target: add option to set the root password
Add an option in the menuconfig to specify a root password. If set to empty, no root password is created; otherwise, the password is encrypted using MD5 (MD5 is not the default for crypt(3), DES-56 is, but MD5 is widely available, not-so-strong, but not-so-weak either). Add a check for 'mkpasswd' as a new dependency. [Peter: fix typo/capitilization and simplify logic] Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
This commit is contained in:
parent
aa5d13568d
commit
a45871bfc6
@ -158,6 +158,7 @@ if grep ^BR2_TOOLCHAIN_BUILDROOT=y $CONFIG_FILE > /dev/null && \
|
||||
exit 1 ;
|
||||
fi
|
||||
fi
|
||||
|
||||
if grep -q ^BR2_PACKAGE_CLASSPATH=y $CONFIG_FILE ; then
|
||||
for prog in javac jar; do
|
||||
if ! which $prog > /dev/null ; then
|
||||
@ -166,3 +167,11 @@ if grep -q ^BR2_PACKAGE_CLASSPATH=y $CONFIG_FILE ; then
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if grep -E '^BR2_TARGET_GENERIC_ROOT_PASSWD=".+"$' $CONFIG_FILE > /dev/null 2>&1; then
|
||||
if ! which mkpasswd > /dev/null 2>&1; then
|
||||
/bin/echo -e "\nYou need the 'mkpasswd' utility to set the root password\n"
|
||||
/bin/echo -e "(in Debian/ubuntu, 'mkpasswd' provided by the whois package)\n"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
@ -12,6 +12,27 @@ config BR2_TARGET_GENERIC_ISSUE
|
||||
help
|
||||
Select system banner (/etc/issue) to be displayed at login.
|
||||
|
||||
config BR2_TARGET_GENERIC_ROOT_PASSWD
|
||||
string "Root password"
|
||||
default ""
|
||||
help
|
||||
Set the initial root password (in clear). It will be md5-encrypted.
|
||||
|
||||
If set to empty (the default), then no root password will be set,
|
||||
and root will need no password to log in.
|
||||
|
||||
WARNING! WARNING!
|
||||
Although pretty strong, MD5 is now an old hash function, and
|
||||
suffers from some weaknesses, which makes it susceptible to attacks.
|
||||
It is showing its age, so this root password should not be trusted
|
||||
to properly secure any product that can be shipped to the wide,
|
||||
hostile world.
|
||||
|
||||
WARNING! WARNING!
|
||||
The password appears in clear in the .config file, and may appear
|
||||
in the build log! Avoid using a valuable password if either the
|
||||
.config file or the build log may be distributed!
|
||||
|
||||
choice
|
||||
prompt "/dev management"
|
||||
default BR2_ROOTFS_DEVICE_CREATION_STATIC
|
||||
|
@ -1,5 +1,9 @@
|
||||
TARGET_GENERIC_HOSTNAME:=$(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME))
|
||||
TARGET_GENERIC_ISSUE:=$(call qstrip,$(BR2_TARGET_GENERIC_ISSUE))
|
||||
TARGET_GENERIC_ROOT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD))
|
||||
ifneq ($(TARGET_GENERIC_ROOT_PASSWD),)
|
||||
TARGET_GENERIC_ROOT_PASSWD_HASH=$(shell mkpasswd -m md5 "$(TARGET_GENERIC_ROOT_PASSWD)")
|
||||
endif
|
||||
TARGET_GENERIC_GETTY:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT))
|
||||
TARGET_GENERIC_GETTY_BAUDRATE:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE))
|
||||
TARGET_GENERIC_GETTY_TERM:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_TERM))
|
||||
@ -14,6 +18,9 @@ target-generic-issue:
|
||||
mkdir -p $(TARGET_DIR)/etc
|
||||
echo "$(TARGET_GENERIC_ISSUE)" > $(TARGET_DIR)/etc/issue
|
||||
|
||||
target-root-passwd:
|
||||
$(SED) 's,^root:[^:]*:,root:$(TARGET_GENERIC_ROOT_PASSWD_HASH):,' $(TARGET_DIR)/etc/shadow
|
||||
|
||||
target-generic-getty-busybox:
|
||||
$(SED) '/# GENERIC_SERIAL$$/s~^.*#~$(TARGET_GENERIC_GETTY)::respawn:/sbin/getty -L $(TARGET_GENERIC_GETTY) $(TARGET_GENERIC_GETTY_BAUDRATE) $(TARGET_GENERIC_GETTY_TERM) #~' \
|
||||
$(TARGET_DIR)/etc/inittab
|
||||
@ -40,6 +47,8 @@ ifneq ($(TARGET_GENERIC_ISSUE),)
|
||||
TARGETS += target-generic-issue
|
||||
endif
|
||||
|
||||
TARGETS += target-root-passwd
|
||||
|
||||
ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
|
||||
ifeq ($(BR2_PACKAGE_SYSVINIT),y)
|
||||
TARGETS += target-generic-getty-sysvinit
|
||||
|
Loading…
Reference in New Issue
Block a user