V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/partitioning.yaml

@@ -9,38 +9,31 @@
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
 recipe:
-  guben0afx256r:
-    active: true
+  guben0afx256r:               # g=GPT || m=MBR
+                               # u=UEFI || b=BIOS
+                               # b=btrfs || 4=ext4 only
+                               # e=ephemeral "/tmp" and "SWAP" || n=non-ephemeral "/tmp" and "SWAP" (yet not supported)
+                               # n0=non RAID || m6=mdadm RAID6 || m5=mdadm RAID5 || b1=btrfs RAID1 (yet not supported)
+                               # a="/dev/sda" only setup || b="/dev/sdb" || c="/dev/sdc" and so forth
+                               # f=fixed size || a=automatic size (yet not supported)
+                               # x256=size of device in GiB
+                               # r=rescue partition || n=no rescue partition
+    active: true               # Choose this recipe.
     control:
-      ### g=GPT || m=MBR
-      ### u=UEFI || b=BIOS
-      ### b=btrfs || 4=ext4 only
-      ### e=ephemeral "/tmp" and "SWAP" || n=non-ephemeral "/tmp" and "SWAP" (yet not supported)
-      ### n0=non RAID || m6=mdadm RAID6 || m5=mdadm RAID5 || b1=btrfs RAID1
-      ### a="/dev/sda" only setup || b="/dev/sdb" || c="/dev/sdc" and so forth
-      ### f=fixed size || a=automatic size
-      ### x256=size of device in GiB
-      ### r=rescue partition || n=no rescue partition
-      description: "Default: CISS 2025 - GPT - BTRFS - Ephemeral - non RAID - 256GiB - rescue"
-      ### MUST be "UEFI" for "gpt" || "BIOS":
-      firmware: "UEFI"
-      ### MUST be equal to the second part of the recipe-variables string.
-      id: "guben0afx256r"
+      description: "CISS 2025 - GPT - BTRFS - Ephemeral - non RAID - 256GiB - rescue"
+      firmware: "UEFI"         # MUST be "UEFI" for "gpt" || "BIOS":
+      id: "guben0afx256r"      # MUST be equal to the second part of the recipe-variables string.
       name: "ciss.2025.gpt.btrfs.ephemeral.non-raid.256GiB.rescue"
-      ### mdadm RAID settings only (not yet supported)
-      raid:
+      raid:                    # mdadm RAID settings only (not yet supported).
         enable: false
         disks:
           member: 4
           spare: 1
-        ### Only Level "1", "5", "6" and "10" are supported
-        level: 6
-      ### MUST be "gpt" for "UEFI" || "msdos":
-      table: "gpt"
-      ### Only set to "true" if the recipe is tested by the authors. Otherwise, this is set to "false" by default.
-      syntax: true
+        level: 6               # Only Level "1", "5", "6" and "10" are supported.
+      table: "gpt"             # MUST be "gpt" for "UEFI" || "msdos":
+      syntax: true             # This is set to "false" by default, otherwise if the recipe is tested by the authors to "true".
       ### Version of the specific recipe.
-      version: "1.1.1"
+      version: "1.1.2"
     dev:
       sda:
         1:
@@ -48,14 +41,10 @@ recipe:
           end: "512MiB"
           bootable: true
           encryption:
-            ### MUST be "false" for "/boot/efi":
-            enable: false
-            ### MUST be "false" for "/boot/efi":
-            ephemeral: false
-            ### MUST be "false" for "/boot/efi":
-            integrity: false
-            ### MUST be "false" for "/boot/efi":
-            nuke: false
+            enable: false      # MUST be "false" for "/boot/efi"
+            ephemeral: false   # MUST be "false" for "/boot/efi"
+            integrity: false   # MUST be "false" for "/boot/efi"
+            nuke: false        # MUST be "false" for "/boot/efi"
             cipher: ""
             hash: ""
             itertime: ""
@@ -77,8 +66,8 @@ recipe:
             options: ""
             version: "fat32"
           mount:
-            enable: true
-            options: "defaults,nodev,nosuid,noexec,umask=0077"
+            enable: true       # MUST be "true" for "/boot/efi"
+            options: "umask=0077,uid=0,gid=0"
             optsnap: ""
             path: "/boot/efi"
           primary: primary
@@ -88,10 +77,8 @@ recipe:
           bootable: false
           encryption:
             enable: true
-            ### MUST be "false" for "/boot":
-            ephemeral: false
-            ### MUST be "false" for "/boot":
-            integrity: false
+            ephemeral: false   # MUST be "false" for "/boot"
+            integrity: false   # MUST be "false" for "/boot"
             nuke: true
             cipher: "aes-xts-plain64"
             hash: "sha512"
@@ -99,8 +86,7 @@ recipe:
             key: "512"
             label: "crypt_boot"
             metadatasize: "32MiB"
-            ### MUST be "pbkdf" for "/boot":
-            pbkdf: "pbkdf"
+            pbkdf: "pbkdf"     # MUST be "pbkdf" for "/boot"
             rng: "use-random"
           filesystem:
             btrfs:
@@ -115,8 +101,7 @@ recipe:
             label: "btrfs_boot"
             options: ""
           mount:
-            ### MUST be "true" for "/boot":
-            enable: true
+            enable: true       # MUST be "true" for "/boot"
             options: "defaults,nodev,nosuid,noexec,noatime,compress=no,discard=async,subvol=@boot"
             optsnap: ""
             path: "/boot"
@@ -161,14 +146,10 @@ recipe:
           end: "8GiB"
           bootable: false
           encryption:
-            ### MUST be "true" for ephemeral "SWAP":
-            enable: true
-            ### MUST be "true" for ephemeral "SWAP":
-            ephemeral: true
-            ### MUST be "false" for ephemeral "SWAP":
-            integrity: false
-            ### MUST be "false" for ephemeral "SWAP":
-            nuke: false
+            enable: true       # MUST be "true" for ephemeral "SWAP"
+            ephemeral: true    # MUST be "true" for ephemeral "SWAP"
+            integrity: false   # MUST be "false" for ephemeral "SWAP"
+            nuke: false        # MUST be "false" for ephemeral "SWAP"
             cipher: "aes-xts-plain64"
             hash: "sha512"
             itertime: "3000"
@@ -186,11 +167,9 @@ recipe:
               subvolume: ""
               snapshot: ""
             format: true
-            ### MUST be "crypt_swap_ephem" for "SWAP":
-            label: "crypt_swap_ephem"
+            label: "host_swap" # MUST be "host_swap" for ephemeral "SWAP"
             options: ""
-            ### MUST be "ext4" for ephemeral "SWAP":
-            version: "ext4"
+            version: "ext4"    # MUST be "ext4" for ephemeral "SWAP"
           mount:
             enable: true
             options: "defaults,discard"
@@ -202,14 +181,10 @@ recipe:
           end: "10GiB"
           bootable: false
           encryption:
-            ### MUST be "true" for ephemeral "/tmp":
-            enable: true
-            ### MUST be "true" for ephemeral "/tmp":
-            ephemeral: true
-            ### MUST be "false" for ephemeral "/tmp":
-            integrity: false
-            ### MUST be "false" for ephemeral "/tmp":
-            nuke: false
+            enable: true       # MUST be "true" for ephemeral "/tmp"
+            ephemeral: true    # MUST be "true" for ephemeral "/tmp"
+            integrity: false   # MUST be "false" for ephemeral "/tmp"
+            nuke: false        # MUST be "false" for ephemeral "/tmp"
             cipher: "aes-xts-plain64"
             hash: "sha512"
             itertime: "3000"
@@ -227,11 +202,9 @@ recipe:
               subvolume: ""
               snapshot: ""
             format: true
-            ### MUST be "crypt_tmp_ephem" for ephemeral "/tmp"
-            label: "crypt_tmp_ephem"
+            label: "host_tmp"  # MUST be "host_tmp" for ephemeral "/tmp"
             options: ""
-            ### MUST be "ext4" for ephemeral "/tmp"
-            version: "ext4"
+            version: "ext4"    # MUST be "ext4" for ephemeral "/tmp"
           mount:
             enable: true
             options: "defaults,rw,nodev,nosuid,noatime,discard,mode=1777"