From: Chris Narkiewicz Subject: Re: [patch] Autoinstall with disk encryption To: tech@openbsd.org Cc: kn@openbsd.org Date: Thu, 25 Jan 2024 12:01:01 +0000 On Fri, Dec 22, 2023 at 02:58:06PM +0000, Chris Narkiewicz wrote: > I'd like to kindly ask again if there is any interest in such feature to > enable unattended installation with disk encryption. There was some encouragement I received, but I assume that xmas and new year were not a good time to seek for attention. :) Here I am again, asking for feedback. Index: install.sub =================================================================== RCS file: /cvs/src/distrib/miniroot/install.sub,v retrieving revision 1.1257 diff -u -p -u -p -r1.1257 install.sub --- install.sub 24 Oct 2023 18:03:53 -0000 1.1257 +++ install.sub 13 Dec 2023 18:27:30 -0000 @@ -3099,6 +3099,13 @@ pick_keydisk() { KEYDISK=$_disk$_label } +get_disk_passphrase() { + ask_password 'Password for disk encryption?' + DISK_PASS="${_password}" + echo "${DISK_PASS}" > $DISK_PASS_FILE + chmod 0600 $DISK_PASS_FILE +} + encrypt_root() { local _args _chunk=$ROOTDISK @@ -3122,8 +3129,11 @@ encrypt_root() { _args=-k$KEYDISK break ;; - # Do nothing, bioctl(8) will handle the passphrase. - [pP]*) break + # Ask for password and store it into a temporary file for bioctl + [pP]*) + get_disk_passphrase + _args=-p$DISK_PASS_FILE + break ;; [nN]*) return ;; @@ -3606,6 +3616,7 @@ CGI_INFO=/tmp/i/cgiinfo CGI_METHOD= CGI_TIME= CGI_TZ= +DISK_PASS_FILE=/tmp/i/disk_password export EDITOR=ed HTTP_DIR= HTTP_LIST=/tmp/i/httplist Best regards, Chris Narkiewicz -- Phone: +44 7502 415 180 (also Signal, WhatsApp) Matrix: @ezaquarii:etacassiopeiae.net Mastodon: @ezaquarii@social.etacassiopeiae.net GPG: F86C 15AB 6FFE 6F81 43D7 4C1E 98BF 5BA2 F3BB 4D28