Description: <short summary of the patch>
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 live-boot (3.0~a25-1+tails1~5.gbp48d06c) UNRELEASED; urgency=low
 .
   ** SNAPSHOT build @48d06c6c1ef301bb7acac09261faa32263e5919b **
 .
   [ Daniel Baumann ]
   * Updating year in copyright.
 .
   [ Tails developers ]
   * Adding initial work on a custom mounts system.
   * Prevent custom mounting in /live.
   * Optionally symlink files from persistent source instead of mount it.
   * Separate overlay labels for full and custom persistence
   * Remove some temporary custom mount related files after they're used.
   * Handle custom mounts options a bit more beautifully.
   * Continue the correct for-loop so incorrect custom mount is skipped.
   * Refactor union mounting into its own function.
   * Workaround busybox's inability to detect symlinks with [ -e ].
   * Make union mounting more sensible and robust.
   * Ignore empty lines in live.persist
   * Remove the right file
   * Optionally mount custom mounts as unions.
   * Fix mask usage in links_files().
   * Refactor persistent custom mounting from live into live-helpers.
   * Accept using several persistent media with custom-ov label.
   * Use same device backing path as used in other places.
   * Close unused LUKS devices in all cases.
   * Refactor live-boot argument parser from live into live-helpers.
   * Refactor some global variables from live into live-helpers.
   * Refactor find_persistent_media().
   * Add support for probing partitions' GPT name just like filesystem labels.
   * Some minor cleanups.
   * Handle already mounted devices and closing of unused luks devices better.
   * Add backwards compatibility for old labels: live-{rw,sn} and home-rw
   * We don't black list storage devices any more.
   * Check if luks device is already open before trying to open it.
   * Fixup some style issues.
   * Refactor mounting of persistent storage media.
   * Cleanup.
   * Remove two FIXME:s that are not really relevant.
   * Don't allow . or .. in live.persist paths.
   * Use trim_path when we compare paths.
   * Revert "Updating to debhelper version 9."
   * Use single-debian-patch.
   * NMU release of version 3.0~a25-1+tails1~1.gbp8ce17c for Tails.
   * Make handling of LUKS encrypted GPT partitions more sane.
   * Handle list arguments better in get_custom_mounts().
   * Copy ownership/perms from source to rw-branch in read-only mode.
   * Change live.persist syntax to: SOURCE [DEST [OPTIONS...]]
   * Refactor closing of persistent devices upon failure.
   * NMU release of version 3.0~a25-1+tails1~2.gbpe029d2 for Tails.
   * Create the source dir for linkfiles dirs.
   * Fix ownership/perms for created union/linkfiles source dirs.
   * Do not allow mutually exclusive custom mount options.
   * Add a note about a potential, future code simplification.
   * Greatly simplify live.persist syntax to: DIR [OPTIONS...]
   * Make trim_path() handle "/", and arbitrarily many consequituve /:es.
   * Make two custom mounts with nested source directories illegal.
   * NMU release of version 3.0~a25-1+tails1~2.gbpb0a275 for Tails.
   * Improve error message.
   * Remove cow dir contents that are in the way for custom mounts.
   * Also create parents when creating union/linkfiles source directories.
   * NMU release of version 3.0~a25-1+tails1~4.gbp732866 for Tails.
   * Renaming live.persist to live-persistence.conf.
   * Renamling linkfiles option when using persistence to simply link.
Author: Tails developers <tails@boum.org>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: http://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: <YYYY-MM-DD>

--- live-boot-3.0~a25.orig/scripts/live-helpers
+++ live-boot-3.0~a25/scripts/live-helpers
@@ -15,6 +15,406 @@ else
 	udevinfo='udevinfo'
 fi
 
+root_overlay_label="full-ov"
+old_root_overlay_label="live-rw"
+old_home_overlay_label="home-rw"
+custom_overlay_label="custom-ov"
+root_snapshot_label="live-sn"
+old_root_snapshot_label="live-sn"
+home_snapshot_label="home-sn"
+persistence_list="live-persistence.conf"
+
+Arguments ()
+{
+	PRESEEDS=""
+	LOCATIONS=""
+
+	for ARGUMENT in $(cat /proc/cmdline)
+	do
+		case "${ARGUMENT}" in
+			skipconfig)
+				NOACCESSIBILITY="Yes"
+				NOFASTBOOT="Yes"
+				NOFSTAB="Yes"
+				NONETWORKING="Yes"
+
+				export NOACCESSIBILITY NOFASTBOOT NOFSTAB NONETWORKING
+				;;
+
+			access=*)
+				ACCESS="${ARGUMENT#access=}"
+				export ACCESS
+				;;
+
+			console=*)
+				DEFCONSOLE="${ARGUMENT#*=}"
+				export DEFCONSOLE
+				;;
+
+			BOOTIF=*)
+				BOOTIF="${x#BOOTIF=}"
+				;;
+
+			debug)
+				DEBUG="Yes"
+				export DEBUG
+
+				set -x
+				;;
+
+			dhcp)
+				# Force dhcp even while netbooting
+				# Use for debugging in case somebody works on fixing dhclient
+				DHCP="Force";
+				export DHCP
+				;;
+
+			nodhcp)
+				unset DHCP
+				;;
+
+			ethdevice=*)
+				DEVICE="${ARGUMENT#ethdevice=}"
+				ETHDEVICE="${DEVICE}"
+				export DEVICE ETHDEVICE
+				;;
+
+			ethdevice-timeout=*)
+				ETHDEV_TIMEOUT="${ARGUMENT#ethdevice-timeout=}"
+				export ETHDEV_TIMEOUT
+				;;
+
+			fetch=*)
+				FETCH="${ARGUMENT#fetch=}"
+				export FETCH
+				;;
+
+			forcepersistentfsck)
+				FORCEPERSISTENTFSCK="Yes"
+				export FORCEPERSISTENTFSCK
+				;;
+
+			ftpfs=*)
+				FTPFS="${ARGUMENT#ftpfs=}"
+				export FTPFS
+				;;
+
+			httpfs=*)
+				HTTPFS="${ARGUMENT#httpfs=}"
+				export HTTPFS
+				;;
+
+			iscsi=*)
+				ISCSI="${ARGUMENT#iscsi=}"
+				#ip:port - separated by ;
+				ISCSI_PORTAL="${ISCSI%;*}"
+				if echo "${ISCSI_PORTAL}" | grep -q , ; then
+					ISCSI_SERVER="${ISCSI_PORTAL%,*}"
+					ISCSI_PORT="${ISCSI_PORTAL#*,}"
+				fi
+				#target name
+				ISCSI_TARGET="${ISCSI#*;}"
+				export ISCSI ISCSI_PORTAL ISCSI_TARGET ISCSI_SERVER ISCSI_PORT
+				;;
+
+			isofrom=*|fromiso=*)
+				FROMISO="${ARGUMENT#*=}"
+				export FROMISO
+				;;
+
+			ignore_uuid)
+				IGNORE_UUID="Yes"
+				export IGNORE_UUID
+				;;
+
+			integrity-check)
+				INTEGRITY_CHECK="Yes"
+				export INTEGRITY_CHECK
+				;;
+
+			ip=*)
+				STATICIP="${ARGUMENT#ip=}"
+
+				if [ -z "${STATICIP}" ]
+				then
+					STATICIP="frommedia"
+				fi
+
+				export STATICIP
+				;;
+
+			live-getty)
+				LIVE_GETTY="1"
+				export LIVE_GETTY
+				;;
+
+			live-media=*|bootfrom=*)
+				LIVE_MEDIA="${ARGUMENT#*=}"
+				export LIVE_MEDIA
+				;;
+
+			live-media-encryption=*|encryption=*)
+				LIVE_MEDIA_ENCRYPTION="${ARGUMENT#*=}"
+				export LIVE_MEDIA_ENCRYPTION
+				;;
+
+			live-media-offset=*)
+				LIVE_MEDIA_OFFSET="${ARGUMENT#live-media-offset=}"
+				export LIVE_MEDIA_OFFSET
+				;;
+
+			live-media-path=*)
+				LIVE_MEDIA_PATH="${ARGUMENT#live-media-path=}"
+				export LIVE_MEDIA_PATH
+				;;
+
+			live-media-timeout=*)
+				LIVE_MEDIA_TIMEOUT="${ARGUMENT#live-media-timeout=}"
+				export LIVE_MEDIA_TIMEOUT
+				;;
+
+			module=*)
+				MODULE="${ARGUMENT#module=}"
+				export MODULE
+				;;
+
+			netboot=*)
+				NETBOOT="${ARGUMENT#netboot=}"
+				export NETBOOT
+				;;
+
+			nfsopts=*)
+				NFSOPTS="${ARGUMENT#nfsopts=}"
+				export NFSOPTS
+				;;
+
+			nfscow=*)
+				NFS_COW="${ARGUMENT#nfscow=}"
+				export NFS_COW
+				;;
+
+			noaccessibility)
+				NOACCESSIBILITY="Yes"
+				export NOACCESSIBILITY
+				;;
+
+			nofastboot)
+				NOFASTBOOT="Yes"
+				export NOFASTBOOT
+				;;
+
+			nofstab)
+				NOFSTAB="Yes"
+				export NOFSTAB
+				;;
+
+			nonetworking)
+				NONETWORKING="Yes"
+				export NONETWORKING
+				;;
+
+			ramdisk-size=*)
+				ramdisk_size="${ARGUMENT#ramdisk-size=}"
+				;;
+
+			swapon)
+				SWAPON="Yes"
+				export SWAPON
+				;;
+
+			persistent)
+				PERSISTENT="Yes"
+				export PERSISTENT
+				;;
+
+			persistent-encryption=*)
+				PERSISTENT_ENCRYPTION="${ARGUMENT#*=}"
+				export PERSISTENT_ENCRYPTION
+				;;
+
+			persistent-media=*)
+				PERSISTENT_MEDIA="${ARGUMENT#*=}"
+				export PERSISTENT_MEDIA
+				;;
+			persistent-method=*)
+				PERSISTENT_METHOD="${ARGUMENT#*=}"
+				export PERSISTENT_METHOD
+				;;
+
+			persistent-path=*)
+				PERSISTENT_PATH="${ARGUMENT#persistent-path=}"
+				export PERSISTENT_PATH
+				;;
+			persistent-read-only)
+				PERSISTENT_READONLY="Yes"
+				export PERSISTENT_READONLY
+				;;
+
+			persistent-storage=*)
+				PERSISTENT_STORAGE="${ARGUMENT#persistent-storage=}"
+				export PERSISTENT_STORAGE
+				;;
+
+			persistent-subtext=*)
+				root_overlay_label="${root_overlay_label}-${ARGUMENT#persistent-subtext=}"
+				old_root_overlay_label="${old_root_overlay_label}-${ARGUMENT#persistent-subtext=}"
+				old_home_overlay_label="${old_home_overlay_label}-${ARGUMENT#persistent-subtext=}"
+				custom_overlay_label="${custom_overlay_label}-${ARGUMENT#persistent-subtext=}"
+				root_snapshot_label="${root_snapshot_label}-${ARGUMENT#persistent-subtext=}"
+				old_root_snapshot_label="${root_snapshot_label}-${ARGUMENT#persistent-subtext=}"
+				home_snapshot_label="${home_snapshot_label}-${ARGUMENT#persistent-subtext=}"
+				;;
+
+			nopersistent)
+				NOPERSISTENT="Yes"
+				export NOPERSISTENT
+				;;
+
+			noprompt)
+				NOPROMPT="Yes"
+				export NOPROMPT
+				;;
+
+			noprompt=*)
+				NOPROMPT="${ARGUMENT#noprompt=}"
+				export NOPROMPT
+				;;
+
+			quickusbmodules)
+				QUICKUSBMODULES="Yes"
+				export QUICKUSBMODULES
+				;;
+
+			preseed/file=*|file=*)
+				LOCATIONS="${ARGUMENT#*=} ${LOCATIONS}"
+				export LOCATIONS
+				;;
+
+			nopreseed)
+				NOPRESEED="Yes"
+				export NOPRESEED
+				;;
+
+			*/*=*)
+				question="${ARGUMENT%%=*}"
+				value="${ARGUMENT#*=}"
+				PRESEEDS="${PRESEEDS}\"${question}=${value}\" "
+				export PRESEEDS
+				;;
+
+			showmounts)
+				SHOWMOUNTS="Yes"
+				export SHOWMOUNTS
+				;;
+
+			silent)
+				SILENT="Yes"
+				export SILENT
+				;;
+
+			todisk=*)
+				TODISK="${ARGUMENT#todisk=}"
+				export TODISK
+				;;
+
+			toram)
+				TORAM="Yes"
+				export TORAM
+				;;
+
+			toram=*)
+				TORAM="Yes"
+				MODULETORAM="${ARGUMENT#toram=}"
+				export TORAM MODULETORAM
+				;;
+
+			exposedroot)
+				EXPOSED_ROOT="Yes"
+				export EXPOSED_ROOT
+				;;
+
+			plainroot)
+				PLAIN_ROOT="Yes"
+				export PLAIN_ROOT
+				;;
+
+			skipunion)
+				SKIP_UNION_MOUNTS="Yes"
+				export SKIP_UNION_MOUNTS
+				;;
+
+			root=*)
+				ROOT="${ARGUMENT#root=}"
+				export ROOT
+				;;
+
+			union=*)
+				UNIONTYPE="${ARGUMENT#union=}"
+				export UNIONTYPE
+				;;
+		esac
+	done
+
+	# sort of compatibility with netboot.h from linux docs
+	if [ -z "${NETBOOT}" ]
+	then
+		if [ "${ROOT}" = "/dev/nfs" ]
+		then
+			NETBOOT="nfs"
+			export NETBOOT
+		elif [ "${ROOT}" = "/dev/cifs" ]
+		then
+			NETBOOT="cifs"
+			export NETBOOT
+		fi
+	fi
+
+	if [ -z "${MODULE}" ]
+	then
+		MODULE="filesystem"
+		export MODULE
+	fi
+
+	if [ -z "${UNIONTYPE}" ]
+	then
+		UNIONTYPE="aufs"
+		export UNIONTYPE
+	fi
+
+	if [ -z "${PERSISTENT_ENCRYPTION}" ]
+	then
+		PERSISTENT_ENCRYPTION="none"
+		export PERSISTENT_ENCRYPTION
+	elif echo ${PERSISTENT_ENCRYPTION} | grep -qe "\<luks\>"
+	then
+		if ! modprobe dm-crypt
+		then
+			log_warning_msg "Unable to load module dm-crypt"
+			PERSISTENT_ENCRYPTION=$(echo ${PERSISTENT_ENCRYPTION} | sed -e 's/\<luks,\|,\?luks$//g')
+			export PERSISTENT_ENCRYPTION
+		fi
+
+		if [ ! -x /lib/cryptsetup/askpass ] || [ ! -x /sbin/cryptsetup ]
+		then
+			log_warning_msg "cryptsetup in unavailable"
+			PERSISTENT_ENCRYPTION=$(echo ${PERSISTENT_ENCRYPTION} | sed -e 's/\<luks,\|,\?luks$//g')
+			export PERSISTENT_ENCRYPTION
+		fi
+	fi
+
+	if [ -z "${PERSISTENT_METHOD}" ]
+	then
+		PERSISTENT_METHOD="snapshot,overlay"
+		export PERSISTENT_METHOD
+	fi
+
+	if [ -z "${PERSISTENT_STORAGE}" ]
+	then
+		PERSISTENT_STORAGE="filesystem,file"
+		export PERSISTENT_STORAGE
+	fi
+}
+
 sys2dev ()
 {
 	sysdev=${1#/sys}
@@ -114,12 +514,20 @@ get_fstype ()
 where_is_mounted ()
 {
 	device=${1}
+	# return first found
+	grep -m1 "^${device} " /proc/mounts | cut -f2 -d ' '
+}
 
-	if grep -q "^${device} " /proc/mounts
-	then
-		# return the first found
-		grep -m1 "^${device} " /proc/mounts | cut -f2 -d ' '
-	fi
+trim_path () {
+    # remove all unnecessary /:s in the path, including last one (except
+    # if path is just "/")
+    echo ${1} | sed 's|//\+|/|g' | sed 's|^\(.*[^/]\)/$|\1|'
+}
+
+what_is_mounted_on ()
+{
+	local dir="$(trim_path ${1})"
+	grep -m1 "^[^ ]\+ ${dir} " /proc/mounts | cut -d' ' -f1
 }
 
 lastline ()
@@ -311,6 +719,68 @@ try_mount ()
 	fi
 }
 
+mount_persistent_media ()
+{
+	local device=${1}
+	local backing=""
+
+	# We can't mount into ${rootmnt}/live before ${rootmnt} has been
+	# mounted since that would cover our mountpoint.
+	if [ -n "${rootmnt}" ] && [ -z "$(what_is_mounted_on ${rootmnt})" ]
+	then
+		backing="/$(basename ${device})-backing"
+	else
+		backing="${rootmnt}/live/persistent/$(basename ${device})"
+	fi
+
+	mkdir -p "${backing}"
+	local old_backing="$(where_is_mounted ${device})"
+	if [ -z "${old_backing}" ]
+	then
+		local fstype="$(get_fstype ${device})"
+		local mount_opts="rw,noatime"
+		if [ -n "${PERSISTENT_READONLY}" ]
+		then
+			mount_opts="ro,noatime"
+		fi
+		if mount -t "${fstype}" -o "${mount_opts}" "${device}" "${backing}" >/dev/null
+		then
+			echo ${backing}
+			return 0
+		else
+			log_warning_msg "Failed to mount persistent media ${device}"
+			return 1
+		fi
+	elif [ "${backing}" != "${old_backing}" ]
+	then
+		if mount --move ${old_backing} ${backing} >/dev/null
+		then
+			echo ${backing}
+			return 0
+		else
+			log_warning_msg "Failed to move persistent media ${device}"
+			return 1
+		fi
+	fi
+	return 0
+}
+
+close_persistent_media () {
+	local device=${1}
+	local backing="$(where_is_mounted ${device})"
+
+	if [ -d "${backing}" ]
+	then
+		umount "${backing}" >/dev/null 2>&1
+		rmdir "${backing}" >/dev/null 2>&1
+	fi
+
+	if is_active_luks_mapping ${device}
+	then
+		/sbin/cryptsetup luksClose ${device}
+	fi
+}
+
 open_luks_device ()
 {
 	dev="${1}"
@@ -321,6 +791,21 @@ open_luks_device ()
 		opts="${opts} --readonly"
 	fi
 
+	if /sbin/cryptsetup status "${name}" >/dev/null 2>&1
+	then
+		re="^[[:space:]]*device:[[:space:]]*\([^[:space:]]*\)$"
+		opened_dev=$(cryptsetup status ${name} 2>/dev/null | grep "${re}" | sed "s|${re}|\1|")
+		if [ "${opened_dev}" = "${dev}" ]
+		then
+			luks_device="/dev/mapper/${name}"
+			echo ${luks_device}
+			return 0
+		else
+			log_warning_msg "Cannot open luks device ${dev} since ${opened_dev} already is opened with its name"
+			return 1
+		fi
+	fi
+
 	load_keymap
 
 	while true
@@ -346,6 +831,104 @@ open_luks_device ()
 	done
 }
 
+get_gpt_name ()
+{
+    local dev="${1}"
+    /sbin/blkid -s PART_ENTRY_NAME -p -o value ${dev} 2>/dev/null
+}
+
+is_gpt_device ()
+{
+    local dev="${1}"
+    [ "$(/sbin/blkid -s PART_ENTRY_SCHEME -p -o value ${dev} 2>/dev/null)" = "gpt" ]
+}
+
+probe_for_gpt_name ()
+{
+	local overlays="${1}"
+	local snapshots="${2}"
+	local dev="${3}"
+
+	local gpt_dev="${dev}"
+	if is_active_luks_mapping ${dev}
+	then
+		# if $dev is an opened luks device, we need to check
+		# GPT stuff on the backing device
+		gpt_dev=$(get_luks_backing_device "${dev}")
+	fi
+
+	if ! is_gpt_device ${gpt_dev}
+	then
+		return
+	fi
+
+	local gpt_name=$(get_gpt_name ${gpt_dev})
+	for label in ${overlays} ${snapshots}
+	do
+		if [ "${gpt_name}" = "${label}" ]
+		then
+			echo "${label}=${dev}"
+		fi
+	done
+}
+
+probe_for_fs_label ()
+{
+	local overlays="${1}"
+	local snapshots="${2}"
+	local dev="${3}"
+
+	for label in ${overlays} ${snapshots}
+	do
+		if [ "$(/sbin/blkid -s LABEL -o value $dev 2>/dev/null)" = "${label}" ]
+		then
+			echo "${label}=${dev}"
+		fi
+	done
+}
+
+probe_for_file_name ()
+{
+	local overlays="${1}"
+	local snapshots="${2}"
+	local dev="${3}"
+
+	local ret=""
+	local backing="$(mount_persistent_media ${dev})"
+	if [ -z "${backing}" ]
+	then
+	    return
+	fi
+
+	for label in ${overlays}
+	do
+		path=${backing}/${PERSISTENT_PATH}${label}
+		if [ -f "${path}" ]
+		then
+			local loopdev=$(setup_loop "${path}" "loop" "/sys/block/loop*")
+			ret="${ret} ${label}=${loopdev}"
+		fi
+	done
+	for label in ${snapshots}
+	do
+		for ext in squashfs cpio.gz ext2 ext3 ext4 jffs2
+		do
+			path="${PERSISTENT_PATH}${label}.${ext}"
+			if [ -f "${backing}/${path}" ]
+			then
+				ret="${ret} ${label}=${dev}:${backing}:${path}"
+			fi
+		done
+	done
+
+	if [ -n "${ret}" ]
+	then
+		echo ${ret}
+	else
+		umount ${backing} > /dev/null 2>&1 || true
+	fi
+}
+
 find_persistent_media ()
 {
 	# Scans devices for overlays and snapshots, and returns a whitespace
@@ -369,18 +952,22 @@ find_persistent_media ()
 	# ${white_list_devices} is non-empty, only devices in it will be
 	# scanned.
 
-	overlays="${1}"
-	snapshots="${2}"
-	black_listed_devices="${3}"
-	white_listed_devices="${4}"
+	local overlays="${1}"
+	local snapshots="${2}"
+	local white_listed_devices="${3}"
+	local ret=""
 
-	for dev in $(storage_devices "${black_listed_devices}" "${white_listed_devices}")
+	for dev in $(storage_devices "" "${white_listed_devices}")
 	do
-		luks_device=""
+		local result=""
 
-		# Checking for a luks device
+		local luks_device=""
+		# Check if it's a luks device; we'll have to open the device
+		# in order to probe any filesystem it contains, like we do
+		# below. activate_custom_mounts() also depends on that any luks
+		# device already has been opened.
 		if echo ${PERSISTENT_ENCRYPTION} | grep -qe "\<luks\>" && \
-		   /sbin/cryptsetup isLuks ${dev}
+		   is_luks_partition ${dev}
 		then
 			if luks_device=$(open_luks_device "${dev}")
 			then
@@ -395,65 +982,47 @@ find_persistent_media ()
 			continue
 		fi
 
+		# Probe for matching GPT partition names or filesystem labels
 		if echo ${PERSISTENT_STORAGE} | grep -qe "\<filesystem\>"
 		then
-			for label in ${overlays} ${snapshots}
-			do
-				if [ "$(/sbin/blkid -s LABEL -o value $dev 2>/dev/null)" = "${label}" ]
-				then
-					overlays=$(echo ${overlays} | sed -e "s|\<${label}\>||")
-					snapshots=$(echo ${snapshots} | sed -e "s|\<${label}\>||")
-					echo "${label}=${dev}"
-					# skip to the next device
-					continue 2
-				fi
-			done
+			result=$(probe_for_gpt_name "${overlays}" "${snapshots}" ${dev})
+			if [ -n "${result}" ]
+			then
+				ret="${ret} ${result}"
+				continue
+			fi
+
+			result=$(probe_for_fs_label "${overlays}" "${snapshots}" ${dev})
+			if [ -n "${result}" ]
+			then
+				ret="${ret} ${result}"
+				continue
+			fi
 		fi
 
+		# Probe for files with matching name on mounted partition
 		if echo ${PERSISTENT_STORAGE} | grep -qe "\<file\>"
 		then
-			devfstype="$(get_fstype ${dev})"
-			overlay_on_dev=""
-			snapshot_on_dev=""
-			backing="/$(basename ${dev})-backing"
-			mkdir -p "${backing}"
-			if is_supported_fs ${devfstype} && try_mount "${dev}" "${backing}" "rw" "${devfstype}"
+			result=$(probe_for_file_name "${overlays}" "${snapshots}" ${dev})
+			if [ -n "${result}" ]
 			then
-				for label in ${overlays}
-				do
-					path=${backing}/${PERSISTENT_PATH}${label}
-					if [ -f "${path}" ]
-					then
-						overlays=$(echo ${overlays} | sed -e "s|\<${label}\>||")
-						overlay_on_dev="yes"
-						echo "${label}=$(setup_loop "${path}" "loop" "/sys/block/loop*")"
-					fi
-				done
-
-				for label in ${snapshots}
-				do
-					for ext in squashfs cpio.gz ext2 ext3 ext4 jffs2
-					do
-						path="${PERSISTENT_PATH}${label}.${ext}"
-						if [ -f "${backing}/${path}" ]
-						then
-							snapshots=$(echo ${snapshots} | sed -e "s|\<${label}\>||")
-							snapshot_on_dev="yes"
-							echo "${label}=${dev}:${backing}:${path}"
-						fi
-					done
-				done
-			fi
-			if [ -z "${overlay_on_dev}" ]
-			then
-				umount ${backing} > /dev/null 2>&1 || true
-				if [ -z "${snapshot_on_dev}" ] && [ -n "${luks_device}" ] && /sbin/cryptsetup status "${luks_device}" 1> /dev/null
-				then
-					/sbin/cryptsetup luksClose "${luks_device}"
-				fi
+				ret="${ret} ${result}"
+				continue
 			fi
 		fi
+
+		# Close luks device if it isn't used
+		if [ -z "${result}" ] && [ -n "${luks_device}" ] && \
+		   is_active_luks_mapping "${luks_device}"
+		then
+			/sbin/cryptsetup luksClose "${luks_device}"
+		fi
 	done
+
+	if [ -n "${ret}" ]
+	then
+		echo ${ret}
+	fi
 }
 
 get_mac ()
@@ -474,17 +1043,22 @@ get_mac ()
 	echo ${mac}
 }
 
-is_luks()
+is_luks_partition ()
 {
-    devname="${1}"
-    if [ -x /sbin/cryptsetup ]
-    then
-	/sbin/cryptsetup isLuks "${devname}" 2>/dev/null || ret=${?}
-	return ${ret}
-    else
-	return 1
-    fi
+	device="${1}"
+	/sbin/cryptsetup isLuks "${device}" 1>/dev/null 2>&1
+}
+
+is_active_luks_mapping ()
+{
+	device="${1}"
+	/sbin/cryptsetup status "${device}" 1>/dev/null 2>&1
+}
 
+get_luks_backing_device () {
+	device=${1}
+	cryptsetup status ${device} 2> /dev/null | \
+		awk '{if ($1 == "device:") print $2}'
 }
 
 removable_dev ()
@@ -556,3 +1130,415 @@ non_removable_dev ()
 
 	echo "${ret}"
 }
+
+link_files ()
+{
+	# create source's directory structure in dest, and recursively
+	# create symlinks in dest to to all files in source. if mask
+	# is non-empty, remove mask from all source paths when
+	# creating links (will be necessary if we change root, which
+	# live-boot normally does (into $rootmnt)).
+
+	# remove multiple /:s and ensure ending on /
+	local src_dir="$(echo "${1}"/ | sed -e 's|/\+|/|g')"
+	local dest_dir="$(echo "${2}"/ | sed -e 's|/\+|/|g')"
+	local src_mask="${3}"
+
+	# This check can only trigger on the inital, non-recursive call since
+	# we create the destination before recursive calls
+	if [ ! -d "${dest_dir}" ]
+	then
+		log_warning_msg "Must link_files into a directory"
+		return
+	fi
+
+	find "${src_dir}" -mindepth 1 -maxdepth 1 | while read src; do
+		local dest="${dest_dir}$(basename "${src}")"
+		if [ -d "${src}" ]
+		then
+			if [ -z "$(ls -A "${src}")" ]
+			then
+				continue
+			fi
+			if [ ! -d "${dest}" ]
+			then
+				mkdir -p "${dest}"
+				prev="$(dirname "${dest}")"
+				chown --reference "${prev}" "${dest}"
+				chmod --reference "${prev}" "${dest}"
+			fi
+			link_files "${src}" "${dest}" "${src_mask}"
+		else
+			if [ -n "${src_mask}" ]
+			then
+				src="$(echo ${src} | sed "s|^${src_mask}||")"
+			fi
+			rm -rf "${dest}" 2> /dev/null
+			ln -s "${src}" "${dest}"
+		fi
+	done
+}
+
+do_union ()
+{
+	local unionmountpoint="${1}"	# directory where the union is mounted
+	local unionrw="${2}"		# branch where the union changes are stored
+	local unionro1="${3}"		# first underlying read-only branch (optional)
+	local unionro2="${4}"		# second underlying read-only branch (optional)
+
+	if [ "${UNIONTYPE}" = "aufs" ]
+	then
+		rw_opt="rw"
+		ro_opt="rr+wh"
+		noxino_opt="noxino"
+	elif [ "${UNIONTYPE}" = "unionfs-fuse" ]
+	then
+		rw_opt="RW"
+		ro_opt="RO"
+	else
+		rw_opt="rw"
+		ro_opt="ro"
+	fi
+
+	case "${UNIONTYPE}" in
+		unionfs-fuse)
+			unionmountopts="-o cow -o noinitgroups -o default_permissions -o allow_other -o use_ino -o suid"
+			unionmountopts="${unionmountopts} ${unionrw}=${rw_opt}"
+			if [ -n "${unionro1}" ]
+			then
+				unionmountopts="${unionmountopts}:${unionro1}=${ro_opt}"
+			fi
+			if [ -n "${unionro2}" ]
+			then
+				unionmountopts="${unionmountopts}:${unionro2}=${ro_opt}"
+			fi
+			( sysctl -w fs.file-max=391524 ; ulimit -HSn 16384
+			unionfs-fuse ${unionmountopts} "${unionmountpoint}" ) && \
+			( mkdir -p /run/sendsigs.omit.d
+			pidof unionfs-fuse >> /run/sendsigs.omit.d/unionfs-fuse || true )
+			;;
+
+		overlayfs)
+			# XXX: can unionro2 be used? (overlayfs only handles two dirs, but perhaps they can be chained?)
+			# XXX: and can unionro1 be optional? i.e. can overlayfs skip lowerdir?
+			unionmountopts="-o noatime,lowerdir=${unionro1},upperdir=${unionrw}"
+			mount -t ${UNIONTYPE} ${unionmountopts} ${UNIONTYPE} "${unionmountpoint}"
+			;;
+
+		*)
+			unionmountopts="-o noatime,${noxino_opt},dirs=${unionrw}=${rw_opt}"
+			if [ -n "${unionro1}" ]
+			then
+				unionmountopts="${unionmountopts}:${unionro1}=${ro_opt}"
+			fi
+			if [ -n "${unionro2}" ]
+			then
+				unionmountopts="${unionmountopts}:${unionro2}=${ro_opt}"
+			fi
+			mount -t ${UNIONTYPE} ${unionmountopts} ${UNIONTYPE} "${unionmountpoint}"
+			;;
+	esac
+}
+
+get_custom_mounts ()
+{
+	# Side-effect: leaves $devices with live.persist mounted in ${rootmnt}/live/persistent
+	# Side-effect: prints info to file $custom_mounts
+
+	local custom_mounts=${1}
+	shift
+	local devices=${@}
+
+	local bindings="/tmp/bindings.list"
+	local links="/tmp/links.list"
+	rm -rf ${bindings} ${links} 2> /dev/null
+
+	for device in ${devices}
+	do
+		if [ ! -b "${device}" ]
+		then
+			continue
+		fi
+
+		local device_name="$(basename ${device})"
+		local backing=$(mount_persistent_media ${device})
+		if [ -z "${backing}" ]
+		then
+			continue
+		fi
+
+		local include_list="${backing}/${persistence_list}"
+		if [ ! -r "${include_list}" ]
+		then
+			continue
+		fi
+
+		if [ -n "${DEBUG}" ] && [ -e "${include_list}" ]
+		then
+			cp ${include_list} ${rootmnt}/live/persistent/${persistence_list}.${device_name}
+		fi
+
+		while read dir options # < ${include_list}
+		do
+			if echo ${dir} | grep -qe "^[[:space:]]*\(#.*\)\?$"
+			then
+				# skipping empty or commented lines
+				continue
+			fi
+
+			if trim_path ${dir} | grep -q -e "^[^/]" -e "^/$" -e "^/live\(/.*\)\?$" -e "^/\(.*/\)\?\.\.\?\(/.*\)\?$"
+			then
+				log_warning_msg "Skipping unsafe custom mount ${dir}: must be an absolute path containing neither the \".\" nor \"..\" special dirs, and cannot be \"/live\" (or any sub-directory therein) or \"/\" (for the latter, use ${root_overlay_label}-type persistence)"
+				continue
+			fi
+
+			local opt_source=""
+			local opt_linkfiles=""
+			for opt in $(echo ${options} | tr ',' ' ');
+			do
+				case "${opt}" in
+					source=*)
+						opt_source=${opt#source=}
+						;;
+					link)
+						opt_linkfiles="yes"
+						;;
+					union)
+						;;
+					*)
+						log_warning_msg "Skipping custom mount with unkown option: ${opt}"
+						continue 2
+						;;
+				esac
+			done
+
+			local source="${dir}"
+			if [ -n "${opt_source}" ]
+			then
+				if echo ${opt_source} | grep -q -e "^/" -e "^\(.*/\)\?\.\.\?\(/.*\)\?$" && [ "${source}" != "." ]
+				then
+					log_warning_msg "Skipping unsafe custom mount with option source=${opt_source}: must be either \".\" (the media root) or a relative path w.r.t. the media root that contains neither comas, nor the special \".\" and \"..\" path components"
+					continue
+				else
+					source="${opt_source}"
+				fi
+			fi
+
+			local full_source="$(trim_path ${backing}/${source})"
+			local full_dest="$(trim_path ${rootmnt}/${dir})"
+			if [ -n "${opt_linkfiles}" ]
+			then
+				echo "${device} ${full_source} ${full_dest} ${options}" >> ${links}
+			else
+				echo "${device} ${full_source} ${full_dest} ${options}" >> ${bindings}
+			fi
+		done < ${include_list}
+	done
+
+	# We sort the list according to destination so we're sure that
+	# we won't hide a previous mount. We also ignore duplicate
+	# destinations in a more or less arbitrary way.
+	[ -e "${bindings}" ] && sort -k3 -sbu ${bindings} >> ${custom_mounts} && rm ${bindings}
+
+	# After all mounts are considered we add symlinks so they
+	# won't be hidden by some mount.
+	[ -e "${links}" ] && cat ${links} >> ${custom_mounts} && rm ${links}
+
+	# We need to make sure that no two custom mounts have the same sources
+	# or are nested; if that is the case, too much weird stuff can happen.
+	local prev_source="impossible source" # first iteration must not match
+	local prev_dest=""
+	# This sort will ensure that a source /a comes right before a source
+	# /a/b so we only need to look at the previous source
+	sort -k2 -b ${custom_mounts} |
+	while read device source dest options
+	do
+		if echo ${source} | grep -qe "^${prev_source}\(/.*\)\?$"
+		then
+			panic "Two persistent mounts have the same or nested sources: ${source} on ${dest}, and ${prev_source} on ${prev_dest}"
+		fi
+		prev_source=${source}
+		prev_dest=${dest}
+	done
+}
+
+activate_custom_mounts ()
+{
+	local custom_mounts="${1}" # the ouput from get_custom_mounts()
+	local used_devices=""
+
+	while read device source dest options # < ${custom_mounts}
+	do
+		local opt_linkfiles=""
+		local opt_union=""
+		for opt in $(echo ${options} | tr ',' ' ');
+		do
+			case "${opt}" in
+				link)
+					opt_linkfiles="yes"
+					;;
+				union)
+					opt_union="yes"
+					;;
+			esac
+		done
+
+		if [ -n "${opt_linkfiles}" ] && [ -n "${opt_union}" ]
+		then
+			log_warning_msg "Skipping custom mount ${dest} with options ${options}: \"linkfiles\" and \"union\" are mutually exclusive options"
+		fi
+
+		if [ -n "$(what_is_mounted_on "${dest}")" ]
+		then
+			log_warning_msg "Skipping custom mount ${dest}: $(what_is_mounted_on "${dest}") is already mounted there"
+			continue
+		fi
+
+		# FIXME: we don't handle already existing
+		# non-directory files in the paths of both $source and
+		# $dest.
+
+		if [ ! -d "${dest}" ]
+		then
+			# if ${dest} is in /home/$user, try fixing
+			# proper ownership
+			# FIXME: this should really be handled by
+			# live-config since we don't know for sure
+			# which uid a certain user has until then
+			if trim_path ${dest} | grep -qe "^${rootmnt}/*home/[^/]\+"
+			then
+				path="/"
+				for dir in $(echo ${dest} | sed -e 's|/\+| |g')
+				do
+					path=${path}/${dir}
+					if [ ! -e ${path} ]
+					then
+						mkdir -p ${path}
+						# assume that the intended user is the first, which is usually the case
+						chown 1000:1000 ${path}
+					fi
+				done
+			else
+				mkdir -p ${dest}
+			fi
+		fi
+
+		# if ${source} doesn't exist on our persistent media
+		# we bootstrap it with $dest from the live filesystem.
+		# this both makes sense and is critical if we're
+		# dealing with /etc or other system dir.
+		if [ ! -d "${source}" ]
+		then
+			if [ -n "${PERSISTENT_READONLY}" ]
+			then
+				continue
+			elif [ -n "${opt_union}" ] || [ -n "${opt_linkfiles}" ]
+			then
+				# unions and don't need to be bootstrapped
+				# linkfiles dirs can't be bootstrapped in a sensible way
+				mkdir -p "${source}"
+				chown --reference "${dest}" "${source}"
+				chmod --reference "${dest}" "${source}"
+			else
+				# ensure that $dest is not copied *into* $source
+				mkdir -p "$(dirname ${source})"
+				cp -a "${dest}" "${source}"
+			fi
+		fi
+
+		# XXX: If CONFIG_AUFS_ROBR is added to the Debian kernel we can
+		# ignore the loop below and set rofs_dest_backing=$dest
+		rofs_dest_backing=""
+		for d in ${rootmnt}/live/rofs/*
+		do
+			if [ -n "${rootmnt}" ]
+			then
+				rofs_dest_backing="${d}/$(echo ${dest} | sed -e "s|${rootmnt}||")"
+			else
+				rofs_dest_backing="${d}/${dest}"
+			fi
+			if [ -d "${rofs_dest_backing}" ]
+			then
+				break
+			else
+				rofs_dest_backing=""
+			fi
+		done
+
+		if [ -z "${PERSISTENT_READONLY}" ]
+		then
+			if [ -n "${opt_linkfiles}" ]
+			then
+				links_source="${source}"
+				links_dest="${dest}"
+			elif [ -n "${opt_union}" ]
+			then
+				do_union ${dest} ${source} ${rofs_dest_backing}
+			else
+				mount --bind "${source}" "${dest}"
+			fi
+		else
+			if [ -n "${opt_linkfiles}" ]
+			then
+				links_dest="${dest}"
+				dest="$(mktemp -d ${persistent_backing}/links_source-XXXXXX)"
+				links_source="${dest}"
+			fi
+			if [ -n "${rootmnt}" ]
+			then
+				cow_dir="$(echo ${dest} | sed -e "s|${rootmnt}|/cow/|")"
+			else
+				cow_dir="/live/cow/${dest}"
+			fi
+			if [ -e "${cow_dir}" ]
+			then
+				# If an earlier custom mount has files here
+				# it will "block" the current mount's files
+				# which is undesirable
+				rm -rf "${cow_dir}"
+			fi
+			mkdir -p ${cow_dir}
+			chown --reference "${source}" "${cow_dir}"
+			chmod --reference "${source}" "${cow_dir}"
+			do_union ${dest} ${cow_dir} ${source} ${rofs_dest_backing}
+		fi
+
+		if [ -n "${opt_linkfiles}" ]
+		then
+			link_files "${links_source}" "${links_dest}" "${rootmnt}"
+		fi
+
+		PERSISTENCE_IS_ON="1"
+		export PERSISTENCE_IS_ON
+
+		if echo ${used_devices} | grep -qve "^\(.* \)\?${device}\( .*\)\?$"
+		then
+			used_devices="${used_devices} ${device}"
+		fi
+	done < ${custom_mounts}
+
+	echo ${used_devices}
+}
+
+fix_home_rw_compatibility ()
+{
+	local device=${1}
+
+	if [ -n "${PERSISTENT_READONLY}" ]
+	then
+		return
+	fi
+
+	local backing="$(mount_persistent_media ${device})"
+	if [ -z "${backing}" ]
+	then
+		return
+	fi
+
+	local include_list="${backing}/${persistence_list}"
+	if [ ! -r "${include_list}" ]
+	then
+		echo "# home-rw backwards compatibility:
+/home source=." > "${include_list}"
+	fi
+}
--- live-boot-3.0~a25.orig/scripts/live
+++ live-boot-3.0~a25/scripts/live
@@ -11,11 +11,6 @@ mountpoint="/live/image"
 alt_mountpoint="/media"
 LIVE_MEDIA_PATH="live"
 
-root_persistence="live-rw"
-home_persistence="home-rw"
-root_snapshot_label="live-sn"
-home_snapshot_label="home-sn"
-
 USERNAME="user"
 USERFULLNAME="Live user"
 HOSTNAME="host"
@@ -41,394 +36,6 @@ then
 	touch /live.vars
 fi
 
-Arguments ()
-{
-	PRESEEDS=""
-	LOCATIONS=""
-
-	for ARGUMENT in $(cat /proc/cmdline)
-	do
-		case "${ARGUMENT}" in
-			skipconfig)
-				NOACCESSIBILITY="Yes"
-				NOFASTBOOT="Yes"
-				NOFSTAB="Yes"
-				NONETWORKING="Yes"
-
-				export NOACCESSIBILITY NOFASTBOOT NOFSTAB NONETWORKING
-				;;
-
-			access=*)
-				ACCESS="${ARGUMENT#access=}"
-				export ACCESS
-				;;
-
-			console=*)
-				DEFCONSOLE="${ARGUMENT#*=}"
-				export DEFCONSOLE
-				;;
-
-			BOOTIF=*)
-				BOOTIF="${x#BOOTIF=}"
-				;;
-
-			debug)
-				DEBUG="Yes"
-				export DEBUG
-
-				set -x
-				;;
-
-			dhcp)
-				# Force dhcp even while netbooting
-				# Use for debugging in case somebody works on fixing dhclient
-				DHCP="Force";
-				export DHCP
-				;;
-
-			nodhcp)
-				unset DHCP
-				;;
-
-			ethdevice=*)
-				DEVICE="${ARGUMENT#ethdevice=}"
-				ETHDEVICE="${DEVICE}"
-				export DEVICE ETHDEVICE
-				;;
-
-			ethdevice-timeout=*)
-				ETHDEV_TIMEOUT="${ARGUMENT#ethdevice-timeout=}"
-				export ETHDEV_TIMEOUT
-				;;
-
-			fetch=*)
-				FETCH="${ARGUMENT#fetch=}"
-				export FETCH
-				;;
-
-			forcepersistentfsck)
-				FORCEPERSISTENTFSCK="Yes"
-				export FORCEPERSISTENTFSCK
-				;;
-
-			ftpfs=*)
-				FTPFS="${ARGUMENT#ftpfs=}"
-				export FTPFS
-				;;
-
-			httpfs=*)
-				HTTPFS="${ARGUMENT#httpfs=}"
-				export HTTPFS
-				;;
-
-			iscsi=*)
-				ISCSI="${ARGUMENT#iscsi=}"
-				#ip:port - separated by ;
-				ISCSI_PORTAL="${ISCSI%;*}"
-				if echo "${ISCSI_PORTAL}" | grep -q , ; then
-					ISCSI_SERVER="${ISCSI_PORTAL%,*}"
-					ISCSI_PORT="${ISCSI_PORTAL#*,}"
-				fi
-				#target name
-				ISCSI_TARGET="${ISCSI#*;}"
-				export ISCSI ISCSI_PORTAL ISCSI_TARGET ISCSI_SERVER ISCSI_PORT
-				;;
-
-			isofrom=*|fromiso=*)
-				FROMISO="${ARGUMENT#*=}"
-				export FROMISO
-				;;
-
-			ignore_uuid)
-				IGNORE_UUID="Yes"
-				export IGNORE_UUID
-				;;
-
-			integrity-check)
-				INTEGRITY_CHECK="Yes"
-				export INTEGRITY_CHECK
-				;;
-
-			ip=*)
-				STATICIP="${ARGUMENT#ip=}"
-
-				if [ -z "${STATICIP}" ]
-				then
-					STATICIP="frommedia"
-				fi
-
-				export STATICIP
-				;;
-
-			live-getty)
-				LIVE_GETTY="1"
-				export LIVE_GETTY
-				;;
-
-			live-media=*|bootfrom=*)
-				LIVE_MEDIA="${ARGUMENT#*=}"
-				export LIVE_MEDIA
-				;;
-
-			live-media-encryption=*|encryption=*)
-				LIVE_MEDIA_ENCRYPTION="${ARGUMENT#*=}"
-				export LIVE_MEDIA_ENCRYPTION
-				;;
-
-			live-media-offset=*)
-				LIVE_MEDIA_OFFSET="${ARGUMENT#live-media-offset=}"
-				export LIVE_MEDIA_OFFSET
-				;;
-
-			live-media-path=*)
-				LIVE_MEDIA_PATH="${ARGUMENT#live-media-path=}"
-				export LIVE_MEDIA_PATH
-				;;
-
-			live-media-timeout=*)
-				LIVE_MEDIA_TIMEOUT="${ARGUMENT#live-media-timeout=}"
-				export LIVE_MEDIA_TIMEOUT
-				;;
-
-			module=*)
-				MODULE="${ARGUMENT#module=}"
-				export MODULE
-				;;
-
-			netboot=*)
-				NETBOOT="${ARGUMENT#netboot=}"
-				export NETBOOT
-				;;
-
-			nfsopts=*)
-				NFSOPTS="${ARGUMENT#nfsopts=}"
-				export NFSOPTS
-				;;
-
-			nfscow=*)
-				NFS_COW="${ARGUMENT#nfscow=}"
-				export NFS_COW
-				;;
-
-			noaccessibility)
-				NOACCESSIBILITY="Yes"
-				export NOACCESSIBILITY
-				;;
-
-			nofastboot)
-				NOFASTBOOT="Yes"
-				export NOFASTBOOT
-				;;
-
-			nofstab)
-				NOFSTAB="Yes"
-				export NOFSTAB
-				;;
-
-			nonetworking)
-				NONETWORKING="Yes"
-				export NONETWORKING
-				;;
-
-			ramdisk-size=*)
-				ramdisk_size="${ARGUMENT#ramdisk-size=}"
-				;;
-
-			swapon)
-				SWAPON="Yes"
-				export SWAPON
-				;;
-
-			persistent)
-				PERSISTENT="Yes"
-				export PERSISTENT
-				;;
-
-			persistent-encryption=*)
-				PERSISTENT_ENCRYPTION="${ARGUMENT#*=}"
-				export PERSISTENT_ENCRYPTION
-				;;
-
-			persistent-media=*)
-				PERSISTENT_MEDIA="${ARGUMENT#*=}"
-				export PERSISTENT_MEDIA
-				;;
-			persistent-method=*)
-				PERSISTENT_METHOD="${ARGUMENT#*=}"
-				export PERSISTENT_METHOD
-				;;
-
-			persistent-path=*)
-				PERSISTENT_PATH="${ARGUMENT#persistent-path=}"
-				export PERSISTENT_PATH
-				;;
-			persistent-read-only)
-				PERSISTENT_READONLY="Yes"
-				export PERSISTENT_READONLY
-				;;
-
-			persistent-storage=*)
-				PERSISTENT_STORAGE="${ARGUMENT#persistent-storage=}"
-				export PERSISTENT_STORAGE
-				;;
-
-			persistent-subtext=*)
-				root_persistence="${root_persistence}-${ARGUMENT#persistent-subtext=}"
-				home_persistence="${home_persistence}-${ARGUMENT#persistent-subtext=}"
-				root_snapshot_label="${root_snapshot_label}-${ARGUMENT#persistent-subtext=}"
-				home_snapshot_label="${home_snapshot_label}-${ARGUMENT#persistent-subtext=}"
-				;;
-
-			nopersistent)
-				NOPERSISTENT="Yes"
-				export NOPERSISTENT
-				;;
-
-			noprompt)
-				NOPROMPT="Yes"
-				export NOPROMPT
-				;;
-
-			noprompt=*)
-				NOPROMPT="${ARGUMENT#noprompt=}"
-				export NOPROMPT
-				;;
-
-			quickusbmodules)
-				QUICKUSBMODULES="Yes"
-				export QUICKUSBMODULES
-				;;
-
-			preseed/file=*|file=*)
-				LOCATIONS="${ARGUMENT#*=} ${LOCATIONS}"
-				export LOCATIONS
-				;;
-
-			nopreseed)
-				NOPRESEED="Yes"
-				export NOPRESEED
-				;;
-
-			*/*=*)
-				question="${ARGUMENT%%=*}"
-				value="${ARGUMENT#*=}"
-				PRESEEDS="${PRESEEDS}\"${question}=${value}\" "
-				export PRESEEDS
-				;;
-
-			showmounts)
-				SHOWMOUNTS="Yes"
-				export SHOWMOUNTS
-				;;
-
-			silent)
-				SILENT="Yes"
-				export SILENT
-				;;
-
-			todisk=*)
-				TODISK="${ARGUMENT#todisk=}"
-				export TODISK
-				;;
-
-			toram)
-				TORAM="Yes"
-				export TORAM
-				;;
-
-			toram=*)
-				TORAM="Yes"
-				MODULETORAM="${ARGUMENT#toram=}"
-				export TORAM MODULETORAM
-				;;
-
-			exposedroot)
-				EXPOSED_ROOT="Yes"
-				export EXPOSED_ROOT
-				;;
-
-			plainroot)
-				PLAIN_ROOT="Yes"
-				export PLAIN_ROOT
-				;;
-
-			skipunion)
-				SKIP_UNION_MOUNTS="Yes"
-				export SKIP_UNION_MOUNTS
-				;;
-
-			root=*)
-				ROOT="${ARGUMENT#root=}"
-				export ROOT
-				;;
-
-			union=*)
-				UNIONTYPE="${ARGUMENT#union=}"
-				export UNIONTYPE
-				;;
-		esac
-	done
-
-	# sort of compatibility with netboot.h from linux docs
-	if [ -z "${NETBOOT}" ]
-	then
-		if [ "${ROOT}" = "/dev/nfs" ]
-		then
-			NETBOOT="nfs"
-			export NETBOOT
-		elif [ "${ROOT}" = "/dev/cifs" ]
-		then
-			NETBOOT="cifs"
-			export NETBOOT
-		fi
-	fi
-
-	if [ -z "${MODULE}" ]
-	then
-		MODULE="filesystem"
-		export MODULE
-	fi
-
-	if [ -z "${UNIONTYPE}" ]
-	then
-		UNIONTYPE="aufs"
-		export UNIONTYPE
-	fi
-
-	if [ -z "${PERSISTENT_ENCRYPTION}" ]
-	then
-		PERSISTENT_ENCRYPTION="none"
-		export PERSISTENT_ENCRYPTION
-	elif echo ${PERSISTENT_ENCRYPTION} | grep -qe "\<luks\>"
-	then
-		if ! modprobe dm-crypt
-		then
-			log_warning_msg "Unable to load module dm-crypt"
-			PERSISTENT_ENCRYPTION=$(echo ${PERSISTENT_ENCRYPTION} | sed -e 's/\<luks,\|,\?luks$//g')
-			export PERSISTENT_ENCRYPTION
-		fi
-
-		if [ ! -x /lib/cryptsetup/askpass ] || [ ! -x /sbin/cryptsetup ]
-		then
-			log_warning_msg "cryptsetup in unavailable"
-			PERSISTENT_ENCRYPTION=$(echo ${PERSISTENT_ENCRYPTION} | sed -e 's/\<luks,\|,\?luks$//g')
-			export PERSISTENT_ENCRYPTION
-		fi
-	fi
-
-	if [ -n "${PERSISTENT}" ] && [ -z "${PERSISTENT_METHOD}" ]
-	then
-		PERSISTENT_METHOD="snapshot,overlay"
-		export PERSISTENT_METHOD
-	fi
-
-	if [ -n "${PERSISTENT}" ] && [ -z "${PERSISTENT_STORAGE}" ]
-	then
-		PERSISTENT_STORAGE="filesystem,file"
-		export PERSISTENT_STORAGE
-	fi
-}
-
 is_live_path ()
 {
 	DIRECTORY="${1}"
@@ -1236,17 +843,6 @@ setup_unionfs ()
 	# Let's just mount the read-only file systems first
 	rofslist=""
 
-	if [ "${UNIONTYPE}" = "aufs" ]
-	then
-		roopt="rr+wh"
-		noxino_opt="noxino,"
-	elif [ "${UNIONTYPE}" = "unionfs-fuse" ]
-	then
-		roopt="RO"
-	else
-		roopt="ro"
-	fi
-
 	if [ -z "${PLAIN_ROOT}" ]
 	then
 		# Read image names from ${MODULE}.module if it exists
@@ -1360,7 +956,7 @@ setup_unionfs ()
 
 	mkdir -p /cow
 
-	# Looking for "${root_persistence}" device or file
+	# Looking for persistent devices or files
 	if [ -n "${PERSISTENT}" ] && [ -z "${NOPERSISTENT}" ]
 	then
 
@@ -1405,7 +1001,7 @@ setup_unionfs ()
 
 		if echo ${PERSISTENT_METHOD} | grep -qe "\<overlay\>"
 		then
-			overlays="${root_persistence} ${home_persistence}"
+			overlays="${root_overlay_label} ${old_root_overlay_label} ${old_home_overlay_label} ${custom_overlay_label}"
 		fi
 
 		if echo ${PERSISTENT_METHOD} | grep -qe "\<snapshot\>"
@@ -1413,41 +1009,55 @@ setup_unionfs ()
 			snapshots="${root_snapshot_label} ${home_snapshot_label}"
 		fi
 
-
-		for media in $(find_persistent_media "${overlays}" "${snapshots}" "${blacklistdev}" "${whitelistdev}")
+		local root_snapdata=""
+		local home_snapshot_label=""
+		local root_overlay_label=""
+		local overlay_devices=""
+		for media in $(find_persistent_media "${overlays}" "${snapshots}" "${whitelistdev}")
 		do
 			media="$(echo ${media} | tr ":" " ")"
 			case ${media} in
-				${root_persistence}=*)
-					cowprobe="${media#*=}"
-					;;
-				${home_persistence}=*)
-					homecow="${media#*=}"
-					;;
-				${root_snapshot_label}=*)
-					root_snapdata="${media#*=}"
+				${root_snapshot_label}=*|${old_root_snapshot_label}=*)
+					if [ -z "${root_snapdata}" ]
+					then
+						root_snapdata="${media#*=}"
+					fi
 					;;
 				${home_snapshot_label}=*)
 					# This second type should be removed when snapshot will get smarter,
 					# hence when "/etc/live-snapshot*list" will be supported also by
 					# ext2|ext3|ext4|jffs2 snapshot types.
-					home_snapdata="${media#*=}"
+					if [ -z "${home_snapdata}" ]
+					then
+						home_snapdata="${media#*=}"
+					fi
 					;;
-				*)
+				${root_overlay_label}=*|${old_root_overlay_label}=*)
+					if [ -z "${root_overlay_device}" ]
+					then
+						device="${media#*=}"
+						root_overlay_device="${device}"
+					fi
+					;;
+				${old_home_overlay_label}=*)
+					device="${media#*=}"
+					fix_home_rw_compatibility ${device}
+					overlay_devices="${overlay_devices} ${device}"
+					;;
+				${custom_overlay_label}=*)
+					device="${media#*=}"
+					overlay_devices="${overlay_devices} ${device}"
 					;;
 			 esac
 		done
 
-		if [ -b "${cowprobe}" ] || [ -b "${homecow}" ]
+		if [ -b "${root_overlay_device}" ]
 		then
 			PERSISTENCE_IS_ON="1"
 			export PERSISTENCE_IS_ON
-		fi
 
-		if [ -b "${cowprobe}" ]
-		then
-			cowdevice=${cowprobe}
-			cow_fstype=$(get_fstype "${cowprobe}")
+			cowdevice=${root_overlay_device}
+			cow_fstype=$(get_fstype "${root_overlay_device}")
 			if [ -z "${PERSISTENT_READONLY}" ]
 			then
 				cow_mountopt="rw,noatime"
@@ -1498,26 +1108,28 @@ setup_unionfs ()
 	then
 		if [ -n "${PERSISTENT_READONLY}" ]
 		then
-			persistent_root="/$(basename ${cowdevice})-backing"
-			mkdir -p ${persistent_root}
+			mount -t tmpfs -o rw,noatime,mode=755 tmpfs "/cow"
+			root_backing="${rootmnt}/live/persistent/$(basename ${cowdevice})-root"
+			mkdir -p ${root_backing}
 		else
-			persistent_root="/cow"
+			root_backing="/cow"
 		fi
 
 		if [ "${cow_fstype}" = "nfs" ]
 		then
 			log_begin_msg \
-				"Trying nfsmount ${nfs_cow_opts} ${cowdevice} ${persistent_root}"
-			nfsmount ${nfs_cow_opts} ${cowdevice} ${persistent_root} || \
-				panic "Can not mount ${cowdevice} (n: ${cow_fstype}) on ${persistent_root}"
+				"Trying nfsmount ${nfs_cow_opts} ${cowdevice} ${root_backing}"
+			nfsmount ${nfs_cow_opts} ${cowdevice} ${root_backing} || \
+				panic "Can not mount ${cowdevice} (n: ${cow_fstype}) on ${root_backing}"
 		else
-			mount -t ${cow_fstype} -o ${cow_mountopt} ${cowdevice} ${persistent_root} || \
-				panic "Can not mount ${cowdevice} (o: ${cow_fstype}) on ${persistent_root}"
+			mount -t ${cow_fstype} -o ${cow_mountopt} ${cowdevice} ${root_backing} || \
+				panic "Can not mount ${cowdevice} (o: ${cow_fstype}) on ${root_backing}"
 		fi
 	fi
 
 	rofscount=$(echo ${rofslist} |wc -w)
 
+	# XXX: we now ensure that there can only be one read-only filesystem. Should this be inside the EXPOSED_ROOT if?
 	if [ ${rofscount} -ne 1 ]
 	then
 		panic "only one RO file system supported with exposedroot: ${rofslist}"
@@ -1545,48 +1157,26 @@ setup_unionfs ()
 		#panic "unionmount does not support subunions (${cow_dirs})."
 	fi
 
-	unionmountopts=""
-	unionmountpoint=""
-
 	for dir in ${cow_dirs}; do
-		mkdir -p /cow${dir}
-
 		unionmountpoint="${rootmnt}${dir}"
-		unionrw="/cow${dir}"
-		unionro="${rofs}${dir}"
-		# We don't handle spaces and other junk gracefully here, hopefully not needed.
-		case "${UNIONTYPE}" in
-			unionfs-fuse)
-				unionmountopts="-o cow -o noinitgroups -o default_permissions -o allow_other -o use_ino -o suid"
-				unionmountopts="${unionmountopts} ${unionrw}=RW:${unionro}=RO"
-				( sysctl -w fs.file-max=391524 ; ulimit -HSn 16384
-				unionfs-fuse ${unionmountopts} "${unionmountpoint}" ) && \
-				( mkdir -p /run/sendsigs.omit.d
-				pidof unionfs-fuse >> /run/sendsigs.omit.d/unionfs-fuse || true )
-				;;
-
-			unionmount)
-				unionmountopts="-t ${cow_fstype} -o noatime,union,${cow_mountopt} ${cowdevice}"
-				mount_full $unionmountopts "${unionmountpoint}"
-				;;
-
-			overlayfs)
-				unionmountopts="-o noatime,${noxino_opt},lowerdir=${unionro},upperdir=${unionrw}"
-				mount -t ${UNIONTYPE} ${unionmountopts} ${UNIONTYPE} "${unionmountpoint}"
-				;;
-
-			*)
-				if [ -n "${PERSISTENT_READONLY}" ]
-				then
-					mount -t tmpfs -o rw,noatime,mode=755 tmpfs "${unionrw}"
-					unionmountopts="-o noatime,${noxino_opt}dirs=${unionrw}=rw:${persistent_root}=${roopt}:${unionro}=${roopt}"
-				else
-					unionmountopts="-o noatime,${noxino_opt}dirs=${unionrw}=rw:${unionro}=${roopt}"
-				fi
-				mount -t ${UNIONTYPE} ${unionmountopts} ${UNIONTYPE} "${unionmountpoint}"
-				;;
-		esac || \
-			panic "mount ${UNIONTYPE} on ${unionmountpoint} failed with option ${unionmountopts}"
+		mkdir -p ${unionmountpoint}
+		if [ "${UNIONTYPE}" = "unionmount" ]
+		then
+			# FIXME: handle PERSISTENT_READONLY
+			unionmountopts="-t ${cow_fstype} -o noatime,union,${cow_mountopt} ${cowdevice}"
+			mount_full $unionmountopts "${unionmountpoint}"
+		else
+			cow_dir="/cow${dir}"
+			rofs_dir="${rofs}${dir}"
+			mkdir -p ${cow_dir}
+			if [ -n "${PERSISTENT_READONLY}" ] && [ "${cowdevice}" != "tmpfs" ]
+			then
+				#mount -t tmpfs -o rw,noatime,mode=755 tmpfs "${cow_dir}"
+				do_union ${unionmountpoint} ${cow_dir} ${root_backing} ${rofs_dir}
+			else
+				do_union ${unionmountpoint} ${cow_dir} ${rofs_dir}
+			fi
+		fi || panic "mount ${UNIONTYPE} on ${unionmountpoint} failed with option ${unionmountopts}"
 	done
 
 	# Correct the permissions of /:
@@ -1597,55 +1187,28 @@ setup_unionfs ()
 	mkdir -p "${rootmnt}/live"
 	mount -t tmpfs tmpfs ${rootmnt}/live
 
-	# Adding other custom mounts
-	if [ -n "${PERSISTENT}" ] && [ -z "${NOPERSISTENT}" ]
-	then
-		# directly mount /home
-		# FIXME: add a custom mounts configurable system
-
-		if [ -b "${homecow}" ]
-		then
-			if [ -z "${PERSISTENT_READONLY}" ]
-			then
-				mount -t $(get_fstype "${homecow}") -o rw,noatime "${homecow}" "${rootmnt}/home"
-			else
-				homerw="/cow/home"
-			        homero="/$(basename ${homecow})-backing"
-				homemountpoint="${rootmnt}/home"
-				mkdir -p ${homerw} ${homero} ${homemountpoint}
-				mount -t $(get_fstype "${homecow}") -o ro "${homecow}" "${homero}"
-				mount -t "${UNIONTYPE}" -o "noatime,${noxino_opt}dirs=${homerw}=rw:${homero}=${roopt}" "${UNIONTYPE}" "${homemountpoint}"
-			fi
-			export HOMEMOUNTED=1 # used to proper calculate free space in do_snap_copy()
-		else
-			log_warning_msg "Unable to find the persistent home medium"
-		fi
-
-		# Look for other snapshots to copy in
-		try_snap "${root_snapdata}" "${rootmnt}" "ROOT"
-		# This second type should be removed when snapshot grow smarter
-		try_snap "${home_snapdata}" "${rootmnt}" "HOME" "/home"
-	fi
-
-	if [ -n "${SHOWMOUNTS}" ]
+	live_rofs_list=""
+	# SHOWMOUNTS is necessary for custom mounts with the union option
+	# Since we may want to do custom mounts in user-space it's best to always enable SHOWMOUNTS
+	if true #[ -n "${SHOWMOUNTS}" ] || ( [ -n "${PERSISTENT}" ] && [ -z "${NOPERSISTENT}" ] 1)
 	then
+		# XXX: is the for loop really necessary? rofslist can only contain one item (see above XXX about EXPOSEDROOT) and this is also assumed elsewhere above (see use of $rofs above).
 		for d in ${rofslist}
 		do
-			mkdir -p "${rootmnt}/live/${d##*/}"
-
+			live_rofs="${rootmnt}/live/rofs/${d##*/}"
+			live_rofs_list="${live_rofs_list} ${live_rofs}"
+			mkdir -p "${live_rofs}"
 			case d in
 				*.dir)
-					# do nothing # mount -o bind "${d}" "${rootmnt}/live/${d##*/}"
+					# do nothing # mount -o bind "${d}" "${live_rofs}"
 					;;
-
 				*)
 					case "${UNIONTYPE}" in
 						unionfs-fuse)
-							mount -o bind "${d}" "${rootmnt}/live/${d##*/}"
+							mount -o bind "${d}" "${live_rofs}"
 							;;
-
 						*)
-							mount -o move "${d}" "${rootmnt}/live/${d##*/}"
+							mount -o move "${d}" "${live_rofs}"
 							;;
 					esac
 					;;
@@ -1653,6 +1216,37 @@ setup_unionfs ()
 		done
 	fi
 
+	# Adding custom persistent
+	if [ -n "${PERSISTENT}" ] && [ -z "${NOPERSISTENT}" ]
+	then
+		local custom_mounts="/tmp/custom_mounts.list"
+		rm -rf ${custom_mounts} 2> /dev/null
+
+		# Gather information about custom mounts from devies detected as overlays
+		get_custom_mounts ${custom_mounts} ${overlay_devices}
+
+		[ -n "${DEBUG}" ] && cp ${custom_mounts} "${rootmnt}/live/persistent"
+
+		# Now we do the actual mounting (and symlinking)
+		local used_overlays=""
+		used_overlays=$(activate_custom_mounts ${custom_mounts})
+		rm ${custom_mounts}
+
+		# Close unused overlays (e.g. due to missing $persistence_list)
+		for overlay in ${overlay_devices}
+		do
+			if echo ${used_overlays} | grep -qve "^\(.* \)\?${device}\( .*\)\?$"
+			then
+				close_persistent_media ${overlay}
+			fi
+		done
+
+		# Look for other snapshots to copy in
+		try_snap "${root_snapdata}" "${rootmnt}" "ROOT"
+		# This second type should be removed when snapshot grow smarter
+		try_snap "${home_snapdata}" "${rootmnt}" "HOME" "/home"
+	fi
+
 	# shows cow fs on /cow for use by live-snapshot
 	mkdir -p "${rootmnt}/live/cow"
 	mount -o move /cow "${rootmnt}/live/cow" >/dev/null 2>&1 || mount -o bind /cow "${rootmnt}/live/cow" || log_warning_msg "Unable to move or bind /cow to ${rootmnt}/live/cow"
