You are reading content from Scuttlebutt
User has not chosen to be hosted publicly
User has not chosen to be hosted publicly
@cryptix %30FK1nvUHnygGsxEZKnh/wrEok4mMVOz9xajfNx5G0w=.sha256

yup, on it.

was running into some problems with the caching of sum.golang.org.

@cryptix %8vM3V7/hQSlZuOEKr3XA90uivjEKwy1v7ThngOGS8WI=.sha256

2.0.5 is published now but @Hendrik Peter found a bug that I will publish as 2.0.6 once the fix is confirmed and merged.

I need to file an issue with the go team about an issue with the replace directive on the sumdb service. Then we can enable verifiable builds for releases... :-/

User has not chosen to be hosted publicly
@cryptix %aCSFi5aFCXYDeMIXDEyEgWjjoCtsUnZkGj3deTqNivE=.sha256

@RĂ´mulo Alves if you want the hacky truth, sure! It's basically just doing a single insert in the sqlite table, using bcrypt for hashing the password.

So you would do something like INSERT INTO members (pub_key, role) VALUES ... where pub_key is a ssb-ref as a string, role is an roomdb.Role integer (iota starts with 0, so admin is 3). And then use the id of that row as member_id for the setting the passowrd via INSERT INTO fallback_password (member_id, hashed_password) VALUES ....

The word of warning here would be the encoding of bcrypt. The go implementation bundles the hash and the salt and I've seen packages that give you both of them independently.. so.... there is that potential problem. If you don't want to deal with that you could either use a minimal generate password utility like the one at the end of this post, run that locally and copy the hash to the insert on your room server. Alternatively you could just use sign-in with ssb via ssb-room2-check and reset the password once your logged in via that (in this case you wouldn't have to place the 2nd INSERT at all).

The upside of using the insert-user tool is that it bundles the migration management, too. But if you run the server first, this shouldn't be a problem.

Here is the utility i mentioned. Store this somewhere, maybe as gen-room-pw.go

package main

import (
    "bufio"
    "fmt"
    "log"
    "os"

    "golang.org/x/crypto/bcrypt"
)

func main() {

    lineReader := bufio.NewScanner(os.Stdin)

    lineReader.Scan()
    passw := lineReader.Text()

    hashed, err := bcrypt.GenerateFromPassword([]byte(passw), bcrypt.DefaultCost)
    check(err)

    fmt.Println("the hash is:")
    fmt.Println(string(hashed))

}

func check(err error) {
    if err != nil {
        log.Fatal(err)
    }
}
}

And then use it like this:

$ go get golang.org/x/crypto/bcrypt
$ GO111MODULE=off go run gen-room-pw.go
mysupersecretpassword<enter>
the hash is:
$2a$10$u4887dZlNuU2m2vtV5QMfODFwsxhi4P9adoT/qH50THDsOHCUGcGi

Hope that helps

@cryptix %7DyY5DEIO5G2l3Rcgr1/A+MjsB4AerlWqvbwFkB9LuE=.sha256

Ah.. damn.... There is a }too much at the end.. bad copy&pasta...

Here is a fixed blob: &CwO+eGY...

Join Scuttlebutt now