A random-seed from a read-only filesystem is useless.
Also, drop the check for /etc/random-seed existence; it must exist after a
touch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Seeding the entropy pool with a known seed makes more harm than good. This is
especially bad for when /etc is not on a persistent writable storage, so the
entropy pool is seeded with the same value on every boot. Just drop it.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, there are only two possibilities regarding the root account:
- it is enabled with no password (the default)
- it is enabled, using a clear-text, user-provided password
This is deemed insufficient in many cases, especially when the .config
file has to be published (e.g. for the GPL compliance, or any other
reason.).
Fix that in two ways:
- add a boolean option that allows/disallows root login altogether,
which defaults to 'y' to keep backward compatibility;
- accept already-encoded passwords, which we recognise as starting
with either of $1$, $5$ or $6$ (resp. for md5, sha256 or sha512).
Signed-off-by: Lorenzo M. Catucci <lorenzo@sancho.ccd.uniroma2.it>
[yann.morin.1998@free.fr:
- don't add a choice to select between clear-text/encoded password,
use a single prompt;
- differentiate in the password hook itself;
- rewrite parts of the help entry;
- rewrite and expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: "Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
Acked-by: "Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
Tested-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
These are not used by the busybox or Debian ifupdown implementation. Instead
if-up.d is run after the per-interface up tasks (E.G. post-up) and
if-down.d is run before the per-interface down tasks (E.G. pre-down).
So drop them as they only cause confusion.
grep execute_all output/build/busybox-1.23.2/networking/ifupdown.c
static int execute_all(struct interface_defn_t *ifd, const char *opt)
if (!execute_all(iface, "pre-up")) return 0;
if (!execute_all(iface, "up")) return 0;
if (!execute_all(iface, "down")) return 0;
if (!execute_all(iface, "post-down")) return 0;
grep execute_script output/build/ifupdown-0.7.49/execute.c
int execute_scripts(interface_defn * ifd, execfn * exec, char *opt)
if (!execute_scripts(iface, doit, "pre-up"))
if (!execute_scripts(iface, doit, "up"))
if (!execute_scripts(iface, doit, "down"))
if (!execute_scripts(iface, doit, "post-down"))
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The symlink created by buildroot for /bin/sh is the full path to
a shell. This does not match what busybox and other Linux
distributions do with using relative path symlinks. When handling
files on the host system this will point to the host system's shell
if present and not the target shell.
This is fixed by changing the /bin/sh symlink to use a relative path.
Fixes#8161.
[Thomas: minor fixups to the commit log suggested by Yann E. Morin.]
Signed-off-by: Matthew Starr <mstarr@hedonline.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The option is a non-option now and will be removed.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When using busybox compiled from current git, login emits the following
message:
login: /etc/group: bad record
Fix it by adding the missing colon to /etc/group in system/skeleton.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For clarity, this commit renames the TARGETS variable to the more
meaningful PACKAGES variable. Indeed, only packages (handled by one of
the package infrastructures) should be listed in this variable, and
not other random non-package targets.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
DES is long dead, it is insecure as hell, and virtually all known
crypt(3) implementations now all support at least md5.
Besides, the character-space of DES-encoded passwords are a sub-set
of the character-space for a clear-text password, so we can't easily
differentiate between the two. Since we're going to change the root
password prompt to support setting encoded passwords (as well as
clear-text passwords), we can't keep DES or we'd be unable to decide
whether we'd need to encode the password or not.
Remove DES encoding altogether (and add a legacy entry). The default is
still md5, and thus there's no backward-compatibility 'select' to add.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Lorenzo Catucci <lorenzo@sancho.ccd.uniroma2.it>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop the buildroot toolchain non-largefile support option since it's
being removed.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- indicate upstream commit id, as suggested by Baruch.
- add SoB of Alexey inside the patch itself.
- adjust sequence number to 0003.]
Signed-off-by: Alexey Mednyy <swexru@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch sets the default timezone to UTC if not overwritten.
Some packages need a configured system timezone for properly
operating like mono based software.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Making /var/run and /run symlinks to /tmp is bad since the underlying
tmpfs filesystem is mode 1777 which leads to possible security attack
vectors via badly owned/mask-mode pidfiles and state files residing there.
So make /run a proper directory with /var/run symlinked to it.
Eventually all startup scripts and state info should be pointed to /run
directly as per the linux fhs and good practice.
Add a tmpfs filesystem entry for /run so that busybox inittab, systemv
inittab and systemd automount mounts it there to avoid breaking the
system.
While at it fix inconsistent spacing in /etc/fstab by using tabs and
drop the "static file system information" header whatever that means.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch allows the setup of simple a single interface to be
automatically brought up and configured via DHCP on system startup.
The interface name can be set via a configuration option. This patch
does not support systemd-networkd, any complex network configuration should
be done via overlay of /etc/network/interfaces or the relevant networkd
configuration file
[Peter: rename to BR2_SYSTEM_DHCP, tweak help text & implementation]
Signed-off-by: Jérémy Rosen <jeremy.rosen@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script checks for linux/btrfs.h which is only available since
3.9 (55e301fd57a6239ec: Btrfs: move fs/btrfs/ioctl.h to
include/uapi/linux/btrfs.h).
It now also uses static_assert which is only available since GCC 4.6, so
handle it as well in the legacy patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Make the S40network script create the /run/network directory for the
debian variant of ifupdown which uses it as a lock directory.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Karoly Kasza <kaszak@gmail.com>
Reviewed-by: Karoly Kasza <kaszak@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We used to specify explicitly serial port with all its settings
for init to instantiate getty.
