msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m0s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-27 23:14:35 +02:00
parent cbb9f6cec0
commit 0fe2a74bf0
11 changed files with 73 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
func/system/4060_generate_crypttab.sh
View File

@@ -27,7 +27,7 @@ guard_sourcing
write_crypttab() {
declare _label="$1" _device="$2" _key_file="$3" _opts="$4"
printf "%s %s %s %s\n" "${_label}" "${_device}" "${_key_file}" "${_opts}" >> "${TARGET}/etc/crypttab"
do_log "info" "file_only" "crypttab entry generated: '${_label} ${_device} ${_key_file} ${_opts}'."
do_log "info" "file_only" "4060() crypttab entry generated: [${_label} ${_device} ${_key_file} ${_opts}]."
return 0
}
@@ -55,17 +55,27 @@ generate_crypttab() {
chmod 0600 "${TARGET}/etc/crypttab"
cat << 'EOF' >> "${TARGET}/etc/crypttab"
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
# /etc/crypttab: static file system information.
#
# Basic rule: 'discard' / 'nodiscard' are normally only set in '/etc/crypttab' when LUKS/dm-crypt is in use.
# Options like 'discard=async' or similar are typically only set in '/etc/fstab' (at the file system level).
# The crypttab determines whether the underlying encrypted device (LUKS/dm-crypt) passes TRIM commands to the
# physical drive or not. The fstab determines whether and how the file system itself generates the discard
# operations and sends them down through the LUKS layer.
# Basic rule: 'discard' / 'nodiscard' are normally only set in '/etc/crypttab' when LUKS/dm-crypt is in use. Options like
# 'discard=async' or similar are typically only set in '/etc/fstab' (at the file system level). The crypttab determines whether
# the underlying encrypted device (LUKS/dm-crypt) passes TRIM commands to the physical drive or not. The '/etc/fstab' determines
# whether and how the file system itself generates the discard operations and sends them down through the LUKS layer.
#
# RECOMMENDED: 'discard' enables the TRIM commands to be forwarded by the dm-crypt layer to the SSD/physical
# device. If you do not specify discard in the crypttab, dm-crypt blocks TRIM by default. This would render a
# discard in the fstab ineffective.
# RECOMMENDED: 'discard' enables the TRIM commands to be forwarded by the dm-crypt layer to the SSD/physical device. If ones do
# not specify discard in the '/etc/crypttab', dm-crypt blocks TRIM by default. This would render a discard in the '/etc/fstab'
# ineffective.
#
# <name> <device> <password-file-or-none> <options>