be saved to
-###########################################################################################
+# Returns:
-# shellcheck disable=SC2317
+#   0: Download successful
 #   1: Usage error
 #   2: Download failure
 #######################################
 swget() {
  if [[ $# -ne 2 ]]; then
    printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>.\e[0m\n" >&2
@@ -204,26 +210,24 @@ swget() {
  return 0
 }
-###########################################################################################
+#######################################
-# Globals: Wrapper for loading CISS.2025 hardened Kernel Parameters
+# Wrapper for loading CISS.2025 hardened Kernel Parameters
 # Arguments:
-#  none
+#  None
-###########################################################################################
+#######################################
 # shellcheck disable=SC2317
 sysp() {
  sysctl -p /etc/sysctl.d/99_local.hardened
  # sleep 1
  sysctl -a | grep -E 'kernel|vm|net' > /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
 }
-###########################################################################################
+#######################################
-# Globals: Wrapper for tree
+# Wrapper for tree
 # Arguments:
 #  $1: Depth of Directory Listing
-###########################################################################################
+#######################################
 # shellcheck disable=SC2317
 trel() {
-    declare depth=${1:-3}
+  declare depth=${1:-3}
-    tree -C -h --dirsfirst -L "${depth}"
+  tree -C -h --dirsfirst -L "${depth}"
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/package-lists/live.list.common.chroot
+++ b/config/package-lists/live.list.common.chroot
@@ -21,6 +21,7 @@ bc
 bind9-dnsutils
 bsdmainutils
 btrfs-progs
 bzip2
 ca-certificates
 clamav
 clamav-daemon
@@ -42,9 +43,11 @@ dirmngr
 dmsetup
 dnsviz
 dosfstools
 e2fsprogs
 efibootmgr
 expect
 fail2ban
 fdisk
 figlet
 fzf
 gawk
@@ -79,6 +82,7 @@ man
 man-db
 manpages
 manpages-dev
 mdadm
 mtr
 nano
 ncat
@@ -110,11 +114,13 @@ ssl-cert
 sudo
 sysstat
 systemd-sysv
 tar
 tree
 tshark
 ufw
 unattended-upgrades
 unzip
 util-linux
 virt-what
 wamerican
 wbritish
@@ -122,6 +128,9 @@ wfrench
 wget
 whois
 wngerman
 xfsprogs
 xz-utils
 yq
 zip
 zsh
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. DNSSEC Status
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Haveged Audit on Netcup RS 2000 G11
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Lynis Audit:
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. SSH Audit by ssh-audit.com
--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,14 +8,14 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. TLS Audit:
 ````text
 #####################################################################
-  testssl.sh version 3.2rc4 from https://testssl.sh/dev/
+  testssl.sh version 3.2.1 from https://testssl.sh/
-  (6746fa5 2025-04-18 13:17:50)
+  (81471c3 2025-06-15 09:48:31)
  This program is free software. Distribution and modification under
  GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
@@ -26,7 +26,313 @@ include_toc: true
  Using OpenSSL 1.0.2-bad (Mar 28 2025)  [~179 ciphers]
  on kali:./bin/openssl.Linux.x86_64
- Start 2025-06-02 18:04:19        -->> 152.53.110.40:443 (coresecret.dev) <<--
+ Start 2025-06-23 06:37:04        -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
 Further IP addresses:   2a01:4f9:c012:a813:135:181:207:105
 rDNS (135.181.207.105): dns01.eddns.eu.
 Service detected:       HTTP
 Testing protocols via sockets except NPN+ALPN
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 h2, http/1.1 (offered)
 Testing for server implementation bugs
 No bugs found.
 Testing cipher categories
 NULL ciphers (no encryption)                      not offered (OK)
 Anonymous NULL Ciphers (no authentication)        not offered (OK)
 Export ciphers (w/o ADH+NULL)                     not offered (OK)
 LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export)      not offered (OK)
 Triple DES Ciphers / IDEA                         not offered
 Obsoleted CBC ciphers (AES, ARIA etc.)            not offered
 Strong encryption (AEAD ciphers) with no FS       not offered
 Forward Secrecy strong encryption (AEAD ciphers)  offered (OK)
 Testing server's cipher preferences
 Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
 -----------------------------------------------------------------------------------------------------------------------------
 SSLv2
 -
 SSLv3
 -
 TLSv1
 -
 TLSv1.1
 -
 TLSv1.2 (server order)
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 448   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 448   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 TLSv1.3 (server order)
 x1302   TLS_AES_256_GCM_SHA384            ECDH 448   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 448   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 Has server cipher order?     yes (OK) -- TLS 1.3 and below
 Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
 FS is offered (OK) , ciphers follow (client/browser support is important here)
 Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
 -----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 448   AESGCM      256      TLS_AES_256_GCM_SHA384                             available
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 448   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       available
 xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  not a/v
 xcc13   ECDHE-RSA-CHACHA20-POLY1305-OLD   ECDH       ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD    not a/v
 xcc15   DHE-RSA-CHACHA20-POLY1305-OLD     DH         ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD      not a/v
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 521   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              available
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH       AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            not a/v
 xc028   ECDHE-RSA-AES256-SHA384           ECDH       AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              not a/v
 xc024   ECDHE-ECDSA-AES256-SHA384         ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            not a/v
 xc014   ECDHE-RSA-AES256-SHA              ECDH       AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 not a/v
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH       AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               not a/v
 xa3     DHE-DSS-AES256-GCM-SHA384         DH         AESGCM      256      TLS_DHE_DSS_WITH_AES_256_GCM_SHA384                not a/v
 x9f     DHE-RSA-AES256-GCM-SHA384         DH         AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                not a/v
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      not a/v
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 448   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256        available
 xccaa   DHE-RSA-CHACHA20-POLY1305         DH         ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256          not a/v
 xc0af   ECDHE-ECDSA-AES256-CCM8           ECDH       AESCCM8     256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8                 not a/v
 xc0ad   ECDHE-ECDSA-AES256-CCM            ECDH       AESCCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_CCM                   not a/v
 xc0a3   DHE-RSA-AES256-CCM8               DH         AESCCM8     256      TLS_DHE_RSA_WITH_AES_256_CCM_8                     not a/v
 xc09f   DHE-RSA-AES256-CCM                DH         AESCCM      256      TLS_DHE_RSA_WITH_AES_256_CCM                       not a/v
 x6b     DHE-RSA-AES256-SHA256             DH         AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                not a/v
 x6a     DHE-DSS-AES256-SHA256             DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA256                not a/v
 x39     DHE-RSA-AES256-SHA                DH         AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   not a/v
 x38     DHE-DSS-AES256-SHA                DH         AES         256      TLS_DHE_DSS_WITH_AES_256_CBC_SHA                   not a/v
 xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH       Camellia    256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384         not a/v
 xc073   ECDHE-ECDSA-CAMELLIA256-SHA384    ECDH       Camellia    256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384       not a/v
 xc4     DHE-RSA-CAMELLIA256-SHA256        DH         Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           not a/v
 xc3     DHE-DSS-CAMELLIA256-SHA256        DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           not a/v
 x88     DHE-RSA-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              not a/v
 x87     DHE-DSS-CAMELLIA256-SHA           DH         Camellia    256      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA              not a/v
 xc043   DHE-DSS-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384               not a/v
 xc045   DHE-RSA-ARIA256-CBC-SHA384        DH         ARIA        256      TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384               not a/v
 xc049   ECDHE-ECDSA-ARIA256-CBC-SHA384    ECDH       ARIA        256      TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384           not a/v
 xc04d   ECDHE-RSA-ARIA256-CBC-SHA384      ECDH       ARIA        256      TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384             not a/v
 xc053   DHE-RSA-ARIA256-GCM-SHA384        DH         ARIAGCM     256      TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384               not a/v
 xc057   DHE-DSS-ARIA256-GCM-SHA384        DH         ARIAGCM     256      TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384               not a/v
 xc05d   ECDHE-ECDSA-ARIA256-GCM-SHA384    ECDH       ARIAGCM     256      TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384           not a/v
 xc061   ECDHE-ARIA256-GCM-SHA384          ECDH       ARIAGCM     256      TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384             not a/v
 xc07d   -                                 DH         CamelliaGCM 256      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc081   -                                 DH         CamelliaGCM 256      TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384           not a/v
 xc087   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384       not a/v
 xc08b   -                                 ECDH       CamelliaGCM 256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384         not a/v
 x1301   TLS_AES_128_GCM_SHA256            any        AESGCM      128      TLS_AES_128_GCM_SHA256                             not a/v
 x1304   TLS_AES_128_CCM_SHA256            any        AESCCM      128      TLS_AES_128_CCM_SHA256                             not a/v
 x1305   TLS_AES_128_CCM_8_SHA256          any        AESCCM8     128      TLS_AES_128_CCM_8_SHA256                           not a/v
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH       AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              not a/v
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH       AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            not a/v
 xc027   ECDHE-RSA-AES128-SHA256           ECDH       AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              not a/v
 xc023   ECDHE-ECDSA-AES128-SHA256         ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            not a/v
 xc013   ECDHE-RSA-AES128-SHA              ECDH       AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 not a/v
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH       AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               not a/v
 xa2     DHE-DSS-AES128-GCM-SHA256         DH         AESGCM      128      TLS_DHE_DSS_WITH_AES_128_GCM_SHA256                not a/v
