fix: store password as scram-sha-256 #99
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
I encountered an issue during the installation process where the chirpstack_as and chirpstack_ns roles cannot access PostgreSQL. The problem appears to be related to password encryption methods.
The shell script expects the role passwords to be md5 encrypted. However, the RPi OS Bookworm installs PostgreSQL 15 by default, as shown below:
apt-cache policy postgresql postgresql: Installed: 15+248 Candidate: 15+248 Version table: *** 15+248 500 500 http://deb.debian.org/debian bookworm/main arm64 Packages 500 http://deb.debian.org/debian bookworm/main armhf Packages 100 /var/lib/dpkg/statusPostgreSQL 15 uses scram-sha-256 as the default encryption method.
https://www.postgresql.org/docs/15/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION
However, the init_sql.sql script sets the password using md5 encryption:
https://github.com/RAKWireless/rak_common_for_gateway/blob/master/chirpstack/init_sql.sql#L15
To address this inconsistency, there are two potential solutions:
Specify the PostgreSQL version to one that uses md5 encryption by default.
Update the password storage method to scram-sha-256 to match the latest PostgreSQL version.
This PR aims to set the role passwords using scram-sha-256 encryption. I would appreciate the maintainers' opinions on this approach.
Thank you.