* [pve-devel] [PATCH installer 0/3] raise minimum root password length to 8 characters
@ 2024-10-07 9:22 Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 1/3] proxinstall: " Christoph Heiss
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Christoph Heiss @ 2024-10-07 9:22 UTC (permalink / raw)
To: pve-devel
This idea came to light while talking with Shannon about #5756 [0].
It is 2024, so raising the minimum length for the root password as
entered during the installation from 5 to 8 characters seems very
sensible. NIST also recommends a minimum length of 8 characters for
passwords [1].
In the GUI installer, we already recommend passwords of length 8 or
greater during the respective installation step.
See also the respective patches for PVE [2] and PBS [3].
[0] https://bugzilla.proxmox.com/show_bug.cgi?id=5756
[1] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
[2] https://lore.proxmox.com/pve-devel/20241004133205.258755-1-s.sterz@proxmox.com/
[3] https://lore.proxmox.com/pbs-devel/20241004134054.263913-1-s.sterz@proxmox.com/
Christoph Heiss (3):
proxinstall: raise minimum root password length to 8 characters
tui: raise minimum root password length to 8 characters
auto-installer: raise minimum root password length to 8 characters
Proxmox/Makefile | 1 +
Proxmox/Sys.pm | 6 ++++++
proxinstall | 8 ++++++--
proxmox-auto-installer/src/utils.rs | 5 +++++
.../tests/resources/parse_answer/disk_match.json | 2 +-
.../tests/resources/parse_answer/disk_match.toml | 2 +-
.../tests/resources/parse_answer/disk_match_all.json | 2 +-
.../tests/resources/parse_answer/disk_match_all.toml | 2 +-
.../tests/resources/parse_answer/disk_match_any.json | 2 +-
.../tests/resources/parse_answer/disk_match_any.toml | 2 +-
.../tests/resources/parse_answer/minimal.json | 2 +-
.../tests/resources/parse_answer/minimal.toml | 2 +-
.../tests/resources/parse_answer/nic_matching.json | 2 +-
.../tests/resources/parse_answer/nic_matching.toml | 2 +-
.../tests/resources/parse_answer/specific_nic.json | 2 +-
.../tests/resources/parse_answer/specific_nic.toml | 2 +-
.../tests/resources/parse_answer/zfs.json | 2 +-
.../tests/resources/parse_answer/zfs.toml | 2 +-
proxmox-installer-common/src/lib.rs | 3 +++
proxmox-tui-installer/src/main.rs | 11 ++++++-----
20 files changed, 41 insertions(+), 21 deletions(-)
create mode 100644 Proxmox/Sys.pm
--
2.46.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* [pve-devel] [PATCH installer 1/3] proxinstall: raise minimum root password length to 8 characters
2024-10-07 9:22 [pve-devel] [PATCH installer 0/3] raise minimum root password length to 8 characters Christoph Heiss
@ 2024-10-07 9:22 ` Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 2/3] tui: " Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 3/3] auto-installer: " Christoph Heiss
2 siblings, 0 replies; 9+ messages in thread
From: Christoph Heiss @ 2024-10-07 9:22 UTC (permalink / raw)
To: pve-devel
.. in accordance with current NIST recommendations [0].
It's 2024; so reasonable to expect an 8-character-password at the
minimum.
[0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Proxmox/Makefile | 1 +
Proxmox/Sys.pm | 6 ++++++
proxinstall | 8 ++++++--
3 files changed, 13 insertions(+), 2 deletions(-)
create mode 100644 Proxmox/Sys.pm
diff --git a/Proxmox/Makefile b/Proxmox/Makefile
index 035626b..edcabc1 100644
--- a/Proxmox/Makefile
+++ b/Proxmox/Makefile
@@ -12,6 +12,7 @@ PERL_MODULES=\
Install/RunEnv.pm \
Install/StorageConfig.pm \
Log.pm \
+ Sys.pm \
Sys/Block.pm \
Sys/Command.pm \
Sys/File.pm \
diff --git a/Proxmox/Sys.pm b/Proxmox/Sys.pm
new file mode 100644
index 0000000..41e5316
--- /dev/null
+++ b/Proxmox/Sys.pm
@@ -0,0 +1,6 @@
+package Proxmox::Sys;
+
+use strict;
+use warnings;
+
+our $ROOT_PASSWORD_MIN_LENGTH = 8;
diff --git a/proxinstall b/proxinstall
index 12f3eaa..a4ed20b 100755
--- a/proxinstall
+++ b/proxinstall
@@ -33,6 +33,7 @@ my $iso_env = Proxmox::Install::ISOEnv::get();
use Proxmox::Install;
use Proxmox::Install::Config;
+use Proxmox::Sys;
use Proxmox::Sys::Block qw(get_cached_disks);
use Proxmox::Sys::Command qw(syscmd);
use Proxmox::Sys::File qw(file_read_all file_write_all);
@@ -720,8 +721,11 @@ sub create_password_view {
my $t1 = $pwe1->get_text;
my $t2 = $pwe2->get_text;
- if (length ($t1) < 5) {
- Proxmox::UI::message("Password is too short.");
+ if (length ($t1) < $Proxmox::Sys::ROOT_PASSWORD_MIN_LENGTH) {
+ Proxmox::UI::message(
+ "Password too short, must be at least " .
+ "$Proxmox::Sys::ROOT_PASSWORD_MIN_LENGTH characters long"
+ );
$pwe1->grab_focus();
return;
}
--
2.46.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* [pve-devel] [PATCH installer 2/3] tui: raise minimum root password length to 8 characters
2024-10-07 9:22 [pve-devel] [PATCH installer 0/3] raise minimum root password length to 8 characters Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 1/3] proxinstall: " Christoph Heiss
@ 2024-10-07 9:22 ` Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 3/3] auto-installer: " Christoph Heiss
2 siblings, 0 replies; 9+ messages in thread
From: Christoph Heiss @ 2024-10-07 9:22 UTC (permalink / raw)
To: pve-devel
.. in accordance with current NIST recommendations [0].
It's 2024; so reasonable to expect an 8-character-password at the
minimum.
[0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
proxmox-installer-common/src/lib.rs | 3 +++
proxmox-tui-installer/src/main.rs | 11 ++++++-----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/proxmox-installer-common/src/lib.rs b/proxmox-installer-common/src/lib.rs
index 850e825..70dffab 100644
--- a/proxmox-installer-common/src/lib.rs
+++ b/proxmox-installer-common/src/lib.rs
@@ -4,3 +4,6 @@ pub mod setup;
pub mod utils;
pub const RUNTIME_DIR: &str = "/run/proxmox-installer";
+
+/// Minimum length for the root password
+pub const ROOT_PASSWORD_MIN_LENGTH: usize = 8;
diff --git a/proxmox-tui-installer/src/main.rs b/proxmox-tui-installer/src/main.rs
index 3fb87a7..c5befce 100644
--- a/proxmox-tui-installer/src/main.rs
+++ b/proxmox-tui-installer/src/main.rs
@@ -22,6 +22,7 @@ use proxmox_installer_common::{
options::{BootdiskOptions, NetworkOptions, TimezoneOptions},
setup::{installer_setup, LocaleInfo, ProxmoxProduct, RuntimeInfo, SetupInfo},
utils::Fqdn,
+ ROOT_PASSWORD_MIN_LENGTH,
};
mod setup;
@@ -452,14 +453,14 @@ fn password_dialog(siv: &mut Cursive) -> InstallerView {
Regex::new(r"^[\w\+\-\~]+(\.[\w\+\-\~]+)*@[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*$")
.unwrap();
- if root_password.len() < 5 {
- Err("password too short, must be at least 5 characters long")
+ if root_password.len() < ROOT_PASSWORD_MIN_LENGTH {
+ Err(format!("password too short, must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long"))
} else if root_password != confirm_password {
- Err("passwords do not match")
+ Err("passwords do not match".to_owned())
} else if email == "mail@example.invalid" {
- Err("invalid email address")
+ Err("invalid email address".to_owned())
} else if !email_regex.is_match(&email) {
- Err("Email does not look like a valid address (user@domain.tld)")
+ Err("Email does not look like a valid address (user@domain.tld)".to_owned())
} else {
Ok(PasswordOptions {
root_password,
--
2.46.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* [pve-devel] [PATCH installer 3/3] auto-installer: raise minimum root password length to 8 characters
2024-10-07 9:22 [pve-devel] [PATCH installer 0/3] raise minimum root password length to 8 characters Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 1/3] proxinstall: " Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 2/3] tui: " Christoph Heiss
@ 2024-10-07 9:22 ` Christoph Heiss
2024-10-07 9:49 ` Stefan Hanreich
2 siblings, 1 reply; 9+ messages in thread
From: Christoph Heiss @ 2024-10-07 9:22 UTC (permalink / raw)
To: pve-devel
.. in accordance with current NIST recommendations [0].
It's 2024; so reasonable to expect an 8-character-password at the
minimum.
[0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
proxmox-auto-installer/src/utils.rs | 5 +++++
.../tests/resources/parse_answer/disk_match.json | 2 +-
.../tests/resources/parse_answer/disk_match.toml | 2 +-
.../tests/resources/parse_answer/disk_match_all.json | 2 +-
.../tests/resources/parse_answer/disk_match_all.toml | 2 +-
.../tests/resources/parse_answer/disk_match_any.json | 2 +-
.../tests/resources/parse_answer/disk_match_any.toml | 2 +-
.../tests/resources/parse_answer/minimal.json | 2 +-
.../tests/resources/parse_answer/minimal.toml | 2 +-
.../tests/resources/parse_answer/nic_matching.json | 2 +-
.../tests/resources/parse_answer/nic_matching.toml | 2 +-
.../tests/resources/parse_answer/specific_nic.json | 2 +-
.../tests/resources/parse_answer/specific_nic.toml | 2 +-
proxmox-auto-installer/tests/resources/parse_answer/zfs.json | 2 +-
proxmox-auto-installer/tests/resources/parse_answer/zfs.toml | 2 +-
15 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/proxmox-auto-installer/src/utils.rs b/proxmox-auto-installer/src/utils.rs
index 45ad222..e0dd2ae 100644
--- a/proxmox-auto-installer/src/utils.rs
+++ b/proxmox-auto-installer/src/utils.rs
@@ -13,6 +13,7 @@ use proxmox_installer_common::{
setup::{
InstallConfig, InstallRootPassword, InstallZfsOption, LocaleInfo, RuntimeInfo, SetupInfo,
},
+ ROOT_PASSWORD_MIN_LENGTH,
};
use serde::{Deserialize, Serialize};
@@ -309,6 +310,10 @@ fn verify_root_password_settings(answer: &Answer) -> Result<()> {
} else if answer.global.root_password.is_none() && answer.global.root_password_hashed.is_none()
{
bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
+ } else if answer.global.root_password.is_some()
+ && answer.global.root_password.as_ref().map(|s| s.len()) < Some(ROOT_PASSWORD_MIN_LENGTH)
+ {
+ bail!("`global.root_password` must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long");
} else {
Ok(())
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
index 6c8d6d9..a2f8b6f 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
@@ -18,7 +18,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
index 68676ac..5177eb2 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
index 2d2e94e..a6567c2 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
@@ -15,7 +15,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
index f20a4fe..60daa54 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
index 1f3b2eb..f9d29f7 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
@@ -22,7 +22,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
index e1f33c9..6e45c5b 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/minimal.json b/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
index 9fe9150..1db23e6 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna"
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml b/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
index db8fec4..16f355c 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
index 610060e..ba0a47f 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "enp65s0f0",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna"
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
index 087c37f..eb6130a 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-answer"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
index 5f456bb..fcf26fb 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "enp129s0f1np1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna"
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
index 60f7f14..4ea49bc 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-answer"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/zfs.json b/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
index 025dd8f..710b4d6 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
@@ -16,7 +16,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml b/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
index 4d48998..369fd63 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
--
2.46.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pve-devel] [PATCH installer 3/3] auto-installer: raise minimum root password length to 8 characters
2024-10-07 9:22 ` [pve-devel] [PATCH installer 3/3] auto-installer: " Christoph Heiss
@ 2024-10-07 9:49 ` Stefan Hanreich
2024-10-07 9:52 ` Christoph Heiss
0 siblings, 1 reply; 9+ messages in thread
From: Stefan Hanreich @ 2024-10-07 9:49 UTC (permalink / raw)
To: pve-devel
On 10/7/24 11:22, Christoph Heiss wrote:
> .. in accordance with current NIST recommendations [0].
>
> It's 2024; so reasonable to expect an 8-character-password at the
> minimum.
