#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-02-13; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework. # SPDX-PackageName: CISS.2025.hardened.installer # SPDX-Security-Contact: security@coresecret.eu ########################################################################################### # 3.5.2. Functions - installation - partition formatting # ########################################################################################### ########################################################################################### # Function to format the respective partition on each device according to the recipe string chosen. # Globals: # DIR_LOG # MODULE_ERR # MODULE_TXT # RECIPE_DEV_PARTITIONS # RECIPE_STRING # Arguments: # None ########################################################################################### 3_5_2_functions_installation_partition_formating() { declare -g -x MODULE_ERR="3_5_2_functions_installation_partition_formating" declare -g -x MODULE_TXT="Formatting each partition on each device according to recipe" do_show_header "${MODULE_TXT}" ### Reminder ### # Array: "${!RECIPE_DEV_PARTITIONS[@]}" # ${DEVICE}: ${RECIPE_DEV_PARTITIONS[$DEVICE]}" # Declare local variables declare DEV declare NUM_PARTITIONS declare PARTITION # Iterate through each device for DEV in "${!RECIPE_DEV_PARTITIONS[@]}"; do NUM_PARTITIONS=${RECIPE_DEV_PARTITIONS[${DEV}]} # Iterate through each partition of the current device for PARTITION in $(seq 1 "${NUM_PARTITIONS}"); do # Generate vars for current partition declare ENCRYPTION_ENABLE_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_encryption_enable" declare ENCRYPTION_LABEL_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_encryption_label" declare FILESYSTEM_BTRFS_CHECKSUM_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_filesystem_btrfs_checksum" declare FILESYSTEM_BTRFS_COMPRESS_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_filesystem_btrfs_compress" declare FILESYSTEM_BTRFS_DEDUP_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_filesystem_btrfs_dedup" declare FILESYSTEM_FORMAT_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_filesystem_format" declare FILESYSTEM_LABEL_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_filesystem_label" declare FILESYSTEM_OPTIONS_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_filesystem_options" declare FILESYSTEM_VERSION_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_filesystem_version" declare MOUNT_PATH_VAR="recipe_${RECIPE_STRING}_dev_${DEV}_${PARTITION}_mount_path" # Initialize variables declare ENCRYPTION_ENABLE=${!ENCRYPTION_ENABLE_VAR} declare ENCRYPTION_LABEL=${!ENCRYPTION_LABEL_VAR} declare BTRFS_CHECKSUM=${!FILESYSTEM_BTRFS_CHECKSUM_VAR} declare BTRFS_COMPRESS=${!FILESYSTEM_BTRFS_COMPRESS_VAR} declare BTRFS_DEDUP=${!FILESYSTEM_BTRFS_DEDUP_VAR} declare FILESYSTEM_FORMAT=${!FILESYSTEM_FORMAT_VAR} declare FILESYSTEM_LABEL=${!FILESYSTEM_LABEL_VAR} declare FILESYSTEM_OPTIONS=${!FILESYSTEM_OPTIONS_VAR} declare FILESYSTEM_VERSION=${!FILESYSTEM_VERSION_VAR} declare MOUNT_PATH=${!MOUNT_PATH_VAR} # Formatting partition if [[ ${ENCRYPTION_ENABLE,,} == "true" && ${MOUNT_PATH} != "SWAP" && ${MOUNT_PATH} != "/tmp" ]]; then if [[ ${FILESYSTEM_FORMAT,,} == "true" && ${FILESYSTEM_FORMAT} == "btrfs" ]]; then if [[ ${BTRFS_DEDUP,,} == "true" ]]; then mkfs.btrfs -L "${FILESYSTEM_LABEL}" /dev/mapper/"${ENCRYPTION_LABEL}" -f --csum "${BTRFS_CHECKSUM}" -m dup -O compress="${BTRFS_COMPRESS}" do_log "info" "false" "Partition: '/dev/mapper/${ENCRYPTION_LABEL}' formatted: '${FILESYSTEM_VERSION}'." # shellcheck disable=SC2129 echo "Partition: '/dev/mapper/${ENCRYPTION_LABEL}':" >> "${DIR_LOG}"btrfs.log btrfs filesystem show /dev/mapper/"${ENCRYPTION_LABEL}" >> "${DIR_LOG}"btrfs.log echo "" >> "${DIR_LOG}"btrfs.log elif [[ ${BTRFS_DEDUP,,} == "false" ]]; then mkfs.btrfs -L "${FILESYSTEM_LABEL}" /dev/mapper/"${ENCRYPTION_LABEL}" -f --csum "${BTRFS_CHECKSUM}" -O compress="${BTRFS_COMPRESS}" do_log "info" "false" "Partition: '/dev/mapper/${ENCRYPTION_LABEL}' formatted: '${FILESYSTEM_VERSION}'." # shellcheck disable=SC2129 echo "Partition: '/dev/mapper/${ENCRYPTION_LABEL}':" >> "${DIR_LOG}"btrfs.log btrfs filesystem show /dev/mapper/"${ENCRYPTION_LABEL}" >> "${DIR_LOG}"btrfs.log echo "" >> "${DIR_LOG}"btrfs.log else do_log "error" "false" "Partition: '/dev/mapper/${ENCRYPTION_LABEL}': Unsupported deduplication method: '${BTRFS_DEDUP}'." fi elif [[ ${FILESYSTEM_FORMAT,,} == "true" && ${FILESYSTEM_FORMAT} == "ext4" ]]; then mkfs.ext4 -L "${FILESYSTEM_LABEL}" /dev/mapper/"${ENCRYPTION_LABEL}" "${FILESYSTEM_OPTIONS:+ $FILESYSTEM_OPTIONS}" do_log "info" "false" "Partition: '/dev/mapper/${ENCRYPTION_LABEL}' formatted: '${FILESYSTEM_VERSION}'." # shellcheck disable=SC2129 echo "Partition: '/dev/mapper/${ENCRYPTION_LABEL}':" >> "${DIR_LOG}"ext4.log tune2fs -l /dev/mapper/"${ENCRYPTION_LABEL}" >> "${DIR_LOG}"ext4.log echo "" >> "${DIR_LOG}"ext4.log else do_log "error" "false" "Partition: '/dev/mapper/${ENCRYPTION_LABEL}': Unsupported filesystem format: '${FILESYSTEM_FORMAT}'." fi elif [[ ${ENCRYPTION_ENABLE,,} == "false" && ${MOUNT_PATH} != "SWAP" && ${MOUNT_PATH} != "/tmp" ]]; then if [[ ${FILESYSTEM_FORMAT,,} == "true" && ${FILESYSTEM_FORMAT} == "btrfs" ]]; then if [[ ${BTRFS_DEDUP,,} == "true" ]]; then mkfs.btrfs -L "${FILESYSTEM_LABEL}" /dev/"${DEV}""${PARTITION}" -f --csum "${BTRFS_CHECKSUM}" -m dup -O compress="${BTRFS_COMPRESS}" do_log "info" "false" "Partition: '/dev/${DEV}${PARTITION}' formatted: '${FILESYSTEM_VERSION}'." # shellcheck disable=SC2129 echo "Partition: '/dev/${DEV}${PARTITION}':" >> "${DIR_LOG}"btrfs.log btrfs filesystem show /dev/"${DEV}""${PARTITION}" >> "${DIR_LOG}"btrfs.log echo "" >> "${DIR_LOG}"btrfs.log elif [[ ${BTRFS_DEDUP,,} == "false" ]]; then mkfs.btrfs -L "${FILESYSTEM_LABEL}" /dev/"${DEV}""${PARTITION}" -f --csum "${BTRFS_CHECKSUM}" -O compress="${BTRFS_COMPRESS}" do_log "info" "false" "Partition: '/dev/${DEV}${PARTITION}' formatted: '${FILESYSTEM_VERSION}'." # shellcheck disable=SC2129 echo "Partition: '/dev/${DEV}${PARTITION}':" >> "${DIR_LOG}"btrfs.log btrfs filesystem show /dev/"${DEV}""${PARTITION}" >> "${DIR_LOG}"btrfs.log echo "" >> "${DIR_LOG}"btrfs.log else do_log "error" "false" "Partition: '/dev/${DEV}${PARTITION}': Unsupported deduplication method: '${BTRFS_DEDUP}'." fi elif [[ ${FILESYSTEM_FORMAT,,} == "true" && ${FILESYSTEM_FORMAT} == "ext4" ]]; then mkfs.ext4 -L "${FILESYSTEM_LABEL}" /dev/"${DEV}""${PARTITION}" "${FILESYSTEM_OPTIONS:+ $FILESYSTEM_OPTIONS}" do_log "info" "false" "Partition: '/dev/${DEV}${PARTITION}' formatted: '${FILESYSTEM_VERSION}'." # shellcheck disable=SC2129 echo "Partition: '/dev/${DEV}${PARTITION}':" >> "${DIR_LOG}"ext4.log tune2fs -l /dev/"${DEV}""${PARTITION}" >> "${DIR_LOG}"ext4.log echo "" >> "${DIR_LOG}"ext4.log elif [[ ${FILESYSTEM_FORMAT,,} == "true" && ${FILESYSTEM_FORMAT} == "FAT32" ]]; then mkfs.fat -F 32 /dev/"${DEV}""${PARTITION}" do_log "info" "false" "Partition: '/dev/${DEV}${PARTITION}' formatted: '${FILESYSTEM_VERSION}'." else do_log "error" "false" "Partition: '/dev/${DEV}${PARTITION}': Unsupported filesystem format: '${FILESYSTEM_FORMAT}'." fi fi done done do_show_footer } # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh: