From 923b4e1fe9e6754e40be35274f79d88d9aac3e2a Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Mon, 6 Nov 2023 10:06:19 -0500
Subject: [PATCH] ash_functions:confirm_gpg_card: loop gpg_admin_pin prompt
until non-empty
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
---
initrd/etc/ash_functions | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions
index 836e75ce..f330e273 100644
--- a/initrd/etc/ash_functions
+++ b/initrd/etc/ash_functions
@@ -96,9 +96,12 @@ confirm_gpg_card() {
#Prompt user for configured GPG Admin PIN that will be passed along to mount-usb and to import gpg subkeys
echo
- #TODO: change all passphrase prompts in codebase to include -r to prevent backslash escapes
- read -r -s -p "Please enter GPG Admin PIN needed to use the GPG backup thumb drive: " gpg_admin_pin
- echo
+ gpg_admin_pin=""
+ while [ -z "$gpg_admin_pin" ]; do
+ #TODO: change all passphrase prompts in codebase to include -r to prevent backslash escapes
+ read -r -s -p "Please enter GPG Admin PIN needed to use the GPG backup thumb drive: " gpg_admin_pin
+ echo
+ done
#prompt user to select the proper encrypted partition, which should the first one on next prompt
warn "Please select encrypted LUKS on GPG key material backup thumb drive (not public labeled one)"
mount-usb --pass "$gpg_admin_pin" || die "Unable to mount USB with provided GPG Admin PIN"
@@ -154,7 +157,7 @@ gpg_auth() {
if [[ "$CONFIG_HAVE_GPG_KEY_BACKUP" == "y" ]]; then
TRACE "Under /etc/ash_functions:gpg_auth"
# If we have a GPG key backup, we can use it to authenticate even if the card is lost
- echo >&2 "!!!!! Please authenticate with OpenPGP card/backup media to prove you are the owner of this machine !!!!!"
+ echo >&2 "!!!!! Please authenticate with OpenPGP smartcard/backup media to prove you are the owner of this machine !!!!!"
# Wipe any existing nonce and signature
shred -n 10 -z -u "$CR_NONCE" "$CR_SIG" 2>/dev/null || true