From 5e794b983a295a47e5b372d989dc8457012a2703b19a9f581b56e7d705e9596b Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Sun, 23 Nov 2025 16:07:43 +0000 Subject: [PATCH] V8.13.440.2025.11.19 Signed-off-by: Marc S. Weidner --- .../usr/lib/live/boot/0022-ciss-overlay-tmpfs | 2 +- .../usr/lib/live/boot/0024-ciss-crypt-squash | 32 +++++++++++-------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs b/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs index 366ebe7..0a60320 100644 --- a/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs +++ b/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs @@ -39,7 +39,7 @@ mkdir -p -m 0700 "${OVERLAY_BASE}" ### Mount dedicated tmpfs with strict flags; 'noexec' here blocks accidental execs from the raw tmpfs path. -------------------- mount -t tmpfs -o "size=${CDLB_OVERLAY_TMPFS_SIZE},mode=0700,nosuid,nodev,noexec" tmpfs "${OVERLAY_BASE}" -printf "\e[92m[INFO] mount -t tmpfs -o \"size=%s,mode=0700,nosuid,nodev,noexec\" tmpfs \"%s\" \n\e[0m" "${CDLB_OVERLAY_TMPFS_SIZE}" "${OVERLAY_BASE}" +printf "\e[92m[INFO] Command : [mount -t tmpfs -o \"size=%s,mode=0700,nosuid,nodev,noexec\" tmpfs %s] \n\e[0m" "${CDLB_OVERLAY_TMPFS_SIZE}" "${OVERLAY_BASE}" ### Prepare upper /work with tight perms. ------------------------------------------------------------------------------------- # shellcheck disable=SC2174 diff --git a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash index fbb0154..c6cd87e 100644 --- a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash +++ b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash @@ -43,9 +43,8 @@ ask_pass_console() { ### Non-canonical mode, no echo, 1 byte at a time. stty -echo -icanon time 0 min 1 /dev/null || return 1 - printf '\e[93m[INFO] Enter LUKS passphrase: \e[0m' > /dev/console + printf '\e[93m[INFO] Enter LUKS passphrase: \n\e[0m' > /dev/console - nl=$(printf '\n') cr=$(printf '\r') bs=$(printf '\b') del=$(printf '\177') @@ -55,12 +54,19 @@ ask_pass_console() { ### Read exactly one byte from the console. c=$(dd bs=1 count=1 2>/dev/null /dev/console + break + + fi + ### If nothing read (race), loop again. [ -z "${c}" ] && continue case "${c}" in - "${nl}"|"${cr}") + "${cr}") ### Enter: finish input. printf '\n' > /dev/console break @@ -232,8 +238,8 @@ fi if ! mountpoint -q "${MNT_MEDIUM}"; then log "No live medium mounted, defer to default live-boot path." - printf "\e[91m[FATAL] No live medium mounted, defer to default live-boot path. \n\e[0m" - exit 0 + printf "\e[91m[FATAL] Boot failure : No live medium mounted, defer to default live-boot path. \n\e[0m" + exit 42 fi @@ -243,8 +249,8 @@ printf "\e[92m[INFO] MNT_MEDIUM : [%s] \n\e[0m" "${MNT_MEDIUM}" if [ ! -f "${MNT_MEDIUM}${CDLB_LUKS_FS}" ]; then log "Encrypted root not found at: [${MNT_MEDIUM}${CDLB_LUKS_FS}]" - printf "\e[91m[FATAL] Encrypted root not found at: [%s%s] \n\e[0m" "${MNT_MEDIUM}" "${CDLB_LUKS_FS}" - exit 0 + printf "\e[91m[FATAL] Boot failure : Encrypted root not found at: [%s%s] \n\e[0m" "${MNT_MEDIUM}" "${CDLB_LUKS_FS}" + exit 42 fi @@ -275,7 +281,7 @@ fi if ! mkfifo /lib/cryptsetup/passfifo 2>/dev/null; then - printf "\e[92m[WARN] Failed to create /lib/cryptsetup/passfifo \n\e[0m" + printf "\e[92m[WARN] Boot failure : Failed to create /lib/cryptsetup/passfifo \n\e[0m" exit 42 fi @@ -305,7 +311,7 @@ chmod 0600 /lib/cryptsetup/passfifo 2>/dev/null || true [ -n "${PASS}" ] || continue - printf "\e[93m[INFO] LUKS mapper [%s] trying to unlock via cryptsetup ... \n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true + printf "\e[93m[INFO] CISS LUKS decryption : LUKS mapper [%s] trying to unlock via cryptsetup ... \n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true KEYLEN=${#PASS} @@ -316,7 +322,7 @@ chmod 0600 /lib/cryptsetup/passfifo 2>/dev/null || true if [ -b "${CDLB_MAPPER_DEV}" ]; then - printf "\e[92m[INFO] LUKS mapper [%s] successfully opened. \n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true + printf "\e[92m[INFO] CISS LUKS decryption : LUKS mapper [%s] successfully opened. \n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true break fi @@ -363,7 +369,7 @@ REMAINING="${CDLB_REMOTE_WAIT_SECS}" if [ ! -b "${CDLB_MAPPER_DEV}" ]; then - printf "\e[93m[INFO] Waiting up to %s seconds for [%s] to be unlocked ... \n\e[0m" "${REMAINING}" "${CDLB_MAPPER_DEV}" + printf "\e[93m[INFO] CISS LUKS decryption : Waiting up to %s seconds for [%s] to be unlocked ... \n\e[0m" "${REMAINING}" "${CDLB_MAPPER_DEV}" fi @@ -383,7 +389,7 @@ done if [ ! -b "${CDLB_MAPPER_DEV}" ]; then - printf "\e[91m[WARN] Timeout: mapper [%s] not present after %s seconds. \n\e[0m" "${CDLB_MAPPER_DEV}" "${CDLB_REMOTE_WAIT_SECS}" + printf "\e[91m[WARN] CISS LUKS decryption : Timeout LUKS mapper [%s] not present after %s seconds. \n\e[0m" "${CDLB_MAPPER_DEV}" "${CDLB_REMOTE_WAIT_SECS}" kill "${PID_PROMPT}" 2>/dev/null || true kill "${PID_BROKER}" 2>/dev/null || true rm -f /lib/cryptsetup/passfifo 2>/dev/null || true @@ -404,7 +410,7 @@ export CISS_ROOT_DEV="${CDLB_MAPPER_DEV}" export CISS_ROOT_DIR="" log "Decrypted root device exposed at [/run/ciss-rootdev] -> [${CDLB_MAPPER_DEV}]" -printf "\e[92m[INFO] Decrypted root device exposed at: [/run/ciss-rootdev] -> [%s] \n\e[0m" "${CDLB_MAPPER_DEV}" +printf "\e[92m[INFO] CISS LUKS decryption : Decrypted root device exposed at: [/run/ciss-rootdev] -> [%s] \n\e[0m" "${CDLB_MAPPER_DEV}" ### Final sanity check. -------------------------------------------------------------------------------------------------------- if [ ! -b "${CDLB_MAPPER_DEV}" ]; then