Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial retooling #1

Merged
naturallaw777 merged 1130 commits from staging-dev into stable 2026-05-21 08:10:11 -05:00
Conversation 0 Commits 1130 Files Changed 122
+37 -2
2 changed files with 37 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c1c0827604 - Show all commits
app/sovran_systemsos_web/server.py
+37 -1
View File
@@ -2019,13 +2019,49 @@ async def api_migration_password_status():
@app.post("/api/migration/password-acknowledge")
async def api_migration_password_acknowledge():
"""Acknowledge and clear the migration password disclosure marker."""
"""Acknowledge the migration password and update /etc/shadow to match."""
# Read the new password before deleting the file
new_password = None
try:
with open(MIGRATION_NEWPASS_FILE, "r") as f:
new_password = f.read().strip()
except FileNotFoundError:
pass
except OSError as exc:
raise HTTPException(status_code=500, detail=f"Could not read migration password: {exc}")
# Update /etc/shadow so GDM accepts the new password going forward
if new_password:
chpasswd_bin = (
shutil.which("chpasswd")
or ("/run/current-system/sw/bin/chpasswd"
if os.path.isfile("/run/current-system/sw/bin/chpasswd") else None)
)
if chpasswd_bin:
try:
result = subprocess.run(
[chpasswd_bin],
input=f"free:{new_password}",
capture_output=True,
text=True,
)
if result.returncode != 0:
logger.warning(
"chpasswd failed during migration acknowledge (rc=%d): %s",
result.returncode,
(result.stderr or result.stdout).strip(),
)
except Exception as exc:
logger.warning("chpasswd exception during migration acknowledge: %s", exc)
# Clear the pending marker
try:
os.remove(MIGRATION_NEWPASS_FILE)
except FileNotFoundError:
pass
except OSError as exc:
raise HTTPException(status_code=500, detail=f"Could not clear migration password: {exc}")
return {"ok": True}
modules/credentials.nix
-1
View File
@@ -226,7 +226,6 @@ in
printf '%s\n' "$FREE_PASS" > "$SECRET_FILE"
chmod 600 "$SECRET_FILE"
printf 'free:%s\n' "$FREE_PASS" | chpasswd
printf '%s\n' "$FREE_PASS" > "$NEWPASS_FILE"
chmod 600 "$NEWPASS_FILE"