installer: grub password not verified

Colin,

To be safe if the user wants a password in the menu.lst, shouldnt it be better to use grub-md5-crypt?

chuck

That's not relevant to this bug. The installer offers a grub password facility: it should work properly.

Hi,

Attached is my attempt at a patch for this.

I have tested it and the functionality does what
I expect:

  * You must enter the same password at each
     prompt.
  * You are only prompted once if you don't set
     a password.
  * You can cancel at either password prompt
     to go back to the menu.

However, my testing was not satisfactory, as
for some reason grub wasn't installed when it
was running. grub-installer didn't error at all,
and installed a grub where the password was

   password --md5

i.e. blank.

I don't know if this was my fault or not.

I can test again if someone can provide some
hints. I have a virtual machine saved during
the installer just after grub-installer did
its thing if that helps.

Thanks,

James

Hi,

Attached is an updated patch with feedback from Colin,
and also merged with the suggested patch from Frans in
the Debian bug report. It also fixes the bug that I had
found while testing the last one, thanks to Colin.

Colin, does this address all of your concerns with the
previous patch?

Is the change to the passwd-crypted question safe this
close to release?

Thanks,

James

I changed a few bits and pieces (initialised password, put a db_go after the db_input for the mismatch question, moved the md5crypt call into the not-already-crypted else block), but otherwise this looks good and is holding up to tests. Uploaded, thanks!

This bug was fixed in the package grub-installer - 1.27ubuntu7

---------------
grub-installer (1.27ubuntu7) hardy; urgency=low

  [ Colin Watson ]
  * Backport from trunk:
    - Run grub in the chroot for password encryption.

  [ James Westby ]
  * Confirm the GRUB password after entry (LP: #42019). Note that
    grub-installer/password-again must now be preseeded in addition to
    grub-installer/password, and that grub-installer/password-crypted now
    takes an MD5-crypted password rather than a boolean.

 -- Colin Watson <email address hidden> Tue, 15 Apr 2008 01:55:07 +0100

This bug was fixed in the package installation-guide - 20080211ubuntu4

---------------
installation-guide (20080211ubuntu4) hardy; urgency=low

  * Document GRUB password preseeding (LP: #42019).

 -- Colin Watson <email address hidden> Tue, 15 Apr 2008 02:04:27 +0100

Thanks!

Re-closing, as benmartin gave no reason for setting the status to "Fix Committed".

Setting this to "Fix Released" per Colin Watson's request/statement.