V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-08 06:56:13 +01:00
parent c8c72e8d64
commit 1715555a49
4 changed files with 16 additions and 13 deletions
--- a/.preseed/partitioning.yaml
+++ b/.preseed/partitioning.yaml
@@ -81,7 +81,7 @@ recipe:
            version: "fat32"
          mount:
            enable: true       # MUST be "true" for "/boot/efi"
-            options: "noauto,umask=0077,uid=0,gid=0,nofail"
+            options: "umask=0077,uid=0,gid=0"
            optsnap: ""
            path: "/boot/efi"
          primary: primary
@@ -112,7 +112,7 @@ recipe:
            options: ""
          mount:
            enable: true
-            options: "noauto,nodev,nosuid,noexec,noatime,compress=no,discard=async"
+            options: "nodev,nosuid,noexec,noatime,compress=no,discard=async"
            optsnap: ""
            path: "/boot"
          primary: primary
@@ -171,9 +171,9 @@ recipe:
              mdup: ""
              snapshot: false
            format: true
-            label: "host_swap" # MUST be "host_swap" for ephemeral "SWAP"
+            label: "host_swap"
            options: ""
-            version: "ext4"    # MUST be "ext4" for ephemeral "SWAP"
+            version: "ext4"
          mount:
            enable: true
            options: "defaults,discard"
@@ -204,7 +204,7 @@ recipe:
              snapshot: false
            format: true
            options: ""
-            version: "ext4"    # MUST be "ext4" for ephemeral "/tmp"
+            version: "ext4"
          mount:
            enable: true
            options: "defaults,rw,nodev,noexec,nosuid,noatime,discard,mode=1777"
--- a/func/cdi_3200_partitioning/3280_mount_partition.sh
+++ b/func/cdi_3200_partitioning/3280_mount_partition.sh
@@ -229,6 +229,9 @@ mount_partition() {

      var_partuuid="${HMP_PATH_PARTUUID["${var_mount_path}"]}"

+      ### Gathering information for '/etc/fstab'-generation in 4040().
+      HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]="${var_mount_options}"
+
      cryptsetup open --type plain \
        --key-file /dev/urandom \
        --cipher aes-xts-plain64 --key-size 512 \
--- a/func/cdi_4200_boot/4200_generate_fstab.sh
+++ b/func/cdi_4200_boot/4200_generate_fstab.sh
@@ -93,7 +93,7 @@ EOF
        var_fs_uuid="/dev/mapper/${var_dmapper}"
        var_fs_path="${var_path}"
        var_fs_type="${HMP_FSTAB_MOUNT_FTYPE["${var_path}"]}"
-        var_fs_opts="${HMP_FSTAB_MOUNT_OPTS["${var_path}"]},x-systemd.makefs,x-systemd.fsck=no,nofail"
+        var_fs_opts="${HMP_FSTAB_MOUNT_OPTS["${var_path}"]}"
        var_fs_pass="0"
        ;;

@@ -158,7 +158,7 @@ EOF
  var_fs_uuid="/dev/mapper/${var_dmapper}"
  var_fs_path="none"
  var_fs_type="swap"
-  var_fs_opts="defaults,discard,x-systemd.device-timeout=10s"
+  var_fs_opts="${HMP_FSTAB_MOUNT_OPTS["$SWAP"]}"
  var_fs_pass="0"
  write_fstab "${var_fs_uuid}" "${var_fs_path}" "${var_fs_type}" "${var_fs_opts}" "${var_fs_pass}"

--- a/func/cdi_4200_boot/4210_generate_crypttab.sh
+++ b/func/cdi_4200_boot/4210_generate_crypttab.sh
@@ -90,19 +90,19 @@ EOF
      case  "${var_key,,}" in

        "/")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,password-echo=masked,tries=1"
          ;;

        "/usr")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,password-echo=masked,tries=1"
          ;;

        "/boot")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,noauto"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,password-echo=masked,tries=1"
          ;;

        *)
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,password-echo=masked,tries=1"
          ;;

      esac
@@ -125,11 +125,11 @@ EOF
    case "${var_key,,}" in

      swap)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "swap,cipher=aes-xts-plain64,size=512,discard"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "cipher=aes-xts-plain64,size=512,discard,loud,swap"
        ;;

      /tmp)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "plain,cipher=aes-xts-plain64,size=512,discard,nofail"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "cipher=aes-xts-plain64,size=512,discard,loud,tmp=ext4"
        chroot_script "${TARGET}" "systemctl unmask tmp.mount"
        do_log "info" "file_only" "4210() Executed: [systemctl unmask tmp.mount]"
        chroot_script "${TARGET}" "systemctl disable tmp.mount"