From: Dave Brolley <brolley@redhat.com>
Date: Fri, 30 Oct 2009 16:17:06 +0000 (-0400)
Subject: Never ask the user for a password in stap-gen-cert. Read from /dev/random as
X-Git-Tag: release-1.0.9~83^2~9
X-Git-Url: https://sourceware.org/git/?a=commitdiff_plain;h=b732b45bcefa1414e984bc2a9c023336f4ebfe90;p=systemtap.git

Never ask the user for a password in stap-gen-cert. Read from /dev/random as
a last resort. Cert db passwords will be going away soon(tm).
---

diff --git a/stap-gen-cert b/stap-gen-cert
index 574df351b..44ec817ec 100755
--- a/stap-gen-cert
+++ b/stap-gen-cert
@@ -13,30 +13,6 @@
 # Initialize the environment
 . `dirname $0`/stap-env
 
-# Obtain a password from stdin and echo it.
-function user_enter_password
-{
-    while true
-    do
-	while true
-	do
-	    read -sp "Enter new password for systemtap server certificate/key database:" pw1 junk
-	    echo "" >&2
-	    test "X$pw1" != "X" && break
-	done
-	while true
-	do
-	    read -sp "Reenter new password:" pw2 junk
-	    echo "" >&2
-	    test "X$pw2" != "X" && break
-	done
-	test "$pw1" = "$pw2" && break
-	echo "Passwords do not match" >&2
-    done
-
-    echo $pw1
-}
-
 # Obtain the certificate database directory name.
 serverdb=$1
 if  test "X$serverdb" = "X"; then
@@ -60,7 +36,7 @@ fi
 # Generate a random password.
 mkpasswd -l 20 > $serverdb/pw 2>/dev/null || \
 apg -a 1 -n 1 -m 20 -x 20 > $serverdb/pw 2>/dev/null || \
-user_enter_password > $serverdb/pw
+(read -n20 password </dev/random; echo "$password" > $serverdb/pw)
 
 # Generate the server certificate database
 if ! certutil -N -d $serverdb -f $serverdb/pw > /dev/null; then