Bug#321109: [PATCH] grub-installer password confirmation

To: 321109@bugs.debian.org
Cc: James Westby <jw+debian@jameswestby.net>
Subject: Bug#321109: [PATCH] grub-installer password confirmation
From: Frans Pop <elendil@planet.nl>
Date: Thu, 17 Apr 2008 16:58:14 +0200
Message-id: <[🔎] 200804171658.14554.elendil@planet.nl>
Reply-to: 321109@bugs.debian.org, 321109@bugs.debian.org
In-reply-to: <[🔎] 1208427380.6521.0.camel@flash>
References: <[🔎] 1208427380.6521.0.camel@flash>

On Thursday 17 April 2008, James Westby wrote:
> Attached is a patch that myself and Colin Watson worked on, based
> on the patch from this bug report. It hopefully addresses all concerns
> that were raised about the existing patch, and updates it to the
> existing codebase.
>
> Please consider applying it. I would be happy to address any concerns
> that you have with the patch.

After a quick glance a couple of things look wrong.

You read password-crypted to see if it is preseeded. This value presumably 
already _is_ encrypted, but you still pass it through 'password --md5'.

Also, why is the output of the password command _appended_ to the temp file? 
That would seem to break idempotency.

In general, how well has this patch been tested, both for interactive use 
and preseeding? Has entering the password been tested after a reboot in 
both cases?

Cheers,
FJP

Reply to:

Follow-Ups:
- Bug#321109: [PATCH] grub-installer password confirmation
  - From: James Westby <jw+debian@jameswestby.net>

References:
- Bug#321109: [PATCH] grub-installer password confirmation
  - From: James Westby <jw+debian@jameswestby.net>

Prev by Date: Bug#476388: partman-auto-crypto: Allow preseeding of the skip_erase flag
Next by Date: Processed: Re: Bug#476524: debian-installer: DI Manual Bug: the use of killall.sh as described kills itself
Previous by thread: Bug#321109: [PATCH] grub-installer password confirmation
Next by thread: Bug#321109: [PATCH] grub-installer password confirmation
Index(es):
- Date
- Thread