adding docs/HOWTO.hashgen- OOPS.

This commit is contained in:
brent s. 2016-11-27 12:18:31 -05:00
parent b95bef3b17
commit 6f53d09b04
3 changed files with 60 additions and 26 deletions

View File

@ -22,4 +22,4 @@ if __name__ == '__main__':
for a in arch:
bchroot.chroot(conf['build']['chrootdir'] + '/root.' + a, 'bdisk.square-r00t.net')
bchroot.chrootUnmount(conf['build']['chrootdir'] + '/root.' + a)
build.chrootClean(conf['build'])
#build.chrootClean(conf['build'])

View File

@ -22,31 +22,29 @@ def chrootClean(build):
tar.add(dbdir, arcname = os.path.basename(dbdir))
# Cut out the fat
# The following are intended as "overrides" of the paths we'll be deleting.
backup = {}
backup['dirs'] = ['/var/lib/pacman/local']
backup['files'] = ['/usr/share/locale/locale.alias',
backup = ['/var/lib/pacman/local',
'/usr/share/locale/locale.alias',
'/usr/share/zoneinfo/EST5EDT',
'/usr/share/zoneinfo/UTC',
'/usr/share/locale/en',
'/usr/share/locale/en_US',
'/usr/share/locale/en_GB']
# And these are what we remove.
delete = {}
delete['dirs'] = ['/usr/share/locale/*',
'/var/cache/pacman/*',
'/var/cache/pkgfile/*',
'/var/cache/apacman/pkg/*',
'/var/lib/pacman/*',
'/var/abs/local/yaourtbuild/*',
delete = ['/usr/share/locale/',
'/var/cache/pacman/',
'/var/cache/pkgfile/',
'/var/cache/apacman/pkg/',
'/var/lib/pacman/',
'/var/abs/local/yaourtbuild/',
'/usr/share/zoneinfo',
'/root/.gnupg',
'/tmp/*',
'/var/tmp/*',
'/var/abs/*',
'/run/*',
'/boot/*',
'/usr/src/*',
'/var/log/*',
'/tmp/',
'/var/tmp/',
'/var/abs/',
'/run/',
'/boot/',
'/usr/src/',
'/var/log/',
'/.git']
delete['files'] = ['/root/.bash_history',
'/root/apacman*',

36
docs/HOWTO.hashgen Normal file
View File

@ -0,0 +1,36 @@
Generating a salted hash compatible with shadow(5) is a rather simple task.

If you haven't read the shadow(5) man page yet, I highly recommend it:

man 5 shadow

There are many ways in which you can generate a salted hash.

0.) Debian can do this with the mkpasswd utility (it's in Arch's AUR as debian-whois-mkpasswd):

mkpasswd --method=sha-512 --salt=aBcDeFgHiJ PASSWORD

(If a salt is not provided, one will be automatically generated. That is is the suggested method.)

1.) perl (PoC script welcome):

perl -e 'print crypt("PASSWORD","\$6\$aBcDeFgHiJ\$") . "\n"'

2.) python (extras/bin/hashgen.py):

python -c "import crypt, getpass, pwd; print crypt.crypt('PASSWORD','\$6\$aBcDeFgHiJ\$')"

3.) php:

php -r "\$password = readline('Password: '); \$saltRaw = random_bytes(8); \$salt = base64_encode(\$saltRaw); \$result = crypt(\$password,'\$6' . '\$' . \$salt .'\$'); print \$result . \"\n\";"

4.) even grub-crypt (if using legacy grub):

/sbin/grub-crypt --sha-512

The end-product should look something like this:

$6$aBcDeFgHiJ$Yh342vFH7MOjPNu9InFymD1Dd42i5cFsr1cTWdpKGNIkbRGR/ZKQDRPJ1ZeeGb7y894Tfh3iWZIJKu3phlsqQ1

If it doesn't, you did something incorrectly.
Note that different hashes/the PoC scripts will result in a different string, but it should be the same length.