CISS.debian.live.builder/docs/CHANGELOG.md

---
gitea: none
include_toc: true
---

# 1. CISS.debian.live.builder

**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.002.2025.08.11<br>

# 2. Changelog

## V8.13.002.2025.08.11
* **Added**: [lib_source_guard.sh](../lib/lib_source_guard.sh)
* **Bugfixes**: [9996_auditd.chroot](../config/hooks/live/9996_auditd.chroot)
* **Updated**: [bash.var.sh](../var/bash.var.sh)
* **Updated**: Support for Debian Trixie via Argument ``--trixie``
* **Updated**: LIVE ISO workflows to use Kernel: ``linux-image-6.1.0-37-amd64``

## V8.03.920.2025.08.07

* **Updated**: [lib_arg_parser.sh](../lib/lib_arg_parser.sh)
* **Updated**: [ciss_live_builder.sh](../ciss_live_builder.sh)
* **Updated**: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)

## V8.03.912.2025.07.23

* **Updated**: [alias](../config/includes.chroot/root/.ciss/alias)
* **Updated**: [clean_logout.sh](../config/includes.chroot/root/.ciss/clean_logout.sh)
* **Updated**: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
* **Updated**: [scan_libwrap](../config/includes.chroot/root/.ciss/scan_libwrap)
* **Updated**: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
* **Updated**: [.bashrc](../config/includes.chroot/root/.bashrc)

## V8.03.896.2025.07.22

* **Added**: [.shellcheckrc](../.shellcheckrc)
* **Bugfixes**: [ciss_live_builder.sh](../ciss_live_builder.sh)
* **Updated**: [0810_chrony_setup.chroot](../config/hooks/live/0810_chrony_setup.chroot)

## V8.03.880.2025.07.19

* **Updated**: [alias](../config/includes.chroot/root/.ciss/alias)
* **Updated**: [shortcuts](../config/includes.chroot/root/.ciss/shortcuts)
* **Added**: Package ``ncdu``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)
* **Added**: ``TrustedUserCAKeys none``: [sshd_config](../config/includes.chroot/etc/ssh/sshd_config)

## V8.03.864.2025.07.15

* **Updated**: [0010_dhcp_supersede.sh](../scripts/0010_dhcp_supersede.sh)
* **Added**: [BOOTPARAMS.md](BOOTPARAMS.md)
* **Added**: Package ``cpuid``: [live.list.common.chroot](../config/package-lists/live.list.common.chroot)

## V8.03.832.2025.06.25

* **Added**: [lib_version.sh](../lib/lib_version.sh)
* **Updated**:
  * [lib_contact.sh](../lib/lib_contact.sh)
  * [lib_usage.sh](../lib/lib_usage.sh)
* **Packages added**:
  * https://packages.debian.org/bookworm/fio
  * https://packages.debian.org/bookworm/stress 
* **Updated**: Timezone changed to ``Etc/UTC``

## V8.03.832.2025.06.24

* **Updated**:
  * [lib_check_provider.sh](../lib/lib_check_provider.sh)
  * [lib_debug_header.sh](../lib/lib_debug_header.sh)
  * [lib_trap_on_err.sh](../lib/lib_trap_on_err.sh)
* **Added**: The Debian package ``bat`` will be installed to enable smooth log reading.

## V8.03.768.2025.06.23

* **Updated**: [lib_clean_up.sh](../lib/lib_clean_up.sh): Removal of Lock FD and Artifacts.
* Rearranged VARs sourcing: [early.var.sh](../var/early.var.sh)
* Rearranged DEBUG XTRACE sourcing: [meta_sources_debug.sh](../meta_sources_debug.sh)
* **Added**: Git Repo specific VARs: [lib_debug_var_git.sh](../lib/lib_git_var.sh)
* **Added**: ``guard_sourcing()``: [lib_guard_sourcing.sh](../lib/lib_guard_sourcing.sh)
  to prevent the caller LIB-file from being sourced twice.

## V8.03.768.2025.06.19

* Minor main script improvements.
* **Updated**: [lib_usage.sh](../lib/lib_usage.sh) output.

## V8.03.768.2025.06.18

* Minor main script improvements.
* **Updated**: Contact section.
* Integrated third ``dns03.eddns.eu`` Centurion DNS Resolver.

## V8.03.768.2025.06.17

* **Updated**: LIVE ISO workflows to use Kernel: ``linux-image-6.12.30+bpo-amd64``

## V8.03.768.2025.06.11

* **Updated**: LIVE ISO workflows to use Kernel: ``linux-image-6.12.27+bpo-amd64``

## V8.03.768.2025.06.09

* **Added**: [f2bchk.sh](../config/includes.chroot/root/.ciss/f2bchk.sh)
* **Updated**: [alias](../config/includes.chroot/root/.ciss/alias)
  * ``scurl()``
  * ``swget()``

## V8.03.644.2025.06.07

* **Updated**: Workflows ISO Generators Runners. 
* Installing ``bookworm-backports`` Versions of:
  * ``btrfs-progs``
  * ``curl``
  * ``debootstrap``
  * ``iproute2``
  * ``ncat``
  * ``nmap``
  * ``ssh``
  * ``systemd``
  * ``systemd-sysv``
  * ``whois``
* Changed default: ``/etc/login.defs`` ``LOGIN_TIMEOUT 60`` to: ``LOGIN_TIMEOUT 180``
* LIVE ISO generated by workflow tested against:
  * Netcup Root Server
  * Proxmox 
* LIVE ISO generated by script tested against:
  * Netcup Root Server

## V8.03.512.2025.06.06

* **Updated**: Workflows: 
  1. ``git stash push``
  2. ``git fetch origin master``
  3. ``git merge --no-edit origin/master``
  4. ``git stash pop``

* Changed workflows ISO Generators routines ``🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.``
  * added ``wget --https-only`` flag
  * added verification step

## V8.03.400.2025.06.05

* The workflow ISO Generators image was changed to ``debian:bookworm``.
* Added a LIVE ISO workflow routine to build GnuPG from sources, since Bookworm GPG does not recognize key format 5.
* Changed verbosity of:
  * [9993_aide.chroot](../config/hooks/live/9993_aide.chroot)
  * [9997_debsums.chroot](../config/hooks/live/9997_debsums.chroot)
* Added basic linter checks for:
  * **``*.sh``**,
  * **``*.zsh``**,
  * **``*.chroot``**,
  * all files with Shebang **``#``**! for:
    * Windows CRLF line endings
    * unauthorized control characters (C0 control characters except \t, \n)
    * non-ASCII (ambiguous UTF) characters
  * [linter_char_scripts.yaml](../.gitea/workflows/linter_char_scripts.yaml)

---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->