V1.01.192.2025.06.06

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-06 18:16:53 +02:00
parent e199bde419
commit 1e6b128a57
14 changed files with 508 additions and 22 deletions
@@ -9,7 +9,7 @@
 # SPDX-PackageName: draft-weidner-catalog-rr-ext
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V1.01.128.2025.06.04
+### Version Master V1.01.192.2025.06.06
 name: Render README.md to README.html.
@@ -150,6 +150,15 @@ jobs:
              -o "${out}"
          done
      - name: 🚧 Stash local changes (including untracked).
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Temporarily store any local modifications or untracked files.
          git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
      - name: 🔄 Sync with remote before commit using merge strategy.
        shell: bash
        env:
@@ -168,6 +177,15 @@ jobs:
          git status
          git log --oneline -n 5
      - name: 🛠️ Restore stashed changes.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Apply previously stashed changes.
          git stash pop || echo "✔️ Nothing to pop."
      - name: 📦 Stage generated files.
        shell: bash
        env:
@@ -11,5 +11,5 @@
 build:
  counter: 0
-  version: Master V1.01.128.2025.06.04
+  version: Master V1.01.192.2025.06.06
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
@@ -0,0 +1,369 @@
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 ### Version Master V1.01.192.2025.06.06
 # Gitea Workflow: Shell-Script Linting
 #
 # This workflow scans all '*.sh', '*.zsh', '*.chroot' and all files with Shebang (#!) for:
 # 1. Windows CRLF line endings
 # 2. unauthorized control characters (C0 control characters except \t, \n)
 # 3. non-ASCII (ambiguous UTF) characters
 #
 # Findings are collected and at the end of the run with file, line number,
 # and the respective character in the Runner output.
 name: 🛡️ Shell Script Linting
 on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master
 jobs:
  shell-script-linter:
    name: 🛡️ Shell Script Linting
    runs-on: ubuntu-latest
    steps:
      - name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
        shell: bash
        run: |
          set -euo pipefail
          rm -rf ~/.ssh && mkdir -m700 ~/.ssh
          ### Private Key
          echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
          ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
          chmod 600 ~/.ssh/known_hosts
          ### Generate SSH Config for git.coresecret.dev Custom-Port
          cat <<EOF >| ~/.ssh/config
          Host git.coresecret.dev
            HostName git.coresecret.dev
            Port 42842
            IdentityFile ~/.ssh/id_ed25519
            StrictHostKeyChecking yes
            UserKnownHostsFile ~/.ssh/known_hosts
          EOF
          chmod 600 ~/.ssh/config
      ### https://github.com/actions/checkout/issues/1843
      - name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
        shell: bash
        env:
          ### GITHUB_REF_NAME contains the branch name from the push event.
          GITHUB_REF_NAME: ${{ github.ref_name }}
        run: |
          set -euo pipefail
          git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/draft-weidner-catalog-rr-ext.git .
          git fetch --unshallow || echo "Nothing to fetch - already full clone."
      - name: 🛠️ Cleaning the workspace.
        shell: bash
        run: |
          set -euo pipefail
          git reset --hard
          git clean -fd
      - name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
        shell: bash
        run: |
          set -euo pipefail
          ### GPG-Home relative to the Runner Workspace to avoid changing global files.
          export GNUPGHOME="$(pwd)/.gnupg"
          mkdir -m 700 "${GNUPGHOME}"
          echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
          gpg --batch --import ci-bot.sec.asc
          ### Trust the key automatically
          KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
          echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
      - name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
        shell: bash
        run: |
          set -euo pipefail
          export GNUPGHOME="$(pwd)/.gnupg"
          git config user.name "Marc S. Weidner BOT"
          git config user.email "msw+bot@coresecret.dev"
          git config commit.gpgsign true
          git config gpg.program gpg
          git config gpg.format openpgp
      - name: ⚙️ Convert APT sources to HTTPS.
