Date: Wed, 1 Apr 2015 02:05:27 +0000 (UTC) From: Devin Teske <dteske@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r280939 - in head: sys/boot/forth usr.sbin/bsdinstall/scripts Message-ID: <201504010205.t3125R42058126@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dteske Date: Wed Apr 1 02:05:26 2015 New Revision: 280939 URL: https://svnweb.freebsd.org/changeset/base/280939 Log: Whoops! "arc commit --revision" != "arc diff --update" Modified: head/sys/boot/forth/check-password.4th head/sys/boot/forth/check-password.4th.8 head/sys/boot/forth/loader.conf head/usr.sbin/bsdinstall/scripts/zfsboot Modified: head/sys/boot/forth/check-password.4th ============================================================================== --- head/sys/boot/forth/check-password.4th Wed Apr 1 02:01:34 2015 (r280938) +++ head/sys/boot/forth/check-password.4th Wed Apr 1 02:05:26 2015 (r280939) @@ -146,15 +146,6 @@ only forth definitions also password-pro 2drop read-reset else drop then - \ Prompt for GEOM ELI (geli(4)) passphrase if enabled - s" geom_eli_passphrase_prompt" getenv dup -1 <> if - s" YES" compare-insensitive 0= if - s" GELI Passphrase: " read ( prompt -- ) - readval readlen @ s" kern.geom.eli.passphrase" setenv - read-reset - then - else drop then - \ Exit if a password was not set s" password" getenv -1 = if exit else drop then Modified: head/sys/boot/forth/check-password.4th.8 ============================================================================== --- head/sys/boot/forth/check-password.4th.8 Wed Apr 1 02:01:34 2015 (r280938) +++ head/sys/boot/forth/check-password.4th.8 Wed Apr 1 02:05:26 2015 (r280939) @@ -1,4 +1,4 @@ -.\" Copyright (c) 2011-2015 Devin Teske +.\" Copyright (c) 2011-2012 Devin Teske .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 20, 2015 +.Dd December 10, 2012 .Dt CHECK-PASSWORD.4TH 8 .Os .Sh NAME @@ -33,12 +33,8 @@ .Sh DESCRIPTION The file that goes by the name of .Nm -is a set of commands designed to do one or more of the following: -.Pp -.Dl o Prevent booting without password -.Dl o Prevent modification of boot options without password -.Dl o Provide a password to mount geli(8) encrypted root disk(s) -.Pp +is a set of commands designed to either prevent booting or prevent modification +of boot options without an appropriately configured password. The commands of .Nm by themselves are not enough for most uses. @@ -62,23 +58,14 @@ The commands provided by it are: .Pp .Bl -tag -width disable-module_module -compact -offset indent .It Ic check-password -Multi-purpose function that can protect the interactive boot menu, -prevent boot without password, or prompt for geli(8) passphrase -.Pq depending on Xr loader.conf 5 settings . +Dual-purpose function that can either protect the interactive boot menu or +prevent boot without password (separately). .Pp First checks .Va bootlock_password and if-set, the user cannot continue until the correct password is entered. .Pp -Next, checks -.Va geom_eli_passphrase_prompt -and if set to -.Li YES -.Pq case-insensitive -prompts the user to enter their GELI password for later mounting of the root -device(s) during boot. -.Pp -Last, checks +Next checks .Va password and if-set, tries to .Ic autoboot @@ -94,11 +81,6 @@ The environment variables that effect it Sets the bootlock password (up to 16 characters long) that is required by .Ic check-password to be entered before the system is allowed to boot. -.It Va geom_eli_passphrase_prompt -Selects whether loader(8) will prompt for GELI credentials, handing-off to the -kernel for later mounting of -.Xr geli 8 -encrypted root device(s). .It Va password Sets the password (up to 16 characters long) that is required by .Ic check-password @@ -140,16 +122,6 @@ to prevent booting without password: .Bd -literal -offset indent -compact bootlock_password="boot" .Ed -.Pp -Add the following to -.Xr loader.conf 5 -to generate a prompt at boot to collect GELI credentials for mounting -.Xr geli 8 -encrypted root device(s): -.Pp -.Bd -literal -offset indent -compact -geom_eli_passphrase_prompt="YES" -.Ed .Sh SEE ALSO .Xr loader.conf 5 , .Xr loader 8 , Modified: head/sys/boot/forth/loader.conf ============================================================================== --- head/sys/boot/forth/loader.conf Wed Apr 1 02:01:34 2015 (r280938) +++ head/sys/boot/forth/loader.conf Wed Apr 1 02:05:26 2015 (r280939) @@ -62,7 +62,6 @@ entropy_cache_type="/boot/entropy" # "NO" to disable autobooting #password="" # Prevent changes to boot options #bootlock_password="" # Prevent booting (see check-password.4th(8)) -#geom_eli_passphrase_prompt="NO" # Prompt for geli(8) passphrase to mount root #beastie_disable="NO" # Turn the beastie boot menu on and off #kernels="kernel kernel.old" # Kernels to display in the boot menu #loader_logo="orbbw" # Desired logo: orbbw, orb, fbsdbw, beastiebw, beastie, none Modified: head/usr.sbin/bsdinstall/scripts/zfsboot ============================================================================== --- head/usr.sbin/bsdinstall/scripts/zfsboot Wed Apr 1 02:01:34 2015 (r280938) +++ head/usr.sbin/bsdinstall/scripts/zfsboot Wed Apr 1 02:05:26 2015 (r280939) @@ -1343,9 +1343,6 @@ zfs_create_boot() $BSDINSTALL_TMPBOOT/loader.conf.aesni || return $FAILURE f_eval_catch $funcname echo "$ECHO_APPEND" 'geom_eli_load=\"YES\"' \ $BSDINSTALL_TMPBOOT/loader.conf.geli || return $FAILURE - f_eval_catch $funcname echo "$ECHO_APPEND" \ - 'geom_eli_passphrase_prompt=\"YES\"' \ - $BSDINSTALL_TMPBOOT/loader.conf.geli || return $FAILURE for disk in $disks; do f_eval_catch $funcname printf "$PRINTF_CONF" \ geli_%s_keyfile0_load "$disk$targetpart YES" \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504010205.t3125R42058126>