oem-factory-reset: Move format confirmation before resetting anything

Move confirmation of formatting flash drive with LUKS percentage
selection before any reset actions have been taken, so aborting does
not result in a half-reset system.  Combine with the more basic
"confirm" prompt that existed after selecting the device (but did not
include the LUKS size information).

Split up prepare_flash_drive into interactive_prepare_flash_drive (both
prompts and formats as before), confirm_thumb_drive_format (just
confirms the selections), and prepare_thumb_drive (now noninteractive).

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>

Author: JonathonHall-Purism

initrd/bin/oem-factory-reset

@@ -434,11 +434,10 @@ select_thumb_drive_for_key_material() {
                 warn "If the next operation fails, try with a bigger thumb drive"
             fi
 
-            thumb_drive_size_message="$(display_size "$disk_size_bytes")"
-            # confirm with user size of thumb drive to be wiped
-            whiptail --title "Confirm thumb drive to be wiped" --yesno \
-                "Are you sure you want to wipe the following thumb drive?\n\n$FILE\n\nSize: $thumb_drive_size_message" 0 0
-            if [ $? -ne 0 ]; then
+            select_luks_container_size_percent
+            thumb_drive_luks_percent="$(cat /tmp/luks_container_size_percent)"
+
+            if ! confirm_thumb_drive_format "$FILE" "$thumb_drive_luks_percent"; then
                 warn "Thumb drive wipe aborted by user!"
                 continue
             fi
@@ -452,8 +451,6 @@ select_thumb_drive_for_key_material() {
             die "No USB storage device detected! User decided to not wipe any thumb drive"
         fi
     done
-
-    select_luks_container_size_percent
     thumb_drive_luks_percent="$(cat /tmp/luks_container_size_percent)"
 }
 
@@ -468,7 +465,7 @@ wipe_thumb_drive_and_copy_gpg_key_material() {
     thumb_drive_luks_percent="$2"
 
     #Wipe thumb drive with a LUKS container of size $(cat /tmp/luks_container_size_percent)
-    prepare_thumb_drive --device "$thumb_drive" --percentage "$thumb_drive_luks_percent" --pass "${ADMIN_PIN}"
+    prepare_thumb_drive "$thumb_drive" "$thumb_drive_luks_percent" "${ADMIN_PIN}"
     #Export master key and subkeys to thumb drive first partition
     export_master_key_subkeys_and_revocation_key_to_private_LUKS_container --mode rw --device "$thumb_drive"1 --mountpoint /media --pass "${ADMIN_PIN}"
     #Export public key to thumb drive's public partition

initrd/etc/luks-functions

@@ -51,11 +51,12 @@ select_luks_container_size_percent() {
 	fi
 }
 
-#Partition a device with two partitions: a first one being a LUKS container containing private ext4 partition and second public exfat partition
+# Partition a device interactively with two partitions: a LUKS container
+# containing private ext4 partition and second public exFAT partition
 # Size provisioning is done by percentage of the device
-prepare_thumb_drive()
+interactive_prepare_thumb_drive()
 {
-	TRACE "Under /etc/luks-functions:prepare_thumb_drive()"
+	TRACE "Under /etc/luks-functions:interactive_prepare_thumb_drive()"
 	#Refactoring: only one parameter needed to be prompted for: the passphrase for LUKS container if not coming from oem-provisioning
 	#If no passphrase was provided, ask user to select passphrase for LUKS container
 	# if no device provided as parameter, we will ask user to select device to partition
@@ -84,6 +85,7 @@ prepare_thumb_drive()
 				;;
 			*)
 				echo "usage: prepare_thumb_drive [--device device] [--percentage percentage] [--pass passphrase]"
+				return 1
 				;;
 		esac
 	done
@@ -171,31 +173,76 @@ prepare_thumb_drive()
 		PERCENTAGE=$(cat /tmp/luks_container_size_percent)
 	fi
 
+	confirm_thumb_drive_format "$DEVICE" "$PERCENTAGE" ||
+		die "User cancelled wiping and repartitioning of $DEVICE"
+
+	prepare_thumb_drive "$DEVICE" "$PERCENTAGE" "$PASSPHRASE"
+}
+
+# Show a prompt to confirm formatting a flash drive with a percentage allocated
+# to LUKS.  interactive_prepare_thumb_drive() uses this; during OEM reset it is
+# used separately before performing any reset actions
+#
+# parameters:
+# $1 - block device of flash drive
+# $2 - percent of device allocated to LUKS [1-99]
+confirm_thumb_drive_format()
+{
+	TRACE "Under /etc/luks-functions:confirm_thumb_drive_format()"
+	local DEVICE LUKS_PERCENTAGE DISK_SIZE_BYTES DISK_SIZE_DISPLAY LUKS_PERCENTAGE LUKS_SIZE_MB MSG
+
+	DEVICE="$1"
+	LUKS_PERCENTAGE="$2"
+
+	LUKS_SIZE_MB=
 
