Use robust usermod -p method for setting passwords

iridium_installer/backend/os_install.py

@@ -246,19 +246,25 @@ UUID={efi_uuid} /boot vfat defaults 0 2
                 f.write("%wheel ALL=(ALL) ALL\n")
             os.chmod(os.path.join(sudoers_dir, "wheel"), 0o440)
 
-            # Set user and root password using chpasswd -R (from host side)
+            # Set user and root password using hashed passwords and usermod
             try:
-                logger.info(f"Setting passwords for {user_info['username']} and root...")
-                # We set both to the same password for convenience in this minimal install
-                pass_data = f"{user_info['username']}:{user_info['password']}\nroot:{user_info['password']}\n"
-                subprocess.run(
-                    ["chpasswd", "-R", mount_root],
-                    input=pass_data,
+                logger.info(f"Setting hashed passwords for {user_info['username']} and root...")
+                # Generate SHA512 hash using openssl on the host
+                res = subprocess.run(
+                    ["openssl", "passwd", "-6", user_info["password"]],
+                    capture_output=True,
                     text=True,
                     check=True
                 )
-            except subprocess.CalledProcessError as e:
-                logger.error("Failed to set passwords using chpasswd -R")
+                hashed_pass = res.stdout.strip()
+                
+                # Apply hash to user and root using usermod -p (takes encrypted password)
+                run_command(["chroot", mount_root, "usermod", "-p", hashed_pass, user_info["username"]])
+                run_command(["chroot", mount_root, "usermod", "-p", hashed_pass, "root"])
+                
+                run_command(["sync"])
+            except Exception as e:
+                logger.error(f"Failed to set passwords: {e}")
                 raise e
 
             # Set hostname