V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/partitioning.yaml

@@ -207,7 +207,7 @@ recipe:
             version: "ext4"
           mount:
             enable: true
-            options: "defaults,rw,nodev,noexec,nosuid,noatime,discard,mode=1777"
+            options: "defaults,rw,nodev,noexec,nosuid,noatime,discard"
             optsnap: ""
             path: "/tmp"
           primary: primary

func/cdi_3200_partitioning/3220_partition_encryption.sh

@@ -23,7 +23,6 @@ guard_sourcing
 #   HMP_EPHEMERAL_FS_LABEL
 #   HMP_PATH_DEV_PART
 #   HMP_PATH_ENCLABEL
-#   HMP_PATH_FSUUID
 #   HMP_PATH_LUKSUUID
 #   VAR_CRYPT_BOOT
 #   VAR_CRYPT_RECOVERY
@@ -45,12 +44,8 @@ guard_sourcing
 #######################################
 partition_encryption() {
   ### Declare Arrays, HashMaps, and Variables.
-  declare -Ag HMP_PATH_LUKSUUID # Used in: 3290() - [Mount Path:LUKS UUID].
+  declare -Ag HMP_PATH_LUKSUUID      # Used in: 3290() - [Mount Path:LUKS UUID].
-      # Used in: 4210() - [Mount Path:LUKS UUID].
+                                     # Used in: 4210() - [Mount Path:LUKS UUID].
-  declare -Ag HMP_PATH_FSUUID        # Used in: 3240() - [Mount Path:Filesystem UUID].
-                                     # Used in: 3290() - [Mount Path:Filesystem UUID].
-                                     # Used in: 4200() - [Mount Path:Filesystem UUID].
-                                     # Used in: 4210() - [Mount Path:Filesystem UUID].
   declare -Ag HMP_EPHEMERAL_ENCLABEL # Used in: 4200() - [Mount Path:LUKS Encryption Label].
   declare -Ag HMP_EPHEMERAL_FS_LABEL # Used in: 4210() - [Mount Path:Ephemeral Host FS Label]. Substituted by FS-UUID
 
@@ -63,7 +58,7 @@ partition_encryption() {
               var_encryption_ephemeral="" var_encryption_integrity="" var_encryption_cipher="" var_encryption_hash="" \
               var_encryption_key="" var_encryption_label="" var_encryption_meta="" var_encryption_slot="" \
               var_encryption_pbkdf="" var_encryption_rng="" var_filesystem_label="" var_mount_path="" var_uuid="" var_fs="" \
-              var_fs_uuid="" var_luks_backup_file="" var_luks_backup_name=""
+              var_luks_backup_file="" var_luks_backup_name=""
 
   declare -a  ary_luks_opts=()
 

func/cdi_3200_partitioning/3240_partition_formatting.sh

@@ -63,6 +63,7 @@ partition_formatting() {
         ### Nothing more to do here.
         continue
         ;;
+      *) : ;;
     esac
 
     if [[ "${var_encryption_enable,,}" == "true" ]]; then

func/cdi_3200_partitioning/3280_mount_partition.sh

@@ -366,6 +366,10 @@ mount_partition() {
         do_log "info" "file_only" "3280() Mounted: '${var_fs_uuid}' on: '${TARGET}${var_mount_path}' Options='${var_mount_options}'."
         ;;
 
+      *)
+        do_log "info" "file_only" "3280() No valid FS found for: '${var_mount_path}'."
+        ;;
+
       esac
 
     var_dev="${var_dev_part%.*}"

func/cdi_4200_boot/4200_generate_fstab.sh

@@ -149,6 +149,9 @@ EOF
         continue
         ;;
 
+      *)
+        do_log "info" "file_only" "4200() No valid FS found for: '${var_fs_path}'."
+
     esac
 
   done

func/cdi_4200_boot/4210_generate_crypttab.sh

@@ -90,19 +90,19 @@ EOF
       case  "${var_key,,}" in
 
         "/")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,same-cpu-crypt,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,luks,same-cpu-crypt,tries=1"
           ;;
 
         "/usr")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,same-cpu-crypt,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,luks,same-cpu-crypt,tries=1"
           ;;
 
         "/boot")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_boot" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,same-cpu-crypt,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_boot" "check,discard,initramfs,keyscript=decrypt_keyctl,luks,same-cpu-crypt,tries=1"
           ;;
 
         *)
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,same-cpu-crypt,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,luks,same-cpu-crypt,tries=1"
           ;;
 
       esac
@@ -125,13 +125,17 @@ EOF
     case "${var_key,,}" in
 
       swap)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "cipher=aes-xts-plain64,size=512,discard,loud,swap"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,loud,swap"
         ;;
 
       /tmp)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "cipher=aes-xts-plain64,size=512,discard,loud,tmp=ext4"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,loud,tmp=ext4"
-        chroot_script "${TARGET}" "systemctl unmask tmp.mount"
+        mkdir -p "${TARGET}/etc/tmpfiles.d"
-        do_log "info" "file_only" "4210() Executed: [systemctl unmask tmp.mount]"
+        insert_header   "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
+        insert_comments "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
+        cat << 'EOF' >> "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
+d /tmp 1777 root root -
+EOF
         ;;
 
       *)