msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 39s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m45s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-20 19:43:09 +02:00
parent 55a0cb6884
commit e1f09ca170
27 changed files with 1100 additions and 909 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
func/4060_generate_crypttab.sh
View File

@@ -26,8 +26,8 @@ guard_sourcing
#######################################
write_crypttab() {
declare _label="$1" _device="$2" _key_file="$3" _opts="$4"
printf "%s %s %s %s\n" "${_label}" "${_device}" "${_key_file}" "${_opts}" >> "${TARGET}/etc/crypttab"
do_log "info" "true" "crypttab entry generated: '${_label} ${_device} ${_key_file} ${_opts}'."
printf "%s %s %s %s\n" "${_label}" "${_device}" "${_key_file}" "${_opts}" >> "${TARGET}/etc/crypttab"
do_log "info" "true" "crypttab entry generated: '${_label} ${_device} ${_key_file} ${_opts}'."
return 0
}
@@ -39,9 +39,10 @@ write_crypttab() {
# HMP_PATH_ENCLABEL
# HMP_PATH_LUKSUUID
# TARGET
# VAR_NUKE
# dropbear_boot
# Arguments:
# None
# None
# Returns:
# 0: on success
#######################################
@@ -49,6 +50,7 @@ generate_crypttab() {
declare var_key var_encryption_label var_luks_uuid
### Generate '${TARGET}/etc/crypttab' header.
install -d -m 0755 "${TARGET}/etc"
: >| "${TARGET}/etc/crypttab"
chmod 0600 "${TARGET}/etc/crypttab"
@@ -79,6 +81,13 @@ EOF
if [[ "${dropbear_boot,,}" == "true" ]]; then
if [[ "${VAR_NUKE,,}" == "true" && "${var_key,,}" == "/" ]]; then
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
continue
fi
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
else
@@ -98,14 +107,13 @@ EOF
case "${var_key}" in
SWAP)
write_crypttab "${var_ephemeral_enclabel}" "LABEL=${var_ephemeral_fs_label}" "/dev/random" "swap,offset=2048,cipher=aes-xts-plain64,size=512,sector-size=4096"
continue
;;
/tmp)
write_crypttab "${var_ephemeral_enclabel}" "LABEL=${var_ephemeral_fs_label}" "/dev/random" "offset=2048,cipher=aes-xts-plain64,size=512,sector-size=4096,tmp=ext4"
continue
;;
*)
do_log "error" "false" "Only 'SWAP' and '/tmp' are valid Partitions for Ephemeral Encryption. Given value was: '${var_key}'."
continue
;;
esac