This needs "bioctl: do not confirm new passphrases on stdin" on tech@.
Current code tries thrice to get matching passphrases before aborting;
simple enough to get the feature going, but also due to code limitations.
One possible fix is to let the installer (not bioctl) prompt the passphrase
like it does for the root password and pass it to bioctl non-interactively.
This means
* a familiar question style and endless retry behaviour, not bioctl's prompt
* manual empty string check, bioctl already it
* installer duplicates existing bioctl prompt functionality
Setting OpenBSD MBR partition to whole sd0...done.
-New passphrase:
-Re-type passphrase:
+Passphrase for the root disk? (again)
+Passphrase for the root disk? (will not echo)
sd1 at scsibus1 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
Feedback?
Index: install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1252
diff -u -p -r1.1252 install.sub
--- install.sub 2 Aug 2023 08:51:16 -0000 1.1252
+++ install.sub 2 Aug 2023 11:26:53 -0000
@@ -3075,7 +3075,7 @@ do_autoinstall() {
}
encrypt_root() {
- local _chunk _tries=0
+ local _chunk
[[ $MDBOOTSR == y ]] || return
@@ -3097,10 +3097,13 @@ encrypt_root() {
md_prep_fdisk $_chunk
echo 'RAID *' | disklabel -w -A -T- $_chunk
- until bioctl -c C -l ${_chunk}a softraid0 >/dev/null; do
- # Most likely botched passphrases, silently retry twice.
- ((++_tries < 3)) || exit
+ while :; do
+ ask_password 'Passphrase for the root disk?'
+ [[ -n "$_password" ]] && break
+ echo 'The passphrase must be set.'
done
+
+ print -r -- "$_password" | bioctl -s -cC -l${_chunk}a softraid0
>/dev/null
# No volumes existed before asking, but we just created one.
ROOTDISK=$(get_softraid_volumes)
