From 3132c53b8530ceb658349a07987446d4a30d977ecbf7139daa60f100ed285b54 Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Wed, 19 Nov 2025 10:06:35 +0000 Subject: [PATCH] V8.13.440.2025.11.19 Signed-off-by: Marc S. Weidner --- .archive/icon.lib | 91 ++-- .../live/zzzz_ciss_crypt_squash.hook.binary | 20 +- .../hooks/9999_ciss_debian_live_builder.sh | 1 + .../usr/lib/live/boot/0024-ciss-crypt-squash | 3 + .../usr/lib/live/boot/9990-overlay.sh | 487 ++++++++++++++++++ docs/CHANGELOG.md | 1 + lib/lib_run_analysis.sh | 8 +- 7 files changed, 558 insertions(+), 53 deletions(-) create mode 100644 config/includes.chroot/usr/lib/live/boot/9990-overlay.sh diff --git a/.archive/icon.lib b/.archive/icon.lib index a0616c4..d2d467f 100644 --- a/.archive/icon.lib +++ b/.archive/icon.lib @@ -8,56 +8,63 @@ # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu +⏫ +⬆️ +☁️ +☢️ +☣️ +✍️ ✅ ❌ ⚠️ -🚫 -🔐 -🔒 -🔑 -✍️ -🖥️ -⬆️ -⏫ -🔼 -🆙 -🔄 -🔁 -🌌 -🔵 -💙 -🔍 -💡 -🔧 -🛠️ -🏗 +• ⚙️ -📐 -🧪 -📩 -📥 -📤 -📦 -📑 -📂 -📀 +🆙 +🌌 +🌐 🎉 -😺 +🎯 +🏗 +💙 +💡 +💬 +💽 +💾 +💿 +📀 +📁 +📂 +📅 📉 📊 -🧾 📋 -🕑 -🧠 -📅 -🎯 -🌐 -🔗 -💬 -☢️ -☣️ -• -☁️ +📐 +📑 📡 +📤 +📥 +📦 +📩 +🔁 +🔄 +🔍 +🔐 +🔑 +🔒 +🔗 +🔧 +🔵 +🔼 +🕑 +🖥️ +🗂️ +🗄️ +🗜️ +😺 +🚫 +🛠️ 🛡️ +🧠 +🧪 +🧾 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary b/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary index 0b34bd2..6e80636 100644 --- a/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary +++ b/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary @@ -11,6 +11,8 @@ # SPDX-Security-Contact: security@coresecret.eu set -Ceuo pipefail +printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" + __umask=$(umask) umask 0077 @@ -57,26 +59,24 @@ preallocate() { # shellcheck disable=SC2034 readonly -f preallocate -printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}" - declare ROOTFS="${VAR_HANDLER_BUILD_DIR}/binary/live/filesystem.squashfs" declare LUKSFS="${VAR_HANDLER_BUILD_DIR}/binary/live/ciss_rootfs.crypt" declare KEYFD="" # shellcheck disable=SC2155 -declare -i SIZE=$(stat -c%s -- "${ROOTFS}") +declare -gix VAR_ROOTFS_SIZE=$(stat -c%s -- "${ROOTFS}") ### Safety margin: # - LUKS2-Header and Metadata # - dm-integrity Overhead (Tags and Journal) # - Filesystem-Slack -declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024)) -declare -i OVERHEAD_PCT=1.6 -declare -i ALIGN_BYTES=$(( 2048 * 1024 )) -declare -i BASE_SIZE=$(( SIZE + OVERHEAD_FIXED + (SIZE * OVERHEAD_PCT / 100) )) -declare -i LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES )) +declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024)) +declare -i OVERHEAD_PCT=1.6 +declare -i ALIGN_BYTES=$(( 2048 * 1024 )) +declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) )) +declare -gix VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES )) -preallocate "${LUKSFS}" "${LUKSFS_SIZE}" +preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}" exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt" @@ -101,7 +101,7 @@ cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso # shellcheck disable=SC2155 declare -i LUKS_FREE=$(blockdev --getsize64 /dev/mapper/crypt_liveiso) -declare -i SQUASH_FS="${SIZE}" +declare -i SQUASH_FS="${VAR_ROOTFS_SIZE}" if (( LUKS_FREE >= SQUASH_FS )); then diff --git a/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh b/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh index 693d57b..13630d6 100644 --- a/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh +++ b/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh @@ -35,6 +35,7 @@ install -d -m 0755 "${DESTDIR}/usr/bin" install -d -m 0755 "${DESTDIR}/usr/local/bin" install -d -m 0755 "${DESTDIR}/usr/sbin" + ### Include binaries ----------------------------------------------------------------------------------------------------------- for bin in bash blkid busybox dmsetup gpgv losetup lsblk mkpasswd mountpoint sha384sum sha512sum sort timeout tree udevadm whois; do diff --git a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash index 8469aa5..0564f1c 100644 --- a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash +++ b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash @@ -153,6 +153,9 @@ mount --bind "${MNT_MEDIUM}" "${MNT_MEDIUM}" 2>/dev/null || true log "Encrypted squashfs is mounted at: [${MNT_ROOTFS}] (device=/dev/mapper/crypt_liveiso)" +printf "\e[92m[INFO] Encrypted squashfs is mounted at: [%s] (device=/dev/mapper/crypt_liveiso) \n\e[0m" "${MNT_ROOTFS}" +export CISS_ROOT_DEV="/dev/mapper/crypt_liveiso" + printf "\e[92m[INFO] Successfully applied: [/usr/lib/live/boot/0024-ciss-crypt-squash] \n\e[0m" # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh diff --git a/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh b/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh new file mode 100644 index 0000000..5353ef0 --- /dev/null +++ b/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh @@ -0,0 +1,487 @@ +#!/bin/sh +# bashsupport disable=BP5007 +# shellcheck disable=SC2249 +# shellcheck shell=sh + +# SPDX-Version: 3.0 +# SPDX-CreationInfo: 2025-11-12; WEIDNER, Marc S.; +# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git +# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency +# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; +# SPDX-FileType: SOURCE +# SPDX-License-Identifier: GPL-3.0-or-later +# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. +# SPDX-PackageName: CISS.debian.live.builder +# SPDX-Security-Contact: security@coresecret.eu + +### Modified Version of the original file: +### https://salsa.debian.org/live-team/live-boot 'components/9990-overlay.sh' +### Change behavior to mount already opened ciss_rootfs.crypt (0024-ciss-crypt-squash). + +#set -e + +setup_unionfs () +{ + image_directory="${1}" + rootmnt="${2}" + addimage_directory="${3}" + + # --- CISS hook: allow explicit root override -------------------------------------------------------------------------------- + if [ -n "${CISS_ROOT_DEV}" ]; then + + ### Treat a block device as a plain root. + PLAIN_ROOT=1 + image_directory="${CISS_ROOT_DEV}" + + elif [ -n "${CISS_ROOT_DIR}" ]; then + + ### Treat a directory as a plain root. + PLAIN_ROOT=1 + image_directory="${CISS_ROOT_DIR}" + + fi + # ---------------------------------------------------------------------------------------------------------------------------- + + # shellcheck disable=SC2086 + modprobe -q -b ${UNIONTYPE} + + if ! cut -f2 /proc/filesystems | grep -q "^${UNIONTYPE}\$" + then + panic "${UNIONTYPE} not available." + fi + + croot="/run/live/rootfs" + + # Let's just mount the read-only file systems first + rootfslist="" + + if [ -z "${PLAIN_ROOT}" ] + then + # Read image names from ${MODULE}.module if it exists + # shellcheck disable=SC2153 + if [ -e "${image_directory}/filesystem.${MODULE}.module" ] + then + # shellcheck disable=SC2013,SC2086 + for IMAGE in $(cat ${image_directory}/filesystem.