msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
86c483459a5d7a53816d5ed464805cb8f30a0d2f853b93148b918eef92b36df9
CISS.debian.installer/func/cdi_3200_partitioning/3280_mount_partition.sh
Marc S. Weidner 353568eb69
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m54s
Details
V8.00.000.2025.06.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-10-11 22:14:22 +01:00

393 lines
15 KiB
Bash
Raw Blame History

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu
guard_sourcing
#######################################
# Function to create the mount command, incl. mount path and options, and mount the respective device.
# Globals:
# TARGET
# Arguments:
# 1: MOUNT_PATH
# 2: MOUNT_DEVICE
# 3: MOUNT_OPTIONS
# 4: MOUNT_FILESYSTEM
# Returns:
# 0: on success
# ERR_MOUNTING_DEV: on failure
#######################################
mount_with_dir() {
declare var_mount_path="${1}" var_mount_device="${2}" var_mount_options="${3:-}" var_mount_fs="${4:-}"
declare -a ary_cmd=( mount )
### GPT-UUID conformity (RFC 4122).
if [[ "${var_mount_device}" =~ ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ ]]; then
if [[ -e "/dev/disk/by-uuid/${var_mount_device}" ]]; then
var_mount_device="/dev/disk/by-uuid/${var_mount_device}"
else
do_log "error" "file_only" "3280() GPT-UUID for mount path: '${var_mount_path}' not found by '/dev/disk/by-uuid/${var_mount_device}'."
return "${ERR_MOUNTING_DEV}"
fi
### VFAT-UUID conformity.
elif [[ "${var_mount_device}" =~ ^[0-9A-F]{4}-[0-9A-F]{4}$ ]]; then
if [[ -e "/dev/disk/by-uuid/${var_mount_device}" ]]; then
var_mount_device="/dev/disk/by-uuid/${var_mount_device}"
else
do_log "error" "file_only" "3280() FAT-UUID for mount path: '${var_mount_path}' not found by '/dev/disk/by-uuid/${var_mount_device}'."
return "${ERR_MOUNTING_DEV}"
fi
### Already absolute path.
elif [[ "${var_mount_device}" == /dev/* ]]; then
: ### Do nothing.
### Alternative checks for LABEL and PARTUUID.
else
if [[ -e "/dev/disk/by-label/${var_mount_device}" ]]; then
var_mount_device="/dev/disk/by-label/${var_mount_device}"
elif [[ -e "/dev/disk/by-partuuid/${var_mount_device}" ]]; then
var_mount_device="/dev/disk/by-partuuid/${var_mount_device}"
else
do_log "error" "file_only" "3280() Mount path: '${var_mount_path}' could not be resolved by [UUID, LABEL, DEV, PARTUUID]'."
return "${ERR_MOUNTING_DEV}"
fi
fi
if [[ -z "${var_mount_fs:-}" ]]; then
var_mount_fs=$(blkid -o value -s TYPE "${var_mount_device}" 2>/dev/null || true)
fi
[[ "${var_mount_path}" != "/" ]] && mkdir -p "${TARGET}${var_mount_path}"
### Build the command in an array to keep word boundaries intact.
[[ -n "${var_mount_fs}" ]] && ary_cmd+=( "-t" "${var_mount_fs}" )
[[ -n "${var_mount_options}" ]] && ary_cmd+=( "-o" "${var_mount_options}" )
ary_cmd+=( "${var_mount_device}" "${TARGET%/}${var_mount_path}" )
safe_exec "${ary_cmd[@]}" "${ERR_MOUNTING_DEV}" || return
do_log "debug" "file_only" "3280() [safe_exec ${ary_cmd[*]} ${ERR_MOUNTING_DEV}]."
do_log "info" "file_only" "3280() Mounted: '${var_mount_device}' on: '${TARGET}${var_mount_path}' Options='${var_mount_options}'."
return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f mount_with_dir
#######################################
# Device Path Resolver.
# Outputs '/dev/mapper/<encryption_label>'
# Outputs '/dev/<dev><partition>'
# Globals:
# None
# Arguments:
# 1: Device
# 2: Partition
# 3: Boolean Encryption
# 4: Encryption Label
# Returns:
# 0: on success
#######################################
resolve_device() {
declare local_var_dev="$1" local_var_partition="$2" local_var_enc_boolean="$3" local_var_enc_label="$4"
if [[ "${local_var_enc_boolean,,}" == "true" ]]; then
printf '/dev/mapper/%s' "${local_var_enc_label}"
else
printf '/dev/%s%s' "${local_var_dev}" "${local_var_partition}"
fi
return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f resolve_device
#######################################
# Validates btrfs compression algo and level.
# Globals:
# None
# Arguments:
# 1: var_fs_btrfs_compress
# 2: var_fs_btrfs_level
# Returns:
# 0: Valid combination.
# ERR_BTRFS_OPTION: on failure
#######################################
validate_btrfs_compression() {
declare var_algo="$1" var_level="$2"
case "${var_algo}:${var_level}" in
zstd:|zstd:[0-9]|zstd:1[0-9]|zstd:2[0-2]|lzo:) return 0 ;;
*) do_log "error" "file_only" "3280() Invalid btrfs compression: '${var_algo}:${var_level}'"; return "${ERR_BTRFS_OPTION}" ;;
esac
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f validate_btrfs_compression
#######################################
# Function for mounting all partitions for debootstrap, including the generation of btrfs subvolumes.
# Globals:
# ARY_CRYPT_MOUNT_PATHS
# ARY_PATHS_SORTED
# DIR_LOG
# HMP_FSTAB_MOUNT_OPTS
# HMP_PATH_DEV_PART
# HMP_PATH_FSUUID
# HMP_PATH_PARTUUID
# NL
# TARGET
# VAR_RECIPE_STRING
# VAR_SAFE_MNT_BASE
# VAR_SETUP_PART
# Arguments:
# None
# Returns:
# 0: on success
# ERR_BTRFS_INITPH: on failure
# ERR_BTRFS_OPTION: on failure
# ERR_BTRFS_SUBVOL: on failure
# ERR_MOUNTING_DEV: on failure
#######################################
mount_partition() {
### Declare Arrays, HashMaps, and Variables.
# shellcheck disable=SC2034
declare -Ag HMP_FSTAB_MOUNT_OPTS # Used in: 4200() - [Mount Path:Mount Options].
declare var_mount_path="" var_dev_part="" var_dev="" var_btrfs_options="" \
var_encryption_label="" var_fs_btrfs_compress="" var_fs_btrfs_level="" var_fs_btrfs_snapshot="" \
var_fs_btrfs_subvolume="" var_fs_version="" var_mount_options="" var_mount_optsnap="" var_mount_path="" \
var_snapshot="" var_fs_uuid="" var_partuuid=""
declare -a ary_cmd=() ary_cmd_mount=()
for var_mount_path in "${ARY_PATHS_SORTED[@]}"; do
### Initialize Arrays and Variables
ary_cmd=(); ary_cmd_mount=(); var_btrfs_options=""
### Generates physical device location.
var_dev_part="${HMP_PATH_DEV_PART["${var_mount_path}"]}"
var_dev="${var_dev_part//./}"
### Extract parameters from YAML.
var_fs_btrfs_compress=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.filesystem.btrfs.compress" "${VAR_SETUP_PART}")
var_fs_btrfs_level=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.filesystem.btrfs.level" "${VAR_SETUP_PART}")
var_fs_btrfs_snapshot=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.filesystem.btrfs.snapshot" "${VAR_SETUP_PART}")
var_fs_version=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.filesystem.version" "${VAR_SETUP_PART}")
var_mount_options=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.mount.options" "${VAR_SETUP_PART}")
var_mount_optsnap=$(yq_val ".recipe.${VAR_RECIPE_STRING}.dev.${var_dev_part}.mount.optsnap" "${VAR_SETUP_PART}")
if [[ "${ARY_CRYPT_MOUNT_PATHS[*]}" == *"${var_mount_path}"* ]]; then
var_encryption_label=$(get_label "${var_mount_path}" "${var_fs_version}" "luks")
fi
### Mounting of Ephemeral 'SWAP' and '/tmp' as per https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption#UUID_and_LABEL
if [[ "${var_mount_path,,}" == "swap" ]]; then
var_partuuid="${HMP_PATH_PARTUUID["${var_mount_path}"]}"
### Gathering information for '/etc/fstab'-generation in 4040().
HMP_FSTAB_MOUNT_OPTS["SWAP"]="${var_mount_options}"
cryptsetup open --type plain \
--key-file /dev/urandom \
--cipher aes-xts-plain64 --key-size 512 \
"/dev/disk/by-partuuid/${var_partuuid}" "${var_encryption_label}"
mkswap "/dev/mapper/${var_encryption_label}"
do_log "debug" "file_only" "3280() [mkswap /dev/mapper/${var_encryption_label}]."
