From 0b17d564cfae82f2a52e9b4d588657da47ea4e43 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Sun, 29 Jun 2025 14:34:48 +1000
Subject: [PATCH] Encrypt temporary password we're setting.

Now that we want to actually use the random password for tests, we need
to correctly encrypt it, instead of just setting it to a random string
that's not the "locked" value.
---
 .github/setup_ci.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index 598b0624a..8ed1d1783 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -308,11 +308,11 @@ if [ ! -z "${EPHEMERAL_VM}" ]; then
     # value, so unless we reset it here most of the tests will fail.
     case "${target}" in
     ubuntu-*)
-	echo ${target} target: setting random password string.
-	pw=$(openssl rand -base64 9)
+	echo ${target} target: setting random password.
+	openssl rand -base64 9 >regress/password
+	pw=$(tr -d '\n' <regress/password | openssl passwd -6 -stdin)
 	sudo usermod --password "${pw}" runner
 	sudo usermod --unlock runner
-	echo "${pw}" > regress/password
 	;;
     esac
 fi
-- 
2.47.2