Re: [libvirt] [jenkins-ci PATCH] lcitool: Don't encrypt password manually
On Tue, 2018-09-04 at 10:49 +0200, Martin Kletzander wrote:
s/manually/ourselves/ in the subject.
[...]
def get_root_password_file(self):
- root_pass_file = self._get_config_file("root-password")
- root_hash_file = self._get_config_file(".root-password.hash")
-
- try:
- with open(root_pass_file, "r") as infile:
- root_pass = infile.readline().strip()
- except Exception:
- raise Error(
- "Missing or invalid root password file ({})".format(
- root_pass_file,
- )
- )
-
- # The hash will be different every time we run, but that doesn't
- # matter - it will still validate the correct root password
- root_hash = crypt.crypt(root_pass, Util.mksalt())
-
- try:
- with open(root_hash_file, "w") as infile:
- infile.write("{}\n".format(root_hash))
- except Exception:
- raise Error(
- "Can't write hashed root password file ({})".format(
- root_hash_file,
- )
- )
-
- return root_hash_file
+ return self._get_config_file("root-password")
This is a really nice improvement overall, but we can't quite get
rid of the entire function: we still need to try and open the file,
or at least stat() it, like we do in get_vault_password_file(), so
that we can error out early instead of having Ansible bail out on
us really late in the game.
--
Andrea Bolognani / Red Hat / Virtualization