swapon "/dev/mapper/${var_encryption_label}"
do_log "debug" "file_only" "3280() [swapon /dev/mapper/${var_encryption_label}]."
do_log "info" "file_only" "3280() Mounted: '${var_mount_path}' on: '/dev/mapper/${var_encryption_label}'."
### Ephemeral 'SWAP' finally mounted. Skip all other steps.
continue
elif [[ "${var_mount_path,,}" == "/tmp" ]]; then
var_partuuid="${HMP_PATH_PARTUUID["${var_mount_path}"]}"
cryptsetup open --type plain \
--key-file /dev/urandom \
--cipher aes-xts-plain64 --key-size 512 \
"/dev/disk/by-partuuid/${var_partuuid}" "${var_encryption_label}"
mkdir -p "${TARGET}/tmp"
safe_exec mkfs.ext4 -E lazy_itable_init=1,lazy_journal_init=1 "/dev/mapper/${var_encryption_label}" "${ERR_MOUNTING_DEV}" || return "${ERR_MOUNTING_DEV}"
### Gathering information for '/etc/fstab'-generation in 4040().
HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]="${var_mount_options}"
### Build the command in an array to keep word boundaries intact
ary_cmd=( mount )
ary_cmd+=( "/dev/mapper/${var_encryption_label}" "${TARGET}${var_mount_path}" )
safe_exec "${ary_cmd[@]}" "${ERR_MOUNTING_DEV}" || return "${ERR_MOUNTING_DEV}"
do_log "info" "file_only" "3280() Mounted: '${var_mount_path}' on: '/dev/mapper/${var_encryption_label}'."
### Ephemeral '/tmp' finally mounted. Skip all other steps.
continue
fi
var_fs_uuid="${HMP_PATH_FSUUID["${var_mount_path}"]}"
if [[ "${var_fs_version,,}" == "btrfs" ]]; then
var_fs_btrfs_subvolume=$(get_label "${var_mount_path}" "${var_fs_version}" "sub")
### Mount toplevel (subvolid=0) without extra options.
ary_cmd_mount=( mount -o "subvolid=0" "/dev/disk/by-uuid/${var_fs_uuid}" "${VAR_SAFE_MNT_BASE}" )
safe_exec "${ary_cmd_mount[@]}" "${ERR_BTRFS_INITPH}" || return "${ERR_BTRFS_INITPH}"
btrfs subvolume create "${VAR_SAFE_MNT_BASE}/${var_fs_btrfs_subvolume}"
do_log "debug" "file_only" "3280() [btrfs subvolume create ${VAR_SAFE_MNT_BASE}/${var_fs_btrfs_subvolume}]."
do_log "info" "file_only" "3280() btrfs subvolid=0 created: '${var_mount_path}' on: '/dev/disk/by-uuid/${var_fs_uuid}'."
if [[ "${var_fs_btrfs_snapshot}" == "true" ]]; then
var_snapshot=$(get_label "${var_mount_path}" "${var_fs_version}" "snap")
btrfs subvolume create "${VAR_SAFE_MNT_BASE}/${var_snapshot}" || return "${ERR_BTRFS_SUBVOL}"
do_log "debug" "file_only" "3280() [btrfs subvolume create ${VAR_SAFE_MNT_BASE}/${var_snapshot}]."
do_log "info" "file_only" "3280() btrfs subvolid=${var_snapshot} created: '${var_mount_path}' on: '/dev/disk/by-uuid/${var_fs_uuid}'."
fi
umount "${VAR_SAFE_MNT_BASE}"
do_log "info" "file_only" "3280() btrfs subvolume umount: '${var_mount_path}' on: '/dev/disk/by-uuid/${var_fs_uuid}'."
