V8.13.440.2025.11.19

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-11-19 10:06:35 +00:00
parent 0b9f4b94b6
commit 3132c53b85
7 changed files with 558 additions and 53 deletions
--- a/.archive/icon.lib
+++ b/.archive/icon.lib
@@ -8,56 +8,63 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 ⏫
 ⬆️
 ☁️
 ☢️
 ☣️
 ✍️
 ✅
 ❌
 ⚠️
-🚫
+•
 🔐
 🔒
 🔑
 ✍️
 🖥️
 ⬆️
 ⏫
 🔼
 🆙
 🔄
 🔁
 🌌
 🔵
 💙
 🔍
 💡
 🔧
 🛠️
 🏗
 ⚙️
-📐
+🆙
-🧪
+🌌
-📩
+🌐
 📥
 📤
 📦
 📑
 📂
 📀
 🎉
-😺
+🎯
 🏗
 💙
 💡
 💬
 💽
 💾
 💿
 📀
 📁
 📂
 📅
 📉
 📊
 🧾
 📋
-🕑
+📐
-🧠
+📑
 📅
 🎯
 🌐
 🔗
 💬
 ☢️
 ☣️
 •
 ☁️
 📡
 📤
 📥
 📦
 📩
 🔁
 🔄
 🔍
 🔐
 🔑
 🔒
 🔗
 🔧
 🔵
 🔼
 🕑
 🖥️
 🗂️
 🗄️
 🗜️
 😺
 🚫
 🛠️
 🛡️
 🧠
 🧪
 🧾
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
+++ b/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
@@ -11,6 +11,8 @@
 # SPDX-Security-Contact: security@coresecret.eu
 set -Ceuo pipefail
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 __umask=$(umask)
 umask 0077
@@ -57,26 +59,24 @@ preallocate() {
 # shellcheck disable=SC2034
 readonly -f preallocate
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 declare ROOTFS="${VAR_HANDLER_BUILD_DIR}/binary/live/filesystem.squashfs"
 declare LUKSFS="${VAR_HANDLER_BUILD_DIR}/binary/live/ciss_rootfs.crypt"
 declare KEYFD=""
 # shellcheck disable=SC2155
-declare -i SIZE=$(stat -c%s -- "${ROOTFS}")
+declare -gix VAR_ROOTFS_SIZE=$(stat -c%s -- "${ROOTFS}")
 ### Safety margin:
 #   - LUKS2-Header and Metadata
 #   - dm-integrity Overhead (Tags and Journal)
 #   - Filesystem-Slack
-declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024))
+declare -i   OVERHEAD_FIXED=$((64 * 1024 * 1024))
-declare -i OVERHEAD_PCT=1.6
+declare -i   OVERHEAD_PCT=1.6
-declare -i ALIGN_BYTES=$(( 2048 * 1024 ))
+declare -i   ALIGN_BYTES=$(( 2048 * 1024 ))
-declare -i BASE_SIZE=$(( SIZE + OVERHEAD_FIXED + (SIZE * OVERHEAD_PCT / 100) ))
+declare -i   BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) ))
-declare -i LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
+declare -gix VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
-preallocate "${LUKSFS}" "${LUKSFS_SIZE}"
+preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}"
 exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
@@ -101,7 +101,7 @@ cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso
 # shellcheck disable=SC2155
 declare -i LUKS_FREE=$(blockdev --getsize64 /dev/mapper/crypt_liveiso)
-declare -i SQUASH_FS="${SIZE}"
+declare -i SQUASH_FS="${VAR_ROOTFS_SIZE}"
 if (( LUKS_FREE >= SQUASH_FS )); then
--- a/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh
+++ b/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh
@@ -35,6 +35,7 @@ install -d -m 0755  "${DESTDIR}/usr/bin"
 install -d -m 0755  "${DESTDIR}/usr/local/bin"
 install -d -m 0755  "${DESTDIR}/usr/sbin"
 ### Include binaries -----------------------------------------------------------------------------------------------------------
 for bin in bash blkid busybox dmsetup gpgv losetup lsblk mkpasswd mountpoint sha384sum sha512sum sort timeout tree udevadm whois; do
--- a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
+++ b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
@@ -153,6 +153,9 @@ mount --bind "${MNT_MEDIUM}" "${MNT_MEDIUM}" 2>/dev/null || true
 log "Encrypted squashfs is mounted at: [${MNT_ROOTFS}] (device=/dev/mapper/crypt_liveiso)"
 printf "\e[92m[INFO] Encrypted squashfs is mounted at: [%s] (device=/dev/mapper/crypt_liveiso) \n\e[0m" "${MNT_ROOTFS}"
 export CISS_ROOT_DEV="/dev/mapper/crypt_liveiso"
 printf "\e[92m[INFO] Successfully applied: [/usr/lib/live/boot/0024-ciss-crypt-squash] \n\e[0m"
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh
+++ b/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh
@@ -0,0 +1,487 @@
 #!/bin/sh
 # bashsupport disable=BP5007
 # shellcheck disable=SC2249
 # shellcheck shell=sh
 # SPDX-Version: 3.0
 # SPDX-CreationInfo: 2025-11-12; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
 # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
 # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
 # SPDX-FileType: SOURCE
 # SPDX-License-Identifier: GPL-3.0-or-later
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
 ### Modified Version of the original file:
 ### https://salsa.debian.org/live-team/live-boot 'components/9990-overlay.sh'
 ### Change behavior to mount already opened ciss_rootfs.crypt (0024-ciss-crypt-squash).
 #set -e
 setup_unionfs ()
 {
  image_directory="${1}"
  rootmnt="${2}"
  addimage_directory="${3}"
  # --- CISS hook: allow explicit root override --------------------------------------------------------------------------------
  if [ -n "${CISS_ROOT_DEV}" ]; then
    ### Treat a block device as a plain root.
    PLAIN_ROOT=1
    image_directory="${CISS_ROOT_DEV}"
  elif [ -n "${CISS_ROOT_DIR}" ]; then
    ### Treat a directory as a plain root.
    PLAIN_ROOT=1
    image_directory="${CISS_ROOT_DIR}"
  fi
  # ----------------------------------------------------------------------------------------------------------------------------
  # shellcheck disable=SC2086
  modprobe -q -b ${UNIONTYPE}
  if ! cut -f2 /proc/filesystems | grep -q "^${UNIONTYPE}\$"
  then
    panic "${UNIONTYPE} not available."
  fi
  croot="/run/live/rootfs"
  # Let's just mount the read-only file systems first
  rootfslist=""
  if [ -z "${PLAIN_ROOT}" ]
  then
    # Read image names from ${MODULE}.module if it exists
    # shellcheck disable=SC2153
    if [ -e "${image_directory}/filesystem.${MODULE}.module" ]
    then
      # shellcheck disable=SC2013,SC2086
      for IMAGE in $(cat ${image_directory}/filesystem.${MODULE}.module)
      do
        image_string="${image_string} ${image_directory}/${IMAGE}"
      done
    elif [ -e "${image_directory}/${MODULE}.module" ]
    then
      # shellcheck disable=SC2013,SC2086
      for IMAGE in $(cat ${image_directory}/${MODULE}.module)
      do
        image_string="${image_string} ${image_directory}/${IMAGE}"
      done
    else
      # ${MODULE}.module does not exist, create a list of images
      for FILESYSTEM in squashfs ext2 ext3 ext4 xfs jffs2 dir
      do
        for IMAGE in "${image_directory}"/*."${FILESYSTEM}"
        do
          if [ -e "${IMAGE}" ]
          then
            image_string="${image_string} ${IMAGE}"
          fi
        done
      done
      if [ -n "${addimage_directory}" ] && [ -d "${addimage_directory}" ]
      then
        for FILESYSTEM in squashfs ext2 ext3 ext4 xfs jffs2 dir
        do
          for IMAGE in "${addimage_directory}"/*."${FILESYSTEM}"
          do
            if [ -e "${IMAGE}" ]
            then
              image_string="${image_string} ${IMAGE}"
            fi
          done
        done
      fi
      # Now sort the list
      # shellcheck disable=SC2086
      image_string="$(echo ${image_string} | sed -e 's/ /\n/g' | sort )"
    fi
    # shellcheck disable=SC2086
    [ -n "${MODULETORAMFILE}" ] && image_string="${image_directory}/$(basename ${MODULETORAMFILE})"
    mkdir -p "${croot}"
    for image in ${image_string}
    do
      imagename=$(basename "${image}")
      export image devname
      maybe_break live-realpremount
      log_begin_msg "Running /scripts/live-realpremount"
      run_scripts /scripts/live-realpremount
      log_end_msg
      if [ -d "${image}" ]
      then
        # It is a plain directory: do nothing
        rootfslist="${image} ${rootfslist}"
      elif [ -f "${image}" ]
      then
        if losetup --help 2>&1 | grep -q -- "-r\b"
        then
          backdev=$(get_backing_device "${image}" "-r")
        else
          backdev=$(get_backing_device "${image}")
        fi
        fstype=$(get_fstype "${backdev}")
        case "${fstype}" in
          unknown)
            panic "Unknown file system type on ${backdev} (${image})"
            ;;
          "")
            fstype="${imagename##*.}"
            log_warning_msg "Unknown file system type on ${backdev} (${image}), assuming ${fstype}."
            ;;
        esac
        mpoint=$(trim_path "${croot}/${imagename}")
        rootfslist="${mpoint} ${rootfslist}"
        mount_options=""
        # Setup dm-verity support if a device has it supported
        hash_device="${image}.verity"
        # shellcheck disable=SC2086
        if [ -f ${hash_device} ]
        then
          log_begin_msg "Start parsing dm-verity options for ${image}"
          backdev_roothash=$(get_backing_device ${hash_device})
          verity_mount_options="-o verity.hashdevice=${backdev_roothash}"
          root_hash=$(get_dm_verity_hash ${imagename} ${DM_VERITY_ROOT_HASH})
          valid_config="true"
          case $(mount --version) in
            *verity*)
              ;;
            *)
              valid_config="false"
              log_warning_msg "mount does not have support for dm-verity. Ignoring mount options"
              ;;
          esac
          if [ -n "${root_hash}" ]
          then
            verity_mount_options="${verity_mount_options} -o verity.roothash=${root_hash}"
            # Check if the root hash is saved on disk
          elif [ -f "${image}.roothash" ]
          then
            verity_mount_options="${verity_mount_options} -o verity.roothashfile=${image}.roothash"
          else
            valid_config="false"
            log_warning_msg "'${image}' has a dm-verity hash table, but no root hash was specified ignoring"
          fi
          fec="${image}.fec"
          fec_roots="${image}.fec.roots"
          if [ -f ${fec} ] && [ -f ${fec_roots} ]
          then
            backdev_fec=$(get_backing_device ${fec})
            roots=$(cat ${fec_roots})
            verity_mount_options="${verity_mount_options} -o verity.fecdevice=${backdev_fec} -o verity.fecroots=${roots}"
          fi
          signature="${image}.roothash.p7s"
          if [ -f "${signature}" ]
          then
            verity_mount_options="${verity_mount_options} -o verity.roothashsig=${signature}"
          elif [ "${DM_VERITY_ENFORCE_ROOT_HASH_SIG}" = "true" ]
          then
            panic "dm-verity signature checking was enforced but no signature could be found for ${image}!"
          fi
          if [ -n "${DM_VERITY_ONCORRUPTION}" ]
          then
            if is_in_space_sep_list "${DM_VERITY_ONCORRUPTION}" "ignore panic restart"
            then
              verity_mount_options="${verity_mount_options} -o verity.oncorruption=${DM_VERITY_ONCORRUPTION}"
            else
              log_warning_msg "For dm-verity on corruption '${DM_VERITY_ONCORRUPTION}' was specified, but only ignore, panic or restart are supported!"
              log_warning_msg "Ignoring setting"
            fi
          fi
          if [ "${valid_config}" = "true" ]
          then
            mount_options="${mount_options} ${verity_mount_options}"
          fi
          log_end_msg "Finished parsing dm-verity options for ${image}"
        fi
        mkdir -p "${mpoint}"
        log_begin_msg "Mounting \"${image}\" on \"${mpoint}\" via \"${backdev}\""
        # shellcheck disable=SC2086
        mount -t "${fstype}" -o ro,noatime ${mount_options} "${backdev}" "${mpoint}" || panic "Can not mount ${backdev} (${image}) on ${mpoint}"
        log_end_msg
      else
        log_warning_msg "Could not find image '${image}'. Most likely it is listed in a .module file, perhaps by mistake."
      fi
    done
  else
    # We have a plain root system
    mkdir -p "${croot}/filesystem"
    log_begin_msg "Mounting \"${image_directory}\" on \"${croot}/filesystem\""
    # shellcheck disable=SC2046,SC2312
    mount -t $(get_fstype "${image_directory}") -o ro,noatime "${image_directory}" "${croot}/filesystem" || \
      panic "Can not mount ${image_directory} on ${croot}/filesystem" && \
      rootfslist="${croot}/filesystem ${rootfslist}"
    # Probably broken:
    # shellcheck disable=SC2086,SC2250
    mount -o bind ${croot}/filesystem $mountpoint
    log_end_msg
  fi
  # tmpfs file systems
  touch /etc/fstab
  mkdir -p /run/live/overlay
  # Looking for persistence devices or files
  if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ]
  then
    if [ -z "${QUICKUSBMODULES}" ]
    then
      # Load USB modules
      # shellcheck disable=SC2012
      num_block=$(ls -l /sys/block | wc -l)
      for module in sd_mod uhci-hcd ehci-hcd ohci-hcd usb-storage
      do
        # shellcheck disable=SC2086
        modprobe -q -b ${module}
      done
      udevadm trigger
      udevadm settle
      # For some reason, udevsettle does not block in this scenario,
      # so we sleep for a little while.
      #
      # See https://bugs.launchpad.net/ubuntu/+source/casper/+bug/84591
      # shellcheck disable=SC2034
      for timeout in 5 4 3 2 1
      do
        sleep 1
        # shellcheck disable=SC2012,SC2046,SC2086,SC2312
        if [ $(ls -l /sys/block | wc -l) -gt ${num_block} ]
        then
          break
        fi
      done
    fi
    # shellcheck disable=SC3043
    local whitelistdev
    whitelistdev=""
    if [ -n "${PERSISTENCE_MEDIA}" ]
    then
      case "${PERSISTENCE_MEDIA}" in
        removable)
          whitelistdev="$(removable_dev)"
          ;;
        removable-usb)
          whitelistdev="$(removable_usb_dev)"
          ;;
      esac
      if [ -z "${whitelistdev}" ]
      then
        whitelistdev="ignore_all_devices"
      fi
    fi
    # shellcheck disable=SC2086
    if is_in_comma_sep_list overlay ${PERSISTENCE_METHOD}
    then
      overlays="${custom_overlay_label}"
    fi
    # shellcheck disable=SC3043
    local overlay_devices
    overlay_devices=""
    if [ "${whitelistdev}" != "ignore_all_devices" ]
    then
      for media in $(find_persistence_media "${overlays}" "${whitelistdev}")
      do
        # shellcheck disable=SC2086
        media="$(echo ${media} | tr ":" " ")"
        for overlay_label in ${custom_overlay_label}
        do
          case ${media} in
            ${overlay_label}=*)
              device="${media#*=}"
              overlay_devices="${overlay_devices} ${device}"
              ;;
          esac
        done
      done
    fi
  elif [ -n "${NFS_COW}" ] && [ -z "${NOPERSISTENCE}" ]
  then
    # Check if there are any nfs options
    # shellcheck disable=SC2086
    if echo ${NFS_COW} | grep -q ','
    then
      # shellcheck disable=SC2086
      nfs_cow_opts="-o nolock,$(echo ${NFS_COW}|cut -d, -f2-)"
      nfs_cow=$(echo ${NFS_COW}|cut -d, -f1)
    else
      nfs_cow_opts="-o nolock"
      nfs_cow=${NFS_COW}
    fi
    if [ -n "${PERSISTENCE_READONLY}" ]
    then
      nfs_cow_opts="${nfs_cow_opts},nocto,ro"
