refactor: unify get_{luks,zfs}_passphrase and get_root_password

Extract the prompt/confirm/min-length loop into prompt_password() in lib/common.sh using a nameref for the output variable, so UI output stays on the terminal (no command-substitution capture) and the three callers collapse from ~30 lines each to a single helper call. - get_luks_passphrase() — min 8 chars - get_zfs_passphrase() — min 8 chars - get_root_password() — no min (was unchecked before; preserved) 5 bats tests added: match+min-ok path, length-retry loop, mismatch-retry loop, min_len=0 disables check, empty passphrase when min_len=0. make test: 58/58.
author: Craig Jennings <c@cjennings.net> 2026-04-13 00:07:46 -0400
committer: Craig Jennings <c@cjennings.net> 2026-04-13 00:07:46 -0400
commit: 9f6c75916cee8cb65b21b71c69f62d080818ad63 (patch)
tree: 791bbc02072fabc18accd501f1740837b99770fc /installer
parent: 88d2fafe410a82dfa3534d7c0466689997407a0c (diff)
download: archangel-9f6c75916cee8cb65b21b71c69f62d080818ad63.tar.gz
archangel-9f6c75916cee8cb65b21b71c69f62d080818ad63.zip
2 files changed, 41 insertions, 54 deletions
diff --git a/installer/archangel b/installer/archangel
index d1831cf..4dc6689 100755
--- a/installer/archangel
+++ b/installer/archangel
@@ -590,26 +590,8 @@ get_luks_passphrase() {
     echo "IMPORTANT: If you forget this passphrase, your data is UNRECOVERABLE!"
     echo ""
 
-    while true; do
-        prompt "Enter LUKS encryption passphrase:"
-        read -rs LUKS_PASSPHRASE
-        echo ""
-
-        prompt "Confirm passphrase:"
-        read -rs confirm
-        echo ""
-
-        if [[ "$LUKS_PASSPHRASE" == "$confirm" ]]; then
-            if [[ ${#LUKS_PASSPHRASE} -lt 8 ]]; then
-                warn "Passphrase should be at least 8 characters. Try again."
-            else
-                info "Passphrase confirmed."
-                break
-            fi
-        else
-            warn "Passphrases don't match. Try again."
-        fi
-    done
+    prompt_password LUKS_PASSPHRASE "LUKS encryption passphrase" 8
+    info "Passphrase confirmed."
 }
 
 get_encryption_choice() {
@@ -647,46 +629,14 @@ get_zfs_passphrase() {
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo ""
 
-    while true; do
-        prompt "Enter ZFS encryption passphrase:"
-        read -s -p "> " ZFS_PASSPHRASE
-        echo ""
-
-        prompt "Confirm passphrase:"
-        read -s -p "> " confirm_pass
-        echo ""
-
-        if [[ "$ZFS_PASSPHRASE" == "$confirm_pass" ]]; then
-            if [[ ${#ZFS_PASSPHRASE} -lt 8 ]]; then
-                warn "Passphrase should be at least 8 characters."
-                continue
-            fi
-            break
-        else
-            warn "Passphrases do not match. Try again."
-        fi
-    done
+    prompt_password ZFS_PASSPHRASE "ZFS encryption passphrase" 8
 }
 
 get_root_password() {
     step "Root Password"
     echo ""
 
-    while true; do
-        prompt "Enter root password:"
-        read -s -p "> " ROOT_PASSWORD
-        echo ""
-
-        prompt "Confirm root password:"
-        read -s -p "> " confirm_pass
-        echo ""
-
-        if [[ "$ROOT_PASSWORD" == "$confirm_pass" ]]; then
-            break
-        else
-            warn "Passwords do not match. Try again."
-        fi
-    done
+    prompt_password ROOT_PASSWORD "root password" 0
 }
 
 get_ssh_config() {
diff --git a/installer/lib/common.sh b/installer/lib/common.sh
index 4acd7b9..dcaf071 100644
--- a/installer/lib/common.sh
+++ b/installer/lib/common.sh
@@ -57,6 +57,43 @@ require_command() {
 }
 
 #############################
+# Password / Passphrase Input
+#############################
+
+# Prompt for a secret, require confirmation, enforce min length, loop
+# until valid. Sets the named variable by nameref so UI output stays
+# on the terminal and the caller doesn't command-substitute.
+#
+# Usage: prompt_password VAR_NAME "label for prompts" MIN_LEN
+#   min_len of 0 disables the length check.
+prompt_password() {
+    local -n _out="$1"
+    local label="$2"
+    local min_len="${3:-0}"
+    local confirm
+
+    while true; do
+        prompt "Enter $label:"
+        read -rs _out
+        echo ""
+
+        prompt "Confirm $label:"
+        read -rs confirm
+        echo ""
+
+        if [[ "$_out" != "$confirm" ]]; then
+            warn "Passphrases do not match. Try again."
+            continue
+        fi
+        if [[ $min_len -gt 0 && ${#_out} -lt $min_len ]]; then
+            warn "Passphrase must be at least $min_len characters. Try again."
+            continue
+        fi
+        break
+    done
+}
+
+#############################
 # FZF Prompts
 #############################
author	Craig Jennings <c@cjennings.net>	2026-04-13 00:07:46 -0400
committer	Craig Jennings <c@cjennings.net>	2026-04-13 00:07:46 -0400
commit	9f6c75916cee8cb65b21b71c69f62d080818ad63 (patch)
tree	791bbc02072fabc18accd501f1740837b99770fc /installer
parent	88d2fafe410a82dfa3534d7c0466689997407a0c (diff)
download	archangel-9f6c75916cee8cb65b21b71c69f62d080818ad63.tar.gz archangel-9f6c75916cee8cb65b21b71c69f62d080818ad63.zip