msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.544.2025.12.05
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m29s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-12-05 15:20:12 +01:00
parent ef562d6ca1
commit 097b204fce
7 changed files with 45 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
View File

@@ -75,37 +75,14 @@ declare -i OVERHEAD_PCT=10
declare -i ALIGN_BYTES=$(( 4096 * 1024 ))
declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) ))
declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
declare -i rc=
preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}"
exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
if cryptsetup luksFormat \
--batch-mode \
--cipher aes-xts-plain64 \
--integrity hmac-sha512 \
--iter-time 1000 \
--key-file "/proc/$$/fd/${KEYFD}" \
--key-size 512 \
--label crypt_liveiso \
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 4096 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
then
if [[ "${VAR_GITEA_RUNNER}" == "false" ]]; then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [cryptsetup --sector-size 4096 ] successful. \e[0m\n"
else
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup --sector-size 4096 ] failed. Trying [--sector-size 512]. \e[0m\n"
if cryptsetup luksFormat \
cryptsetup luksFormat \
--batch-mode \
--cipher aes-xts-plain64 \
--integrity hmac-sha512 \
@@ -116,23 +93,29 @@ else
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 512 \
--sector-size 4096 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [cryptsetup --sector-size 512 ] successful. \e[0m\n"
else
else
rc="$?"
exec {KEYFD}<&-
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup --sector-size 512 ] failed. \e[0m\n"
exit "${rc}"
fi
cryptsetup luksFormat \
--batch-mode \
--cipher aes-xts-plain64 \
--iter-time 1000 \
--key-file "/proc/$$/fd/${KEYFD}" \
--key-size 512 \
--label crypt_liveiso \
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 4096 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
fi
@@ -144,11 +127,11 @@ declare -i SQUASH_FS="${VAR_ROOTFS_SIZE}"
if (( LUKS_FREE >= SQUASH_FS )); then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ LUKS_FREE '%s' >= SQUASH_FS '%s' \e[0m\n" "${LUKS_FREE}" "${SQUASH_FS}"
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ LUKS_FREE '%s' >= SQUASH_FS '%s' \e[0m\n" "${LUKS_FREE}" "${SQUASH_FS}"
else
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ LUKS_FREE '%s' <= SQUASH_FS '%s' \e[0m\n" "${LUKS_FREE}" "${SQUASH_FS}" >&2
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ LUKS_FREE '%s' <= SQUASH_FS '%s' \e[0m\n" "${LUKS_FREE}" "${SQUASH_FS}" >&2
exit 42
fi