V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/partitioning.yaml

@@ -176,7 +176,7 @@ recipe:
             version: "ext4"
           mount:
             enable: true
-            options: "defaults,discard"
+            options: "defaults"
             optsnap: ""
             path: "SWAP"
           primary: primary

ciss_debian_installer.sh

@@ -426,6 +426,9 @@ info_echo "4630_auditing_packages.sh [${TARGET}]"
 auditing_packages
 
 ### CDI_4900
+info_echo "4900_final_command.sh [${TARGET}]"
+final_commands
+
 info_echo "4999_exiting_chroot_system.sh [${TARGET}]"
 exiting_chroot_system
 

func/cdi_4200_boot/4210_generate_crypttab.sh

@@ -125,11 +125,11 @@ EOF
     case "${var_key,,}" in
 
       swap)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,loud,swap"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,swap"
         ;;
 
       /tmp)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,loud,tmp=ext4"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,tmp=ext4"
         mkdir -p "${TARGET}/etc/tmpfiles.d"
         insert_header   "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
         insert_comments "${TARGET}/etc/tmpfiles.d/10-tmp.conf"

func/cdi_4900_xtended/4900_final_command.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Exiting chroot of the target system.
+# Globals:
+#   RECOVERY
+#   TARGET
+#   VAR_CHROOT_ACTIVATED
+#   VAR_NEED_RUN_IN_TARGET
+#   VAR_RUN_RECOVERY
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+final_commands() {
+  ### Declare Arrays, HashMaps, and Variables.
+  declare -r  var_logfile="/root/.ciss/cdi/log/4900_final_command.log"
+  declare     var_target="${TARGET}"
+
+  ### Check for TARGET / RECOVERY.
+  [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
+
+  chroot_logger "${var_target}${var_logfile}"
+
+  chroot_script "${var_target}" "
+    updatedb | tee -a ${var_logfile}
+  "
+
+  guard_dir && return 0
+}
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f final_commands
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

func/cdi_4900_xtended/4999_exiting_chroot_system.sh

@@ -15,8 +15,11 @@ guard_sourcing
 #######################################
 # Exiting chroot of the target system.
 # Globals:
+#   RECOVERY
 #   TARGET
+#   VAR_CHROOT_ACTIVATED
 #   VAR_NEED_RUN_IN_TARGET
+#   VAR_RUN_RECOVERY
 # Arguments:
 #   None
 # Returns:
@@ -27,17 +30,22 @@ exiting_chroot_system() {
   declare -a  ary_umount=( "/sys/fs/cgroup" "/dev/hugepages" "/dev/mqueue" "/dev/shm" "/dev/pts" "/proc" "/sys" "/dev" )
   declare     var_path=""
 
+  declare     var_target="${TARGET}"
+
+  ### Check for TARGET / RECOVERY.
+  [[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
+
   for var_path in "${ary_umount[@]}"; do
 
-    umount -l "${TARGET}${var_path}" 2>/dev/null || true
+    umount -l "${var_target}${var_path}" 2>/dev/null || true
-    do_log "info" "file_only" "4999() Command: [umount -l ${TARGET}${var_path} 2>/dev/null || true] issued."
+    do_log "info" "file_only" "4999() Command: [umount -l ${var_target}${var_path} 2>/dev/null || true] issued."
 
   done
 
   if [[ "${VAR_NEED_RUN_IN_TARGET:-false}" == "true" ]]; then
 
-    umount -l "${TARGET}/run" 2>/dev/null || true
+    umount -l "${var_target}/run" 2>/dev/null || true
-    do_log "info" "file_only" "4999() Command: [umount -l ${TARGET}/run 2>/dev/null || true] issued."
+    do_log "info" "file_only" "4999() Command: [umount -l ${var_target}/run 2>/dev/null || true] issued."
 
   fi
 
@@ -45,4 +53,7 @@ exiting_chroot_system() {
 
   guard_dir && return 0
 }
+### Prevents accidental 'unset -f'.
+# shellcheck disable=SC2034
+readonly -f exiting_chroot_system
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh

meta_loader_func.sh

@@ -108,6 +108,7 @@ source_guard "./func/cdi_4600_packages/4620_installation_verification.sh"
 source_guard "./func/cdi_4600_packages/4630_auditing_packages.sh"
 
 ### cdi_4900_xtended
+source_guard "./func/cdi_4900_xtended/4900_final_command.sh"
 source_guard "./func/cdi_4900_xtended/4999_exiting_chroot_system.sh"
 
 ### cdi_5000_recovery