From 4fbeae6f7e2ee6af9d92bc351f5198424feb03e7 Mon Sep 17 00:00:00 2001
From: Disassembler <disassembler@dasm.cz>
Date: Wed, 5 Jun 2019 18:55:15 +0200
Subject: [PATCH] Sanitize all generated passwords

---
 lxc-apps/ckan/install.sh              | 8 ++++----
 lxc-apps/crisiscleanup/install.sh     | 4 ++--
 lxc-apps/cts/install.sh               | 6 +++---
 lxc-apps/ecogis/install.sh            | 2 +-
 lxc-apps/frontlinesms/install.sh      | 2 +-
 lxc-apps/gnuhealth/install.sh         | 4 ++--
 lxc-apps/kanboard/install.sh          | 4 ++--
 lxc-apps/mifosx/install.sh            | 4 ++--
 lxc-apps/motech/install.sh            | 4 ++--
 lxc-apps/odoo/install.sh              | 4 ++--
 lxc-apps/opendatakit-build/install.sh | 2 +-
 lxc-apps/opendatakit/install.sh       | 4 ++--
 lxc-apps/openmapkit/install.sh        | 2 +-
 lxc-apps/pandora/install.sh           | 6 +++---
 lxc-apps/sahana-demo/install.sh       | 6 +++---
 lxc-apps/sahana/install.sh            | 6 +++---
 lxc-apps/sambro/install.sh            | 6 +++---
 lxc-apps/seeddms/install.sh           | 4 ++--
 lxc-apps/sigmah/install.sh            | 4 ++--
 lxc-apps/ushahidi/install.sh          | 4 ++--
 20 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh
index 18640fa..41e3d4a 100755
--- a/lxc-apps/ckan/install.sh
+++ b/lxc-apps/ckan/install.sh
@@ -9,8 +9,8 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/solr ] && service solr start && STOP_SOLR=1
 
 # Create database
-export CKAN_PWD=$(head -c 18 /dev/urandom | base64)
-export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64)
+export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
+export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Configure CKAN Solr core
@@ -22,7 +22,7 @@ service solr restart
 
 # Configure CKAN
 mkdir -p /srv/ckan/conf /srv/ckan/data
-export CKAN_SECRET=$(head -c 18 /dev/urandom | base64)
+export CKAN_SECRET=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid)
 envsubst <srv/ckan/conf/ckan.ini >/srv/ckan/conf/ckan.ini
 cp srv/ckan/conf/who.ini /srv/ckan/conf/who.ini
@@ -42,7 +42,7 @@ lxc-execute ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/
 export CKAN_ADMIN_USER="admin"
 export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid)
 export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid)
-export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export CKAN_ADMIN_HASH=$(lxc-execute ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')")
 export CKAN_ADMIN_EMAIL="admin@example.com"
 envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- psql ckan
diff --git a/lxc-apps/crisiscleanup/install.sh b/lxc-apps/crisiscleanup/install.sh
index c25112e..5f6b5ad 100755
--- a/lxc-apps/crisiscleanup/install.sh
+++ b/lxc-apps/crisiscleanup/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create database
-export CRISISCLEANUP_PWD=$(head -c 18 /dev/urandom | base64)
+export CRISISCLEANUP_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Copy existing config files into persistent storage
@@ -18,7 +18,7 @@ cp -r /var/lib/lxc/crisiscleanup/crisiscleanup/srv/crisiscleanup/config/. /srv/c
 # Configure CrisisCleanup
 export CRISISCLEANUP_ADMIN_USER="Admin"
 export CRISISCLEANUP_ADMIN_EMAIL="admin@example.com"
-export CRISISCLEANUP_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export CRISISCLEANUP_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 envsubst <srv/crisiscleanup/conf/database.yml >/srv/crisiscleanup/conf/database.yml
 cp srv/crisiscleanup/conf/boot.rb /srv/crisiscleanup/conf/boot.rb
 cp srv/crisiscleanup/conf/initializers/devise.rb /srv/crisiscleanup/conf/initializers/devise.rb
diff --git a/lxc-apps/cts/install.sh b/lxc-apps/cts/install.sh
index a7132df..3856667 100755
--- a/lxc-apps/cts/install.sh
+++ b/lxc-apps/cts/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create database
-export CTS_PWD=$(head -c 18 /dev/urandom | base64)
+export CTS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Copy existing config files into persistent storage
@@ -15,7 +15,7 @@ mkdir -p /srv/cts/conf
 cp /var/lib/lxc/cts/cts/srv/cts/cts/settings/base.py /srv/cts/conf
 
 # Configure CTS
-export CTS_SECRET=$(head -c 26 /dev/urandom | base64)
+export CTS_SECRET=$(head -c 26 /dev/urandom | base64 | tr -d '+/=')
 envsubst <srv/cts/conf/spotter.py >/srv/cts/conf/spotter.py
 touch /srv/cts/conf/__init__.py
 
@@ -29,7 +29,7 @@ lxc-execute cts -- manage.py migrate
 
 # Create admin account
 export CTS_ADMIN_EMAIL=admin@example.com
-export CTS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export CTS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export CTS_ADMIN_HASH=$(lxc-execute cts -- python -c "from django.contrib.auth.hashers import make_password; print make_password('${CTS_ADMIN_PWD}')")
 export CTS_ADMIN_SECRET=$(head -c 12 /dev/urandom | sha256sum | cut -c1-13)
 envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- psql cts
diff --git a/lxc-apps/ecogis/install.sh b/lxc-apps/ecogis/install.sh
index 02b0506..965aa1b 100755
--- a/lxc-apps/ecogis/install.sh
+++ b/lxc-apps/ecogis/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Populate database
-export ECOGIS_PWD=$(head -c 18 /dev/urandom | base64)
+export ECOGIS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Configure EcoGIS
diff --git a/lxc-apps/frontlinesms/install.sh b/lxc-apps/frontlinesms/install.sh
index a92c69d..a588c2e 100755
--- a/lxc-apps/frontlinesms/install.sh
+++ b/lxc-apps/frontlinesms/install.sh
@@ -6,7 +6,7 @@ cd $(realpath $(dirname "${0}"))/install
 # Configure FrontlineSMS
 mkdir -p /srv/frontlinesms/data
 export FRONTLINESMS_ADMIN_USER="admin"
-export FRONTLINESMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export FRONTLINESMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export FRONTLINESMS_ADMIN_USER_HASH=$(echo -n "${FRONTLINESMS_ADMIN_USER}" | base64)
 export FRONTLINESMS_ADMIN_PWD_HASH=$(echo -n "${FRONTLINESMS_ADMIN_PWD}" | base64)
 envsubst <srv/frontlinesms/data/app-settings.properties >/srv/frontlinesms/data/app-settings.properties
diff --git a/lxc-apps/gnuhealth/install.sh b/lxc-apps/gnuhealth/install.sh
index 83c6b82..efba169 100755
--- a/lxc-apps/gnuhealth/install.sh
+++ b/lxc-apps/gnuhealth/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create databases
-export GNUHEALTH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '/+=')
+export GNUHEALTH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Configure GNU Health
@@ -16,7 +16,7 @@ envsubst <srv/gnuhealth/conf/trytond.conf >/srv/gnuhealth/conf/trytond.conf
 
 # Populate database
 export GNUHEALTH_ADMIN_USER="admin"
-export GNUHEALTH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export GNUHEALTH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 echo ${GNUHEALTH_ADMIN_PWD} >/var/lib/lxc/gnuhealth/gnuhealth/tmp/.adminpwd
 lxc-execute gnuhealth -- sh -c 'TRYTONPASSFILE=/tmp/.adminpwd trytond-admin -d gnuhealth --all -v'
 rm -f /var/lib/lxc/gnuhealth/gnuhealth/tmp/.adminpwd
diff --git a/lxc-apps/kanboard/install.sh b/lxc-apps/kanboard/install.sh
index 9a51485..dc33cae 100755
--- a/lxc-apps/kanboard/install.sh
+++ b/lxc-apps/kanboard/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Populate database
-export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64)
+export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 cat /var/lib/lxc/kanboard/kanboard/srv/kanboard/app/Schema/Sql/postgres.sql | lxc-attach -u 5432 -g 5432 postgres -- sh -c "PGPASSWORD=${KANBOARD_PWD} psql kanboard kanboard"
 
@@ -16,7 +16,7 @@ mkdir -p /srv/kanboard/conf /srv/kanboard/data
 chown -R 8009:8009 /srv/kanboard/data
 envsubst <srv/kanboard/conf/config.php >/srv/kanboard/conf/config.php
 export KANBOARD_ADMIN_USER=admin
-export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export KANBOARD_ADMIN_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw('${KANBOARD_ADMIN_PWD}'.encode(), bcrypt.gensalt()).decode().replace('2b', '2y'))")
 envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- psql kanboard
 
diff --git a/lxc-apps/mifosx/install.sh b/lxc-apps/mifosx/install.sh
index 4914bb7..949a95e 100755
--- a/lxc-apps/mifosx/install.sh
+++ b/lxc-apps/mifosx/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/mariadb ] && service mariadb start && STOP_MARIADB=1
 
 # Create databases
-export MIFOSX_PWD=$(head -c 18 /dev/urandom | base64)
+export MIFOSX_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach mariadb -- mysql
 
 # Populate database
@@ -37,7 +37,7 @@ echo 'ALTER TABLE `scheduled_email_campaign` ADD `previous_run_status` VARCHAR(1
 # Update admin account
 export MIFOSX_ADMIN_USER=admin
 export MIFOSX_ADMIN_EMAIL=admin@example.com
-export MIFOSX_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d "+")
+export MIFOSX_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export MIFOSX_ADMIN_HASH=$(echo -n "${MIFOSX_ADMIN_PWD}{1}" | sha256sum | awk '{print $1}')
 envsubst <adminpwd.sql | lxc-attach mariadb -- mysql mifostenant-default
 
diff --git a/lxc-apps/motech/install.sh b/lxc-apps/motech/install.sh
index 119f45b..69e1795 100755
--- a/lxc-apps/motech/install.sh
+++ b/lxc-apps/motech/install.sh
@@ -8,7 +8,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create database
-export MOTECH_PWD=$(head -c 18 /dev/urandom | base64)
+export MOTECH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Configure Motech
@@ -30,7 +30,7 @@ until curl -s "http://motech:8080/module/server/startup/" | grep -q adminLogin;
 done
 export MOTECH_ADMIN_USER="admin"
 export MOTECH_ADMIN_EMAIL="admin@example.com"
-export MOTECH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export MOTECH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 curl -H "Content-Type: application/json" -X POST -d "{\"adminLogin\":\"${MOTECH_ADMIN_USER}\",\"adminEmail\":\"${MOTECH_ADMIN_EMAIL}\",\"adminPassword\":\"${MOTECH_ADMIN_PWD}\",\"adminConfirmPassword\":\"${MOTECH_ADMIN_PWD}\",\"language\":\"cs\",\"providerName\":\"\",\"providerUrl\":\"\",\"schedulerUrl\":\"\"}" http://motech:8080/module/server/startup/
 lxc-stop motech
 
diff --git a/lxc-apps/odoo/install.sh b/lxc-apps/odoo/install.sh
index 0031afa..439bc6b 100755
--- a/lxc-apps/odoo/install.sh
+++ b/lxc-apps/odoo/install.sh
@@ -7,12 +7,12 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create databases
-export ODOO_PWD=$(head -c 18 /dev/urandom | base64)
+export ODOO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Configure Odoo
 export ODOO_ADMIN_USER="admin"
-export ODOO_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export ODOO_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 mkdir -p /srv/odoo/conf/ /srv/odoo/data/
 chown 8019:8019 /srv/odoo/data/
 envsubst <srv/odoo/conf/odoo.conf >/srv/odoo/conf/odoo.conf
diff --git a/lxc-apps/opendatakit-build/install.sh b/lxc-apps/opendatakit-build/install.sh
index 677174d..7795f7f 100755
--- a/lxc-apps/opendatakit-build/install.sh
+++ b/lxc-apps/opendatakit-build/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create databases
-export OPENDATAKITBUILD_PWD=$(head -c 18 /dev/urandom | base64)
+export OPENDATAKITBUILD_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres psql
 
 # Configure OpenDataKit Build
diff --git a/lxc-apps/opendatakit/install.sh b/lxc-apps/opendatakit/install.sh
index 3c85059..e13ed83 100755
--- a/lxc-apps/opendatakit/install.sh
+++ b/lxc-apps/opendatakit/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create databases
-export OPENDATAKIT_PWD=$(head -c 18 /dev/urandom | base64)
+export OPENDATAKIT_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Configure OpenDataKit
@@ -31,7 +31,7 @@ done
 lxc-stop opendatakit
 
 # Update admin account
-export OPENDATAKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export OPENDATAKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export OPENDATAKIT_ADMIN_SALT=$(head -c 4 /dev/urandom | hexdump -e '"%x"') # Must be 8 characters
 export OPENDATAKIT_ADMIN_BASIC_HASH=$(echo -n "${OPENDATAKIT_ADMIN_PWD}{${OPENDATAKIT_ADMIN_SALT}}" | sha1sum | tr -d " -")
 export OPENDATAKIT_ADMIN_DIGEST_HASH=$(echo -n "${OPENDATAKIT_ADMIN_USER}:${OPENDATAKIT_ADMIN_REALM}:${OPENDATAKIT_ADMIN_PWD}" | md5sum | tr -d " -")
diff --git a/lxc-apps/openmapkit/install.sh b/lxc-apps/openmapkit/install.sh
index e9ee54f..a8151cb 100755
--- a/lxc-apps/openmapkit/install.sh
+++ b/lxc-apps/openmapkit/install.sh
@@ -5,7 +5,7 @@ cd $(realpath $(dirname "${0}"))/install
 
 # Configure OpenMapKit
 export OPENMAPKIT_ADMIN_USER="admin"
-export OPENMAPKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export OPENMAPKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 mkdir -p /srv/openmapkit/conf /srv/openmapkit/data
 chown -R 8007:8007 /srv/openmapkit/data
 cp -rp /var/lib/lxc/openmapkit/openmapkit/srv/openmapkit/data/. /srv/openmapkit/data
diff --git a/lxc-apps/pandora/install.sh b/lxc-apps/pandora/install.sh
index 7090bf3..d91c628 100755
--- a/lxc-apps/pandora/install.sh
+++ b/lxc-apps/pandora/install.sh
@@ -8,11 +8,11 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/rabbitmq ] && service rabbitmq start && STOP_RABBITMQ=1
 
 # Create PostgreSQL user and database
-export PANDORA_PWD=$(head -c 18 /dev/urandom | base64)
+export PANDORA_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Configure RabbitMQ
-export PANDORA_RABBIT_PWD=$(head -c 18 /dev/urandom | base64 | tr -d "/")
+export PANDORA_RABBIT_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 lxc-attach rabbitmq -- rabbitmqctl add_user pandora ${PANDORA_RABBIT_PWD}
 lxc-attach rabbitmq -- rabbitmqctl add_vhost /pandora
 lxc-attach rabbitmq -- rabbitmqctl set_permissions -p /pandora pandora ".*" ".*" ".*"
@@ -44,7 +44,7 @@ lxc-execute pandora -- /srv/pandora/pandora/manage.py sync_documentsort
 # Create admin account
 export PANDORA_ADMIN_USER=admin
 export PANDORA_ADMIN_EMAIL=admin@example.com
-export PANDORA_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export PANDORA_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export PANDORA_ADMIN_HASH=$(lxc-execute pandora -- sh -c "DJANGO_SETTINGS_MODULE=srv.pandora.pandora.settings python3 -c \"from django.contrib.auth.hashers import make_password; print(make_password('${PANDORA_ADMIN_PWD}'))\"")
 envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- psql pandora
 
