Merge pull request #1861 from tlaurion/oem-factory_reset_hide-detach-sign-user-pin

bugfix: oem-factory-reset: debug mode; hide passphrase output on screen/debug log on gpg --detach-sign of /boot hash digest
2024-12-18 20:47:55 +00:00 · 2024-11-25 11:02:30 -05:00 · 2024-11-25 11:02:30 -05:00 · 4f1405853f
commit 4f1405853f
parent 45696a4c8a 5501cd0744
1 changed files with 1 additions and 1 deletions
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@ -680,7 +680,7 @@ generate_checksums() {
    fi

    DEBUG "Detach-signing boot files under kexec.sig: ${param_files}"
-    if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG gpg \
+    if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG --mask-position 4 gpg \
        --pinentry-mode loopback \
        --passphrase "${USER_PIN}" \
        --digest-algo SHA256 \