From: Klemens Nanni Subject: Re: [patch] Autoinstall with disk encryption To: tech@openbsd.org Date: Thu, 8 Feb 2024 11:07:25 +0000 On Wed, Feb 07, 2024 at 08:44:47PM +0000, Chris Narkiewicz wrote: > I think it makes autoinstaller answers file less readable and sort of > ties it to bioctl. Given that answers should be stable, I assume we > woudn't be inclined to change it in the future if there is another > passphrase for something different. Having a clear and to the point > prompt future-proofs it and establishes a pattern for future evolution. > > > 'New Passphrase' is known, unique and noone complained thus far, so I'm > > inclined to stick with that. > > I guess that it doesn't matter for interactive installation, because > it's obvious from the context and the prompt doesn't have to be > stable. It also matches what users know from bioctl(8) in userspace and, more importantly, the boot loader's "Passphrase: "; I think there's value in keeping those three places somewhat in sync. > For answers file - I assume - the bar would be higher. Inside autoinstall(8), you'd probably order answers the same way such that they're equally obvious: Encrypt the root disk with a (p)assphrase or (k)eydisk = passphrase But even if not, I doubt we will gain installer support for encrypting arbitrary disks anytime soon, so even a dangling New passphrase = secret would be unqiue (weak argument, but still). > I've chosen a prompt similar to the root question, which is > informative and to the point. I think any new password or passphrase > prompt in the future would naturally fall into the same pattern: > > Password / passphrase for $WHAT? > > My reasoning is based on autoinstaller answers readability and > stability, not interactive installation UX. Passphrase for the root disk? What I don't like about the ask_password() approach is that it a) needs more code to handle empty passphrases which - bioctl already does in interactive prompts - unattended ask_passphrase() nicely rejects b) ask_password() says "Passwords do not match, try again." contrary to otherwise consistent "Passphrase" usage Neither is bad, but shows and I'm not (yet) entirely convinced it is better. What do others think? Index: install.sub =================================================================== RCS file: /cvs/src/distrib/miniroot/install.sub,v diff -u -p -r1.1258 install.sub --- install.sub 26 Jan 2024 16:35:58 -0000 1.1258 +++ install.sub 8 Feb 2024 10:34:57 -0000 @@ -917,7 +917,7 @@ ask_password() { } # Ask for a passphrase once showing prompt $1. Ensure input is not empty -# save it in $_passphrase. +# and save it in $_passphrase. ask_passphrase() { local _q=$1 @@ -3106,9 +3106,6 @@ encrypt_root() { [[ $MDBOOTSR == y ]] || return - # The interactive bioctl(8) passphrase prompt requires a TTY. - $AI && return - [[ -x /sbin/bioctl ]] || return # Do not even try if softraid is in use already, @@ -3124,8 +3121,16 @@ encrypt_root() { _args=-k$KEYDISK break ;; - # Do nothing, bioctl(8) will handle the passphrase. - [pP]*) break + [pP]*) + while :; do + ask_password 'Passphrase for the root disk?' + [[ -n "$_password" ]] && break + echo 'The passphrase must be set.' + done + PASSFILE=/tmp/i/passfile + (umask 077 && print -r -- "$_password" >$PASSFILE) + _args=-p$PASSFILE + break ;; [nN]*) return ;; @@ -3139,6 +3144,7 @@ encrypt_root() { echo 'RAID *' | disklabel -w -A -T- $_chunk bioctl -Cforce -cC -l${_chunk}a $_args softraid0 >/dev/null + rm -f $PASSFILE # No volumes existed before asking, but we just created one. ROOTDISK=$(get_softraid_volumes)