| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Extend the yes/no question to no/passphrase/keydisk and have users pick an
existing, preformated RAID partition; no support (yet) for creating one.
OK tb afresh1
|
|
Since r1.1245 encrypt_root() happens immediately after get_rootinfo().
the latter creates device files for the root disk (and aborts if make_dev()
fails), so encrypt_root()'s call on the softraid chunk is purely redundant.
Hoist _chunk definition into declaration while here.
|
|
bioctl(8) now retries itself on mismatch so the installer continues until
the passphrase is confirmed correctly (like for the root password) instead
of bailing out after three failed attempts.
|
|
The bioctl(8) command to create new and unlock old volumes is the same.
Use `-C force' to prevent reuse, which happens with, e.g. aborted/restarted
encrypted installations past the question or installations onto an old disk.
OK naddy sthen deraadt
|
|
The yes/no question was mistaken as actual passphrase prompt and/or details
in parentheses were taken as option list (despite the lack of commas).
Unmention the only disk encryption mechanism we support and simply ask
whether to protect the root disk with a passphrase or not (still yes/no).
Prodded by solene, feedback from many
Wording from naddy, similar wording from sthen
OK naddy sthen deraadt afresh1
|
|
The installer always checks for softraid using it, skip if unavailable.
Apply the usual idiom in encrypt_root() to silence stderr noise.
Do so in do in get_softraid_chunks() as well which is always called in
get_dkdevs_unitialized() and finish_up(); get_softraid_chunks() discards
stderr and both users still do the right thing on bioctl failure/empty
output from get_dkdevs_unitialized(), but there's no point in trying plus
the idiom clarifies how this code is indeed used on floppies.
Found and tested by krw
OK deraadt krw
|
|
|
|
Since this question moved after the root disk one and '?' stopped listing disks,
hoist the implementation details in order to drop the custom answer and reuse
existing ask_yn(), thus
Encrypt the root disk? (yes, no or '?' for details) [no] ?
Create a passphrase protected CRYPTO softraid volume to be used as root disk.
Encrypt the root disk? (yes, no or '?' for details) [no]
becomes
Encrypt the root disk? (passphrase CRYPTO softraid) [no]
Prodded by afresh1
|
|
ok kn@ millert@
|
|
It takes just one, the disk; the second snuck from earlier development into
the intial r1.1231 commit.
|
|
|
|
Encrypt the root disk? (disk, no or '?' for details) [no]
Which disk is the root disk? ('?' for details) [sdN]
becomes
Which disk is the root disk? ('?' for details) [sd0]
Encrypt the root disk? (yes, no or '?' for details) [no]
so that answering 'sd0' at this point during installation behaves the same
as before the new question: specifying the root disk.
Users no longer deal with two (softraid chunk sd0, root disk sd1), but just
one disk as before, while sdN are dealt with transparently.
Code also gets simpler and should enable more improvements soon.
Feedback OK afresh1
|
|
to require "no", instead of "n" or "no" which works at every other damn prompt
in the installer. This seems to be an artifact of relentlessly pushing people
towards softraid by default, and I think that is a bit nasty and pushy.
|
|
|
|
'?' output to list available answers could better distuingish from questions
and other lines, like sets selection does with four leading spaces.
OK deraadt
|
|
For installation, no partitions whatsoever are mounted, so 'yes' is always
wrong unless the user manually mounted stuff before that question.
No change for upgrade, where partitions on the root disk are mounted.
Idea from naddy, diff from Mikhail (mp39590 AT gmail)
Tweaks from me
OK op afresh1
|
|
Save the softraid volume's device and make it root disk default, being the
only legit choice in this case; this gets it always right on systems with
multiple physical disks.
All other install/upgrade cases keep picking the first available [sw]d* disk
as root disk default.
OK afresh1
|
|
"disk" can mean both "chunk" and "volume" and a future diff for better
softraid volumes handling will benefit from this distinction.
No functional change.
|
|
Set to split `hw.disknames' strings is neat, but functionn-wide means the
bsort() invocation honours it, i.e. it'll output newlines not spaces.
Break the one-liner into the same multi-line idom occuring elsewhere and
contain IFS in the subshell that needs it.
This was never visible due how the output of was consumed by the shell.
The only visual, but otherwise effectless bug due to this appeared with the
new disk encryption question double-quoting get_dkdevs() output, i.e.
multiple disks printed across multiple lines; this yields one, as inteded.
OK afresh1
|
|
'Default IPv4 route?' takes an IP or this word, not no IP at all.
All other questions already quote their 'none', 'done', etc. answers.
No behaviour change for autoinstall(8) files, questions end after the
qestion mark and potential answers/help in parentheses comes after that.
|
|
While MAKEDEV accepts multiple args, it complains loudly on repeated args.
It is silent when trying to create a single already existing device.
This is probably a bug in MAKEDEV.
|
|
No need to loop here, the script takes multiple args.
OK tb afresh1
|
|
^C during questiong yields
/install: /tmp/cppid: cannot open $(<) input
The trap handler must first test existence, then read the PID file.
Quote like other PID file constructs in install.sub do.
