V8.13.440.2025.11.19

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-11-23 16:07:43 +00:00
parent 01e8d9ef24
commit 5e794b983a
2 changed files with 20 additions and 14 deletions
--- a/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
+++ b/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
@@ -39,7 +39,7 @@ mkdir -p -m 0700 "${OVERLAY_BASE}"

 ### Mount dedicated tmpfs with strict flags; 'noexec' here blocks accidental execs from the raw tmpfs path. --------------------
 mount -t tmpfs -o "size=${CDLB_OVERLAY_TMPFS_SIZE},mode=0700,nosuid,nodev,noexec" tmpfs "${OVERLAY_BASE}"
-printf "\e[92m[INFO] mount -t tmpfs -o \"size=%s,mode=0700,nosuid,nodev,noexec\" tmpfs \"%s\" \n\e[0m" "${CDLB_OVERLAY_TMPFS_SIZE}" "${OVERLAY_BASE}"
+printf "\e[92m[INFO] Command              : [mount -t tmpfs -o \"size=%s,mode=0700,nosuid,nodev,noexec\" tmpfs %s] \n\e[0m" "${CDLB_OVERLAY_TMPFS_SIZE}" "${OVERLAY_BASE}"

 ### Prepare upper  /work with tight perms. -------------------------------------------------------------------------------------
 # shellcheck disable=SC2174
--- a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
+++ b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
@@ -43,9 +43,8 @@ ask_pass_console() {
  ### Non-canonical mode, no echo, 1 byte at a time.
  stty -echo -icanon time 0 min 1 </dev/console 2>/dev/null || return 1

-  printf '\e[93m[INFO] Enter LUKS passphrase: \e[0m' > /dev/console
+  printf '\e[93m[INFO] Enter LUKS passphrase: \n\e[0m' > /dev/console

-  nl=$(printf '\n')
  cr=$(printf '\r')
  bs=$(printf '\b')
  del=$(printf '\177')
@@ -55,12 +54,19 @@ ask_pass_console() {
    ### Read exactly one byte from the console.
    c=$(dd bs=1 count=1 2>/dev/null </dev/console)

+    if [ -z "${c}" ]; then
+
+      printf '\n' > /dev/console
+      break
+
+    fi
+
    ### If nothing read (race), loop again.
    [ -z "${c}" ] && continue

    case "${c}" in

-      "${nl}"|"${cr}")
+      "${cr}")
        ### Enter: finish input.
        printf '\n' > /dev/console
        break
@@ -232,8 +238,8 @@ fi
 if ! mountpoint -q "${MNT_MEDIUM}"; then

  log "No live medium mounted, defer to default live-boot path."
-  printf "\e[91m[FATAL] No live medium mounted, defer to default live-boot path. \n\e[0m"
-  exit 0
+  printf "\e[91m[FATAL] Boot failure        : No live medium mounted, defer to default live-boot path. \n\e[0m"
+  exit 42

 fi

@@ -243,8 +249,8 @@ printf "\e[92m[INFO] MNT_MEDIUM           : [%s] \n\e[0m" "${MNT_MEDIUM}"
 if [ ! -f "${MNT_MEDIUM}${CDLB_LUKS_FS}" ]; then

  log "Encrypted root not found at: [${MNT_MEDIUM}${CDLB_LUKS_FS}]"
-  printf "\e[91m[FATAL] Encrypted root not found at: [%s%s] \n\e[0m" "${MNT_MEDIUM}" "${CDLB_LUKS_FS}"
-  exit 0
+  printf "\e[91m[FATAL] Boot failure        : Encrypted root not found at: [%s%s] \n\e[0m" "${MNT_MEDIUM}" "${CDLB_LUKS_FS}"
+  exit 42

 fi

@@ -275,7 +281,7 @@ fi

 if ! mkfifo /lib/cryptsetup/passfifo 2>/dev/null; then

-  printf "\e[92m[WARN] Failed to create /lib/cryptsetup/passfifo \n\e[0m"
+  printf "\e[92m[WARN] Boot failure         : Failed to create /lib/cryptsetup/passfifo \n\e[0m"
  exit 42

 fi
@@ -305,7 +311,7 @@ chmod 0600 /lib/cryptsetup/passfifo 2>/dev/null || true

    [ -n "${PASS}" ] || continue

-    printf "\e[93m[INFO] LUKS mapper [%s] trying to unlock via cryptsetup ... \n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true
+    printf "\e[93m[INFO] CISS LUKS decryption : LUKS mapper [%s] trying to unlock via cryptsetup ... \n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true

    KEYLEN=${#PASS}

@@ -316,7 +322,7 @@ chmod 0600 /lib/cryptsetup/passfifo 2>/dev/null || true

    if [ -b "${CDLB_MAPPER_DEV}" ]; then

-      printf "\e[92m[INFO] LUKS mapper [%s] successfully opened. \n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true
+      printf "\e[92m[INFO] CISS LUKS decryption : LUKS mapper [%s] successfully opened. \n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true
      break

    fi
@@ -363,7 +369,7 @@ REMAINING="${CDLB_REMOTE_WAIT_SECS}"

 if [ ! -b "${CDLB_MAPPER_DEV}" ]; then

-  printf "\e[93m[INFO] Waiting up to %s seconds for [%s] to be unlocked ... \n\e[0m" "${REMAINING}" "${CDLB_MAPPER_DEV}"
+  printf "\e[93m[INFO] CISS LUKS decryption : Waiting up to %s seconds for [%s] to be unlocked ... \n\e[0m" "${REMAINING}" "${CDLB_MAPPER_DEV}"

 fi

@@ -383,7 +389,7 @@ done

 if [ ! -b "${CDLB_MAPPER_DEV}" ]; then

-  printf "\e[91m[WARN] Timeout: mapper [%s] not present after %s seconds. \n\e[0m" "${CDLB_MAPPER_DEV}" "${CDLB_REMOTE_WAIT_SECS}"
+  printf "\e[91m[WARN] CISS LUKS decryption : Timeout LUKS mapper [%s] not present after %s seconds. \n\e[0m" "${CDLB_MAPPER_DEV}" "${CDLB_REMOTE_WAIT_SECS}"
  kill "${PID_PROMPT}" 2>/dev/null || true
  kill "${PID_BROKER}" 2>/dev/null || true
  rm -f /lib/cryptsetup/passfifo 2>/dev/null || true
@@ -404,7 +410,7 @@ export CISS_ROOT_DEV="${CDLB_MAPPER_DEV}"
 export CISS_ROOT_DIR=""

 log "Decrypted root device exposed at [/run/ciss-rootdev] -> [${CDLB_MAPPER_DEV}]"
-printf "\e[92m[INFO] Decrypted root device exposed at: [/run/ciss-rootdev] -> [%s] \n\e[0m" "${CDLB_MAPPER_DEV}"
+printf "\e[92m[INFO] CISS LUKS decryption : Decrypted root device exposed at: [/run/ciss-rootdev] -> [%s] \n\e[0m" "${CDLB_MAPPER_DEV}"

 ### Final sanity check. --------------------------------------------------------------------------------------------------------
 if [ ! -b "${CDLB_MAPPER_DEV}" ]; then