From 9f6c75916cee8cb65b21b71c69f62d080818ad63 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Mon, 13 Apr 2026 00:07:46 -0400 Subject: refactor: unify get_{luks,zfs}_passphrase and get_root_password MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extract the prompt/confirm/min-length loop into prompt_password() in lib/common.sh using a nameref for the output variable, so UI output stays on the terminal (no command-substitution capture) and the three callers collapse from ~30 lines each to a single helper call. - get_luks_passphrase() — min 8 chars - get_zfs_passphrase() — min 8 chars - get_root_password() — no min (was unchecked before; preserved) 5 bats tests added: match+min-ok path, length-retry loop, mismatch-retry loop, min_len=0 disables check, empty passphrase when min_len=0. make test: 58/58. --- installer/archangel | 58 ++++--------------------------------------------- installer/lib/common.sh | 37 +++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 54 deletions(-) (limited to 'installer') diff --git a/installer/archangel b/installer/archangel index d1831cf..4dc6689 100755 --- a/installer/archangel +++ b/installer/archangel @@ -590,26 +590,8 @@ get_luks_passphrase() { echo "IMPORTANT: If you forget this passphrase, your data is UNRECOVERABLE!" echo "" - while true; do - prompt "Enter LUKS encryption passphrase:" - read -rs LUKS_PASSPHRASE - echo "" - - prompt "Confirm passphrase:" - read -rs confirm - echo "" - - if [[ "$LUKS_PASSPHRASE" == "$confirm" ]]; then - if [[ ${#LUKS_PASSPHRASE} -lt 8 ]]; then - warn "Passphrase should be at least 8 characters. Try again." - else - info "Passphrase confirmed." - break - fi - else - warn "Passphrases don't match. Try again." - fi - done + prompt_password LUKS_PASSPHRASE "LUKS encryption passphrase" 8 + info "Passphrase confirmed." } get_encryption_choice() { @@ -647,46 +629,14 @@ get_zfs_passphrase() { echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "" - while true; do - prompt "Enter ZFS encryption passphrase:" - read -s -p "> " ZFS_PASSPHRASE - echo "" - - prompt "Confirm passphrase:" - read -s -p "> " confirm_pass - echo "" - - if [[ "$ZFS_PASSPHRASE" == "$confirm_pass" ]]; then - if [[ ${#ZFS_PASSPHRASE} -lt 8 ]]; then - warn "Passphrase should be at least 8 characters." - continue - fi - break - else - warn "Passphrases do not match. Try again." - fi - done + prompt_password ZFS_PASSPHRASE "ZFS encryption passphrase" 8 } get_root_password() { step "Root Password" echo "" - while true; do - prompt "Enter root password:" - read -s -p "> " ROOT_PASSWORD - echo "" - - prompt "Confirm root password:" - read -s -p "> " confirm_pass - echo "" - - if [[ "$ROOT_PASSWORD" == "$confirm_pass" ]]; then - break - else - warn "Passwords do not match. Try again." - fi - done + prompt_password ROOT_PASSWORD "root password" 0 } get_ssh_config() { diff --git a/installer/lib/common.sh b/installer/lib/common.sh index 4acd7b9..dcaf071 100644 --- a/installer/lib/common.sh +++ b/installer/lib/common.sh @@ -56,6 +56,43 @@ require_command() { command_exists "$1" || error "Required command not found: $1" } +############################# +# Password / Passphrase Input +############################# + +# Prompt for a secret, require confirmation, enforce min length, loop +# until valid. Sets the named variable by nameref so UI output stays +# on the terminal and the caller doesn't command-substitute. +# +# Usage: prompt_password VAR_NAME "label for prompts" MIN_LEN +# min_len of 0 disables the length check. +prompt_password() { + local -n _out="$1" + local label="$2" + local min_len="${3:-0}" + local confirm + + while true; do + prompt "Enter $label:" + read -rs _out + echo "" + + prompt "Confirm $label:" + read -rs confirm + echo "" + + if [[ "$_out" != "$confirm" ]]; then + warn "Passphrases do not match. Try again." + continue + fi + if [[ $min_len -gt 0 && ${#_out} -lt $min_len ]]; then + warn "Passphrase must be at least $min_len characters. Try again." + continue + fi + break + done +} + ############################# # FZF Prompts ############################# -- cgit v1.2.3