msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m46s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-08 06:56:13 +01:00
parent c8c72e8d64
commit 1715555a49
4 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.preseed/partitioning.yaml
View File

@@ -81,7 +81,7 @@ recipe:
version: "fat32" version: "fat32"
mount: mount:
enable: true # MUST be "true" for "/boot/efi" enable: true # MUST be "true" for "/boot/efi"
options: "noauto,umask=0077,uid=0,gid=0,nofail" options: "umask=0077,uid=0,gid=0"
optsnap: "" optsnap: ""
path: "/boot/efi" path: "/boot/efi"
primary: primary primary: primary
@@ -112,7 +112,7 @@ recipe:
options: "" options: ""
mount: mount:
enable: true enable: true
options: "noauto,nodev,nosuid,noexec,noatime,compress=no,discard=async" options: "nodev,nosuid,noexec,noatime,compress=no,discard=async"
optsnap: "" optsnap: ""
path: "/boot" path: "/boot"
primary: primary primary: primary
@@ -171,9 +171,9 @@ recipe:
mdup: "" mdup: ""
snapshot: false snapshot: false
format: true format: true
label: "host_swap" # MUST be "host_swap" for ephemeral "SWAP" label: "host_swap"
options: "" options: ""
version: "ext4" # MUST be "ext4" for ephemeral "SWAP" version: "ext4"
mount: mount:
enable: true enable: true
options: "defaults,discard" options: "defaults,discard"
@@ -204,7 +204,7 @@ recipe:
snapshot: false snapshot: false
format: true format: true
options: "" options: ""
version: "ext4" # MUST be "ext4" for ephemeral "/tmp" version: "ext4"
mount: mount:
enable: true enable: true
options: "defaults,rw,nodev,noexec,nosuid,noatime,discard,mode=1777" options: "defaults,rw,nodev,noexec,nosuid,noatime,discard,mode=1777"

3
func/cdi_3200_partitioning/3280_mount_partition.sh
View File

@@ -229,6 +229,9 @@ mount_partition() {
var_partuuid="${HMP_PATH_PARTUUID["${var_mount_path}"]}" var_partuuid="${HMP_PATH_PARTUUID["${var_mount_path}"]}"
### Gathering information for '/etc/fstab'-generation in 4040().
HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]="${var_mount_options}"
cryptsetup open --type plain \ cryptsetup open --type plain \
--key-file /dev/urandom \ --key-file /dev/urandom \
--cipher aes-xts-plain64 --key-size 512 \ --cipher aes-xts-plain64 --key-size 512 \

4
func/cdi_4200_boot/4200_generate_fstab.sh
View File

@@ -93,7 +93,7 @@ EOF
var_fs_uuid="/dev/mapper/${var_dmapper}" var_fs_uuid="/dev/mapper/${var_dmapper}"
var_fs_path="${var_path}" var_fs_path="${var_path}"
var_fs_type="${HMP_FSTAB_MOUNT_FTYPE["${var_path}"]}" var_fs_type="${HMP_FSTAB_MOUNT_FTYPE["${var_path}"]}"
var_fs_opts="${HMP_FSTAB_MOUNT_OPTS["${var_path}"]},x-systemd.makefs,x-systemd.fsck=no,nofail" var_fs_opts="${HMP_FSTAB_MOUNT_OPTS["${var_path}"]}"
var_fs_pass="0" var_fs_pass="0"
;; ;;
@@ -158,7 +158,7 @@ EOF
var_fs_uuid="/dev/mapper/${var_dmapper}" var_fs_uuid="/dev/mapper/${var_dmapper}"
var_fs_path="none" var_fs_path="none"
var_fs_type="swap" var_fs_type="swap"
var_fs_opts="defaults,discard,x-systemd.device-timeout=10s" var_fs_opts="${HMP_FSTAB_MOUNT_OPTS["$SWAP"]}"
var_fs_pass="0" var_fs_pass="0"
write_fstab "${var_fs_uuid}" "${var_fs_path}" "${var_fs_type}" "${var_fs_opts}" "${var_fs_pass}" write_fstab "${var_fs_uuid}" "${var_fs_path}" "${var_fs_type}" "${var_fs_opts}" "${var_fs_pass}"

12
func/cdi_4200_boot/4210_generate_crypttab.sh
View File

@@ -90,19 +90,19 @@ EOF
case "${var_key,,}" in case "${var_key,,}" in
"/") "/")
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1" write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,password-echo=masked,tries=1"
;; ;;
"/usr") "/usr")
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1" write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,password-echo=masked,tries=1"
;; ;;
"/boot") "/boot")
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,noauto" write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,password-echo=masked,tries=1"
;; ;;
*) *)
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1" write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,password-echo=masked,tries=1"
;; ;;
esac esac
@@ -125,11 +125,11 @@ EOF
case "${var_key,,}" in case "${var_key,,}" in
swap) swap)
write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "swap,cipher=aes-xts-plain64,size=512,discard" write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "cipher=aes-xts-plain64,size=512,discard,loud,swap"
;; ;;
/tmp) /tmp)
write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "plain,cipher=aes-xts-plain64,size=512,discard,nofail" write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "cipher=aes-xts-plain64,size=512,discard,loud,tmp=ext4"
chroot_script "${TARGET}" "systemctl unmask tmp.mount" chroot_script "${TARGET}" "systemctl unmask tmp.mount"
do_log "info" "file_only" "4210() Executed: [systemctl unmask tmp.mount]" do_log "info" "file_only" "4210() Executed: [systemctl unmask tmp.mount]"
chroot_script "${TARGET}" "systemctl disable tmp.mount" chroot_script "${TARGET}" "systemctl disable tmp.mount"