>
> [0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
>
> Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
> ---
> proxmox-auto-installer/src/utils.rs | 5 +++++
> .../tests/resources/parse_answer/disk_match.json | 2 +-
> .../tests/resources/parse_answer/disk_match.toml | 2 +-
> .../tests/resources/parse_answer/disk_match_all.json | 2 +-
> .../tests/resources/parse_answer/disk_match_all.toml | 2 +-
> .../tests/resources/parse_answer/disk_match_any.json | 2 +-
> .../tests/resources/parse_answer/disk_match_any.toml | 2 +-
> .../tests/resources/parse_answer/minimal.json | 2 +-
> .../tests/resources/parse_answer/minimal.toml | 2 +-
> .../tests/resources/parse_answer/nic_matching.json | 2 +-
> .../tests/resources/parse_answer/nic_matching.toml | 2 +-
> .../tests/resources/parse_answer/specific_nic.json | 2 +-
> .../tests/resources/parse_answer/specific_nic.toml | 2 +-
> proxmox-auto-installer/tests/resources/parse_answer/zfs.json | 2 +-
> proxmox-auto-installer/tests/resources/parse_answer/zfs.toml | 2 +-
> 15 files changed, 19 insertions(+), 14 deletions(-)
>
> diff --git a/proxmox-auto-installer/src/utils.rs b/proxmox-auto-installer/src/utils.rs
> index 45ad222..e0dd2ae 100644
> --- a/proxmox-auto-installer/src/utils.rs
> +++ b/proxmox-auto-installer/src/utils.rs
> @@ -13,6 +13,7 @@ use proxmox_installer_common::{
> setup::{
> InstallConfig, InstallRootPassword, InstallZfsOption, LocaleInfo, RuntimeInfo, SetupInfo,
> },
> + ROOT_PASSWORD_MIN_LENGTH,
> };
> use serde::{Deserialize, Serialize};
>
> @@ -309,6 +310,10 @@ fn verify_root_password_settings(answer: &Answer) -> Result<()> {
> } else if answer.global.root_password.is_none() && answer.global.root_password_hashed.is_none()
> {
> bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
> + } else if answer.global.root_password.is_some()
> + && answer.global.root_password.as_ref().map(|s| s.len()) < Some(ROOT_PASSWORD_MIN_LENGTH)
> + {
> + bail!("`global.root_password` must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long");
> } else {
> Ok(())
> }
maybe match is better at this point?
Something like
match (answer.global.root_password, answer.global.root_password_hashed) {
[..]
(Some(password), _) if password.len() < ROOT_PASSWORD_MIN_LENGTH,
[..]
}
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pve-devel] [PATCH installer 3/3] auto-installer: raise minimum root password length to 8 characters
2024-10-07 9:49 ` Stefan Hanreich
@ 2024-10-07 9:52 ` Christoph Heiss
2024-10-07 9:55 ` Stefan Hanreich
0 siblings, 1 reply; 9+ messages in thread
From: Christoph Heiss @ 2024-10-07 9:52 UTC (permalink / raw)
To: Stefan Hanreich; +Cc: Proxmox VE development discussion
Thanks for the review!
On Mon, Oct 07, 2024 at 11:49:02AM GMT, Stefan Hanreich wrote:
> On 10/7/24 11:22, Christoph Heiss wrote:
[..]
> > @@ -309,6 +310,10 @@ fn verify_root_password_settings(answer: &Answer) -> Result<()> {
> > } else if answer.global.root_password.is_none() && answer.global.root_password_hashed.is_none()
> > {
> > bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
> > + } else if answer.global.root_password.is_some()
> > + && answer.global.root_password.as_ref().map(|s| s.len()) < Some(ROOT_PASSWORD_MIN_LENGTH)
> > + {
> > + bail!("`global.root_password` must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long");
> > } else {
> > Ok(())
> > }
>
> maybe match is better at this point?
>
> Something like
>
> match (answer.global.root_password, answer.global.root_password_hashed) {
> [..]
> (Some(password), _) if password.len() < ROOT_PASSWORD_MIN_LENGTH,
> [..]
> }
>
I'll rework it a bit, match definitely seems like the better fit here!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pve-devel] [PATCH installer 3/3] auto-installer: raise minimum root password length to 8 characters
2024-10-07 9:52 ` Christoph Heiss
@ 2024-10-07 9:55 ` Stefan Hanreich
2024-10-07 10:02 ` Christoph Heiss
0 siblings, 1 reply; 9+ messages in thread
From: Stefan Hanreich @ 2024-10-07 9:55 UTC (permalink / raw)
To: Christoph Heiss; +Cc: Proxmox VE development discussion
On 10/7/24 11:52, Christoph Heiss wrote:
> Thanks for the review!
>
> On Mon, Oct 07, 2024 at 11:49:02AM GMT, Stefan Hanreich wrote:
>> On 10/7/24 11:22, Christoph Heiss wrote:
> [..]
>>> @@ -309,6 +310,10 @@ fn verify_root_password_settings(answer: &Answer) -> Result<()> {
>>> } else if answer.global.root_password.is_none() && answer.global.root_password_hashed.is_none()
>>> {
>>> bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
>>> + } else if answer.global.root_password.is_some()
>>> + && answer.global.root_password.as_ref().map(|s| s.len()) < Some(ROOT_PASSWORD_MIN_LENGTH)
>>> + {
>>> + bail!("`global.root_password` must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long");
>>> } else {
>>> Ok(())
>>> }
>>
>> maybe match is better at this point?
>>
>> Something like
>>
>> match (answer.global.root_password, answer.global.root_password_hashed) {
>> [..]
>> (Some(password), _) if password.len() < ROOT_PASSWORD_MIN_LENGTH,
>> [..]
>> }
>>
>
> I'll rework it a bit, match definitely seems like the better fit here!
I also thought about suggesting an Enum here like
enum AnswerPassword {
Raw(...)
Hashed(...)
}
But that's probably a bit more involved and idk how it would work with
the answer file format, so hard for me to tell if feasible with the
current state of things
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pve-devel] [PATCH installer 3/3] auto-installer: raise minimum root password length to 8 characters
2024-10-07 9:55 ` Stefan Hanreich
@ 2024-10-07 10:02 ` Christoph Heiss
2024-10-07 10:39 ` Stefan Hanreich
0 siblings, 1 reply; 9+ messages in thread
From: Christoph Heiss @ 2024-10-07 10:02 UTC (permalink / raw)
To: Stefan Hanreich; +Cc: Proxmox VE development discussion
On Mon, Oct 07, 2024 at 11:55:19AM GMT, Stefan Hanreich wrote:
> On 10/7/24 11:52, Christoph Heiss wrote:
> > Thanks for the review!
> >
> > On Mon, Oct 07, 2024 at 11:49:02AM GMT, Stefan Hanreich wrote:
> >> On 10/7/24 11:22, Christoph Heiss wrote:
> > [..]
> >>> @@ -309,6 +310,10 @@ fn verify_root_password_settings(answer: &Answer) -> Result<()> {
> >>> } else if answer.global.root_password.is_none() && answer.global.root_password_hashed.is_none()
> >>> {
> >>> bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
> >>> + } else if answer.global.root_password.is_some()
> >>> + && answer.global.root_password.as_ref().map(|s| s.len()) < Some(ROOT_PASSWORD_MIN_LENGTH)
> >>> + {
> >>> + bail!("`global.root_password` must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long");
> >>> } else {
> >>> Ok(())
> >>> }
> >>
> >> maybe match is better at this point?
> >>
> >> Something like
> >>
> >> match (answer.global.root_password, answer.global.root_password_hashed) {
> >> [..]
> >> (Some(password), _) if password.len() < ROOT_PASSWORD_MIN_LENGTH,
> >> [..]
> >> }
> >>
> >
> > I'll rework it a bit, match definitely seems like the better fit here!
>
> I also thought about suggesting an Enum here like
>
> enum AnswerPassword {
> Raw(...)
> Hashed(...)
> }
>
> But that's probably a bit more involved and idk how it would work with
> the answer file format, so hard for me to tell if feasible with the
> current state of things
Sounds like a good idea tho. Shouldn't be that much work, other than
maybe a custom (small) de-/serializer for the answer file and config
output.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pve-devel] [PATCH installer 3/3] auto-installer: raise minimum root password length to 8 characters
2024-10-07 10:02 ` Christoph Heiss
@ 2024-10-07 10:39 ` Stefan Hanreich
0 siblings, 0 replies; 9+ messages in thread
From: Stefan Hanreich @ 2024-10-07 10:39 UTC (permalink / raw)
To: Christoph Heiss; +Cc: Proxmox VE development discussion
On 10/7/24 12:02, Christoph Heiss wrote:
> Sounds like a good idea tho. Shouldn't be that much work, other than
> maybe a custom (small) de-/serializer for the answer file and config
> output.
Possibly even untagged and rename serde directive could suffice
(together with a FromStr impl maybe?)
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-10-07 10:39 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-07 9:22 [pve-devel] [PATCH installer 0/3] raise minimum root password length to 8 characters Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 1/3] proxinstall: " Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 2/3] tui: " Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 3/3] auto-installer: " Christoph Heiss
2024-10-07 9:49 ` Stefan Hanreich
2024-10-07 9:52 ` Christoph Heiss
2024-10-07 9:55 ` Stefan Hanreich
2024-10-07 10:02 ` Christoph Heiss
2024-10-07 10:39 ` Stefan Hanreich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal