Page MenuHomeFreeBSD
Differential D35588

bsdinstall: allow setting the root password via env variables
ClosedPublic
Actions

Authored by brd on Jun 24 2022, 1:48 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Apr 12, 8:06 AM
Unknown Object (File)
Thu, Mar 21, 5:06 PM
Unknown Object (File)
Thu, Mar 21, 5:06 PM
Unknown Object (File)
Thu, Mar 21, 5:06 PM
Unknown Object (File)
Thu, Mar 21, 5:06 PM
Unknown Object (File)
Thu, Mar 21, 5:06 PM
Unknown Object (File)
Jan 28 2024, 4:34 PM
Unknown Object (File)
Jan 28 2024, 4:34 PM
View All 84 Files
Subscribers
0mp
imp
jilles
kithrup_mac.com
pauamma_gundo.com

Details

Reviewers
allanjude
dteske
asiciliano
kithrup_mac.com
0mp
rpokala
pauamma_gundo.com
Group Reviewers
manpages
Commits
rG3e1101f29b4f: bsdinstall: allow setting the root password via env variables

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brd created this revision.Jun 24 2022, 1:48 PM
Herald added a subscriber: imp. · View Herald TranscriptJun 24 2022, 1:48 PM
brd requested review of this revision.Jun 24 2022, 1:48 PM
Harbormaster completed remote builds in B46107: Diff 107347.Jun 24 2022, 1:48 PM
asiciliano accepted this revision.Jun 24 2022, 4:04 PM
This revision is now accepted and ready to land.Jun 24 2022, 4:04 PM
allanjude accepted this revision.Jun 28 2022, 8:44 PM

You could probably simplify it by just an if/elif/else instead of having to indent a separate if/else in the first else block, but, I don't think it is a big deal

Reviewed by: allanjude

kithrup_mac.com accepted this revision.Jun 28 2022, 9:39 PM
kithrup_mac.com added a subscriber: kithrup_mac.com.
kithrup_mac.com added inline comments.
usr.sbin/bsdinstall/scripts/rootpass
36–42

This can just be

if [ -z "$ROOTPASS_ENC" -a -z "$ROOTPASS_PLAIN" ]; then
dteske requested changes to this revision.Jun 29 2022, 4:16 AM

Sorry for being late to the party

usr.sbin/bsdinstall/scripts/rootpass
36–42

Actually, it can be just:

if [ -z "$ROOTPASS_ENC$ROOTPASS_PLAIN" ]; then

As an aside …

You would want to avoid passing greater than 4 args to [ because many (all?) implementations only combinatorically guarantee syntactically correct results for handling up to 4 arguments (that for example passing 20 arguments, chaining many “-a” arguments, is not deterministically tested whereas there are test units for every possible combination up to — and including — 4 arguments). So using && was actually more correct from a portability standpoint, and I cannot condone the change to use -a.

However, the whole discussion of && vs [ … -a … ] is registered moot when you realize that you can just expand both variables into a single string and then test the results. If either string is non-NULL, the desired results are achieved without having to resort to using either && or -a

This revision now requires changes to proceed.Jun 29 2022, 4:16 AM
0mp requested changes to this revision.Jun 30 2022, 9:58 AM
0mp added a subscriber: 0mp.

Please include a patch for the manual page as well explaining the new variables.

kithrup_mac.com added inline comments.Jun 30 2022, 7:47 PM
usr.sbin/bsdinstall/scripts/rootpass
36–42

Ooooh clever and optimized, I like it.

brd updated this revision to Diff 107931.Jul 8 2022, 5:27 PM

Address feedback from allanjude@

Harbormaster completed remote builds in B46329: Diff 107931.Jul 8 2022, 5:27 PM
brd marked 3 inline comments as done.Jul 8 2022, 5:29 PM
brd added inline comments.
usr.sbin/bsdinstall/scripts/rootpass
36–42

Also see the BUGS section of test(1)..

I chose to go with the way Allan suggested since it looks cleaner to me.

brd updated this revision to Diff 108280.Jul 18 2022, 3:06 PM
brd marked an inline comment as done.

Add man page update

Herald added a reviewer: manpages. · View Herald TranscriptJul 18 2022, 3:06 PM
Harbormaster completed remote builds in B46462: Diff 108280.Jul 18 2022, 3:07 PM
0mp accepted this revision.Jul 18 2022, 4:26 PM

LGTM, thanks!

One last nit that you may want to change is to use printf instead of echo. echo may behave in an undesired way if the root password is starting with a dash for example.

rpokala accepted this revision.Jul 18 2022, 5:15 PM
asiciliano accepted this revision.Jul 18 2022, 5:37 PM
jilles added a subscriber: jilles.Jul 18 2022, 9:11 PM
jilles added inline comments.
usr.sbin/bsdinstall/scripts/rootpass
37–39

Perhaps this echo won't cause any problems (nobody sets their root password to -e and -n, and nobody is going to run this with a shell with different echo behaviour?) but something like printf '%s\n' "$ROOTPASS_PLAIN" is more obviously correct.

An alternative is something like

pw -R $BSDINSTALL_CHROOT usermod root -h 0 <<END
$ROOTPASS_PLAIN
END

but that has the ugliness of a here-document.

brd added inline comments.Jul 19 2022, 1:44 AM
usr.sbin/bsdinstall/scripts/rootpass
37–39

I tried to break it, and could not:

> cat test.sh    
#!/bin/sh

echo -nooo
> sh -x ./test.sh
+ echo -nooo
-nooo

Try #2:

> cat test.sh 
#!/bin/sh

echo -nooo lkjsldjf
> sh -x ./test.sh 
+ echo -nooo lkjsldjf
-nooo lkjsldjf

Anything else I should try?

rpokala added a comment.Jul 19 2022, 2:49 AM

FWIW, I'd switch to printf '%s' "$ROOTPASS" on general principles, to avoid the possibility of silliness.

pauamma_gundo.com added a subscriber: pauamma_gundo.com.Jul 19 2022, 3:54 AM
In D35588#813713, @0mp wrote:

LGTM, thanks!

One last nit that you may want to change is to use printf instead of echo. echo may behave in an undesired way if the root password is starting with a dash for example.

*dons former infosec hat* Agree. Even if it looks OK now, who knows what you didn't consider or what someone will figure in 10 or 20 years?

pauamma_gundo.com requested changes to this revision.Jul 19 2022, 4:00 AM
pauamma_gundo.com added inline comments.
usr.sbin/bsdinstall/bsdinstall.8
346–349

Need to say which is used if they're both present and give the format of ROOTPASS_ENC. Salted hash?

This revision now requires changes to proceed.Jul 19 2022, 4:00 AM
brd added inline comments.Jul 19 2022, 3:41 PM
usr.sbin/bsdinstall/bsdinstall.8
346–349

Did the first half, but I am not sure this is the right place to do the latter half.. Perhaps best to just Xr pw(8)?

brd updated this revision to Diff 108328.Jul 19 2022, 3:41 PM

Switch to printf(1) and prefer the encrypted one if both are set

Harbormaster completed remote builds in B46477: Diff 108328.Jul 19 2022, 3:41 PM
brd updated this revision to Diff 108397.Jul 21 2022, 5:06 PM

Update man page tags

Harbormaster completed remote builds in B46505: Diff 108397.Jul 21 2022, 5:06 PM
pauamma_gundo.com added inline comments.Jul 22 2022, 10:12 PM
usr.sbin/bsdinstall/bsdinstall.8
346–349

If by that you mean something like

in the format expected by
.Xr pw 8
.Fl H Ar 0

(markup not guaranteed correct), WFM.

brd updated this revision to Diff 108898.Aug 5 2022, 2:21 AM

Add man page link to pw(8)

Harbormaster completed remote builds in B46750: Diff 108898.Aug 5 2022, 2:21 AM
rpokala accepted this revision.Aug 5 2022, 2:46 AM
pauamma_gundo.com accepted this revision.Aug 5 2022, 9:41 AM
This revision was not accepted when it landed; it landed in state Needs Review.Aug 5 2022, 3:11 PM
Closed by commit rG3e1101f29b4f: bsdinstall: allow setting the root password via env variables (authored by brd). · Explain Why
This revision was automatically updated to reflect the committed changes.
brd added a commit: rG3e1101f29b4f: bsdinstall: allow setting the root password via env variables.

Revision Contents
Changeset List

PathSize
usr.sbin/
bsdinstall/
9 lines
scripts/
12 lines

Diff 108909

View Options

usr.sbin/bsdinstall/bsdinstall.8

Loading...
View Options

usr.sbin/bsdinstall/scripts/rootpass

Loading...