msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.544.2025.12.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 57s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-12-05 13:04:54 +01:00
parent 263eed28f5
commit 58a6bd3087
1 changed files with 21 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
View File

@@ -72,24 +72,17 @@ declare -i VAR_ROOTFS_SIZE=$(stat -c%s -- "${ROOTFS}")
# - Filesystem-Slack # - Filesystem-Slack
declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024)) declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024))
declare -i OVERHEAD_PCT=3 declare -i OVERHEAD_PCT=3
declare -i ALIGN_BYTES=$(( 1024 * 1024 )) declare -i ALIGN_BYTES=$(( 4096 * 1024 ))
declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) )) declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) ))
declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES )) declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
declare -i TRY_SIZE="${VAR_LUKSFS_SIZE}" preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}"
declare -i MAX_TRIES=32
declare -i TRY=0
declare CRYPT_RC=0
while (( TRY < MAX_TRIES )); do exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
preallocate "${LUKSFS}" "${TRY_SIZE}" #--sector-size 4096 \
exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt" cryptsetup luksFormat \
# --luks2-keyslots-size 16777216 \
# --luks2-metadata-size 4194304 \
if cryptsetup luksFormat \
--batch-mode \ --batch-mode \
--cipher aes-xts-plain64 \ --cipher aes-xts-plain64 \
--integrity hmac-sha512 \ --integrity hmac-sha512 \
@@ -97,38 +90,14 @@ while (( TRY < MAX_TRIES )); do
--key-file "/proc/$$/fd/${KEYFD}" \ --key-file "/proc/$$/fd/${KEYFD}" \
--key-size 512 \ --key-size 512 \
--label crypt_liveiso \ --label crypt_liveiso \
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \ --pbkdf argon2id \
--sector-size 4096 \
--type luks2 \ --type luks2 \
--use-random \ --use-random \
--verbose \ --verbose \
"${LUKSFS}" "${LUKSFS}"
then
CRYPT_RC=0
exec {KEYFD}<&-
break
else
CRYPT_RC="$?"
fi
exec {KEYFD}<&-
printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup failed for size %s (rc=%s), increasing by %s bytes.] \e[0m\n" "${TRY_SIZE}" "${CRYPT_RC}" "${ALIGN_BYTES}"
TRY_SIZE=$(( TRY_SIZE + ALIGN_BYTES ))
TRY=$(( TRY + 1 ))
done
if (( CRYPT_RC != 0 )); then
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Unable to create LUKS2+integrity container after %s attempts. \e[0m\n" "${TRY}"
exit 42
fi
### At this point TRY_SIZE is the actual size used.
VAR_LUKSFS_SIZE="${TRY_SIZE}"
exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso
# shellcheck disable=SC2155 # shellcheck disable=SC2155