pkgs/switches/junos: update password hash method from SHA-256 to SHA-512

2023-06-05 00:27:24 +02:00 · 2023-06-05 00:27:24 +02:00 · e76c8a9a3a
parent 4ada8878fc
commit e76c8a9a3a
1 changed files with 3 additions and 7 deletions
--- a/nix/pkgs/switches/junos.nix
+++ b/nix/pkgs/switches/junos.nix
@ -9,7 +9,7 @@ let
        host-name ${hostName};
        time-zone Europe/Berlin;
        root-authentication {
-            encrypted-password "$5$EBmFELmv$kQxtWwS0SBS.TqVPRvs8sKpH./l9DTtTxX/I2FJB2n2"; ## SECRET-DATA
+            encrypted-password "%%HASH%%"; ## SECRET-DATA
            ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGgoLzQMeyX1wjsX/hgVkN//zyfOQPiBRYgO2ajEGH6 root@server2";
        }
        services {
@ -114,13 +114,9 @@ let
  '';

  configFileWithHash = runCommand "junos.config" {
-    nativeBuildInputs = [ python3 ];
+    nativeBuildInputs = [ mkpasswd ];
  } ''
-    cat >gen.py<<EOF
-    import crypt
-    print(crypt.crypt('${hostConfig.password}', crypt.mksalt(crypt.METHOD_SHA256)))
-    EOF
-    HASH=$(python gen.py)
+    HASH=$(echo "${hostConfig.password}" | mkpasswd --method=SHA-512 --stdin)
    substitute ${configFile} $out \
      --replace "%%HASH%%" "$HASH"
  '';