        shell: bash
        run: |
          set -euo pipefail
          sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
          sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
      - name: 🛠️ Install dependencies.
        shell: bash
        run: |
          ### Install grep with Perl-regex support, falls noch nicht vorhanden
          apt-get update
          apt-get upgrade -y
          apt-get install -y grep
      - name: 🔍 Lint shell scripts
        shell: bash
        run: |
          # -------------------------------
          # STEP 1: Find target files.
          #
          # We capture:
          # - All files '*.sh', '*.rfc.xml'
          # - All files whose first line begins with “#!” (shebang)
          # -------------------------------
          mapfile -t files_to_check < <(
            find . -type f \( \
              -iname '*.sh' -o \
              -iname '*.rfc.xml' -o \
              -exec grep -Iq '^#!' {} \; \
            \) -print
          )
          # -------------------------------
          # STEP 2: Regex definitions
          #
          # - CRLF_REGEX             Carriage Return (\r) for Windows CRLF
          # - CTRL_REGEX             C0 control characters except Tab (\x09) and Newline (\x0A)
          #                          Range: [\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]
          # - NON_ASCII_REGEX        All bytes > 0x7F
          # - EMOJI_REGEX            Emoji characters in the ranges:
          #   - \x{1F300}-\x{1F5FF}  Miscellaneous Symbols & Pictographs
          #   - \x{1F600}-\x{1F64F}  Emoticons
          #   - \x{1F680}-\x{1F6FF}  Transport & Map Symbols
          #   - \x{1F900}-\x{1F9FF}  Supplemental Symbols & Pictographs
          #   - \x{2600}-\x{26FF}    Miscellaneous Symbols
          #   - \x{2700}-\x{27BF}    Dingbats
          # - BAD_WHITESPACE_REGEX   All whitespace characters except ASCII space (U+0020)
          #   - Tab (\x09)
          #   - No-Break Space (\xA0)
          #   - U+1680, U+2000–U+200A, U+202F, U+205F, U+3000
          # -------------------------------
          CRLF_REGEX=$'\r'
          CTRL_REGEX='[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]'
          NON_ASCII_REGEX='[^\x00-\x7F]'
          EMOJI_REGEX='[\x{1F300}-\x{1F5FF}\x{1F600}-\x{1F64F}\x{1F680}-\x{1F6FF}\x{1F900}-\x{1F9FF}\x{2600}-\x{26FF}\x{2700}-\x{27BF}]'
          BAD_WHITESPACE_REGEX='[\x09\xA0\x{1680}\x{2000}-\x{200A}\x{202F}\x{205F}\x{3000}]'
          # -------------------------------
          # STEP 3: Accumulator for findings
          # -------------------------------
          findings=""
          # -------------------------------
          # STEP 4: Perform all checks for each file
          # -------------------------------
          for file in "${files_to_check[@]}"; do
            #
            # 4.1: CRLF detection
            #      grep -nP returns "lineno:<Line-with-CRLF>"
            # -------------------------------
            while IFS=: read -r lineno _rest; do
              findings+="${file}: CRLF-found at line ${lineno}: <CR>"$'\n'
            done < <(grep -nP "${CRLF_REGEX}" "${file}" || true)
            #
            # 4.2: Unauthorized control characters
            #      grep -nP -o returns "lineno:<matched-char>"
            # -------------------------------
            while IFS=: read -r lineno char; do
              findings+="${file}: control-char at line ${lineno}: ${char}"$'\n'
            done < <(grep -nP -o "${CTRL_REGEX}" "${file}" || true)
            #
            # 4.3: Non-ASCII-characters
            #      grep -nP -o returns "lineno:<matched-char>"
            # -------------------------------
            while IFS=: read -r lineno char; do
              findings+="${file}: non-ascii at line ${lineno}: ${char}"$'\n'
            done < <(grep -nP -o "${NON_ASCII_REGEX}" "${file}" || true)
            #
            # 4.4: emoji recognition
            #      grep -nP -o returns "lineno:<matched-char>"
            # -------------------------------
            while IFS=: read -r lineno char; do
              findings+="${file}: emoji-found at line ${lineno}: ${char}"$'\n'
            done < <(grep -nP -o "${EMOJI_REGEX}" "${file}" || true)
            #
            # 4.5: Unauthorized spaces (whitespace except ASCII space)
            #      grep -nP -o returns "lineno:<matched-char>"
            # -------------------------------
            while IFS=: read -r lineno char; do
              # Make visible: Tab -> <TAB>, NBSP -> <NBSP>, other U+xxxx -> <U+xxxx>
              # We are creating a simple representation here by replacing unprintable
              # characters with their Unicode code points.
              # Example: ${char} could be "\t", we convert it to "<TAB>".
              if [[ "${char}" == $'\t' ]]; then
                display="<TAB>"
              elif [[ "${char}" == $'\xA0' ]]; then
                display="<NBSP>"
              else
                # Convert other Unicode whitespace to <U+XXXX>
                hex=$(printf '%04X' "'${char}")
                display="<U+${hex}>"
              fi
              findings+="${file}: bad-whitespace at line ${lineno}: ${display}"$'\n'
            done < <(grep -nP -o "${BAD_WHITESPACE_REGEX}" "${file}" || true)
          done
          # -------------------------------
          # STEP 5: Output results
          # -------------------------------
          if [[ -n "${findings}" ]]; then
            echo -e "⚠️ Linting issues detected:\n"
            echo -e "${findings}"
            timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
            PRIVATE_FILE="LINTER_RESULTS.txt"
            touch "${PRIVATE_FILE}"
            cat << EOF >| "${PRIVATE_FILE}"
          # SPDX-Version: 3.0
          # SPDX-CreationInfo: 2025-06-06; WEIDNER, Marc S.; <msw@coresecret.dev>
          # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
          # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
          # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
          # SPDX-FileType: SOURCE
          # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
          # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
          # SPDX-PackageName: CISS.debian.live.builder
          # SPDX-Security-Contact: security@coresecret.eu
          This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
          ⚠️ The last linter check was NOT successful. ⚠️
          # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
          EOF
          else
            echo "✅ No issues found in shell scripts or 'rfc.xml'."
            timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
            PRIVATE_FILE="LINTER_RESULTS.txt"
            touch "${PRIVATE_FILE}"
            cat << EOF >| "${PRIVATE_FILE}"
          # SPDX-Version: 3.0
          # SPDX-CreationInfo: 2025-06-05; WEIDNER, Marc S.; <msw@coresecret.dev>
          # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
          # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
          # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
          # SPDX-FileType: SOURCE
          # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
          # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
          # SPDX-PackageName: CISS.debian.live.builder
          # SPDX-Security-Contact: security@coresecret.eu
          This file was automatically generated by the DEPLOY BOT on: "${timestamp}".
          ✅ The last linter check was successful. ✅
          # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
          EOF
          fi
      - name: 🚧 Stash local changes (including untracked).
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Temporarily store any local modifications or untracked files.
          git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
      - name: 🔄 Sync with remote before commit using merge strategy.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          export GNUPGHOME="$(pwd)/.gnupg"
          echo "🔄 Fetching origin/master ..."
          git fetch origin master
          echo "🔁 Merging origin/master into current branch ..."
          git merge --no-edit origin/master || echo "✔️ Already up to date or fast-forward."
          echo "📋 Post-merge status :"
          git status
          git log --oneline -n 5
      - name: 🛠️ Restore stashed changes.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Apply previously stashed changes.
          git stash pop || echo "✔️ Nothing to pop."
