Dependency on pwqgen not mentioned in readme #147
Labels
No Label
breaking-change
bug
CI/CD
design
documentation
duplicate
enhancement
help wanted
invalid
plugin
question
secrets
shell-completion
versioning
wontfix
No Milestone
No Assignees
2 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/abra#147
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Is required for secret generation.
Is there native soloutions we can have as a fallback like /dev/urandom? Might be good to make pwqgen an optional dependancy
I think passwdqc-utils is unmaintained
Cant seem to give my own command either. Aliasing pwqgen doesnt work
Makes using abra on arch based systems impossible as you cannot download the binary and I cannot find the source
@roxxers do you have
pwgen
(without the Q) installed? We could use that as a fallback ifpwqgen
isn't available. If not, yeah let's use /dev/urandom or some excitement.Did you at least get an error message
"ERROR: 'pwqgen' program is not installed"
or is that also not working?Lastly you can manually hack around this using the
<cmd>
option toabra .. secret generate
, e.g.pwgen is installed. Still get the same error which is the
"ERROR: 'pwqgen' program is not installed
one and providing my own command like you showed still shows the same error so I think the logic might be bugged a lil from what I saw of the code. Didnt deep dive the bash but I did see how it might just ignore everything of pwqgen isn't installedYep, seems so. Looking at it now
I'll provide screenshots in a bit
It now seems to work with the
<cmd>
option, at least:(I tested by renaming my
pwqgen
binary)Suggest keeping this ticket open until we have the default fallback -- @roxxers do you think
pwgen
is a safe option here or should we do some exciting pure-bash generation?@3wordchant I think just moving to a more native solution as a fallback would help portability. As for security, I think the default length when using pwgen is too small. Using something like
pwgen 1 32
for a 32 char length is safer. The ones generated for me after the fix were 8 chars long. I'd have to research which method is best but from what I recall, urandom should be fine. Esp when secrets don't need memorisation or ease of typing like passphrases do.Yeah sounds legit, patch welcome! Otherwise I'll get to it ASAP.
See #153; I think this was my mistake providing the above workaround. Normally,
abra
already generates passwords of the length specified in an app's.env.sample
file – a quickrg --hidden length
in my~/.abra/apps
dir suggests that the shortest length we'll generate will be 43 (for Gitea'sSECRET_JWT_SECRET_VERSION
).Depends which; it seems possible that someone at some point is gonna need to read a MySQL root password over the phone, in which case
pwqgen
-generated passwords are going to be many many times easier.Dependancy on pwqgen not mentioned in readmeto Dependency on pwqgen not mentioned in readme