Merge remote-tracking branch 'origin/master'

V8.04.002.2025.08.11
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-11 19:32:43 +02:00 · 2025-08-11 19:32:33 +02:00 · 2025-08-11 19:32:11 +02:00 · 2025-08-11 17:23:58 +00:00 · 2025-08-11 19:22:57 +02:00 · 2025-08-11 17:03:33 +00:00
64 changed files with 734 additions and 320 deletions
--- a/.archive/.0000_lib_usage.sh
+++ b/.archive/.0000_lib_usage.sh
@@ -21,7 +21,7 @@ usage() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.03.864.2025.07.15\e[0m")
+$(echo -e "\e[92mMaster V8.04.002.2025.08.11\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m")
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
    attributes:
      label: "Version"
      description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.03.864.2025.07.15"
+      placeholder: "e.g., Master V8.04.002.2025.08.11"
    validations:
      required: true
--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 FROM debian:bookworm
--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 name: 🔁 Render README.md to README.html.
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_0.yaml
@@ -10,6 +10,6 @@
 # SPDX-Security-Contact: security@coresecret.eu
 build:
-  counter: 1023
+  counter: 1024
-  version: V8.03.864.2025.07.15
+  version: V8.04.002.2025.08.11
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_iso_flavour_1.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.864.2025.07.15
+  version: V8.04.002.2025.08.11
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PUBLIC.yaml
+++ b/.gitea/trigger/t_generate_PUBLIC.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.864.2025.07.15
+  version: V8.04.002.2025.08.11
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.03.864.2025.07.15
+  version: V8.04.002.2025.08.11
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 name: 🔐 Generating a Private Live ISO FLV 0.
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 name: 🔐 Generating a Private Live ISO FLV 1.
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 name: 💙 Generating a PUBLIC Live ISO.
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 # Gitea Workflow: Shell-Script Linting
 #
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 name: 🔁 Render Graphviz Diagrams.
--- a/.shellcheckrc
+++ b/.shellcheckrc
@@ -0,0 +1,28 @@
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 encoding=utf-8
 external-sources=true
 shell=bash
 source-path=~/lib
 source-path=~/scripts
 source-path=~/var
 enable=avoid-nullary-conditions
 enable=check-extra-masked-returns
 enable=check-set-e-suppressed
 enable=check-unassigned-uppercase
 enable=deprecate-which
 enable=quote-safe-variables
 enable=require-double-brackets
 enable=require-variable-braces
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.03.864.2025.07.15"
+properties_version="V8.04.002.2025.08.11"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.03.864.2025.07.15
+PackageVersion: Master V8.04.002.2025.08.11
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
--- a/LINTER_RESULTS.txt
+++ b/LINTER_RESULTS.txt
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-07-15T17:55:19Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-08-11T17:23:55Z".
 ✅ The last linter check was successful. ✅
--- a/LIVE_ISO.public
+++ b/LIVE_ISO.public
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-07-15T13:01:05Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-08-07T10:53:55Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_07_15T12_12_23Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_08_07T10_04_36Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  e94f1f698fb6d6a078d3aed785302ffcad25221c92439e84bb505a39d7b4da50674063cc2f7957cca655afdcdb55871ed4990aebbb096f964336af682891aed0
+  3d1e73f464cae840af3faf43ab1dcd2b47b2a8610527ed57d406b0d1d6c80b23d8b550c33288edad2652f33560cc410efcb71c022e6f46ef6edec344e9b735f7
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaHZREQAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaJSFwwAKCRA85KY4hzOw
-IQE/APsGY1Q8yonOxKTBUxgPPIA7ugHTfub9yWbPLcisC7J+sQEA17e8hmjJSX+O
+IdavAP9IXSWEcQcEW0LRPJBEino30IU4bzAlJJPJ/ROcRblMWQEA06xIsSQVM6A/
-NpAtnhF4dfZheybcyfJwsscrNtOieAM=
+JeUxqQCspstTDwOEROSwfcZgCN/ySwA=
-=V2i8
+=RynM
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_FLV_0.private
+++ b/LIVE_ISO_FLV_0.private
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-07-15T11:05:11Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-08-07T08:55:20Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_07_15T10_13_20Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_08_07T08_03_38Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  b18d79055f12e6f61a1d0b46f8648f8097da419701f3366ba127b0eff1bb0d9ef4794b1a59b66ad8d48c3e3812a1fbc81f948a66b913b036cf2b740a778a88cd
+  1ed2a27ca9137e55202cc3936c32c8285c02e200fc7e40034752d21fe15d251d10a91b05e5336aedd351d47b0aa6bed34304bf46dbd6a1df0df92612a72c950d
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaHY15wAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaJRp+AAKCRA85KY4hzOw
-Idw3AQDzmYnaCI3OADP+DB+u805S8F+QUmVIcfmUGnM0sDz78gD+I+m+BHte8lzp
+IRXlAQDsDYY4bc7OA8pVWbz4AXlTh/m5PJtt4DAiRvqBnSNQkQEA3M0OZr/6cZkF
-rwudtbEBn9wZvy2KyFWcxlSCn3go2gU=
+lDpsQU14hbr06d70JmNeAc9CVsMVbQQ=
-=nGnJ
+=h1hv
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_FLV_1.private
+++ b/LIVE_ISO_FLV_1.private
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-07-15T12:03:16Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-08-07T09:55:21Z".
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_07_15T11_14_23Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_08_07T09_04_30Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  a022fe082d5d06db05e4c53f09b59ee57f483a3d2a2a143403d93c27a2d454ec8982ccaeb957f654c0879276befc7d9ab2333f407c8089306348c7a10fd39a20
+  7ccbe6b6622a6fe2db68a37c0d4feb2759addf8fe8b3cd1186bcc2bb7305dae4b6ffbbdad336b41eb98e5bef681166d50ddcf9761226575584201de94de9007b
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaHZDhAAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaJR4CQAKCRA85KY4hzOw
-IV0hAQCl7xeM8Art2obImFmhUBKDOLcLifegqY/jKY9729EM/wEAzJTRuLts9Jzy
+IdL0AP9jojn+k2E9FdCuc/y8qvD4p26m12cvydq2CYFUwfjbXgD/TBC0yRhM4Cfo
-PXje4fYxZiNOoFv3hz7Xwt5q9rPn/AE=
+GShrXSXGILEZBIxSbmWwPqHEWo7vMQ8=
-=S0vW
+=tgad
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.03.864.2025.07.15-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.04.002.2025.08.11-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -12,7 +12,7 @@ include_toc: true
 [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.2-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.1.3-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -142,7 +142,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
 This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
-Example: `V8.03.864.2025.07.15`
+Example: `V8.04.002.2025.08.11`
 `x.y.z` represents major (x), minor (y), and patch (z) version increments.
--- a/ciss_live_builder.sh
+++ b/ciss_live_builder.sh
@@ -13,37 +13,93 @@
 ### Contributions so far see ./docs/CREDITS.md
 ### WHY BASH?
-# Ease of installation.
+# Ease of installation. No compiling or installing gems, CPAN modules, pip packages, etc. Simple to use and read. Clear syntax
-# No compiling or installing gems, CPAN modules, pip packages, etc.
+# and straightforward output interpretation. Built-in power. Pattern matching, line processing, and regular expression support
-# Simple to use and read. Clear syntax and straightforward output interpretation.
+# are available natively, no external binaries required. Cross-platform consistency. '/bin/bash' is the default shell on most
-# Built-in power.
+# Linux distributions, ensuring scripts run unmodified across systems. macOS compatibility. Since macOS Catalina (10.15), the
-# Pattern matching, line processing, and regular expression support are available natively,
+# default login shell has been zsh, but bash remains available at '/bin/bash'. Windows support. You can use bash via WSL, MSYS2,
-# no external binaries required.
+# or Cygwin on Windows systems.
 # Cross-platform consistency.
 # '/bin/bash' is the default shell on most Linux distributions, ensuring scripts run unmodified across systems.
 # macOS compatibility.
 # Since macOS Catalina (10.15), the default login shell has been zsh, but bash remains available at '/bin/bash'.
 # Windows support.
 # You can use bash via WSL, MSYS2, or Cygwin on Windows systems.
-### Preliminary checks
+### CATCH ARGUMENTS AND DECLARE BASIC VARIABLES.
 # shellcheck disable=SC2155
 declare -girx VAR_START_TIME="${SECONDS}"                                # Start time of script execution.
 declare -grx  VAR_PARAM_COUNT="$#"                                       # Arguments passed to script.
 declare -grx  VAR_PARAM_STRNG="$*"                                       # Arguments passed to script as string.
 declare -ag   ARY_PARAM_ARRAY=("$@")                                     # Arguments passed to script as an array.
 declare -grx  VAR_SETUP_FILE="${0##*/}"                                  # 'ciss_debian_live_builder.sh'
 declare -grx  VAR_SETUP_PATH="$(cd "$(dirname "${0}")" && pwd)"          # '/opt/git/CISS.debian.live.builder'
 declare -grx  VAR_SETUP_FULL="$(cd "$(dirname "${0}")" && pwd)/${0##*/}" # '/opt/git/CISS.debian.live.builder/ciss_debian_live_builder.sh'
 # shellcheck disable=SC2155
 declare -grx SCRIPT_FULLPATH="$(readlink -f "${BASH_SOURCE[0]:-$0}")"
 # shellcheck disable=SC2155
 declare -grx SCRIPT_BASEPATH="$(dirname "${SCRIPT_FULLPATH}")"
 # shellcheck disable=SC2155
 declare -grx VAR_WORKDIR="$(dirname "${SCRIPT_FULLPATH}")"
 ### PRELIMINARY CHECKS.
 ### No ash, dash, ksh, sh.
 # shellcheck disable=2292
 [ -z "${BASH_VERSINFO[0]}" ] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2; exit "${ERR_UNSPPTBASH}"; }
+  . ./var/global.var.sh
  printf "\e[91m❌ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2
  exit "${ERR_UNSPPTBASH}"
 }
 ### No zsh.
 [[ -n "${ZSH_VERSION:-}" ]] && {
  . ./var/global.var.sh
  printf "\e[91m❌ Please make sure you are using 'bash'! Bye... \e[0m\n" >&2
  exit "${ERR_UNSPPTBASH}"
 }
 ### Not root.
 [[ ${EUID} -ne 0 ]] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Please make sure you are 'root'! Bye... \e[0m\n" >&2; exit "${ERR_NOT_USER_0}"; }
+  . ./var/global.var.sh
  printf "\e[91m❌ Please make sure you are 'root'! Bye... \e[0m\n" >&2
  exit "${ERR_NOT_USER_0}"
