DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci]

X-CI-Metadata: master@181b73b at 2025-10-07T00:00:01Z on ff2a36e41830 Generated at : 2025-10-07T00:00:01Z Runner Host : ff2a36e41830 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : 181b73b HEAD -> master
DEPLOY BOT : 🛡️ Shell Script Linting [skip ci]
2025-10-07 00:00:01 +00:00 · 2025-10-06 23:10:29 +00:00 · 2025-10-07 00:08:40 +01:00 · 2025-10-06 22:15:24 +00:00 · 2025-10-06 21:22:17 +00:00 · 2025-10-06 21:18:56 +00:00
111 changed files with 726 additions and 375 deletions
--- a/.archive/.0000_lib_usage.sh
+++ b/.archive/.0000_lib_usage.sh
@@ -21,7 +21,7 @@ usage() {
  clear
  cat << EOF
 $(echo -e "\e[92mCISS.debian.live.builder\e[0m")
-$(echo -e "\e[92mMaster V8.13.008.2025.08.22\e[0m")
+$(echo -e "\e[92mMaster V8.13.048.2025.10.06\e[0m")
 $(echo -e "\e[92mA lightweight Shell Wrapper for building a hardened Debian Live ISO Image.\e[0m")
 $(echo -e "\e[97m(c) Marc S. Weidner, 2018 - 2025\e[0m")
--- a/.archive/0003_install_backports.chroot
+++ b/.archive/0003_install_backports.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/1024_git_clone_ciss_2025_debian_installer.chroot
+++ b/config/hooks/live/1024_git_clone_ciss_2025_debian_installer.chroot
@@ -9,17 +9,14 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 # TODO: MUST be uncommented
 cd /root/git
-# git clone https://git.coresecret.dev/msw/CISS.debian.installer.git
+git clone https://git.coresecret.dev/msw/CISS.debian.installer.git
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
+++ b/.gitea/ISSUE_TEMPLATE/ISSUE_TEMPLATE.yaml
@@ -25,7 +25,7 @@ body:
    attributes:
      label: "Version"
      description: "Which version are you running? Use `./ciss_live_builder.sh -v`."
-      placeholder: "e.g., Master V8.13.008.2025.08.22"
+      placeholder: "e.g., Master V8.13.048.2025.10.06"
    validations:
      required: true
--- a/.gitea/TODO/dockerfile
+++ b/.gitea/TODO/dockerfile
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 FROM debian:bookworm
--- a/.gitea/TODO/render-md-to-html.yaml
+++ b/.gitea/TODO/render-md-to-html.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 name: 🔁 Render README.md to README.html.
--- a/.gitea/trigger/t_generate_PRIVATE_trixie_0.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_trixie_0.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.13.008.2025.08.22
+  version: V8.13.048.2025.10.06
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.13.008.2025.08.22
+  version: V8.13.048.2025.10.06
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_PUBLIC.yaml
+++ b/.gitea/trigger/t_generate_PUBLIC.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.13.008.2025.08.22
+  version: V8.13.048.2025.10.06
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/trigger/t_generate_dns.yaml
+++ b/.gitea/trigger/t_generate_dns.yaml
@@ -11,5 +11,5 @@
 build:
  counter: 1023
-  version: V8.13.008.2025.08.22
+  version: V8.13.048.2025.10.06
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate_PRIVATE_trixie_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_trixie_0.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 name: 🔐 Generating a Private Live ISO TRIXIE.
@@ -51,6 +51,7 @@ jobs:
            gnupg \
            openssh-client \
            openssl \
            perl \
            sudo \
            util-linux
@@ -136,17 +137,63 @@ jobs:
          echo "${{ secrets.CISS_DLB_ROOT_PWD }}" >| /opt/config/password.txt
          echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY }}" >| /opt/config/authorized_keys
      - name: 🔧 Render live hook with secrets.
        shell: bash
        working-directory: ${{ github.workspace }}
        env:
          ED25519_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY }}
          ED25519_PUB:  ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY_PUB }}
          RSA_PRIV:     ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY }}
          RSA_PUB:      ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY_PUB }}
        run: |
          set -Ceuo pipefail
          umask 077
          REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd -P)"
          TPL="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot.tmpl"
          OUT="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot"
          if [[ ! -f "$TPL" ]]; then
            echo "Template not found: $TPL"
            echo "::group::Tree of config/hooks/live"
            ls -la "$REPO_ROOT/config/hooks/live" || true
            echo "::endgroup::"
            exit 2
          fi
          export ED25519_PRIV="${ED25519_PRIV//$'\r'/}"
          export ED25519_PUB="${ED25519_PUB//$'\r'/}"
          export RSA_PRIV="${RSA_PRIV//$'\r'/}"
          export RSA_PUB="${RSA_PUB//$'\r'/}"
          perl -0777 -pe '
            BEGIN{
              $ed=$ENV{ED25519_PRIV}; $edpub=$ENV{ED25519_PUB};
              $rsa=$ENV{RSA_PRIV};    $rsapub=$ENV{RSA_PUB};
            }
            s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_ED25519_KEY\s*\}\}/$ed/g;
            s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_ED25519_KEY_PUB\s*\}\}/$edpub/g;
            s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_RSA_KEY\s*\}\}/$rsa/g;
            s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_RSA_KEY_PUB\s*\}\}/$rsapub/g;
          ' "$TPL" > "$OUT"
          chmod 0755 "$OUT"
          echo "Hook rendered: $OUT"
      - name: 🛠️ Starting CISS.debian.live.builder. This may take a while ...
        shell: bash
        working-directory: ${{ github.workspace }}
        run: |
          set -euo pipefail
          chmod 0755 ciss_live_builder.sh
          timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
-          ### Change "--autobuild=" to the specific kernel version you need: '6.12.41+deb13-amd64'.
+          ### Change "--autobuild=" to the specific kernel version you need: '6.16.3+deb13-amd64'.
          ./ciss_live_builder.sh \
-            --autobuild=6.12.41+deb13-amd64 \
+            --autobuild=6.16.3+deb13-amd64 \
            --architecture amd64 \
            --build-directory /opt/livebuild \
            --cdi \
            --control "${timestamp}" \
            --debug \
            --dhcp-centurion \
@@ -155,8 +202,14 @@ jobs:
            --root-password-file /opt/config/password.txt \
            --ssh-port ${{ secrets.CISS_DLB_SSH_PORT }} \
            --ssh-pubkey /opt/config \
            --sshfp \
            --trixie
          REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd -P)"
          OUT="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot"
          rm -f "$OUT"
          echo "Hook removed: $OUT"
      - name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
        shell: bash
        env:
--- a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 name: 🔐 Generating a Private Live ISO TRIXIE.
@@ -51,6 +51,7 @@ jobs:
            gnupg \
            openssh-client \
            openssl \
            perl \
            sudo \
            util-linux
@@ -136,24 +137,76 @@ jobs:
          echo "${{ secrets.CISS_DLB_ROOT_PWD_1 }}" >| /opt/config/password.txt
          echo "${{ secrets.CISS_DLB_ROOT_SSH_PUBKEY_1 }}" >| /opt/config/authorized_keys
      - name: 🔧 Render live hook with secrets.
        shell: bash
        working-directory: ${{ github.workspace }}
        env:
          ED25519_PRIV: ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY }}
          ED25519_PUB:  ${{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY_PUB }}
          RSA_PRIV:     ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY }}
          RSA_PUB:      ${{ secrets.CISS_DLB_SSH_HOST_RSA_KEY_PUB }}
        run: |
          set -Ceuo pipefail
          umask 077
          REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd -P)"
          TPL="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot.tmpl"
          OUT="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot"
          if [[ ! -f "$TPL" ]]; then
            echo "Template not found: $TPL"
            echo "::group::Tree of config/hooks/live"
            ls -la "$REPO_ROOT/config/hooks/live" || true
            echo "::endgroup::"
            exit 2
          fi
          export ED25519_PRIV="${ED25519_PRIV//$'\r'/}"
          export ED25519_PUB="${ED25519_PUB//$'\r'/}"
          export RSA_PRIV="${RSA_PRIV//$'\r'/}"
          export RSA_PUB="${RSA_PUB//$'\r'/}"
          perl -0777 -pe '
            BEGIN{
              $ed=$ENV{ED25519_PRIV}; $edpub=$ENV{ED25519_PUB};
              $rsa=$ENV{RSA_PRIV};    $rsapub=$ENV{RSA_PUB};
            }
            s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_ED25519_KEY\s*\}\}/$ed/g;
            s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_ED25519_KEY_PUB\s*\}\}/$edpub/g;
            s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_RSA_KEY\s*\}\}/$rsa/g;
            s/\{\{\s*secrets\.CISS_DLB_SSH_HOST_RSA_KEY_PUB\s*\}\}/$rsapub/g;
          ' "$TPL" > "$OUT"
          chmod 0755 "$OUT"
          echo "Hook rendered: $OUT"
      - name: 🛠️ Starting CISS.debian.live.builder. This may take a while ...
        shell: bash
        working-directory: ${{ github.workspace }}
        run: |
          set -euo pipefail
          chmod 0755 ciss_live_builder.sh
          timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
-          ### Change "--autobuild=" to the specific kernel version you need: '6.12.41+deb13-amd64'.
+          ### Change "--autobuild=" to the specific kernel version you need: '6.16.3+deb13-amd64'.
          ./ciss_live_builder.sh \
-            --autobuild=6.12.41+deb13-amd64 \
+            --autobuild=6.16.3+deb13-amd64 \
            --architecture amd64 \
            --build-directory /opt/livebuild \
            --cdi \
            --control "${timestamp}" \
            --jump-host ${{ secrets.CISS_DLB_JUMP_HOSTS_1 }} \
            --root-password-file /opt/config/password.txt \
            --ssh-port ${{ secrets.CISS_DLB_SSH_PORT_1 }} \
            --ssh-pubkey /opt/config \
            --sshfp \
            --trixie
          REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd -P)"
          OUT="$REPO_ROOT/config/hooks/live/9935_hardening_ssh.chroot"
          rm -f "$OUT"
          echo "Hook removed: $OUT"
      - name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
        shell: bash
        env:
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -9,10 +9,14 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 name: 💙 Generating a PUBLIC Live ISO.
 defaults:
  run:
    shell: bash
 permissions:
  contents: write
@@ -24,161 +28,31 @@ on:
      - '.gitea/trigger/t_generate_PUBLIC.yaml'
 jobs:
-  generate-private-ciss-debian-live-iso:
+  generate-public-cdlb-trixie:
    name: 💙 Generating a PUBLIC Live ISO.
-    runs-on: ciss.debian.live.builder.iso.generator
+    runs-on: cdlb.trixie
    ### Run all steps inside Debian Bookworm
    container:
-      image: debian:bookworm
+      image: debian:trixie
    steps:
-      - name: 🛠️ Basic Image Setup and enable Bookworm Backports.
+      - name: 🛠️ Basic Image Setup.
        run: |
          apt-get update -y
          apt-get install -y apt-transport-https apt-utils bash ca-certificates openssl sudo
          echo 'deb https://deb.debian.org/debian bookworm-backports main' \
            >| /etc/apt/sources.list.d/bookworm-backports.list
          apt-get update -y
          apt-get upgrade -y
      - name: 🛠️ Installing Build Tools.
        shell: bash
        run: |
-          apt-get update -y
+          export DEBIAN_FRONTEND=noninteractive
-          apt-get install -y \
+          apt-get update
-            autoconf \
+          apt-get upgrade -y
-            automake \
+          apt-get install -y --no-install-recommends \
-            build-essential \
+            apt-utils \
-            cryptsetup \
+            bash \
            ca-certificates \
            curl \
            debootstrap \
            dosfstools \
            efibootmgr \
            gettext \
            git \
            gnupg \
-            haveged \
+            openssh-client \
-            libbz2-dev \
+            openssl \
            zlib1g-dev \
            liblzma-dev \
            libtool \
            live-build \
            parted \
            pkg-config \
            ssh \
            ssl-cert \
            sudo \
-            texinfo \
+            util-linux
            wget \
            whois \
      - name: 🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.
        shell: bash
        run: |
          urls=(
            "https://gnupg.org/ftp/gcrypt/npth/npth-1.8.tar.bz2"
            "https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.55.tar.bz2"
            "https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2"
            "https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2"
            "https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.2.tar.bz2"
            "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
          )
          wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc > /dev/null 2>&1
          gpg --batch --import signature_key.asc
          for url in "${urls[@]}"; do
            archive_name="${url##*/}"
            pkg_name="${archive_name%.tar.bz2}"
            echo "🔄 Processing ${pkg_name}"
            if [[ ! -f "${archive_name}" ]]; then
              echo "📥 Downloading: '${archive_name}'."
              if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
                echo "✅ Download successful: '${archive_name}'."
              else
                echo "❌ Download NOT successful: '${archive_name}'."
                exit 1
              fi
            else
              echo "💡 Skipping download, package already exists: '${archive_name}'."
            fi
            if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
            if [[ ! -d "${pkg_name}" ]]; then
              echo "📂 Extracting: '${archive_name}'."
              if tar -xjf "${archive_name}"; then
                echo "✅ Extraction successful: '${archive_name}'."
              else
                echo "❌ Extraction not successful: '${archive_name}'."
                exit 1
              fi
            else
              echo "💡 Skipping directory, already exists: '${pkg_name}'."
            fi
            echo "🏗️ Build and install the package: '${pkg_name}'."
            cd "${pkg_name}" || { echo "❌ Could not change to '${pkg_name}'."; exit 1; }
            mkdir -p build
            cd build || { echo "❌ Could not change to '/build'."; exit 1; }
            sudo ../configure > /dev/null 2>&1  || { echo "❌ '../configure' NOT successful for '${pkg_name}'."; exit 1; }
            make > /dev/null 2>&1 || { echo "❌ 'make' NOT successful for '${pkg_name}'."; exit 1; }
            sudo make install > /dev/null 2>&1 || { echo "❌ 'make install' NOT successful for '${pkg_name}'."; exit 1; }
            cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
            rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
            rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
            echo "✅ Successful build and installation of '${pkg_name}'."
            echo "-------------------------------------------------------------------------------------"
          done
          rm -f signature_key.asc
          echo "✅ All packages were built and installed successfully."
          mv_bin=(
            "/usr/bin/gpg"
            "/usr/bin/gpg-agent"
            "/usr/bin/gpgconf"
            "/usr/bin/gpg-connect-agent"
            "/usr/bin/gpg-wks-client"
            "/usr/bin/gpg-preset-passphrase"
          )
          for bin in "${mv_bin[@]}"; do
            name="${bin##*/}"
            if [[ -f "${bin}" && -f "/usr/local/bin/${name}" ]]; then
              if mv "${bin}" "${bin}.debian-backup"; then
                echo "✅ Moved successfully: '${bin}'."
              else
                echo "❌ Moved NOT successfully: '${bin}'."
              fi
            else
              echo "💡 Does not exist as build binary: '${bin}'."
            fi
          done
          for bin in "${mv_bin[@]}"; do
            name="${bin##*/}"
            if [[ -f "/usr/local/bin/${name}" ]]; then
              if update-alternatives --install "${bin}" "${name}" "/usr/local/bin/${name}" 100; then
                echo "✅ 'update-alternatives' successfully: '${bin}'."
              else
                echo "❌ 'update-alternatives' NOT successfully: '${bin}'."
              fi
            else
              echo "💡 Does not exist: '/usr/local/bin/${name}'."
            fi
          done
          sudo ldconfig
          gpgconf --kill all
          /usr/local/bin/gpg-agent --daemon
      - name: ⚙️ Check GnuPG Version.
        shell: bash
@@ -269,15 +143,18 @@ jobs:
          sed -i '/^hardening_ssh.*/d' ciss_live_builder.sh
          chmod 0755 ciss_live_builder.sh
          timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
-          ### Change "--autobuild=" to the specific kernel version you need: 6.12.22+bpo-amd64.
+          ### Change "--autobuild=" to the specific kernel version you need: '6.16.3+deb13-amd64'.
          ./ciss_live_builder.sh \
-            --autobuild=6.1.0-37-amd64 \
+            --autobuild=6.16.3+deb13-amd64 \
            --architecture amd64 \
            --build-directory /opt/livebuild \
            --cdi \
            --control "${timestamp}" \
            --debug \
            --root-password-file /opt/config/password.txt \
            --ssh-port 42137 \
-            --ssh-pubkey /opt/config
+            --ssh-pubkey /opt/config \
            --trixie
      - name: 📥 Checking Centurion Cloud for existing LIVE ISOs.
        shell: bash
@@ -364,11 +241,12 @@ jobs:
          gpg --batch --yes --armor --detach-sign --output "${SIGNATURE_FILE}" "${VAR_ISO_FILE_SHA512}"
          timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
          VAR_DATE="$(date +%F)"
          PRIVATE_FILE="LIVE_ISO.public"
          touch "${PRIVATE_FILE}"
          cat << EOF >| "${PRIVATE_FILE}"
          # SPDX-Version: 3.0
-          # SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
+          # SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
          # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
          # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
          # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
--- a/.gitea/workflows/linter_char_scripts.yaml
+++ b/.gitea/workflows/linter_char_scripts.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 # Gitea Workflow: Shell-Script Linting
 #
--- a/.gitea/workflows/render-dnssec-status.yaml
+++ b/.gitea/workflows/render-dnssec-status.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
--- a/.gitea/workflows/render-dot-to-png.yaml
+++ b/.gitea/workflows/render-dot-to-png.yaml
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 name: 🔁 Render Graphviz Diagrams.
--- a/.version.properties
+++ b/.version.properties
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2 OR LicenseRef-CCLA-1.0"
 properties_SPDX-LicenseComment="This file is part of the CISS.debian.installer.secure framework."
 properties_SPDX-PackageName="CISS.debian.live.builder"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V8.13.008.2025.08.22"
+properties_version="V8.13.048.2025.10.06"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
--- a/CISS.debian.live.builder.spdx
+++ b/CISS.debian.live.builder.spdx
@@ -6,7 +6,7 @@ Creator: Person: Marc S. Weidner (Centurion Intelligence Consulting Agency)
 Created: 2025-05-07T12:00:00Z
 Package: CISS.debian.live.builder
 PackageName: CISS.debian.live.builder
-PackageVersion: Master V8.13.008.2025.08.22
+PackageVersion: Master V8.13.048.2025.10.06
 PackageSupplier: Organization: Centurion Intelligence Consulting Agency
 PackageDownloadLocation: https://git.coresecret.dev/msw/CISS.debian.live.builder
 PackageHomePage: https://git.coresecret.dev/msw/CISS.debian.live.builder
--- a/LINTER_RESULTS.txt
+++ b/LINTER_RESULTS.txt
@@ -1,5 +1,5 @@
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: 2025-10-06; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-08-22T17:25:58Z"
+This file was automatically generated by the DEPLOY BOT on: "2025-10-06T23:10:27Z"
 ✅ The last linter check was successful. ✅
--- a/LIVE_ISO.public
+++ b/LIVE_ISO.public
@@ -1,5 +1,5 @@
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-06-01; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: 2025-10-06; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-08-11T22:40:21Z".
