From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id B03D11FF191 for ; Tue, 9 Sep 2025 13:56:22 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0505A8311; Tue, 9 Sep 2025 13:56:24 +0200 (CEST) Date: Tue, 09 Sep 2025 13:56:20 +0200 Message-Id: From: "Christoph Heiss" To: "Peter" Mime-Version: 1.0 X-Mailer: aerc 0.21.0 References: <20250903231828.53459-1-pjcreath+proxmox@gmail.com> In-Reply-To: <20250903231828.53459-1-pjcreath+proxmox@gmail.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1757418956800 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.038 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH installer v2 1/1] assistant: validate: add verify-password option X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Cc: pve-devel@lists.proxmox.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Looks good overall, just some small nits inline :) On Thu Sep 4, 2025 at 1:18 AM CEST, Peter wrote: > [..] > @@ -17,4 +17,5 @@ proxmox-installer-common = { workspace = true, features = [ "cli" ] } > serde_json.workspace = true > toml.workspace = true > > +proxmox-sys = { version = "1.0.0", features = [ "crypt" ] } Forgot to mention on v1, but new dependencies must also be recorded in debian/control. You can use the command debcargo deb-dependencies proxmox-auto-install-assistant/Cargo.toml to automatically generate that list (`debcargo` is available through the normal Debian repositories) and afterwards wrap-and-sort -tkn to sort that list. > glob = "0.3" > diff --git a/proxmox-auto-install-assistant/src/main.rs b/proxmox-auto-install-assistant/src/main.rs > index 5d6c1d5..98b4f23 100644 > --- a/proxmox-auto-install-assistant/src/main.rs > +++ b/proxmox-auto-install-assistant/src/main.rs > @@ -6,6 +6,9 @@ > > use anyhow::{Context, Result, bail, format_err}; > use glob::Pattern; > +use proxmox_sys::linux::tty::read_password; > +use proxmox_sys::crypt::verify_crypt_pw; These two lines should be alphabetically sorted - you can just run cargo fmt before sending a patch, that will take care of all of that. Personally I'd combine them: use proxmox_sys::{linux::tty::read_password, crypt::verify_crypt_pw}; > [..] > impl cli::Subcommand for CommandValidateAnswerArgs { > fn parse(args: &mut cli::Arguments) -> Result { > Ok(Self { > debug: args.contains(["-d", "--debug"]), > + verify_password: args.contains("--verify-root-password"), > // Needs to be last > path: args.free_from_str()?, > }) > @@ -176,6 +182,7 @@ ARGUMENTS: > > OPTIONS: > -d, --debug Also show the full answer as parsed. > + --verify-root-password Interactively verify the hashed root password. > -h, --help Print this help > -V, --version Print version Please align all the descriptions. > [..] > @@ -545,6 +556,20 @@ fn validate_answer_file_keys(path: impl AsRef + fmt::Debug) -> Result } > } > > +fn verify_hashed_password_interactive(answer: &Answer) -> Result<()> { > + if let Some(hashed) = &answer.global.root_password_hashed { > + println!("Verifying hashed root password."); > + > + let password = String::from_utf8(read_password("Enter root password to verify: ")?)?; > + verify_crypt_pw(&password, hashed)?; verify_crypt_pw(&password, hashed).context("Failed to verify hashed root password")?; Makes the output just a bit nicer when verification fails. > + > + println!("Password matches hashed password."); println!("Password matches hashed root password."); For consistency with the other messages. > + Ok(()) > + } else { > + bail!("'root-password-hashed' not set in answer file, cannot verify."); > + } > +} > + _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel