V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-08 20:40:19 +01:00
parent cebff0653d
commit e782f3d966
6 changed files with 24 additions and 17 deletions
--- a/.preseed/partitioning.yaml
+++ b/.preseed/partitioning.yaml
@@ -207,7 +207,7 @@ recipe:
            version: "ext4"
          mount:
            enable: true
-            options: "defaults,rw,nodev,noexec,nosuid,noatime,discard,mode=1777"
+            options: "defaults,rw,nodev,noexec,nosuid,noatime,discard"
            optsnap: ""
            path: "/tmp"
          primary: primary
--- a/func/cdi_3200_partitioning/3220_partition_encryption.sh
+++ b/func/cdi_3200_partitioning/3220_partition_encryption.sh
@@ -23,7 +23,6 @@ guard_sourcing
 #   HMP_EPHEMERAL_FS_LABEL
 #   HMP_PATH_DEV_PART
 #   HMP_PATH_ENCLABEL
-#   HMP_PATH_FSUUID
 #   HMP_PATH_LUKSUUID
 #   VAR_CRYPT_BOOT
 #   VAR_CRYPT_RECOVERY
@@ -47,10 +46,6 @@ partition_encryption() {
  ### Declare Arrays, HashMaps, and Variables.
  declare -Ag HMP_PATH_LUKSUUID      # Used in: 3290() - [Mount Path:LUKS UUID].
                                     # Used in: 4210() - [Mount Path:LUKS UUID].
-  declare -Ag HMP_PATH_FSUUID        # Used in: 3240() - [Mount Path:Filesystem UUID].
-                                     # Used in: 3290() - [Mount Path:Filesystem UUID].
-                                     # Used in: 4200() - [Mount Path:Filesystem UUID].
-                                     # Used in: 4210() - [Mount Path:Filesystem UUID].
  declare -Ag HMP_EPHEMERAL_ENCLABEL # Used in: 4200() - [Mount Path:LUKS Encryption Label].
  declare -Ag HMP_EPHEMERAL_FS_LABEL # Used in: 4210() - [Mount Path:Ephemeral Host FS Label]. Substituted by FS-UUID

@@ -63,7 +58,7 @@ partition_encryption() {
              var_encryption_ephemeral="" var_encryption_integrity="" var_encryption_cipher="" var_encryption_hash="" \
              var_encryption_key="" var_encryption_label="" var_encryption_meta="" var_encryption_slot="" \
              var_encryption_pbkdf="" var_encryption_rng="" var_filesystem_label="" var_mount_path="" var_uuid="" var_fs="" \
-              var_fs_uuid="" var_luks_backup_file="" var_luks_backup_name=""
+              var_luks_backup_file="" var_luks_backup_name=""

  declare -a  ary_luks_opts=()

--- a/func/cdi_3200_partitioning/3240_partition_formatting.sh
+++ b/func/cdi_3200_partitioning/3240_partition_formatting.sh
@@ -63,6 +63,7 @@ partition_formatting() {
        ### Nothing more to do here.
        continue
        ;;
+      *) : ;;
    esac

    if [[ "${var_encryption_enable,,}" == "true" ]]; then
--- a/func/cdi_3200_partitioning/3280_mount_partition.sh
+++ b/func/cdi_3200_partitioning/3280_mount_partition.sh
@@ -366,6 +366,10 @@ mount_partition() {
        do_log "info" "file_only" "3280() Mounted: '${var_fs_uuid}' on: '${TARGET}${var_mount_path}' Options='${var_mount_options}'."
        ;;

+      *)
+        do_log "info" "file_only" "3280() No valid FS found for: '${var_mount_path}'."
+        ;;
+
      esac

    var_dev="${var_dev_part%.*}"
--- a/func/cdi_4200_boot/4200_generate_fstab.sh
+++ b/func/cdi_4200_boot/4200_generate_fstab.sh
@@ -149,6 +149,9 @@ EOF
        continue
        ;;

+      *)
+        do_log "info" "file_only" "4200() No valid FS found for: '${var_fs_path}'."
+
    esac

  done
--- a/func/cdi_4200_boot/4210_generate_crypttab.sh
+++ b/func/cdi_4200_boot/4210_generate_crypttab.sh
@@ -90,19 +90,19 @@ EOF
      case  "${var_key,,}" in

        "/")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,same-cpu-crypt,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,luks,same-cpu-crypt,tries=1"
          ;;

        "/usr")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,same-cpu-crypt,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,luks,same-cpu-crypt,tries=1"
          ;;

        "/boot")
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_boot" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,same-cpu-crypt,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_boot" "check,discard,initramfs,keyscript=decrypt_keyctl,luks,same-cpu-crypt,tries=1"
          ;;

        *)
-          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,loud,luks,same-cpu-crypt,tries=1"
+          write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "pw_main" "check,discard,initramfs,keyscript=decrypt_keyctl,luks,same-cpu-crypt,tries=1"
          ;;

      esac
@@ -125,13 +125,17 @@ EOF
    case "${var_key,,}" in

      swap)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "cipher=aes-xts-plain64,size=512,discard,loud,swap"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,loud,swap"
        ;;

      /tmp)
-        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/urandom" "cipher=aes-xts-plain64,size=512,discard,loud,tmp=ext4"
-        chroot_script "${TARGET}" "systemctl unmask tmp.mount"
-        do_log "info" "file_only" "4210() Executed: [systemctl unmask tmp.mount]"
+        write_crypttab "${var_ephemeral_enclabel}" "PARTUUID=${var_host_partuuid}" "/dev/random" "cipher=aes-xts-plain64,size=512,discard,loud,tmp=ext4"
+        mkdir -p "${TARGET}/etc/tmpfiles.d"
+        insert_header   "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
+        insert_comments "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
+        cat << 'EOF' >> "${TARGET}/etc/tmpfiles.d/10-tmp.conf"
+d /tmp 1777 root root -
+EOF
        ;;

      *)