From 58a6bd3087f9e2af930317ce21a4d2dff6e988f0c9bd54f8c4843f799be4f1b5 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Fri, 5 Dec 2025 13:04:54 +0100
Subject: [PATCH] V8.13.544.2025.12.05

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 .../live/zzzz_ciss_crypt_squash.hook.binary   | 73 ++++++-------------
 1 file changed, 21 insertions(+), 52 deletions(-)

diff --git a/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary b/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
index f22d97d..13e698a 100644
--- a/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
+++ b/config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
@@ -72,63 +72,32 @@ declare -i VAR_ROOTFS_SIZE=$(stat -c%s -- "${ROOTFS}")
 #   - Filesystem-Slack
 declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024))
 declare -i OVERHEAD_PCT=3
-declare -i ALIGN_BYTES=$(( 1024 * 1024 ))
+declare -i ALIGN_BYTES=$(( 4096 * 1024 ))
 declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) ))
 declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
 
-declare -i TRY_SIZE="${VAR_LUKSFS_SIZE}"
-declare -i MAX_TRIES=32
-declare -i TRY=0
-declare CRYPT_RC=0
-
-while (( TRY < MAX_TRIES )); do
-
-  preallocate "${LUKSFS}" "${TRY_SIZE}"
-
-  exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
-
-  #  --luks2-keyslots-size 16777216 \
-  #  --luks2-metadata-size 4194304 \
-  if cryptsetup luksFormat \
-    --batch-mode \
-    --cipher aes-xts-plain64 \
-    --integrity hmac-sha512 \
-    --iter-time 1000 \
-    --key-file "/proc/$$/fd/${KEYFD}" \
-    --key-size 512 \
-    --label crypt_liveiso \
-    --pbkdf argon2id \
-    --sector-size 4096 \
-    --type luks2 \
-    --use-random \
-    --verbose \
-    "${LUKSFS}"
-  then
-    CRYPT_RC=0
-    exec {KEYFD}<&-
-    break
-  else
-    CRYPT_RC="$?"
-  fi
-
-  exec {KEYFD}<&-
-
-  printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup failed for size %s (rc=%s), increasing by %s bytes.] \e[0m\n" "${TRY_SIZE}" "${CRYPT_RC}" "${ALIGN_BYTES}"
-
-  TRY_SIZE=$(( TRY_SIZE + ALIGN_BYTES ))
-  TRY=$(( TRY + 1 ))
-
-done
-
-if (( CRYPT_RC != 0 )); then
-  printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Unable to create LUKS2+integrity container after %s attempts. \e[0m\n" "${TRY}"
-  exit 42
-fi
-
-### At this point TRY_SIZE is the actual size used.
-VAR_LUKSFS_SIZE="${TRY_SIZE}"
+preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}"
 
 exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
+
+#--sector-size 4096 \
+
+cryptsetup luksFormat \
+  --batch-mode \
+  --cipher aes-xts-plain64 \
+  --integrity hmac-sha512 \
+  --iter-time 1000 \
+  --key-file "/proc/$$/fd/${KEYFD}" \
+  --key-size 512 \
+  --label crypt_liveiso \
+  --luks2-keyslots-size 16777216 \
+  --luks2-metadata-size 4194304 \
+  --pbkdf argon2id \
+  --type luks2 \
+  --use-random \
+  --verbose \
+   "${LUKSFS}"
+
 cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso
 
 # shellcheck disable=SC2155