oem-factory-reset: debug mode; hide passphrase output on screen/debug.log on gpg --detach-sign of /boot hash digest

Before: [ 155.845101] DEBUG: gpg --pinentry-mode loopback --passphrase Please Change Me --digest-algo SHA256 --detach-sign -a After: [ 131.272954] DEBUG: gpg --pinentry-mode loopback --passphrase <hidden> --digest-algo SHA256 --detach-sign -a Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-18 20:47:55 +00:00 · 2024-11-25 10:56:32 -05:00 · 2024-11-25 10:56:32 -05:00 · 5501cd0744
commit 5501cd0744
parent 45696a4c8a
1 changed files with 1 additions and 1 deletions
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@ -680,7 +680,7 @@ generate_checksums() {
    fi

    DEBUG "Detach-signing boot files under kexec.sig: ${param_files}"
-    if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG gpg \
+    if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG --mask-position 4 gpg \
        --pinentry-mode loopback \
        --passphrase "${USER_PIN}" \
        --digest-algo SHA256 \