public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos: initrd/luks: disable input echo for the whole stage

Browse Source
This commit is contained in:
Jan Malakhovski 2018-06-10 20:18:27 +00:00
parent c35917e330
commit 8c83ba0386
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/system/boot/luksroot.nix
View File

@ -78,9 +78,15 @@ let
# For Yubikey salt storage # For Yubikey salt storage
mkdir -p /crypt-storage mkdir -p /crypt-storage
# Disable all input echo for the whole stage. We could use read -s
# instead but that would ocasionally leak characters between read
# invocations.
stty -echo
''; '';
postCommands = '' postCommands = ''
stty echo
umount /crypt-storage 2>/dev/null umount /crypt-storage 2>/dev/null
umount /crypt-ramfs 2>/dev/null umount /crypt-ramfs 2>/dev/null
''; '';
@ -113,8 +119,8 @@ let
# ask cryptsetup-askpass # ask cryptsetup-askpass
echo -n "${device}" > /crypt-ramfs/device echo -n "${device}" > /crypt-ramfs/device
# and try reading it from /dev/console # and try reading it from /dev/console with a timeout
IFS= read -t 1 -rs passphrase IFS= read -t 1 -r passphrase
if [ -n "$passphrase" ]; then if [ -n "$passphrase" ]; then
${if luks.reusePassphrases then '' ${if luks.reusePassphrases then ''
# remember it for the next device # remember it for the next device
@ -199,7 +205,7 @@ let
for try in $(seq 3); do for try in $(seq 3); do
${optionalString yubikey.twoFactor '' ${optionalString yubikey.twoFactor ''
echo -n "Enter two-factor passphrase: " echo -n "Enter two-factor passphrase: "
read -rs k_user read -r k_user
echo echo
''} ''}