    fi
    mac="$(get_mac)"
    if [ -n "${mac}" ]
    then
      # shellcheck disable=SC2086
      cowdevice=$(echo ${nfs_cow} | sed "s/client_mac_address/${mac}/")
      cow_fstype="nfs"
    else
      panic "unable to determine mac address"
    fi
  fi
  if [ -z "${cowdevice}" ]
  then
    cowdevice="tmpfs"
    cow_fstype="tmpfs"
    cow_mountopt="rw,noatime,mode=755,size=${OVERLAY_SIZE:-50%}"
  fi
  if [ -n "${PERSISTENCE_READONLY}" ] && [ "${cowdevice}" != "tmpfs" ]
  then
    # shellcheck disable=SC2086
    mount -t tmpfs -o rw,noatime,mode=755,size=${OVERLAY_SIZE:-50%} tmpfs "/run/live/overlay"
    # shellcheck disable=SC2086
    root_backing="/run/live/persistence/$(basename ${cowdevice})-root"
    # shellcheck disable=SC2086
    mkdir -p ${root_backing}
  else
    root_backing="/run/live/overlay"
  fi
  if [ "${cow_fstype}" = "nfs" ]
  then
    log_begin_msg \
      "Trying nfsmount ${nfs_cow_opts} ${cowdevice} ${root_backing}"
    # shellcheck disable=SC2086
    nfsmount ${nfs_cow_opts} ${cowdevice} ${root_backing} || \
      panic "Can not mount ${cowdevice} (n: ${cow_fstype}) on ${root_backing}"
  else
    # shellcheck disable=SC2086
    mount -t ${cow_fstype} -o ${cow_mountopt} ${cowdevice} ${root_backing} || \
      panic "Can not mount ${cowdevice} (o: ${cow_fstype}) on ${root_backing}"
  fi
  # shellcheck disable=SC2086
  rootfscount=$(echo ${rootfslist} |wc -w)
  rootfs=${rootfslist%% }
  if [ -n "${EXPOSED_ROOT}" ]
  then
    # shellcheck disable=SC2086
    if [ ${rootfscount} -ne 1 ]
    then
      panic "only one RO file system supported with exposedroot: ${rootfslist}"
    fi
    # shellcheck disable=SC2086
    mount -o bind ${rootfs} ${rootmnt} || \
      panic "bind mount of ${rootfs} failed"
    if [ -z "${SKIP_UNION_MOUNTS}" ]
    then
      cow_dirs='/var/tmp /var/lock /var/run /var/log /var/spool /home /var/lib/live'
    else
      cow_dirs=''
    fi
  else
    cow_dirs="/"
  fi
  for dir in ${cow_dirs}; do
    unionmountpoint=$(trim_path "${rootmnt}${dir}")
    # shellcheck disable=SC2086
    mkdir -p ${unionmountpoint}
    cow_dir=$(trim_path "/run/live/overlay${dir}")
    rootfs_dir="${rootfs}${dir}"
    # shellcheck disable=SC2086
    mkdir -p ${cow_dir}
    if [ -n "${PERSISTENCE_READONLY}" ] && [ "${cowdevice}" != "tmpfs" ]
    then
      # shellcheck disable=SC2086
      do_union ${unionmountpoint} ${cow_dir} ${root_backing} ${rootfs_dir}
    else
      # shellcheck disable=SC2086
      do_union ${unionmountpoint} ${cow_dir} ${rootfs_dir}
    fi || panic "mount ${UNIONTYPE} on ${unionmountpoint} failed with option ${unionmountopts}"
  done
  # Remove persistence depending on boot parameter
  Remove_persistence
  # Correct the permissions of /:
  chmod 0755 "${rootmnt}"
  # Correct the permission of /tmp:
  if [ -d "${rootmnt}/tmp" ]
  then
    chmod 1777 "${rootmnt}"/tmp
  fi
  # Correct the permission of /var/tmp:
  if [ -d "${rootmnt}/var/tmp" ]
  then
    chmod 1777 "${rootmnt}"/var/tmp
  fi
  # Adding custom persistence
  if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ]
  then
    # shellcheck disable=SC3043
    local custom_mounts
    custom_mounts="/tmp/custom_mounts.list"
    # shellcheck disable=SC2086
    rm -f ${custom_mounts}
    # Gather information about custom mounts from devices detected as overlays
    # shellcheck disable=SC2086
    get_custom_mounts ${custom_mounts} ${overlay_devices}
    # shellcheck disable=SC2086
    [ -n "${LIVE_BOOT_DEBUG}" ] && cp ${custom_mounts} "/run/live/persistence"
    # Now we do the actual mounting (and symlinking)
    # shellcheck disable=SC3043
    local used_overlays
    used_overlays=""
    # shellcheck disable=SC2086
    used_overlays=$(activate_custom_mounts ${custom_mounts})
    # shellcheck disable=SC2086
    rm -f ${custom_mounts}
    # Close unused overlays (e.g., due to missing $persistence_list)
    for overlay in ${overlay_devices}
    do
      # shellcheck disable=SC2086
      if echo ${used_overlays} | grep -qve "^\(.* \)\?${overlay}\( .*\)\?$"
      then
        close_persistence_media ${overlay}
      fi
    done
  fi
 }
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -13,6 +13,7 @@ include_toc: true
 # 2. Changelog
 ## V8.13.440.2025.11.19
 * **Added**: [9990-overlay.sh](../config/includes.chroot/usr/lib/live/boot/9990-overlay.sh)
 * **Bugfixes**: [0022-ciss-overlay-tmpfs](../config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs)
 * **Bugfixes**: [0024-ciss-crypt-squash](../config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash)
 * **Bugfixes**: [0026-ciss-early-sysctl](../config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl)
--- a/lib/lib_run_analysis.sh
+++ b/lib/lib_run_analysis.sh
@@ -55,6 +55,10 @@ run_analysis() {
  declare package_count=$(wc -l < "${VAR_PACKAGES_FILE}" 2> /dev/null || echo "nicht gefunden")
  # shellcheck disable=SC2155
  declare squash_cpu_used="$(grep -m1 -oP 'Using \K[0-9]+' "${VAR_BUILD_LOG}")"
  # shellcheck disable=SC2153,SC2155
  declare var_rootfs_size="$(awk -v b="${VAR_ROOTFS_SIZE}" 'BEGIN { printf "%.2f", b/1024/1024/1024 }')"
  # shellcheck disable=SC2153,SC2155
  declare var_luksfs_size="$(awk -v b="${VAR_LUKSFS_SIZE}" 'BEGIN { printf "%.2f", b/1024/1024/1024 }')"
  if [[ -f "${VAR_BUILD_LOG}" ]]; then
@@ -98,13 +102,15 @@ run_analysis() {
  printf "\e[92m🧾 === Build summary === \e[0m\n"
  printf "\e[92m----------------------------------------------------------------------------------------\e[0m\n"
  printf "\e[97m📦 ISO-File          : %s \e[0m\n" "${iso_file}"
  printf "\e[97m💾 RootFS-Size       : %s \e[0m\n" "${var_rootfs_size}"
  printf "\e[97m🔐 LUKSFS-Size       : %s \e[0m\n" "${var_luksfs_size}"
  printf "\e[97m📀 ISO-Size          : %s \e[0m\n" "${iso_size_hr}"
  printf "\e[97m📂 Chroot-Size       : %s \e[0m\n" "${chroot_size_hr}"
  printf "\e[97m📉 Compression-level : %s \e[0m\n" "${compression}"
  printf "\e[97m📦 Packages          : %s \e[0m\n" "${package_count}"
  printf "\e[97m🕐 Build Time        : %s \e[0m\n" "${build_duration}"
  printf "\e[97m🧠 CPUs for SquashFS : %s \e[0m\n" "${squash_cpu_used}"
-  printf "\e[97m🔐 SHA256SUM         : %s \e[0m\n" "${sha_sum}"
+  printf "\e[97m✍️ SHA256SUM         : %s \e[0m\n" "${sha_sum}"
  printf "\e[92m----------------------------------------------------------------------------------------\e[0m\n"
  printf "\e[97m📅 Analysis Time     : %s \e[0m\n" "${time}"
  printf "\e[92m✅ Analysis completed.\e[0m\n"