[Buildroot] [PATCH v2 3/3] system cfg: remove mkpasswd MD5 format option

Peter Korsgaard peter at korsgaard.com
Sat Dec 15 10:33:52 UTC 2018


>>>>> "Matt" == Matt Weber <matthew.weber at rockwellcollins.com> writes:

 > As SHA256 is now default, removing weak MD5 option.  C libraries now
 > all support the SHA methods.
 >     glibc 2.7+
 >     uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
 >     musl 1.1.14+

 > One issue this would prevent, is a host tool issue with a FIPS enabled
 > system where weak ciphers/methods are disabled. It seems the crypt(3)
 > call is impacted by /proc/sys/crypto/fips_enabled (per crypt(3) man
 > page). It results in mkpasswd returning "(EPERM) crypt failed."
 > Rather then create a Buildroot host dependency check, this patch
 > removes the potential corner case from being selected.

 > Acked-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
 > Cc: "Yann E. MORIN" <yann.morin.1998 at free.fr>
 > Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>

I was hesitating about this, but as you can still provide a pre-hashed
md5 password (if your host system supports it) I guess it is OK.

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list