      - name: 📦 Stage generated files.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          PRIVATE_FILE="LINTER_RESULTS.txt"
          git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
      - name: 🔑 Commit and sign changes with CI metadata.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          export GNUPGHOME="$(pwd)/.gnupg"
          if git diff --cached --quiet; then
            echo "✔️ No staged changes to commit."
          else
            echo "📝 Committing changes with GPG signature ..."
            ### CI Metadata
            TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
            HOSTNAME="$(hostname -f || hostname)"
            GIT_SHA="$(git rev-parse --short HEAD)"
            GIT_REF="$(git symbolic-ref --short HEAD || echo detached)"
            WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
            CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
            COMMIT_MSG="DEPLOY BOT: 🛡️ Shell Script Linting [skip ci]
          ${CI_HEADER}
          Generated at: ${TIMESTAMP_UTC}
          Runner Host : ${HOSTNAME}
          Workflow ID : ${WORKFLOW_ID}
          Git Commit  : ${GIT_SHA} HEAD -> ${GIT_REF}
          "
            echo "🔏 Commit message :"
            echo "${COMMIT_MSG}"
            git commit -S -m "${COMMIT_MSG}"
          fi
      - name: 🔁 Push back to repository.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          echo "📤 Pushing changes to ${GITHUB_REF_NAME} ..."
          git push origin HEAD:${GITHUB_REF_NAME}
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
@@ -9,9 +9,9 @@
 # SPDX-PackageName: draft-weidner-catalog-rr-ext
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V1.01.128.2025.06.04
+### Version Master V1.01.192.2025.06.06
-name: Retrieve DNSSEC status of coresecret.dev.
+name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
 permissions:
  contents: write
@@ -25,7 +25,7 @@ on:
 jobs:
  build-dnssec-diagram:
-    name: Retrieve DNSSEC status of coresecret.dev.
+    name: 🛡️ Retrieve DNSSEC status of coresecret.dev.
    runs-on: ubuntu-latest
    steps:
@@ -127,6 +127,15 @@ jobs:
          dnsviz probe -s 8.8.8.8 -R SOA,A,AAAA,CAA,CDS,CDNSKEY,LOC,HTTPS,MX,NS,TXT coresecret.dev >| coresecret.dev.json
          dnsviz graph -T png < coresecret.dev.json >| docs/SECURITY/coresecret.dev.png
      - name: 🚧 Stash local changes (including untracked).
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Temporarily store any local modifications or untracked files.
          git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
      - name: 🔄 Sync with remote before commit using merge strategy.
        shell: bash
        env:
@@ -145,6 +154,15 @@ jobs:
          git status
          git log --oneline -n 5
      - name: 🛠️ Restore stashed changes.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Apply previously stashed changes.
          git stash pop || echo "✔️ Nothing to pop."
      - name: 📦 Stage generated files.
        shell: bash
        env:
@@ -174,7 +192,7 @@ jobs:
            WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
            CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
-            COMMIT_MSG="DEPLOY BOT: Auto-Generate DNSSEC Status [skip ci]
+            COMMIT_MSG="DEPLOY BOT: 🛡️ Auto-Generate DNSSEC Status [skip ci]
          ${CI_HEADER}
@@ -9,9 +9,9 @@
 # SPDX-PackageName: draft-weidner-catalog-rr-ext
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V1.01.128.2025.06.04
+### Version Master V1.01.192.2025.06.06
-name: Render Graphviz Diagrams.
+name: 🔁 Render Graphviz Diagrams.
 permissions:
  contents: write
@@ -26,7 +26,7 @@ on:
 jobs:
  build-graphiz-diagrams:
-    name: Render Graphviz Diagrams.
+    name: 🔁 Render Graphviz Diagrams.
    runs-on: ubuntu-latest
    steps:
@@ -120,6 +120,15 @@ jobs:
            dot -Tpng "${file}" -o "${out}"
          done
      - name: 🚧 Stash local changes (including untracked).
