From 12bf0bf3a6812ee8dfb6de3e223a25e1e81115f6 Mon Sep 17 00:00:00 2001
From: Dominik Lammers <info@dominik-lammers.de>
Date: Wed, 20 Sep 2023 14:38:07 +0200
Subject: [PATCH] fix: Fail if `RMT_PASSWORD` is not set but used

---
 readonly/startup.sh | 4 +++-
 remote/startup.sh   | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/readonly/startup.sh b/readonly/startup.sh
index 8da5364b..2361da45 100755
--- a/readonly/startup.sh
+++ b/readonly/startup.sh
@@ -5,8 +5,10 @@
 
 set -exuo pipefail
 
+salt=$(openssl rand -base64 16)
+password_hash=$(openssl passwd -6 -salt ${salt} "${RMT_PASSWORD:?}")
 line=$(grep techuser /etc/shadow);
-echo ${line%%:*}:$(openssl passwd -6 -salt $(openssl rand -base64 16) "${RMT_PASSWORD:?}"):${line#*:*:} > /etc/shadow;
+echo ${line%%:*}:${password_hash}:${line#*:*:} > /etc/shadow;
 unset RMT_PASSWORD
 
 # Prepare Workspace
diff --git a/remote/startup.sh b/remote/startup.sh
index 14c70891..827ee340 100755
--- a/remote/startup.sh
+++ b/remote/startup.sh
@@ -7,8 +7,10 @@ set -exuo pipefail
 
 if [ "$(whoami)" == "root" ] || [ "$(whoami)" == "techuser" ];
 then
+    salt=$(openssl rand -base64 16)
+    password_hash=$(openssl passwd -6 -salt ${salt} "${RMT_PASSWORD:?}")
     line=$(grep techuser /etc/shadow);
-    echo ${line%%:*}:$(openssl passwd -6 -salt $(openssl rand -base64 16) "${RMT_PASSWORD:?}"):${line#*:*:} > /etc/shadow;
+    echo ${line%%:*}:${password_hash}:${line#*:*:} > /etc/shadow;
 else
     echo "Only techuser and root are supported as users.";
     exit 1;