V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/partitioning/3220_partition_encryption.sh

@@ -49,7 +49,7 @@ partition_encryption() {
   declare -gx VAR_CRYPT_ROOT=""      # LUKS UUID of '/'.
   declare -gx VAR_CRYPT_RECOVERY=""  # LUKS UUID of '/recovery'.
 
-  declare     var_encryption_path="" var_dev_part="" \
+  declare     var_encryption_path="" var_dev_part="" var_dev="" \
               var_encryption_ephemeral="" var_encryption_integrity="" var_encryption_cipher="" var_encryption_hash="" \
               var_encryption_key="" var_encryption_label="" var_encryption_meta="" var_encryption_slot="" \
               var_encryption_pbkdf="" var_encryption_rng="" var_filesystem_label="" var_mount_path="" var_uuid="" var_fs=""
@@ -63,6 +63,7 @@ partition_encryption() {
 
     ### Generates physical device location.
     var_dev_part="${HMP_PATH_DEV_PART["${var_encryption_path}"]}"
+    var_dev="${var_dev_part//./}"
 
     ### Extract parameters from YAML.
     var_encryption_ephemeral=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.encryption.ephemeral" "${VAR_SETUP_PART}")
@@ -118,10 +119,10 @@ partition_encryption() {
 
           var_filesystem_label=$(get_label "${var_encryption_path}" "${var_fs}" "file")
 
-          mkfs.ext4 -L "${var_filesystem_label}" "/dev/${var_dev_part}" 1M
-          do_log "info" "file_only" "3220() Ephemeral: '${var_encryption_path}' prepared on: '/dev/${var_dev_part}'."
+          mkfs.ext4 -L "${var_filesystem_label}" "/dev/${var_dev}" 1M
+          do_log "info" "file_only" "3220() Ephemeral: '${var_encryption_path}' prepared on: '/dev/${var_dev}'."
 
-          var_fs_uuid=$(blkid -s UUID -o value "${var_dev_part}")
+          var_fs_uuid=$(blkid -s UUID -o value "${var_dev}")
           ### Gathering information for '/etc/fstab'-generation in 4040() and '/etc/crypttab'-generation in 4060().
           # shellcheck disable=SC2034
           HMP_PATH_FSUUID["${var_encryption_path}"]="${var_fs_uuid}"
@@ -139,7 +140,7 @@ partition_encryption() {
 
         *)
 
-          do_log "error" "file_only" "3220() Invalid mount path: '${var_encryption_path}' for partition: '/dev/${var_dev_part}'."
+          do_log "error" "file_only" "3220() Invalid mount path: '${var_encryption_path}' for partition: '/dev/${var_dev}'."
           ### There is no other need to implement ephemeral devices.
           continue
           ;;
@@ -148,40 +149,40 @@ partition_encryption() {
 
     fi
 
-    cryptsetup luksFormat "${ary_luks_opts[@]}" "/dev/${var_dev_part}"
+    cryptsetup luksFormat "${ary_luks_opts[@]}" "/dev/${var_dev}"
 
     if [[ "${var_encryption_integrity,,}" == "true" ]]; then
 
-      do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev_part}]."
-      do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' dm-integrity encrypted."
+      do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev}]."
+      do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' dm-integrity encrypted."
 
     else
 
-      do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev_part}]."
-      do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' encrypted."
+      do_log "debug" "file_only" "3220() [cryptsetup luksFormat ${ary_luks_opts[*]} /dev/${var_dev}]."
+      do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' encrypted."
 
     fi
 
-    cryptsetup luksHeaderBackup --header-backup-file="${DIR_BAK}/luks_header_${var_dev_part}.bak" "/dev/${var_dev_part}"
-    do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' LUKS Header saved: '${DIR_BAK}/luks_header_${var_dev_part}.bak'."
+    cryptsetup luksHeaderBackup --header-backup-file="${DIR_BAK}/luks_header_${var_dev}.bak" "/dev/${var_dev}"
+    do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' LUKS Header saved: '${DIR_BAK}/luks_header_${var_dev}.bak'."
 
     ### Opening encrypted container.
     if [[ "${var_encryption_path,,}" == "/boot" ]]; then
-      cryptsetup luksOpen "/dev/${var_dev_part}" \
+      cryptsetup luksOpen "/dev/${var_dev}" \
         --key-file="${DIR_CNF}/password_luks_boot.txt" \
         "${var_encryption_label}"
     else
-      cryptsetup luksOpen "/dev/${var_dev_part}" \
+      cryptsetup luksOpen "/dev/${var_dev}" \
         --key-file="${DIR_CNF}/password_luks_common.txt" \
         "${var_encryption_label}"
     fi
-    do_log "info" "file_only" "3220() Partition: '/dev/${var_dev_part}' opened as '/dev/mapper/${var_encryption_label}'."
+    do_log "info" "file_only" "3220() Partition: '/dev/${var_dev}' opened as '/dev/mapper/${var_encryption_label}'."
 
     ### Create luksDump log entry.
-    cryptsetup luksDump "/dev/${var_dev_part}" >> "${DIR_LOG}/cryptsetup_luksdump_${var_dev_part}.log"
+    cryptsetup luksDump "/dev/${var_dev}" >> "${DIR_LOG}/cryptsetup_luksdump_${var_dev}.log"
 
     ### Store UUID of the LUKS container.
-    var_uuid=$(blkid -s UUID -o value "/dev/${var_dev_part}")
+    var_uuid=$(blkid -s UUID -o value "/dev/${var_dev}")
 
     [[ "${var_encryption_path}" == "/" ]] && declare -grx VAR_CRYPT_ROOT="${var_uuid}"
     [[ "${var_encryption_path}" == "/recovery" ]] && declare -grx VAR_CRYPT_RECOVERY="${var_uuid}"