[elbe-devel] [PATCH 2/2] Document mkpasswd call

Bastian Germann bage at linutronix.de
Thu Jun 30 22:13:59 CEST 2022 

Am 30.06.22 um 22:12 schrieb Holger Dengler:
> 
> 
> On 30.06.22 12:27, Bastian Germann wrote:
>> If one wants to get around relying on the crypt call done by elbe
>> preprocess mkpasswd comes in handy. Document an example call and recommend
>> the whois package in the debianization.
>>
>> Signed-off-by: Bastian Germann <bage at linutronix.de>
>> ---
>>   debian/control    | 5 ++++-
>>   schema/dbsfed.xsd | 7 ++++++-
>>   2 files changed, 10 insertions(+), 2 deletions(-)
>>
>> diff --git a/debian/control b/debian/control
>> index 09f19a8191..64025aa42d 100644
>> --- a/debian/control
>> +++ b/debian/control
>> @@ -92,7 +92,10 @@ Depends: ${misc:Depends},
>>     p7zip-full,
>>     make,
>>     lsb-release
>> -Recommends: elbe-doc (= ${binary:Version}), python3-elbe-debianize, haveged
>> +Recommends: elbe-doc (= ${binary:Version}),
>> + python3-elbe-debianize,
>> + haveged,
>> + whois
>>   Description: Embedded Linux Build Environment
>>    A flexible Root Filesystem builder. ELBE uses Debian packages to build a RFS
>>    for (embedded) targets. A target is described with a single XML file. Besides
>> diff --git a/schema/dbsfed.xsd b/schema/dbsfed.xsd
>> index b2732539e3..b80f8fe02d 100644
>> --- a/schema/dbsfed.xsd
>> +++ b/schema/dbsfed.xsd
>> @@ -985,7 +985,12 @@
>>         <element name="passwd_hashed" type="rfs:string" minOccurs="1" maxOccurs="1">
>>           <annotation>
>>             <documentation>
>> -            hashed root password
>> +            Hashed root password. The method must be supported by the target system.
>> +            The default method since bullseye is yescrypt.
>> +            elbe preprocess generates one from cleartext password with sha512crypt
>> +            for compatibility reasons.
>> +            You can generate a crypt hash via mkpasswd from whois package, e.g.:
>> +            mkpasswd --method=sha512crypt --rounds=656000
> 
> The command takes also the plain-text password as string:
> mkpasswd --method=sha512crypt --rounds=656000 "plain-text_passwd"
> 

At least on bullseye you are asked interactively if not providing it.
I think that is better not to have it in your bash history.

>>             </documentation>
>>           </annotation>
>>         </element>
>

More information about the elbe-devel mailing list