Use newlines to make the trap function readable.
OK miod
|
|
ok kn@ deraadt@
|
|
WEP does not work with our bwfm(4) and it shows:
Which network interface do you wish to configure? (or 'done') [bse0] bwfm0
ifconfig: SIOCS80211NWKEY: Operation not supported by device
Access point? (ESSID, 'any', list# or '?') [any] 2
Security protocol? (O)pen, (W)EP, WPA-(P)SK [O]
Handle the error and disable (W)EP unless the driver has it.
No objections from anyone.
|
|
One new question to cover the most common use case, such that manual setup
in (S)hell or '!' prior to install is no longer required:
Encrypt the root disk? (disk, 'no' or '?' for details) [no] ?
Create a passphrase protected CRYPTO softraid volume to be used as root disk.
Available disks are: sd0.
Encrypt the root disk? (disk, 'no' or '?' for details) [no]
Use of keydisk or different disciplines are not covered.
Only asked in interactive installations; no autoinstall(8) or upgrades.
Only reachable on i386, amd64, sparc64 and riscv64 for now (arm64 WIP).
Tested by cheloha naddy and a few users
Feedback from cheloha deraadt claudio
OK cheloha
"get it in now" deraadt
|
|
In practise, omitting \n is pointless in get_*devs*(), addel() and rmel()
as they are all all used in such a way that the shell always ensures a
trailing \n anyway.
(This might have been needed with the old recursive bsort(), but not now.)
The one exception being the case of a ramdisk with no disks, which revealed
\n mishandling in the root disk question where it ought to print "none"
instead of an empty list of available disks (since inception in r1.1114):
Available disks are: .
Which disk is the root disk? ('?' for details) ?
OK afresh1
|
|
Enable features like arithmatic expression and thus make the debug aid
`FUNCS_ONLY=1 . /install.sub' work in those prompts.
'!' answers spawn their own ksh process, but (S)hell drops into /.profile
sourced by /bin/sh executed by init(8), i.e. a korn shell defaulting to
strict bourne shell mode.
Shell options in this interactive parent shell do not effect install.sub
aka. /install, /autoinstall and /upgrade as it is executed in a child.
OK afresh1
|
|
Sets on an unmounted disk partition are most likely to be on install media,
e.g. CD or USB stick.
Default 'Which disk contains the install media?' to the first disk that is
a) not the root disk and b) not a disk with softraid chunks (hosting the
root disk, for example).
This makes it point at the right disk in most setups.
All disks remain valid answers, this is only about the default.
OK afresh1
|
|
ksh(1) can sort itself and addel() ensures uniqueness, so reuse both to get
a much simpler shell version of `sort -u' that is bug-for-bug compatible
with the old one but shorter and easier to tweak/reason about.
OK afresh1
|
|
Skip chunk devices in the 'Which disk do you wish to initialize?' question.
Touching sd0, e.g. after a root on softraid sd1 install on sd0, will fail.
get_dkdevs_uninitialized() is used once, in interactive installs, right
after root disk setup, iff multiple disks exist.
Tested as part of a bigger diff by a few
OK cheloha
|
|
|
|
get_softraid_chunks() yields full device names with labels, e.g. "sd0a",
but the installer largely deals with disk names "sd0".
The only user of this, MAKEDEV, behaves identically with either form.
Rename to get_softraid_disks(), clarify comments and return disk names
so it can be reused without pattern matching or stripping labels.
OK afresh1
|
|
No behaviour change, but get_softraid_chunks() reads much clearer.
The root disk is checked to be a softraid volume; if so, devices for each
chunks are created to make installboot work later.
bioctl accepts "sd1" and "softraid0", the latter prints all volumes.
Output is identical if sd1 is the only volume.
OK afresh1
|
|
the keyboard layout on all of them during install.
tested with a Thinkpad X13s with a silly amount of kezboards connected.
OK miod@ kn@
|
|
|
|
Hacking on the installer while running it is a lot easier when you can
inspect or run functions directly without paging the whole script or
poking around in it with ed.
install.sub is already structured so that all functions come first,
then MD code, then actual commands.
Copy FUNCS_ONLY from rc.subr(8) so you can drop out any time and hack around
more conveniently:
Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0] !
Type 'exit' to return to install.
test# FUNCS_ONLY=1 . /install.sub
test# typeset -f get_dkdevs
get_dkdevs() {
echo $(scan_disknames "${MDDKDEVS:-/^[sw]d[0-9][0-9]* /s/ .*//p}")
}
test# get_dkdevs
sd0 sd1
test#
This requires the sourcing shell to be ksh(1) or sh(1) with 'strict Bourne
shell mode' disabled. '!' is ksh now, but the initial (S)hell answer still
lands in a strict (default) sh(1) -- that can/should be fixed separately.
OK deraadt
|
|
Even without any interfaces the installer still asks for one and only
continues when the only possible answer 'done' is provided.
That means one mandatory but useless answer during installations like
# vmctl start -c -d ./install72.img -d ./disk.img test
...
System hostname? (short form, e.g. 'foo') test
Available network interfaces are: .
Network interface to configure? (name, lladdr, '?', or 'done')
A response is required.
