msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.544.2025.12.05
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m7s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-12-05 10:44:43 +01:00
parent 542a9a7802
commit b1ffbdf204
1 changed files with 52 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
config/hooks/live/zzzz_ciss_crypt_squash.hook.binary
View File

@@ -45,12 +45,12 @@ preallocate() {
if dd if=/dev/zero of="${file}" bs="${blocksize}" count="${blockcounter}" status=progress conv=fsync; then
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [dd if=/dev/zero of=%s bs=%s count=%s status=progress conv=fsync ] successful. \e[0m\n" "${file}" "${blocksize}" "${blockcounter}"
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ [dd if=/dev/zero of=%s bs=%s count=%s status=progress conv=fsync] successful. \e[0m\n" "${file}" "${blocksize}" "${blockcounter}"
return 0
else
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [dd if=/dev/zero of=%s bs=%s count=%s status=progress conv=fsync ] NOT successful. \e[0m\n" "${file}" "${blocksize}" "${blockcounter}"
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [dd if=/dev/zero of=%s bs=%s count=%s status=progress conv=fsync] NOT successful. \e[0m\n" "${file}" "${blocksize}" "${blockcounter}"
return 42
fi
@@ -76,27 +76,58 @@ declare -i ALIGN_BYTES=$(( 4096 * 1024 ))
declare -i BASE_SIZE=$(( VAR_ROOTFS_SIZE + OVERHEAD_FIXED + (VAR_ROOTFS_SIZE * OVERHEAD_PCT / 100) ))
declare -i VAR_LUKSFS_SIZE=$(( ( (BASE_SIZE + ALIGN_BYTES - 1) / ALIGN_BYTES ) * ALIGN_BYTES ))
preallocate "${LUKSFS}" "${VAR_LUKSFS_SIZE}"
declare -i TRY_SIZE="${VAR_LUKSFS_SIZE}"
declare -i MAX_TRIES=32
declare -i TRY=0
declare CRYPT_RC=0
while (( TRY < MAX_TRIES )); do
preallocate "${LUKSFS}" "${TRY_SIZE}"
exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
if cryptsetup luksFormat \
--batch-mode \
--cipher aes-xts-plain64 \
--integrity hmac-sha512 \
--iter-time 1000 \
--key-file "/proc/$$/fd/${KEYFD}" \
--key-size 512 \
--label crypt_liveiso \
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 4096 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
then
CRYPT_RC=0
exec {KEYFD}<&-
break
fi
CRYPT_RC="$?"
exec {KEYFD}<&-
printf "\e[93m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ [cryptsetup failed for size %s (rc=%s), increasing by %s bytes.] \e[0m\n" "${TRY_SIZE}" "${CRYPT_RC}" "${ALIGN_BYTES}"
TRY_SIZE=$(( TRY_SIZE + ALIGN_BYTES ))
TRY=$(( TRY + 1 ))
done
if (( CRYPT_RC != 0 )); then
printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Unable to create LUKS2+integrity container after %s attempts. \e[0m\n" "${TRY}"
exit 42
fi
### At this point TRY_SIZE is the actual size used.
VAR_LUKSFS_SIZE="${TRY_SIZE}"
exec {KEYFD}<"${VAR_TMP_SECRET}/luks.txt"
cryptsetup luksFormat \
--batch-mode \
--cipher aes-xts-plain64 \
--integrity hmac-sha512 \
--iter-time 1000 \
--key-file "/proc/$$/fd/${KEYFD}" \
--key-size 512 \
--label crypt_liveiso \
--luks2-keyslots-size 16777216 \
--luks2-metadata-size 4194304 \
--pbkdf argon2id \
--sector-size 4096 \
--type luks2 \
--use-random \
--verbose \
"${LUKSFS}"
cryptsetup open --key-file "/proc/$$/fd/${KEYFD}" "${LUKSFS}" crypt_liveiso
# shellcheck disable=SC2155