Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(live): Automatically generate the root password #1292

Merged
merged 3 commits into from
Jun 7, 2024

Conversation

lslezak
Copy link
Contributor

@lslezak lslezak commented Jun 6, 2024

Problem

  • Using a well known default linux password is insecure

Solution

  • Generate a random password during boot
  • Print it to the console

Testing

  • Tested manually

Notes

  • Updated documentation

Screenshots

agama_password_random

Copy link
Contributor

@imobachgs imobachgs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few comments. Otherwise, it looks good.

doc/live_iso.md Outdated Show resolved Hide resolved
doc/live_iso.md Show resolved Hide resolved
doc/live_iso.md Outdated
It offers less encryption methods but on the other hand it should be basically
installed in every system.

:warning: *Warning: By default it uses a weak encryption method (DES or MD5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GitHub implements a nicer warning message (we are using them already):

> [!WARNING]
> Put your message here...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, there are supported even some more info boxes.
https://github.com/orgs/community/discussions/16925

doc/live_iso.md Outdated Show resolved Hide resolved
doc/live_iso.md Outdated Show resolved Hide resolved
@ancorgs
Copy link
Contributor

ancorgs commented Jun 7, 2024

I added a few minor comments, but I have to say the whole password management you implemented looks AWESOME. 👏

That being said, I have doubts about using the agama namespace for the boot arguments. Being precise, this has nothing to do with Agama itself, is setting the root password of the int-sys. Moreover, we tried really hard in the past to draw a line on people's minds between the installer (Agama/YaST) and the inst-sys (Agama-Live/Linuxrc+Installation-Images). This blurs the line again.

What about using agama-live (or any other name that really refers to the int-sys) as namespace for all this?

@ancorgs
Copy link
Contributor

ancorgs commented Jun 7, 2024

What about using agama-live (or any other name that really refers to the int-sys) as namespace for all this?

Thinking it twice, I wouldn't even use agama-live because this is so generic and reusable for any other live image out there that I don't think we should use "Agama" as part of the name. I can easily see other people adopting this for their own live images.

@lslezak
Copy link
Contributor Author

lslezak commented Jun 7, 2024

I made the boot scripts less tied to Agama and use the live prefix for the boot options.

I have retested everything again, all works fine.

Updated Screenshots

Password Dialog

agama_password_dialog2

Systemd Propmpt

agama_password_systemd2

Random Password

agama_password_random2

@lslezak lslezak merged commit 261ce54 into master Jun 7, 2024
@lslezak lslezak deleted the live_root_password3 branch June 7, 2024 15:36
@imobachgs imobachgs mentioned this pull request Jun 27, 2024
imobachgs added a commit that referenced this pull request Jun 27, 2024
Prepare for releasing Agama 9. It includes the following pull requests:

- #1101
- #1202
- #1228
- #1231
- #1236
- #1238
- #1239
- #1240
- #1242
- #1243
- #1244
- #1245
- #1246
- #1247
- #1248
- #1249
- #1250
- #1251
- #1252
- #1253
- #1254
- #1255
- #1256
- #1257
- #1258
- #1259
- #1260
- #1261
- #1264
- #1265
- #1267
- #1268
- #1269
- #1270
- #1271
- #1272
- #1273
- #1274
- #1279
- #1280
- #1284
- #1285
- #1286
- #1287
- #1288
- #1289
- #1290
- #1291
- #1292
- #1293
- #1294
- #1295
- #1296
- #1298
- #1299
- #1300
- #1301
- #1302
- #1303
- #1304
- #1305
- #1306
- #1307
- #1308
- #1309
- #1310
- #1311
- #1312
- #1313
- #1314
- #1315
- #1316
- #1317
- #1318
- #1319
- #1320
- #1321
- #1322
- #1323
- #1324
- #1325
- #1326
- #1328
- #1329
- #1331
- #1332
- #1334
- #1338
- #1340
- #1341
- #1342
- #1343
- #1344
- #1345
- #1348
- #1349
- #1351
- #1352
- #1353
- #1354
- #1355
- #1356
- #1357
- #1358
- #1359
- #1360
- #1361
- #1362
- #1363
- #1365
- #1366
- #1367
- #1368
- #1371
- #1372
- #1374
- #1375
- #1376
- #1379
- #1380
- #1381
- #1383
- #1384
- #1385
- #1386
- #1387
- #1388
- #1389
- #1391
- #1392
- #1394
- #1395
- #1397
- #1398
- #1399
- #1400
- #1403
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants