Skip to content

Commit a23dbde

Browse files
tlauriontlaurion
authored
Merge pull request #1964 from gaspar-ilom/fix-luks-change-passphrase
fix change passphrase
2 parents 7c93932 + baffab0 commit a23dbde

File tree

1 file changed

+11
-9
lines changed

1 file changed

+11
-9
lines changed

initrd/etc/luks-functions

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -519,24 +519,26 @@ luks_change_passphrase() {
519519
luks_containers=($LUKS)
520520
TRACE_FUNC
521521
DEBUG "luks_containers: ${luks_containers[@]}"
522+
# unset new passphrase to make sure the user enters it and knows what they are setting as the new passphrase!
523+
unset luks_new_Disk_Recovery_Key_passphrase
522524

523525
for luks_container in "${luks_containers[@]}"; do
524-
if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ] || [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then
526+
if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then
525527
if [ -f /tmp/secret/luks_current_Disk_Recovery_Key_passphrase ]; then
526528
luks_current_Disk_Recovery_Key_passphrase=$(cat /tmp/secret/luks_current_Disk_Recovery_Key_passphrase)
527529
else
528-
whiptail --title 'Changing LUKS Disk Recovery Key passphrase' --msgbox \
529-
"Please enter the current LUKS Disk Recovery Key passphrase (slot 0).\nThen choose a strong passphrase of your own.\n\n**DICEWARE passphrase methodology is STRONGLY ADVISED.**\n\nHit Enter to continue" 0 80
530-
531-
echo -e "\nEnter your desired replacement for the actual LUKS Disk Recovery Key passphrase (At least 8 characters long):"
532-
while [[ ${#luks_new_Disk_Recovery_Key_passphrase} -lt 8 ]]; do
533-
read -r luks_new_Disk_Recovery_Key_passphrase
534-
done
535-
536530
TRACE_FUNC
537531
echo -e "\nEnter the current LUKS Disk Recovery Key passphrase (Configured at OS installation or by OEM):"
538532
read -r luks_current_Disk_Recovery_Key_passphrase
539533
fi
534+
elif [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then
535+
whiptail --title 'Changing LUKS Disk Recovery Key passphrase' --msgbox \
536+
"Please choose a strong passphrase of your own.\n\n**DICEWARE passphrase methodology is STRONGLY ADVISED.**\n\nHit Enter to continue" 0 80
537+
538+
echo -e "\nEnter your desired replacement for the actual LUKS Disk Recovery Key passphrase (At least 8 characters long):"
539+
while [[ ${#luks_new_Disk_Recovery_Key_passphrase} -lt 8 ]]; do
540+
read -r luks_new_Disk_Recovery_Key_passphrase
541+
done
540542
fi
541543

542544
echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/secret/luks_current_Disk_Recovery_Key_passphrase

0 commit comments

Comments
 (0)