+This file was automatically generated by the DEPLOY BOT on: "2025-10-06T21:22:13Z"
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_08_11T21_49_56Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_10_06T20_28_04Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  4aa02673b9a8d5b974014eca4371d1ed69b05eaea9e92203cf7c092880833e18812bf31ab053399eda98b7a3da0b76b8dcdaaba892e9f52f836ea9d2b0e09e38
+  462f68354a3b7e1c17d654126e686783694feb88fb1cb90787e262e4a6332d69f6abea2d1a67adc459f6ba8c6720defbe87c739eb2947a9f2410e10c56f6615c
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaJpxVQAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaOQzBQAKCRA85KY4hzOw
-IZWOAQDJriUoDvDNSQiHbFfW4KVV1E1wqe12eS7GyfVFr9bISwEAoDKhQ85+RiGr
+IaBlAQDVAFVdGRDFZ//1gBlQIAFlmYSV7G5/k2gl3mX+CvRpTgEAlyjD63v9dGiI
-pCdWqvU8wcfzEIlKIpAgAZVrhX/xRw8=
+WBMF9hYXElzZ7BC7nOzpEWMsNbKbRgI=
-=wNVV
+=nPKO
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_TRIXIE_0.private
+++ b/LIVE_ISO_TRIXIE_0.private
@@ -1,5 +1,5 @@
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: 2025-10-06; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-08-22T16:55:09Z"
+This file was automatically generated by the DEPLOY BOT on: "2025-10-06T19:34:02Z"
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_08_22T16_11_02Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_10_06T18_30_18Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  35c288d96239804e244cbe99c8ce3895aec39104a7200c2ef7326d38e1ec4eea3bf60b895eaa4d981cb718ae4d27d2d4166f16252b88606a870d14c3db096a37
+  e1964f783ce6da34853a73fc27723228a71d3f5afde9388fadf686f1a367ed36f8fbe4ad0747b842395603f549b6d99b1cff25938511093f5313a310bf94b7fe
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaKig7QAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaOQZqgAKCRA85KY4hzOw
-IWKWAP0Wlqbi3ArURSGW5m+E+OstdsU7qHjf+e1SVRJ3BGUzaAEAr3ceyHiiA2/7
+IeeUAP4i9Dh/ZBJVCfwlWzyIqbR0SBHio2ErW+NuQ7KOKxG6JwD+If47NhNGmazi
-RlXsvZxNgVDaEVSdjmt99dMrZK7DRws=
+QTTQAWOjdQiCibBZFO1h9udGX4SFvww=
-=4Oh3
+=gaNi
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/LIVE_ISO_TRIXIE_1.private
+++ b/LIVE_ISO_TRIXIE_1.private
@@ -1,5 +1,5 @@
 # SPDX-Version: 3.0
-# SPDX-CreationInfo: 2025-08-22; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-CreationInfo: 2025-10-06; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
@@ -9,19 +9,19 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-This file was automatically generated by the DEPLOY BOT on: "2025-08-22T17:41:13Z"
+This file was automatically generated by the DEPLOY BOT on: "2025-10-06T23:59:58Z"
 CISS.debian.live.builder ISO :
-  "ciss-debian-live-2025_08_22T16_56_12Z-amd64.hybrid.iso"
+  "ciss-debian-live-2025_10_06T23_10_02Z-amd64.hybrid.iso"
 CISS.debian.live.builder ISO sha512 :
-  4925332b61dbd91f0c444624bbe7de586dbd911fbb27b080a99e44ae312c5139afc502d0415d0bef7dfbd1e5461c07e0a0700f7206e746a91cbcb5403ef003e3
+  b6fea877a0107b4ab715ef898187f061d77c599ab671dc3026833f0acfec37fde3d97367c2cd757a3fa359eb717db0f23d49d9b7c3ddcf919449f8d3e00ac922
 CISS.debian.live.builder ISO sha512 sign :
  -----BEGIN PGP SIGNATURE-----
-iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaKiruQAKCRA85KY4hzOw
+iHUEABYKAB0WIQSqYnPMNKGz69afyHA85KY4hzOwIQUCaORX/gAKCRA85KY4hzOw
-IdoTAQDqyOBkGA0xDoLsDvjFSaf3tmzz8mD/5qvsDtF6y/rEWwD/dAXzMOdQjxg8
+IVqhAQDzPkKEstVodAu0ZqI8vc0YbjLyUBQLZu1mpRZ8iwJdSgD/YYpe2uktaMLj
-IcK+GK6u4k5/HT5bYlCvTy/WxRb5ggQ=
+FN869xpuNo38nZDUTKwER29fQxFaSAE=
-=boDM
+=niz8
 -----END PGP SIGNATURE-----
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
--- a/README.md
+++ b/README.md
@@ -2,17 +2,17 @@
 gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.13.008.2025.08.22-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V8.13.048.2025.10.06-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/CISS.debian.live.builder)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/Bash-V5.2.15-white?style=plastic&logo=gnubash&logoColor=white&logoSize=auto&label=Bash&color=%234EAA25)](https://www.gnu.org/software/bash/) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/Bash-V5.2.37-white?style=plastic&logo=gnubash&logoColor=white&logoSize=auto&label=Bash&color=%234EAA25)](https://www.gnu.org/software/bash/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/shellcheck-passed-white?style=plastic&logo=gnubash&logoColor=white&logoSize=auto&label=shellcheck&color=%234EAA25)](https://shellcheck.net/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/shellformat-passed-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=shellformat&color=%234285F4)](https://github.com/mvdan/sh) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Shellstyle-Google-white?style=plastic&logo=google&logoColor=white&logoSize=auto&label=Shellstyle&color=%234285F4)](https://google.github.io/styleguide/shellguide.html)
 &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.5-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/Gitea-1.24.6-white?style=plastic&logo=gitea&logoColor=white&logoSize=auto&label=gitea&color=%23609926)](https://docs.gitea.com/) &nbsp;
-[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.2-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
+[![Static Badge](https://badges.coresecret.dev/badge/IntelliJ-2025.2.3-white?style=plastic&logo=intellijidea&logoColor=white&logoSize=auto&label=IntelliJ&color=%23000000)](https://www.jetbrains.com/store/?section=personal&billing=yearly) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/keepassxc-2.7.10-white?style=plastic&logo=keepassxc&logoColor=white&logoSize=auto&label=KeePassXC&color=%236CAC4D)](https://keepassxc.org/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/netcup-Netcup-white?style=plastic&logo=netcup&logoColor=white&logoSize=auto&label=powered&color=%23056473)](https://www.netcup.com/de) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/powered-Centurion-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=powered&color=%230F243E)](https://coresecret.eu/) &nbsp;
@@ -26,7 +26,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 This shell wrapper automates the creation of a Debian Bookworm live ISO hardened according to the latest best practices in server
 and service security. It integrates into your build pipeline to deliver an isolated, robust environment suitable for
@@ -151,7 +151,7 @@ This means function status of the **CISS.2025.debian.live.builder** ISO after d-
 This project adheres strictly to a structured versioning scheme following the pattern x.y.z-Date.
-Example: `V8.13.008.2025.08.22`
+Example: `V8.13.048.2025.10.06`
 `x.y.z` represents major (x), minor (y), and patch (z) version increments.
@@ -453,6 +453,7 @@ predictable script behavior.
                          --build-directory /opt/livebuild \
                          --change-splash hexagon \
                          --control "${timestamp}" \
                          --cdi \
                          --debug \
                          --dhcp-centurion \
                          --jump-host 10.0.0.128 [c0de:4711:0815:4242::1] [2abc:4711:0815:4242::1]/64 \
--- a/config/hooks/live/0000_generate_backup_dir.chroot
+++ b/config/hooks/live/0000_generate_backup_dir.chroot
@@ -9,10 +9,9 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 mkdir -p /root/.ciss/dlb/backup
 chmod 0700 /root/.ciss/dlb/backup
@@ -21,7 +20,6 @@ mkdir -p /root/git
 chmod 0700 /root/git
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/0001_initramfs_modules.chroot
+++ b/config/hooks/live/0001_initramfs_modules.chroot
@@ -9,10 +9,9 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 #######################################
 # Get all NIC Driver of the current Host-machine
@@ -331,7 +330,6 @@ chmod 0755 /etc/initramfs-tools/hooks/ciss_debian_live_builder
 update-initramfs -u -k all
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/0002_verify_checksums.chroot
+++ b/config/hooks/live/0002_verify_checksums.chroot
@@ -9,10 +9,9 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 target="/usr/lib/live/boot/0030-verify-checksums"
 src="$(mktemp)"
@@ -138,7 +137,6 @@ rm -f "${src}"
 unset target src
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/0050_activate_root.chroot
+++ b/config/hooks/live/0050_activate_root.chroot
@@ -9,16 +9,13 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 if [[ ! -f /root/.pwd ]]; then
  printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ /root/.pwd NOT found. \e[0m\n"
  # sleep 1
  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Exiting Hook ... \e[0m\n"
  # sleep 1
  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' done. Nothing changed. \e[0m\n" "${0}"
  exit 0
 fi
@@ -38,7 +35,6 @@ sed -i "s|^user:[^:]*:\(.*\)|user:${safe_hashed_pwd}:\1|" /etc/shadow
 unset hashed_pwd safe_hashed_pwd
 cat /etc/shadow
 # sleep 1
 if shred -vfzu -n 5 /root/.pwd; then
  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Password file /root/.pwd: -vfzu -n 5 >> done. \e[0m\n"
@@ -47,7 +43,6 @@ else
 fi
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/0080_keyboard_layout.chroot
+++ b/config/hooks/live/0080_keyboard_layout.chroot
@@ -9,10 +9,9 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 cat << 'EOF' >| /etc/default/keyboard
 XKBMODEL="pc105"
@@ -25,7 +24,6 @@ EOF
 dpkg-reconfigure -f noninteractive keyboard-configuration
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/0090_haveged.chroot
+++ b/config/hooks/live/0090_haveged.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0120_set_hostname.chroot
+++ b/config/hooks/live/0120_set_hostname.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0130_machineid.chroot
+++ b/config/hooks/live/0130_machineid.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0400_eza_install.chroot
+++ b/config/hooks/live/0400_eza_install.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0800_lynis_setup.chroot
+++ b/config/hooks/live/0800_lynis_setup.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0810_chrony_setup.chroot
+++ b/config/hooks/live/0810_chrony_setup.chroot
@@ -9,10 +9,9 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 mkdir -p /var/log/chrony
 # See https://coresecret.eu/tutorials/debian-package-glossary/ for a brief description of the installed packages.
--- a/config/hooks/live/0820_kernel_hardening_checker.chroot
+++ b/config/hooks/live/0820_kernel_hardening_checker.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0822_ssh_restart_hook.chroot
+++ b/config/hooks/live/0822_ssh_restart_hook.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0825_my_sqltuner_perl.chroot
+++ b/config/hooks/live/0825_my_sqltuner_perl.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0830_download_yq.chroot
+++ b/config/hooks/live/0830_download_yq.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0835_testssl.sh.chroot
+++ b/config/hooks/live/0835_testssl.sh.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0840_ufw_abuse_ipdb_reporter.chroot
+++ b/config/hooks/live/0840_ufw_abuse_ipdb_reporter.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0845_harbian_audit.chroot
+++ b/config/hooks/live/0845_harbian_audit.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0850_ssh_audit.chroot
+++ b/config/hooks/live/0850_ssh_audit.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0855_dnsviz.chroot
+++ b/config/hooks/live/0855_dnsviz.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/0900_ufw_setup.chroot
+++ b/config/hooks/live/0900_ufw_setup.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9900_process_accounting.chroot
+++ b/config/hooks/live/9900_process_accounting.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9910_motd.chroot
+++ b/config/hooks/live/9910_motd.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
@@ -24,7 +24,7 @@ EOF
 chmod 0755 /etc/update-motd.d/10-uname
-printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successful applied. \e[0m\n" "${0}"
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successfully applied. \e[0m\n" "${0}"
 # sleep 1
 exit 0
--- a/config/hooks/live/9920_deleting_invalid_x509.chroot
+++ b/config/hooks/live/9920_deleting_invalid_x509.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9930_hardening_ssh.chroot
+++ b/config/hooks/live/9930_hardening_ssh.chroot
@@ -9,17 +9,18 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
 cd /etc/ssh || {
  printf "\e[91mm++++ ++++ ++++ ++++ ++++ ++++ ++ Could not find /etc/ssh \e[0m\n"
 }
 rm -rf ssh_host_*key*
 # shellcheck disable=SC2312
 ssh-keygen -o -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C "root@live-$(date -I)"
 # shellcheck disable=SC2312
 ssh-keygen -o -N "" -t rsa -b 8192 -f /etc/ssh/ssh_host_rsa_key -C "root@live-$(date -I)"
 awk '$5 >= 4000' /etc/ssh/moduli >| /etc/ssh/moduli.safe
@@ -44,7 +45,26 @@ ssh-keygen -r @ >| /root/sshfp
 # The chmod +x command ensures that the file is executed in every shell session.          #
 ###########################################################################################
 cat << 'EOF' >| /etc/profile.d/idle-users.sh
-declare -girx TMOUT=14400
+# SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 case $- in
  *i*)
    TMOUT=14400
    export TMOUT
    readonly TMOUT
  ;;
 esac
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF
 chmod +x /etc/profile.d/idle-users.sh
@@ -58,7 +78,6 @@ EOF
 chmod 0644 /etc/systemd/system/ssh.service.d/override.conf
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/9935_hardening_ssh.chroot.tmpl
+++ b/config/hooks/live/9935_hardening_ssh.chroot.tmpl
@@ -0,0 +1,94 @@
 #!/bin/bash
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 cd /etc/ssh || {
  printf "\e[91mm++++ ++++ ++++ ++++ ++++ ++++ ++ Could not find /etc/ssh \e[0m\n"
 }
 cat << 'EOF' >| ssh_host_ed25519_key
 {{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY }}
 EOF
 cat << 'EOF' >| ssh_host_ed25519_key.pub
 {{ secrets.CISS_DLB_SSH_HOST_ED25519_KEY_PUB }}
 EOF
 cat << 'EOF' >| ssh_host_rsa_key
 {{ secrets.CISS_DLB_SSH_HOST_RSA_KEY }}
 EOF
 cat << 'EOF' >| ssh_host_rsa_key.pub
 {{ secrets.CISS_DLB_SSH_HOST_RSA_KEY_PUB }}
 EOF
 awk '$5 >= 4000' /etc/ssh/moduli >| /etc/ssh/moduli.safe
 rm -rf /etc/ssh/moduli
 mv /etc/ssh/moduli.safe /etc/ssh/moduli
 chmod 0600 /etc/ssh/ssh_host_*_key
 chown root:root /etc/ssh/ssh_host_*_key
 chmod 0644 /etc/ssh/ssh_host_*_key.pub
 chown root:root /etc/ssh/ssh_host_*_key.pub
 chmod 600 /etc/ssh/sshd_config /etc/ssh/ssh_config
 touch /root/sshfp
 ssh-keygen -r @ >| /root/sshfp
 ###########################################################################################
 # Remarks: The file /etc/profile.d/idle-users.sh is created to set two read-only          #
 # environment variables: TMOUT and HISTFILE.                                              #
 # TMOUT=14400 ensures that users are automatically logged out after 4 hours of inactivity.#
 # readonly HISTFILE ensures that the command history cannot be changed.                   #
 # The chmod +x command ensures that the file is executed in every shell session.          #
 ###########################################################################################
 cat << 'EOF' >| /etc/profile.d/idle-users.sh
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 case $- in
  *i*)
    TMOUT=14400
    export TMOUT
    readonly TMOUT
  ;;
 esac
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF
 chmod +x /etc/profile.d/idle-users.sh
 mkdir -p /etc/systemd/system/ssh.service.d
 cat << 'EOF' >| /etc/systemd/system/ssh.service.d/override.conf
 [Unit]
 After=ufw.service
 Requires=ufw.service
 EOF
 chmod 0644 /etc/systemd/system/ssh.service.d/override.conf
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 # sleep 1
 exit 0
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/9940_hardening_memory.dump.chroot
+++ b/config/hooks/live/9940_hardening_memory.dump.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9950_fail2ban_hardening.chroot
+++ b/config/hooks/live/9950_fail2ban_hardening.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9960_disable_services.chroot
+++ b/config/hooks/live/9960_disable_services.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9970_remove_exim.chroot
+++ b/config/hooks/live/9970_remove_exim.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9980_usb_guard.chroot
+++ b/config/hooks/live/9980_usb_guard.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9985_clamav.chroot
+++ b/config/hooks/live/9985_clamav.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9990_final_purge.chroot
+++ b/config/hooks/live/9990_final_purge.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
@@ -52,7 +52,7 @@ apt-get autopurge -y
 updatedb
-printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successful applied. \e[0m\n" "${0}"
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successfully applied. \e[0m\n" "${0}"
 # sleep 1
 exit 0
--- a/config/hooks/live/9991_file_permissions.chroot
+++ b/config/hooks/live/9991_file_permissions.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
@@ -99,7 +99,7 @@ for bin in as gcc g++ cc clang; do
 done
 unset bin target
-printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successful applied. \e[0m\n" "${0}"
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successfully applied. \e[0m\n" "${0}"
 # sleep 1
 exit 0
--- a/config/hooks/live/9992_password_expiration.chroot
+++ b/config/hooks/live/9992_password_expiration.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9993_aide.chroot
+++ b/config/hooks/live/9993_aide.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9994_password_policy.chroot
+++ b/config/hooks/live/9994_password_policy.chroot
@@ -13,7 +13,7 @@
 ### NIST recommends at least eight characters but advises longer passphrases (e.g., 12-64) for increased security.
 ### NIST SP 800-63B, https://pages.nist.gov/800-63-3/sp800-63b.html
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9995_sysstat.chroot
+++ b/config/hooks/live/9995_sysstat.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9996_auditd.chroot
+++ b/config/hooks/live/9996_auditd.chroot
@@ -12,7 +12,7 @@
 ### https://github.com/linux-audit/audit-userspace/tree/master/rules
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9997_debsums.chroot
+++ b/config/hooks/live/9997_debsums.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
@@ -33,4 +33,4 @@ printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e
 # sleep 1
 exit 0
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/9998_sources_list_bookworm.chroot
+++ b/config/hooks/live/9998_sources_list_bookworm.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9998_sources_list_trixie.chroot
+++ b/config/hooks/live/9998_sources_list_trixie.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
--- a/config/hooks/live/9999_interfaces_update.chroot
+++ b/config/hooks/live/9999_interfaces_update.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 # sleep 1
@@ -62,4 +62,4 @@ printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e
 # sleep 1
 exit 0
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/etc/ssh/sshd_config
+++ b/config/includes.chroot/etc/ssh/sshd_config
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 ### https://www.ssh-audit.com/
 ### ssh -Q cipher | cipher-auth | compression | kex | kex-gss | key | key-cert | key-plain | key-sig | mac | protocol-version | sig
--- a/config/includes.chroot/etc/sysctl.d/99_local.hardened
+++ b/config/includes.chroot/etc/sysctl.d/99_local.hardened
@@ -9,7 +9,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V8.13.008.2025.08.22
+### Version Master V8.13.048.2025.10.06
 ### https://docs.kernel.org/
 ### https://github.com/a13xp0p0v/kernel-hardening-checker/
--- a/config/includes.chroot/preseed/.iso/iso.sh
+++ b/config/includes.chroot/preseed/.iso/iso.sh
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -C -e -u -o pipefail
+set -Ceuo pipefail
 # The example names get mapped to their roles here
 declare timestamp
--- a/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
+++ b/config/includes.chroot/preseed/.iso/preseed_hash_generator.sh
@@ -10,7 +10,7 @@
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-declare -gr VERSION="Master V8.13.008.2025.08.22"
+declare -gr VERSION="Master V8.13.048.2025.10.06"
 ### VERY EARLY CHECK FOR DEBUGGING
 if [[ $* == *" --debug "* ]]; then
--- a/config/includes.chroot/preseed/preseed.cfg
+++ b/config/includes.chroot/preseed/preseed.cfg
@@ -112,4 +112,4 @@ d-i preseed/late_command string sh /preseed/.ash/3_di_preseed_late_command.sh
 # Please consider donating to my work at: https://coresecret.eu/spenden/
 ###########################################################################################
-# Written by: ./preseed_hash_generator.sh Version: Master V8.13.008.2025.08.22 at: 10:18:37.9542
+# Written by: ./preseed_hash_generator.sh Version: Master V8.13.048.2025.10.06 at: 10:18:37.9542
--- a/config/package-lists/live.list.common.chroot
+++ b/config/package-lists/live.list.common.chroot
@@ -21,6 +21,7 @@ bash-completion
 bat
 bc
 bind9-dnsutils
 bison
 bsdmainutils
 btrfs-progs
 build-essential
@@ -28,6 +29,7 @@ bzip2
 ca-certificates
 clamav
 clamav-daemon
 clang-18
 console-setup
 cpuid
 cryptsetup
@@ -47,6 +49,7 @@ dirmngr
 dmsetup
 dnsviz
 dosfstools
 dpkg-dev
 e2fsprogs
 efibootmgr
 expect
@@ -54,6 +57,7 @@ fail2ban
 fdisk
 figlet
 fio
 flex
 fzf
 gawk
 gdisk
@@ -80,6 +84,7 @@ linux-source
 live-boot
 live-config
 live-config-systemd
 lld-18
 locate
 logrotate
 lsb-release
--- a/docs/AUDIT_DNSSEC.md
+++ b/docs/AUDIT_DNSSEC.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. DNSSEC Status
--- a/docs/AUDIT_HAVEGED.md
+++ b/docs/AUDIT_HAVEGED.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Haveged Audit on Netcup RS 2000 G11
--- a/docs/AUDIT_LYNIS.md
+++ b/docs/AUDIT_LYNIS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Lynis Audit:
--- a/docs/AUDIT_SSH.md
+++ b/docs/AUDIT_SSH.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. SSH Audit by ssh-audit.com
--- a/docs/AUDIT_TLS.md
+++ b/docs/AUDIT_TLS.md
@@ -8,14 +8,15 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. TLS Audit:
 ````text
 ./testssl.sh --show-each --wide --phone-out --full https://git.coresecret.dev/
 #####################################################################
-  testssl.sh version 3.2.1 from https://testssl.sh/
+  testssl.sh version 3.2.2 from https://testssl.sh/
-  (81471c3 2025-06-15 09:48:31)
+  (2e77f5e 2025-09-22 19:35:27)
  This program is free software. Distribution and modification under
  GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
@@ -26,7 +27,7 @@ include_toc: true
  Using OpenSSL 1.0.2-bad (Mar 28 2025)  [~179 ciphers]
  on kali:./bin/openssl.Linux.x86_64
- Start 2025-06-23 17:58:48        -->> 152.53.110.40:443 (git.coresecret.dev) <<--
+ Start 2025-09-28 16:12:17        -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 Further IP addresses:   2a0a:4cc0:80:330f:152:53:110:40
 rDNS (152.53.110.40):   git.coresecret.dev.
@@ -188,18 +189,17 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Server key size              RSA 4096 bits (exponent is 65537)
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
- Serial                       1230B34459C6F27FA9BCD2 (OK: length 11)
+ Serial                       13292523EB168BD226CE46 (OK: length 11)
- Fingerprints                 SHA1 1A8BD98862771602E7DD46B742FB66D6C03E622E
+ Fingerprints                 SHA1 1CCF67686A5FFF33D163EFC9E67AB5C70D1122B8
-                              SHA256 76B6FFCE607D8514F676C286C7C76B90F5B7AE7D041631F2EF2F0079AF8D24AC
+                              SHA256 565271C2C74AF9EF5F0DCA16453A643C13E43CBD5B87AB82A622E929C48C8B7B
 Common Name (CN)             coresecret.dev
 subjectAltName (SAN)         coresecret.dev git.coresecret.dev lab.coresecret.dev run.coresecret.dev www.coresecret.dev
 Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               Ok
 EV cert (experimental)       no
- Certificate Validity (UTC)   153 >= 60 days (2025-05-28 09:56 --> 2025-11-23 22:59)
+ Certificate Validity (UTC)   178 >= 60 days (2025-09-27 18:27 --> 2026-03-25 22:59)
 ETS/"eTLS", visibility info  not present
- In pwnedkeys.com DB          not in database
+ In pwnedkeys.com DB          not in database Certificate Revocation List  http://crl.buypass.no/crl/BPClass2CA5.crl, not revoked
 Certificate Revocation List  http://crl.buypass.no/crl/BPClass2CA5.crl, not revoked
 OCSP URI                     http://ocsp.buypass.com, not revoked
 OCSP stapling                offered, not revoked
 OCSP must staple extension   --
@@ -226,9 +226,9 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Cookie(s)                    2 issued: 2/2 secure, 2/2 HttpOnly
 Security headers             X-Frame-Options: SAMEORIGIN
                              X-Content-Type-Options: nosniff
-                              Content-Security-Policy: default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self';
+                              Content-Security-Policy: default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'
-                                frame-src 'self'; frame-ancestors 'self'; img-src 'self' data: https://badges.coresecret.dev
+                                git.coresecret.dev; frame-src 'self'; frame-ancestors 'self'; img-src 'self' data: https://badges.coresecret.dev
-                                https://uml.coresecret.dev; manifest-src 'self'; media-src 'self' data: https://badges.coresecret.dev
+                                https://uml.coresecret.dev; manifest-src 'self' data:; media-src 'self' data: https://badges.coresecret.dev
                                https://uml.coresecret.dev; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'none';
                              Expect-CT: max-age=86400, enforce
                              Permissions-Policy: interest-cohort=()
@@ -258,7 +258,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
-                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=76B6FFCE607D8514F676C286C7C76B90F5B7AE7D041631F2EF2F0079AF8D24AC
+                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=565271C2C74AF9EF5F0DCA16453A643C13E43CBD5B87AB82A622E929C48C8B7B
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
@@ -309,7 +309,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Rating (experimental)
- Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
+ Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009r from 2025-05-16)
 Specification documentation  https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
 Protocol Support (weighted)  100 (30)
 Key Exchange     (weighted)  100 (30)
@@ -317,7 +317,7 @@ Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Ciphe
 Final Score                  100
 Overall Grade                A+
- Done 2025-06-23 18:00:16 [  99s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
+ Done 2025-09-28 16:13:50 [  95s] -->> 152.53.110.40:443 (git.coresecret.dev) <<--
 ````
 ---
--- a/docs/BOOTPARAMS.md
+++ b/docs/BOOTPARAMS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Hardened Kernel Boot Parameters
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -8,10 +8,22 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Changelog
 ## V8.13.048.2025.10.06
 * **Updated**: Debian 13 LIVE ISO workflows to use Kernel: ``6.16.3+deb13-amd64``
 * **Updated**: Debian 13 LIVE ISO workflows to use argument: ``--cdi``
 * **Updated**: [9000-cdi-starter](../scripts/9000-cdi-starter)
 * **Removed**: [1024_git_clone_ciss_debian_installer.chroot](../.archive/1024_git_clone_ciss_debian_installer.chroot)
 ## V8.13.032.2025.10.03
 * **Added**: Internal Gitea Action Runner switch for static SSHFP records.
 ## V8.13.016.2025.09.28
 * **Updated**: Debian 13 LIVE ISO workflows to use Kernel: ``6.12.48+deb13-amd64``
 ## V8.13.008.2025.08.22
 * **Removed**: [0003_install_backports.chroot](../.archive/0003_install_backports.chroot)
--- a/docs/CNET.md
+++ b/docs/CNET.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Centurion Net - Developer Branch Overview
--- a/docs/CODING_CONVENTION.md
+++ b/docs/CODING_CONVENTION.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Coding Style
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Contributing / participating
--- a/docs/CREDITS.md
+++ b/docs/CREDITS.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Credits
--- a/docs/DL_PUB_ISO.md
+++ b/docs/DL_PUB_ISO.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Download the latest PUBLIC CISS.debian.live.ISO
--- a/docs/DOCUMENTATION.md
+++ b/docs/DOCUMENTATION.md
@@ -8,12 +8,12 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2.1. Usage
 ````text
 CISS.debian.live.builder
-Master V8.13.008.2025.08.22
+Master V8.13.048.2025.10.06
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 (c) Marc S. Weidner, 2018 - 2025
@@ -136,7 +136,7 @@ A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Ima
 # 2.2. Contact
 ````text
 CISS.debian.live.builder
-Master V8.13.008.2025.08.22
+Master V8.13.048.2025.10.06
 A lightweight Shell Wrapper for building a hardened Debian Bookworm Live ISO Image.
 (c) Marc S. Weidner, 2018 - 2025
--- a/docs/REFERENCES.md
+++ b/docs/REFERENCES.md
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
 **Master Version**: 8.13<br>
-**Build**: V8.13.008.2025.08.22<br>
+**Build**: V8.13.048.2025.10.06<br>
 # 2. Resources
--- a/docs/SECURITY/coresecret.dev.png
+++ b/docs/SECURITY/coresecret.dev.png
--- a/lib/lib_arg_parser.sh
+++ b/lib/lib_arg_parser.sh
@@ -17,22 +17,6 @@ guard_sourcing
 # Globals:
 #   ARY_HANDLER_JUMPHOST
 #   ARY_HANDLER_NETCUP_IPV6
 #   ERR_ARG_MSMTCH
 #   ERR_CONTROL_CT
 #   ERR_MISS_PWD_F
 #   ERR_MISS_PWD_P
 #   ERR_NOTABSPATH
 #   ERR_OWNS_PWD_F
 #   ERR_PASS_LENGH
 #   ERR_PASS_PLICY
 #   ERR_REIONICE_P
 #   ERR_REIO_C_VAL
 #   ERR_REIO_P_VAL
 #   ERR_RENICE_PRI
 #   ERR_RGHT_PWD_F
 #   ERR_SPLASH_PNG
 #   ERR_UNCRITICAL
 #   ERR__SSH__PORT
 #   VAR_ARCHITECTURE
 #   VAR_BUILD_LOG
 #   VAR_EARLY_DEBUG
@@ -49,14 +33,35 @@ guard_sourcing
 #   VAR_ISO8601
 #   VAR_REIONICE_CLASS
 #   VAR_REIONICE_PRIORITY
 #   VAR_SSHFP
 #   VAR_SSHPORT
 #   VAR_SSHPUBKEY
 #   VAR_SUITE
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #   ERR_ARG_MSMTCH: on failure
 #   ERR_CONTROL_CT: on failure
 #   ERR_MISS_PWD_F: on failure
 #   ERR_MISS_PWD_P: on failure
 #   ERR_NOTABSPATH: on failure
 #   ERR_OWNS_PWD_F: on failure
 #   ERR_PASS_LENGH: on failure
 #   ERR_PASS_PLICY: on failure
 #   ERR_REIONICE_P: on failure
 #   ERR_REIO_C_VAL: on failure
 #   ERR_REIO_P_VAL: on failure
 #   ERR_RENICE_PRI: on failure
 #   ERR_RGHT_PWD_F: on failure
 #   ERR_SPLASH_PNG: on failure
 #   ERR__SSH__PORT: on failure
 #######################################
 arg_parser() {
  while [[ $# -gt 0 ]]; do
    declare argument="${1}"
      case "${argument,,}" in
        -a=* | --autobuild=*)
@@ -95,6 +100,7 @@ arg_parser() {
        --architecture)
          if [[ "${2}" == "amd64" || "${2}" == "arm64" ]]; then
            # shellcheck disable=SC2034
            declare -gx VAR_ARCHITECTURE="${2}"
            shift 2
          else
@@ -124,12 +130,14 @@ arg_parser() {
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
          fi
-          declare -g VAR_HANDLER_CDI=true
+          # shellcheck disable=SC2034
          declare -g VAR_HANDLER_CDI="true"
          shift 1
          ;;
        --change-splash )
          if [[ "${2}" == "club" || "${2}" == "hexagon" ]]; then
            # shellcheck disable=SC2034
            declare -g VAR_HANDLER_SPLASH="${2}"
            shift 2
          else
@@ -143,6 +151,7 @@ arg_parser() {
        --control)
          if [[ -n "${2-}" ]]; then
            # shellcheck disable=SC2034
            declare -g VAR_HANDLER_ISO_COUNTER="${2}"
            shift 2
          else
@@ -171,6 +180,7 @@ arg_parser() {
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
          fi
          # shellcheck disable=SC2034
          declare -gi VAR_HANDLER_DHCP=1
          shift 1
          ;;
@@ -180,6 +190,7 @@ arg_parser() {
            declare -i count=0
            shift
            while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 10 ]]; do
              # shellcheck disable=SC2034
              declare -g ARY_HANDLER_JUMPHOST+=("$1")
              count=$((count + 1))
              shift
@@ -202,6 +213,7 @@ arg_parser() {
            read -p -r $'\e[92m✅ Press \'ENTER\' to exit the script ... \e[0m'
            exit "${ERR_ARG_MSMTCH}"
          fi
          # shellcheck disable=SC2034
          declare -gi VAR_HANDLER_STA=1
          shift 1
          ;;
@@ -209,10 +221,12 @@ arg_parser() {
        --provider-netcup-ipv6)
          if [[ -n "${2-}" && "${2}" != -* ]]; then
            declare -i count=0
-            declare -g VAR_HANDLER_NETCUP_IPV6=true
+            # shellcheck disable=SC2034
            declare -g VAR_HANDLER_NETCUP_IPV6="true"
            shift
            while [[ "${#}" -gt 0 && "${1}" != -* && count -lt 1 ]]; do
              declare cleaned="${1//[\[\]]/}"
              # shellcheck disable=SC2034
              declare -g ARY_HANDLER_NETCUP_IPV6+=("${cleaned}")
              count=$((count + 1))
              shift
@@ -230,6 +244,7 @@ arg_parser() {
        --renice-priority)
          if [[ -n ${2-} && ${2} =~ ^-?[0-9]+$ && ${2} -ge -19 && ${2} -le 19 ]]; then
            # shellcheck disable=SC2034
            VAR_HANDLER_PRIORITY="$2"
            shift 2
          else
@@ -249,6 +264,7 @@ arg_parser() {
            exit "${ERR_REIONICE_P}"
          else
            if [[ "${2}" =~ ^[1-3]$ ]]; then
              # shellcheck disable=SC2034
              VAR_REIONICE_CLASS="${2}"
              if [[ -z "${3-}" ]]; then
                :
@@ -359,6 +375,7 @@ arg_parser() {
          hash_temp=$(mkpasswd --method=sha-512 --salt="${salt}" --rounds=8388608 "${plaintext_pw}")
          [[ "${VAR_EARLY_DEBUG}" == "true" ]] && set -x # Turn on tracing again
          # shellcheck disable=SC2034
          declare -g VAR_HASHED_PWD="${hash_temp}"
          unset hash_temp plaintext_pw
@@ -375,6 +392,7 @@ arg_parser() {
        --ssh-port)
          if [[ -n "${2-}" && "${2}" =~ ^-?[0-9]+$ && "${2}" -ge 1 && "${2}" -le 65535 ]]; then
            # shellcheck disable=SC2034
            declare -gi VAR_SSHPORT="${2}"
            shift 2
          else
@@ -385,12 +403,20 @@ arg_parser() {
          fi
          ;;
        --sshfp)
        # shellcheck disable=SC2034
          declare -g VAR_SSHFP="true"
          shift 1
          ;;
        --ssh-pubkey)
        # shellcheck disable=SC2034
          declare -g VAR_SSHPUBKEY="${2}"
          shift 2
          ;;
        --trixie)
        # shellcheck disable=SC2034
          declare -g VAR_SUITE="trixie"
          shift 1
          ;;
@@ -400,6 +426,12 @@ arg_parser() {
          usage
          ;;
    esac
  done
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f arg_parser
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_arg_priority_check.sh
+++ b/lib/lib_arg_priority_check.sh
@@ -19,34 +19,54 @@ guard_sourcing
 #   VAR_REIONICE_CLASS
 #   VAR_REIONICE_PRIORITY
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 arg_priority_check() {
  declare var
  ### Check if nice PRIORITY is set and adjust nice priority.
  if [[  "${VAR_HANDLER_PRIORITY:-}" -ne 0 ]]; then
    if command -v renice >/dev/null; then
      renice "${VAR_HANDLER_PRIORITY}" -p "$$"
      var=$(ps -o ni= -p $$) > /dev/null 2>&1
      printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ New renice value: %s\e[0m\n" "${var}"
      # sleep 1
      unset var
    else
      printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ renice not installed (util-linux) \e[0m\n"
    fi
  fi
  ### Check if ionice PRIORITY is set and adjust ionice priority.
  if [[ "${VAR_REIONICE_CLASS:-}" -ne 2 ]]; then
    if command -v ionice >/dev/null; then
      ionice -c"${VAR_REIONICE_CLASS:-2}" -n"${VAR_REIONICE_PRIORITY:-4}" -p "$$"
      var=$(ionice -p $$) > /dev/null 2>&1
      printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ New ionice value: %s\e[0m\n" "${var}"
      # sleep 1
      unset var
    else
      printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ ionice not installed (util-linux) \e[0m\n"
    fi
  fi
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f arg_priority_check
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_boot_screen.sh
+++ b/lib/lib_boot_screen.sh
@@ -18,7 +18,9 @@ guard_sourcing
 #   PID_BOOT_SCREEN
 #   PIPE_BOOT_SCREEN
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 boot_screen() {
  clear
@@ -34,15 +36,22 @@ boot_screen() {
                < "${PIPE_BOOT_SCREEN}" &
  declare -gr PID_BOOT_SCREEN="$!"
  exec 3> "${PIPE_BOOT_SCREEN}"
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f boot_screen
 #######################################
 # Boot Screen Terminal Cleaner
 # Globals:
-#   boot_screen_pid
+#   PID_BOOT_SCREEN
-#   boot_screen_pipe
+#   PIPE_BOOT_SCREEN
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 boot_screen_cleaner() {
  exec 3>&-
@@ -51,5 +60,9 @@ boot_screen_cleaner() {
  rm -f "${PIPE_BOOT_SCREEN}"
  clean_screen
  sleep 1
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f boot_screen_cleaner
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_cdi.sh
+++ b/lib/lib_cdi.sh
@@ -13,7 +13,7 @@
 guard_sourcing
 #######################################
-# CISS.2025.debian.installer GRUB and Autostart Generator
+# CISS.debian.installer 'GRUB' and 'Autostart' generator.
 # Globals:
 #   BASH_SOURCE
 #   VAR_HANDLER_BUILD_DIR
@@ -21,7 +21,9 @@ guard_sourcing
 #   VAR_KERNEL
 #   VAR_WORKDIR
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 cdi() {
  printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}"
@@ -29,7 +31,9 @@ cdi() {
  if [[ "${VAR_HANDLER_CDI}" == "true" ]]; then
    if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/config" ]]; then
      mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/config"
    fi
    cp "${VAR_WORKDIR}/scripts/9000-cdi-starter" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/config/9000-cdi-starter"
@@ -40,7 +44,7 @@ cdi() {
    tmp_entry="$(mktemp)"
    cat << EOF >| "${tmp_entry}"
 menuentry "CISS Hardened DI (${VAR_KERNEL})" --hotkey=i {
-        linux /live/vmlinuz-${VAR_KERNEL} boot=live verify-checksums live-config.components splash nopersistence toram ramdisk-size=1024M swap=true noeject locales=en_US.UTF-8 keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= timezone=Europe/Lisbon audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none findiso=\${iso_path}
+        linux /live/vmlinuz-${VAR_KERNEL} boot=live verify-checksums live-config.components splash nopersistence toram ramdisk-size=1024M swap=true noeject locales=en_US.UTF-8 keyboard-layouts=de keyboard-model=pc105 keyboard-options= keyboard-variants= timezone=Etc/UTC audit_backlog_limit=8192 audit=1 cfi=kcfi debugfs=off efi=disable_early_pci_dma efi_no_storage_paranoia hardened_usercopy=1 ia32_emulation=0 init_on_alloc=1 init_on_free=1 iommu=force kfence.sample_interval=100 kvm.nx_huge_pages=force l1d_flush=on lockdown=confidentiality loglevel=0 mce=0 mitigations=auto,nosmt mmio_stale_data=full,nosmt oops=panic page_alloc.shuffle=1 page_poison=1 panic=-1 pti=on random.trust_bootloader=off random.trust_cpu=off randomize_kstack_offset=on randomize_va_space=2 retbleed=auto,nosmt rodata=on tsx=off vdso32=0 vsyscall=none findiso=\${iso_path}
        initrd /live/initrd.img-${VAR_KERNEL}
 }
 EOF
@@ -59,6 +63,12 @@ EOF
    # shellcheck disable=SC1003
    sed -i '/#MUST_BE_REPLACED/c\\' "${VAR_HANDLER_BUILD_DIR}/config/bootloaders/grub-efi/grub.cfg"
  fi
-  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successful applied. \e[0m\n" "${BASH_SOURCE[0]}"
+
  printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successfully applied. \e[0m\n" "${BASH_SOURCE[0]}"
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f cdi
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_change_splash.sh
+++ b/lib/lib_change_splash.sh
@@ -19,21 +19,32 @@ guard_sourcing
 #   VAR_HANDLER_SPLASH
 #   VAR_WORKDIR
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 change_splash() {
  if [[ ${VAR_HANDLER_SPLASH} == "club" ]]; then
    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Grub Splash 'club.png' selected ...\e[0m\n"
    cp -af "${VAR_WORKDIR}"/.archive/background/club.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/splash.png
    cp -af "${VAR_WORKDIR}"/.archive/background/club.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/grub-efi/splash.png
    cp -af "${VAR_WORKDIR}"/.archive/background/club.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/grub-pc/splash.png
    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Grub Splash 'club.png' selected done. \e[0m\n"
  elif [[ ${VAR_HANDLER_SPLASH} == "hexagon" ]]; then
    printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 Grub Splash 'hexagon.png' selected ...\e[0m\n"
    cp -af "${VAR_WORKDIR}"/.archive/background/hexagon.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/splash.png
    cp -af "${VAR_WORKDIR}"/.archive/background/hexagon.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/grub-efi/splash.png
    cp -af "${VAR_WORKDIR}"/.archive/background/hexagon.png "${VAR_HANDLER_BUILD_DIR}"/config/bootloaders/grub-pc/splash.png
    printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ Grub Splash 'hexagon.png' selected done. \e[0m\n"
  fi
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f change_splash
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_dhcp.sh
+++ b/lib/lib_check_dhcp.sh
@@ -18,11 +18,18 @@ guard_sourcing
 #   VAR_HANDLER_DHCP
 #   VAR_WORKDIR
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 check_dhcp() {
  if [[ ${VAR_HANDLER_DHCP} -eq 1 ]]; then
-    chmod +x "${VAR_WORKDIR}"/scripts/0010_dhcp_supersede.sh && "${VAR_WORKDIR}"/scripts/0010_dhcp_supersede.sh
+    chmod +x "${VAR_WORKDIR}/scripts/0010_dhcp_supersede.sh" && "${VAR_WORKDIR}/scripts/0010_dhcp_supersede.sh"
  fi
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f check_dhcp
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_hooks.sh
+++ b/lib/lib_check_hooks.sh
@@ -15,10 +15,12 @@ guard_sourcing
 #######################################
 # Check and apply 0755 Permissions on every ./config/hooks/live/*.chroot file
 # Globals:
 #   ERR_UNCRITICAL
 #   VAR_WORKDIR
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #   ERR_UNCRITICAL: on failure
 #######################################
 check_hooks() {
  declare ifs
@@ -27,13 +29,23 @@ check_hooks() {
  declare -a files=("${VAR_WORKDIR}"/config/hooks/live/*.chroot)
  if (( ${#files[@]} == 0 )); then
    printf "\e[91m❌ No '*.chroot' files found in '%s/config/hooks/live'. \e[0m\n" "${VAR_WORKDIR}" >&2
    exit "${ERR_UNCRITICAL}"
  fi
-  declare file
+  declare file=""
  for file in "${files[@]}"; do
    chmod 0755 "${file}"
  done
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f check_hooks
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_kernel.sh
+++ b/lib/lib_check_kernel.sh
@@ -20,7 +20,7 @@ guard_sourcing
 #   VAR_KERNEL_SRT
 #   VAR_KERNEL_TMP
 # Arguments:
-#  None
+#   None
 # Returns:
 #   42: Sorting Error.
 #######################################
@@ -34,9 +34,15 @@ check_kernel() {
  declare options=""
  if [[ ${VAR_ARCHITECTURE} != arm64 ]]; then
    # shellcheck disable=SC2312
    apt-cache search linux-image | grep linux-image | grep amd64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
  else
    # shellcheck disable=SC2312
    apt-cache search linux-image | grep linux-image | grep arm64 | grep -v "meta-package" | grep -v "dbg" | grep -v "template" >> "${VAR_KERNEL_TMP}"
  fi
  sort --output="${VAR_KERNEL_SRT}" "${VAR_KERNEL_TMP}" || {
@@ -47,12 +53,14 @@ check_kernel() {
  }
    while IFS= read -r line; do
      first_string=${line%% *}
      name=${first_string#linux-image-}
      options+=("${name}" "${counter}" off)
      ((counter++))
    done < "${VAR_KERNEL_SRT}"
  # shellcheck disable=SC2155
  if declare -gx VAR_KERNEL=$(dialog \
                          --no-collapse \
@@ -62,13 +70,26 @@ check_kernel() {
                          --title "Select the Kernel for the CISS Hardened Debian Live Image ISO" \
                          --radiolist "Kernel available \n *+bpo*       : Debian Backported Kernel \n *cloud*      : Special lightweight images for KVM \n *unsigned*   : Unsigned Kernel \n *preempt_rt* : Special Kernel for real-time-computing \n Not unsigned marked are MS signed Kernel for Secure Boot \n" 0 0 "${options[@]}" 3>&1 1>&2 2>&3 3>&-); then
    clear
  else
    clear
    if [[ "${VAR_ARCHITECTURE}" == "amd64" ]]; then
      declare -gx VAR_KERNEL="amd64"
    elif [[ "${VAR_ARCHITECTURE}" == "arm64" ]]; then
      declare -gx VAR_KERNEL="arm64"
    fi
  fi
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f check_kernel
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_pkgs.sh
+++ b/lib/lib_check_pkgs.sh
@@ -15,41 +15,66 @@ guard_sourcing
 #######################################
 # Check for required Deb Packages to run the script.
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 check_pkgs() {
-  apt-get update -y > /dev/null 2>&1
+  apt-get update > /dev/null 2>&1
  if [[ -z "$(command -v batcat || true)" ]]; then
    apt-get install -y --no-install-recommends bat
  fi
  if [[ -z "$(command -v lsb_release || true)" ]]; then
    apt-get install -y --no-install-recommends lsb-release
  fi
  if [[ -z "$(command -v debootstrap || true)" ]]; then
    if grep -RqsE '^[[:space:]]*deb .*backports' /etc/apt/sources.list /etc/apt/sources.list.d; then
      # shellcheck disable=SC2155
      declare codename=$(lsb_release -sc)
      apt-get install -y -t "${codename}-backports" debootstrap
    else
      apt-get install -y debootstrap
    fi
  fi
  if [[ ! -f /usr/share/live/build/VERSION ]]; then
    apt-get install -y live-build
  fi
  if [[ "${VAR_HANDLER_AUTOBUILD}" == false ]]; then
    if [[ -z "$(command -v dialog || true)" ]]; then
      apt-get install -y --no-install-recommends dialog
    fi
  fi
  if [[ -z "$(command -v mkpasswd || true)" ]]; then
    apt-get install -y --no-install-recommends whois
  fi
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f check_pkgs
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_provider.sh
+++ b/lib/lib_check_provider.sh
@@ -13,9 +13,11 @@
 guard_sourcing
 #######################################
-# Notes Textbox
+# Notes Textbox.
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 check_provider() {
  clear
@@ -64,5 +66,10 @@ EOF
         --scrollbar \
         --textbox "${VAR_NOTES}" 32 128
  clear
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f check_provider
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_stats.sh
+++ b/lib/lib_check_stats.sh
@@ -17,13 +17,22 @@ guard_sourcing
 # Globals:
 #   VAR_HANDLER_STA
 # Arguments:
-#  None
+#   None
 # Returns:
 #   0: on success
 #######################################
 check_stats() {
  if [[ ${VAR_HANDLER_STA} -eq 1 ]]; then
    clear
    run_analysis
    exit 0
  fi
  return 0
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f check_stats
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_check_var.sh
+++ b/lib/lib_check_var.sh
@@ -13,25 +13,38 @@
 guard_sourcing
 #######################################
-# Unbound Variable Check and call Trap on ERR
+# Unbound variable check and call trap on 'ERR'.
 # Globals:
 #   ERR_UNBOUNDVAR
 # Arguments:
 #   $1: VAR_NAME to check
 # Returns:
-#   "${ERR_UNBOUNDVAR}"
+#   {ERR_UNBOUNDVAR: on failure
 #######################################
 check_var() {
  declare var_name_to_check="$1"
  if [[ -n "${!var_name_to_check+exists}" ]]; then
    if [[ -n "${!var_name_to_check}" ]]; then
      printf "\e[92m✅ Variable: '%s' exists and is NOT empty: '%s' \e[0m\n" "${var_name_to_check}" "${!var_name_to_check}"
    else
      printf "\e[92m✅ Variable: '%s' exists but is empty. \e[0m\n" "${var_name_to_check}"
    fi
  else
    printf "\e[91m❌ Variable: '%s' is not declared. Exiting Script. \e[0m\n" "${var_name_to_check}" >&2
    return "${ERR_UNBOUNDVAR}"
  fi
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f check_var
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/lib_clean_screen.sh
+++ b/lib/lib_clean_screen.sh
@@ -15,7 +15,7 @@ guard_sourcing
 #######################################
 # Terminal cleaner before Trap on Error
 # Arguments:
-#  None
+#   None
 #######################################
 clean_screen() {
  tput cnorm > /dev/tty # Cursor visible
@@ -27,4 +27,7 @@ clean_screen() {
  #tput cup $((lines-1)) 0 > /dev/tty
  #printf "\n" > /dev/tty
 }
 ### Prevents accidental 'unset -f'.
 # shellcheck disable=SC2034
 readonly -f clean_screen
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/Show More
+++ b/Show More
Author	SHA256	Message	Date
Marc S. Weidner BOT	9466395273	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@181b73b at 2025-10-07T00:00:01Z on ff2a36e41830 Generated at : 2025-10-07T00:00:01Z Runner Host : ff2a36e41830 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `181b73b` HEAD -> master	2025-10-07 00:00:01 +00:00
Marc S. Weidner BOT	181b73b04c	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@7f678ba at 2025-10-06T23:10:29Z on 619cb2299d57 Generated at : 2025-10-06T23:10:29Z Runner Host : 619cb2299d57 Workflow ID : 🛡️ Shell Script Linting Git Commit : `7f678ba` HEAD -> master	2025-10-06 23:10:29 +00:00
Marc S. Weidner	7f678baa64	V8.13.048.2025.10.06 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m24s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 51m2s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-07 00:08:40 +01:00
Marc S. Weidner BOT	1d711ea816	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@9e66e27 at 2025-10-06T22:15:24Z on c1b91ac5451a Generated at : 2025-10-06T22:15:24Z Runner Host : c1b91ac5451a Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `9e66e27` HEAD -> master	2025-10-06 22:15:24 +00:00
Marc S. Weidner BOT	9e66e27eae	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@9a72da4 at 2025-10-06T21:22:17Z on 37066177cc01 Generated at : 2025-10-06T21:22:17Z Runner Host : 37066177cc01 Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `9a72da4` HEAD -> master	2025-10-06 21:22:17 +00:00
Marc S. Weidner BOT	9a72da4e97	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@fda63ad at 2025-10-06T21:18:56Z on 674283aee3da Generated at : 2025-10-06T21:18:56Z Runner Host : 674283aee3da Workflow ID : 🛡️ Shell Script Linting Git Commit : `fda63ad` HEAD -> master	2025-10-06 21:18:56 +00:00
Marc S. Weidner	fda63adb9c	V8.13.048.2025.10.06 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m29s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 53m8s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-06 22:17:05 +01:00
Marc S. Weidner BOT	368d523f95	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@e00c6e8 at 2025-10-06T20:26:57Z on 4e285ac8f230 Generated at : 2025-10-06T20:26:57Z Runner Host : 4e285ac8f230 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `e00c6e8` HEAD -> master	2025-10-06 20:26:57 +00:00
Marc S. Weidner BOT	e00c6e8900	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 0 [skip ci] X-CI-Metadata: master@02f56b7 at 2025-10-06T19:34:05Z on 8a0e7cf4ef0f Generated at : 2025-10-06T19:34:05Z Runner Host : 8a0e7cf4ef0f Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `02f56b7` HEAD -> master	2025-10-06 19:34:05 +00:00
Marc S. Weidner BOT	02f56b725f	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@a475cc4 at 2025-10-06T18:47:35Z on f05b16ce98ea Generated at : 2025-10-06T18:47:35Z Runner Host : f05b16ce98ea Workflow ID : 🛡️ Shell Script Linting Git Commit : `a475cc4` HEAD -> master	2025-10-06 18:47:35 +00:00
Marc S. Weidner BOT	a475cc45a3	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@5d64de9 at 2025-10-06T18:33:38Z on b44f5c7a3a13 Generated at : 2025-10-06T18:33:38Z Runner Host : b44f5c7a3a13 Workflow ID : 🛡️ Shell Script Linting Git Commit : `5d64de9` HEAD -> master	2025-10-06 18:33:38 +00:00
Marc S. Weidner	5d64de95bc	V8.13.048.2025.10.06 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-06 19:32:12 +01:00
Marc S. Weidner BOT	d313ae0b51	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@edc59d3 at 2025-10-06T18:30:10Z on a29c133149a7 Generated at : 2025-10-06T18:30:10Z Runner Host : a29c133149a7 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `edc59d3` HEAD -> master	2025-10-06 18:30:10 +00:00
Marc S. Weidner	edc59d362f	V8.13.048.2025.10.06 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 59s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m22s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 52m58s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 55m15s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-06 19:28:59 +01:00
Marc S. Weidner	eb90a815e8	Merge remote-tracking branch 'origin/master'	2025-10-06 19:01:34 +01:00
Marc S. Weidner	6f1793f2ac	V8.13.048.2025.10.06 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-06 18:22:28 +01:00
Marc S. Weidner BOT	2a4d5e5b2e	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@f7a7d1c at 2025-10-05T19:06:18Z on 0c18e997ea45 Generated at : 2025-10-05T19:06:18Z Runner Host : 0c18e997ea45 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `f7a7d1c` HEAD -> master	2025-10-05 19:06:18 +00:00
Marc S. Weidner BOT	f7a7d1cff0	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@40b3fb8 at 2025-10-05T18:13:11Z on 916e88ca368b Generated at : 2025-10-05T18:13:11Z Runner Host : 916e88ca368b Workflow ID : 🛡️ Shell Script Linting Git Commit : `40b3fb8` HEAD -> master	2025-10-05 18:13:11 +00:00
Marc S. Weidner	40b3fb8ff7	V8.13.032.2025.10.03 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m20s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 54m30s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-05 19:11:30 +01:00
Marc S. Weidner BOT	636c34cee5	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@47ebdf7 at 2025-10-04T06:31:57Z on fee380419830 Generated at : 2025-10-04T06:31:57Z Runner Host : fee380419830 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `47ebdf7` HEAD -> master	2025-10-04 06:31:57 +00:00
Marc S. Weidner BOT	47ebdf7ed0	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@61d9bf1 at 2025-10-04T05:41:56Z on db8360a9f9dc Generated at : 2025-10-04T05:41:56Z Runner Host : db8360a9f9dc Workflow ID : 🛡️ Shell Script Linting Git Commit : `61d9bf1` HEAD -> master	2025-10-04 05:41:56 +00:00
Marc S. Weidner	61d9bf1510	V8.13.032.2025.10.03 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 51m29s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-04 06:40:11 +01:00
Marc S. Weidner BOT	bd77170cf9	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@49c6277 at 2025-10-04T04:45:17Z on bd7f276357da Generated at : 2025-10-04T04:45:17Z Runner Host : bd7f276357da Workflow ID : 🛡️ Shell Script Linting Git Commit : `49c6277` HEAD -> master	2025-10-04 04:45:17 +00:00
Marc S. Weidner	49c6277efa	V8.13.032.2025.10.03 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m16s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-04 05:43:54 +01:00
Marc S. Weidner BOT	d55f420c35	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@af84d52 at 2025-10-04T04:39:57Z on 11dafe664f2c Generated at : 2025-10-04T04:39:57Z Runner Host : 11dafe664f2c Workflow ID : 🛡️ Shell Script Linting Git Commit : `af84d52` HEAD -> master	2025-10-04 04:39:57 +00:00
Marc S. Weidner	af84d5292b	V8.13.032.2025.10.03 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-04 05:38:09 +01:00
Marc S. Weidner	53642d6115	V8.13.032.2025.10.03 Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-04 05:33:30 +01:00
Marc S. Weidner BOT	7fab4a183c	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@c514634 at 2025-10-03T22:07:45Z on 0ef6f5664500 Generated at : 2025-10-03T22:07:45Z Runner Host : 0ef6f5664500 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `c514634` HEAD -> master	2025-10-03 22:07:45 +00:00
Marc S. Weidner BOT	c514634dd4	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@32f1b05 at 2025-10-03T21:17:48Z on ef1f9ea14896 Generated at : 2025-10-03T21:17:48Z Runner Host : ef1f9ea14896 Workflow ID : 🛡️ Shell Script Linting Git Commit : `32f1b05` HEAD -> master	2025-10-03 21:17:48 +00:00
Marc S. Weidner	32f1b05181	V8.13.032.2025.10.03 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m30s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 51m34s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-03 22:15:48 +01:00
Marc S. Weidner BOT	1a2d1a3ae1	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@5fcd2eb at 2025-10-03T18:43:20Z on 81c03bb1ea18 Generated at : 2025-10-03T18:43:20Z Runner Host : 81c03bb1ea18 Workflow ID : 🛡️ Shell Script Linting Git Commit : `5fcd2eb` HEAD -> master	2025-10-03 18:43:21 +00:00
Marc S. Weidner	5fcd2ebf42	V8.13.032.2025.10.03 Some checks failed 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-03 19:41:39 +01:00
Marc S. Weidner BOT	7168374797	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@720eede at 2025-10-03T18:34:52Z on f95e1bf52e89 Generated at : 2025-10-03T18:34:52Z Runner Host : f95e1bf52e89 Workflow ID : 🛡️ Shell Script Linting Git Commit : `720eede` HEAD -> master	2025-10-03 18:34:52 +00:00
Marc S. Weidner	720eede478	V8.13.032.2025.10.03 Some checks failed 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 1m0s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-03 19:33:22 +01:00
Marc S. Weidner BOT	036fefdd3e	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@2bcbdf8 at 2025-10-03T18:14:04Z on a906e8c798d2 Generated at : 2025-10-03T18:14:04Z Runner Host : a906e8c798d2 Workflow ID : 🛡️ Shell Script Linting Git Commit : `2bcbdf8` HEAD -> master	2025-10-03 18:14:05 +00:00
Marc S. Weidner	2bcbdf8716	V8.13.032.2025.10.03 Some checks failed 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 52s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m21s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-03 19:09:06 +01:00
Marc S. Weidner BOT	ffecfcdc50	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@a51e37b at 2025-10-03T17:42:11Z on 17b27bf14db1 Generated at : 2025-10-03T17:42:11Z Runner Host : 17b27bf14db1 Workflow ID : 🛡️ Shell Script Linting Git Commit : `a51e37b` HEAD -> master	2025-10-03 17:42:11 +00:00
Marc S. Weidner BOT	a51e37b648	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@0f8b894 at 2025-10-03T17:41:34Z on 71aa4f460676 Generated at : 2025-10-03T17:41:34Z Runner Host : 71aa4f460676 Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `0f8b894` HEAD -> master	2025-10-03 17:41:34 +00:00
Marc S. Weidner	0f8b894e40	V8.13.032.2025.10.03 Some checks failed 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m2s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m39s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-03 18:39:15 +01:00
Marc S. Weidner BOT	ec171888f7	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@d046770 at 2025-10-03T00:15:58Z on 09b46a8e3de7 Generated at : 2025-10-03T00:15:58Z Runner Host : 09b46a8e3de7 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `d046770` HEAD -> master	2025-10-03 00:15:58 +00:00
Marc S. Weidner BOT	d046770aeb	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@6350278 at 2025-10-02T23:28:54Z on 471bb232066f Generated at : 2025-10-02T23:28:54Z Runner Host : 471bb232066f Workflow ID : 🛡️ Shell Script Linting Git Commit : `6350278` HEAD -> master	2025-10-02 23:28:54 +00:00
Marc S. Weidner	63502787c0	V8.13.016.2025.09.28 All checks were successful 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m19s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 49m31s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-03 00:26:03 +01:00
Marc S. Weidner BOT	a96af3ff06	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@3c2c899 at 2025-10-02T05:21:58Z on d622961e7303 Generated at : 2025-10-02T05:21:58Z Runner Host : d622961e7303 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `3c2c899` HEAD -> master	2025-10-02 05:21:58 +00:00
Marc S. Weidner	3c2c899403	V8.13.016.2025.09.28 Some checks failed 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 6s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 46m3s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-10-02 05:35:36 +01:00
Marc S. Weidner BOT	e966a899c7	DEPLOY BOT : 💙 Auto-Generate PUBLIC LIVE ISO [skip ci] X-CI-Metadata: master@9b28418 at 2025-09-28T18:07:16Z on 00826445cf18 Generated at : 2025-09-28T18:07:16Z Runner Host : 00826445cf18 Workflow ID : 💙 Generating a PUBLIC Live ISO. Git Commit : `9b28418` HEAD -> master	2025-09-28 18:07:16 +00:00
Marc S. Weidner BOT	9b28418860	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 1 [skip ci] X-CI-Metadata: master@40d81b5 at 2025-09-28T17:19:40Z on 7742f0ad5cbe Generated at : 2025-09-28T17:19:40Z Runner Host : 7742f0ad5cbe Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `40d81b5` HEAD -> master	2025-09-28 17:19:40 +00:00
Marc S. Weidner BOT	40d81b51f9	DEPLOY BOT : 🔐 Auto-Generate PRIVATE LIVE ISO TRIXIE 0 [skip ci] X-CI-Metadata: master@ac05607 at 2025-09-28T16:27:10Z on bd5e33dea725 Generated at : 2025-09-28T16:27:10Z Runner Host : bd5e33dea725 Workflow ID : 🔐 Generating a Private Live ISO TRIXIE. Git Commit : `ac05607` HEAD -> master	2025-09-28 16:27:10 +00:00
Marc S. Weidner BOT	ac0560714b	DEPLOY BOT : 🛡️ Shell Script Linting [skip ci] X-CI-Metadata: master@7f35d1a at 2025-09-28T15:30:51Z on a05d37bda04a Generated at : 2025-09-28T15:30:51Z Runner Host : a05d37bda04a Workflow ID : 🛡️ Shell Script Linting Git Commit : `7f35d1a` HEAD -> master	2025-09-28 15:30:51 +00:00
Marc S. Weidner BOT	7f35d1ab38	DEPLOY BOT : 🛡️ Auto-Generate DNSSEC Status [skip ci] X-CI-Metadata: master@ec6e791 at 2025-09-28T15:30:34Z on a7ef4e974f4a Generated at : 2025-09-28T15:30:34Z Runner Host : a7ef4e974f4a Workflow ID : 🛡️ Retrieve DNSSEC status of coresecret.dev. Git Commit : `ec6e791` HEAD -> master	2025-09-28 15:30:34 +00:00
Marc S. Weidner	ec6e791b9d	V8.13.016.2025.09.28 All checks were successful 🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 45s Details 🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m1s Details 🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Successful in 47m22s Details 💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Successful in 47m36s Details Signed-off-by: Marc S. Weidner <msw@coresecret.dev>	2025-09-28 16:29:27 +01:00