msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.544.2025.12.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m9s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-12-05 14:37:45 +01:00
parent 9cd4991957
commit 64117fd3bf
1 changed files with 42 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
View File

@@ -71,16 +71,17 @@ declare -i VAR_ROOTFS_SIZE=$(stat -c%s -- "${ROOTFS}")
# - dm-integrity Overhead (Tags and Journal)
# - Filesystem-Slack
declare -i OVERHEAD_FIXED=$((64 * 1024 * 1024))
declare -i OVERHEAD_PCT=3
declare -i OVERHEAD_PCT=10
declare -i ALIGN_BYTES=$(( 4096 * 1024 ))
declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) ))
declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
declare -i rc=
preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}"
exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
cryptsetup luksFormat \
if cryptsetup luksFormat \
--batch-mode \
--cipher aes-xts-plain64 \
--integrity hmac-sha512 \
@@ -91,11 +92,49 @@ cryptsetup luksFormat \
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 512 \
--sector-size 4096 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [cryptsetup --sector-size 4096 ] successful. \e[0m\n"
else
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup --sector-size 4096 ] failed. Trying [--sector-size 512]. \e[0m\n"
if cryptsetup luksFormat \
--batch-mode \
--cipher aes-xts-plain64 \
--integrity hmac-sha512 \
--iter-time 1000 \
--key-file "/proc/$$/fd/${KEYFD}" \
--key-size 512 \
--label crypt_liveiso \
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 512 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [cryptsetup --sector-size 512 ] successful. \e[0m\n"
else
rc="$?"
exec {KEYFD}<&-
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup --sector-size 512 ] failed. \e[0m\n"
exit "${rc}"
fi
fi
cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso