[Buildroot] [PATCH v2] Allow setting the password for user default
Arnout Vandecappelle
arnout at mind.be
Wed Jun 4 06:16:40 UTC 2014
On 06/03/14 11:29, Stephan Hoffmann wrote:
> Signed-off-by: Stephan Hoffmann <sho at relinux.de>
> ---
> Since we can set the password for root while configuring the system
> it seems logical to have the same possibility for user "default".
>
> Changes v1 -> v2
> - remove rewording in help text for BR2_TARGET_GENERIC_ROOT_PASSWD
> ---
> system/Config.in | 23 ++++++++++++++++++++++-
> system/system.mk | 11 ++++++++++-
> 2 files changed, 32 insertions(+), 2 deletions(-)
>
> diff --git a/system/Config.in b/system/Config.in
> index 53bca53..d5408e1 100644
> --- a/system/Config.in
> +++ b/system/Config.in
> @@ -211,6 +211,27 @@ config BR2_TARGET_GENERIC_ROOT_PASSWD
> in the build log! Avoid using a valuable password if either the
> .config file or the build log may be distributed!
>
> +config BR2_TARGET_GENERIC_DEFAULT_PASSWD
> + string "Password for user default"
> + default ""
> + help
> + Set the initial password for user default (in clear). It will be encrypted.
> +
> + If set to empty (the default), then no password will be set,
> + and default will need no password to log in.
> +
> + WARNING! WARNING!
> + Although pretty strong, MD5 is now an old hash function, and
> + suffers from some weaknesses, which makes it susceptible to attacks.
> + It is showing its age, so this root password should not be trusted
> + to properly secure any product that can be shipped to the wide,
> + hostile world.
Since we can now select the hash, this warning has no merit anymore.
With that fixed:
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
> +
> + WARNING! WARNING!
> + The password appears in clear in the .config file, and may appear
> + in the build log! Avoid using a valuable password if either the
> + .config file or the build log may be distributed!
> +
> config BR2_TARGET_GENERIC_GETTY
> bool "Run a getty (login prompt) after boot"
> default y
> diff --git a/system/system.mk b/system/system.mk
> index 01a6c3a..367a8c4 100644
> --- a/system/system.mk
> +++ b/system/system.mk
> @@ -1,6 +1,7 @@
> TARGET_GENERIC_HOSTNAME = $(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME))
> TARGET_GENERIC_ISSUE = $(call qstrip,$(BR2_TARGET_GENERIC_ISSUE))
> TARGET_GENERIC_ROOT_PASSWD = $(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD))
> +TARGET_GENERIC_DEFAULT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_DEFAULT_PASSWD))
> TARGET_GENERIC_PASSWD_METHOD = $(call qstrip,$(BR2_TARGET_GENERIC_PASSWD_METHOD))
> TARGET_GENERIC_GETTY_PORT = $(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT))
> TARGET_GENERIC_GETTY_BAUDRATE = $(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE))
> @@ -29,6 +30,14 @@ target-root-passwd:
> TARGET_GENERIC_ROOT_PASSWD_HASH=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)"); \
> $(SED) "s,^root:[^:]*:,root:$$TARGET_GENERIC_ROOT_PASSWD_HASH:," $(TARGET_DIR)/etc/shadow
>
> +ifneq ($(TARGET_GENERIC_DEFAULT_PASSWD),)
> +target-default-passwd: host-mkpasswd
> +endif
> +target-default-passwd:
> + [ -n "$(TARGET_GENERIC_DEFAULT_PASSWD)" ] && \
> + TARGET_GENERIC_DEFAULT_PASSWD_HASH=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_DEFAULT_PASSWD)"); \
> + $(SED) "s,^default:[^:]*:,default:$$TARGET_GENERIC_DEFAULT_PASSWD_HASH:," $(TARGET_DIR)/etc/shadow
It would have been nice to factor this with the root password generation, but
that can be done in a follow-up patch if needed.
Regards,
Arnout
> +
> target-generic-getty-busybox:
> $(SED) '/# GENERIC_SERIAL$$/s~^.*#~$(TARGET_GENERIC_GETTY_PORT)::respawn:/sbin/getty -L $(TARGET_GENERIC_GETTY_OPTIONS) $(TARGET_GENERIC_GETTY_PORT) $(TARGET_GENERIC_GETTY_BAUDRATE) $(TARGET_GENERIC_GETTY_TERM) #~' \
> $(TARGET_DIR)/etc/inittab
> @@ -60,7 +69,7 @@ TARGETS += target-generic-issue
> endif
>
> ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
> -TARGETS += target-root-passwd
> +TARGETS += target-root-passwd target-default-passwd
>
> ifeq ($(BR2_TARGET_GENERIC_GETTY),y)
> TARGETS += target-generic-getty-$(if $(BR2_PACKAGE_SYSVINIT),sysvinit,busybox)
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F
More information about the buildroot
mailing list