[elbe-devel] [PATCH v2 0/8] elbe: switch to hashed passwords in XML

[Holger Dengler]

Here comes the v2 with a slightly different approach. It is less complex in
writing XMLs and in processing them. Personally, I would prefer the v2 over
the v1. More details under the general part.

The Elbe XML uses plain-text passwords for root and user in the XML. At
first glance, this is not a problem, since the Elbe builds are in most cases
part of an automation and the plain-text passwords have to be generated and
documented anyway. But the XML is on the one hand also copied into the
target RFS ('/etc/elbe_base.xml') and on the other hand is part of the build
output. In both cases, an included plain-text password can be a security
risk if these results are not handled with due care. Removing the plain-text
passwords from the XML file could be a possible solution. However, to keep
the ability to rebuild the target RFS with the build output XMLs, a hashed
password must be included in the XML.

The main idea is to replace the plain text passwords in the XML with hashed
ones. With this change, the build results will be at an equivalent security
level as the password database in the target RFS ("/etc/shadow"). And it
will still be possible to rebuild the target RFS based on the build output
XMLs (e.g. source.xml).

But removing the plain-text password for root conflicts with another feature
of Elbe, the 'login' action. It is used for running post-build tests, such
as a root login on the target system. This action requires a plain text
password for root in the XML file. The solution is to specify the plain-text
password in the login element. If nothing is specified, the default is
"root".

In more detail:
---------------
- Patch 1-2/8 use a batch-mode aware tool to set the passwords. They are a
  preparation for later patches, because the 'chpasswd' command is also able
  to process hashed passwords.
- Patch 3/8 uses the value of the "login" element as password.
- Patch 4/8 replaces the "passwd" element for root with "passwd_hased". It
  also includes the change in RFS processing.
- Patch 5/8 replaces the "passwd" attribute for adduser with "passwd_hased".
  It also includes the change in fintuning processing.
- Patch 6/8 converts legacy XMLs in XML preprocessing. Plain-text password
  are replaced with hashed ones.
- Patch 7/8 converts legacy XMLs in XML preprocessing. If the XML has a
  "login" and "passwd" element, the value of "passwd" is moved to the
  "login".
- Patch 8/8 adds a sub-command to Elbe to hash plain-text passwords.

Changes since v1:
- different approach
- a value in "login" element is used as plain-text password for root login
- schema: remove plain-text password element for root
- schema: remove plain-text password attribute for adduser
- no changes to the example/tests XML required

The series is also available on github:
To github.com:hdengler/elbe.git
 * [new branch]          tip2 -> tip2

Holger Dengler (8):
  rfs: use chpasswd for root password
  finetuning: use chpasswd for user password
  commands: check-build: move password to login value
  schema: switch to hashed password for root
  schema: switch to hashed passwords for users
  proprocess: migrate root and user passwords
  preprocess: migrate login action
  commands: add passwd sub-command

 elbepack/commands/check-build.py |  5 ++---
 elbepack/commands/passwd.py      | 21 +++++++++++++++++++++
 elbepack/finetuning.py           |  7 +++----
 elbepack/rfs.py                  |  6 +++---
 elbepack/xmlpreprocess.py        | 32 +++++++++++++++++++++++++++++---
 schema/dbsfed.xsd                | 12 +++++++-----
 6 files changed, 65 insertions(+), 18 deletions(-)
 create mode 100644 elbepack/commands/passwd.py

-- 
2.36.1