Conversation

Jarkko Sakkinen

Found a null pointer deference in archinstall.

this flips:

root@archiso ~ # cat user_credentials.json  
{
    "!root-password": null,
    "!users": [
        {
            "!password": null,
            "sudo": true,
            "username": "jarkko"
        }
    ],
    "encryption_password": null
}

this does not flip:

root@archiso ~ # cat user_credentials.json  
{
    "!root-password": null,
    "!users": [
        {
            "!password": null,
            "sudo": true,
            "username": "jarkko"
        }
    ],
    "encryption_password": ""
}

it crashes when moving the cursor in the main menu on top of the “disk encryption”.

#arch #archlinux

1
0
1
turnoff in this that you cannot even by manually editing the json enforce "no password" for the user
1
0
0

Jarkko Sakkinen

Edited 5 months ago
why not? 🤷luks allows to do that why build imaginary blocks...
1
0
0
you have three passwords here: user, root and hard drive encryption.

why the heck they can't have exact same semantics is beyond me. especially since more privileged (root) has this flexibility but less privileged (user) does not.

and it will be a nightmare to recall their slight differences few months from now...
1
0
0
would be total pain to automate this or like do large deployments just because the features fight with each other in this area.
1
0
0

workaround:

❯ cat user_credentials.json 
{
    "!root-password": null,
    "!users": [
        {
            "!password": "SecretSanta2022",
            "sudo": true,
            "username": "jarkko"
        }
    ],
    "encryption_password": "SecretSanta2022"
}

Now I need to only remember that the password is SecretSanta2022 whenever I use this :-)

1
0
0

Jarkko Sakkinen

Edited 5 months ago

I’ll fallback to scripts :-)

Mostly because I want this somewhat rare combination in partioning where LUKS2 is used together with EXT4 and encryption is done without LVM2 layer and swap space huge to allow testing hibernate (especially encrypted hibernate):

!/usr/bin/env sh

set -e

# Partition
sgdisk -Z /dev/nvme0n1
sgdisk -n1:0:+5G -t1:ef00 -c1:EFI /dev/nvme0n1
sgdisk -n2:0:+75G -t2:8200 -c2:secswap /dev/nvme0n1
sgdisk -N3 -t3:8304 -c3:secroot /dev/nvme0n1
partprobe -s /dev/nvme0n1

# Encrypt
cryptsetup luksFormat --type luks2 \
                      --force-password \
                        /dev/disk/by-partlabel/secroot
cryptsetup open /dev/disk/by-partlabel/secroot root
cryptsetup open --type plain \
                --key-file /dev/urandom \
                /dev/disk/by-partlabel/secswap swap

# Initialize swap
mkswap -L swap /dev/mapper/swap
swapon -L swap

# Format
mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI
mkfs.ext4 -L /dev/mapper/root

# Mount
mount /dev/mapper/root /mnt
mount --mkdir /mnt/boot

# Install
pacstrap -K /mnt base base-devel linux linux-firmware amd-ucode intel-ucode lvm2
genfstab -U /mnt >> /mnt/etc/fstab

In the final version TPM2 will unseal the rootfs.

So only intermediate layer in this is dm-crypt. I like how raw and transparent it will become :-) Given trivial filesystem layering and simple rootfs type (ext4) to begin with I can finally have single unified configuration for both my hosts and vm guests. And maximum transperency for debugging given tons of tools to debug ext4.

#archlinux

1
1
0

@jarkko
I also use LUKS directly without LVM, and ext4, so I congratulate for the good choices 🙂

0
0
1