From: Josselin Poiret via Guix-patches via <guix-patches@gnu.org>
To: Mathieu Othacehe <othacehe@gnu.org>
Cc: 53063@debbugs.gnu.org, ludo@gnu.org, Josselin Poiret <dev@jpoiret.xyz>
Subject: [bug#53063] [PATCH v2 wip-harden-installer 17/18] installer: Turn passwords into opaque records.
Date: Sat, 15 Jan 2022 14:50:10 +0100 [thread overview]
Message-ID: <20220115135011.5817-18-dev@jpoiret.xyz> (raw)
In-Reply-To: <20220115135011.5817-1-dev@jpoiret.xyz>
* gnu/installer/user.scm (<secret>, secret?, make-secret,
secret-content): Add opaque <secret> record that boxes its contents,
with a custom printer that doesn't display anything.
* gnu/installer/newt/user.scm (run-user-add-page, run-user-page): Box
it.
* gnu/installer/final.scm (create-user-database): Unbox it.
---
gnu/installer/final.scm | 5 +++--
gnu/installer/newt/user.scm | 6 +++---
gnu/installer/user.scm | 18 +++++++++++++++++-
3 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/gnu/installer/final.scm b/gnu/installer/final.scm
index 63e5073ff4..2087536502 100644
--- a/gnu/installer/final.scm
+++ b/gnu/installer/final.scm
@@ -85,8 +85,9 @@ (define root?
(uid (if root? 0 #f))
(home-directory
(user-home-directory user))
- (password (crypt (user-password user)
- (salt)))
+ (password (crypt
+ (secret-content (user-password user))
+ (salt)))
;; We need a string here, not a file-like, hence
;; this choice.
diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm
index 97141cfe64..7c1cc2249d 100644
--- a/gnu/installer/newt/user.scm
+++ b/gnu/installer/newt/user.scm
@@ -143,7 +143,7 @@ (define (pad-label label)
(name name)
(real-name real-name)
(home-directory home-directory)
- (password password))
+ (password (make-secret password)))
(run-user-add-page #:name name
#:real-name real-name
#:home-directory
@@ -266,7 +266,7 @@ (define (run users)
(map (lambda (name real-name home password)
(user (name name) (real-name real-name)
(home-directory home)
- (password password)))
+ (password (make-secret password))))
names real-names homes passwords))))))
(lambda ()
(destroy-form-and-pop form))))))
@@ -274,5 +274,5 @@ (define (run users)
;; Add a "root" user simply to convey the root password.
(cons (user (name "root")
(home-directory "/root")
- (password (run-root-password-page)))
+ (password (make-secret (run-root-password-page))))
(run '())))
diff --git a/gnu/installer/user.scm b/gnu/installer/user.scm
index 4e701e64ce..13114e9832 100644
--- a/gnu/installer/user.scm
+++ b/gnu/installer/user.scm
@@ -19,7 +19,14 @@
(define-module (gnu installer user)
#:use-module (guix records)
#:use-module (srfi srfi-1)
- #:export (<user>
+ #:use-module (srfi srfi-9)
+ #:use-module (srfi srfi-9 gnu)
+ #:export (<secret>
+ secret?
+ make-secret
+ secret-content
+
+ <user>
user
make-user
user-name
@@ -30,6 +37,15 @@ (define-module (gnu installer user)
users->configuration))
+(define-record-type <secret>
+ (make-secret content)
+ secret?
+ (content secret-content))
+(set-record-type-printer!
+ <secret>
+ (lambda (secret port)
+ (format port "<secret>")))
+
(define-record-type* <user>
user make-user
user?
--
2.34.0
next prev parent reply other threads:[~2022-01-15 13:53 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-06 22:45 [bug#53063] [PATCH wip-harden-installer 00/14] General improvements to the installer Josselin Poiret via Guix-patches via
2022-01-06 22:47 ` [bug#53063] [PATCH wip-harden-installer 01/14] installer: Use define instead of let at top-level Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 02/14] installer: Generalize logging facility Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 03/14] installer: Use new installer-log-line everywhere Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 04/14] installer: Un-export syslog syntax Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 05/14] installer: Capture external commands output Josselin Poiret via Guix-patches via
2022-01-07 13:47 ` [bug#53063] [PATCH wip-harden-installer 00/14] General improvements to the installer Ludovic Courtès
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 06/14] installer: Disable automatic finalization for child thread Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 07/14] installer: Add installer-specific run command process Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 08/14] installer: Use run-command-in-installer in (gnu installer parted) Josselin Poiret via Guix-patches via
2022-01-07 10:58 ` Mathieu Othacehe
2022-01-07 11:46 ` Josselin Poiret via Guix-patches via
2022-01-15 13:49 ` [bug#53063] [PATCH v2 wip-harden-installer 00/18] General improvements to the installer Josselin Poiret via Guix-patches via
2022-01-15 13:49 ` [bug#53063] [PATCH v2 wip-harden-installer 01/18] installer: Use define instead of let at top-level Josselin Poiret via Guix-patches via
2022-01-15 13:49 ` [bug#53063] [PATCH v2 wip-harden-installer 02/18] installer: Generalize logging facility Josselin Poiret via Guix-patches via
2022-01-15 13:49 ` [bug#53063] [PATCH v2 wip-harden-installer 03/18] installer: Use new installer-log-line everywhere Josselin Poiret via Guix-patches via
2022-01-15 13:49 ` [bug#53063] [PATCH v2 wip-harden-installer 04/18] installer: Un-export syslog syntax Josselin Poiret via Guix-patches via
2022-01-15 13:49 ` [bug#53063] [PATCH v2 wip-harden-installer 05/18] installer: Keep PATH inside the install container Josselin Poiret via Guix-patches via
2022-01-15 13:49 ` [bug#53063] [PATCH v2 wip-harden-installer 06/18] installer: Remove specific logging code Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 07/18] installer: Capture external commands output Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 08/18] installer: Add installer-specific run command process Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 09/18] installer: Use run-command-in-installer in (gnu installer parted) Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 10/18] installer: Raise condition when mklabel fails Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 11/18] installer: Fix run-file-textbox-page when edit-button is #f Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 12/18] installer: Replace run-command by invoke in newt/page.scm Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 13/18] installer: Add nano to PATH Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 14/18] installer: Use named prompt to abort or break installer steps Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 15/18] installer: Add error page when running external commands Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 16/18] installer: Use dynamic-wind to setup installer Josselin Poiret via Guix-patches via
2022-01-15 13:50 ` Josselin Poiret via Guix-patches via [this message]
2022-01-15 13:50 ` [bug#53063] [PATCH v2 wip-harden-installer 18/18] installer: Make dump archive creation optional and selective Josselin Poiret via Guix-patches via
2022-01-17 10:16 ` [bug#53063] [PATCH wip-harden-installer 00/14] General improvements to the installer Mathieu Othacehe
2022-01-31 17:45 ` [bug#53063] [PATCH] installer: Use system-wide guix for system init Josselin Poiret via Guix-patches via
2022-02-02 15:50 ` bug#53063: " Mathieu Othacehe
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 09/14] installer: Use the command capturing facility for guix init Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 10/14] installer: Raise condition when mklabel fails Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 11/14] installer: Fix run-file-textbox-page when edit-button is #f Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 12/14] installer: Replace run-command by invoke in newt/page.scm Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 13/14] installer: Use named prompt to abort or break installer steps Josselin Poiret via Guix-patches via
2022-01-06 22:48 ` [bug#53063] [PATCH wip-harden-installer 14/14] installer: Add confirmation page when running external commands Josselin Poiret via Guix-patches via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220115135011.5817-18-dev@jpoiret.xyz \
--to=guix-patches@gnu.org \
--cc=53063@debbugs.gnu.org \
--cc=dev@jpoiret.xyz \
--cc=ludo@gnu.org \
--cc=othacehe@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.