Message ID | 20220218164950.3277914-1-foss+yocto@0leil.net |
---|---|
State | Accepted |
Commit | 13064e7bea18e999d4a294e298a7980a4dcbe69e |
Headers | show |
Series | ref-manual: classes: provide command with ready-to-use password | expand |
Hi Michael, On 2/22/22 18:33, Michael Opdenacker wrote: > Hi Quentin, > > On 2/18/22 17:49, Quentin Schulz wrote: >> From: Quentin Schulz <quentin.schulz@theobroma-systems.com> >> >> mkpasswd output requires to be escaped before being used as password in >> a Bitbake variable. It was explicitly stated after the command, but to >> be sure it's not missed, let's give the printf command which does escape >> the string for us. > > > Many thanks for this patch to avoid possible trouble. Good idea! > >> >> Cc: Quentin Schulz <foss+yocto@0leil.net> >> Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> >> --- >> documentation/ref-manual/classes.rst | 7 +++---- >> 1 file changed, 3 insertions(+), 4 deletions(-) >> >> diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst >> index 949217bf4..89203dfc5 100644 >> --- a/documentation/ref-manual/classes.rst >> +++ b/documentation/ref-manual/classes.rst >> @@ -603,12 +603,11 @@ Here is an example that uses this class in an image recipe:: >> " >> >> Here is an example that adds two users named "tester-jim" and "tester-sue" and assigns >> -passwords. First on host, create the password hash:: >> +passwords. First on host, create the (escaped) password hash:: >> >> - mkpasswd -m sha256crypt tester01 >> + printf "%q" $(mkpasswd -m sha256crypt tester01) > > > What about "%q\n" instead of just "%q"? > The output is easier to grab because it's on a separate line. > It all depends. It's easier to grab from the console but it's technically not the actual content that should be put into the variable (i.e. without the newline at the end). So if you use a sed/awk/whatever shell command to inject the password then with the newline, it is incorrect. If you do the copy-pasting manually from the console, then it's probably better with the newline. (that being said, zsh (at least in my config) always jump a line, even if the content does not end with a newline (it prints a % character with white background). Whatever you think is the best, I don't have a strong opinion about this. Cheers, Quentin
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 949217bf4..89203dfc5 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -603,12 +603,11 @@ Here is an example that uses this class in an image recipe:: " Here is an example that adds two users named "tester-jim" and "tester-sue" and assigns -passwords. First on host, create the password hash:: +passwords. First on host, create the (escaped) password hash:: - mkpasswd -m sha256crypt tester01 + printf "%q" $(mkpasswd -m sha256crypt tester01) -The resulting hash is set to a variable and used in ``useradd`` command parameters. -Remember to escape the character ``$``:: +The resulting hash is set to a variable and used in ``useradd`` command parameters:: inherit extrausers PASSWD = "\$X\$ABC123\$A-Long-Hash"