[Buildroot] [PATCH v2 3/3] system cfg: remove mkpasswd MD5 format option
Peter Korsgaard
peter at korsgaard.com
Sat Dec 15 10:33:52 UTC 2018
>>>>> "Matt" == Matt Weber <matthew.weber at rockwellcollins.com> writes:
> As SHA256 is now default, removing weak MD5 option. C libraries now
> all support the SHA methods.
> glibc 2.7+
> uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
> musl 1.1.14+
> One issue this would prevent, is a host tool issue with a FIPS enabled
> system where weak ciphers/methods are disabled. It seems the crypt(3)
> call is impacted by /proc/sys/crypto/fips_enabled (per crypt(3) man
> page). It results in mkpasswd returning "(EPERM) crypt failed."
> Rather then create a Buildroot host dependency check, this patch
> removes the potential corner case from being selected.
> Acked-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
> Cc: "Yann E. MORIN" <yann.morin.1998 at free.fr>
> Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
I was hesitating about this, but as you can still provide a pre-hashed
md5 password (if your host system supports it) I guess it is OK.
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list