fi
case "${var_fs_version,,}" in
btrfs)
validate_btrfs_compression "${var_fs_btrfs_compress}" "${var_fs_btrfs_level}" || return "${ERR_BTRFS_OPTION}"
if [[ -n "${var_mount_options}" ]]; then
var_btrfs_options="subvol=${var_fs_btrfs_subvolume},compress=${var_fs_btrfs_compress}:${var_fs_btrfs_level},${var_mount_options}"
else
var_btrfs_options="subvol=${var_fs_btrfs_subvolume},compress=${var_fs_btrfs_compress}:${var_fs_btrfs_level}"
fi
### Gathering information for '/etc/fstab'-generation in 4040().
HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]="${var_btrfs_options}"
do_log "debug" "file_only" "3280() [HMP_FSTAB_MOUNT_OPTS] : '${var_mount_path}' -> '${HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]}'."
mount_with_dir "${var_mount_path}" "${var_fs_uuid}" "${var_btrfs_options}" "btrfs" || return "${ERR_MOUNTING_DEV}"
do_log "info" "file_only" "3280() Mounted: '${var_fs_uuid}' on: '${TARGET}${var_mount_path}' Options='${var_btrfs_options}'."
if [[ "${var_fs_btrfs_snapshot}" == "true" ]]; then
### Preparing "/.snapshot"-directory
mkdir -p "${TARGET}${var_mount_path}/.snapshots"
do_log "info" "file_only" "3280() Created: '${TARGET}${var_mount_path}/.snapshots'."
if [[ -n "${var_mount_optsnap}" ]]; then
var_mount_optsnap+=",subvol=${var_snapshot}"
else
var_mount_optsnap="subvol=${var_snapshot}"
fi
### Gathering information for '/etc/fstab'-generation in 4040().
HMP_FSTAB_MOUNT_OPTS["${var_mount_path}/.snapshots"]="${var_mount_optsnap}"
do_log "debug" "file_only" "3280() [HMP_FSTAB_MOUNT_OPTS] : '${var_mount_path}/.snapshots' -> '${HMP_FSTAB_MOUNT_OPTS["${var_mount_path}/.snapshots"]}'."
mount_with_dir "${var_mount_path}/.snapshots" "${var_fs_uuid}" "${var_mount_optsnap}" "btrfs"
do_log "info" "file_only" "3280() Mounted: '${var_fs_uuid}' on: '${TARGET}${var_mount_path}/.snapshots' Options='${var_mount_optsnap}'."
fi
;;
ext4)
### Gathering information for '/etc/fstab'-generation in 4040().
HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]="${var_mount_options}"
do_log "debug" "file_only" "3280() [HMP_FSTAB_MOUNT_OPTS] : '${var_mount_path}' -> '${HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]}'."
mount_with_dir "${var_mount_path}" "${var_fs_uuid}" "${var_mount_options}" "ext4" || return "${ERR_MOUNTING_DEV}"
do_log "info" "file_only" "3280() Mounted: '${var_fs_uuid}' on: '${TARGET}${var_mount_path}' Options='${var_mount_options}'."
;;
fat32)
### Gathering information for '/etc/fstab'-generation in 4040().
HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]="${var_mount_options}"
do_log "debug" "file_only" "3280() [HMP_FSTAB_MOUNT_OPTS] : '${var_mount_path}' -> '${HMP_FSTAB_MOUNT_OPTS["${var_mount_path}"]}'."
mount_with_dir "${var_mount_path}" "${var_fs_uuid}" "${var_mount_options}" "vfat" || return "${ERR_MOUNTING_DEV}"
do_log "info" "file_only" "3280() Mounted: '${var_fs_uuid}' on: '${TARGET}${var_mount_path}' Options='${var_mount_options}'."
;;
*)
do_log "info" "file_only" "3280() No valid FS found for: '${var_mount_path}'."
;;
esac
var_dev="${var_dev_part%.*}"
lsblk -o NAME,MAJ:MIN,FSTYPE,FSVER,SIZE,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/3280_${var_dev}_overview.log"
lsblk -o NAME,PARTTYPE,FSTYPE,FSVER,UUID,MOUNTPOINT,PATH "/dev/${var_dev}" >| "${DIR_LOG}/3280_${var_dev}_parttype.log"
{
printf "%b" "${NL}"
lsblk "/dev/${var_dev}"
printf "%b" "${NL}"
lsblk -t "/dev/${var_dev}"
} >> "${DIR_LOG}/3280_${var_dev}_overview.log"
done
guard_dir && return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f mount_partition
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink