On Wed, Aug 02, 2023 at 11:38:57AM +0000, Klemens Nanni wrote:
> This needs "bioctl: do not confirm new passphrases on stdin" on tech@.
>
> Current code tries thrice to get matching passphrases before aborting;
> simple enough to get the feature going, but also due to code limitations.
>
> One possible fix is to let the installer (not bioctl) prompt the passphrase
> like it does for the root password and pass it to bioctl non-interactively.
>
> This means
> * a familiar question style and endless retry behaviour, not bioctl's prompt
> * manual empty string check, bioctl already it
> * installer duplicates existing bioctl prompt functionality
>
>
> Setting OpenBSD MBR partition to whole sd0...done.
> -New passphrase:
> -Re-type passphrase:
> +Passphrase for the root disk? (again)
> +Passphrase for the root disk? (will not echo)
> sd1 at scsibus1 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
>
>
> Feedback?
Ping. Rebased after -Cforce landed.
Index: install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1253
diff -u -p -r1.1253 install.sub
--- install.sub 10 Aug 2023 17:09:34 -0000 1.1253
+++ install.sub 10 Aug 2023 17:19:57 -0000
@@ -3075,7 +3075,7 @@ do_autoinstall() {
}
encrypt_root() {
- local _chunk _tries=0
+ local _chunk
[[ $MDBOOTSR == y ]] || return
@@ -3097,10 +3097,12 @@ encrypt_root() {
md_prep_fdisk $_chunk
echo 'RAID *' | disklabel -w -A -T- $_chunk
- until bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null; do
- # Most likely botched passphrases, silently retry twice.
- ((++_tries < 3)) || exit
- done
+ while :; do
+ ask_password 'Passphrase for the root disk?'
+ [[ -n "$_password" ]] && break
+ echo 'The passphrase must be set.'
+
+ print -r -- "$_password" | bioctl -s -Cforce -cC -l${_chunk}a softraid0
>/dev/null
# No volumes existed before asking, but we just created one.
ROOTDISK=$(get_softraid_volumes)
