From: Arnout Vandecappelle <arnout@mind.be>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v2] Allow setting the password for user default
Date: Wed, 04 Jun 2014 08:16:40 +0200 [thread overview]
Message-ID: <538EB9C8.1060603@mind.be> (raw)
In-Reply-To: <1401787751-32600-1-git-send-email-sho@relinux.de>
On 06/03/14 11:29, Stephan Hoffmann wrote:
> Signed-off-by: Stephan Hoffmann <sho@relinux.de>
> ---
> Since we can set the password for root while configuring the system
> it seems logical to have the same possibility for user "default".
>
> Changes v1 -> v2
> - remove rewording in help text for BR2_TARGET_GENERIC_ROOT_PASSWD
> ---
> system/Config.in | 23 ++++++++++++++++++++++-
> system/system.mk | 11 ++++++++++-
> 2 files changed, 32 insertions(+), 2 deletions(-)
>
> diff --git a/system/Config.in b/system/Config.in
> index 53bca53..d5408e1 100644
> --- a/system/Config.in
> +++ b/system/Config.in
> @@ -211,6 +211,27 @@ config BR2_TARGET_GENERIC_ROOT_PASSWD
> in the build log! Avoid using a valuable password if either the
> .config file or the build log may be distributed!
>
> +config BR2_TARGET_GENERIC_DEFAULT_PASSWD
> + string "Password for user default"
> + default ""
> + help
> + Set the initial password for user default (in clear). It will be encrypted.
> +
> + If set to empty (the default), then no password will be set,
> + and default will need no password to log in.
> +
> + WARNING! WARNING!
> + Although pretty strong, MD5 is now an old hash function, and
> + suffers from some weaknesses, which makes it susceptible to attacks.
> + It is showing its age, so this root password should not be trusted
> + to properly secure any product that can be shipped to the wide,
> + hostile world.
Since we can now select the hash, this warning has no merit anymore.
With that fixed:
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
> +
> + WARNING! WARNING!
> + The password appears in clear in the .config file, and may appear
> + in the build log! Avoid using a valuable password if either the
> + .config file or the build log may be distributed!
> +
> config BR2_TARGET_GENERIC_GETTY
> bool "Run a getty (login prompt) after boot"
> default y
> diff --git a/system/system.mk b/system/system.mk
> index 01a6c3a..367a8c4 100644
> --- a/system/system.mk
> +++ b/system/system.mk
> @@ -1,6 +1,7 @@
> TARGET_GENERIC_HOSTNAME = $(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME))
> TARGET_GENERIC_ISSUE = $(call qstrip,$(BR2_TARGET_GENERIC_ISSUE))
> TARGET_GENERIC_ROOT_PASSWD = $(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD))
> +TARGET_GENERIC_DEFAULT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_DEFAULT_PASSWD))
> TARGET_GENERIC_PASSWD_METHOD = $(call qstrip,$(BR2_TARGET_GENERIC_PASSWD_METHOD))
> TARGET_GENERIC_GETTY_PORT = $(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT))
> TARGET_GENERIC_GETTY_BAUDRATE = $(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE))
> @@ -29,6 +30,14 @@ target-root-passwd:
> TARGET_GENERIC_ROOT_PASSWD_HASH=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)"); \
> $(SED) "s,^root:[^:]*:,root:$$TARGET_GENERIC_ROOT_PASSWD_HASH:," $(TARGET_DIR)/etc/shadow
>
> +ifneq ($(TARGET_GENERIC_DEFAULT_PASSWD),)
> +target-default-passwd: host-mkpasswd
> +endif
> +target-default-passwd:
> + [ -n "$(TARGET_GENERIC_DEFAULT_PASSWD)" ] && \
> + TARGET_GENERIC_DEFAULT_PASSWD_HASH=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_DEFAULT_PASSWD)"); \
> + $(SED) "s,^default:[^:]*:,default:$$TARGET_GENERIC_DEFAULT_PASSWD_HASH:," $(TARGET_DIR)/etc/shadow
It would have been nice to factor this with the root password generation, but
that can be done in a follow-up patch if needed.
Regards,
Arnout
> +
> target-generic-getty-busybox:
> $(SED) '/# GENERIC_SERIAL$$/s~^.*#~$(TARGET_GENERIC_GETTY_PORT)::respawn:/sbin/getty -L $(TARGET_GENERIC_GETTY_OPTIONS) $(TARGET_GENERIC_GETTY_PORT) $(TARGET_GENERIC_GETTY_BAUDRATE) $(TARGET_GENERIC_GETTY_TERM) #~' \
> $(TARGET_DIR)/etc/inittab
> @@ -60,7 +69,7 @@ TARGETS += target-generic-issue
> endif
>
> ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
> -TARGETS += target-root-passwd
> +TARGETS += target-root-passwd target-default-passwd
>
> ifeq ($(BR2_TARGET_GENERIC_GETTY),y)
> TARGETS += target-generic-getty-$(if $(BR2_PACKAGE_SYSVINIT),sysvinit,busybox)
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F
next prev parent reply other threads:[~2014-06-04 6:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-03 9:29 [Buildroot] [PATCH v2] Allow setting the password for user default Stephan Hoffmann
2014-06-04 6:16 ` Arnout Vandecappelle [this message]
2014-06-04 10:47 ` Peter Korsgaard
2014-06-04 11:46 ` Stephan Hoffmann
2014-06-04 12:00 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=538EB9C8.1060603@mind.be \
--to=arnout@mind.be \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.