[pve-devel] applied-series: [PATCH installer v2 0/6] auto-installer: add option for providing hashed root password

From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
	Christoph Heiss <c.heiss@proxmox.com>
Subject: [pve-devel] applied-series: [PATCH installer v2 0/6] auto-installer: add option for providing hashed root password
Date: Mon, 22 Jul 2024 18:43:16 +0200	[thread overview]
Message-ID: <f51bc111-3d2b-4419-b58e-0d5c4888ae2a@proxmox.com> (raw)
In-Reply-To: <20240715075700.283532-1-c.heiss@proxmox.com>

Am 15/07/2024 um 09:56 schrieb Christoph Heiss:
> This series adds a new answer option `global.root_password_hashed`
> for the auto-installer, enabling administrators to specify the root
> password of the new installation in a hashed format - as generated by
> e.g. mkpasswd(1) - instead of plain-text.
> 
> Administrators/users might want to avoid passing along a plain-text
> password with the different answer-fetching methods supported by the
> auto-installer, for obvious reasons.
> 
> While this of course does not provide full security, sending a hashed
> password might still be preferred by administrators over plain text.
> 
> Tested by installing using the GUI and TUI (to ensure no regressions
> can happen) and using the auto-installer, once with `root_password` set
> (again testing for potential regressions) and once with
> `global.root_password_hashed` set instead, testing the new
> functionality.
> 
> First two patches are small cleanups and may be applied independently.
> 
> v1: https://lists.proxmox.com/pipermail/pve-devel/2024-May/063949.html
> 
> Notable changes v1 -> v2:
>   * rebased on latest master
>   * fixed rebase mistake
>   * merged previous patch #4/#5 for consistency across crates
>   * improved validation in auto-installer
> 
> Christoph Heiss (6):
>   common: move `PasswordOptions` type to tui crate
>   tui-installer: remove `Debug` implementation for password options
>   low-level: change root password option to contain either plaintext or
>     hash
>   {auto,tui}-installer: adapt to new `root_password` plain/hashed setup
>     option
>   auto-installer: add new `global.root_password_hashed` answer option
>   auto-installer: add test for hashed root password option
> 
>  Proxmox/Install.pm                            | 25 ++++++++++++++++---
>  Proxmox/Install/Config.pm                     | 20 ++++++++++++---
>  proxinstall                                   |  4 +--
>  proxmox-auto-installer/src/answer.rs          |  3 ++-
>  proxmox-auto-installer/src/utils.rs           | 21 ++++++++++++++--
>  .../resources/parse_answer/disk_match.json    |  2 +-
>  .../parse_answer/disk_match_all.json          |  2 +-
>  .../parse_answer/disk_match_any.json          |  2 +-
>  .../parse_answer/hashed_root_password.json    | 20 +++++++++++++++
>  .../parse_answer/hashed_root_password.toml    | 14 +++++++++++
>  .../tests/resources/parse_answer/minimal.json |  2 +-
>  .../resources/parse_answer/nic_matching.json  |  2 +-
>  .../resources/parse_answer/specific_nic.json  |  2 +-
>  .../tests/resources/parse_answer/zfs.json     |  2 +-
>  proxmox-installer-common/src/options.rs       | 15 -----------
>  proxmox-installer-common/src/setup.rs         | 12 +++++++--
>  proxmox-tui-installer/src/main.rs             |  4 +--
>  proxmox-tui-installer/src/options.rs          | 20 ++++++++++++---
>  proxmox-tui-installer/src/setup.rs            | 10 ++++++--
>  19 files changed, 140 insertions(+), 42 deletions(-)
>  create mode 100644 proxmox-auto-installer/tests/resources/parse_answer/hashed_root_password.json
>  create mode 100644 proxmox-auto-installer/tests/resources/parse_answer/hashed_root_password.toml
> 

applied series while taking the freedom to record Theodor's feedback
in form of a T-b tag, thanks!

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel