[pve-devel] [PATCH installer/{pve, pmg}-docs/proxmox-backup v3 0/8] raise minimum root password length to 8 characters

From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH installer/{pve, pmg}-docs/proxmox-backup v3 0/8] raise minimum root password length to 8 characters
Date: Mon, 16 Dec 2024 10:40:58 +0100	[thread overview]
Message-ID: <20241216094114.476756-1-c.heiss@proxmox.com> (raw)

This idea came to light while talking with Shannon about #5756 [0].

It is 2024, so raising the minimum length for the root password as
entered during the installation from 5 to 8 characters seems very
sensible. NIST also recommends a minimum length of 8 characters for
passwords [1].

See also the respective patches for PVE/PMG [2] and PBS [3] - both
series have been already applied.

I've sent the documentation patches all together with this series, since
a) they are trivial, b) not to clutter the other mailing list and c) to
keep everything together for review.

[0] https://bugzilla.proxmox.com/show_bug.cgi?id=5756
[1] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
[2] https://lore.proxmox.com/pve-devel/20241004133205.258755-1-s.sterz@proxmox.com/
[3] https://lore.proxmox.com/pbs-devel/20241004134054.263913-1-s.sterz@proxmox.com/

History
=======

v2: https://lore.proxmox.com/pve-devel/20241129122125.1494917-1-c.heiss@proxmox.com/
v1: https://lore.proxmox.com/pve-devel/20241007092218.723938-1-c.heiss@proxmox.com/

Notable changes v2 -> v3:
  * rebased on latest master
  * refactored negative tests to separate test function 

Notable changes v1 -> v2:
  * rebased on latest master
  * new patch #3; converting `InstallRootPassword` to an enum 
  * new patch #5; negative tests
  * new patches #6 through #8: respective documentation updates

Diffstat
========

pve-installer:

Christoph Heiss (5):
  common: convert `InstallRootPassword` into an enum
  proxinstall: raise minimum root password length to 8 characters
  tui: raise minimum root password length to 8 characters
  auto: raise minimum root password length to 8 characters
  auto: add negative tests for root password option

 Proxmox/Sys.pm                                |  5 ++
 html/pbs/passwd.htm                           |  2 +-
 html/pmg/passwd.htm                           |  2 +-
 html/pve/passwd.htm                           |  2 +-
 proxinstall                                   |  7 ++-
 proxmox-auto-installer/src/utils.rs           | 45 ++++++++++----
 proxmox-auto-installer/tests/parse-answer.rs  | 61 +++++++++++++++----
 .../tests/resources/parse_answer/btrfs.json   |  2 +-
 .../tests/resources/parse_answer/btrfs.toml   |  2 +-
 .../btrfs_raid_level_uppercase.json           |  2 +-
 .../btrfs_raid_level_uppercase.toml           |  2 +-
 .../resources/parse_answer/disk_match.json    |  2 +-
 .../resources/parse_answer/disk_match.toml    |  2 +-
 .../parse_answer/disk_match_all.json          |  2 +-
 .../parse_answer/disk_match_all.toml          |  2 +-
 .../parse_answer/disk_match_any.json          |  2 +-
 .../parse_answer/disk_match_any.toml          |  2 +-
 .../resources/parse_answer/first_boot.json    |  2 +-
 .../resources/parse_answer/first_boot.toml    |  2 +-
 .../tests/resources/parse_answer/minimal.json |  2 +-
 .../tests/resources/parse_answer/minimal.toml |  2 +-
 .../resources/parse_answer/nic_matching.json  |  2 +-
 .../resources/parse_answer/nic_matching.toml  |  2 +-
 .../resources/parse_answer/specific_nic.json  |  2 +-
 .../resources/parse_answer/specific_nic.toml  |  2 +-
 .../tests/resources/parse_answer/zfs.json     |  2 +-
 .../tests/resources/parse_answer/zfs.toml     |  2 +-
 .../zfs_raid_level_uppercase.json             |  2 +-
 .../zfs_raid_level_uppercase.toml             |  2 +-
 .../both_password_and_hashed_set.json         |  3 +
 .../both_password_and_hashed_set.toml         | 15 +++++
 .../no_root_password_set.json                 |  3 +
 .../no_root_password_set.toml                 | 13 ++++
 .../parse_answer_fail/short_password.json     |  3 +
 .../parse_answer_fail/short_password.toml     | 14 +++++
 proxmox-installer-common/src/lib.rs           |  3 +
 proxmox-installer-common/src/setup.rs         | 25 +++++---
 proxmox-tui-installer/src/main.rs             | 10 ++-
 proxmox-tui-installer/src/setup.rs            |  5 +-
 39 files changed, 197 insertions(+), 65 deletions(-)
 create mode 100644 proxmox-auto-installer/tests/resources/parse_answer_fail/both_password_and_hashed_set.json
 create mode 100644 proxmox-auto-installer/tests/resources/parse_answer_fail/both_password_and_hashed_set.toml
 create mode 100644 proxmox-auto-installer/tests/resources/parse_answer_fail/no_root_password_set.json
 create mode 100644 proxmox-auto-installer/tests/resources/parse_answer_fail/no_root_password_set.toml
 create mode 100644 proxmox-auto-installer/tests/resources/parse_answer_fail/short_password.json
 create mode 100644 proxmox-auto-installer/tests/resources/parse_answer_fail/short_password.toml

pve-docs:

Christoph Heiss (1):
  installation: adapt to raised root password length requirement

 pve-installation.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

pmg-docs:

Christoph Heiss (1):
  installation: adapt to raised root password length requirement

 pmg-installation.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

proxmox-backup:

Christoph Heiss (1):
  using-the-installer: adapt to raised root password length requirement

 docs/using-the-installer.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.46.0

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel