[libvirt] [jenkins-ci PATCH] lcitool: Don't encrypt password manually
Andrea Bolognani
abologna at redhat.com
Tue Sep 4 11:53:45 UTC 2018
On Tue, 2018-09-04 at 10:49 +0200, Martin Kletzander wrote:
s/manually/ourselves/ in the subject.
[...]
> def get_root_password_file(self):
> - root_pass_file = self._get_config_file("root-password")
> - root_hash_file = self._get_config_file(".root-password.hash")
> -
> - try:
> - with open(root_pass_file, "r") as infile:
> - root_pass = infile.readline().strip()
> - except Exception:
> - raise Error(
> - "Missing or invalid root password file ({})".format(
> - root_pass_file,
> - )
> - )
> -
> - # The hash will be different every time we run, but that doesn't
> - # matter - it will still validate the correct root password
> - root_hash = crypt.crypt(root_pass, Util.mksalt())
> -
> - try:
> - with open(root_hash_file, "w") as infile:
> - infile.write("{}\n".format(root_hash))
> - except Exception:
> - raise Error(
> - "Can't write hashed root password file ({})".format(
> - root_hash_file,
> - )
> - )
> -
> - return root_hash_file
> + return self._get_config_file("root-password")
This is a really nice improvement overall, but we can't quite get
rid of the entire function: we still need to try and open the file,
or at least stat() it, like we do in get_vault_password_file(), so
that we can error out early instead of having Ansible bail out on
us really late in the game.
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list