Merged PR #707 - Fixes password leakage to terminal

Created a new JSON serializer called `UNSAFE_JSON` that will serialize everything, including sensitive information. And `JSON` which is the default up to this point now safely ignores any sensitive information in dictionaries marked with `!`, for instance `{"!password" : "mypassword"}` will be omitted from any output.
author: Anton Hvornum <anton@hvornum.se> 2021-11-11 09:59:42 +0000
committer: GitHub <noreply@github.com> 2021-11-11 09:59:42 +0000
commit: e3e62039f9c4cbbb6f604c838cd3cd8032150565 (patch)
tree: 0917691dc792c9eb5773ab6ed63b8a3de52e4f49 /archinstall/lib/installer.py
parent: 273b7aaa994170f65055c7db178a548544b5bb76 (diff)
parent: ad09c8cfa29e891ed23c084a26993ae92dcf1265 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py
index 1318cb16..3b8f9612 100644
--- a/archinstall/lib/installer.py
+++ b/archinstall/lib/installer.py
@@ -176,7 +176,9 @@ class Installer:
 		for mountpoint in sorted(mountpoints.keys()):
 			if mountpoints[mountpoint]['encrypted']:
 				loopdev = storage.get('ENC_IDENTIFIER', 'ai') + 'loop'
-				password = mountpoints[mountpoint]['password']
+				if not (password := mountpoints[mountpoint].get('!password', None)):
+					raise RequirementError(f"Missing mountpoint {mountpoint} encryption password in layout: {mountpoints[mountpoint]}")
+
 				with luks2(mountpoints[mountpoint]['device_instance'], loopdev, password, auto_unmount=False) as unlocked_device:
 					unlocked_device.mount(f"{self.target}{mountpoint}")
author	Anton Hvornum <anton@hvornum.se>	2021-11-11 09:59:42 +0000
committer	GitHub <noreply@github.com>	2021-11-11 09:59:42 +0000
commit	e3e62039f9c4cbbb6f604c838cd3cd8032150565 (patch)
tree	0917691dc792c9eb5773ab6ed63b8a3de52e4f49 /archinstall/lib/installer.py
parent	273b7aaa994170f65055c7db178a548544b5bb76 (diff)
parent	ad09c8cfa29e891ed23c084a26993ae92dcf1265 (diff)