So what you're suggesting is effectively splitting Calamares so it has a system process presumably exposing a DBus API for its client (user) process to call to do privileged operations ?
Aug 10 2019
Aug 3 2019
I've been doing some proof-of-concept work recently but currently cannot experiment with FEC because the Ubuntu kernels aren't being built with FEC enabled. I'm going to chase apw on this one.
What, specifically, is a postinst script intended to deal with? The unconditional use of UMASK=0077 and removing it? Applying it if not already used?
Aug 1 2019
@apt-ghetto As with all ./conf.d/ parsing is in lexical order and in well-behaved packages uses the C locale rather than a regional locale to assure that the evaluation order is predictable.
@apt-ghetto I'd recommend modifying the Calamares bug because it is partially incorrect.
Jul 19 2019
/etc/initramfs-tools/initramfs.conf UMASK=0077 is the correct fix for the user-reading-initrd.img issue.
Jun 27 2019
Adding a link to a very detailed guide to using dm-verity.
Jun 21 2019
If you're going to create a swap *file* then I'd strongly recommend it be the *first* thing done after the root file-system has been created - before any other files have been written to the file-system.
Jun 19 2019
This sounds like something that dm-verity would be ideal for. It is for read-only devices and uses a kernel layer to ensure the block device reads match the hashes.