 }
 ### Not called by sh.
 # shellcheck disable=2312
 [[ $(kill -l | grep -c SIG) -eq 0 ]] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Please make sure you are calling the script without leading 'sh'! Bye... \e[0m\n" >&2; exit "${ERR_UNSPPTBASH}"; }
+  . ./var/global.var.sh
  printf "\e[91m❌ Please make sure you are calling the script without leading 'sh'! Bye... \e[0m\n" >&2
  exit "${ERR_UNSPPTBASH}"
 }
 ### Not sourced.
 [[ "${BASH_SOURCE[0]}" != "$0" ]] && {
  . ./var/global.var.sh
  printf "\e[91m❌ This script must be executed, not sourced. Please run '%s' directly! Bye... \e[0m\n" "$0" >&2
  exit "${ERR_UNSPPTBASH}"
 }
 ### Minimum Bash version 5.
 [[ ${BASH_VERSINFO[0]} -lt 5 ]] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
+  . ./var/global.var.sh
  printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2
  exit "${ERR_UNSPPTBASH}"
 }
 ### Minimum Bash version 5.1.
 [[ ${BASH_VERSINFO[0]} -le 5 ]] && [[ ${BASH_VERSINFO[1]} -le 1 ]] && {
-  . ./var/global.var.sh; printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2; exit "${ERR_UNSPPTBASH}"; }
+  . ./var/global.var.sh
  printf "\e[91m❌ Minimum requirement is bash 5.1. You are using '%s'! Bye... \e[0m\n" "${BASH_VERSION}" >&2
  exit "${ERR_UNSPPTBASH}"
 }
 ### No arguments.
 [[ ${#} -eq 0 ]] && {
-  . ./lib/lib_usage.sh; usage; exit 1; }
+  . ./lib/lib_usage.sh
  usage
  exit 1
 }
 ### SOURCING MUST SET EARLY VARIABLES, GUARD_SOURCING(), CHECK_GIT()
 . ./var/early.var.sh
 . ./lib/lib_guard_sourcing.sh
-. ./lib/lib_git_var.sh
+. ./lib/lib_source_guard.sh
 source_guard "./lib/lib_git_var.sh"
 ### CHECK FOR CONTACT, HELP, VERSION STRING, AND XTRACE DEBUG
 for arg in "$@"; do case "${arg,,}" in -c|--contact) . ./lib/lib_contact.sh; contact; exit 0;; esac; done
@@ -57,41 +113,42 @@ declare -gx VAR_SETUP="true"
 ### SOURCING VARIABLES
 [[ "${VAR_SETUP}" == true ]] && {
-  . ./var/bash.var.sh
+  source_guard "./var/bash.var.sh"
-  . ./var/color.var.sh
+  source_guard "./var/color.var.sh"
-  . ./var/global.var.sh
+  source_guard "./var/global.var.sh"
 }
 ### SOURCING LIBRARIES
 [[ "${VAR_SETUP}" == true ]] && {
-  . ./lib/lib_arg_parser.sh
+  source_guard "./lib/lib_arg_parser.sh"
-  . ./lib/lib_arg_priority_check.sh
+  source_guard "./lib/lib_arg_priority_check.sh"
-  . ./lib/lib_boot_screen.sh
+  source_guard "./lib/lib_boot_screen.sh"
-  . ./lib/lib_cdi.sh
+  source_guard "./lib/lib_cdi.sh"
-  . ./lib/lib_change_splash.sh
+  source_guard "./lib/lib_change_splash.sh"
-  . ./lib/lib_check_dhcp.sh
+  source_guard "./lib/lib_check_dhcp.sh"
-  . ./lib/lib_check_hooks.sh
+  source_guard "./lib/lib_check_hooks.sh"
-  . ./lib/lib_check_kernel.sh
+  source_guard "./lib/lib_check_kernel.sh"
-  . ./lib/lib_check_pkgs.sh
+  source_guard "./lib/lib_check_pkgs.sh"
-  . ./lib/lib_check_provider.sh
+  source_guard "./lib/lib_check_provider.sh"
-  . ./lib/lib_check_stats.sh
+  source_guard "./lib/lib_check_stats.sh"
-  . ./lib/lib_check_var.sh
+  source_guard "./lib/lib_check_var.sh"
-  . ./lib/lib_clean_screen.sh
+  source_guard "./lib/lib_clean_screen.sh"
-  . ./lib/lib_clean_up.sh
+  source_guard "./lib/lib_clean_up.sh"
-  . ./lib/lib_copy_integrity.sh
+  source_guard "./lib/lib_copy_integrity.sh"
-  . ./lib/lib_hardening_root_pw.sh
+  source_guard "./lib/lib_hardening_root_pw.sh"
-  . ./lib/lib_hardening_ssh.sh
+  source_guard "./lib/lib_hardening_ssh.sh"
-  . ./lib/lib_hardening_ultra.sh
+  source_guard "./lib/lib_hardening_ultra.sh"
-  . ./lib/lib_helper_ip.sh
+  source_guard "./lib/lib_helper_ip.sh"
-  . ./lib/lib_lb_build_start.sh
+  source_guard "./lib/lib_lb_build_start.sh"
-  . ./lib/lib_lb_config_start.sh
+  source_guard "./lib/lib_lb_config_start.sh"
-  . ./lib/lib_lb_config_write.sh
+  source_guard "./lib/lib_lb_config_write.sh"
-  . ./lib/lib_provider_netcup.sh
+  source_guard "./lib/lib_lb_config_write_trixie.sh"
-  . ./lib/lib_run_analysis.sh
+  source_guard "./lib/lib_provider_netcup.sh"
-  . ./lib/lib_sanitizer.sh
+  source_guard "./lib/lib_run_analysis.sh"
-  . ./lib/lib_trap_on_err.sh
+  source_guard "./lib/lib_sanitizer.sh"
-  . ./lib/lib_trap_on_exit.sh
+  source_guard "./lib/lib_trap_on_err.sh"
-  . ./lib/lib_usage.sh
+  source_guard "./lib/lib_trap_on_exit.sh"
  source_guard "./lib/lib_usage.sh"
 }
 ### ADVISORY LOCK
@@ -113,61 +170,61 @@ for dir in /usr/local/sbin /usr/sbin; do case ":${PATH}:" in *":${dir}:"*) ;; *)
 check_pkgs
 ### DIALOG OUTPUT FOR INITIALIZATION
-if ! $VAR_HANDLER_AUTOBUILD; then boot_screen; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen; fi
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nInitialization done ... \nXXX\n15\n" >&3; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nInitialization done ... \nXXX\n15\n" >&3; fi
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nAdditional initialization ... \nXXX\n30\n" >&3; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nAdditional initialization ... \nXXX\n30\n" >&3; fi
 ### Initialization
 declare -gr ARGUMENTS_COUNT="$#"
 declare -gr ARG_STR_ORG_INPUT="$*"
 #declare -ar ARG_ARY_ORG_INPUT=("$@")
 # shellcheck disable=SC2155
 declare -grx SCRIPT_FULLPATH="$(readlink -f "${BASH_SOURCE[0]:-$0}")"
 # shellcheck disable=SC2155
 declare -grx SCRIPT_BASEPATH="$(dirname "${SCRIPT_FULLPATH}")"
 # shellcheck disable=SC2155
 declare -grx VAR_WORKDIR="$(dirname "${SCRIPT_FULLPATH}")"
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nActivate traps ... \nXXX\n50\n" >&3; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nActivate traps ... \nXXX\n50\n" >&3; fi
 ### Following the CISS Bash naming and ordering scheme:
 trap 'trap_on_exit "$?"' EXIT
 trap 'trap_on_err "$?" "${BASH_SOURCE[0]}" "${LINENO}" "${FUNCNAME[0]:-main}" "${BASH_COMMAND}"' ERR
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nSanitizing Arguments ... \nXXX\n75\n" >&3; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nSanitizing Arguments ... \nXXX\n75\n" >&3; fi
 arg_check "$@"
 declare -ar ARY_ARG_SANITIZED=("$@")
 declare -gr VAR_ARG_SANITIZED="${ARY_ARG_SANITIZED[*]}"
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nParsing Arguments ... \nXXX\n90\n" >&3; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nParsing Arguments ... \nXXX\n90\n" >&3; fi
 arg_parser "$@"
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nFinal checks ... \nXXX\n95\n" >&3; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nFinal checks ... \nXXX\n95\n" >&3; fi
 clean_ip
 ### Updating Status of Dialog Gauge Bar
-if ! $VAR_HANDLER_AUTOBUILD; then printf "XXX\nInitialization completed ... \nXXX\n100\n" >&3; sleep 1; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then printf "XXX\nInitialization completed ... \nXXX\n100\n" >&3; sleep 1; fi
 ### Turn off Dialog Wrapper
-if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
 ### MAIN Program
 arg_priority_check
 check_stats
-if ! $VAR_HANDLER_AUTOBUILD; then check_provider; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then check_provider; fi
-if ! $VAR_HANDLER_AUTOBUILD; then check_kernel; fi
+if ! ${VAR_HANDLER_AUTOBUILD}; then check_kernel; fi
 check_hooks
 hardening_ssh
 lb_config_start
 lb_config_write
 if [[ "${VAR_SUITE}" == "bookworm" ]]; then
  lb_config_write
  rm -f "${SCRIPT_BASEPATH}/config/hooks/live/9998_sources_list_trixie.chroot"
 else
  lb_config_write_trixie
  rm -f "${SCRIPT_BASEPATH}/config/hooks/live/0003_install_backports.chroot"
  rm -f "${SCRIPT_BASEPATH}/config/hooks/live/9998_sources_list_bookworm.chroot"
 fi
 # shellcheck disable=SC2164
 cd "${VAR_WORKDIR}"
 hardening_ultra
 hardening_root_pw
 change_splash
--- a/config/hooks/live/0001_initramfs_modules.chroot
+++ b/config/hooks/live/0001_initramfs_modules.chroot
@@ -21,7 +21,9 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 #######################################
 grep_nic_driver_modules() {
  declare _mods
-  # Gather all Driver and sort unique
+
  ### Gather all Driver and sort unique.
  # shellcheck disable=SC2312
  readarray -t _mods < <(
    lspci -k \
      | grep -A2 -i ethernet \
--- a/config/hooks/live/0810_chrony_setup.chroot
+++ b/config/hooks/live/0810_chrony_setup.chroot
@@ -39,14 +39,13 @@ authselectmode require
 server ptbtime1.ptb.de iburst nts minpoll 5 maxpoll 9
 server ptbtime2.ptb.de iburst nts minpoll 5 maxpoll 9
 server ptbtime3.ptb.de iburst nts minpoll 5 maxpoll 9
-server ptbtime4.ptb.de iburst nts noselect minpoll 5 maxpoll 9
+server ptbtime4.ptb.de iburst nts minpoll 5 maxpoll 9
-# server nts.netnod.se iburst nts minpoll 5 maxpoll 9
+server sth1.ntp.se iburst nts minpoll 5 maxpoll 9
-
+server ntp0.fau.de iburst nts minpoll 5 maxpoll 9
 server ntp13.metas.ch iburst nts minpoll 5 maxpoll 9
 # server ntp.ripe.net iburst nts minpoll 5 maxpoll 9
 # server ntp12.metas.ch iburst nts minpoll 5 maxpoll 9
 # server ntp2.tecnico.ulisboa.pt iburst nts minpoll 5 maxpoll 9
 # server time-c-b.nist.gov iburst nts minpoll 5 maxpoll 9
 server ntp0.fau.de iburst nts minpoll 5 maxpoll 9
 leapsectz right/UTC
--- a/config/hooks/live/9998_sources_list_bookworm.chroot
+++ b/config/hooks/live/9998_sources_list_bookworm.chroot
--- a/config/hooks/live/9998_sources_list_trixie.chroot
+++ b/config/hooks/live/9998_sources_list_trixie.chroot
@@ -0,0 +1,59 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 set -C -e -u -o pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 cd /root
 if [[ -f /etc/apt/sources.list ]]; then
  mv /etc/apt/sources.list /root/.ciss/dlb/backup/sources.list.bak
 fi
 cat << 'EOF' >| /etc/apt/sources.list
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <cendev@coresecret.eu>
 # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
 # SPDX-PackageName: CISS.2025.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 #-----------------------------------------------------------------------------------------#
 #                                  OFFICIAL DEBIAN REPOS
 #-----------------------------------------------------------------------------------------#
 ### Debian Main Repos Bookworm
 deb https://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
 deb-src https://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
 deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
 deb-src http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
 deb https://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
 deb-src https://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
 deb https://deb.debian.org/debian/ trixie-backports main contrib non-free non-free-firmware
 deb-src https://deb.debian.org/debian/ trixie-backports main contrib non-free non-free-firmware
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
@@ -31,12 +31,12 @@ ListenAddress                ::
 Port MUST_BE_CHANGED
 AllowUsers                   root
 UseDNS                       no
-### Force a key exchange after transferring 1 GiB of data or 1 hour of session time,
+### Force a key exchange after transferring 1 GiB of data or 1 hour of session time, whichever occurs first.
 ### whichever occurs first.
 RekeyLimit                   1G 1h
 HostKey                      /etc/ssh/ssh_host_ed25519_key
 HostKey                      /etc/ssh/ssh_host_rsa_key
 TrustedUserCAKeys            none
 PubkeyAuthentication         yes
 PermitRootLogin              prohibit-password
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.03.864.2025.07.15
+### Version Master V8.04.002.2025.08.11
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.03.864.2025.07.15"
+declare -gr VERSION="Master V8.04.002.2025.08.11"
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.03.864.2025.07.15 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.04.002.2025.08.11 at: 10:18:37.9542
--- a/config/includes.chroot/root/.bashrc
+++ b/config/includes.chroot/root/.bashrc
@@ -10,25 +10,6 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 # ~/.bashrc: executed by bash(1) for non-login shells.
 # Note: PS1 and umask are already set in /etc/profile. You should not
 # need this unless you want different defaults for root.
 # PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
 # umask 022
 # You may uncomment the following lines if you want `ls' to be colorized:
 # export LS_OPTIONS='--color=auto'
 # eval "$(dircolors)"
 # alias ls='ls $LS_OPTIONS'
 # alias ll='ls $LS_OPTIONS -l'
 # alias l='ls $LS_OPTIONS -lA'
 #
 # Some more alias to avoid making mistakes:
 # alias rm='rm -i'
 # alias cp='cp -i'
 # alias mv='mv -i'
 [[ $- != *i* ]] && return
 trap ' "${SHELL}" /root/.ciss/clean_logout.sh ' 0
@@ -55,27 +36,20 @@ export CMAG='\033[1;95m'
 export CCYA='\033[1;96m'
 export CWHI='\033[1;97m'
 export CRES='\033[0m'
-
+export NL='\n'
 #if [[ "${UID}" -eq 0 ]]; then
 #  export user_color="${CRED}"
 #else
 #  export user_color="${CGRE}"
 #fi
 ### Define bash colorful prompt
-# PS1="${user_color}\d${CRES}|${user_color}\u${CRES}@${CMAG}\h${CRES}:${CCYA}\w${CRES}/>>\$(if [[ \$? -eq 0 ]]; then echo -e \"${CGRE}\$?${CRES}\"; else echo -e \"${CRED}\$?${CRES}\"; fi)|~\$ "
+export PS1="\
-PS1="\
+\[\033[1;91m\]\d\[\033[0m\]|\
-\[\033[1;91m\]\d\[\033[0m\]|\[\033[1;91m\]\u\[\033[0m\]@\
+\[\033[1;91m\]\u\[\033[0m\]@\
 \[\033[1;95m\]\h\[\033[0m\]:\
 \[\033[1;96m\]\w\[\033[0m\]/>>\
 \$(if [[ \$? -eq 0 ]]; then \
    # Show exit status in green if zero
    echo -e \"\[\033[1;92m\]\$?\[\033[0m\]\"; \
  else \
    # Show exit status in red otherwise
    echo -e \"\[\033[1;91m\]\$?\[\033[0m\]\"; \
  fi)\
-|~\$ "
+\$(if [[ \$(id -u) -eq 0 ]]; then echo -e \" \[\033[1;91m\]#\[\033[0m\] \"; else echo -e \" \[\033[1;92m\]\\\$\[\033[0m\] \"; fi)"
 ### Overwrite Protection
 set -o noclobber
@@ -83,11 +57,23 @@ alias cp="cp -iv"
 alias mv='mv -iv'
 alias rm='rm -iv'
-# Welcome message after login
+### Welcome message after login
 printf "\n"
 printf "\e[91m🔐 Coresecret Channel Established. \e[0m\n"
-printf "\e[92m✅ Welcome back\e[0m"; printf "\e[95m '%s' \e[0m" "${USER}"; printf "\e[92m! Type\e[0m"; printf "\e[95m 'celp'\e[0m"; printf "\e[92m for shortcuts. \e[0m\n"
+printf "\e[92m✅ Welcome back\e[0m"
 printf "\e[95m '%s' \e[0m" "${USER}"; printf "\e[92m! Type\e[0m"; printf "\e[95m 'celp'\e[0m"; printf "\e[92m for shortcuts. \e[0m\n"
 printf "\n"
 printf "\n"
 ### Welcome message after login.
 #printf "\n"
 #printf "%s🔐 Coresecret Channel Established. %s%s" "${CRED}" "${CRES}" "${NL}"
 #printf "%s✅ Welcome back %s " "${CGRE}" "${CRES}"
 #printf "%s'%s'%s" "${CMAG}" "${USER}" "${CRES}"
 #printf "%s! Type%s " "${CGRE}" "${CRES}"
 #printf "%s'celp'%s " "${CMAG}" "${CRES}"
 #printf "%sfor shortcuts. %s%s" "${CGRE}" "${CRES}" "${NL}"
 #printf "\n"
 #printf "\n"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/root/.ciss/alias
+++ b/config/includes.chroot/root/.ciss/alias
@@ -11,16 +11,6 @@
 # SPDX-Security-Contact: security@coresecret.eu
 ########################################################################################### Alpha
 #######################################
 # Outputs a 16-character random printable string
 # Arguments:
 #  None
 #######################################
 genstring() {
  (haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w 16 && echo ) | head
 }
 # Generates 1,048,576 random bytes into a timestamped file
 alias genkeyfile='haveged -n 1048576 >| /tmp/secure_keyfile_$(date +%s)'
 ########################################################################################### Bash
@@ -60,6 +50,7 @@ alias aptupd='apt update'
 alias aptupg='apt upgrade'
 alias apti='apt install'
 alias aptp='apt purge'
 alias aptpp='dpkg --purge'
 alias aptr='apt remove'
 alias aptse='apt search'
 alias aptsh='apt show'
@@ -104,11 +95,11 @@ alias whatpurge='dpkg --get-selections | grep deinstall'
 ########################################################################################### Functions
-###########################################################################################
+#######################################
 # Generates Secure (/dev/random) Passwords
 # Arguments:
 #    Length of Password, e.g., 32, and --base64 in case of encoding in BASE64.
-###########################################################################################
+#######################################
 # shellcheck disable=SC2317
 genpasswd() {
  declare -i length=32
@@ -128,6 +119,7 @@ genpasswd() {
  done
  declare passwd
  # shellcheck disable=SC2312
  passwd=$(tr -dc 'A-Za-z0-9_' < /dev/random | head -c "${length}")
  if [[ ${usebase64} -eq 1 ]]; then
@@ -137,23 +129,38 @@ genpasswd() {
  fi
 }
-###########################################################################################
+#######################################
-# Generates Secure (/dev/random) Passwords
+# Generates Secure (/dev/random) Passwords.
 # Arguments:
 #   none
-###########################################################################################
+#######################################
 # shellcheck disable=SC2317
 genpasswdhash() {
  declare salt
  # shellcheck disable=SC2312
  salt=$(tr -dc 'A-Za-z0-9' < /dev/random | head -c 16)
  mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608
 }
 #######################################
-# Wrapper for secure curl
+# Outputs a 16-character random printable string
 # Arguments:
-#  $1: URL from which to download a specific file
+#   None
-#  $2: /path/to/file to be saved to
+#######################################
 genstring() {
  # shellcheck disable=SC2312
  (haveged -n 1000 -f - 2>/dev/null | tr -cd '[:graph:]' | fold -w 16 && echo ) | head
 }
 #######################################
 # Wrapper for secure curl
 # Globals:
 #   CRED
 #   CRES
 #   NL
 # Arguments:
 #   1: URL from which to download a specific file
 #   2: /path/to/file to be saved to
 # Returns:
 #   0: Download successful
 #   1: Usage error
@@ -161,7 +168,7 @@ genpasswdhash() {
 #######################################
 scurl() {
  if [[ $# -ne 2 ]]; then
-    printf "\e[91m❌ Error: Usage: scurl <URL> <path/to/file>.\e[0m\n" >&2
+    printf "%s❌ Error: Usage: scurl <URL> <path/to/file>. %s%s" "${CRED}" "${CRES}" "${NL}" >&2
    return 1
  fi
  declare url="$1"
@@ -173,7 +180,7 @@ scurl() {
            -o "${output_path}" \
            "${url}"
  then
-    printf "\e[91m❌ Error: Download failed for URL: '%s'.\e[0m\n" "${url}" >&2
+    printf "%s❌ Error: Download failed for URL: '%s'. %s%s" "${CRED}" "${url}" "${CRES}" "${NL}" >&2
    return 2
  fi
  return 0
@@ -181,9 +188,13 @@ scurl() {
 #######################################
 # Wrapper for secure wget
 # Globals:
 #   CRED
 #   CRES
 #   NL
 # Arguments:
-#  $1: URL from which to download a specific file
+#   1: URL from which to download a specific file
-#  $2: /path/to/file to be saved to
+#   2: /path/to/file to be saved to
 # Returns:
 #   0: Download successful
 #   1: Usage error
@@ -191,7 +202,7 @@ scurl() {
 #######################################
 swget() {
  if [[ $# -ne 2 ]]; then
-    printf "\e[91m❌ Error: Usage: swget <URL> <path/to/file>.\e[0m\n" >&2
+    printf "%s❌ Error: Usage: swget <URL> <path/to/file>. %s%s" "${CRED}" "${CRES}" "${NL}" >&2
    return 1
  fi
  declare url="$1"
@@ -204,30 +215,57 @@ swget() {
            -qO "${output_path}" \
            "${url}"
  then
-    printf "\e[91m❌ Error: Download failed for URL: '%s'.\e[0m\n" "$url" >&2
+    printf "%s❌ Error: Download failed for URL: '%s'. %s%s" "${CRED}" "${url}" "${CRES}" "${NL}" >&2
    return 2
  fi
  return 0
 }
 #######################################
-# Wrapper for loading CISS.2025 hardened Kernel Parameters
+# Wrapper for loading CISS.2025 hardened Kernel Parameters.
 # Arguments:
 #   None
 #######################################
 sysp() {
  sysctl -p /etc/sysctl.d/99_local.hardened
  # sleep 1
-  sysctl -a | grep -E 'kernel|vm|net' > /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
+  # shellcheck disable=SC2312
  sysctl -a | grep -E 'kernel|vm|net' >| /var/log/sysctl_check"$(date +"%Y-%m-%d_%H:%M:%S")".log
 }
 #######################################
 # Wrapper for tree
 # Arguments:
-#  $1: Depth of Directory Listing
+#   1: Depth of Directory Listing
 #######################################
 trel() {
  declare depth=${1:-3}
  tree -C -h --dirsfirst -L "${depth}"
 }
 #######################################
 # Wrapper for package and path to bin.
 # Arguments:
 #   1: Program
 #######################################
 whichpackage() {
  if ! command -v "$1" >/dev/null 2>&1; then
    printf '%s❌ Error: Program '%s' not found. %s%s' "${CRED}" "$1" "${CRES}" "${NL}" >&2
    exit 1
  fi
  # shellcheck disable=SC2230,SC2312
  dpkg -S "$(which "$1")"
 }
 #######################################
 # Wrapper for Diskspace used in Path.
 # Arguments:
 #   1: Path (defaults /var)
 #   2: Depth (defaults 1)
 #   3: Number of Entries (defaults 16)
 #######################################
 whichused() {
  # shellcheck disable=SC2312
  du -h --max-depth="${2:-1}" "${1:-/var}" | sort -hr | head -n "${3:-16}"
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/root/.ciss/clean_logout.sh
+++ b/config/includes.chroot/root/.ciss/clean_logout.sh
@@ -36,4 +36,6 @@ echo -e "\e[92m          All done" "\e[95m'${USER}'" "\e[92m! \e[0m"
 echo -e "\e[92m          Close shell with 'ENTER' to exit" "\e[95m'${HOSTNAME}'" "\e[92m! \e[0m"
 # shellcheck disable=SC2162
 read
 [[ -x /usr/bin/clear_console ]] && /usr/bin/clear_console -q
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/root/.ciss/f2bchk.sh
+++ b/config/includes.chroot/root/.ciss/f2bchk.sh
@@ -10,6 +10,8 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 set -Ceuo pipefail
 #######################################
 # Wrapper for fail2ban filter checks against logs.
 # Usage: f2bchk --mode=ignored || --mode=matched  || --mode=missed \
@@ -17,16 +19,18 @@
 #               --log=/var/log/ufw.log \
 #               --output=/tmp/f2bchk.log
 # Globals:
-#   DEFAULT_FILTER
+#   CGRE
-#   DEFAULT_LOG
+#   CRED
-#   DEFAULT_MODE
+#   CRES
 #   NL
 # Arguments:
 #   None
 # Returns:
-#   1 In case of any errors
+#   0: on success
 #   1: In case of any errors
 #######################################
 f2bchk(){
-  # Declare default values (readonly)
+  ### Declare default values (readonly)
  declare -r DEFAULT_MODE="matched"
  declare -r DEFAULT_FILTER="/etc/fail2ban/filter.d/ufw.aggressive.conf"
  declare -r DEFAULT_LOG="/var/log/ufw.log"
@@ -44,7 +48,7 @@ f2bchk(){
      --log=*)    log="${arg#--log=}";;
      --output=*) output="${arg#--output=}";;
      *)
-        printf "\e[31m[ERROR]\e[0m Unknown argument: %s\n" "${arg}"
+        printf "%s[ERROR]%s Unknown argument: '%s' %s" "${CRED}" "${CRES}" "${arg}" "${CRED}"
        return 1
        ;;
    esac
@@ -56,7 +60,7 @@ f2bchk(){
    matched) flag="--print-all-matched"; suffix="all.matched";;
    missed)  flag="--print-all-missed";  suffix="all.missed";;
    *)
-      printf "\e[31m[ERROR]\e[0m Invalid mode: %s\n" "${mode}"
+      printf "%s[ERROR]%s Invalid mode: '%s' %s" "${CRED}" "${CRES}" "${mode}" "${NL}"
      return 1
      ;;
  esac
@@ -66,22 +70,30 @@ f2bchk(){
    filter_name="${filter_name%.conf}"
    output="/tmp/${filter_name}.${suffix}.log"
  fi
  if [[ ! -r "${log}" ]]; then
-    printf "\e[31m[ERROR]\e[0m Log file '%s' not found or not readable.\n" "${log}"
+    printf "%s[ERROR]%s Log file '%s' not found or not readable. %s" "${CRED}" "${CRES}" "${log}" "${NL}"
    return 1
  fi
  if [[ ! -r "${filter}" ]]; then
    printf "\e[31m[ERROR]\e[0m Filter file '%s' not found or not readable.\n" "${filter}"
    return 1
  fi
-  printf "\e[33m[INFO]\e[0m Running: fail2ban-regex %s %s %s\n" "${log}" "${filter}" "${flag}"
+  if [[ ! -r "${filter}" ]]; then
-  if fail2ban-regex "${log}" "${filter}" "${flag}" >| "${output}"; then
+    printf "%s[ERROR]%s Filter file '%s' not found or not readable. %s" "${CRED}" "${CRES}" "${filter}" "${NL}"
    printf "\e[32m[SUCCESS]\e[0m Saved log to %s\n" "$output"
    printf "You can view it with: cat %s\n" "$output"
  else
    printf "\e[31m[ERROR]\e[0m fail2ban-regex execution failed.\n"
    return 1
  fi
  printf "%s[INFO]%s Running: fail2ban-regex '%s %s %s' %s" "${CGRE}" "${CRES}" "${log}" "${filter}" "${flag}" "${NL}"
  if fail2ban-regex "${log}" "${filter}" "${flag}" >| "${output}"; then
    printf "%s[SUCCESS]%s Saved log to: '%s' %s" "${CGRE}" "${CRES}" "${output}" "${NL}"
    printf "You can view it with: cat %s%s" "${output}" "${NL}"
  else
    printf "%s[ERROR]%s fail2ban-regex execution failed. %s" "${CRED}" "${CRES}" "${NL}"
    return 1
  fi
  exit 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/root/.ciss/scan_libwrap
+++ b/config/includes.chroot/root/.ciss/scan_libwrap
@@ -12,30 +12,38 @@
 #######################################
 # Scanner for 'libwrap' usage.
 # Globals:
 #   CGRE
 #   CRES
 #   NL
 # Arguments:
 #   None
 #######################################
 scanlw() {
-  printf "\e[92m🔍 Scanning all running processes for 'libwrap' usage ... \e[0m\n"
+  printf "%s🔍 Scanning all running processes for 'libwrap' usage ... %s%s" "${CGRE}" "${CRES}" "${NL}"
  printf "\n"
-  # Collect binaries from all running PIDs
+  ### Collect binaries from all running PIDs.
  declare pid exe_path comm user
  for pid in $(ps -e -o pid=); do
    exe_path=$(readlink -f "/proc/${pid}/exe" 2>/dev/null)
-    # Skip if not a regular executable
+    ### Skip if not a regular executable.
    [[ -x "${exe_path}" ]] || continue
-    # Check if the binary is linked with libwrap
+    ### Check if the binary is linked with libwrap.
-    if ldd "$exe_path" 2>/dev/null | grep -q "libwrap"; then
+    # shellcheck disable=SC2312
-      comm=$(ps -p "$pid" -o comm=)
+    if ldd "${exe_path}" 2>/dev/null | grep -q "libwrap"; then
-      user=$(ps -p "$pid" -o user=)
+      comm=$(ps -p "${pid}" -o comm=)
-      printf "\e[92m✅ PID: %s (%s) [User: %s] is linked with 'libwrap.so'. \e[0m\n" "${pid}" "${comm}" "${user}"
+      user=$(ps -p "${pid}" -o user=)
      printf "%s✅ PID: %s (%s) [User: %s] is linked with 'libwrap.so'. %s%s" "${CGRE}" "${pid}" "${comm}" "${user}" "${CRES}" "${NL}"
    fi
  done
  printf "\n"
-  printf "\e[92m✅ Scan complete. \e[0m\n"
+  printf "%s✅ Scan complete. %s%s" "${CGRE}" "${CRES}" "${NL}"
  exit 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/root/.ciss/shortcuts
+++ b/config/includes.chroot/root/.ciss/shortcuts
@@ -21,6 +21,7 @@ declare -ga shortcuts=(
  "apti: apt install"
  "aptimage: get Kernel Img"
  "aptp: apt purge"
  "aptpp: dpkg --purge"
  "aptr: apt remove"
  "aptse: apt search"
  "aptsh: apt show"
@@ -83,6 +84,8 @@ declare -ga shortcuts=(
  "whatdelete: lsof | grep deleted"
  "whatimage: dpkg --list | grep linux"
  "whatpurge: dpkg --get-selections"
  "whichpackage <PROGRAM>"
  "whichused <PATH> <DEPTH> <ENTRIES>"
 )
 #######################################
@@ -101,7 +104,7 @@ celp() {
  declare i=0
  declare entry
  for entry in "${arr[@]}"; do
-    # Print entry left-aligned in fixed width, colored
+    ### Print entry left-aligned in fixed width, colored.
    printf "${CMAG}%-${col_width}s${CRES}" "${entry}"
    ((i++))
    if ((i % cols == 0)); then
--- a/config/package-lists/live.list.common.chroot
+++ b/config/package-lists/live.list.common.chroot
@@ -15,12 +15,15 @@ apt-file
 apt-mirror
 apt-show-versions
 apt-transport-https
 autoconf
 automake
 bash-completion
 bat
 bc
 bind9-dnsutils
 bsdmainutils
 btrfs-progs
 build-essential
 bzip2
 ca-certificates
 clamav
@@ -69,6 +72,9 @@ knot-dnsutils
 libpam-google-authenticator
 libpam-pwquality
 libpwquality-tools
 libtomcrypt-dev
 libtommath-dev
 libtool
 linux-doc-6.12
 linux-source
 live-boot
@@ -78,7 +84,6 @@ locate
 logrotate
 lsb-release
 lvm2
 makedev
 makepasswd
 man
 man-db
@@ -86,9 +91,10 @@ manpages
 manpages-dev
 mdadm
 mtr
 musl-tools
 nano
 ncat
-neofetch
+ncdu
 neovim
 net-tools
 netselect-apt
@@ -107,7 +113,6 @@ rsync
 rsyslog
 screen
 shellcheck
 software-properties-common
 spectre-meltdown-checker
 speedtest-cli
 squashfs-tools
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. DNSSEC Status
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Haveged Audit on Netcup RS 2000 G11
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Lynis Audit:
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. SSH Audit by ssh-audit.com
--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. TLS Audit:
--- a/docs/BOOTPARAMS.md
+++ b/docs/BOOTPARAMS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Hardened Kernel Boot Parameters
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,10 +8,41 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Changelog
 ## V8.04.002.2025.08.11
 * Updated: Experimental support for Debian Trixie
 ## V8.03.920.2025.08.07
 * Updated: [lib_arg_parser.sh](../lib/lib_arg_parser.sh)
 * Updated: [ciss_live_builder.sh](../ciss_live_builder.sh)
 * Updated: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
 ## V8.03.912.2025.07.23
 * Updated: [alias](../config/includes.chroot/root/.ciss/alias)
 * Updated: [clean_logout.sh](../config/includes.chroot/root/.ciss/clean_logout.sh)
 * Updated: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
 * Updated: [scan_libwrap](../config/includes.chroot/root/.ciss/scan_libwrap)
 * Updated: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
 * Updated: [.bashrc](../config/includes.chroot/root/.bashrc)
 ## V8.03.896.2025.07.22
 * Added: [.shellcheckrc](../.shellcheckrc)
 * Bugfixes: [ciss_live_builder.sh](../ciss_live_builder.sh)
 * Updated: [0810_chrony_setup.chroot](../config/hooks/live/0810_chrony_setup.chroot)
 ## V8.03.880.2025.07.19
 * Updated: [alias](../config/includes.chroot/root/.ciss/alias)
 * Updated: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
 * Added: Package ``ncdu``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
 * Added: ``TrustedUserCAKeys none``: [sshd_config](../config/includes.chroot/etc/ssh/sshd_config)
 ## V8.03.864.2025.07.15
 * Updated: [0010_dhcp_supersede.sh](../scripts/0010_dhcp_supersede.sh)
--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Centurion Net - Developer Branch Overview
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Coding Style
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Contributing / participating
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Credits
--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Download the latest PUBLIC CISS.debian.live.ISO
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2.1. Usage
 ````text
 CISS.debian.live.builder
-Master V8.03.864.2025.07.15
+Master V8.04.002.2025.08.11
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 (c) Marc S. Weidner, 2018 - 2025
@@ -120,6 +120,9 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
    Imports the SSH Public Key(s) from the FILE 'authorized_keys' of the
    specified PATH into the Live ISO. MUST be provided.
  --trixie
    Create a Debian Trixie Live ISO. Experimental Feature.
  --version, -v
    Displays version of ./ciss_live_builder.sh.
@@ -133,7 +136,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 # 2.2. Contact
 ````text
 CISS.debian.live.builder
-Master V8.03.864.2025.07.15
+Master V8.04.002.2025.08.11
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 (c) Marc S. Weidner, 2018 - 2025
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.03<br>
-**Build**: V8.03.864.2025.07.15<br>
+**Build**: V8.04.002.2025.08.11<br>
 # 2. Resources
--- a/docs/SECURITY/coresecret.dev.png
+++ b/docs/SECURITY/coresecret.dev.png
--- a/lib/lib_arg_parser.sh
+++ b/lib/lib_arg_parser.sh
@@ -64,8 +64,8 @@ arg_parser() {
          ;;
        -c | --contact)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --contact MUST NOT be followed by an argument.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -74,8 +74,8 @@ arg_parser() {
          ;;
        -h | --help)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --help MUST NOT be followed by an argument.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -84,8 +84,8 @@ arg_parser() {
          ;;
        -v | --version)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --version MUST NOT be followed by an argument.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -98,7 +98,7 @@ arg_parser() {
            declare -gx VAR_ARCHITECTURE="${2}"
            shift 2
          else
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --architecture MUST be 'amd64' or 'arm64'.\e[0m\n" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -109,7 +109,7 @@ arg_parser() {
        --build-directory)
          declare -gx VAR_HANDLER_BUILD_DIR="${2}"
          if [[ ! "${VAR_HANDLER_BUILD_DIR}" =~ ^/ ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --build-directory MUST be an absolute path. Got: '%s'\n" "${VAR_HANDLER_BUILD_DIR}" >&2
            exit "${ERR_NOTABSPATH}"
          fi
@@ -118,8 +118,8 @@ arg_parser() {
          ;;
        --cdi)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --cdi MUST NOT be followed by an argument.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -133,7 +133,7 @@ arg_parser() {
            declare -g VAR_HANDLER_SPLASH="${2}"
            shift 2
          else
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --change-splash MUST be 'club' or 'hexagon'.\e[0m\n" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -142,11 +142,11 @@ arg_parser() {
          ;;
        --control)
-          if [[ -n "${2}" ]]; then
+          if [[ -n "${2-}" ]]; then
            declare -g VAR_HANDLER_ISO_COUNTER="${2}"
            shift 2
          else
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --control MUST be provided with a Parameter.\e[0m\n" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -155,8 +155,8 @@ arg_parser() {
          ;;
        --debug)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --debug MUST NOT be followed by an argument.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -165,8 +165,8 @@ arg_parser() {
          ;;
        --dhcp-centurion)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --dhcp-centurion MUST NOT be followed by an argument.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -176,7 +176,7 @@ arg_parser() {
          ;;
        --jump-host)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
            declare -i count=0
            shift
            while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do
@@ -188,7 +188,7 @@ arg_parser() {
              shift
            done
          else
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --jump-host MUST contain one or up to ten IPs.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -196,8 +196,8 @@ arg_parser() {
          ;;
        --log-statistics-only)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --log-statistics-only MUST NOT be followed by an argument.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -207,7 +207,7 @@ arg_parser() {
          ;;
        --provider-netcup-ipv6)
-          if [[ -n "${2}" && "${2}" != -* ]]; then
+          if [[ -n "${2-}" && "${2}" != -* ]]; then
            declare -i count=0
            declare -g VAR_HANDLER_NETCUP_IPV6=true
            shift
@@ -221,7 +221,7 @@ arg_parser() {
              shift
            done
          else
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --provider-netcup-ipv6 MUST provide one IPv6.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
@@ -229,11 +229,11 @@ arg_parser() {
          ;;
        --renice-priority)
-          if [[ -n ${2} && ${2} =~ ^-?[0-9]+$ && ${2} -ge -19 && ${2} -le 19 ]]; then
+          if [[ -n ${2-} && ${2} =~ ^-?[0-9]+$ && ${2} -ge -19 && ${2} -le 19 ]]; then
-            declare -gi VAR_HANDLER_PRIORITY="$2"
+            VAR_HANDLER_PRIORITY="$2"
            shift 2
          else
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --renice-priority MUST an integer between '-19' and '19'.\e[0m\n" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -242,28 +242,28 @@ arg_parser() {
          ;;
        --reionice-priority)
-          if [[ -z "${2}" ]]; then
+          if [[ -z "${2-}" ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --reionice-priority no values provided.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_REIONICE_P}"
          else
            if [[ "${2}" =~ ^[1-3]$ ]]; then
-              declare -gi VAR_REIONICE_CLASS="${2}"
+              VAR_REIONICE_CLASS="${2}"
-              if [[ -z "${3}" ]]; then
+              if [[ -z "${3-}" ]]; then
                :
              else
                if [[ "${3}" =~ ^[0-7]$ ]]; then
-                  declare -gi VAR_REIONICE_PRIORITY="${3}"
+                  VAR_REIONICE_PRIORITY="${3}"
                else
-                  if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+                  if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
                  printf "\e[91m❌ Error: --reionice-priority PRIORITY MUST be an integer between '0' and '7'.\e[0m\n" >&2
                  read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
                  exit "${ERR_REIO_P_VAL}"
                fi
              fi
            else
-              if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+              if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
              printf "\e[91m❌ Error: --reionice-priority CLASS MUST be an integer between '1' and '3'.\e[0m\n" >&2
              read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
              exit "${ERR_REIO_C_VAL}"
@@ -279,7 +279,7 @@ arg_parser() {
        --root-password-file)
          declare pw_file="${2}"
          if [[ -z "${pw_file}" ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --root-password-file missing password file path argument.\e[0m\n" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -287,7 +287,7 @@ arg_parser() {
          fi
          if [[ ! -f "${pw_file}" ]]; then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --root-password-file password file '%s' does not exist.\e[0m\n" "${pw_file}" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -298,7 +298,7 @@ arg_parser() {
          owner=$(stat -c '%U:%G' "${pw_file}")
          if [[ "${owner}" != "root:root" ]]; then
            chown root:root "${pw_file}" || {
-              if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+              if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
              printf "\e[91m❌ Error: --root-password-file failed to set owner root:root on '%s'.\e[0m\n" "${pw_file}" >&2
              # shellcheck disable=SC2162
              read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -310,7 +310,7 @@ arg_parser() {
          perms=$(stat -c '%a' "${pw_file}")
          if [[ "${perms}" -ne 400 ]]; then
            chmod 400 "${pw_file}" || {
-              if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+              if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
              printf "\e[91m❌ Error: --root-password-file failed to set permissions 0400 on '%s'.\e[0m\n" "${pw_file}" >&2
              # shellcheck disable=SC2162
              read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -328,7 +328,7 @@ arg_parser() {
          declare pw_length
          pw_length=${#plaintext_pw}
          if (( pw_length < 20 || pw_length > 64 )); then
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --root-password-file password MUST be between 20 and 64 characters (got %d).\e[0m\n" "${pw_length}" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -338,7 +338,7 @@ arg_parser() {
          [[ "${VAR_EARLY_DEBUG}" == "true" ]] && set +x # No tracing for security reasons
          if [[ "${plaintext_pw}" == *\"* ]]; then
            [[ "${VAR_EARLY_DEBUG}" == "true" ]] && set -x # Turn on tracing again
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --root-password-file password MUST NOT contain double quotes (\").\e[0m\n" >&2
            # shellcheck disable=SC2162
            read -p  $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
@@ -374,11 +374,11 @@ arg_parser() {
          ;;
        --ssh-port)
-          if [[ -n "${2}" && "${2}" =~ ^-?[0-9]+$ && "${2}" -ge 1 && "${2}" -le 65535 ]]; then
+          if [[ -n "${2-}" && "${2}" =~ ^-?[0-9]+$ && "${2}" -ge 1 && "${2}" -le 65535 ]]; then
            declare -gi VAR_SSHPORT="${2}"
            shift 2
          else
-            if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+            if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
            printf "\e[91m❌ Error: --ssh-port MUST be an integer between '1' and '65535'.\e[0m\n" >&2
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR__SSH__PORT}"
@@ -390,8 +390,13 @@ arg_parser() {
          shift 2
          ;;
        --trixie)
          declare -g VAR_SUITE="trixie"
          shift 1
          ;;
        *)
-          if ! $VAR_HANDLER_AUTOBUILD; then boot_screen_cleaner; fi
+          if ! ${VAR_HANDLER_AUTOBUILD}; then boot_screen_cleaner; fi
          usage
          ;;
    esac
--- a/lib/lib_guard_sourcing.sh
+++ b/lib/lib_guard_sourcing.sh
@@ -23,7 +23,7 @@
 guard_sourcing() {
  ### Determine the caller script (the library being sourced).
  declare var_src="${1:-${BASH_SOURCE[1]}}"
-  ### Strip path, keep only filename
+  ### Strip path, keep only the filename
  declare var_file_name="${var_src##*/}"
  ### Sanitize to valid var name.
  declare var_safe_name="${var_file_name//[^a-zA-Z0-9_]/_}"
--- a/lib/lib_lb_config_write_trixie.sh
+++ b/lib/lib_lb_config_write_trixie.sh
@@ -0,0 +1,115 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 #######################################
 # Wrapper to write a new 'lb config' environment.
 # Globals:
 #   VAR_ARCHITECTURE
 #   VAR_HANDLER_BUILD_DIR
 #   VAR_HANDLER_ISO_COUNTER
 #   VAR_KERNEL
 #   VAR_VERSION
 #   VAR_WORKDIR
 # Arguments:
 #  None
 #######################################
 lb_config_write_trixie() {
  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Writing new config ... \e[0m\n"
  lb config \
    --apt apt \
    --apt-indices true \
    --apt-recommends true \
    --apt-secure true \
    --apt-source-archives true \
    --architecture "${VAR_ARCHITECTURE}" \
    --archive-areas main contrib non-free non-free-firmware \
    --backports true \
    --binary-filesystem fat32 \
    --binary-image iso-hybrid \
    --bootappend-install "auto=true priority=critical clock-setup/utc=true console-setup/ask_detect=false debian-installer/country=US debian-installer/language=en debian-installer/locale=en_US.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/model=pc105 localechooser/supported-locales=en_US.UTF-8 time/zone=Etc/UTC splash audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none" \
    --bootappend-live "boot=live components keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= locales=en_US.UTF-8 nocomponents=cdi-starter noeject nopersistence ramdisk-size=1024M splash swap=true timezone=Etc/UTC toram verify-checksums audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu.passthrough=0 iommu.strict=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mitigations=auto,nosmt mmio_stale_data=full,force,nosmt nosmt=force oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on slab_nomerge vdso32=0 vsyscall=none" \
    --bootloaders grub-efi \
    --cache true \
    --checksums sha512 sha256 md5 \
    --chroot-filesystem squashfs \
    --chroot-squashfs-compression-level 22 \
    --chroot-squashfs-compression-type zstd \
    --color \
    --compression bzip2 \
    --debconf-frontend noninteractive \
    --debconf-priority critical \
    --debian-installer cdrom \
    --debian-installer-distribution trixie \
    --debian-installer-gui true \
    --debian-installer-preseedfile "preseed.cfg" \
    --debug \
    --distribution trixie \
    --distribution-binary trixie \
    --distribution-chroot trixie \
    --firmware-binary true \
    --firmware-chroot true \
    --hdd-label "CENTURIONLIVE" \
    --image-name "ciss-debian-live-${VAR_HANDLER_ISO_COUNTER}" \
    --initramfs "live-boot" \
    --initramfs-compression gzip \
    --initsystem systemd \
    --iso-application "CISS.debian.live.builder: ${VAR_VERSION} - Debian-Live-Build: 20250505 - Debian-Installer: trixie" \
    --iso-preparer '(C) 2018-2025, Centurion Intelligence Consulting Agency (TM), Lisboa, Portugal' \
    --iso-publisher '(P) 2018-2025, Centurion Press (TM) - powered by https://coresecret.eu/ - contact@coresecret.eu' \
    --iso-volume 'CISS.debian.live' \
    --linux-flavours "${VAR_KERNEL}" \
    --linux-packages linux-image \
    --loadlin true \
    --memtest memtest86+ \
    --mirror-binary 'https://deb/debian.org/debian/' \
    --mirror-binary-security 'https://security.debian.org/' \
    --mirror-bootstrap 'https://deb.debian.org/debian/' \
    --mirror-chroot 'https://deb.debian.org/debian/' \
    --mirror-chroot-security 'https://security.debian.org/' \
    --mirror-debian-installer 'https://deb.debian.org/debian/' \
    --mode debian \
    --parent-archive-areas main contrib non-free non-free-firmware \
    --parent-debian-installer-distribution trixie \
    --parent-distribution trixie \
    --parent-distribution-binary trixie \
    --parent-distribution-chroot trixie \
    --parent-mirror-binary 'https://deb.debian.org/debian/' \
    --parent-mirror-binary-security 'https://security.debian.org/' \
    --parent-mirror-bootstrap 'https://deb.debian.org/debian/' \
    --parent-mirror-chroot 'https://deb.debian.org/debian/' \
    --parent-mirror-chroot-security 'https://security.debian.org/' \
    --parent-mirror-debian-installer 'https://deb.debian.org/debian/' \
    --security true \
    --system live \
    --source false \
    --source-images tar \
    --uefi-secure-boot auto \
    --updates true \
    --utc-time true \
    --verbose
  sleep 1
  sed -i 's/LB_CHECKSUMS="sha512 md5"/LB_CHECKSUMS="sha512 sha384 sha256"/1' ./config/binary
  sed -i 's/LB_DM_VERITY=""/LB_DM_VERITY="false"/1' ./config/binary
  mkdir -p "${VAR_HANDLER_BUILD_DIR}"/config/includes.chroot/usr/lib/live/boot
  cp -a "${VAR_WORKDIR}/scripts/live-boot/0030-verify-checksums" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
  chmod 0755 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
  chown root:root "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Writing new config done.\e[0m\n"
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_source_guard.sh
+++ b/lib/lib_source_guard.sh
@@ -0,0 +1,28 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 #######################################
 # Prevent the file to be sourced twice.
 # Arguments:
 #   1: File to source.
 #######################################
 source_guard() {
  declare var_file="${1}"
  declare var_name="${var_file##*/}"
  declare var_guard="_${var_name//[^a-zA-Z0-9_]/_}_LOADED"
  if ! declare -p "${var_guard}" &>/dev/null; then
    # shellcheck disable=SC1090
    . "${var_file}"
  fi
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_trap_on_err.sh
+++ b/lib/lib_trap_on_err.sh
@@ -15,8 +15,8 @@ guard_sourcing
 #######################################
 # Print Error Message for Trap on 'ERR' in ${ERROR_LOG}
 # Globals:
-#   ARGUMENTS_COUNT
+#   VAR_PARAM_COUNT
-#   ARG_STR_ORG_INPUT
+#   VAR_PARAM_STRING
 #   VAR_ARG_SANITIZED
 #   LOG_DEBUG
 #   ERRCMMD
@@ -45,8 +45,8 @@ print_file_err() {
    printf "❌ Function               : %s \n" "${ERRFUNC}"
    printf "❌ Command                : %s \n" "${ERRCMMD}"
    printf "❌ Script Runtime         : %s \n" "${SECONDS}"
-    printf "❌ Arguments Counter      : %s \n" "${ARGUMENTS_COUNT}"
+    printf "❌ Arguments Counter      : %s \n" "${VAR_PARAM_COUNT}"
-    printf "❌ Arguments Original     : %s \n" "${ARG_STR_ORG_INPUT}"
+    printf "❌ Arguments Original     : %s \n" "${VAR_PARAM_STRING}"
    printf "❌ Arguments Sanitized    : %s \n" "${VAR_ARG_SANITIZED}"
    if "${VAR_EARLY_DEBUG}"; then
      printf "❌ Vars Dump saved at     : %s \n" "${LOG_VAR}"
@@ -60,8 +60,8 @@ print_file_err() {
 #######################################
 # Print Error Message for Trap on 'ERR' on Terminal
 # Globals:
-#   ARGUMENTS_COUNT
+#   VAR_PARAM_COUNT
-#   ARG_STR_ORG_INPUT
+#   VAR_PARAM_STRING
 #   VAR_ARG_SANITIZED
 #   LOG_DEBUG
 #   ERRCMMD
@@ -89,8 +89,8 @@ print_scr_err() {
  printf "\e[91m❌ Function               : %s \e[0m\n" "${ERRFUNC}" >&2
  printf "\e[91m❌ Command                : %s \e[0m\n" "${ERRCMMD}" >&2
  printf "\e[91m❌ Script Runtime         : %s \e[0m\n" "${SECONDS}" >&2
-  printf "\e[91m❌ Arguments Counter      : %s \e[0m\n" "${ARGUMENTS_COUNT}" >&2
+  printf "\e[91m❌ Arguments Counter      : %s \e[0m\n" "${VAR_PARAM_COUNT}" >&2
-  printf "\e[91m❌ Arguments Original     : %s \e[0m\n" "${ARG_STR_ORG_INPUT}" >&2
+  printf "\e[91m❌ Arguments Original     : %s \e[0m\n" "${VAR_PARAM_STRING}" >&2
  printf "\e[91m❌ Arguments Sanitized    : %s \e[0m\n" "${VAR_ARG_SANITIZED}" >&2
  printf "\e[91m❌ Error Log saved at     : %s \e[0m\n" "${LOG_ERROR}" >&2
  printf "\e[91m❌ batcat --pager='less -r' %s \e[0m\n" "${LOG_ERROR}" >&2
--- a/lib/lib_usage.sh
+++ b/lib/lib_usage.sh
@@ -20,7 +20,7 @@ usage() {
  declare var_cols=$(tput cols 2>/dev/null || echo 80)
  #######################################
-  # Header, Footer wrapper for dynamically output.
+  # Header, Footer wrapper for dynamical output.
  # Arguments:
  #   $1: Text.
  #   $2: Width of Terminal.
@@ -35,13 +35,13 @@ usage() {
  # shellcheck disable=SC2155
  declare var_header=$(center "CLB(1)                        CISS.debian.live.builder                        CLB(1)" "${var_cols}")
  # shellcheck disable=SC2155
-  declare var_footer=$(center "V8.03.864.2025.07.15        2025-06-25        CLB(1)" "${var_cols}")
+  declare var_footer=$(center "V8.04.002.2025.08.11                        2025-08-11                        CLB(1)" "${var_cols}")
  {
    echo -e "\e[1;97m${var_header}\e[0m"
    echo
    echo -e "\e[92mCISS.debian.live.builder from https://git.coresecret.dev/msw \e[0m"
-    echo -e "\e[92mMaster V8.03.864.2025.07.15\e[0m"
+    echo -e "\e[92mMaster V8.04.002.2025.08.11\e[0m"
    echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m"
    echo
    echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025 \e[0m"
@@ -148,6 +148,9 @@ usage() {
    echo "    Imports the SSH Public Key from the FILE 'authorized_keys' of the"
    echo "    specified PATH into the Live ISO. MUST be provided."
    echo
    echo -e "\e[97m  --trixie \e[0m"
    echo "    Create a Debian Trixie Live ISO. Experimental Feature"
    echo
    echo -e "\e[97m  --version, -v \e[0m"
    echo "    Show version of ${0}."
    echo
--- a/scripts/9000-cdi-starter
+++ b/scripts/9000-cdi-starter
@@ -15,7 +15,7 @@ printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "
 # sleep 1
 [[ ! -d /root/.cdi/log ]] && mkdir -p /root/.cdi/log
-printf "CISS.debian.installer Master V8.03.864.2025.07.15 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
+printf "CISS.debian.installer Master V8.04.002.2025.08.11 is up!" >| /root/.cdi/log/boot_finished_"$(date +"%Y-%m-%d_%H-%M-%S")".log
 if [[ -f /root/git/CISS.debian.installer/ciss_debian_installer.sh ]]; then
  chmod 0700 /root/git/CISS.debian.installer/ciss_debian_installer.sh
--- a/var/bash.var.sh
+++ b/var/bash.var.sh
@@ -10,12 +10,30 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 ### For all options see https://www.gnu.org/software/bash/manual/bash.html#The-Set-Builtin
 set -o errexit           # Exit script when a command exits with non-zero status, the same as "set -e".
 set -o errtrace          # Any traps on ERR are inherited in a subshell environment, the same as "set -E".
 set -o functrace         # Any traps on DEBUG and RETURN are inherited in a subshell environment, the same as "set -T".
 set -o ignoreeof         # An interactive shell will not exit upon reading EOF.
 set -o noclobber         # Prevent overwriting, the same as "set -C".
 set -o nounset           # Exit script on use of an undefined variable, the same as "set -u".
 set -o pipefail          # Makes pipelines return the exit status of the last command in the pipe that failed.
-set -o noclobber # Prevent overwriting, the same as "set -C".
+
 ### For all options see https://www.gnu.org/software/bash/manual/bash.html#The-Shopt-Builtin
 #shopt -s failglob        # If set, patterns that fail to match filenames during filename expansion result in an expansion error.
 shopt -s inherit_errexit # If set, command substitution inherits the value of the errexit option instead of unsetting it in the
                         # subshell environment. This option is enabled when POSIX mode is enabled.
 shopt -s lastpipe        # If set, and job control is not active, the shell runs the last command of a pipeline not executed in
                         # the background in the current shell environment.
 shopt -u expand_aliases  # If set, aliases are expanded as described. This option is enabled by default for interactive shells.
 shopt -u dotglob         # If set, Bash includes filenames beginning with a '.' in the results of filename expansion.
 shopt -u extglob         # If set, enable the extended pattern matching features.
 shopt -u nullglob        # If set, filename expansion patterns that match no files expand to nothing and are removed.
 declare -gx PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 declare -gx IFS=$' \t\n'
 umask 0022
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/var/color.var.sh
+++ b/var/color.var.sh
@@ -10,14 +10,20 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-declare -grx C_BLA='\e[90m' # Beautiful black For the techno fans.
+guard_sourcing
-declare -grx C_RED='\e[91m' # Bright red.
+
-declare -grx C_GRE='\e[92m' # Vibrant green.
+### Definition of color variables.
-declare -grx C_YEL='\e[93m' # Fancy yellow
+
-declare -grx C_BLU='\e[94m' # Organic blue.
+declare -grx BLA='\e[90m' # Beautiful black For the techno fans.
-declare -grx C_MAG='\e[95m' # Super gay magenta.
+declare -grx RED='\e[91m' # Bright red.
-declare -grx C_CYA='\e[96m' # Lovely cyan.
+declare -grx GRE='\e[92m' # Vibrant green.
-declare -grx C_WHI='\e[97m' # Fantastic color mix.
+declare -grx YEL='\e[93m' # Fancy yellow
-declare -grx C_RES='\e[0m'  # Forget everything.
+declare -grx BLU='\e[94m' # Organic blue.
 declare -grx MAG='\e[95m' # Super gay magenta.
 declare -grx CYA='\e[96m' # Lovely cyan.
 declare -grx WHI='\e[97m' # Fantastic color mix.
 declare -grx RES='\e[0m'  # Forget everything.
 declare -grx TAB='\t'     # Tabulator.
 declare -grx NL='\n'      # New line.
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/var/early.var.sh
+++ b/var/early.var.sh
@@ -13,13 +13,10 @@
 ### Definition of MUST set early Variables
 # shellcheck disable=SC2155
 declare -agx ARY_PARAM_ARRAY=("$@")
 declare -grx VAR_PARAM_COUNT="$#"
 declare -grx VAR_PARAM_STRNG="$*"
 declare -grx VAR_CONTACT="security@coresecret.eu"
-declare -grx VAR_VERSION="Master V8.03.864.2025.07.15"
+declare -grx VAR_VERSION="Master V8.04.002.2025.08.11"
 declare -grx VAR_SYSTEM="$(uname -a)"
 declare -gx  VAR_EARLY_DEBUG="false"
 declare -gx  VAR_HANDLER_AUTOBUILD="false"
-umask 0022
+
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/var/global.var.sh
+++ b/var/global.var.sh
@@ -10,11 +10,18 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 guard_sourcing
