Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
alpine: suppress master password #2023
I built the latest alpine package (for some reason, the version in the APT repo is out of date; I can't find any documentation about when the repo is updated…?), and it now supports storing passwords, which is good.
Unfortunately, the latest version of alpine (2.21) introduces a mandatory "master password" for the password file, and there is no explicitly documented way to avoid this. (I am assuming that Termux users will want to avoid it, since typing passwords on phones is fiddly.)
Fortunately, it's quite simple: the master password file consists of a self-signed X509 certificate, so it's merely necessary to generate one without a password. This can be achieved with, for example, the following incantation:
It would be nice if the alpine package worked like this by default, but I'm not sure how this is done. Presumably even Termux packages don't install files in the home directory? Also, there's a question over whether the passwordless key/certificate pair should be generated at package build time, or, for a bit more security, at package installation time (so that merely losing one's
I'm a total Termux newbie (I came to it to see if I could put alpine on my phone!) hence I'm not proposing a full solution here, and would appreciate guidance.
i will make a pull request in a few hours that should do it. If you want to do it yourself it requires cloning this repo and editing alpine's build.sh and making pull request.
Thanks very much. I understand a bit about deb packaging (I'm a Debian maintainer), but I didn't know whether it was allowed to touch the user's home directory during package installation: on Debian I suspect it's not (at least, without a prompt), but on (single-user) Termux perhaps this is OK?