[Buildroot] [PATCH] system: only set the root password if it's not empty

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH] system: only set the root password if it's not empty
@ 2013-07-02  8:52 Wade Berrier
  2013-07-02 17:31 ` Yann E. MORIN
  0 siblings, 1 reply; 7+ messages in thread
From: Wade Berrier @ 2013-07-02  8:52 UTC (permalink / raw)
  To: buildroot

No need to replace the password in etc/shadow with a blank password.

This also helps alleviate the situation when etc/shadow contains a password
which isn't meant to be blown away with a blank root password because mkpasswd
is non-functioning (rhel6).

This is somewhat of a workaround for distros (rhel6, and maybe fedora?) that
don't have a compatible mkpasswd.  They have grub-crypt, but it doesn't appear
to be as script friendly.

Signed-off-by: Wade Berrier <wberrier@gmail.com>
---
 system/system.mk |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/system/system.mk b/system/system.mk
index 50c86ad..fa98532 100644
--- a/system/system.mk
+++ b/system/system.mk
@@ -57,7 +57,9 @@ TARGETS += target-generic-issue
 endif

 ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
+ifneq ($(TARGET_GENERIC_ROOT_PASSWD),)
 TARGETS += target-root-passwd
+endif

 ifneq ($(TARGET_GENERIC_GETTY),)
 TARGETS += target-generic-getty-$(if $(BR2_PACKAGE_SYSVINIT),sysvinit,busybox)
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH] system: only set the root password if it's not empty
  2013-07-02  8:52 [Buildroot] [PATCH] system: only set the root password if it's not empty Wade Berrier
@ 2013-07-02 17:31 ` Yann E. MORIN
  2013-07-03  4:46   ` Wade Berrier
  0 siblings, 1 reply; 7+ messages in thread
From: Yann E. MORIN @ 2013-07-02 17:31 UTC (permalink / raw)
  To: buildroot

Wade, All,

On 2013-07-02 02:52 -0600, Wade Berrier spake thusly:
> No need to replace the password in etc/shadow with a blank password.

How do you differentiate between those two cases:
  - use an empty password,
  - do not change the existing password?

My opinion is that we do want to be able to set an empty pasword,
especially in the case of a custom skeleton. This makes it systematic,
so the user knows what to expect.

If you want to not use the config option to handle the root password,
then you can use either:
  - a post-build script, or
  - a skeleton overlay.

(If I read the Makefiles correctly, skeleton overlays are handled during
target-finalize, which is called after target-root-passwd, so the
overlay should take precedence over the root password option. To be
confirmed...)

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH] system: only set the root password if it's not empty
  2013-07-02 17:31 ` Yann E. MORIN
@ 2013-07-03  4:46   ` Wade Berrier
  2013-07-28  8:40     ` Thomas De Schampheleire
  0 siblings, 1 reply; 7+ messages in thread
From: Wade Berrier @ 2013-07-03  4:46 UTC (permalink / raw)
  To: buildroot

Hello,

On Jul 02 19:31, Yann E. MORIN wrote:
> Wade, All,
> 
> On 2013-07-02 02:52 -0600, Wade Berrier spake thusly:
> > No need to replace the password in etc/shadow with a blank password.
> 
> How do you differentiate between those two cases:
>   - use an empty password,
>   - do not change the existing password?
> 
> My opinion is that we do want to be able to set an empty pasword,
> especially in the case of a custom skeleton. This makes it systematic,
> so the user knows what to expect.

If that's desired, then yes, my patch isn't a good solution.

> 
> If you want to not use the config option to handle the root password,
> then you can use either:
>   - a post-build script, or
>   - a skeleton overlay.
> 
> (If I read the Makefiles correctly, skeleton overlays are handled during
> target-finalize, which is called after target-root-passwd, so the
> overlay should take precedence over the root password option. To be
> confirmed...)

I guess one real issue is that mkpasswd on redhat fails and returns an empty
hash, which is inserted into the shadow file.

Maybe the thing to do to work across distros would be to compile the correct
mkpasswd as a host- package?

In the meantime I think your suggestions of using a custom overlay or post build
script should work great.

Thanks,

Wade

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH] system: only set the root password if it's not empty
  2013-07-03  4:46   ` Wade Berrier
@ 2013-07-28  8:40     ` Thomas De Schampheleire
  2013-07-28 13:06       ` Thomas Petazzoni
  0 siblings, 1 reply; 7+ messages in thread
From: Thomas De Schampheleire @ 2013-07-28  8:40 UTC (permalink / raw)
  To: buildroot

Hi,

On Wed, Jul 3, 2013 at 6:46 AM, Wade Berrier <wberrier@gmail.com> wrote:
> Hello,
>
> On Jul 02 19:31, Yann E. MORIN wrote:
>> Wade, All,
>>
>> On 2013-07-02 02:52 -0600, Wade Berrier spake thusly:
>> > No need to replace the password in etc/shadow with a blank password.
>>
>> How do you differentiate between those two cases:
>>   - use an empty password,
>>   - do not change the existing password?
>>
>> My opinion is that we do want to be able to set an empty pasword,
>> especially in the case of a custom skeleton. This makes it systematic,
>> so the user knows what to expect.
>
> If that's desired, then yes, my patch isn't a good solution.
>
>>
>> If you want to not use the config option to handle the root password,
>> then you can use either:
>>   - a post-build script, or
>>   - a skeleton overlay.
>>
>> (If I read the Makefiles correctly, skeleton overlays are handled during
>> target-finalize, which is called after target-root-passwd, so the
>> overlay should take precedence over the root password option. To be
>> confirmed...)
>
> I guess one real issue is that mkpasswd on redhat fails and returns an empty
> hash, which is inserted into the shadow file.
>
> Maybe the thing to do to work across distros would be to compile the correct
> mkpasswd as a host- package?

