diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-19 12:30:07 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-19 12:30:07 -0500 |
| commit | 9405b1fc9984e43b0297d2bb89dea1666e1f4853 (patch) | |
| tree | 6fa63a1402109e07da101da572b8cdbfaf4dba4c | |
| parent | e49a95254d439e5e83c05756a3bc92e4575360b0 (diff) | |
| download | archangel-9405b1fc9984e43b0297d2bb89dea1666e1f4853.tar.gz archangel-9405b1fc9984e43b0297d2bb89dea1666e1f4853.zip | |
refactor: extract validate_encryption_passphrase from gather_input
gather_input's unattended branch had two parallel if-blocks, one for ZFS and one for Btrfs, each doing the same encryption-passphrase empty check against a filesystem-specific variable (ZFS_PASSPHRASE or LUKS_PASSPHRASE). The two blocks shared the condition surface and error template. Only the variable name differed.
I lifted the check into validate_encryption_passphrase in lib/config.sh next to validate_filesystem. The helper takes the variable name and uses indirect expansion (${!var_name}) so one function covers both filesystems. gather_input now dispatches via if/elif on FILESYSTEM and calls the helper with the right variable, collapsing 14 lines to 6.
The original tests in test_archangel.bats (gather_input errors when ZFS without ZFS_PASSPHRASE / when Btrfs without LUKS_PASSPHRASE / accepts ZFS with NO_ENCRYPT=yes) still pass, exercising the helper through the dispatch. Added 4 direct unit tests in test_config.bats covering the four cases: NO_ENCRYPT=yes passes regardless, NO_ENCRYPT=no with empty fails, NO_ENCRYPT=no with value passes, and the error message names the offending variable. Bats: 177 → 181.
No behavior change. The helper preserves the original error message format and exit conditions.
| -rwxr-xr-x | installer/archangel | 15 | ||||
| -rw-r--r-- | installer/lib/config.sh | 13 | ||||
| -rw-r--r-- | tests/unit/test_config.bats | 39 |
3 files changed, 56 insertions, 11 deletions
diff --git a/installer/archangel b/installer/archangel index 939c686..537c1da 100755 --- a/installer/archangel +++ b/installer/archangel @@ -102,18 +102,11 @@ gather_input() { # Required-field, disk, and timezone validation runs in main() # via validate_config before this function is reached. - # ZFS-specific validation + # Filesystem-specific encryption-passphrase validation if [[ "$FILESYSTEM" == "zfs" ]]; then - if [[ "$NO_ENCRYPT" != "yes" && -z "$ZFS_PASSPHRASE" ]]; then - error "Config missing required: ZFS_PASSPHRASE (or set NO_ENCRYPT=yes)" - fi - fi - - # Btrfs-specific validation - if [[ "$FILESYSTEM" == "btrfs" ]]; then - if [[ "$NO_ENCRYPT" != "yes" && -z "$LUKS_PASSPHRASE" ]]; then - error "Config missing required: LUKS_PASSPHRASE (or set NO_ENCRYPT=yes)" - fi + validate_encryption_passphrase ZFS_PASSPHRASE + elif [[ "$FILESYSTEM" == "btrfs" ]]; then + validate_encryption_passphrase LUKS_PASSPHRASE fi # Determine RAID level if not specified diff --git a/installer/lib/config.sh b/installer/lib/config.sh index a241e84..3ba2bb3 100644 --- a/installer/lib/config.sh +++ b/installer/lib/config.sh @@ -146,3 +146,16 @@ validate_filesystem() { error "Invalid FILESYSTEM: $FILESYSTEM (must be 'zfs' or 'btrfs')" fi } + +# Ensure an encryption passphrase variable is set when encryption is +# on. Takes the variable name (ZFS_PASSPHRASE or LUKS_PASSPHRASE) and +# errors out if NO_ENCRYPT is not "yes" and the named variable is +# empty. Indirect expansion (${!var_name}) lets one helper handle both +# ZFS and Btrfs passphrase fields without duplicating the conditional +# in gather_input's filesystem dispatch. +validate_encryption_passphrase() { + local var_name="$1" + if [[ "$NO_ENCRYPT" != "yes" && -z "${!var_name}" ]]; then + error "Config missing required: ${var_name} (or set NO_ENCRYPT=yes)" + fi +} diff --git a/tests/unit/test_config.bats b/tests/unit/test_config.bats index 46f0236..af23e4a 100644 --- a/tests/unit/test_config.bats +++ b/tests/unit/test_config.bats @@ -205,3 +205,42 @@ EOF [ "$status" -eq 1 ] [[ "$output" == *"Invalid FILESYSTEM"* ]] } + +############################# +# validate_encryption_passphrase +############################# +# Called from gather_input's unattended branch. Errors when encryption +# is enabled (NO_ENCRYPT != "yes") but the named passphrase variable +# is empty. Indirect expansion lets one helper cover both ZFS and Btrfs. + +@test "validate_encryption_passphrase passes when NO_ENCRYPT=yes regardless of passphrase" { + NO_ENCRYPT=yes + ZFS_PASSPHRASE="" + run validate_encryption_passphrase ZFS_PASSPHRASE + [ "$status" -eq 0 ] +} + +@test "validate_encryption_passphrase errors when NO_ENCRYPT=no and passphrase empty" { + NO_ENCRYPT=no + ZFS_PASSPHRASE="" + run validate_encryption_passphrase ZFS_PASSPHRASE + [ "$status" -eq 1 ] + [[ "$output" == *"ZFS_PASSPHRASE"* ]] + [[ "$output" == *"NO_ENCRYPT=yes"* ]] +} + +@test "validate_encryption_passphrase passes when NO_ENCRYPT=no and passphrase set" { + NO_ENCRYPT=no + LUKS_PASSPHRASE="hunter2hunter2" + run validate_encryption_passphrase LUKS_PASSPHRASE + [ "$status" -eq 0 ] +} + +@test "validate_encryption_passphrase names the offending variable in the error" { + NO_ENCRYPT=no + LUKS_PASSPHRASE="" + run validate_encryption_passphrase LUKS_PASSPHRASE + [ "$status" -eq 1 ] + [[ "$output" == *"LUKS_PASSPHRASE"* ]] + ! [[ "$output" == *"ZFS_PASSPHRASE"* ]] +} |