 ### Definition of MUST set global variables.
 # shellcheck disable=SC2155
 declare -gr VAR_ISO8601="$(date +%Y_%m_%d_%H_%M_%S)"
 # shellcheck disable=SC2155
 declare -gr VAR_KERNEL_INF="$(mktemp)"
 # shellcheck disable=SC2155
 declare -gr VAR_KERNEL_TMP="$(mktemp)"
 # shellcheck disable=SC2155
 declare -gr VAR_KERNEL_SRT="$(mktemp)"
 # shellcheck disable=SC2155
 declare -gr VAR_NOTES="$(mktemp)"
 declare -gr LOG_ERROR="/tmp/ciss_live_builder_$$_error.log"
@@ -28,12 +35,14 @@ declare -g VAR_HANDLER_SPLASH=""
 declare -g VAR_SSHPORT=""
 declare -g VAR_SSHPUBKEY=""
 declare -g VAR_SCRIPT_SUCCESS="false"
 declare -g VAR_SUITE="bookworm"
 declare -g VAR_HANDLER_PRIORITY=""
 declare -g VAR_HANDLER_NETCUP_IPV6="false"
 declare -g VAR_HASHED_PWD=""
 declare -gi VAR_HANDLER_STA=0
-declare -g VAR_REIONICE_CLASS=""
+declare -gi VAR_HANDLER_PRIORITY=0
-declare -g VAR_REIONICE_PRIORITY=""
+declare -gi VAR_REIONICE_CLASS=2
 declare -gi VAR_REIONICE_PRIORITY=4
 declare -gr VAR_CHROOT_DIR="chroot"
 declare -gr VAR_PACKAGES_FILE="chroot.packages.live"
 declare -ga ARY_HANDLER_JUMPHOST=()
Author	SHA256	Message	Date
Marc S. Weidner	42ea94595d	Merge remote-tracking branch 'origin/master' Some checks failed 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 50s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 14m47s Details	2025-08-11 19:32:43 +02:00
Marc S. Weidner	79c7b090ac	V8.04.002.2025.08.11 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-08-11 19:32:33 +02:00
Marc S. Weidner	068ebb1065	V8.04.002.2025.08.11 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-08-11 19:32:11 +02:00
Marc S. Weidner BOT	4ea400761d	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@7d1e5d8 at 2025-08-11T17:23:58Z on 317460cabc16 Generated at : 2025-08-11T17:23:58Z Runner Host : 317460cabc16 Workflow ID : 🛡️ Shell Script Linting Git Commit : `7d1e5d8` HEAD -> master	2025-08-11 17:23:58 +00:00
Marc S. Weidner	7d1e5d8523	V8.04.002.2025.08.11 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 51s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-08-11 19:22:57 +02:00
Marc S. Weidner BOT	10101af2ee	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@9b0b2db at 2025-08-11T17:03:33Z on ade9cf379b73 Generated at : 2025-08-11T17:03:33Z Runner Host : ade9cf379b73 Workflow ID : 🛡️ Shell Script Linting Git Commit : `9b0b2db` HEAD -> master	2025-08-11 17:03:33 +00:00
Marc S. Weidner	9b0b2db4d6	V8.04.002.2025.08.11 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 51s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-08-11 19:02:33 +02:00
Marc S. Weidner BOT	3e7124c5b0	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@e72ef95 at 2025-08-11T16:53:44Z on b4850b78b6eb Generated at : 2025-08-11T16:53:44Z Runner Host : b4850b78b6eb Workflow ID : 🛡️ Shell Script Linting Git Commit : `e72ef95` HEAD -> master	2025-08-11 16:53:44 +00:00
Marc S. Weidner	e72ef95b86	V8.04.002.2025.08.11 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 58s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-08-11 18:52:29 +02:00
Marc S. Weidner BOT	78644a6e2c	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@d83e3da at 2025-08-11T16:19:32Z on ce9772e82a59 Generated at : 2025-08-11T16:19:32Z Runner Host : ce9772e82a59 Workflow ID : 🛡️ Shell Script Linting Git Commit : `d83e3da` HEAD -> master	2025-08-11 16:19:32 +00:00
Marc S. Weidner BOT	d83e3da729	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@cd13f2a at 2025-08-11T16:19:25Z on c5db79016bc8 Generated at : 2025-08-11T16:19:25Z Runner Host : c5db79016bc8 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `cd13f2a` HEAD -> master	2025-08-11 16:19:25 +00:00
Marc S. Weidner	cd13f2a6ca	V8.04.002.2025.08.11 Some checks failed 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 54s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Failing after 14m34s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Failing after 14m32s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 14m29s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-08-11 18:18:05 +02:00
Marc S. Weidner BOT	2661f89f11	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@1500c5c at 2025-08-07T10:53:57Z on ba70769d28db Generated at : 2025-08-07T10:53:57Z Runner Host : ba70769d28db Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `1500c5c` HEAD -> master	2025-08-07 10:53:57 +00:00
Marc S. Weidner BOT	1500c5ca91	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@c7a2e9b at 2025-08-07T09:55:24Z on a4aa17d5bc06 Generated at : 2025-08-07T09:55:24Z Runner Host : a4aa17d5bc06 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `c7a2e9b` HEAD -> master	2025-08-07 09:55:24 +00:00
Marc S. Weidner BOT	c7a2e9bfa9	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@8b9306f at 2025-08-07T08:55:23Z on 8602ccb0fa51 Generated at : 2025-08-07T08:55:23Z Runner Host : 8602ccb0fa51 Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `8b9306f` HEAD -> master	2025-08-07 08:55:23 +00:00
Marc S. Weidner BOT	8b9306f5e5	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@992d593 at 2025-08-07T07:55:21Z on 8dcbb8f07174 Generated at : 2025-08-07T07:55:21Z Runner Host : 8dcbb8f07174 Workflow ID : 🛡️ Shell Script Linting Git Commit : `992d593` HEAD -> master	2025-08-07 07:55:21 +00:00
Marc S. Weidner BOT	992d593210	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@43f8671 at 2025-08-07T07:55:11Z on cf99a6b959cd Generated at : 2025-08-07T07:55:11Z Runner Host : cf99a6b959cd Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `43f8671` HEAD -> master	2025-08-07 07:55:11 +00:00
Marc S. Weidner	43f86718a7	V8.03.920.2025.08.07 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 53s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m3s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 1h1m12s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 1h0m1s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 58m31s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-08-07 09:53:21 +02:00
Marc S. Weidner BOT	d3242a7b5d	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@f415c7a at 2025-07-24T22:13:15Z on 61d71e709c15 Generated at : 2025-07-24T22:13:15Z Runner Host : 61d71e709c15 Workflow ID : 🛡️ Shell Script Linting Git Commit : `f415c7a` HEAD -> master	2025-07-24 22:13:15 +00:00
Marc S. Weidner	f415c7aef5	V8.03.912.2025.07.23 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 42s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-07-25 00:12:09 +02:00
Marc S. Weidner BOT	d1a643ef59	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@9ceab38 at 2025-07-24T16:32:14Z on bed5f9dc0701 Generated at : 2025-07-24T16:32:14Z Runner Host : bed5f9dc0701 Workflow ID : 🛡️ Shell Script Linting Git Commit : `9ceab38` HEAD -> master	2025-07-24 16:32:14 +00:00
Marc S. Weidner	9ceab388ea	V8.03.912.2025.07.23 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 39s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-07-24 18:31:27 +02:00
Marc S. Weidner BOT	2bf021a9f1	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@7389cf0 at 2025-07-23T22:11:10Z on 0b7cbd58023d Generated at : 2025-07-23T22:11:10Z Runner Host : 0b7cbd58023d Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `7389cf0` HEAD -> master	2025-07-23 22:11:10 +00:00
Marc S. Weidner BOT	7389cf0509	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@241b651 at 2025-07-23T21:11:59Z on f54b3a4c10d5 Generated at : 2025-07-23T21:11:59Z Runner Host : f54b3a4c10d5 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `241b651` HEAD -> master	2025-07-23 21:11:59 +00:00
Marc S. Weidner BOT	241b651f2f	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@6758178 at 2025-07-23T20:12:50Z on 174bc337fd29 Generated at : 2025-07-23T20:12:50Z Runner Host : 174bc337fd29 Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `6758178` HEAD -> master	2025-07-23 20:12:50 +00:00
Marc S. Weidner BOT	675817813b	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@eb668f1 at 2025-07-23T19:13:29Z on 75728f49ada5 Generated at : 2025-07-23T19:13:29Z Runner Host : 75728f49ada5 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `eb668f1` HEAD -> master	2025-07-23 19:13:29 +00:00
Marc S. Weidner BOT	eb668f112c	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@a0140a7 at 2025-07-23T19:13:25Z on 9929952d2ca4 Generated at : 2025-07-23T19:13:25Z Runner Host : 9929952d2ca4 Workflow ID : 🛡️ Shell Script Linting Git Commit : `a0140a7` HEAD -> master	2025-07-23 19:13:25 +00:00
Marc S. Weidner	a0140a7b53	V8.03.912.2025.07.23 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 47s Details 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 50s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 1h0m24s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 59m3s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 59m10s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-07-23 21:11:43 +02:00
Marc S. Weidner BOT	c969ed6e88	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@b36bf4f at 2025-07-22T23:00:47Z on 4abced17613f Generated at : 2025-07-22T23:00:47Z Runner Host : 4abced17613f Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `b36bf4f` HEAD -> master	2025-07-22 23:00:47 +00:00
Marc S. Weidner BOT	b36bf4fe5f	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@fe3696c at 2025-07-22T22:02:35Z on 57b4d21489b1 Generated at : 2025-07-22T22:02:35Z Runner Host : 57b4d21489b1 Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `fe3696c` HEAD -> master	2025-07-22 22:02:35 +00:00
Marc S. Weidner BOT	fe3696c4e8	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@05ba3be at 2025-07-22T21:04:07Z on c138662908b1 Generated at : 2025-07-22T21:04:07Z Runner Host : c138662908b1 Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `05ba3be` HEAD -> master	2025-07-22 21:04:07 +00:00
Marc S. Weidner BOT	05ba3be592	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@834a924 at 2025-07-22T20:04:28Z on 963b7699fc6c Generated at : 2025-07-22T20:04:28Z Runner Host : 963b7699fc6c Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `834a924` HEAD -> master	2025-07-22 20:04:28 +00:00
Marc S. Weidner BOT	834a924080	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@4c552f2 at 2025-07-22T20:04:20Z on f1d1a6a9de4b Generated at : 2025-07-22T20:04:20Z Runner Host : f1d1a6a9de4b Workflow ID : 🛡️ Shell Script Linting Git Commit : `4c552f2` HEAD -> master	2025-07-22 20:04:20 +00:00
Marc S. Weidner	4c552f2ecc	V8.03.896.2025.07.22 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 44s Details 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 53s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 1h0m39s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 58m28s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 58m10s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-07-22 22:02:54 +02:00
Marc S. Weidner BOT	553db82ad7	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@960db79 at 2025-07-19T21:52:19Z on bb712fd1a129 Generated at : 2025-07-19T21:52:19Z Runner Host : bb712fd1a129 Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `960db79` HEAD -> master	2025-07-19 21:52:19 +00:00
Marc S. Weidner BOT	960db79e56	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 1 [skip ci] X-CI-Metadata: master@3b5ba91 at 2025-07-19T20:54:17Z on bc68526c448e Generated at : 2025-07-19T20:54:17Z Runner Host : bc68526c448e Workflow ID : 🔐 Generating a Private Live ISO FLV 1. Git Commit : `3b5ba91` HEAD -> master	2025-07-19 20:54:17 +00:00
Marc S. Weidner BOT	3b5ba919d2	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO FLV 0 [skip ci] X-CI-Metadata: master@2f4ce03 at 2025-07-19T19:54:32Z on 10652dff9b2e Generated at : 2025-07-19T19:54:32Z Runner Host : 10652dff9b2e Workflow ID : 🔐 Generating a Private Live ISO FLV 0. Git Commit : `2f4ce03` HEAD -> master	2025-07-19 19:54:32 +00:00
Marc S. Weidner BOT	2f4ce03347	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@1d095ef at 2025-07-19T18:56:31Z on 6d2986b4a33e Generated at : 2025-07-19T18:56:31Z Runner Host : 6d2986b4a33e Workflow ID : 🛡️ Shell Script Linting Git Commit : `1d095ef` HEAD -> master	2025-07-19 18:56:31 +00:00
Marc S. Weidner BOT	1d095efce3	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@f12abfe at 2025-07-19T18:55:22Z on d38d80a1bb55 Generated at : 2025-07-19T18:55:22Z Runner Host : d38d80a1bb55 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `f12abfe` HEAD -> master	2025-07-19 18:55:23 +00:00
Marc S. Weidner	f12abfef69	V8.03.880.2025.07.19 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 51s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m0s Details 🔐 Generating a Private Live ISO FLV 0. / 🔐 Generating a Private Live ISO FLV 0. (push) Successful in 1h0m8s Details 🔐 Generating a Private Live ISO FLV 1. / 🔐 Generating a Private Live ISO FLV 1. (push) Successful in 59m44s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 58m0s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-07-19 20:52:35 +02:00