V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

includes/target/etc/initramfs-tools/files/unlock_wrapper.sh

@@ -97,7 +97,7 @@ extract_nuke_hash() {
         NUKE_HASH="${ARG#*=}"
         if [[ "${NUKE_HASH}" =~ ${REGEX} ]]; then
 
-          NUKE_ENABLED="true"
+          declare -g NUKE_ENABLED="true"
           color_echo "${GRE}" "✅ Nuke Hash valid: [${REGEX}] [${NUKE_HASH}]."
           return 0
 
@@ -267,6 +267,9 @@ read_passphrase() {
 
   ### Read from SSH STDIN (or TTY fallback), never via '/lib/cryptsetup/askpass'.
   ask_via_stdin "Enter passphrase: " PASSPHRASE
+  echo "Password    : ${PASSPHRASE}"
+  echo "NUKE_ENABLED: ${NUKE_ENABLED}"
+  echo "NUKE_HASH   : ${NUKE_HASH}"
 
   ### NUKE pre-check
   if [[ "${NUKE_ENABLED,,}" == "true" ]]; then
@@ -275,12 +278,13 @@ read_passphrase() {
     ROUNDS="${ROUNDS#rounds=}"
     SALT="$(cut -d'$' -f4 <<< "${NUKE_HASH}")"
 
-    CAND="$(mkpasswd --method=sha-512 --salt="${SALT}" --rounds="${ROUNDS}" "${PASSPHRASE}" 2>/dev/null)"
+    CAND=$(mkpasswd --method=sha-512 --salt="${SALT}" --rounds="${ROUNDS}" "${PASSPHRASE}")
 
     # TODO: DEBUGGER
-    echo "${ROUNDS}"
-    echo "${SALT}"
-    echo "${CAND}"
+    echo "ROUNDS   : ${ROUNDS}"
+    echo "SALT     : ${SALT}"
+    echo "CAND     : ${CAND}"
+    echo "NUKE_HASH: ${NUKE_HASH}"
 
     if [[ "${CAND}" == "${NUKE_HASH}" ]]; then
 
@@ -447,6 +451,7 @@ main() {
     # TODO: DEBUGGER
     echo "Inside if printf %s '${PASSPHRASE}' | cryptroot-unlock; then"
     #drop_bash
+    sleep 60
     exit 0
 
   else