luks-functions: fix luks_change_passphrase which was only occuring on…

… first LUKS volume, not all Signed-off-by: Thierry Laurion <[email protected]>
linuxboot · Aug 17, 2024 · 34c3437 · 34c3437
1 parent 0e8857a
commit 34c3437
Showing 1 changed file with 21 additions and 28 deletions.
diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions
@@ -381,7 +381,7 @@ test_luks_current_disk_recovery_key_passphrase()
 			# We export the LUKS volume(s) that was/were validated via passphrase test
 			export LUKS
 			TRACE_FUNC
-			DEBUG "$LUKS exported to be reused"
+			DEBUG "LUKS container(s) $PRINTABLE_LUKS exported to be reused"
 			break;
 		fi
 	done
@@ -414,7 +414,7 @@ luks_reencrypt() {
 		# Split the $LUKS variable into an array of LUKS containers
 		luks_containers=($LUKS)
 		TRACE_FUNC
-		DEBUG "luks_containers: $luks_containers"
+		DEBUG "luks_containers: ${luks_containers[@]}"
 
 		# Loop through each LUKS container
 		for luks_container in "${luks_containers[@]}"; do
@@ -508,34 +508,30 @@ luks_reencrypt() {
 	done
 }
 
-luks_change_passphrase() {
+luks_change_passphrase() 
+{
     TRACE_FUNC
 
     select_luks_container || return 1
 
-    # Count the number of containers to be processed
-    num_containers=$(echo "$LUKS" | wc -w)
-    changed_containers=0
-
     # Split the $LUKS variable into an array of LUKS containers
-    IFS=' ' read -ra luks_containers <<< "$LUKS"
+	luks_containers=($LUKS)
+	TRACE_FUNC
+	DEBUG "luks_containers: ${luks_containers[@]}"
 
+    # Loop through each LUKS container
     for luks_container in "${luks_containers[@]}"; do
         if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ] || [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then
             whiptail --title 'Changing LUKS Disk Recovery Key passphrase' --msgbox \
                 "Please enter the current LUKS Disk Recovery Key passphrase (slot 0).\nThen choose a strong passphrase of your own.\n\n**DICEWARE passphrase methodology is STRONGLY ADVISED.**\n\nHit Enter to continue" 0 80
 
-            if [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then
-                echo -e "\nEnter your desired replacement for the actual LUKS Disk Recovery Key passphrase (At least 8 characters long):"
-                while [[ ${#luks_new_Disk_Recovery_Key_passphrase} -lt 8 ]]; do
-                    read -r luks_new_Disk_Recovery_Key_passphrase
-                done
-            fi
-
-            if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then
-                echo -e "\nEnter the current LUKS Disk Recovery Key passphrase (Configured at OS installation or by OEM):"
-                read -r luks_current_Disk_Recovery_Key_passphrase
-            fi
+            echo -e "\nEnter your desired replacement for the actual LUKS Disk Recovery Key passphrase (At least 8 characters long):"
+            while [[ ${#luks_new_Disk_Recovery_Key_passphrase} -lt 8 ]]; do
+                read -r luks_new_Disk_Recovery_Key_passphrase
+            done
+
+            echo -e "\nEnter the current LUKS Disk Recovery Key passphrase (Configured at OS installation or by OEM):"
+            read -r luks_current_Disk_Recovery_Key_passphrase
         fi
 
         echo -n "$luks_current_Disk_Recovery_Key_passphrase" > /tmp/luks_current_Disk_Recovery_Key_passphrase
@@ -551,7 +547,7 @@ luks_change_passphrase() {
             rm -f /boot/kexec_key_devices.txt
             mount -o remount,ro /boot
             luks_secrets_cleanup
-			unset LUKS
+            unset LUKS
             continue
         fi
 
@@ -563,16 +559,13 @@ luks_change_passphrase() {
         fi
 
         echo "Success changing passphrase for $luks_container."
-        changed_containers=$((changed_containers + 1))
     done
 
-    if [ $changed_containers -eq $num_containers ]; then
-        # All containers processed successfully
-        luks_current_Disk_Recovery_Key_passphrase=$luks_new_Disk_Recovery_Key_passphrase
-        export luks_current_Disk_Recovery_Key_passphrase
-        export luks_new_Disk_Recovery_Key_passphrase
-        export LUKS
-    fi
+    # Export the new passphrase if all containers were processed successfully
+    luks_current_Disk_Recovery_Key_passphrase=$luks_new_Disk_Recovery_Key_passphrase
+    export luks_current_Disk_Recovery_Key_passphrase
+    export luks_new_Disk_Recovery_Key_passphrase
+    export LUKS
 }
 
 luks_secrets_cleanup()