From 55d5af7f33137981989ef83f1649ab137eec16e8 Mon Sep 17 00:00:00 2001 From: Coelacanthus Date: Tue, 30 Aug 2022 18:09:12 +0800 Subject: [PATCH] refactor(mkrootfs): use sha512crypt instead of crypt(old) I misunderstood the meaning of Perl's crypt function, I thought the second argument was a hash method, but it was actually salt. using crypt gives the result of a traditional Unix password hash function, which is very insecure. Arch Linux currently uses sha512crypt by default, and we use it as well. Signed-off-by: Coelacanthus --- mkrootfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkrootfs.sh b/mkrootfs.sh index d210572..bfb60bc 100755 --- a/mkrootfs.sh +++ b/mkrootfs.sh @@ -22,7 +22,7 @@ yes y | sudo pacman \ --sync --clean --clean msg "Set root password (Default: archriscv)..." -sudo usermod --root $(realpath ./rootfs) --password $(perl -e "print crypt('archriscv','yescrypt')") root +sudo usermod --root $(realpath ./rootfs) --password $(openssl passwd -6 archriscv) root msg "Compressing rootfs..." sudo bsdtar --create --zstd --verbose --xattrs --acls -f "archriscv-$(date --rfc-3339=date).tar.zst" -C rootfs/ .