diff --git a/fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch b/fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch new file mode 100644 index 0000000..14c4263 --- /dev/null +++ b/fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch @@ -0,0 +1,56 @@ +From e0222c3dcf0bb1a44328b893bed9224d05b7506a Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Mon, 6 May 2024 16:28:41 +0800 +Subject: [PATCH] firstboot: make "Pass phrase" mandatory + +Without choosing the "Pass phrase" option, the default VM password will +remain after firstboot. To ensure the default password is gone for good, +make "Pass phrase" mandatory. + +Signed-off-by: Gary Lin +--- + firstboot/fde | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/firstboot/fde b/firstboot/fde +index 4911b32..161e832 100755 +--- a/firstboot/fde ++++ b/firstboot/fde +@@ -203,15 +203,22 @@ function fde_setup_unencrypted { + + function __fde_valid_protections { + ++ pass_warn=true + for tag in $*; do + case $tag in +- pass|tpm) : ;; ++ pass) pass_warn=false ;; ++ tpm) : ;; + *) + display_errorbox "FDE key protection scheme $tag not yet implemented" + return 1;; + esac + done + ++ if $pass_warn; then ++ display_errorbox "Pass phrase is mandatory" ++ return 1 ++ fi ++ + return 0 + } + +@@ -253,10 +260,6 @@ function fde_choose_protection { + FDE_PROTECTION="$result" + fde_trace "user selected protections: <$FDE_PROTECTION>" + +- if [ -z "$FDE_PROTECTION" ]; then +- return 1 +- fi +- + if __fde_valid_protections $FDE_PROTECTION; then + break + fi +-- +2.35.3 + diff --git a/fde-tools.changes b/fde-tools.changes index e4d9aaa..d92ad26 100644 --- a/fde-tools.changes +++ b/fde-tools.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue May 7 05:53:20 UTC 2024 - Gary Ching-Pang Lin + +- Add fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch + to make "pass" mandatory during firstboot (bsc#1223771) + ------------------------------------------------------------------- Thu Apr 18 05:39:44 UTC 2024 - Gary Ching-Pang Lin diff --git a/fde-tools.spec b/fde-tools.spec index 6727450..72ce7d0 100644 --- a/fde-tools.spec +++ b/fde-tools.spec @@ -35,6 +35,7 @@ Patch2: fde-tools-change-rpm-macro-dir.patch Patch3: fde-tools-bsc1220160-conditional-requires.patch Patch4: fde-tools-bsc1222970-firstboot-replace-ALP.patch Patch5: fde-tools-bsc1223002-firstboot-disable-ccid.patch +Patch6: fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch BuildRequires: help2man BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(libcryptsetup)