installer(8): Distinguish setting and getting of encryption passphrase The installer was using the *same* dialog to set and get the passphrase for filesystem encryption/decryption, which was confusing and a bit inconvenience (because the passphrase was required to input twice for decryption). The decryption passphrase was get in the following two places: 1. Just after installation and begins to configure the system, the passphrase is asked to decrypt and mount the filesystems; 2. Use the LiveCD to "Configure an installed System". This commit improves the fn_get_passphrase() function to distinguish the setting and getting of the encryption passphrase. The dialog of setting the passphrase remains the same, but the dialog of getting the passphrase is simplified and doesn't require to confirm the input. This commit is derived from the patch by tuxillo. Bug: https://bugs.dragonflybsd.org/issues/3028
installer: Allow special characters in passwords Store the password in an environment variable and pass it to the pw(8) command. This way of passing passwords allows special characters in the password. Actually, adduser(8) uses the same method to deal with the password. So this closes the old bug #3027. In addition, this prevents the plaintext password from appearing on the command line or in the installation log file. Although the installer will print every executed command to the install.log (located at '/var/log/install.log' with mode 0600 though), the root password setting and new user creation steps belong to the 'configuration' stage rather than the 'installation', so currently the plaintext passwords won't go to the install.log. Credit to pikrzyszt (Krzysztof Piecuch) for submitting the initial patch in bug #3027.
installer - Add hammer2 support to the installer * hammer2 can now be selected as a filesystem in the installer. * Note that we still for /boot to use UFS. The boot loader *CAN* access a hammer2 /boot, but the small size of the filesystem makes it too easy to fill up when doing installkernel or installworld. * Also fix a minor bug in the installer. when issuing a 'dumpon device' be sure to first issue a 'dumpon off' to avoid dumpon complaints about a dump device already being specified.
installer: Fix mapper name generation for encrypted installation. fn_mapper_name() is supposed to take the mountpoint name, not the device name. This actually broke the install in environments where no /dev/serno/... device was available and both root and /build were selected for encrypting because the device name would never contain a '/' and so the mapper name 'root' was returned for both.
installer - use a more modern mount setup for UFS and HAMMER. * Rewrite a large chunk of the disklabeling and mount point code. UFS now gains a separate /boot partition, avoiding issues with the boot loader if the user desires to install a large UFS root on a drive. * Normalize the mount mechanics for both UFS and HAMMER. Instead of using PFSs on HAMMER, we create two large partitions by default: One is the root partition, the other is /build. The /build partition holds major elements of the system which would normally not have to be backed up: /var/tmp (from /build/var.tmp) /var/cache (from /build/var.cache) /var/crash (from /build/var.crash) /var/spool (from /build/var.spool) /var/log (from /build/var.log) /usr/obj (from /build/usr.obj) The root partition holds all remaining major directories, including the base /var. There are several reasons for this. Generally speaking, stuff in /home, /usr and most of the stuff in /var is critical to system operation and user happiness, and it makes little sense to separate it out from the root mount. We pick-out the less critical directories and place them on /build, using NULL mounts to mount them in their expected locations. * Users can easily make adjustments post-install without having to mess around with PFSs, and can make simple adjustments pre-install. * Drives smaller than around 40GB will not create a separate /build partition by default, but will still create a /build directory in the root partition and generate the same nullfs mounts. This makes it easier for the user to adjust to a larger configuration later on if desired. * This also improves crash recovery mechanics, increasing the chance that the root partition will be able to mount with minimal recovery work. * We now use a tmpfs filesystem for /tmp by default. /var/tmp is mounted from storage. Again, the user can change this easily post-install. * Calculate better values for swap, root, and /build, based on the size of the slice being installed to. The /build directory will cap-out at around 20GB leaving. Swap will be made smaller if the root partition seems to small, and so forth. Some swap is always configured. Swap is a very useful thing to have, even if you have tons of memory, because there will always be a certain number of always-idle pages from idle services laying around. * Remove /dev from sources.conf, it is no longer appropriate to try to cpdup /dev. Fixes a cpdup error. * UFS root can now be encrypted (it couldn't before), because the UFS install now splits out a separate /boot partition. * Tested w/non-crypto UFS and HAMMER install, crypto UFS and HAMMER install, and with small and large drives.
installer - Fix time selection, again. * The installer asks you to input your local time. This is separate from it asking you whether the CMOS clock is local or UTC. * We previously fixed the CMOS clock local/UTC selection, but the local time entry was still broken. * This patch sets the TZ environment variable for the installer itself so when you input your local time it actually does the correct local conversion for your time zone. Otherwise the local conversion is done using GMT which is not right. Reported-by: Don Allen
installer: Always take the root directory's /dev. Taking /dev relative to the directory we want to copy from was fine until we got devfs, because we shipped actual device nodes in /dev until then. It only continued working because the directory we copy from is always the distribution media's root directory currently.
installer: Clarity language when asking the user for time-date info. * Clarity language when asking the user for time-date info so the user is not confused between UTC vs his or her selected timezone. The program wants the user to enter the time and date in his or her selected timezone.
installer: Fix handling of CMOS set to UTC vs. CMOS set to wall time. It was reversed in the installer (compared to tzsetup(8)). /etc/wall_cmos_clock needs to be created when the CMOS is set to the time of the clock on the wall. While here, also add removing the file in case the user selects 'CMOS set to UTC'. This is if he chose the other setting previously and then tried again. Reported-by: many Dragonfly-bug: <http://bugs.dragonflybsd.org/issues/39> Dragonfly-bug: <http://bugs.dragonflybsd.org/issues/2060>