Bug#656710: partman-crypto: Preseeding the passphrase

[Olaf Mandel <olaf@mandel.name>]

Package: partman-crypto
Version: 49
Severity: wishlist
Tags: d-i patch

The passphrase should be preseedable for unattended installations. This
is possible in the Ubuntu-version of this package since at least the end
of March 2010 (40ubuntu2). The attached patch is an independent
implementation of the same functionality.

Thoughts on security:
The preseeded passphrase should be considered insecure, depending on the
source of the preseed file. But if the administrator ensures that the
user changes the passphrase after the first login, this should still be
secure enough (Maybe put a note about security into the preseed template
file?).

Currently tested on
http://ftp.debian.org/debian/dists/squeeze/main/installer-i386/current/images/netboot/mini.iso
.

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- 
Olaf Mandel   <olaf@mandel.name>   <http://www.olaf.mandel.name/>
PGP key:      1024D/33398848 2002-09-19
Fingerprint:  0E33 BEA6 1A71 9C5E 62BD  FC0E 99A7 D2C6 3339 8848

--- partman-crypto-49/blockdev-keygen.orig	2012-01-20 20:11:31.603528151 +0100
+++ partman-crypto-49/blockdev-keygen	2012-01-20 20:33:55.293528151 +0100
@@ -31,25 +31,24 @@
 }
 
 get_passphrase () {
-	local pass_ok
+	local templ last_RET pass pass_ok
 
 	pass_ok=0
 	while [ $pass_ok -eq 0 ]; do
 		templ="partman-crypto/passphrase"
-		db_set $templ ""
-		db_fset $templ seen false
 		db_subst $templ DEVICE "$description"
 		db_input critical $templ
 
 		templ="partman-crypto/passphrase-again"
-		db_set $templ ""
-		db_fset $templ seen false
 		db_input critical $templ
 
 		db_go || return 1
 
-		db_get partman-crypto/passphrase || RET=''
+		templ="partman-crypto/passphrase"
+		db_get $templ || RET=''
 		pass=$RET
+		db_set $templ ""
+		db_fset $templ seen false
 		if [ -z "$pass" ]; then
 			templ="partman-crypto/passphrase-empty"
 			db_fset $templ seen false
@@ -57,8 +56,12 @@
 			continue
 		fi
 
-		db_get partman-crypto/passphrase-again || RET=''
-		if [ "$pass" != "$RET" ]; then
+		templ="partman-crypto/passphrase-again"
+		db_get $templ || RET=''
+		last_RET=$RET
+		db_set $templ ""
+		db_fset $templ seen false
+		if [ "$pass" != "$last_RET" ]; then
 			templ="partman-crypto/passphrase-mismatch"
 			db_fset $templ seen false
 			db_input critical $templ
@@ -67,14 +70,15 @@
 
 		if passphrase_is_weak "$pass"; then
 			templ="partman-crypto/weak_passphrase"
-			db_set $templ false
-			db_fset $templ seen false
 			db_subst $templ MINIMUM $minlen
 			db_input critical $templ || true
 			db_go || true
 			db_get $templ || RET=''
+			last_RET=$RET
+			db_set $templ false
+			db_fset $templ seen false
 
-			if [ "$RET" != true ]; then
+			if [ "$last_RET" != true ]; then
 				# user doesn't want to force weak passphrase
 				continue
 			fi
@@ -83,9 +87,6 @@
 		pass_ok=1
 	done
 
-	db_set partman-crypto/passphrase ""
-	db_set partman-crypto/passphrase-again ""
-
 	if [ $pass_ok -eq 1 ]; then
 		echo "$pass"
 	fi

Attachment: signature.asc
Description: OpenPGP digital signature