V8.13.440.2025.11.19

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/hooks/live/zzzz_ciss_crypt_squash.hook.binary

@@ -11,6 +11,8 @@
 # SPDX-Security-Contact: security@coresecret.eu
 set -Ceuo pipefail
 
+printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
+
 __umask=$(umask)
 umask 0077
 
@@ -57,26 +59,24 @@ preallocate() {
 # shellcheck disable=SC2034
 readonly -f preallocate
 
-printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
-
 declare ROOTFS="${VAR_HANDLER_BUILD_DIR}/binary/live/filesystem.squashfs"
 declare LUKSFS="${VAR_HANDLER_BUILD_DIR}/binary/live/ciss_rootfs.crypt"
 declare KEYFD=""
 
 # shellcheck disable=SC2155
-declare -i SIZE=$(stat -c%s -- "${ROOTFS}")
+declare -gix VAR_ROOTFS_SIZE=$(stat -c%s -- "${ROOTFS}")
 
 ### Safety margin:
 #   - LUKS2-Header and Metadata
 #   - dm-integrity Overhead (Tags and Journal)
 #   - Filesystem-Slack
-declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024))
-declare -i OVERHEAD_PCT=1.6
-declare -i ALIGN_BYTES=$(( 2048 * 1024 ))
-declare -i BASE_SIZE=$(( SIZE + OVERHEAD_FIXED + (SIZE * OVERHEAD_PCT / 100) ))
-declare -i LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
+declare -i   OVERHEAD_FIXED=$((64 * 1024 * 1024))
+declare -i   OVERHEAD_PCT=1.6
+declare -i   ALIGN_BYTES=$(( 2048 * 1024 ))
+declare -i   BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) ))
+declare -gix VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
 
-preallocate "${LUKSFS}" "${LUKSFS_SIZE}"
+preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}"
 
 exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
 
@@ -101,7 +101,7 @@ cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso
 
 # shellcheck disable=SC2155
 declare -i LUKS_FREE=$(blockdev --getsize64 /dev/mapper/crypt_liveiso)
-declare -i SQUASH_FS="${SIZE}"
+declare -i SQUASH_FS="${VAR_ROOTFS_SIZE}"
 
 if (( LUKS_FREE >= SQUASH_FS )); then