user creds layer to use chpasswd -e (for hashed passwords) #82
Description
user creds layer:
---
name: rpi-user-creds
mmdebstrap:
packages:
- sudo
customize-hooks:
- chroot $1 sh -c "if ! id -u $IGconf_device_user1 >/dev/null 2>&1; then
adduser --disabled-password --gecos \"\" $IGconf_device_user1;
fi"
- |-
if [ -n "$IGconf_device_user1pass" ] ; then
chroot $1 sh -c "echo ${IGconf_device_user1}:${IGconf_device_user1pass} | chpasswd"
fi
- chroot $1 usermod --pass='*' root
- chroot $1 sh -c "for GRP in input spi i2c gpio; do
groupadd -f -r \$GRP;
done"
- chroot $1 sh -c "for GRP in adm dialout cdrom audio users sudo video games plugdev input spi i2c gpio ; do
adduser $IGconf_device_user1 \$GRP;
done"
- sed "s/^pi /$IGconf_device_user1 /" $RPI_TEMPLATES/sudo/010_pi-nopasswd > $1/etc/sudoers.d/010_pi-nopasswd
- mkdir -p $1/etc/profile.d
- |-
cat <<- 'EOCHROOT' > $1/etc/profile.d/01local.sh
#!/bin/sh
if [ "$(id -u)" -ne 0 ]; then
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games
fi
EOCHROOT
specifically:
if [ -n "$IGconf_device_user1pass" ] ; then
chroot $1 sh -c "echo ${IGconf_device_user1}:${IGconf_device_user1pass} | chpasswd"
fiIt would be so great if we could use chpasswd -e instead of chpasswd:
-e, --encrypted supplied passwords are encrypted
so that we could store passwords hashed in version control.
I'm not sure if this is a good idea, but it was something I was considering a while back. Something to think about.