Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/archinstall/lib/disk
diff options
context:
space:
mode:
authorAnton Hvornum <anton@hvornum.se>2021-11-11 09:59:42 +0000
committerGitHub <noreply@github.com>2021-11-11 09:59:42 +0000
commite3e62039f9c4cbbb6f604c838cd3cd8032150565 (patch)
tree0917691dc792c9eb5773ab6ed63b8a3de52e4f49 /archinstall/lib/disk
parent273b7aaa994170f65055c7db178a548544b5bb76 (diff)
parentad09c8cfa29e891ed23c084a26993ae92dcf1265 (diff)
Merged PR #707 - Fixes password leakage to terminal
Created a new JSON serializer called `UNSAFE_JSON` that will serialize everything, including sensitive information. And `JSON` which is the default up to this point now safely ignores any sensitive information in dictionaries marked with `!`, for instance `{"!password" : "mypassword"}` will be omitted from any output.
Diffstat (limited to 'archinstall/lib/disk')
-rw-r--r--archinstall/lib/disk/filesystem.py10
1 files changed, 6 insertions, 4 deletions
diff --git a/archinstall/lib/disk/filesystem.py b/archinstall/lib/disk/filesystem.py
index 0be1ec8b..84b11c05 100644
--- a/archinstall/lib/disk/filesystem.py
+++ b/archinstall/lib/disk/filesystem.py
@@ -94,15 +94,17 @@ class Filesystem:
if partition.get('filesystem', {}).get('format', False):
if partition.get('encrypted', False):
- if not partition.get('password'):
+ if not partition.get('!password') and not storage['arguments'].get('!encryption-password'):
if storage['arguments'] == 'silent':
raise ValueError(f"Missing encryption password for {partition['device_instance']}")
else:
from ..user_interaction import get_password
- partition['password'] = get_password(f"Enter a encryption password for {partition['device_instance']}")
+ partition['!password'] = get_password(f"Enter a encryption password for {partition['device_instance']}")
+ elif not partition.get('!password') and storage['arguments'].get('!encryption-password'):
+ partition['!password'] = storage['arguments']['!encryption-password']
- partition['device_instance'].encrypt(password=partition['password'])
- with luks2(partition['device_instance'], storage.get('ENC_IDENTIFIER', 'ai') + 'loop', partition['password']) as unlocked_device:
+ partition['device_instance'].encrypt(password=partition['!password'])
+ with luks2(partition['device_instance'], storage.get('ENC_IDENTIFIER', 'ai') + 'loop', partition['!password']) as unlocked_device:
if not partition.get('format'):
if storage['arguments'] == 'silent':
raise ValueError(f"Missing fs-type to format on newly created encrypted partition {partition['device_instance']}")

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.