Network interface to configure? (name, lladdr, '?', or 'done') ?
Available network interfaces are: .
Network interface to configure? (name, lladdr, '?', or 'done') done
DNS domain name? (e.g. 'example.com') [my.domain]
...
Skip it when there is no viable answer:
# vmctl start -c -d ./install72.img -d ./disk.img test
...
System hostname? (short form, e.g. 'foo') test
DNS domain name? (e.g. 'example.com') [my.domain]
...
OK deraadt
|
|
arithmetic expression `(( ... ))' and more.
OK deraadt
|
|
This modifies the installer question, auto install scripts may need updating.
Allows answering ? to the interface question to list allowed lladdrs
and allows answering with one of them to configure the interface.
Reconfiguring by either name/unit or lladdr will clear the previous config.
Many suggestions from kn@
finish it @deraadt
|
|
|
|
When needed, lladdr is more precise and enduring.
Suggested by deraadt@
Many improvments and OK kn@
|
|
Original implementation by martijn@
Feedback and suggestions from kn@, sthen@, claudio@, florian@, and deraadt@.
ok deraadt
|
|
Upgrades are noiser on macppc (and loongson and octeon) than on other
architectures because boot firmware changes and/or tips to complete an
OpenBSD installation are always printed, even though they are not needed
after an upgrade.
OK deraadt
|
|
Other function, same stuff like r1.1210 except here there `>/dev/null 2>&1'
hammer is required to silence the ls(1) test.
The make_dev() call is no longer silenced now but does not print on stdout
anyway; if making the device fails we'd like to know.
Otherwise if probing the disk fails it continues to be silenced.
(cvs diff -w -U1)
|@@ -2311,3 +2311,2 @@ is_rootdisk() {
|
|- (
| make_dev $_d
|@@ -2322,6 +2321,6 @@ is_rootdisk() {
| umount /mnt
|- fi
|+ fi >/dev/null 2>&1
| rm -f /dev/{r,}$_d?
|+
| return $_rc
|- ) >/dev/null 2>&1
| }
OK halex
|
|
When upgrading to releases, the installer fills rc.firsttime(8) with
a syspatch(8) snippet possibly displaying available patches.
That snippet itself checks for a release version as well as an existent
installurl(5) file as a precondition for syspatch, see the diff below.
syspatch, however, has code to fallback to cdn.o.o without a valid URL:
286 _MIRROR=$(while read _line; do _line=${_line%%#*}; [[ -n ${_line} ]] &&
287 print -r -- "${_line}"; done </etc/installurl | tail -1) 2>/dev/null
288 [[ ${_MIRROR} == @(file|ftp|http|https)://* ]] ||
289 _MIRROR=https://cdn.openbsd.org/pub/OpenBSD
290 _MIRROR="${_MIRROR}/syspatch/${_KERNV[0]}/$(machine)"
Furthermore, the installer actively sets a working URL if needed, in the
same finish_up() function shortly before placing the syspatch snippet:
2842 # Create /etc/installurl if it does not yet exist.
2843 if [[ ! -f /mnt/etc/installurl ]]; then
2844 echo "${INSTALL_URL:-https://cdn.openbsd.org/pub/OpenBSD}" \
2845 >/mnt/etc/installurl
2846 fi
So one of the following is true for installurl:
1. exists but has no valid URL, then syspatch falls back to cdn.o.o
2. exists and has a valid URL, then syspatch uses that
3. does not exist so the installer creates it with cdn.o.o, see 2.
In the unlikely case that the install/upgrade finishes, i.e. installurl
does exist, but gets removed or truncated before rc.firsttime runs, the
existing check would actually prevent syspatch from running even though
it copes with such files.
So just remove the useless check.
OK aja
|
|
We should be fine silencing only the test condition which produces legit
output and warnings.
All else produces no output and should not error out; if it does, those
warnings should be printed and fixed.
Feedback OK halex
|
|
This function's style is a bit off: it wraps the body in a subshell to
discard all stdout/err at once, but still uses return inside it.
1. A command list (using {}) would be enough here as it groups like a
subshell but avoids spawning another shell;
2. discarding stdout/err at the end of an if block works the same
(effecting both condition and body) and saves one level of indent;
3. return inside a subshell inside a function does NOT return from the
function but merely exits the subshell; this is easily misread.
Saving a fork and indent and improving readability boils down to this
(cvs diff -wU1):
|@@ -3320,3 +3317,2 @@ check_unattendedupgrade() {
| _d=${_d%% *}
|- (
| if [[ -n $_d ]]; then
|@@ -3331,5 +3327,5 @@ check_unattendedupgrade() {
| rm -f /dev/{r,}$_d?
|- fi
|+ fi >/dev/null 2>&1
|+
| return $_rc
|- ) > /dev/null 2>&1
| }
OK halex
|
|
On supported -release systems, syspatch(8) -c is run from rc.firsttime(8)
and the list of patches it pretty-printed if non-empty.
-c output fits into a shell variable, not needing a temporary file, which
is also what usr.sbin/syspatch/syspatch.sh does internally.
OK millert
|
