[Libosinfo] [PATCH] Revert "debian: Allow empty passwords"

Fabiano Fidêncio fidencio at redhat.com
Thu May 19 13:32:15 UTC 2016 

On Thu, May 19, 2016 at 2:40 PM, Zeeshan Ali (Khattak)
<zeeshanak at gnome.org> wrote:
> On Thu, May 19, 2016 at 7:24 AM, Fabiano Fidêncio <fidencio at redhat.com> wrote:
>> The workaround that has been used so for doesn't work.
>>
>> For the user account, the password is indeed removed in the end of the
>> installation, but then login in from GDM is impossible. Although it
>> works from a VT,
>
> You mean after you logout and then get dropped to GDM? Which would
> explain why it's hard to notice. If that's the case, are you sure we
> don't have the same issue with Fedora?

The issue is, the system is installed, reboots and then you're at GDM
screen. There you simply can _not_ login.
I don't know if it affects Fedora, I didn't test Fedora and not sure
when I'll have time for that. maybe it's broken there as well.

>
>>this is not something obvious that every user would
>> try. So, requiring the user password seems the best to do for now and
>> when another workaround is found the user password can be set to
>> optional again.
>
> Hmm.. Boxes might not be taking into account scripts requiring password.

Well, that's something to be fixed on Boxes, not on libosinfo.

>
>> For the root account, the password is not removed in the of the
>> installation and ends up being set as "dummyPa55w0rd", something that
>> the user would never guess, unless they have access to the libosinfo
>> code. So, requiring the admin password seems the best to do for now and
>> when another workaround is found the admin password can be set to
>> optional again.
>
> I think the most important thing is to find out why the workaround is
> not working. Could it be that it used to work but broken in recently
> debian versions?

I also don't know if it used to work before. You acked this patch, can
you tell me in which version of Debian you have tested it?

