[elbe-devel] [PATCH 2/2] Document mkpasswd call

Holger Dengler holger at hdengler.de
Thu Jun 30 22:15:32 CEST 2022 

On 30.06.22 22:13, Bastian Germann wrote:
> Am 30.06.22 um 22:12 schrieb Holger Dengler:
>>
>>
>> On 30.06.22 12:27, Bastian Germann wrote:
>>> If one wants to get around relying on the crypt call done by elbe
>>> preprocess mkpasswd comes in handy. Document an example call and recommend
>>> the whois package in the debianization.
>>>
>>> Signed-off-by: Bastian Germann <bage at linutronix.de>
>>> ---
>>>   debian/control    | 5 ++++-
>>>   schema/dbsfed.xsd | 7 ++++++-
>>>   2 files changed, 10 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/debian/control b/debian/control
>>> index 09f19a8191..64025aa42d 100644
>>> --- a/debian/control
>>> +++ b/debian/control
>>> @@ -92,7 +92,10 @@ Depends: ${misc:Depends},
>>>     p7zip-full,
>>>     make,
>>>     lsb-release
>>> -Recommends: elbe-doc (= ${binary:Version}), python3-elbe-debianize, haveged
>>> +Recommends: elbe-doc (= ${binary:Version}),
>>> + python3-elbe-debianize,
>>> + haveged,
>>> + whois
>>>   Description: Embedded Linux Build Environment
>>>    A flexible Root Filesystem builder. ELBE uses Debian packages to build a RFS
>>>    for (embedded) targets. A target is described with a single XML file. Besides
>>> diff --git a/schema/dbsfed.xsd b/schema/dbsfed.xsd
>>> index b2732539e3..b80f8fe02d 100644
>>> --- a/schema/dbsfed.xsd
>>> +++ b/schema/dbsfed.xsd
>>> @@ -985,7 +985,12 @@
>>>         <element name="passwd_hashed" type="rfs:string" minOccurs="1" maxOccurs="1">
>>>           <annotation>
>>>             <documentation>
>>> -            hashed root password
>>> +            Hashed root password. The method must be supported by the target system.
>>> +            The default method since bullseye is yescrypt.
>>> +            elbe preprocess generates one from cleartext password with sha512crypt
>>> +            for compatibility reasons.
>>> +            You can generate a crypt hash via mkpasswd from whois package, e.g.:
>>> +            mkpasswd --method=sha512crypt --rounds=656000
>>
>> The command takes also the plain-text password as string:
>> mkpasswd --method=sha512crypt --rounds=656000 "plain-text_passwd"

Ok, I missed that. You're right, this is the better option.

Reviewed-by: Holger Dengler <holger at hdengler.de>

>>
> 
> At least on bullseye you are asked interactively if not providing it.
> I think that is better not to have it in your bash history.
> 
>>>             </documentation>
>>>           </annotation>
>>>         </element>
>>

-- 
Gruß,
Holger Dengler
--
holger at hdengler.de

More information about the elbe-devel mailing list