diff --git a/overlay/usr/local/bin/veilor-installer b/overlay/usr/local/bin/veilor-installer index 47dd2e6..fb1f255 100644 --- a/overlay/usr/local/bin/veilor-installer +++ b/overlay/usr/local/bin/veilor-installer @@ -288,12 +288,36 @@ collect_answers() { } # ── LUKS passphrase ── - luks_pw=$(prompt_password "[2/3] Encryption · LUKS2 passphrase (min 8)") || return 1 - validate_pw "$luks_pw" "passphrase" || return 1 + # v0.6: prompt twice + string-compare. A typo in the LUKS passphrase + # is unrecoverable — the disk is unmountable without it and we + # don't escrow the key. Re-prompting until the two reads match + # catches keyboard-layout surprises (US vs UK quote position is + # the most common one) before they brick the install. + local luks_pw_confirm + while true; do + luks_pw=$(prompt_password "[2/3] Encryption · LUKS2 passphrase (min 8)") || return 1 + validate_pw "$luks_pw" "passphrase" || continue + luks_pw_confirm=$(prompt_password "[2/3] Confirm LUKS2 passphrase") || return 1 + if [[ $luks_pw == "$luks_pw_confirm" ]]; then + break + fi + prompt_error "Passphrases do not match — try again." + done # ── Admin password ── - admin_pw=$(prompt_password "[3/3] Admin user · password for 'admin'") || return 1 - validate_pw "$admin_pw" "password" || return 1 + # Same confirm-twice pattern. Less catastrophic than LUKS (admin + # password can be reset from a recovery shell) but a mismatch here + # still locks the user out of their fresh install on first boot. + local admin_pw_confirm + while true; do + admin_pw=$(prompt_password "[3/3] Admin user · password for 'admin'") || return 1 + validate_pw "$admin_pw" "password" || continue + admin_pw_confirm=$(prompt_password "[3/3] Confirm admin password") || return 1 + if [[ $admin_pw == "$admin_pw_confirm" ]]; then + break + fi + prompt_error "Passwords do not match — try again." + done # ── Locale ── # Hardcoded en_US.UTF-8 for branded consistency. The picker that