From 22a8d6f6031c804107fae249f4e668d4b6310530 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Wed, 25 Apr 2018 13:21:56 -0700 Subject: [PATCH] Colorize warning and error messages in fbwhiptail Since fbwhiptail allows us to customize the background colors, we should colorize warnings and error messages to provide a user with an additional subtle cue that there might be a problem. I have added two additional configuration options: CONFIG_WARNING_BG_COLOR CONFIG_ERROR_BG_COLOR and in the librem13v2.config file you can see an example for how to set them to be yellow and red gradients, respectively. I've also updated the main two scripts that use whiptail to include those background colors. If you decide to use regular whiptail, just don't set these config options and it should behave as expected. --- boards/librem13v2/librem13v2.config | 2 ++ initrd/bin/gui-init | 10 +++++----- initrd/bin/kexec-select-boot | 6 +++--- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/boards/librem13v2/librem13v2.config b/boards/librem13v2/librem13v2.config index 9cfea3d2..cbd4b030 100644 --- a/boards/librem13v2/librem13v2.config +++ b/boards/librem13v2/librem13v2.config @@ -31,3 +31,5 @@ export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 3114db91..cec008f2 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -25,7 +25,7 @@ verify_global_hashes() if cd /boot && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ; then return 0 elif [ ! -f $TMP_HASH_FILE ]; then - if (whiptail --clear --title 'ERROR: Missing Hash File!' \ + if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title 'ERROR: Missing Hash File!' \ --yesno "The file containing hashes for /boot is missing!\n\nIf you are setting this system up for the first time, select Yes to update your list of checksums.\n\nOtherwise this could indicate a compromise and you should select No to return to the main menu.\n\nWould you like to update your checksums now?" 30 80) then update_checksums fi @@ -53,7 +53,7 @@ verify_global_hashes() TEXT="The following files failed the verification process:\n${CHANGED_FILES}\n\nThis could indicate a compromise!\n\nWould you like to update your checksums now?" fi - if (whiptail --clear --title 'ERROR: Boot Hash Mismatch' --yesno "$TEXT" 30 80) then + if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title 'ERROR: Boot Hash Mismatch' --yesno "$TEXT" 30 80) then update_checksums fi return 1 @@ -104,7 +104,7 @@ while true; do last_half=$half; TOTP=`unseal-totp` if [ $? -ne 0 ]; then - whiptail --clear --title "ERROR: TOTP Generation Failed!" \ + whiptail $CONFIG_ERROR_BG_COLOR --clear --title "ERROR: TOTP Generation Failed!" \ --menu "ERROR: Heads couldn't generate the TOTP code.\n\nIf you have just reflashed your BIOS, you will need to generate a new TOTP secret.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nIf this is the first time the system has booted, you should reset the TPM and set your own password\n\nHow would you like to proceed?" 30 80 4 \ 'g' ' Generate new TOTP secret' \ 'i' ' Ignore error and continue to default boot menu' \ @@ -163,7 +163,7 @@ while true; do fi if [ "$totp_confirm" = "n" ]; then - if (whiptail --title "TOTP code mismatched" \ + if (whiptail $CONFIG_WARNING_BG_COLOR --title "TOTP code mismatched" \ --yesno "TOTP code mismatches could indicate either TPM tampering or clock drift:\n\nTo correct clock drift: 'date -s HH:MM:SS'\nand save it to the RTC: 'hwclock -w'\nthen reboot and try again.\n\nWould you like to exit to a recovery console?" 30 80) then echo "" echo "To correct clock drift: 'date -s HH:MM:SS'" @@ -230,7 +230,7 @@ while true; do if [ "$totp_confirm" = "i" ]; then # Run the menu selection in "force" mode, bypassing hash checks - if (whiptail --title 'Unsafe Forced Boot Selected!' \ + if (whiptail $CONFIG_WARNING_BG_COLOR --title 'Unsafe Forced Boot Selected!' \ --yesno "WARNING: You have chosen to skip all tamper checks and boot anyway.\n\nThis is an unsafe option!\n\nDo you want to proceed?" 16 80) then mount_boot kexec-select-boot -m -b /boot -c "grub.cfg" -g -f diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 60d16685..15165565 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -57,7 +57,7 @@ verify_global_hashes() else if [ "$gui_menu" = "y" ]; then CHANGED_FILES=$(grep -v 'OK$' /tmp/hash_output | cut -f1 -d ':') - whiptail --title 'ERROR: Boot Hash Mismatch' \ + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Boot Hash Mismatch' \ --msgbox "The following files failed the verification process:\n${CHANGED_FILES}\nExiting to a recovery shell" 16 60 fi die "$TMP_HASH_FILE: boot hash mismatch" @@ -211,7 +211,7 @@ default_select() { option=`head -n $default_index $TMP_MENU_FILE | tail -1` if [ "$option" != "$expectedoption" ]; then if [ "$gui_menu" = "y" ]; then - whiptail --title 'ERROR: Boot Entry Has Changed' \ + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Boot Entry Has Changed' \ --msgbox "The list of boot entries has changed\n\nPlease set a new default" 16 60 fi warn "!!! Boot entry has changed - please set a new default" @@ -228,7 +228,7 @@ default_select() { else if [ "$gui_menu" = "y" ]; then CHANGED_FILES=$(grep -v 'OK$' /tmp/hash_output | cut -f1 -d ':') - whiptail --title 'ERROR: Default Boot Hash Mismatch' \ + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Default Boot Hash Mismatch' \ --msgbox "The following files failed the verification process:\n${CHANGED_FILES}\nExiting to a recovery shell" 16 60 fi die "!!! $TMP_DEFAULT_HASH_FILE: default boot hash mismatch"