---
gitea: none
include_toc: true
---

# 1. CISS.debian.live.builder

**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.03<br>
**Build**: V8.03.912.2025.07.23<br>

# 2. Changelog

## V8.03.912.2025.07.23

* Updated: [alias](../config/includes.chroot/root/.ciss/alias)
* Updated: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
* Updated: [scan_libwrap](../config/includes.chroot/root/.ciss/scan_libwrap)
* Updated: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
* Updated: [.bashrc](../config/includes.chroot/root/.bashrc)

## V8.03.896.2025.07.22

* Added: [.shellcheckrc](../.shellcheckrc)
* Bugfixes: [ciss_live_builder.sh](../ciss_live_builder.sh)
* Updated: [0810_chrony_setup.chroot](../config/hooks/live/0810_chrony_setup.chroot)

## V8.03.880.2025.07.19

* Updated: [alias](../config/includes.chroot/root/.ciss/alias)
* Updated: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
* Added: Package ``ncdu``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
* Added: ``TrustedUserCAKeys none``: [sshd_config](../config/includes.chroot/etc/ssh/sshd_config)

## V8.03.864.2025.07.15

* Updated: [0010_dhcp_supersede.sh](../scripts/0010_dhcp_supersede.sh)
* Added: [BOOTPARAMS.md](BOOTPARAMS.md)
* Added: Package ``cpuid``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)

## V8.03.832.2025.06.25

* Added: [lib_version.sh](../lib/lib_version.sh)
* Updated:
  * [lib_contact.sh](../lib/lib_contact.sh)
  * [lib_usage.sh](../lib/lib_usage.sh)
* Packages added:
  * https://packages.debian.org/bookworm/fio
  * https://packages.debian.org/bookworm/stress 
* Timezone changed to ``Etc/UTC``

## V8.03.832.2025.06.24

* Updated:
  * [lib_check_provider.sh](../lib/lib_check_provider.sh)
  * [lib_debug_header.sh](../lib/lib_debug_header.sh)
  * [lib_trap_on_err.sh](../lib/lib_trap_on_err.sh)
* The Debian package ``bat`` will be installed to enable smooth log reading.

## V8.03.768.2025.06.23

* Updated [lib_clean_up.sh](../lib/lib_clean_up.sh): Removal of Lock FD and Artifacts.
* Rearranged VARs sourcing: [early.var.sh](../var/early.var.sh)
* Rearranged DEBUG XTRACE sourcing: [meta_sources_debug.sh](../meta_sources_debug.sh)
* Added Git Repo specific VARs: [lib_debug_var_git.sh](../lib/lib_git_var.sh)
* Added ``guard_sourcing()``: [lib_guard_sourcing.sh](../lib/lib_guard_sourcing.sh)
  * to prevent the caller LIB-file from being sourced twice.

## V8.03.768.2025.06.19

* Minor main script improvements.
* Updated [lib_usage.sh](../lib/lib_usage.sh) output.

## V8.03.768.2025.06.18

* Minor main script improvements.
* Updated contact section.
* Integrated third ``dns03.eddns.eu`` Centurion DNS Resolver.

## V8.03.768.2025.06.17

* Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.30+bpo-amd64``

## V8.03.768.2025.06.11

* Updated LIVE ISO workflows to use Kernel: ``linux-image-6.12.27+bpo-amd64``

## V8.03.768.2025.06.09

* Added: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
* Updated: [alias](../config/includes.chroot/root/.ciss/alias)
  * ``scurl()``
  * ``swget()``

## V8.03.644.2025.06.07

* Updated workflows ISO Generators Runners. 
* Installing ``bookworm-backports`` Versions of:
  * ``btrfs-progs``
  * ``curl``
  * ``debootstrap``
  * ``iproute2``
  * ``ncat``
  * ``nmap``
  * ``ssh``
  * ``systemd``
  * ``systemd-sysv``
  * ``whois``
* Changed default: ``/etc/login.defs`` ``LOGIN_TIMEOUT 60`` to: ``LOGIN_TIMEOUT 180``
* LIVE ISO generated by workflow tested against:
  * Netcup Root Server
  * Proxmox 
* LIVE ISO generated by script tested against:
  * Netcup Root Server

## V8.03.512.2025.06.06

* Updated workflows: 
  1. ``git stash push``
  2. ``git fetch origin master``
  3. ``git merge --no-edit origin/master``
  4. ``git stash pop``

* Changed workflows ISO Generators routines ``🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.``
  * added ``wget --https-only`` flag
  * added verification step

## V8.03.400.2025.06.05

* The workflow ISO Generators image was changed to ``debian:bookworm``.
* Added a LIVE ISO workflow routine to build GnuPG from sources, since Bookworm GPG does not recognize key format 5.
* Changed verbosity of:
  * [9993_aide.chroot](../config/hooks/live/9993_aide.chroot)
  * [9997_debsums.chroot](../config/hooks/live/9997_debsums.chroot)
* Added basic linter checks for:
  * **``*.sh``**,
  * **``*.zsh``**,
  * **``*.chroot``**,
  * all files with Shebang **``#``**! for:
    * Windows CRLF line endings
    * unauthorized control characters (C0 control characters except \t, \n)
    * non-ASCII (ambiguous UTF) characters
  * [linter_char_scripts.yaml](../.gitea/workflows/linter_char_scripts.yaml)

---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->