diff --git a/lxc-apps/sahana-demo/install.sh b/lxc-apps/sahana-demo/install.sh
index 8a28e7c..c468905 100755
--- a/lxc-apps/sahana-demo/install.sh
+++ b/lxc-apps/sahana-demo/install.sh
@@ -8,7 +8,7 @@ export TEMPLATE=${TEMPLATE:-"default"}
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create PostgreSQL user and database
-export SAHANADEMO_PWD=$(head -c 18 /dev/urandom | base64)
+export SAHANADEMO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Prepare persistent directory structure
@@ -18,9 +18,9 @@ cp -rp /var/lib/lxc/shared/sahana/srv/web2py/applications/eden/models/. /srv/sah
 cp -rp /var/lib/lxc/shared/sahana/srv/web2py/applications/eden/modules/templates/${TEMPLATE}/. /srv/sahana-demo/data/${TEMPLATE}
 
 # Configure Sahana
-export SAHANADEMO_HMAC=$(head -c 18 /dev/urandom | base64)
+export SAHANADEMO_HMAC=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 export SAHANADEMO_ADMIN_USER=admin@example.com
-export SAHANADEMO_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export SAHANADEMO_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 envsubst <srv/sahana-demo/conf/000_config.py >/srv/sahana-demo/conf/000_config.py
 if [ ${TEMPLATE} == "default" ]; then
     envsubst <masterUsers.csv >/srv/sahana-demo/data/default/users/masterUsers.csv
diff --git a/lxc-apps/sahana/install.sh b/lxc-apps/sahana/install.sh
index a3cc5ac..dbf8342 100755
--- a/lxc-apps/sahana/install.sh
+++ b/lxc-apps/sahana/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create PostgreSQL user and database
-export SAHANA_PWD=$(head -c 18 /dev/urandom | base64)
+export SAHANA_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Prepare persistent directory structure
@@ -20,9 +20,9 @@ cp -r srv/sahana/data/Spotter /srv/sahana/data/
 chown -R 8001:8001 /srv/sahana/data
 
 # Configure Sahana
-export SAHANA_HMAC=$(head -c 18 /dev/urandom | base64)
+export SAHANA_HMAC=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 export SAHANA_ADMIN_USER=admin@example.com
-export SAHANA_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export SAHANA_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 envsubst <srv/sahana/conf/000_config.py >/srv/sahana/conf/000_config.py
 envsubst <srv/sahana/data/Spotter/masterUsers.csv >/srv/sahana/data/Spotter/masterUsers.csv
 cp srv/sahana/conf/00_settings.py /srv/sahana/conf/00_settings.py
diff --git a/lxc-apps/sambro/install.sh b/lxc-apps/sambro/install.sh
index 4046a07..b884f6e 100755
--- a/lxc-apps/sambro/install.sh
+++ b/lxc-apps/sambro/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create PostgreSQL user and database
-export SAMBRO_PWD=$(head -c 18 /dev/urandom | base64)
+export SAMBRO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Prepare persistent directory structure
@@ -17,9 +17,9 @@ cp -rp /var/lib/lxc/shared/sahana/srv/web2py/applications/eden/models/. /srv/sam
 cp -rp /var/lib/lxc/shared/sahana/srv/web2py/applications/eden/modules/templates/SAMBRO/. /srv/sambro/data/SAMBRO
 
 # Configure SAMBRO
-export SAMBRO_HMAC=$(head -c 18 /dev/urandom | base64)
+export SAMBRO_HMAC=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 export SAMBRO_ADMIN_USER=admin@example.com
-export SAMBRO_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export SAMBRO_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 envsubst <srv/sambro/conf/000_config.py >/srv/sambro/conf/000_config.py
 mkdir -p /var/lib/lxc/sambro/sambro/srv/web2py/applications/eden/modules/templates/default/users
 envsubst <masterUsers.csv >/var/lib/lxc/sambro/sambro/srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv
diff --git a/lxc-apps/seeddms/install.sh b/lxc-apps/seeddms/install.sh
index aa91696..48916ac 100755
--- a/lxc-apps/seeddms/install.sh
+++ b/lxc-apps/seeddms/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Populate database
-export SEEDDMS_PWD=$(head -c 18 /dev/urandom | base64)
+export SEEDDMS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 cat /var/lib/lxc/seeddms/seeddms/srv/seeddms/create_tables-postgres.sql | lxc-attach postgres -- sh -c "PGPASSWORD=${SEEDDMS_PWD} psql seeddms seeddms"
 cat custom.sql | lxc-attach -u 5432 -g 5432 postgres -- psql seeddms
@@ -21,7 +21,7 @@ chown -R 8010:8010 /srv/seeddms/data
 # Configure SeedDMS
 envsubst <srv/seeddms/conf/settings.xml >/srv/seeddms/conf/settings.xml
 export SEEDDMS_ADMIN_USER=admin
-export SEEDDMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export SEEDDMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export SEEDDMS_ADMIN_EMAIL=admin@example.com
 envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- psql seeddms
 chown -R 8010:8010 /srv/seeddms/conf
diff --git a/lxc-apps/sigmah/install.sh b/lxc-apps/sigmah/install.sh
index 9bb303f..9a58e62 100755
--- a/lxc-apps/sigmah/install.sh
+++ b/lxc-apps/sigmah/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
 
 # Create database
-export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64)
+export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
 
 # Configure Sigmah
@@ -22,7 +22,7 @@ cp -f /var/lib/lxc/sigmah/sigmah/srv/sigmah-MinimumDataKit.sql /tmp/
 cp -f /var/lib/lxc/sigmah/sigmah/srv/sigmah-newOrganizationLaunchScript.sql /tmp/
 export SIGMAH_ADMIN_USER=Admin
 export SIGMAH_ADMIN_EMAIL=admin@example.com
-export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export SIGMAH_ADMIN_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw('${SIGMAH_ADMIN_PWD}'.encode(), bcrypt.gensalt(prefix=b'2a')).decode())")
 sed -i "s|§OrganizationName§|Demo organization|g" /tmp/sigmah-newOrganizationLaunchScript.sql
 sed -i "s|§OrganizationLogoFilename§|logo.png|g" /tmp/sigmah-newOrganizationLaunchScript.sql
diff --git a/lxc-apps/ushahidi/install.sh b/lxc-apps/ushahidi/install.sh
index 21a6f9b..f75df25 100755
--- a/lxc-apps/ushahidi/install.sh
+++ b/lxc-apps/ushahidi/install.sh
@@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install
 [ ! -e /run/openrc/started/mariadb ] && service mariadb start && STOP_MARIADB=1
 
 # Create database
-export USHAHIDI_PWD=$(head -c 18 /dev/urandom | base64)
+export USHAHIDI_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
 envsubst <createdb.sql | lxc-attach mariadb -- mysql
 
 # Configure Ushahidi
@@ -21,7 +21,7 @@ lxc-execute ushahidi -- /srv/ushahidi/platform/bin/phinx migrate -c /srv/ushahid
 
 # Create admin account
 export USHAHIDI_ADMIN_USER=admin@example.com
-export USHAHIDI_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+export USHAHIDI_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
 export USHAHIDI_ADMIN_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw('${USHAHIDI_ADMIN_PWD}'.encode(), bcrypt.gensalt()).decode().replace('2b', '2y'))")
 envsubst <adminpwd.sql | lxc-attach mariadb -- mysql ushahidi