SLFO-pool/fde-tools
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main fde-tools revision d84e49ef7adaa3a88f7ce5bb813dc2fd

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-16 15:36:13 +02:00
parent 84b1ae7fc7
commit 9cbd480d71
3 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch Normal file
View File

@ -0,0 +1,56 @@
From e0222c3dcf0bb1a44328b893bed9224d05b7506a Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 6 May 2024 16:28:41 +0800
Subject: [PATCH] firstboot: make "Pass phrase" mandatory
Without choosing the "Pass phrase" option, the default VM password will
remain after firstboot. To ensure the default password is gone for good,
make "Pass phrase" mandatory.
Signed-off-by: Gary Lin <glin@suse.com>
---
firstboot/fde | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/firstboot/fde b/firstboot/fde
index 4911b32..161e832 100755
--- a/firstboot/fde
+++ b/firstboot/fde
@@ -203,15 +203,22 @@ function fde_setup_unencrypted {
function __fde_valid_protections {
+ pass_warn=true
for tag in $*; do
case $tag in
- pass|tpm) : ;;
+ pass) pass_warn=false ;;
+ tpm) : ;;
*)
display_errorbox "FDE key protection scheme $tag not yet implemented"
return 1;;
esac
done
+ if $pass_warn; then
+ display_errorbox "Pass phrase is mandatory"
+ return 1
+ fi
+
return 0
}
@@ -253,10 +260,6 @@ function fde_choose_protection {
FDE_PROTECTION="$result"
fde_trace "user selected protections: <$FDE_PROTECTION>"
- if [ -z "$FDE_PROTECTION" ]; then
- return 1
- fi
-
if __fde_valid_protections $FDE_PROTECTION; then
break
fi
--
2.35.3

6
fde-tools.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue May 7 05:53:20 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
- Add fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch
to make "pass" mandatory during firstboot (bsc#1223771)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 18 05:39:44 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com> Thu Apr 18 05:39:44 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>

1
fde-tools.spec
View File

@ -35,6 +35,7 @@ Patch2: fde-tools-change-rpm-macro-dir.patch
Patch3: fde-tools-bsc1220160-conditional-requires.patch Patch3: fde-tools-bsc1220160-conditional-requires.patch
Patch4: fde-tools-bsc1222970-firstboot-replace-ALP.patch Patch4: fde-tools-bsc1222970-firstboot-replace-ALP.patch
Patch5: fde-tools-bsc1223002-firstboot-disable-ccid.patch Patch5: fde-tools-bsc1223002-firstboot-disable-ccid.patch
Patch6: fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch
BuildRequires: help2man BuildRequires: help2man
BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(json-c)
BuildRequires: pkgconfig(libcryptsetup) BuildRequires: pkgconfig(libcryptsetup)