Recently, another mkpasswd related problem popped up: seems that on
(some?) Slackware boxes, mkpasswd does not support -m <method>, and
buildroot fails. See
http://lists.busybox.net/pipermail/buildroot/2013-July/075771.html.
Making sure we always use the same mkpasswd would help in both cases.

Should we create a separate host-mkpasswd package based on the whois
sources? (https://github.com/rfc1036/whois)
Or should we add the whois package, and depend on that?
To me, the former seems more appropriate...

Best regards,
Thomas

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH] system: only set the root password if it's not empty
  2013-07-28  8:40     ` Thomas De Schampheleire
@ 2013-07-28 13:06       ` Thomas Petazzoni
  2013-09-05  7:24         ` Thomas De Schampheleire
  0 siblings, 1 reply; 7+ messages in thread
From: Thomas Petazzoni @ 2013-07-28 13:06 UTC (permalink / raw)
  To: buildroot

Dear Thomas De Schampheleire,

On Sun, 28 Jul 2013 10:40:15 +0200, Thomas De Schampheleire wrote:

> Should we create a separate host-mkpasswd package based on the whois
> sources? (https://github.com/rfc1036/whois)
> Or should we add the whois package, and depend on that?
> To me, the former seems more appropriate...

If we can make a very simple host-mkpasswd package like we have the
host-makedevs package (with the source code included in
package/<dir>/), I think it would be good.

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH] system: only set the root password if it's not empty
  2013-07-28 13:06       ` Thomas Petazzoni
@ 2013-09-05  7:24         ` Thomas De Schampheleire
  2013-09-08  5:44           ` Wade Berrier
  0 siblings, 1 reply; 7+ messages in thread
From: Thomas De Schampheleire @ 2013-09-05  7:24 UTC (permalink / raw)
  To: buildroot

Hi Wade,

On Sun, Jul 28, 2013 at 3:06 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Dear Thomas De Schampheleire,
>
> On Sun, 28 Jul 2013 10:40:15 +0200, Thomas De Schampheleire wrote:
>
>> Should we create a separate host-mkpasswd package based on the whois
>> sources? (https://github.com/rfc1036/whois)
>> Or should we add the whois package, and depend on that?
>> To me, the former seems more appropriate...
>
> If we can make a very simple host-mkpasswd package like we have the
> host-makedevs package (with the source code included in
> package/<dir>/), I think it would be good.
>

Since a host-mkpasswd package has been merged now, which should fix
problems on some Redhat and Slackware machines, and given the comments
given by Yann, do you agree to drop this patch?

Best regards,
Thomas

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH] system: only set the root password if it's not empty
  2013-09-05  7:24         ` Thomas De Schampheleire
@ 2013-09-08  5:44           ` Wade Berrier
  0 siblings, 0 replies; 7+ messages in thread
From: Wade Berrier @ 2013-09-08  5:44 UTC (permalink / raw)
  To: buildroot

Thomas De Schampheleire <patrickdepinguin+buildroot@gmail.com> wrote:
>Hi Wade,
>
>On Sun, Jul 28, 2013 at 3:06 PM, Thomas Petazzoni
><thomas.petazzoni@free-electrons.com> wrote:
>> Dear Thomas De Schampheleire,
>>
>> On Sun, 28 Jul 2013 10:40:15 +0200, Thomas De Schampheleire wrote:
>>
>>> Should we create a separate host-mkpasswd package based on the whois
>>> sources? (https://github.com/rfc1036/whois)
>>> Or should we add the whois package, and depend on that?
>>> To me, the former seems more appropriate...
>>
>> If we can make a very simple host-mkpasswd package like we have the
>> host-makedevs package (with the source code included in
>> package/<dir>/), I think it would be good.
>>
>
>Since a host-mkpasswd package has been merged now, which should fix
>problems on some Redhat and Slackware machines, and given the comments
>given by Yann, do you agree to drop this patch?
>
>Best regards,
>Thomas

Yes, looking forward to trying the host package out.  Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130907/43fa54d2/attachment.html>

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2013-09-08  5:44 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-02  8:52 [Buildroot] [PATCH] system: only set the root password if it's not empty Wade Berrier
2013-07-02 17:31 ` Yann E. MORIN
2013-07-03  4:46   ` Wade Berrier
2013-07-28  8:40     ` Thomas De Schampheleire
2013-07-28 13:06       ` Thomas Petazzoni
2013-09-05  7:24         ` Thomas De Schampheleire
2013-09-08  5:44           ` Wade Berrier

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox