While looking for the string md5sums in smartos-live for OS-8679, I discovered that way-back-when OS-62 introduced an in-tree pwgen(1) binary. Modern pkgsrc has this covered, so let’s get rid of that and use the one from pkgsrc instead.
Dan McDonald commented on 2025-07-31T12:15:08.140-0400:
Adding pwgen to the list of pkgsrc packages in configure plus making sure we use the pkgsrc version explicitly (for supply-chain and attestation reasons) should address any security reasons we used our own pwgen.
Dan McDonald commented on 2025-07-31T16:29:29.789-0400:
Hmmm, while building a PI with it, I noticed its root.password did not have a capital letter in it. Turns out the pkgsrc (even 24.4.1) pwgen(1) is buggy, and probably needs to get its sources from the https://github.com/tytso/pwgen repository instead of sourceforge.
Dan McDonald commented on 2025-07-31T16:29:44.173-0400:
See 405
Dan McDonald commented on 2025-08-01T17:12:40.631-0400:
I kicked off a PR branch Jenkins build of the whole wad (not just the gmake check for smartos-live), and it definitely brought the correct pwgen to the table.
smartos-build-2(~/smartos-live)[0]% digest -a md5 /tmp/pwgen-*
(/tmp/pwgen-broken) = 320c2ec4a7ba369497af23d8cf819053
(/tmp/pwgen-fixed) = 804728f608da7e708e053b06309ca9cb
smartos-build-2(~/smartos-live)[0]% Those are the pre-pkgsrc-fix, and post-pkgsrc-fix versions. Let’s look at our two big pieces of HW that build SmartOS in Jenkins:
[root@headnode (us-central-1) ~]# sdc-oneachnode -n INTEL,AMD 'digest -a md5 /zones/*/root/opt/local/bin/pwgen'
=== Output from 44454c4c-5100-104e-8033-c2c04f363133 (AMD):
804728f608da7e708e053b06309ca9cb
=== Output from 44454c4c-3200-1042-8056-c2c04f395432 (INTEL):
(/zones/2ab11178-ef8b-45be-8b7a-c4e13a885c8e/root/opt/local/bin/pwgen) = 804728f608da7e708e053b06309ca9cb
(/zones/5b2497a0-3f11-4d11-8960-a3533af3e553/root/opt/local/bin/pwgen) = 804728f608da7e708e053b06309ca9cb
[root@headnode (us-central-1) ~]# We use three Jenkins agents (default, debug, gcc14) and those were building this PR Jenkins job. There’s another one on AMD that’ll get tickled later.