-	#Get disk size in bytes from fdisk
+	#Get disk size in bytes
 	DISK_SIZE_BYTES="$(blockdev --getsize64 "$DEVICE")"
+	DISK_SIZE_DISPLAY="$(display_size "$DISK_SIZE_BYTES")"
 	#Convert disk size to MB
 	DISK_SIZE_MB=$((DISK_SIZE_BYTES/1024/1024))
-	#Get size in bytes from percentage and apply percentage to DISK_SIZE_MB
-	PERCENTAGE_MB="$((DISK_SIZE_MB*PERCENTAGE/100))"
+	#Calculate percentage of device in MB
+	LUKS_SIZE_MB="$((DISK_SIZE_BYTES*LUKS_PERCENTAGE/100/1024/1024))"
 
-	#Console and whiptail $BG_COLOR_WARNING prompt (Y/n) validate one last time wiping and repartitioning of $device of total size $DISK_SIZE_MB with $PERCENTAGE_MB assigned to LUKS encrypted private partition
+	MSG="WARNING: Wiping and repartitioning $DEVICE ($DISK_SIZE_DISPLAY) with $LUKS_SIZE_MB MB\n assigned to private LUKS ext4 partition,\n rest assigned to exFAT public partition.\n\nAre you sure you want to continue?"
 	if [ -x /bin/whiptail ]; then
-		whiptail $BG_COLOR_WARNING --title "WARNING: Wiping and repartitioning $DEVICE of $DISK_SIZE_MB MB" --yesno \
-			"WARNING: Wiping and repartitioning $DEVICE with $PERCENTAGE_MB MB\n assigned to private LUKS contained private ext4 partition,\n rest assigned to extfat public partition.\n\nAre you sure you want to continue?" 0 80 \
-			|| die "User cancelled wiping and repartitioning of $DEVICE"
+		whiptail $BG_COLOR_WARNING --title "WARNING: Wiping and repartitioning $DEVICE ($DISK_SIZE_DISPLAY)" --yesno \
+			"$MSG" 0 80
 	else
-		echo -e -n "Warning: Wiping and repartitioning $DEVICE with $PERCENTAGE_MB MB assigned to private LUKS contained private ext4 partition, rest assigned to extfat public partition.\n\nAre you sure you want to continue?"
+		echo -e -n "$MSG"
 		read -r -p " [Y/n] " response
 		#transform response to uppercase with bash parameter expansion
 		response=${response^^}
-		#continue if response different then uppercase N
-		if [[ $response =~ ^(N)$ ]]; then
-			die "User cancelled wiping and repartitioning of $DEVICE"
+		#continue if response is Y, y, or empty, abort for anything else
+		if [ -n "$response" ] && [ "${response^^}" != Y ]; then
+			return 1
 		fi
 	fi
+}
+
+# Prepare a flash drive with a private LUKS-encrypted ext4 partition and a
+# public exFAT partition.  This is not interactive - during OEM reset, any
+# selections/confirmations must occur before OEM reset starts resetting the
+# system.
+#
+# $1 - block device of flash drive
+# $2 - percentage of flash drive to allocate to LUKS [1-99]
+# $3 - passphrase for LUKS container
+prepare_thumb_drive()
+{
+	TRACE "Under /etc/luks-functions:prepare_thumb_drive()"
+
+	local DEVICE PERCENTAGE PASSPHRASE DISK_SIZE_BYTES PERCENTAGE_MB
+	DEVICE="$1"
+	PERCENTAGE="$2"
+	PASSPHRASE="$3"
+
+	#Get disk size in bytes
+	DISK_SIZE_BYTES="$(blockdev --getsize64 "$DEVICE")"
+	#Calculate percentage of device in MB
+	PERCENTAGE_MB="$((DISK_SIZE_BYTES*PERCENTAGE/100/1024/1024))"
 
-	echo -e "Preparing $DEVICE with $PERCENTAGE_MB MB for private LUKS container while rest of device will be assigned to extfat public partition...\n"
+	echo -e "Preparing $DEVICE with $PERCENTAGE_MB MB for private LUKS container while rest of device will be assigned to exFAT public partition...\n"
 	echo "Please wait..."
 	DEBUG "Creating empty DOS partition table on device through fdisk to start clean"
 	echo -e "o\nw\n" | fdisk $DEVICE >/dev/null 2>&1 || die "Error creating partition table"