[lmi-commits] [lmi] master b2b14a0 1/7: Rework openssl usage

[Greg Chicares]

branch: master
commit b2b14a074e1746d23c8eda0cc5e05765aa6a2a4d
Author: Gregory W. Chicares <address@hidden>
Commit: Gregory W. Chicares <address@hidden>

    Rework openssl usage
    
    openssl was installed by default in centos chroots created by 'rinse'
    up to 2020-05-14; since 2020-05-19, it isn't.
---
 lmi_setup_05c.sh | 4 +++-
 lmi_setup_21.sh  | 7 ++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lmi_setup_05c.sh b/lmi_setup_05c.sh
index ea3f5ad..988744a 100755
--- a/lmi_setup_05c.sh
+++ b/lmi_setup_05c.sh
@@ -39,13 +39,15 @@ chmod 666 /dev/null
 chmod 666 /dev/ptmx
 [ -d /dev/pts  ] || mkdir /dev/pts
 
+# This minimal centos chroot lacks openssl, so hardcode a password.
+
 getent group "${NORMAL_GROUP}" || groupadd --gid="${NORMAL_GROUP_GID}" 
"${NORMAL_GROUP}"
 getent passwd "${NORMAL_USER}" || useradd \
   --gid="${NORMAL_GROUP_GID}" \
   --uid="${NORMAL_USER_UID}" \
   --create-home \
   --shell=/bin/zsh \
-  --password="$(openssl passwd -1 expired)" \
+  --password="\$1\$\$AYD8bMyx6ho3BnmO3jjb60" \
   "${NORMAL_USER}"
 
 usermod -aG sudo "${NORMAL_USER}" || echo "Oops."
diff --git a/lmi_setup_21.sh b/lmi_setup_21.sh
index def07b3..9ae479d 100755
--- a/lmi_setup_21.sh
+++ b/lmi_setup_21.sh
@@ -38,13 +38,18 @@ assert_chrooted
 #   chage -d 0 "${NORMAL_USER}"
 # may seem like a good idea, but invoking schroot with that userid
 # doesn't prompt for a password change.
+#
+# Hardcode the salt so that repeated openssl invocations yield
+# identical results, to avoid gratuitous regressions when comparing
+# successive logs.
+
 groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
 useradd \
   --gid="${NORMAL_GROUP_GID}" \
   --uid="${NORMAL_USER_UID}" \
   --create-home \
   --shell=/bin/zsh \
-  --password="$(openssl passwd -1 expired)" \
+  --password="$(openssl passwd -1 --salt '' expired)" \
   "${NORMAL_USER}"
 
 usermod -aG sudo "${NORMAL_USER}" || echo "Oops."