From patchwork Thu Jun 12 15:56:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4223 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 12 Jun 2025 17:56:45 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f186.google.com (mail-pl1-f186.google.com [209.85.214.186]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55CFuhIO003392 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 12 Jun 2025 17:56:44 +0200 Received: by mail-pl1-f186.google.com with SMTP id d9443c01a7336-2349498f00esf17733945ad.0 for ; Thu, 12 Jun 2025 08:56:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1749743798; cv=pass; d=google.com; s=arc-20240605; b=Oq/axCNDfzPLaLNbO1H4LarCA+XX9Z/9vGOz3sQKlnKUAWKcyoPUqYddSns6p21eJD Je6Lei6wgS8U/E6usfJptwnzhrLhqAGyYybVwai+IdwER9zYaQiMZj1Cdm69o0QlaBZM xhen46aseQuacybuWvdFARos/KnJb0wkskrvwx1CJ99OuAe+H7ne5AjumiZ22ms2Ly+w 9Sv3msK82qE4+qBUpF8ziuXB1/ELRa+diDv4s5QEbC+Wfk2AAc5k0iuLgFs+s9wHfbrz 4ECJ1aAOSXa44Ba9r6calHcdfxvACiAh1zhLhzuAJ/gR4c3CbaUvPNMEF/JEcg7uY6U4 snNw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=OXeHrSCLz4R50bWZx+XQ71AnPV2i5l3pbFdlSy9KIHY=; fh=ew3I7usz6XTCY/+W7yJPYOZNdP+6c9ZO/A68Z1EjuWE=; b=aoQxmefrSh5sn1f46bhMC74CSia+41AvfpOH3fZ0oR4eTqeSZmf7ZCqprlOHf77zF6 kemkJkwU5wJ8fYtbr+PoK6VM48Qnc+uxVOjUshFXLRPbfTXBRB+c5AIXlGg/qfTBfHKL DhsB+5LXaP92RgJiIQTgy9CdOgyYMZbI4+YFqLF8BEvLBM1Ygwie300jkGWlPz66ized ZzsDMVXeDspUjykbKXvY0yay32xLtxyv1LwuWL2hW07EPmihYSuZ/6GXDxtLqEKaXfLN X0fs8brmjkYOtm+HZtYfq99kCB+j2kEC4Pw2YJlofhcWD5Aguy5HRhMwsn5dvgWmxf// Io8Q==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=qMqPPTCC; spf=pass (google.com: domain of fm-1321639-20250612155633a5190c72d4abef53c0-h2rzcf@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1321639-20250612155633a5190c72d4abef53c0-H2rzCf@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1749743798; x=1750348598; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=OXeHrSCLz4R50bWZx+XQ71AnPV2i5l3pbFdlSy9KIHY=; b=H4tCNG8GEkk2KNAze7Xsx/dj2Emw04LiYd2DHNz3fQdAIuDQk1cFifhcaNLUmhejBx hoG4oEpAvtXWAPd2oG4esA2DGzfH37iKtBz16DWbaZCzVMnjj+lwZ3NbY/3Rz0WoI77M //GtSOqdsM8rnL7EbYywJOI+taC1+OQnA4CG3rG4xhgmQRZjIgrWjpkqKwcymxw4IIT6 X4rPHHn5iJhdKx3hQegb2d0ZW0Gz+0BDG2mMt7h/DfK4I54avJDdGN4oKnc9hA84HOSM anCSq82odv9lF+4pOX13eBMfCQ2XS5EdeSACWyjk3M1IMFMtTcUv8ICZDScpI/fohV2r I/4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749743798; x=1750348598; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OXeHrSCLz4R50bWZx+XQ71AnPV2i5l3pbFdlSy9KIHY=; b=Dc/CxVaIEqNdME+iBxols1qFdhKvt/Q+ROKl49cXN7RJ3LalLTLAI5KUJLtheCZ/8v LrgDOlGxX3CI1l7DzPNnAiYNL2PN9rp30sVYPOm4I80Gajt/FcrvQ9O7HE+kiDeqBkhP e5zLOpGIYM3rJjtFd+o3FUN2tFFDkbjpCH3K1TCzLHUSCbFw4UPl2GfA1ARlLeVcJUy8 UPPEH/tqX6qEZ21kQD6oFzIPKJFsZG05KstGlGMGApwLClYHPpzjlNgeVWQXMqcsRQ3m 6oxvzqqKmsPz1FYujW4ZCqwBgcTD2R1B+Uo8lhjg52dyiuvrT9BM0tgiry+p2rX5pr78 U7rw== X-Forwarded-Encrypted: i=2; AJvYcCVAC+ZW/cjbLORAAcMwVQKE77O0Ta4irMvvYfsgK1nDi0Ee55hNL9oKUTgCKZ3FXX52FDA/gG4=@isar-build.org X-Gm-Message-State: AOJu0YwO1chhASA5P25WdX0C7pbSSd0HWOXl7xec9zDASMTirS8S0b+E XiBg/2kz2qZWsDZUp8sRvb80FpNi0NWq9r4VfRbtezTQuPrR1IfdaDUv X-Google-Smtp-Source: AGHT+IEyGn9wXWgoHMXR6yZXtC7OgiL+KHdPzkPIs6XhSrRyZffAzHqdtgOuTuutV10h7dtWWGvp3Q== X-Received: by 2002:a17:90b:3b49:b0:2fa:562c:c1cf with SMTP id 98e67ed59e1d1-313bfd6dd20mr5375444a91.1.1749743797666; Thu, 12 Jun 2025 08:56:37 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZfpiTzycWrHtaqVCBnEFw13/kCIYQsBTVOpsbHMkcXSCw== Received: by 2002:a17:90b:d8d:b0:311:bf58:2bf4 with SMTP id 98e67ed59e1d1-313bf90fb9els804666a91.0.-pod-prod-00-us; Thu, 12 Jun 2025 08:56:36 -0700 (PDT) X-Received: by 2002:a17:90b:1d49:b0:311:a5ab:3d47 with SMTP id 98e67ed59e1d1-313bfd7ab92mr5298445a91.1.1749743796163; Thu, 12 Jun 2025 08:56:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1749743796; cv=none; d=google.com; s=arc-20240605; b=fC1jT0QdN7k+wyguOyMOultXdY3fZIOkT4rvd7Ps51bcnaVmvkfhKSue/ZFKay6yI9 pBfoZ9ULua0CGt7v5qafu4h62l1FsvxK4JR9+bR+t0PcnkDDWxqUbYTN/MmieGpXsdOD qZ85Cklr930Vk+UIAOzptCcYe3eJa5zmUAeYKzknyV23PSAVmkjp+OCLbbc2NL8u9mZg YTx0Py1PIquNHM+Zo1SHRCdzlW+Nz0Kqs9I8X0myxdxQ2LVCvTanAx+v0RwbvZ88Pvr9 RSjtHyp7dV+zLlhErPK57K2KE85GsU7LEk4l0nXY142v8aNalQep+sTzbBshjGbbXQSW 8KtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=SrwPlM1jwqALj5n8OeYXhSBIafC8FmFT6RJPeTZPUXk=; fh=mCWA4AbeJIIx/jB2sZk/ItzTiQhicKuLfQNpyfz1pNQ=; b=UIPBGLxJ6NfdyPFqtLbxMflBDtRf0vUc/2P0uVxzU0B5btBYJCcEWmql5wJvpsCGTO ZwHvkDJr/WNG2YIXO84qxuGBCFnfj8w66xe1UU8eGBDZ9gZiRReYNQRsLshXa7E/60Nx /QjN12Nmzl22Av4cGReoODvr2fedj8K4pxm/SbMZE6T5szwYeFDqx0zth2xfQfRtB06T YI2n4/CnOLfG4LwhL0Ffb7iJliKoaLbByloDQO01mvJbwq/0NQiioktG3mlk21TFJ6cB erGnFMr9JgDHyWhTtSaDZHJ4xGnM5xnX4ad45NOH63dtw/NfHBdmI2+wJaLBEgJz4qI+ cSKg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=qMqPPTCC; spf=pass (google.com: domain of fm-1321639-20250612155633a5190c72d4abef53c0-h2rzcf@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1321639-20250612155633a5190c72d4abef53c0-H2rzCf@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-313a68487dbsi236680a91.1.2025.06.12.08.56.35 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Jun 2025 08:56:35 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1321639-20250612155633a5190c72d4abef53c0-h2rzcf@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 20250612155633a5190c72d4abef53c0 for ; Thu, 12 Jun 2025 17:56:33 +0200 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, Felix Moessbauer , Clara Kowalsky Subject: [PATCH 1/1] image-accounts: directly pass arguments to openssl instead of shell Date: Thu, 12 Jun 2025 17:56:10 +0200 Message-ID: <20250612155610.473593-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1321639:519-21489:flowmailer X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=qMqPPTCC; spf=pass (google.com: domain of fm-1321639-20250612155633a5190c72d4abef53c0-h2rzcf@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1321639-20250612155633a5190c72d4abef53c0-H2rzCf@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= When hashing the password, the whole openssl command was passed as a shell string instead of directly passing the individual arguments as-is. Further, the arguments were not shell escaped. By that, passwords containing a string were split into two individual arguments, breaking the command (or silently set a different password if the remainder itself was a valid argument). We fix this by passing the arguments as-is (as list) to bb.process.run. Fixes: 6144daf9 ("image-account-extension: Avoid deprecated crypt...") Reported-by: Clara Kowalsky Signed-off-by: Felix Moessbauer --- meta/classes/image-account-extension.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index 3c461b1a..25288e76 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -133,7 +133,7 @@ def image_create_users(d: "DataSmart") -> None: source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") command.append("-e") salt = hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] - password = bb.process.run('openssl passwd -6 --salt {} {}'.format(salt, password))[0].strip() + password = bb.process.run(['openssl', 'passwd', '-6', '--salt', salt, password])[0].strip() else: command.append("-e")