 x9e     DHE-RSA-AES128-GCM-SHA256         DH         AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                not a/v
 xc0ae   ECDHE-ECDSA-AES128-CCM8           ECDH       AESCCM8     128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8                 not a/v
 xc0ac   ECDHE-ECDSA-AES128-CCM            ECDH       AESCCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_CCM                   not a/v
 xc0a2   DHE-RSA-AES128-CCM8               DH         AESCCM8     128      TLS_DHE_RSA_WITH_AES_128_CCM_8                     not a/v
 xc09e   DHE-RSA-AES128-CCM                DH         AESCCM      128      TLS_DHE_RSA_WITH_AES_128_CCM                       not a/v
 x67     DHE-RSA-AES128-SHA256             DH         AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                not a/v
 x40     DHE-DSS-AES128-SHA256             DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256                not a/v
 x33     DHE-RSA-AES128-SHA                DH         AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   not a/v
 x32     DHE-DSS-AES128-SHA                DH         AES         128      TLS_DHE_DSS_WITH_AES_128_CBC_SHA                   not a/v
 xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH       Camellia    128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256         not a/v
 xc072   ECDHE-ECDSA-CAMELLIA128-SHA256    ECDH       Camellia    128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256       not a/v
 xbe     DHE-RSA-CAMELLIA128-SHA256        DH         Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 xbd     DHE-DSS-CAMELLIA128-SHA256        DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           not a/v
 x9a     DHE-RSA-SEED-SHA                  DH         SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      not a/v
 x99     DHE-DSS-SEED-SHA                  DH         SEED        128      TLS_DHE_DSS_WITH_SEED_CBC_SHA                      not a/v
 x45     DHE-RSA-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              not a/v
 x44     DHE-DSS-CAMELLIA128-SHA           DH         Camellia    128      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA              not a/v
 xc042   DHE-DSS-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256               not a/v
 xc044   DHE-RSA-ARIA128-CBC-SHA256        DH         ARIA        128      TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256               not a/v
 xc048   ECDHE-ECDSA-ARIA128-CBC-SHA256    ECDH       ARIA        128      TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256           not a/v
 xc04c   ECDHE-RSA-ARIA128-CBC-SHA256      ECDH       ARIA        128      TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256             not a/v
 xc052   DHE-RSA-ARIA128-GCM-SHA256        DH         ARIAGCM     128      TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256               not a/v
 xc056   DHE-DSS-ARIA128-GCM-SHA256        DH         ARIAGCM     128      TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256               not a/v
 xc05c   ECDHE-ECDSA-ARIA128-GCM-SHA256    ECDH       ARIAGCM     128      TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256           not a/v
 xc060   ECDHE-ARIA128-GCM-SHA256          ECDH       ARIAGCM     128      TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256             not a/v
 xc07c   -                                 DH         CamelliaGCM 128      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc080   -                                 DH         CamelliaGCM 128      TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256           not a/v
 xc086   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256       not a/v
 xc08a   -                                 ECDH       CamelliaGCM 128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256         not a/v
 Elliptic curves offered:     secp384r1 secp521r1 X448
 TLS 1.2 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224
 TLS 1.3 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512
 Testing server defaults (Server Hello)
 TLS extensions (standard)    "server name/#0" "max fragment length/#1" "status request/#5" "supported_groups/#10" "EC point formats/#11"
                              "application layer protocol negotiation/#16" "extended master secret/#23" "supported versions/#43" "key share/#51"
                              "renegotiation info/#65281"
 Session Ticket RFC 5077 hint no -- no lifetime advertised
 SSL Session ID support       yes
 Session Resumption           Tickets no, ID: yes
 TLS clock skew               Random values, no fingerprinting possible
 Certificate Compression      none
 Client Authentication        none
 Signature Algorithm          SHA384 with RSA
 Server key size              RSA 4096 bits (exponent is 262147)
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial                       A39CFE0064280D467269C012636F9EE8 (OK: length 16)
 Fingerprints                 SHA1 9E19BE00A07E50CC5DB94A51419D431E845F810A
                              SHA256 92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
 Common Name (CN)             eddns.eu
 subjectAltName (SAN)         eddns.eu dns01.eddns.eu dns02.eddns.de dns03.eddns.eu eddns.de
 Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               Ok
 EV cert (experimental)       no
 Certificate Validity (UTC)   358 >= 60 days (2025-06-16 00:00 --> 2026-06-16 23:59)
 ETS/"eTLS", visibility info  not present
 In pwnedkeys.com DB          not in database
 Certificate Revocation List  --
 OCSP URI                     http://zerossl.ocsp.sectigo.com, not revoked
 OCSP stapling                offered, not revoked
 OCSP must staple extension   supported
 DNS CAA RR (experimental)    available - please check for match with "Issuer" below
                              communications=error, iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl,
                              issue=letsencrypt.org;, issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
 Certificate Transparency     yes (certificate extension)
 Certificates provided        2
 Issuer                       ZeroSSL RSA Domain Secure Site CA (ZeroSSL from AT)
 Intermediate cert validity   #1: ok > 40 days (2030-01-29 23:59). ZeroSSL RSA Domain Secure Site CA <-- USERTrust RSA Certification Authority
 Intermediate Bad OCSP (exp.) Ok
 Testing HTTP header response @ "/"
 HTTP Status Code             200 OK
 HTTP clock skew              0 sec from localtime
 Strict Transport Security    730 days=63072000 s, includeSubDomains, preload
 Public Key Pinning           --
 Server banner                nginx
 Application banner           --
 Cookie(s)                    (none issued at "/")
 Security headers             X-Frame-Options: SAMEORIGIN
                              X-Content-Type-Options: nosniff
                              Expect-CT: max-age=86400, enforce
                              Permissions-Policy: interest-cohort=()
                              Cross-Origin-Opener-Policy: same-origin
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Embedder-Policy: credentialless
                              X-XSS-Protection: 1; mode=block
                              Access-Control-Allow-Origin: https://dns01.eddns.eu
                              Permissions-Policy: interest-cohort=()
                              Referrer-Policy: same-origin
                              Cache-Control: no-cache
 Reverse Proxy banner         --
 Testing vulnerabilities
 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session ticket extension
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK), no SSLv3 support
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), no protocol below TLS 1.2 offered
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=92D01842FB6275890EF74AAD742990EFD76ABA0604203B327F3270E805B6F356
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
 Running client simulations (HTTP) via sockets
 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
 ------------------------------------------------------------------------------------------------
 Android 7.0 (native)         No connection
 Android 8.1 (native)         TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
 Android 9.0 (native)         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 10.0 (native)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 11/12 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 13/14 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 15 (native)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Chrome 101 (Win 10)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Chromium 137 (Win 11)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Firefox 100 (Win 10)         TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Firefox 137 (Win 11)         TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 IE 8 Win 7                   No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
 Edge 15 Win 10               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       384 bit ECDH (P-384)
 Edge 101 Win 10 21H2         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Edge 133 Win 11 23H2         TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Safari 18.4 (iOS 18.4)       TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Safari 15.4 (macOS 12.3.1)   TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Safari 18.4 (macOS 15.4)     TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Java 7u25                    No connection
 Java 8u442 (OpenJDK)         TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 Java 11.0.2 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Java 17.0.3 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 Java 21.0.6 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 go 1.17.8                    TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 LibreSSL 3.3.6 (macOS)       TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 OpenSSL 1.0.2e               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       521 bit ECDH (P-521)
 OpenSSL 1.1.1d (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 OpenSSL 3.0.15 (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 OpenSSL 3.5.0 (git)          TLSv1.3   TLS_AES_256_GCM_SHA384            448 bit ECDH (X448)
 Apple Mail (16.0)            TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       521 bit ECDH (P-521)
 Thunderbird (91.9)           TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
 Rating (experimental)
 Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
 Specification documentation  https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
 Protocol Support (weighted)  100 (30)
 Key Exchange     (weighted)  100 (30)
 Cipher Strength  (weighted)  100 (40)
 Final Score                  100
 Overall Grade                A+
 Done 2025-06-23 06:38:43 [ 102s] -->> 135.181.207.105:443 (dns01.eddns.eu) <<--
 25-06-23|root@kali.ed448.eu:/root/gitea/testssl.sh/>>1|~#> ./testssl.sh --show-each --wide --phone-out --full https://git.coresecret.dev/
 #####################################################################
  testssl.sh version 3.2.1 from https://testssl.sh/
  (81471c3 2025-06-15 09:48:31)
  This program is free software. Distribution and modification under
  GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
  Please file bugs @ https://testssl.sh/bugs/
 #####################################################################
  Using OpenSSL 1.0.2-bad (Mar 28 2025)  [~179 ciphers]
  on kali:./bin/openssl.Linux.x86_64
 Start 2025-06-23 06:55:40        -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 Further IP addresses:   2a0a:4cc0:80:330f:152:53:110:40
 rDNS (152.53.110.40):   git.coresecret.dev.