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Temporarily store any local modifications or untracked files.
          git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
      - name: 🔄 Sync with remote before commit using merge strategy.
        shell: bash
        env:
@@ -138,6 +147,15 @@ jobs:
          git status
          git log --oneline -n 5
      - name: 🛠️ Restore stashed changes.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Apply previously stashed changes.
          git stash pop || echo "✔️ Nothing to pop."
      - name: 📦 Stage generated files.
        shell: bash
        env:
@@ -167,7 +185,7 @@ jobs:
            WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
            CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
-            COMMIT_MSG="DEPLOY BOT: DEPLOY BOT: Auto-Generate PNG from *.dot. [skip ci]
+            COMMIT_MSG="DEPLOY BOT: 🔁 Auto-Generate PNG from *.dot. [skip ci]
          ${CI_HEADER}
@@ -9,9 +9,9 @@
 # SPDX-PackageName: draft-weidner-catalog-rr-ext
 # SPDX-Security-Contact: security@coresecret.eu
-### Version Master V1.01.128.2025.06.04
+### Version Master V1.01.192.2025.06.06
-name: Render RFCXML to PDF.
+name: 🔁 Render RFCXML to PDF.
 permissions:
  contents: write
@@ -25,7 +25,7 @@ on:
 jobs:
  render-rfcxml-to-pdf:
-    name: Render RFCXML to PDF.
+    name: 🔁 Render RFCXML to PDF.
    runs-on: ubuntu-latest
    steps:
@@ -121,6 +121,15 @@ jobs:
            xml2rfc "${file}" --pdf -o "${out}"
          done
      - name: 🚧 Stash local changes (including untracked).
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Temporarily store any local modifications or untracked files
          git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
      - name: 🔄 Sync with remote before commit using merge strategy.
        shell: bash
        env:
@@ -139,6 +148,15 @@ jobs:
          git status
          git log --oneline -n 5
      - name: 🛠️ Restore stashed changes.
        shell: bash
        env:
          GIT_SSH_COMMAND: "ssh -p 42842"
        run: |
          set -euo pipefail
          ### Apply previously stashed changes.
          git stash pop || echo "✔️ Nothing to pop."
      - name: 📦 Stage generated files.
        shell: bash
        env:
@@ -168,7 +186,7 @@ jobs:
            WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}"
            CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}"
-            COMMIT_MSG="DEPLOY BOT: Auto-Generate PDFs from *.rfc.xml. [skip ci]
+            COMMIT_MSG="DEPLOY BOT: 🔁 Auto-Generate PDFs from *.rfc.xml. [skip ci]
          ${CI_HEADER}
@@ -15,5 +15,5 @@ properties_SPDX-License-Identifier="EUPL-1.2"
 properties_SPDX-LicenseComment="This file is part of the draft-weidner-catalog-rr-ext framework."
 properties_SPDX-PackageName="draft-weidner-catalog-rr-ext"
 properties_SPDX-Security-Contact="security@coresecret.eu"
-properties_version="V1.01.128.2025.06.04"
+properties_version="V1.01.192.2025.06.06"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
@@ -3,7 +3,7 @@ gitea: none
 include_toc: true
 ---
-[![Static Badge](https://badges.coresecret.dev/badge/Release-V1.01.128.2025.06.04-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/draft-weidner-catalog-rr-ext.git)
+[![Static Badge](https://badges.coresecret.dev/badge/Release-V1.01.192.2025.06.06-white?style=plastic&logo=linux&logoColor=white&logoSize=auto&label=Release&color=%23FCC624)](https://git.coresecret.dev/msw/draft-weidner-catalog-rr-ext.git)
 &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/Licence-EUPL1.2-white?style=plastic&logo=europeanunion&logoColor=white&logoSize=auto&label=Licence&color=%23003399)](https://eupl.eu/1.2/en/) &nbsp;
 [![Static Badge](https://badges.coresecret.dev/badge/opensourceinitiative-Compliant-white?style=plastic&logo=opensourceinitiative&logoColor=white&logoSize=auto&label=OSI&color=%233DA639)](https://opensource.org/license/eupl-1-2) &nbsp;
@@ -22,7 +22,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *RFC I-D draft-weidner-catalog-rr-ext*<br>
 **Master Version**: 1.00<br>
-**Build**: V1.01.128.2025.06.04<br>
+**Build**: V1.01.192.2025.06.06<br>
 The RFC I-D **draft-weidner-catalog-rr-ext** proposes an extension to the Certification Authority Authorization 
 (CAA) DNS Resource Record (RR) that enables the mandatory or optional binding of Certificate Transparency (CT) 
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *RFC I-D draft-weidner-catalog-rr-ext*<br>
 **Master Version**: 1.00<br>
-**Build**: V1.01.128.2025.06.04<br>
+**Build**: V1.01.192.2025.06.06<br>
 # 2. DNSSEC Status
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *RFC I-D draft-weidner-catalog-rr-ext*<br>
 **Master Version**: 1.00<br>
-**Build**: V1.01.128.2025.06.04<br>
+**Build**: V1.01.192.2025.06.06<br>
 # 2. TLS Audit
@@ -0,0 +1,45 @@
 ---
 gitea: none
 include_toc: true
 ---
 # 1. RFC I-D draft-weidner-catalog-rr-ext
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *RFC I-D draft-weidner-catalog-rr-ext*<br>
 **Master Version**: 1.00<br>
 **Build**: V1.01.192.2025.06.06<br>
 # 2. Changelog
 ## V1.01.192.2025.06.06
 * Updated workflows: 
  1. ``git stash push``
  2. ``git fetch origin master``
  3. ``git merge --no-edit origin/master``
  4. ``git stash pop``
 * Added basic linter checks for:
  * **``*.sh``**,
  * **``*.rfc.xml``**,
  * all files with Shebang **``#``**! for:
    * Carriage Return (\r) for Windows CRLF 
    * C0 control characters except Tab (\x09) and Newline (\x0A) 
    * Range: [\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]
    * All bytes > 0x7F
    * Emoji characters in the ranges:
      * \x{1F300}-\x{1F5FF} Miscellaneous Symbols & Pictographs
      * \x{1F600}-\x{1F64F} Emoticons
      * \x{1F680}-\x{1F6FF} Transport & Map Symbols
      * \x{1F900}-\x{1F9FF} Supplemental Symbols & Pictographs
      * \x{2600}-\x{26FF}   Miscellaneous Symbols
      * \x{2700}-\x{27BF}   Dingbats
    * All whitespace characters except ASCII space (U+0020)
    * Tab (\x09)
    * No-Break Space (\xA0)
    * U+1680, U+2000–U+200A, U+202F, U+205F, U+3000
  * [linter_char_scripts.yaml](../.gitea/workflows/linter_char_scripts.yaml)
 ---
 **[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
 <!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *RFC I-D draft-weidner-catalog-rr-ext*<br>
 **Master Version**: 1.00<br>
-**Build**: V1.01.128.2025.06.04<br>
+**Build**: V1.01.192.2025.06.06<br>
 # 2. Centurion Net - Developer Branch Overview
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *RFC I-D draft-weidner-catalog-rr-ext*<br>
 **Master Version**: 1.00<br>
-**Build**: V1.01.128.2025.06.04<br>
+**Build**: V1.01.192.2025.06.06<br>
 # 2. Contributing / participating
@@ -8,7 +8,7 @@ include_toc: true
 **Centurion Intelligence Consulting Agency Information Security Standard**<br>
 *RFC I-D draft-weidner-catalog-rr-ext*<br>
 **Master Version**: 1.00<br>
-**Build**: V1.01.128.2025.06.04<br>
+**Build**: V1.01.192.2025.06.06<br>
 # 2. Credits