From: Daan De Meyer Date: Wed, 17 Jan 2024 10:18:39 +0000 (+0100) Subject: Hash root password when a plaintext one is given X-Git-Tag: v20.2~9^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49fbfb09c79ae30a5e6fdb054a82990323481f0d;p=thirdparty%2Fmkosi.git Hash root password when a plaintext one is given --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index b445d6e4e..96f945605 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -2388,17 +2388,18 @@ def run_firstboot(context: Context) -> None: return password, hashed = context.config.root_password or (None, False) - pwopt = "--root-password-hashed" if hashed else "--root-password" - pwcred = "passwd.hashed-password.root" if hashed else "passwd.plaintext-password.root" + if password and not hashed: + password = run(["openssl", "passwd", "-stdin", "-6"], + sandbox=context.sandbox(), input=password, stdout=subprocess.PIPE).stdout.strip() settings = ( - ("--locale", "firstboot.locale", context.config.locale), - ("--locale-messages", "firstboot.locale-messages", context.config.locale_messages), - ("--keymap", "firstboot.keymap", context.config.keymap), - ("--timezone", "firstboot.timezone", context.config.timezone), - ("--hostname", None, context.config.hostname), - (pwopt, pwcred, password), - ("--root-shell", "passwd.shell.root", context.config.root_shell), + ("--locale", "firstboot.locale", context.config.locale), + ("--locale-messages", "firstboot.locale-messages", context.config.locale_messages), + ("--keymap", "firstboot.keymap", context.config.keymap), + ("--timezone", "firstboot.timezone", context.config.timezone), + ("--hostname", None, context.config.hostname), + ("--root-password-hashed", "passwd.hashed-password.root", password), + ("--root-shell", "passwd.shell.root", context.config.root_shell), ) options = []