@@ -193,17 +499,21 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
                              SHA256 76B6FFCE607D8514F676C286C7C76B90F5B7AE7D041631F2EF2F0079AF8D24AC
 Common Name (CN)             coresecret.dev
 subjectAltName (SAN)         coresecret.dev git.coresecret.dev lab.coresecret.dev run.coresecret.dev www.coresecret.dev
- Trust (hostname)             Ok via SAN and CN (same w/o SNI)
+ Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               Ok
 EV cert (experimental)       no
- Certificate Validity (UTC)   174 >= 60 days (2025-05-28 09:56 --> 2025-11-23 22:59)
+ Certificate Validity (UTC)   153 >= 60 days (2025-05-28 09:56 --> 2025-11-23 22:59)
 ETS/"eTLS", visibility info  not present
 In pwnedkeys.com DB          not in database
 Certificate Revocation List  http://crl.buypass.no/crl/BPClass2CA5.crl, not revoked
 OCSP URI                     http://ocsp.buypass.com, not revoked
 OCSP stapling                offered, not revoked
 OCSP must staple extension   --
- DNS CAA RR (experimental)    not offered
+ DNS CAA RR (experimental)    available - please check for match with "Issuer" below
                              iodef=mailto:dns@coresecret.eu, issue=;, issue=buypass.no, issue=certum.pl, issue=letsencrypt.org;,
                              issue=quantumsign.eu;, issue=sectigo.com, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuect=quantumsign.eu;,
                              issuect=quantumsign.eu;, issuect=quantumsign.eu;, issuemail=buypass.no, issuemail=certum.pl, issuewild=;
 Certificate Transparency     yes (certificate extension)
 Certificates provided        2
 Issuer                       Buypass Class 2 CA 5 (Buypass AS-983163327 from NO)
@@ -213,23 +523,27 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Testing HTTP header response @ "/"
- HTTP Status Code             301 Moved Permanently, redirecting to "https://git.coresecret.dev"
+ HTTP Status Code             200 OK
 HTTP clock skew              0 sec from localtime
 Strict Transport Security    730 days=63072000 s, includeSubDomains, preload
 Public Key Pinning           --
 Server banner                nginx
 Application banner           --
- Cookie(s)                    (none issued at "/") -- maybe better try target URL of 30x
+ Cookie(s)                    2 issued: 2/2 secure, 2/2 HttpOnly
 Security headers             X-Frame-Options: SAMEORIGIN
                              X-Content-Type-Options: nosniff
                              Content-Security-Policy: default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self';
                                frame-src 'self'; frame-ancestors 'self'; img-src 'self' data: https://badges.coresecret.dev
                                https://uml.coresecret.dev; manifest-src 'self'; media-src 'self' data: https://badges.coresecret.dev
                                https://uml.coresecret.dev; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'none';
                              Expect-CT: max-age=86400, enforce
                              Permissions-Policy: interest-cohort=()
-                              Cross-Origin-Opener-Policy: same-origin
+                              Cross-Origin-Opener-Policy: cross-origin
-                              Cross-Origin-Resource-Policy: same-origin
+                              Cross-Origin-Resource-Policy: cross-origin
-                              Cross-Origin-Embedder-Policy: require-corp
+                              Cross-Origin-Embedder-Policy: unsafe-none
                              X-XSS-Protection: 1; mode=block
                              Permissions-Policy: interest-cohort=()
-                              Referrer-Policy: same-origin
+                              Referrer-Policy: no-referrer
                              Cache-Control: no-cache
 Reverse Proxy banner         --
@@ -268,6 +582,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Android 10.0 (native)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 11/12 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 13/14 (native)       TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Android 15 (native)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Chrome 101 (Win 10)          TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Chromium 137 (Win 11)        TLSv1.3   TLS_AES_256_GCM_SHA384            384 bit ECDH (P-384)
 Firefox 100 (Win 10)         TLSv1.3   TLS_AES_256_GCM_SHA384            521 bit ECDH (P-521)
@@ -308,7 +623,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Final Score                  100
 Overall Grade                A+
- Done 2025-06-02 18:05:51 [  95s] -->> 152.53.110.40:443 (coresecret.dev) <<--
+ Done 2025-06-23 06:57:01 [  86s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 ````
 ---
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,10 +8,25 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Changelog
 ## V8.03.768.2025.06.22
 * Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Lock FD and Artifacts.
 ## V8.03.768.2025.06.19
 * Minor main script improvements.
 * Updated [lib_usage.sh](../lib/lib_usage.sh) output.
 ## V8.03.768.2025.06.18
 * Minor main script improvements.
 * Updated contact section.
 * Integrated third ``dns03.eddns.eu`` Centurion DNS Resolver.
 ## V8.03.768.2025.06.17
 * Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.30+bpo-amd64``
--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Centurion Net - Developer Branch Overview
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Coding Style
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Contributing / participating
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Credits
--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Download the latest PUBLIC CISS.debian.live.ISO
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,20 +8,17 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
-# 2. Usage
+# 2.1. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.768.2025.06.17
+Master V8.03.768.2025.06.23
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 (c) Marc S. Weidner, 2018 - 2025
 (p) Centurion Press, 2024 - 2025
 https://coresecret.eu/
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 "./ciss_live_builder.sh <option>", where <option> is one or more of:
  --help, -h
@@ -30,7 +27,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
  --autobuild=*, -a=*
    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
    selector dialog. Change '*' to your desired Linux kernel and trim the
-    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'.
+    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.30+bpo-amd64'.
  --architecture <STRING> one of <amd64 | arm64>
    A string reflecting the architecture of the Live System.
@@ -58,19 +55,20 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
  --debug
    Enables debug logging for the main program routine. Detailed logging
-    information are written to "/tmp/ciss_live_builder_3764286.log"
+    information are written to "/tmp/ciss_live_builder_1136873.log"
  --dhcp-centurion
    If a DHCP lease is provided, the provider's nameserver will be overridden,
    and only the hardened, privacy-focused Centurion DNS servers will be used:
-    - https://dns01.eddns.eu/
+      - https://dns01.eddns.eu/
-    - https://dns02.eddns.de/
+      - https://dns02.eddns.de/
      - https://dns03.eddns.eu/
  --jump-host <IP | IP | ... >
    Provide up to 10 IPs for /etc/host.allow whitelisting of SSH access.
    Could be either IPv4 and / or IPv6 addresses and / or CCDIR notation.
    If provided, than it MUST be a <SPACE> separated list.
-    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd/64].
+    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd]/64.
  --log-statistics-only
    Provides statistic only after successful building a
@@ -80,23 +78,25 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
  --provider-netcup-ipv6
    Activates IPv6 support for Netcup Root Server. One unique
-    IPv6 address MUST be provided in this case.
+    IPv6 address MUST be provided in this case and MUST be encapsulated
    with [], e.g., [1234::abcd].
  --renice-priority <PRIORITY>
    Reset the nice priority value of the script and all its children
-    to the desired PRIORITY. MUST be an integer (between "-19" and 19).
+    to the desired <PRIORITY>. MUST be an integer (between "-19" and 19).
    Negative (higher) values MUST be enclosed in double quotes '"'.
  --reionice-priority <CLASS> <PRIORITY>
    Reset the ionice priority value of the script and all its children
-    to the desired CLASS. MUST be an integer:
+    to the desired <CLASS>. MUST be an integer:
-    1: realtime
+      1: realtime
-    2: best-effort
+      2: best-effort
-    3: idle
+      3: idle
-    defaults to "2".
+    Defaults to '2'.
-    PRIORITY MUST be an integer:
+    Whereas <PRIORITY> MUST be an integer as well between:
-    between 0 (highest) and 7 (lowest) priority.
+      0: highest priority and
-    defaults to "4".
+      7: lowest priority.
    Defaults to '4'.
    A real-time I/O process can significantly slow down other processes
    or even cause them to starve if it continuously requests I/O.
@@ -107,9 +107,9 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
    the local console. The root password is hashed with an 16 Byte '/dev/random'
    generated SALT and SHA512 Hashing function and 8,388,608 rounds. Immediately
    after Hash generation all Variables containing plain password fragments are
-    deleted. Password file SHOULD be 0400 and root:root and is deleted without
+    deleted. Password file SHOULD be '0400' and 'root:root' and is deleted without
    further prompt after password hash has been successfully generated via:
-    shred -vfzu 5 -f.
+    'shred -vfzu 5 -f'.
    No tracing of any plain text password fragment in any debug log.
  --ssh-port <INTEGER>
@@ -123,14 +123,30 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
  --version, -v
    Displays version of ./ciss_live_builder.sh.
-NOTES:
+💡 Notes:
-  - You MUST be root to run this script.
+🔵 You MUST be 'root' to run this script.
-Contact:
+💷 Please consider donating to my work at:
-  - https://coresecret.eu/
+🌐 https://coresecret.eu/spenden/
-  - security@coresecret.eu
+````
-    - PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD
+
-      - https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD
+# 2.2. Contact
 ````text
 CISS.debian.live.builder
 Master V8.03.768.2025.06.23
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 (c) Marc S. Weidner, 2018 - 2025
 (p) Centurion Press, 2024 - 2025
 💬 Contact:
 🌐 https://coresecret.eu/
 📧 security@coresecret.eu
 🔑 PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD
 🔗 https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD
 💷 Please consider donating to my work at:
 🌐 https://coresecret.eu/spenden/
 ````
 # 3. Booting
--- a/docs/LICENSES/CCLA-1.0.html
+++ b/docs/LICENSES/CCLA-1.0.html
@@ -1,53 +0,0 @@
 <h1 id="spdx-license-identifier-licenseref-ccla-10">SPDX-License-Identifier: LicenseRef-CCLA-1.0</h1>
 <h1 id="centurion-commercial-license-agreement-10">Centurion Commercial License Agreement 1.0</h1>
 <h2 id="1-general-terms"><strong>1. General Terms</strong></h2>
 <p>1.1. This Subscription License Agreement ("Agreement") governs the commercial use of the Software ("Software").</p>
 <p>1.2. Private and open-source usage of the Software remains governed by the EUPL-1.2 license.</p>
 <p>1.3. By purchasing and using the Software under this Agreement, you ("Licensee") agree to the terms outlined below.</p>
 <p>1.4. Only the English version of this Agreement shall be legally binding. Translations are provided for convenience only.</p>
 <h2 id="2-grant-of-license"><strong>2. Grant of License</strong></h2>
 <p>2.1. Subject-to-payment of applicable subscription fees, Licensor grants Licensee a</p>
 <ul>
 <li>non-exclusive,</li>
 <li>non-transferable,</li>
 <li>time-limited,</li>
 </ul>
 <p>right to use the Software for commercial purposes.</p>
 <p>2.2. This license is valid only for the duration of the subscription period and under the scope defined in this Agreement.</p>
 <h2 id="3-subscription-fees-and-payment"><strong>3. Subscription Fees and Payment</strong></h2>
 <p>3.1. Licensee agrees to pay the subscription fees as specified in the pricing agreement. These fees are non-refundable.</p>
 <p>3.2. Licensor reserves the right to modify subscription fees upon 30 days' written notice.</p>
 <h2 id="4-restrictions"><strong>4. Restrictions</strong></h2>
 <p>4.1. Licensee shall not:</p>
 <ul>
 <li>Distribute, sublicense, or resell the Software.</li>
 <li>Reverse engineer, decompile, or modify the Software, except as permitted by mandatory law.</li>
 </ul>
 <p>4.2. The Software may not be used for illegal or unethical purposes.</p>
 <h2 id="5-support-and-updates"><strong>5. Support and Updates</strong></h2>
 <p>5.1. Licensor will provide updates and support for the Software during the subscription period, as detailed in the accompanying support agreement.</p>
 <p>5.2. Support services may include bug fixes, patches, and minor updates. Major updates may incur additional fees.</p>
 <h2 id="6-termination"><strong>6. Termination</strong></h2>
 <p>6.1. This Agreement is valid for the subscription term unless terminated earlier:</p>
 <ul>
 <li>By Licensee, with a 30-day written notice.</li>
 <li>By Licensor, in the event of Licensees breach of this Agreement.</li>
 </ul>
 <p>6.2. Upon termination, Licensee must cease all uses of the Software and delete all copies.</p>
 <h2 id="7-liability-and-warranty"><strong>7. Liability and Warranty</strong></h2>
 <p>7.1. The Software is provided "as is" without warranties of any kind, except as required by law.</p>
 <p>7.2. Licensors' liability is limited to the number of subscription fees paid by Licensee in the preceding 12 months.</p>
 <h2 id="8-governing-law"><strong>8. Governing Law</strong></h2>
 <p>8.1. This Agreement shall be governed by the laws of Portugal.</p>
 <p>8.2. Disputes arising under this Agreement shall be subject to the exclusive jurisdiction of the courts of Portugal.</p>
 <h2 id="9-miscellaneous"><strong>9. Miscellaneous</strong></h2>
 <p>9.1. Any changes to this Agreement must be in writing and signed by both parties.</p>
 <p>9.2. If any provision of this Agreement is found invalid, the remaining provisions shall remain enforceable.</p>
 <h2 id="10-contact-information">10. <strong>Contact Information</strong></h2>
 <ul>
 <li>Licensor : Centurion Intelligence Consulting Agency</li>
 <li>Email : <a href="mailto:legal@coresecret.eu">legal@coresecret.eu</a></li>
 </ul>
 <hr />
 <p>This Subscription License Agreement was last updated at 09.05.2025.</p>
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.768.2025.06.17<br>
+**Build**: V8.03.768.2025.06.23<br>
 # 2. Resources
--- a/docs/SECURITY/coresecret.dev.png
+++ b/docs/SECURITY/coresecret.dev.png
--- a/lib/lib_arg_parser.sh
+++ b/lib/lib_arg_parser.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Argument Parser
 # Globals:
@@ -100,7 +102,7 @@ arg_parser() {
            printf "\e[91m❌ Error: --architecture MUST be 'amd64' or 'arm64'.\e[0m\n" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
-            exit "${ERR_UNCRITICAL}"
+            exit "${ERR_ARG_MSMTCH}"
          fi
          ;;
--- a/lib/lib_arg_priority_check.sh
+++ b/lib/lib_arg_priority_check.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Check and setup Script Priorities
 # Globals:
--- a/lib/lib_boot_screen.sh
+++ b/lib/lib_boot_screen.sh
@@ -10,8 +10,10 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
-# Change Grub Boot Screen Splash
+# Set up a gauge Dialog Wrapper.
 # Globals:
 #   PID_BOOT_SCREEN
 #   PIPE_BOOT_SCREEN
--- a/lib/lib_cdi.sh
+++ b/lib/lib_cdi.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # CISS.2025.debian.installer GRUB and Autostart Generator
 # Globals:
--- a/lib/lib_change_splash.sh
+++ b/lib/lib_change_splash.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Change Grub Boot Screen Splash
 # Globals:
--- a/lib/lib_check_dhcp.sh
+++ b/lib/lib_check_dhcp.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Check if hardened Centurion DNS servers are desired.
 # Globals:
--- a/lib/lib_check_hooks.sh
+++ b/lib/lib_check_hooks.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Check and apply 0755 Permissions on every ./config/hooks/live/*.chroot file
 # Globals:
--- a/lib/lib_check_kernel.sh
+++ b/lib/lib_check_kernel.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Kernel Image Selector
 # Globals:
@@ -52,7 +54,7 @@ check_kernel() {
    done < "${VAR_KERNEL_SRT}"
  # shellcheck disable=SC2155
-  if declare -g VAR_KERNEL=$(dialog \
+  if declare -gx VAR_KERNEL=$(dialog \
                          --no-collapse \
                          --ascii-lines \
                          --clear \
@@ -63,9 +65,9 @@ check_kernel() {
  else
    clear
    if [[ "${VAR_ARCHITECTURE}" == "amd64" ]]; then
-      declare -gr VAR_KERNEL="amd64"
+      declare -gx VAR_KERNEL="amd64"
    elif [[ "${VAR_ARCHITECTURE}" == "arm64" ]]; then
-      declare -gr VAR_KERNEL="arm64"
+      declare -gx VAR_KERNEL="arm64"
    fi
  fi
 }
--- a/lib/lib_check_pkgs.sh
+++ b/lib/lib_check_pkgs.sh
@@ -10,34 +10,37 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Check for required Deb Packages to run the script.
 # Arguments:
 #  None
 #######################################
 check_pkgs() {
-  apt-get update -y
+  apt-get update -y > /dev/null 2>&1
  if [[ -z "$(command -v lsb_release || true)" ]]; then
-    apt-get install --no-install-recommends lsb-release -y
+    apt-get install -y --no-install-recommends lsb-release
  fi
  if [[ -z "$(command -v debootstrap || true)" ]]; then
    if grep -RqsE '^[[:space:]]*deb .*backports' /etc/apt/sources.list /etc/apt/sources.list.d; then
      # shellcheck disable=SC2155
      declare codename=$(lsb_release -sc)
-      apt-get -t "${codename}-backports" install debootstrap -y
+      apt-get install -y -t "${codename}-backports" debootstrap
    else
-      apt-get install debootstrap -y
+      apt-get install -y debootstrap
    fi
  fi
  if [[ ! -f /usr/share/live/build/VERSION ]]; then
-    apt-get install live-build -y
+    apt-get install -y live-build
  fi
-  if [[ -z "$(command -v dialog || true)" ]]; then
+  if [[ "${VAR_HANDLER_AUTOBUILD}" == false ]]; then
-    if ! $VAR_HANDLER_AUTOBUILD; then
+    if [[ -z "$(command -v dialog || true)" ]]; then
-      apt-get install --no-install-recommends dialog -y;
+      apt-get install -y --no-install-recommends dialog
    fi
  fi
--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Notes Textbox
 # Arguments:
@@ -18,7 +20,7 @@
 check_provider() {
  clear
  cat << 'EOF' >| "${VAR_NOTES}"
-Build: Master V8.03.768.2025.06.17
+Build: Master V8.03.768.2025.06.23
 Press 'EXIT' to continue with CISS.debian.live.builder.
--- a/lib/lib_check_stats.sh
+++ b/lib/lib_check_stats.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Check if analysis run is desired only.
 # Globals:
--- a/lib/lib_check_var.sh
+++ b/lib/lib_check_var.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Unbound Variable Check and call Trap on ERR
 # Globals:
--- a/lib/lib_clean_screen.sh
+++ b/lib/lib_clean_screen.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Terminal cleaner before Trap on Error
 # Arguments:
--- a/lib/lib_clean_up.sh
+++ b/lib/lib_clean_up.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Clean Up Wrapper on Trap on 'ERR' and 'EXIT'.
 # Globals:
@@ -26,6 +28,11 @@ clean_up() {
  rm -f -- "${VAR_KERNEL_INF}"
  rm -f -- "${VAR_KERNEL_SRT}"
  rm -f -- "${VAR_KERNEL_TMP}"
  # Release advisory lock on FD 127.
  flock -u 127
  # Close file descriptor 127.
  exec 127>&-
  # Remove the lockfile artifact.
  rm -f /run/lock/ciss_live_builder.lock
  if (( clean_exit_code == 0 )); then rm -f -- "${LOG_ERROR}"; fi
  if [[ -f "${VAR_WORKDIR}/hosts.allow" ]]; then
--- a/lib/lib_contact.sh
+++ b/lib/lib_contact.sh
@@ -0,0 +1,41 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 #######################################
 # Contact Wrapper CISS.debian.live.builder
 # Globals:
 #   none
 # Arguments:
 #   none
 #######################################
 contact() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
 $(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
 $(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
 $(echo -e "\e[95m💬 Contact:\e[0m")
 $(echo -e "\e[95m🌐 https://coresecret.eu/ \e[0m")
 $(echo -e "\e[95m📧 security@coresecret.eu \e[0m")
 $(echo -e "\e[95m🔑 PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD \e[0m")
 $(echo -e "\e[95m🔗 https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD \e[0m")
 $(echo -e "\e[95m💷 Please consider donating to my work at:\e[0m")
 $(echo -e "\e[95m🌐 https://coresecret.eu/spenden/         \e[0m")
 EOF
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_copy_integrity.sh
+++ b/lib/lib_copy_integrity.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Copy Initial ISO aide Database into Host System
 # Globals:
--- a/lib/lib_debug.sh
+++ b/lib/lib_debug.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Debugger Wrapper for xtrace to Debug Log
 # Globals:
@@ -34,9 +36,9 @@ debugger() {
      declare -p "${var}" 2>/dev/null
    done < <(compgen -v | grep -Ev '^(BASH|_).*')
  } | sort >| "${VAR_DUMP_VARS_INITIAL}"
-  declare -grx VAR_EARLY_DEBUG=true
+  declare -gx VAR_EARLY_DEBUG="true"
  ### Set a verbose PS4 prompt including timestamp, source, line, exit status, and function name
-  declare -grx PS4='\e[97m+\e[0m\e[96m$(date +%T.%4N)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
+  declare -grx PS4='\e[97m+\e[0m\e[96m$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)\e[0m\e[97m:\e[0m\e[92m[${BASH_SOURCE[0]}:${LINENO}]\e[0m\e[97m|\e[0m\e[93m${?}\e[0m\e[97m>\e[0m\e[95m${FUNCNAME[0]:-main}()\e[0m \e[97m>>\e[0m '
  # shellcheck disable=SC2155
  declare -grx LOG_DEBUG="/tmp/ciss_live_builder_$$_debug.log"
  ### Generates empty LOG_DEBUG
@@ -44,12 +46,6 @@ debugger() {
  ### Open file descriptor 42 for writing to the debug log
  exec 42>| "${LOG_DEBUG}"
  ### Write Debug Log Header https://www.gnu.org/software/bash/manual/html_node/Bash-Variables
    ### Determine the directory of this script, even if sourced.
    # shellcheck disable=SC2155
    declare script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
    ### Source the header from the same directory. This ensures we always load lib/lib_debug_header.sh correctly.
    . "${script_dir}/lib_debug_header.sh"
  # shellcheck disable=SC2119
  debug_header "$#" "$*"
  ### Tell Bash to send xtrace output to FD 42
  export BASH_XTRACEFD=42
--- a/lib/lib_debug_header.sh
+++ b/lib/lib_debug_header.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Generates Debug Log Header
 # Globals:
@@ -31,26 +33,29 @@ debug_header() {
  declare -r arg_counter="$1"
  declare -r arg_string="$2"
  {
-    printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date +%T.%4N)"
+    printf "\e[97m+\e[0m\e[92m%s: CISS.debian.live.builder Debug Log \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
-    printf "\e[97m+\e[0m\e[92m%s: Version                   : %s \e[0m\n" "$(date +%T.%4N)" "${VAR_VERSION}"
+    printf "\e[97m+\e[0m\e[92m%s: Git Commit                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_GIT_HEAD_FULL}"
-    printf "\e[97m+\e[0m\e[92m%s: Epoch                     : %s \e[0m\n" "$(date +%T.%4N)" "${EPOCHREALTIME}"
+    printf "\e[97m+\e[0m\e[92m%s: Version                   : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_VERSION}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release          : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[0]}"
+    printf "\e[97m+\e[0m\e[92m%s: Epoch                     : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EPOCHREALTIME}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash MIN Version          : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[1]}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash MAJ Release          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[0]}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash Patch Level          : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[2]}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash MIN Version          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[1]}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash Build Version        : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[3]}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash Patch Level          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[2]}"
-    printf "\e[97m+\e[0m\e[92m%s: Bash Release              : %s \e[0m\n" "$(date +%T.%4N)" "${BASH_VERSINFO[4]}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash Build Version        : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[3]}"
-    printf "\e[97m+\e[0m\e[92m%s: UID                       : %s \e[0m\n" "$(date +%T.%4N)" "${UID}"
+    printf "\e[97m+\e[0m\e[92m%s: Bash Release              : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASH_VERSINFO[4]}"
-    printf "\e[97m+\e[0m\e[92m%s: EUID                      : %s \e[0m\n" "$(date +%T.%4N)" "${EUID}"
+    printf "\e[97m+\e[0m\e[92m%s: UID                       : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${UID}"
-    printf "\e[97m+\e[0m\e[92m%s: Hostname                  : %s \e[0m\n" "$(date +%T.%4N)" "${HOSTNAME}"
+    printf "\e[97m+\e[0m\e[92m%s: EUID                      : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${EUID}"
-    printf "\e[97m+\e[0m\e[92m%s: Script name               : %s \e[0m\n" "$(date +%T.%4N)" "$0"
+    printf "\e[97m+\e[0m\e[92m%s: Hostname                  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${HOSTNAME}"
-    printf "\e[97m+\e[0m\e[92m%s: Argument Counter          : %s \e[0m\n" "$(date +%T.%4N)" "${arg_counter}"
+    printf "\e[97m+\e[0m\e[92m%s: Hostsystem                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${VAR_SYSTEM}"
-    printf "\e[97m+\e[0m\e[92m%s: Argument String Original  : %s \e[0m\n" "$(date +%T.%4N)" "${arg_string}"
+    printf "\e[97m+\e[0m\e[92m%s: Script name               : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$0"
-    printf "\e[97m+\e[0m\e[92m%s: Script PID                : %s \e[0m\n" "$(date +%T.%4N)" "$$"
+    printf "\e[97m+\e[0m\e[92m%s: Argument Counter          : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_counter}"
-    printf "\e[97m+\e[0m\e[92m%s: Script Parent PID         : %s \e[0m\n" "$(date +%T.%4N)" "${PPID}"
+    printf "\e[97m+\e[0m\e[92m%s: Argument String Original  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${arg_string}"
-    printf "\e[97m+\e[0m\e[92m%s: Script work DIR           : %s \e[0m\n" "$(date +%T.%4N)" "${PWD}"
+    printf "\e[97m+\e[0m\e[92m%s: Script PID                : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$$"
-    printf "\e[97m+\e[0m\e[92m%s: Shell Options             : %s \e[0m\n" "$(date +%T.%4N)" "$-"
+    printf "\e[97m+\e[0m\e[92m%s: Script Parent PID         : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${PPID}"
-    printf "\e[97m+\e[0m\e[92m%s: BASHOPTS                  : %s \e[0m\n" "$(date +%T.%4N)" "${BASHOPTS}"
+    printf "\e[97m+\e[0m\e[92m%s: Script work DIR           : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${PWD}"
-    printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date +%T.%4N)"
+    printf "\e[97m+\e[0m\e[92m%s: Shell Options             : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "$-"
    printf "\e[97m+\e[0m\e[92m%s: BASHOPTS                  : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${BASHOPTS}"
    printf "\e[97m+\e[0m\e[92m%s: SHELLOPTS                 : %s \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)" "${SHELLOPTS}"
    printf "\e[97m+\e[0m\e[92m%s: ==== Debug Log Begin ==== : \e[0m\n" "$(date -u +%Y-%m-%dT%H:%M:%S.%4N%z)"
  } >&42
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_debug_var_git.sh
+++ b/lib/lib_debug_var_git.sh
@@ -0,0 +1,36 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Define Git Repo related Variables.
 # Globals:
 #   VAR_GIT_HEAD
 #   VAR_GIT_REL
 #   VAR_GIT_REL_DATE
 #   VAR_GIT_REL_DATE_TIME
 #   VAR_GIT_REL_SHORT
 # Arguments:
 #   None
 #######################################
 check_git() {
  # shellcheck disable=SC2155
  if git rev-parse --is-inside-work-tree &>/dev/null; then
    declare -grx VAR_GIT_REL="$(git log --format='%h %ci' -1 2>/dev/null | awk '{ print $1" "$2" "$3 }')"
    declare -grx VAR_GIT_REL_SHORT="${VAR_GIT_REL%% *}"
    declare -grx VAR_GIT_REL_DATE_TIME="${VAR_GIT_REL#* }"
    declare -grx VAR_GIT_REL_DATE="${VAR_GIT_REL_DATE_TIME% *}"
    declare -grx VAR_GIT_HEAD_FULL="$(git rev-parse HEAD)"
  fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_guard_sourcing.sh
+++ b/lib/lib_guard_sourcing.sh
@@ -0,0 +1,42 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 #######################################
 # Prevent the caller LIB-file from being sourced twice.
 # Derive a safe guard-variable name from the caller script filename.
 # Globals:
 #   BASH_SOURCE
 # Arguments:
 #   $1: Explicitly provided Argument: filename of the caller LIB. (Better let the guard_sourcing() determine dynamically.
 # Returns:
 #   0: Returns '0' in both cases as they are intended to be successful.
 #######################################
 guard_sourcing() {
  ### Determine the caller script (the library being sourced).
  declare var_src="${1:-${BASH_SOURCE[1]}}"
  ### Strip path, keep only filename
  declare var_file_name="${var_src##*/}"
  ### Sanitize to valid var name.
  declare var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}"
  ### Build guard-variable name.
  declare var_guard_var="_${var_safe_name}_LOADED"
  ### If already loaded, abort sourcing
  if [[ -n "${!var_guard_var:-}" ]]; then
    return 0
  fi
  ### Mark as loaded (readonly + exported)
  declare -grx "${var_guard_var}"=1
  return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_hardening_root_pw.sh
+++ b/lib/lib_hardening_root_pw.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Updates the Live ISO to use root password authentication for local console access.
 # Globals:
--- a/lib/lib_hardening_ssh.sh
+++ b/lib/lib_hardening_ssh.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # SSH Hardening Ultra via TCP Wrapper
 # Globals:
--- a/lib/lib_hardening_ultra.sh
+++ b/lib/lib_hardening_ultra.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Wrapper for accompanying all CISS.debian.hardening features into the Live ISO image.
 # Globals:
--- a/lib/lib_helper_ip.sh
+++ b/lib/lib_helper_ip.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # IP Notation cleaner for pure IP output only
 # Globals:
--- a/lib/lib_lb_build_start.sh
+++ b/lib/lib_lb_build_start.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Wrapper to write a new 'lb config' environment.
 # Globals:
--- a/lib/lib_lb_config_start.sh
+++ b/lib/lib_lb_config_start.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Wrapper for 'lb config' - set up a build environment or deleting old build artifacts.
 # Globals:
--- a/lib/lib_lb_config_write.sh
+++ b/lib/lib_lb_config_write.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Wrapper to write a new 'lb config' environment.
 # Globals:
--- a/lib/lib_provider_netcup.sh
+++ b/lib/lib_provider_netcup.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Notes Textbox
 # Arguments:
--- a/lib/lib_run_analysis.sh
+++ b/lib/lib_run_analysis.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Wrapper for statistic functions of the final build.
 # Globals:
--- a/lib/lib_sanitizer.sh
+++ b/lib/lib_sanitizer.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Argument Check Wrapper
 # Arguments:
--- a/lib/lib_trap_on_err.sh
+++ b/lib/lib_trap_on_err.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Print Error Message for Trap on 'ERR' in ${ERROR_LOG}
 # Globals:
@@ -35,7 +37,7 @@ print_file_err() {
  {
    printf "❌ CISS.debian.live.builder Script failed. \n"
    printf "❌ Version             : %s \n" "${VAR_VERSION}"
-    printf "❌ Environment         : %s \n" "${VAR_SYSTEM}"
+    printf "❌ Hostsystem          : %s \n" "${VAR_SYSTEM}"
    printf "❌ Error               : %s \n" "${ERRCODE}"
    printf "❌ Line                : %s \n" "${ERRLINE}"
    printf "❌ Script              : %s \n" "${ERRSCRT}"
@@ -78,7 +80,7 @@ print_file_err() {
 print_scr_err() {
  printf "\e[91m❌ CISS.debian.live.builder Script failed. \e[0m\n" >&2
  printf "\e[91m❌ Version             : %s \e[0m\n" "${VAR_VERSION}" >&2
-  printf "\e[91m❌ Environment         : %s \e[0m\n" "${VAR_SYSTEM}" >&2
+  printf "\e[91m❌ Hostsystem          : %s \e[0m\n" "${VAR_SYSTEM}" >&2
  printf "\e[91m❌ Error               : %s \e[0m\n" "${ERRCODE}" >&2
  printf "\e[91m❌ Line                : %s \e[0m\n" "${ERRLINE}" >&2
  printf "\e[91m❌ Script              : %s \e[0m\n" "${ERRSCRT}" >&2
--- a/lib/lib_trap_on_exit.sh
+++ b/lib/lib_trap_on_exit.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Trap function to be called on 'EXIT'.
 # Globals:
@@ -18,20 +20,20 @@
 #   $1: $?
 #######################################
 trap_on_exit() {
-  declare -r trap_on_exit_code="$1"
+  declare -r var_trap_on_exit_code="$1"
  trap - EXIT
-  if (( trap_on_exit_code == 0 )); then
+  if (( var_trap_on_exit_code == 0 )); then
    if "${VAR_EARLY_DEBUG}"; then dump_user_vars; fi
-    clean_up "${trap_on_exit_code}"
+    clean_up "${var_trap_on_exit_code}"
-    print_scr_exit "${trap_on_exit_code}"
+    print_scr_exit "${var_trap_on_exit_code}"
-    exit 0
+    exit "${var_trap_on_exit_code}"
  else
-    exit "${trap_on_exit_code}"
+    exit "${var_trap_on_exit_code}"
  fi
 }
 #######################################
-# Print Success Message for Trap on 'EXIT' on 'stdout'
+# Print Success Message for Trap on 'EXIT' on 'stdout'.
 # Globals:
 #   LOG_DEBUG
 #   LOG_VAR
@@ -40,16 +42,16 @@ trap_on_exit() {
 #   VAR_HANDLER_BUILD_DIR
 #   VAR_SCRIPT_SUCCESS
 # Arguments:
-#   $1: ${trap_on_exit_code} of trap_on_exit()
+#   $1: ${var_trap_on_exit_code} of trap_on_exit()
 #######################################
 print_scr_exit() {
-  declare -r print_scr_exit_code="$1"
+  declare -r var_print_scr_exit_code="$1"
-  if (( print_scr_exit_code == 0 )); then
+  if (( var_print_scr_exit_code == 0 )); then
    if [[ "${VAR_SCRIPT_SUCCESS}" == "true" ]]; then
      printf "\n"
      printf "\e[92m✅ CISS.debian.live.builder Script successful. \e[0m\n"
      printf "\e[92m✅ Aide Initial DB at: %s \e[0m\n" "${VAR_HANDLER_BUILD_DIR}/.integrity/"
-      printf "\e[92m✅ Exited with Status: %s \e[0m\n" "${print_scr_exit_code}"
+      printf "\e[92m✅ Exited with Status: %s \e[0m\n" "${var_print_scr_exit_code}"
      printf "\n"
      if [[ "${VAR_EARLY_DEBUG}" == "true" ]]; then
        printf "\e[92m✅ Script Runtime    : %s \e[0m\n" "${SECONDS}"
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -13,133 +13,129 @@
 #######################################
 # Usage Wrapper CISS.debian.live.builder
 # Globals:
-#   ERR_UNCRITICAL
+#   none
 # Arguments:
 #   $0: Script name
 #######################################
 usage() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.768.2025.06.17\e[0m")
+$(echo -e "\e[92mMaster V8.03.768.2025.06.23\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
 $(echo -e "\e[97m(p) Centurion Press, 2024 - 2025\e[0m")
 $(echo -e "\e[95mhttps://coresecret.eu/\e[0m")
 $(echo -e "\e[97mA lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.\e[0m")
 "${0} <option>", where <option> is one or more of:
-  --help, -h
+$(echo -e "\e[97m  --help, -h\e[0m")
    What you're looking at.
-  --autobuild=*, -a=*
+$(echo -e "\e[97m  --autobuild=*, -a=*\e[0m")
    Headless mode. Skip the dialog wrapper, provider note screen and interactive kernel
    selector dialog. Change '*' to your desired Linux kernel and trim the
-    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.22+bpo-amd64'.
+    'linux-image-' string to select a specific kernel, e.g. '--autobuild=6.12.30+bpo-amd64'.
-  --architecture <STRING> one of <amd64 | arm64>
+$(echo -e "\e[97m  --architecture <STRING> one of <amd64 | arm64>\e[0m")
    A string reflecting the architecture of the Live System.
    MUST be provided.
-  --build-directory </path/to/build_directory>
+$(echo -e "\e[97m  --build-directory </path/to/build_directory>\e[0m")
    Where the Debian Live Build Image should be generated.
    MUST be provided.
-  --change-splash <STRING> one of <club | hexagon>
+$(echo -e "\e[97m  --change-splash <STRING> one of <club | hexagon>\e[0m")
    A string reflecting the GRub Boot Screen Splash you want to use.
    If omitted defaults to "./.archive/background/club.png".
-  --cdi (Experimental Feature)
+$(echo -e "\e[97m  --cdi (Experimental Feature)\e[0m")
    This option generates a boot menu entry to start the forthcoming
    'CISS.debian.installer', which will be executed after
    the system has successfully booted up.
-  --contact, -c
+$(echo -e "\e[97m  --contact, -c\e[0m")
    Displays contact information of the author.
-  --control <INTEGER>
+$(echo -e "\e[97m  --control <INTEGER>\e[0m")
    An integer that reflects the version of your Live ISO Image.
    MUST be provided.
-  --debug
+$(echo -e "\e[97m  --debug\e[0m")
    Enables debug logging for the main program routine. Detailed logging
    information are written to "/tmp/ciss_live_builder_$$.log"
-  --dhcp-centurion
+$(echo -e "\e[97m  --dhcp-centurion\e[0m")
    If a DHCP lease is provided, the provider's nameserver will be overridden,
    and only the hardened, privacy-focused Centurion DNS servers will be used:
-    - https://dns01.eddns.eu/
+      - https://dns01.eddns.eu/
-    - https://dns02.eddns.de/
+      - https://dns02.eddns.de/
      - https://dns03.eddns.eu/
-  --jump-host <IP | IP | ... >
+$(echo -e "\e[97m  --jump-host <IP | IP | ... >\e[0m")
    Provide up to 10 IPs for /etc/host.allow whitelisting of SSH access.
    Could be either IPv4 and / or IPv6 addresses and / or CCDIR notation.
    If provided, than it MUST be a <SPACE> separated list.
-    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd/64].
+    IPv6 addresses MUST be encapsulated with [], e.g., [1234::abcd]/64.
-  --log-statistics-only
+$(echo -e "\e[97m  --log-statistics-only\e[0m")
    Provides statistic only after successful building a
    CISS.debian.live-ISO. While enabling "--log-statistics-only"
    the argument "--build-directory" MUST be provided while
    all further options MUST be omitted.
-  --provider-netcup-ipv6
+$(echo -e "\e[97m  --provider-netcup-ipv6\e[0m")
    Activates IPv6 support for Netcup Root Server. One unique
-    IPv6 address MUST be provided in this case.
+    IPv6 address MUST be provided in this case and MUST be encapsulated
    with [], e.g., [1234::abcd].
-  --renice-priority <PRIORITY>
+$(echo -e "\e[97m  --renice-priority <PRIORITY>\e[0m")
    Reset the nice priority value of the script and all its children
-    to the desired PRIORITY. MUST be an integer (between "-19" and 19).
+    to the desired <PRIORITY>. MUST be an integer (between "-19" and 19).
    Negative (higher) values MUST be enclosed in double quotes '"'.
-  --reionice-priority <CLASS> <PRIORITY>
+$(echo -e "\e[97m  --reionice-priority <CLASS> <PRIORITY>\e[0m")
    Reset the ionice priority value of the script and all its children
-    to the desired CLASS. MUST be an integer:
+    to the desired <CLASS>. MUST be an integer:
-    1: realtime
+      1: realtime
-    2: best-effort
+      2: best-effort
-    3: idle
+      3: idle
-    defaults to "2".
+    Defaults to '2'.
-    PRIORITY MUST be an integer:
+    Whereas <PRIORITY> MUST be an integer as well between:
-    between 0 (highest) and 7 (lowest) priority.
+      0: highest priority and
-    defaults to "4".
+      7: lowest priority.
    Defaults to '4'.
    A real-time I/O process can significantly slow down other processes
    or even cause them to starve if it continuously requests I/O.
-  --root-password-file </path/to/password.txt>
+$(echo -e "\e[97m  --root-password-file </path/to/password.txt>\e[0m")
    Password file for 'root', if given, MUST be a string of 20 to 64 characters,
    and MUST NOT contain the special character '"'.
    If the argument is omitted, no further login authentication is required for
    the local console. The root password is hashed with an 16 Byte '/dev/random'
    generated SALT and SHA512 Hashing function and 8,388,608 rounds. Immediately
    after Hash generation all Variables containing plain password fragments are
-    deleted. Password file SHOULD be 0400 and root:root and is deleted without
+    deleted. Password file SHOULD be '0400' and 'root:root' and is deleted without
    further prompt after password hash has been successfully generated via:
-    shred -vfzu 5 -f.
+    'shred -vfzu 5 -f'.
    No tracing of any plain text password fragment in any debug log.