${MODULE}.module) + do + image_string="${image_string} ${image_directory}/${IMAGE}" + done + elif [ -e "${image_directory}/${MODULE}.module" ] + then + # shellcheck disable=SC2013,SC2086 + for IMAGE in $(cat ${image_directory}/${MODULE}.module) + do + image_string="${image_string} ${image_directory}/${IMAGE}" + done + else + # ${MODULE}.module does not exist, create a list of images + for FILESYSTEM in squashfs ext2 ext3 ext4 xfs jffs2 dir + do + for IMAGE in "${image_directory}"/*."${FILESYSTEM}" + do + if [ -e "${IMAGE}" ] + then + image_string="${image_string} ${IMAGE}" + fi + done + done + + if [ -n "${addimage_directory}" ] && [ -d "${addimage_directory}" ] + then + for FILESYSTEM in squashfs ext2 ext3 ext4 xfs jffs2 dir + do + for IMAGE in "${addimage_directory}"/*."${FILESYSTEM}" + do + if [ -e "${IMAGE}" ] + then + image_string="${image_string} ${IMAGE}" + fi + done + done + fi + + # Now sort the list + # shellcheck disable=SC2086 + image_string="$(echo ${image_string} | sed -e 's/ /\n/g' | sort )" + fi + + # shellcheck disable=SC2086 + [ -n "${MODULETORAMFILE}" ] && image_string="${image_directory}/$(basename ${MODULETORAMFILE})" + + mkdir -p "${croot}" + + for image in ${image_string} + do + imagename=$(basename "${image}") + + export image devname + maybe_break live-realpremount + log_begin_msg "Running /scripts/live-realpremount" + run_scripts /scripts/live-realpremount + log_end_msg + + if [ -d "${image}" ] + then + # It is a plain directory: do nothing + rootfslist="${image} ${rootfslist}" + elif [ -f "${image}" ] + then + if losetup --help 2>&1 | grep -q -- "-r\b" + then + backdev=$(get_backing_device "${image}" "-r") + else + backdev=$(get_backing_device "${image}") + fi + fstype=$(get_fstype "${backdev}") + + case "${fstype}" in + unknown) + panic "Unknown file system type on ${backdev} (${image})" + ;; + + "") + fstype="${imagename##*.}" + log_warning_msg "Unknown file system type on ${backdev} (${image}), assuming ${fstype}." + ;; + esac + + mpoint=$(trim_path "${croot}/${imagename}") + rootfslist="${mpoint} ${rootfslist}" + mount_options="" + + # Setup dm-verity support if a device has it supported + hash_device="${image}.verity" + # shellcheck disable=SC2086 + if [ -f ${hash_device} ] + then + log_begin_msg "Start parsing dm-verity options for ${image}" + backdev_roothash=$(get_backing_device ${hash_device}) + verity_mount_options="-o verity.hashdevice=${backdev_roothash}" + root_hash=$(get_dm_verity_hash ${imagename} ${DM_VERITY_ROOT_HASH}) + valid_config="true" + case $(mount --version) in + *verity*) + ;; + *) + valid_config="false" + log_warning_msg "mount does not have support for dm-verity. Ignoring mount options" + ;; + esac + if [ -n "${root_hash}" ] + then + verity_mount_options="${verity_mount_options} -o verity.roothash=${root_hash}" + # Check if the root hash is saved on disk + elif [ -f "${image}.roothash" ] + then + verity_mount_options="${verity_mount_options} -o verity.roothashfile=${image}.roothash" + else + valid_config="false" + log_warning_msg "'${image}' has a dm-verity hash table, but no root hash was specified ignoring" + fi + + fec="${image}.fec" + fec_roots="${image}.fec.roots" + if [ -f ${fec} ] && [ -f ${fec_roots} ] + then + backdev_fec=$(get_backing_device ${fec}) + roots=$(cat ${fec_roots}) + verity_mount_options="${verity_mount_options} -o verity.fecdevice=${backdev_fec} -o verity.fecroots=${roots}" + fi + + signature="${image}.roothash.p7s" + if [ -f "${signature}" ] + then + verity_mount_options="${verity_mount_options} -o verity.roothashsig=${signature}" + elif [ "${DM_VERITY_ENFORCE_ROOT_HASH_SIG}" = "true" ] + then + panic "dm-verity signature checking was enforced but no signature could be found for ${image}!" + fi + + + if [ -n "${DM_VERITY_ONCORRUPTION}" ] + then + if is_in_space_sep_list "${DM_VERITY_ONCORRUPTION}" "ignore panic restart" + then + verity_mount_options="${verity_mount_options} -o verity.oncorruption=${DM_VERITY_ONCORRUPTION}" + else + log_warning_msg "For dm-verity on corruption '${DM_VERITY_ONCORRUPTION}' was specified, but only ignore, panic or restart are supported!" + log_warning_msg "Ignoring setting" + fi + fi + if [ "${valid_config}" = "true" ] + then + mount_options="${mount_options} ${verity_mount_options}" + fi + log_end_msg "Finished parsing dm-verity options for ${image}" + fi + + mkdir -p "${mpoint}" + log_begin_msg "Mounting \"${image}\" on \"${mpoint}\" via \"${backdev}\"" + # shellcheck disable=SC2086 + mount -t "${fstype}" -o ro,noatime ${mount_options} "${backdev}" "${mpoint}" || panic "Can not mount ${backdev} (${image}) on ${mpoint}" + log_end_msg + else + log_warning_msg "Could not find image '${image}'. Most likely it is listed in a .module file, perhaps by mistake." + fi + done + else + # We have a plain root system + mkdir -p "${croot}/filesystem" + log_begin_msg "Mounting \"${image_directory}\" on \"${croot}/filesystem\"" + # shellcheck disable=SC2046,SC2312 + mount -t $(get_fstype "${image_directory}") -o ro,noatime "${image_directory}" "${croot}/filesystem" || \ + panic "Can not mount ${image_directory} on ${croot}/filesystem" && \ + rootfslist="${croot}/filesystem ${rootfslist}" + # Probably broken: + # shellcheck disable=SC2086,SC2250 + mount -o bind ${croot}/filesystem $mountpoint + log_end_msg + fi + + # tmpfs file systems + touch /etc/fstab + mkdir -p /run/live/overlay + + # Looking for persistence devices or files + if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ] + then + + if [ -z "${QUICKUSBMODULES}" ] + then + # Load USB modules + # shellcheck disable=SC2012 + num_block=$(ls -l /sys/block | wc -l) + for module in sd_mod uhci-hcd ehci-hcd ohci-hcd usb-storage + do + # shellcheck disable=SC2086 + modprobe -q -b ${module} + done + + udevadm trigger + udevadm settle + + # For some reason, udevsettle does not block in this scenario, + # so we sleep for a little while. + # + # See https://bugs.launchpad.net/ubuntu/+source/casper/+bug/84591 + # shellcheck disable=SC2034 + for timeout in 5 4 3 2 1 + do + sleep 1 + + # shellcheck disable=SC2012,SC2046,SC2086,SC2312 + if [ $(ls -l /sys/block | wc -l) -gt ${num_block} ] + then + break + fi + done + fi + + # shellcheck disable=SC3043 + local whitelistdev + whitelistdev="" + if [ -n "${PERSISTENCE_MEDIA}" ] + then + case "${PERSISTENCE_MEDIA}" in + removable) + whitelistdev="$(removable_dev)" + ;; + + removable-usb) + whitelistdev="$(removable_usb_dev)" + ;; + esac + if [ -z "${whitelistdev}" ] + then + whitelistdev="ignore_all_devices" + fi + fi + + # shellcheck disable=SC2086 + if is_in_comma_sep_list overlay ${PERSISTENCE_METHOD} + then + overlays="${custom_overlay_label}" + fi + + # shellcheck disable=SC3043 + local overlay_devices + overlay_devices="" + if [ "${whitelistdev}" != "ignore_all_devices" ] + then + for media in $(find_persistence_media "${overlays}" "${whitelistdev}") + do + # shellcheck disable=SC2086 + media="$(echo ${media} | tr ":" " ")" + + for overlay_label in ${custom_overlay_label} + do + case ${media} in + ${overlay_label}=*) + device="${media#*=}" + overlay_devices="${overlay_devices} ${device}" + ;; + esac + done + done + fi + elif [ -n "${NFS_COW}" ] && [ -z "${NOPERSISTENCE}" ] + then + # Check if there are any nfs options + # shellcheck disable=SC2086 + if echo ${NFS_COW} | grep -q ',' + then + # shellcheck disable=SC2086 + nfs_cow_opts="-o nolock,$(echo ${NFS_COW}|cut -d, -f2-)" + nfs_cow=$(echo ${NFS_COW}|cut -d, -f1) + else + nfs_cow_opts="-o nolock" + nfs_cow=${NFS_COW} + fi + + if [ -n "${PERSISTENCE_READONLY}" ] + then + nfs_cow_opts="${nfs_cow_opts},nocto,ro" + fi + + mac="$(get_mac)" + if [ -n "${mac}" ] + then + # shellcheck disable=SC2086 + cowdevice=$(echo ${nfs_cow} | sed "s/client_mac_address/${mac}/") + cow_fstype="nfs" + else + panic "unable to determine mac address" + fi + fi + + if [ -z "${cowdevice}" ] + then + cowdevice="tmpfs" + cow_fstype="tmpfs" + cow_mountopt="rw,noatime,mode=755,size=${OVERLAY_SIZE:-50%}" + fi + + if [ -n "${PERSISTENCE_READONLY}" ] && [ "${cowdevice}" != "tmpfs" ] + then + # shellcheck disable=SC2086 + mount -t tmpfs -o rw,noatime,mode=755,size=${OVERLAY_SIZE:-50%} tmpfs "/run/live/overlay" + # shellcheck disable=SC2086 + root_backing="/run/live/persistence/$(basename ${cowdevice})-root" + # shellcheck disable=SC2086 + mkdir -p ${root_backing} + else + root_backing="/run/live/overlay" + fi + + if [ "${cow_fstype}" = "nfs" ] + then + log_begin_msg \ + "Trying nfsmount ${nfs_cow_opts} ${cowdevice} ${root_backing}" + # shellcheck disable=SC2086 + nfsmount ${nfs_cow_opts} ${cowdevice} ${root_backing} || \ + panic "Can not mount ${cowdevice} (n: ${cow_fstype}) on ${root_backing}" + else + # shellcheck disable=SC2086 + mount -t ${cow_fstype} -o ${cow_mountopt} ${cowdevice} ${root_backing} || \ + panic "Can not mount ${cowdevice} (o: ${cow_fstype}) on ${root_backing}" + fi + + # shellcheck disable=SC2086 + rootfscount=$(echo ${rootfslist} |wc -w) + + rootfs=${rootfslist%% } + + if [ -n "${EXPOSED_ROOT}" ] + then + # shellcheck disable=SC2086 + if [ ${rootfscount} -ne 1 ] + then + panic "only one RO file system supported with exposedroot: ${rootfslist}" + fi + + # shellcheck disable=SC2086 + mount -o bind ${rootfs} ${rootmnt} || \ + panic "bind mount of ${rootfs} failed" + + if [ -z "${SKIP_UNION_MOUNTS}" ] + then + cow_dirs='/var/tmp /var/lock /var/run /var/log /var/spool /home /var/lib/live' + else + cow_dirs='' + fi + else + cow_dirs="/" + fi + + for dir in ${cow_dirs}; do + unionmountpoint=$(trim_path "${rootmnt}${dir}") + # shellcheck disable=SC2086 + mkdir -p ${unionmountpoint} + cow_dir=$(trim_path "/run/live/overlay${dir}") + rootfs_dir="${rootfs}${dir}" + # shellcheck disable=SC2086 + mkdir -p ${cow_dir} + if [ -n "${PERSISTENCE_READONLY}" ] && [ "${cowdevice}" != "tmpfs" ] + then + # shellcheck disable=SC2086 + do_union ${unionmountpoint} ${cow_dir} ${root_backing} ${rootfs_dir} + else + # shellcheck disable=SC2086 + do_union ${unionmountpoint} ${cow_dir} ${rootfs_dir} + fi || panic "mount ${UNIONTYPE} on ${unionmountpoint} failed with option ${unionmountopts}" + done + + # Remove persistence depending on boot parameter + Remove_persistence + + # Correct the permissions of /: + chmod 0755 "${rootmnt}" + + # Correct the permission of /tmp: + if [ -d "${rootmnt}/tmp" ] + then + chmod 1777 "${rootmnt}"/tmp + fi + + # Correct the permission of /var/tmp: + if [ -d "${rootmnt}/var/tmp" ] + then + chmod 1777 "${rootmnt}"/var/tmp + fi + + # Adding custom persistence + if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ] + then + # shellcheck disable=SC3043 + local custom_mounts + custom_mounts="/tmp/custom_mounts.list" + # shellcheck disable=SC2086 + rm -f ${custom_mounts} + + # Gather information about custom mounts from devices detected as overlays + # shellcheck disable=SC2086 + get_custom_mounts ${custom_mounts} ${overlay_devices} + + # shellcheck disable=SC2086 + [ -n "${LIVE_BOOT_DEBUG}" ] && cp ${custom_mounts} "/run/live/persistence" + + # Now we do the actual mounting (and symlinking) + # shellcheck disable=SC3043 + local used_overlays + used_overlays="" + # shellcheck disable=SC2086 + used_overlays=$(activate_custom_mounts ${custom_mounts}) + # shellcheck disable=SC2086 + rm -f ${custom_mounts} + + # Close unused overlays (e.g., due to missing $persistence_list) + for overlay in ${overlay_devices} + do + # shellcheck disable=SC2086 + if echo ${used_overlays} | grep -qve "^\(.* \)\?${overlay}\( .*\)\?$" + then + close_persistence_media ${overlay} + fi + done + fi +} diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index e71839c..7f16278 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -13,6 +13,7 @@ include_toc: true # 2. Changelog ## V8.13.440.2025.11.19 +* **Added**: [9990-overlay.sh](../config/includes.chroot/usr/lib/live/boot/9990-overlay.sh) * **Bugfixes**: [0022-ciss-overlay-tmpfs](../config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs) * **Bugfixes**: [0024-ciss-crypt-squash](../config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash) * **Bugfixes**: [0026-ciss-early-sysctl](../config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl) diff --git a/lib/lib_run_analysis.sh b/lib/lib_run_analysis.sh index b14d5da..eaf8385 100644 --- a/lib/lib_run_analysis.sh +++ b/lib/lib_run_analysis.sh @@ -55,6 +55,10 @@ run_analysis() { declare package_count=$(wc -l < "${VAR_PACKAGES_FILE}" 2> /dev/null || echo "nicht gefunden") # shellcheck disable=SC2155 declare squash_cpu_used="$(grep -m1 -oP 'Using \K[0-9]+' "${VAR_BUILD_LOG}")" + # shellcheck disable=SC2153,SC2155 + declare var_rootfs_size="$(awk -v b="${VAR_ROOTFS_SIZE}" 'BEGIN { printf "%.2f", b/1024/1024/1024 }')" + # shellcheck disable=SC2153,SC2155 + declare var_luksfs_size="$(awk -v b="${VAR_LUKSFS_SIZE}" 'BEGIN { printf "%.2f", b/1024/1024/1024 }')" if [[ -f "${VAR_BUILD_LOG}" ]]; then @@ -98,13 +102,15 @@ run_analysis() { printf "\e[92m🧾 === Build summary === \e[0m\n" printf "\e[92m----------------------------------------------------------------------------------------\e[0m\n" printf "\e[97m📦 ISO-File : %s \e[0m\n" "${iso_file}" + printf "\e[97m💾 RootFS-Size : %s \e[0m\n" "${var_rootfs_size}" + printf "\e[97m🔐 LUKSFS-Size : %s \e[0m\n" "${var_luksfs_size}" printf "\e[97m📀 ISO-Size : %s \e[0m\n" "${iso_size_hr}" printf "\e[97m📂 Chroot-Size : %s \e[0m\n" "${chroot_size_hr}" printf "\e[97m📉 Compression-level : %s \e[0m\n" "${compression}" printf "\e[97m📦 Packages : %s \e[0m\n" "${package_count}" printf "\e[97m🕐 Build Time : %s \e[0m\n" "${build_duration}" printf "\e[97m🧠 CPUs for SquashFS : %s \e[0m\n" "${squash_cpu_used}" - printf "\e[97m🔐 SHA256SUM : %s \e[0m\n" "${sha_sum}" + printf "\e[97m✍️ SHA256SUM : %s \e[0m\n" "${sha_sum}" printf "\e[92m----------------------------------------------------------------------------------------\e[0m\n" printf "\e[97m📅 Analysis Time : %s \e[0m\n" "${time}" printf "\e[92m✅ Analysis completed.\e[0m\n"