This limits usecases when the same one rootfs could be used.
For example following cases won't work well with hardcoded
serial console settings:
* On the same board other serial port is expected to be used
* The same rootfs is intended to be used on different boards with
different serial ports (like ttySx vs ttyAMAx or even ttyx)
With this change by default we rely on "console" specified in
kernel's boot command line.
What is important getty will be set on the last console
specified in bootargs.
For example is a kernel comand line:
--->---
bootargs="... console=tty0 console=ttyS3,115200n8..."
--->---
This now will instantiate serial console on ttyS3 but not on tty0.
Tested with both Busybox and SysV init.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.
As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.
This also helps preparing the addition of other options to select
shared, shared+static or just static.
Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Drop null id since that means "don't show anything" for busybox init,
hence the shutdown sequence (/etc/init.d/rcK) doesn't show anything
giving the false impression that it's not being run.
If someone wants a really silent console they'll need to adjust much more than
this anyway.
Also swap the root read-only remount with swapoff since the swap can be
a regular (loop) file in the root filesystem and make the operation fail
resulting in a dirty filesystem.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel headers minimum version for systemd was bumped to 3.8
(IFLA_GRE_FLOWINFO and IFLA_IPTUN_FLAGS definitions) and then to 3.10
(IFLA_VLAN_PROTOCOL definition). However, systemd since version v215
contains the following patch that defines IFLA_* constants if
needed:
81577dc missing.h: add various network enums
http://cgit.freedesktop.org/systemd/systemd/commit/?id=81577dc
As a consequence, this patch downgrades the kernel headers minimum
version to linux 3.7 which is required for BPF_XOR.
Signed-off-by: Christophe Vu-Brugier <cvubrugier@fastmail.fm>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
They're obsolete and the package was removed way back in 2010.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Non-login users shouldn't have a valid shell so drop it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
AFAIK no package uses it and even if it did it would belong there.
And it's not a standard user either.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
AFAIK no package uses it and even if it did it would belong there.
And it's not a standard user either.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The sshd privilege drop user doesn't belong in the skeleton, it's
exclusively used by OpenSSH.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It belongs to the package.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We dropped the hal package quite some time ago, and it's not even a
properly created user.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
They all depend on having a custom busybox config and/or fully featured
utilities which depend on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even if the main shell is bash /etc/profile is also parsed so it's
redundant.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
That directory has been unused for ages so remove it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't blindly install the /etc/nsswitch.conf file, it's useless for
toolchains that aren't (e)glibc-based and misleading.
Make the installation conditional on a (e)glibc toolchain.
[Thomas: use $(INSTALL) instead of cp.]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update inittabs (skeleton/busybox & sysvinit) to remove the trailing
REMOUNT_ROOTFS_RW comment used as magic string in system/system.mk to
enable/disable remounting the root filesystem rw or not since it affects
sysvinit in doing so properly as reported in bug #7442.
Instead update the sed expressions to match clean non-commented strings
by searching for "-o remount,rw /" and checking that's the end of the
line as well to avoid affecting possibly other remounts that a user can
have in a custom inittab.
Long-term the startup block of inittab should just move to a S00sysinit
script or similar so that rcS can pick it up directly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Not all our shells do install a pointer to /bin/sh. Besides, between
those that do and multiple ones are enabled, the last one to install
wins the the symlink.
Add a new config choice in the system sub-menu that allows the user to
explicitly select the shell to provide /bin/sh. If busybox is not
enabled, default to using dash, a POSIX shell.
Remove the symlink creation from bash.mk at the same time.
Note: for every shell, we select them, except busybox, on which we
depend, on the assumption that we do not want to force busybox in case
the user decided not to enable it.
[Peter: remove redundant !BR2_PACKAGE_BUSYBOX dependency]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Allow time zone setup and installation for configurations
using custom skeletons as well as default skeletons.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We define the two groups 'nobody' and 'nogroup' in our skeleton, but
they have the same gid, which is not valid.
This breaks the mkuser script, as noticed by Thomas.
Anyway, the user 'nobody' belongs to the group 'nogroup' in any sane
distribution.
So, just remove the spurious 'nobody' group.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Convert "system.mk" recipes to "target-finalize" hooks in order to:
- Ensure an ordering even if top-level parallel make is being used.
- Execute "system.mk" commands after the "target-finalize" initial message
is printed so they can be clearly distinguished from packages
building.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
User "default" with no password has been around for long time, but not
used within buildroot. Since we now have BR2_ROOTFS_USERS_TABLES it is
no longer needed.
Signed-off-by: Stephan Hoffmann <sho@relinux.de>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The correct capitalised form appears to be "BusyBox" rather than "Busybox";
fix all references to the latter form. (Most such references occur in the
manual and in commentary in package makefiles.)
Signed-off-by: Simon Dawson <spdawson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix minor spelling errors that exists in system/Config.in
Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A new entry has been added to the "System Configuration" menu to allow
the user to set the location of additional user tables (besides the ones
defined in packages).
A user table is a text file, formatted using the mkusers syntax, which
describes the users on the target system, with their UID/GID, home
directory, password, etc.
The target root file system will be populated according the content of
these files.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
[yann.morin.1998@free.fr: use plural TABLES; we need to remove the
intermediate users_table file, as it is no longer generated in
one shot, in case a previous run failed and did not remove it]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>