Add password verification for stratis-min

dracut/90stratis/stratis-rootfs-setup

@@ -20,8 +20,9 @@ if $(stratis-min pool is-stopped "$STRATIS_ROOTFS_UUID"); then
 		ATTEMPTS_REMAINING=3
 		if
 			! while [ $((ATTEMPTS_REMAINING--)) -gt 0 ]; do
-				systemd-ask-password --id="stratis:$STRATIS_ROOTFS_UUID" "Enter password for Stratis pool with UUID $STRATIS_ROOTFS_UUID containing root filesystem" |
-					stratis-min pool start --prompt --unlock-method=keyring "$STRATIS_ROOTFS_UUID" && break
+				PASSWORD=$(systemd-ask-password --id="stratis:$STRATIS_ROOTFS_UUID" "Enter password for Stratis pool with UUID $STRATIS_ROOTFS_UUID containing root filesystem")
+
+				echo -e "$PASSWORD\n$PASSWORD\n" | stratis-min pool start --prompt --unlock-method=keyring "$STRATIS_ROOTFS_UUID" && break
 			done
 		then
 			echo Failed to start pool with UUID $STRATIS_ROOTFS_UUID using a passphrase >&2

src/jsonrpc/client/utils.rs

@@ -10,7 +10,7 @@ use std::{
 use nix::unistd::isatty;
 use termios::{tcsetattr, Termios, ECHO, ECHONL, TCSADRAIN};
 
-use crate::stratis::StratisResult;
+use crate::stratis::{StratisError, StratisResult};
 
 #[macro_export]
 macro_rules! do_request {
@@ -217,8 +217,8 @@ pub fn to_suffix_repr(size: u128) -> String {
     })
 }
 
-pub fn prompt_password() -> StratisResult<Option<String>> {
-    print!("Enter passphrase followed by return: ");
+pub fn get_passphrase(msg: &str) -> StratisResult<Option<String>> {
+    print!("{}", msg);
     stdout().flush()?;
 
     let stdin = stdin();
@@ -252,6 +252,16 @@ pub fn prompt_password() -> StratisResult<Option<String>> {
     }
 }
 
+pub fn prompt_password() -> StratisResult<Option<String>> {
+    let pass = get_passphrase("Enter passphrase followed by return: ")?;
+    let verify_pass = get_passphrase("Verify passphrase: ")?;
+    if pass != verify_pass {
+        Err(StratisError::Msg("Passphrases did not match".to_string()))
+    } else {
+        Ok(pass)
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;