From 12be23f54c2a3b29f3bd61fb1c01090b132572b1 Mon Sep 17 00:00:00 2001 From: kn Date: Sat, 20 May 2023 19:10:25 +0000 Subject: [PATCH] Ask for disk crypto after root disk question Encrypt the root disk? (disk, no or '?' for details) [no] Which disk is the root disk? ('?' for details) [sdN] becomes Which disk is the root disk? ('?' for details) [sd0] Encrypt the root disk? (yes, no or '?' for details) [no] so that answering 'sd0' at this point during installation behaves the same as before the new question: specifying the root disk. Users no longer deal with two (softraid chunk sd0, root disk sd1), but just one disk as before, while sdN are dealt with transparently. Code also gets simpler and should enable more improvements soon. Feedback OK afresh1 --- distrib/miniroot/install.sub | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/distrib/miniroot/install.sub b/distrib/miniroot/install.sub index d3d944bf2ca..e66d27f8705 100644 --- a/distrib/miniroot/install.sub +++ b/distrib/miniroot/install.sub @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: install.sub,v 1.1244 2023/05/02 15:55:58 deraadt Exp $ +# $OpenBSD: install.sub,v 1.1245 2023/05/20 19:10:25 kn Exp $ # # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback # Copyright (c) 2015, Robert Peichaer @@ -346,8 +346,6 @@ get_dkdevs_root() { for _d in $_disks; do is_rootdisk "$_d" || _disks=$(rmel "$_d" $_disks) done - else - _disks=$(rmel "$CRYPTOCHUNK" $_disks) fi echo $_disks } @@ -2408,7 +2406,7 @@ is_rootdisk() { # Get global root information. ie. ROOTDISK, ROOTDEV and SWAPDEV. get_rootinfo() { - local _default=${CRYPTOVOLUME:-$(get_dkdevs_root)} _dkdev + local _default=$(get_dkdevs_root) _dkdev local _q="Which disk is the root disk? ('?' for details)" while :; do @@ -2417,8 +2415,6 @@ get_rootinfo() { case $resp in "?") diskinfo $(get_dkdevs);; '') ;; - $CRYPTOCHUNK) - echo "$resp is used for root disk encryption.";; *) # Translate $resp to disk dev name in case it is a DUID. # get_dkdev_name bounces back the disk dev name if not. _dkdev=$(get_dkdev_name "$resp") @@ -3079,7 +3075,7 @@ do_autoinstall() { encrypt_root() { local _chunk _tries=0 - local _q="Encrypt the root disk? (disk, 'no' or '?' for details)" + local _q="Encrypt the root disk? (yes, no or '?' for details)" [[ $MDBOOTSR == y ]] || return @@ -3091,21 +3087,22 @@ encrypt_root() { [[ -z $(get_softraid_volumes) ]] || return while :; do - echo "Available disks are: $(get_dkdevs | sed 's/^$/none/')." _ask "$_q" no || continue case $resp in '?') cat <<'__EOT' Create a passphrase protected CRYPTO softraid volume to be used as root disk. __EOT - diskinfo $(get_dkdevs);; + ;; '') ;; n|no) return;; - *) isin "$resp" $(get_dkdevs) && break - echo 'No such disk.';; + y|yes) break;; + *) echo "'$resp' is not a valid choice." + continue;; esac done - _chunk=$resp - log_answers "$_q" $_chunk + log_answers "$_q" "$resp" + _chunk=$ROOTDISK + echo "\nCconfiguring the crypto chunk $_chunk...\n" make_dev $_chunk md_prep_fdisk $_chunk softraid @@ -3116,10 +3113,11 @@ __EOT ((++_tries < 3)) || exit done - CRYPTOCHUNK=$_chunk # No volumes existed before asking, but we just created one. - # Save it for later as sane root disk default. - CRYPTOVOLUME=$(get_softraid_volumes) + ROOTDISK=$(get_softraid_volumes) + ROOTDEV=${ROOTDISK}a + SWAPDEV=${ROOTDISK}b + echo "\nConfiguring the root disk $ROOTDISK...\n" } do_install() { @@ -3175,11 +3173,11 @@ do_install() { echo - encrypt_root - # Get information about ROOTDISK, etc. get_rootinfo + encrypt_root + DISKS_DONE= FSENT= @@ -3591,8 +3589,6 @@ INSTALL_METHOD= NIFS=0 export PS1="$MODE# " PUB_KEY=/etc/signify/openbsd-${VERSION}-base.pub -CRYPTOCHUNK= -CRYPTOVOLUME= ROOTDEV= ROOTDISK= SETDIR="$VNAME/$ARCH" -- 2.20.1