-  --ssh-port <INTEGER>
+$(echo -e "\e[97m  --ssh-port <INTEGER>\e[0m")
    The desired Port SSH should listen to.
    If not provided defaults to Port 22.
-  --ssh-pubkey </path/to/.ssh/>
+$(echo -e "\e[97m  --ssh-pubkey </path/to/.ssh/>\e[0m")
    Imports the SSH Public Key(s) from the FILE 'authorized_keys' of the
    specified PATH into the Live ISO. MUST be provided.
-  --version, -v
+$(echo -e "\e[97m  --version, -v\e[0m")
    Displays version of ${0}.
-$(echo -e "\e[93mNOTES:\e[0m")
+$(echo -e "\e[93m💡 Notes:\e[0m")
-  - You MUST be 'root' to run this script.
+🔵 You MUST be 'root' to run this script.
-$(echo -e "\e[92mContact:\e[0m")
+$(echo -e "\e[95m💷 Please consider donating to my work at:\e[0m")
-$(echo -e "\e[95m  - https://coresecret.eu/ \e[0m")
+$(echo -e "\e[95m🌐 https://coresecret.eu/spenden/         \e[0m")
 $(echo -e "\e[95m  - security@coresecret.eu \e[0m")
 $(echo -e "\e[95m    - PGP Key 2D98 07F4 1030 1776 597E BDC9 9F54 8853 35A3 C9AD \e[0m")
 $(echo -e "\e[95m      - https://keys.openpgp.org/vks/v1/by-fingerprint/2D9807F410301776597EBDC99F54885335A3C9AD \e[0m")
 EOF
 }
--- a/meta_sources_debug.sh
+++ b/meta_sources_debug.sh
@@ -0,0 +1,32 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 ### Prevent this file from being sourced twice. Derive a safe guard-variable name from the script filename.
 var_file_name="${BASH_SOURCE[0]##*/}"
 var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}"
 var_guard_var="_${var_safe_name}_LOADED"
 ### If var_guard_var is already set, abort sourcing.
 if [[ -n "${!var_guard_var:-}" ]]; then
  unset var_file_name var_safe_name var_guard_var
  return 0
 fi
 ### Set var_guard_var and make it readonly+exported
 declare -grx "${var_guard_var}"=1
 unset var_file_name var_safe_name var_guard_var
 ### Sourcing Debug Libs
 . ./lib/lib_debug.sh
 . ./lib/lib_debug_header.sh
 . ./lib/lib_debug_var_git.sh
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/scripts/0010_dhcp_supersede.sh
+++ b/scripts/0010_dhcp_supersede.sh
@@ -21,9 +21,9 @@ fi
 cat << 'EOF' >| "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/etc/dhcp/dhclient.conf
 # Custom dhclient config to override DHCP DNS
-# dns01.eddns.eu, dns02.eddns.de;
+# dns01.eddns.eu, dns02.eddns.de; dns03.eddns.eu;
-supersede domain-name-servers 135.181.207.105, 89.58.62.53;
+supersede domain-name-servers 135.181.207.105, 89.58.62.53; 138.199.237.109;
 EOF
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 # sleep 1
 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.768.2025.06.17 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.03.768.2025.06.23 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
 if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
  chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
--- a/var/bash.var.sh
+++ b/var/bash.var.sh
@@ -0,0 +1,21 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 ### For all options see https://www.gnu.org/software/bash/manual/bash.html#The-Set-Builtin
 set -o errexit   # Exit script when a command exits with non-zero status, the same as "set -e".
 set -o errtrace  # Any traps on ERR are inherited in a subshell environment, the same as "set -E".
 set -o functrace # Any traps on DEBUG and RETURN are inherited in a subshell environment, the same as "set -T".
 set -o nounset   # Exit script on use of an undefined variable, the same as "set -u".
 set -o pipefail  # Makes pipelines return the exit status of the last command in the pipe that failed.
 set -o noclobber # Prevent overwriting, the same as "set -C".
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/var/colors.var.sh
+++ b/var/colors.var.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-declare -grx C_BLA='\e[90m' # For the techno fans.
+declare -grx C_BLA='\e[90m' # Beautiful black For the techno fans.
 declare -grx C_RED='\e[91m' # Bright red.
 declare -grx C_GRE='\e[92m' # Vibrant green.
 declare -grx C_YEL='\e[93m' # Fancy yellow
@@ -18,6 +18,6 @@ declare -grx C_BLU='\e[94m' # Organic blue.
 declare -grx C_MAG='\e[95m' # Super gay magenta.
 declare -grx C_CYA='\e[96m' # Lovely cyan.
 declare -grx C_WHI='\e[97m' # Fantastic color mix.
-declare -grx C_RES='\e[0m'    # Forget everything.
+declare -grx C_RES='\e[0m'  # Forget everything.
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/var/early.var.sh
+++ b/var/early.var.sh
@@ -0,0 +1,24 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 ### Definition of MUST set early Variables
 # shellcheck disable=SC2155
 declare -agx ARY_PARAM_ARRAY=("$@")
 declare -grx VAR_PARAM_COUNT="$#"
 declare -grx VAR_PARAM_STRNG="$*"
 declare -grx VAR_CONTACT="security@coresecret.eu"
 declare -grx VAR_VERSION="Master V8.03.768.2025.06.23"
 declare -grx VAR_SYSTEM="$(uname -a)"
 declare -gx  VAR_HANDLER_AUTOBUILD="false"
 umask 0022
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/var/global.var.sh
+++ b/var/global.var.sh
@@ -10,17 +10,11 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 # shellcheck disable=SC2155
 declare -gr VAR_SYSTEM="$(uname -a)"
 # shellcheck disable=SC2155
 declare -gr VAR_ISO8601="$(date +%Y_%m_%d_%H_%M_%S)"
 # shellcheck disable=SC2155
 declare -gr VAR_KERNEL_INF="$(mktemp)"
 # shellcheck disable=SC2155
 declare -gr VAR_KERNEL_TMP="$(mktemp)"
 # shellcheck disable=SC2155
 declare -gr VAR_KERNEL_SRT="$(mktemp)"
 # shellcheck disable=SC2155
 declare -gr VAR_NOTES="$(mktemp)"
 if "${VAR_EARLY_DEBUG}"; then
Author	SHA256	Message	Date
Marc S. Weidner	73d826ca2b	Merge remote-tracking branch 'origin/master' All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m34s Details	2025-06-23 18:47:08 +02:00
Marc S. Weidner	87905d693c	V8.03.768.2025.06.23 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-23 18:46:10 +02:00
Marc S. Weidner BOT	11e6b58f21	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@27b59ba at 2025-06-23T09:04:52Z on fd3d8b329394 Generated at : 2025-06-23T09:04:52Z Runner Host : fd3d8b329394 Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `27b59ba` HEAD -> master	2025-06-23 09:04:52 +00:00
Marc S. Weidner BOT	27b59bad99	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@a96d38f at 2025-06-23T08:10:39Z on acbf81c16084 Generated at : 2025-06-23T08:10:39Z Runner Host : acbf81c16084 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `a96d38f` HEAD -> master	2025-06-23 08:10:39 +00:00
Marc S. Weidner BOT	a96d38fe46	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@0cd9e75 at 2025-06-23T07:15:10Z on b6c63877a75b Generated at : 2025-06-23T07:15:10Z Runner Host : b6c63877a75b Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `0cd9e75` HEAD -> master	2025-06-23 07:15:10 +00:00
Marc S. Weidner BOT	0cd9e75b68	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@a5db504 at 2025-06-23T06:21:22Z on b85958f46628 Generated at : 2025-06-23T06:21:22Z Runner Host : b85958f46628 Workflow ID : 🛡️ Shell Script Linting Git Commit : `a5db504` HEAD -> master	2025-06-23 06:21:22 +00:00
Marc S. Weidner	a5db5044f6	V8.03.768.2025.06.23 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m49s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 56m45s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 55m27s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 54m13s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-23 08:18:26 +02:00
Marc S. Weidner BOT	5a4570ec46	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@5e4bc99 at 2025-06-23T06:05:56Z on 81400268aec7 Generated at : 2025-06-23T06:05:56Z Runner Host : 81400268aec7 Workflow ID : 🛡️ Shell Script Linting Git Commit : `5e4bc99` HEAD -> master	2025-06-23 06:05:56 +00:00
Marc S. Weidner BOT	5e4bc99e5a	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@e9b21a2 at 2025-06-23T06:05:08Z on 18ebad3d3217 Generated at : 2025-06-23T06:05:08Z Runner Host : 18ebad3d3217 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `e9b21a2` HEAD -> master	2025-06-23 06:05:08 +00:00
Marc S. Weidner	e9b21a2b5b	V8.03.768.2025.06.23 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 35s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-23 08:03:24 +02:00
Marc S. Weidner BOT	4bae828016	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@67ebcfb at 2025-06-19T17:45:16Z on 02331a304315 Generated at : 2025-06-19T17:45:16Z Runner Host : 02331a304315 Workflow ID : 🛡️ Shell Script Linting Git Commit : `67ebcfb` HEAD -> master	2025-06-19 17:45:16 +00:00
Marc S. Weidner	67ebcfb388	V8.03.768.2025.06.19 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m29s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 19:43:39 +02:00
Marc S. Weidner BOT	53e4f5e2e3	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@adbf2d0 at 2025-06-19T17:33:57Z on 233beb1e1bef Generated at : 2025-06-19T17:33:57Z Runner Host : 233beb1e1bef Workflow ID : 🛡️ Shell Script Linting Git Commit : `adbf2d0` HEAD -> master	2025-06-19 17:33:57 +00:00
Marc S. Weidner	adbf2d0dfd	V8.03.768.2025.06.19 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m37s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 19:32:09 +02:00
Marc S. Weidner BOT	8fb023e43b	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@1276b4f at 2025-06-19T17:03:12Z on 6917c3ab7572 Generated at : 2025-06-19T17:03:12Z Runner Host : 6917c3ab7572 Workflow ID : 🛡️ Shell Script Linting Git Commit : `1276b4f` HEAD -> master	2025-06-19 17:03:12 +00:00
Marc S. Weidner	1276b4fae7	V8.03.768.2025.06.19 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m31s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 19:01:27 +02:00
Marc S. Weidner BOT	4b6c7cc2d8	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@34dda8c at 2025-06-19T16:56:01Z on 71760bb93abe Generated at : 2025-06-19T16:56:01Z Runner Host : 71760bb93abe Workflow ID : 🛡️ Shell Script Linting Git Commit : `34dda8c` HEAD -> master	2025-06-19 16:56:01 +00:00
Marc S. Weidner	34dda8c8dd	V8.03.768.2025.06.19 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 18:54:04 +02:00
Marc S. Weidner BOT	a5a5855507	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@c3f4e0b at 2025-06-19T16:38:49Z on bdc025ea66fe Generated at : 2025-06-19T16:38:49Z Runner Host : bdc025ea66fe Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `c3f4e0b` HEAD -> master	2025-06-19 16:38:49 +00:00
Marc S. Weidner BOT	c3f4e0ba0a	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@44c56be at 2025-06-19T15:49:01Z on e5d7ffff4b85 Generated at : 2025-06-19T15:49:01Z Runner Host : e5d7ffff4b85 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `44c56be` HEAD -> master	2025-06-19 15:49:01 +00:00
Marc S. Weidner BOT	44c56be9d2	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@9657a45 at 2025-06-19T14:56:41Z on 25b6e1509d50 Generated at : 2025-06-19T14:56:41Z Runner Host : 25b6e1509d50 Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `9657a45` HEAD -> master	2025-06-19 14:56:41 +00:00
Marc S. Weidner BOT	9657a454c9	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@577b7d1 at 2025-06-19T14:05:50Z on ba89446388a0 Generated at : 2025-06-19T14:05:50Z Runner Host : ba89446388a0 Workflow ID : 🛡️ Shell Script Linting Git Commit : `577b7d1` HEAD -> master	2025-06-19 14:05:50 +00:00
Marc S. Weidner	577b7d16dd	V8.03.768.2025.06.19 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m27s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 52m27s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 52m15s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 49m47s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 16:03:45 +02:00
Marc S. Weidner	e4126f6995	V8.03.768.2025.06.19 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 08:31:12 +02:00
Marc S. Weidner BOT	144d0ca2e9	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@b8fe187 at 2025-06-19T05:53:22Z on b6300ce5447e Generated at : 2025-06-19T05:53:22Z Runner Host : b6300ce5447e Workflow ID : 🛡️ Shell Script Linting Git Commit : `b8fe187` HEAD -> master	2025-06-19 05:53:22 +00:00
Marc S. Weidner BOT	b8fe187cbf	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@3cc26e2 at 2025-06-19T05:52:22Z on f02394ed0ec5 Generated at : 2025-06-19T05:52:22Z Runner Host : f02394ed0ec5 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `3cc26e2` HEAD -> master	2025-06-19 05:52:22 +00:00
Marc S. Weidner	3cc26e2d2b	V8.03.768.2025.06.19 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 36s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m36s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 07:51:38 +02:00
Marc S. Weidner BOT	43ec5f3493	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@aa2f51b at 2025-06-19T05:33:03Z on 8f610bbc5c6f Generated at : 2025-06-19T05:33:03Z Runner Host : 8f610bbc5c6f Workflow ID : 🛡️ Shell Script Linting Git Commit : `aa2f51b` HEAD -> master	2025-06-19 05:33:03 +00:00
Marc S. Weidner	aa2f51b059	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m33s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 07:31:24 +02:00
Marc S. Weidner	ce632c3b3e	Merge remote-tracking branch 'origin/master'	2025-06-19 07:27:34 +02:00
Marc S. Weidner	2bfdf5fa42	V8.03.768.2025.06.18 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 07:27:27 +02:00
Marc S. Weidner BOT	3700a1ad6c	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@250b8ba at 2025-06-19T05:24:25Z on ded82c6e9227 Generated at : 2025-06-19T05:24:25Z Runner Host : ded82c6e9227 Workflow ID : 🛡️ Shell Script Linting Git Commit : `250b8ba` HEAD -> master	2025-06-19 05:24:25 +00:00
Marc S. Weidner	250b8ba0c6	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m34s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 07:22:30 +02:00
Marc S. Weidner BOT	8d598d7d69	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@c4b0e44 at 2025-06-18T22:29:43Z on 9a7502a7ba31 Generated at : 2025-06-18T22:29:43Z Runner Host : 9a7502a7ba31 Workflow ID : 🛡️ Shell Script Linting Git Commit : `c4b0e44` HEAD -> master	2025-06-18 22:29:43 +00:00
Marc S. Weidner	c4b0e44d99	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m36s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-19 00:27:38 +02:00
Marc S. Weidner BOT	4e76d9665a	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@8a65565 at 2025-06-18T21:50:59Z on 5edfe440f0f5 Generated at : 2025-06-18T21:50:59Z Runner Host : 5edfe440f0f5 Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `8a65565` HEAD -> master	2025-06-18 21:50:59 +00:00
Marc S. Weidner BOT	8a65565e5c	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@a03d758 at 2025-06-18T21:00:04Z on 43448e2d0468 Generated at : 2025-06-18T21:00:04Z Runner Host : 43448e2d0468 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `a03d758` HEAD -> master	2025-06-18 21:00:04 +00:00
Marc S. Weidner BOT	a03d75879f	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@29a5ff5 at 2025-06-18T20:08:45Z on 3da8825eb356 Generated at : 2025-06-18T20:08:45Z Runner Host : 3da8825eb356 Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `29a5ff5` HEAD -> master	2025-06-18 20:08:45 +00:00
Marc S. Weidner BOT	29a5ff5c9e	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@84f7014 at 2025-06-18T19:45:52Z on 8f3c3022119f Generated at : 2025-06-18T19:45:52Z Runner Host : 8f3c3022119f Workflow ID : 🛡️ Shell Script Linting Git Commit : `84f7014` HEAD -> master	2025-06-18 19:45:52 +00:00
Marc S. Weidner	84f7014699	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m28s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-18 21:44:20 +02:00
Marc S. Weidner BOT	6136da5631	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@2e24d9d at 2025-06-18T19:16:56Z on 66e587905f91 Generated at : 2025-06-18T19:16:56Z Runner Host : 66e587905f91 Workflow ID : 🛡️ Shell Script Linting Git Commit : `2e24d9d` HEAD -> master	2025-06-18 19:16:56 +00:00
Marc S. Weidner	2e24d9d814	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m26s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 53m23s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 51m15s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 50m54s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-18 21:15:25 +02:00
Marc S. Weidner BOT	a992311235	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@8785b82 at 2025-06-18T19:14:58Z on f7c25e7943ab Generated at : 2025-06-18T19:14:58Z Runner Host : f7c25e7943ab Workflow ID : 🛡️ Shell Script Linting Git Commit : `8785b82` HEAD -> master	2025-06-18 19:14:58 +00:00
Marc S. Weidner	8785b820af	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m30s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-18 21:13:23 +02:00
Marc S. Weidner BOT	51745e8f82	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@c04e89a at 2025-06-18T19:06:59Z on c1036e816e74 Generated at : 2025-06-18T19:06:59Z Runner Host : c1036e816e74 Workflow ID : 🛡️ Shell Script Linting Git Commit : `c04e89a` HEAD -> master	2025-06-18 19:06:59 +00:00
Marc S. Weidner	c04e89a3c1	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m35s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-18 21:04:53 +02:00
Marc S. Weidner BOT	9aa98d1e46	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@1c0cf0c at 2025-06-18T18:18:30Z on 79bdcfb89234 Generated at : 2025-06-18T18:18:30Z Runner Host : 79bdcfb89234 Workflow ID : 🛡️ Shell Script Linting Git Commit : `1c0cf0c` HEAD -> master	2025-06-18 18:18:30 +00:00
Marc S. Weidner	1c0cf0ce8c	V8.03.768.2025.06.18 Some checks failed 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m29s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 9m5s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Failing after 9m0s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 9m4s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-18 20:16:49 +02:00
Marc S. Weidner BOT	8d40f95c16	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@8c05da4 at 2025-06-18T18:16:00Z on 31cb08827156 Generated at : 2025-06-18T18:16:00Z Runner Host : 31cb08827156 Workflow ID : 🛡️ Shell Script Linting Git Commit : `8c05da4` HEAD -> master	2025-06-18 18:16:00 +00:00
Marc S. Weidner	8c05da4692	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m34s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-18 20:14:19 +02:00
Marc S. Weidner BOT	dd4968c745	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@aaf14e6 at 2025-06-18T18:11:58Z on 7d341627d38b Generated at : 2025-06-18T18:11:58Z Runner Host : 7d341627d38b Workflow ID : 🛡️ Shell Script Linting Git Commit : `aaf14e6` HEAD -> master	2025-06-18 18:11:59 +00:00
Marc S. Weidner	aaf14e6204	V8.03.768.2025.06.18 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m31s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-18 20:10:17 +02:00
Marc S. Weidner BOT	247b9af51b	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@f40b1c6 at 2025-06-18T18:02:53Z on 1ceadf78f42d Generated at : 2025-06-18T18:02:53Z Runner Host : 1ceadf78f42d Workflow ID : 🛡️ Shell Script Linting Git Commit : `f40b1c6` HEAD -> master	2025-06-18 18:02:53 +00:00
Marc S. Weidner BOT	f40b1c6f2d	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@742d057 at 2025-06-18T18:01:52Z on 6873478a02ad Generated at : 2025-06-18T18:01:52Z Runner Host : 6873478a02ad Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `742d057` HEAD -> master	2025-06-18 18:01:52 +00:00
Marc S. Weidner	742d0579d7	V8.03.768.2025.06.18 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 36s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m38s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-06-18 20:00:50 +02:00