>
>> This reverts commit 087a8f8a23895e2d792b0f6d26a9d0c01a6c7e87.
>>
>>  Conflicts:
>>         data/install-script/debian.org/debian-preseed-desktop.xml.in
>>
>> Signed-off-by: Fabiano Fidêncio <fidencio at redhat.com>
>>
>> Resolves:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1336108
>> https://bugzilla.redhat.com/show_bug.cgi?id=1336109
>> ---
>>  .../debian.org/debian-preseed-desktop.xml.in       | 36 +++-------------------
>>  .../debian.org/debian-preseed-jeos.xml.in          | 18 +----------
>>  2 files changed, 5 insertions(+), 49 deletions(-)
>>
>> diff --git a/data/install-script/debian.org/debian-preseed-desktop.xml.in b/data/install-script/debian.org/debian-preseed-desktop.xml.in
>> index fd69bf2..a786a30 100644
>> --- a/data/install-script/debian.org/debian-preseed-desktop.xml.in
>> +++ b/data/install-script/debian.org/debian-preseed-desktop.xml.in
>> @@ -14,6 +14,10 @@
>>        <param name="user-fullname" policy="optional"/>
>>        <param name="user-password" policy="optional"/>
>>        <param name="admin-password" policy="optional"/>
>> +
>> +      <!-- This MUST be nonempty. Can we enforce this? -->
>> +      <param name="user-password" policy="required"/>
>> +      <param name="admin-password" policy="required"/>
>>        <param name="avatar-location" policy="optional"/>
>>        <param name="avatar-disk" policy="optional"/>
>>
>> @@ -130,34 +134,16 @@ d-i time/zone select <xsl:value-of select="config/l10n-timezone"/>
>>
>>  ## Root
>>  d-i passwd/root-login boolean true
>> -<xsl:choose>
>> -  <xsl:when test="config/admin-password = ''">
>> -# Real password will be set later
>> -d-i passwd/root-password password dummyPa55w0rd
>> -d-i passwd/root-password-again password dummyPa55w0rd
>> -  </xsl:when>
>> -  <xsl:otherwise>
>>  d-i passwd/root-password password <xsl:value-of select="config/admin-password"/>
>>  d-i passwd/root-password-again password <xsl:value-of select="config/admin-password"/>
>> -  </xsl:otherwise>
>> -</xsl:choose>
>>
>>  ## User
>>  d-i user-setup/allow-password-weak boolean true
>>  d-i user-setup/encrypt-home boolean false
>>  d-i passwd/user-fullname string <xsl:call-template name="user-fullname"/>
>>  d-i passwd/username <xsl:value-of select="config/user-login"/>
>> -<xsl:choose>
>> -  <xsl:when test="config/user-password = ''">
>> -# Real password will be set later
>> -d-i passwd/user-password password dummyPa55w0rd
>> -d-i passwd/user-password-again password dummyPa55w0rd
>> -  </xsl:when>
>> -  <xsl:otherwise>
>>  d-i passwd/user-password password <xsl:value-of select="config/user-password"/>
>>  d-i passwd/user-password-again password <xsl:value-of select="config/user-password"/>
>> -  </xsl:otherwise>
>> -</xsl:choose>
>>
>>
>>  ### Partitioning
>> @@ -201,20 +187,6 @@ d-i grub-installer/bootdev string <xsl:call-template name="target-disk"/>
>>  ### Cleanup
>>  d-i finish-install/reboot_in_progress note
>>
>> -<xsl:choose>
>> -  <xsl:when test="config/admin-password = ''">
>> -# Delete root password
>> -d-i preseed/late_command string in-target passwd -d root
>> -  </xsl:when>
>> -</xsl:choose>
>> -
>> -<xsl:choose>
>> -  <xsl:when test="config/user-password = ''">
>> -# Delete user password
>> -d-i preseed/late_command string in-target passwd -d <xsl:value-of select="config/user-login"/>
>> -  </xsl:when>
>> -</xsl:choose>
>> -
>>  ### Remove the installation DVD from the apt-get's sources.list
>>  d-i preseed/late_command string in-target sed -i '/cdrom/d' /etc/apt/sources.list
>>
>> diff --git a/data/install-script/debian.org/debian-preseed-jeos.xml.in b/data/install-script/debian.org/debian-preseed-jeos.xml.in
>> index 6d1c405..57dc8e4 100644
>> --- a/data/install-script/debian.org/debian-preseed-jeos.xml.in
>> +++ b/data/install-script/debian.org/debian-preseed-jeos.xml.in
>> @@ -4,7 +4,7 @@
>>      <expected-filename>preseed.cfg</expected-filename>
>>      <can-pre-install-drivers>true</can-pre-install-drivers>
>>      <config>
>> -      <param name="admin-password" policy="optional"/>
>> +      <param name="admin-password" policy="required"/>
>>        <param name="l10n-keyboard" policy="optional" value-map="http://x.org/x11-keyboard"/>
>>        <param name="l10n-timezone" policy="optional"/>
>>        <param name="l10n-language" policy="optional"/>
>> @@ -88,17 +88,8 @@ d-i partman/confirm_nooverwrite boolean true
>>
>>  d-i passwd/root-login boolean true
>>  d-i passwd/make-user boolean false
>> -<xsl:choose>
>> -  <xsl:when test="config/admin-password = ''">
>> -# Real password will be set later
>> -d-i passwd/root-password password dummyPa55w0rd
>> -d-i passwd/root-password-again password dummyPa55w0rd
>> -  </xsl:when>
>> -  <xsl:otherwise>
>>  d-i passwd/root-password password <xsl:value-of select="config/admin-password"/>
>>  d-i passwd/root-password-again password <xsl:value-of select="config/admin-password"/>
>> -  </xsl:otherwise>
>> -</xsl:choose>
>>
>>  tasksel tasksel/first multiselect standard ssh-server
>>
>> @@ -114,13 +105,6 @@ d-i apt-setup/security_host string
>>
>>  d-i finish-install/reboot_in_progress note
>>
>> -<xsl:choose>
>> -  <xsl:when test="config/admin-password = ''">
>> -# Delete password
>> -d-i preseed/late_command string in-target passwd -d root
>> -  </xsl:when>
>> -</xsl:choose>
>> -
>>  ### Remove the installation DVD from the apt-get's sources.list
>>  d-i preseed/late_command string in-target sed -i '/cdrom/d' /etc/apt/sources.list
>>
>> --
>> 2.7.4
>>
>> _______________________________________________
>> Libosinfo mailing list
>> Libosinfo at redhat.com
>> https://www.redhat.com/mailman/listinfo/libosinfo
>
>
>
> --
> Regards,
>
> Zeeshan Ali (Khattak)

More information about the Libosinfo mailing list