Commit Graph

19 Commits

Author SHA1 Message Date
Yann E. MORIN
c1c7e8b788 core/skeleton: drop /etc/securetty
securetty is supposed to restrict the terminals root is allowed to
login from. As it happens, login from busybox (w/ securetty support)
is actually enforcing use of securetty, while login from util-linux
is completely ignoring securetty altogether.

Remove securetty from our skeleton altogether and stop worrying about
it.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-13 13:00:50 +02:00
Lorenzo Catucci
18fa4a32a6 system: allow/disallow root login, accept encoded passwords
Currently, there are only two possibilities regarding the root account:
  - it is enabled with no password (the default)
  - it is enabled, using a clear-text, user-provided password

This is deemed insufficient in many cases, especially when the .config
file has to be published (e.g. for the GPL compliance, or any other
reason.).

Fix that in two ways:

  - add a boolean option that allows/disallows root login altogether,
    which defaults to 'y' to keep backward compatibility;

  - accept already-encoded passwords, which we recognise as starting
    with either of $1$, $5$ or $6$ (resp. for md5, sha256 or sha512).

Signed-off-by: Lorenzo M. Catucci <lorenzo@sancho.ccd.uniroma2.it>
[yann.morin.1998@free.fr:
  - don't add a choice to select between clear-text/encoded password,
    use a single prompt;
  - differentiate in the password hook itself;
  - rewrite parts of the help entry;
  - rewrite and expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: "Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
Acked-by: "Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
Tested-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-04 12:46:43 +02:00
Thomas Petazzoni
8a58e0238e Makefile: rename TARGETS to PACKAGES
For clarity, this commit renames the TARGETS variable to the more
meaningful PACKAGES variable. Indeed, only packages (handled by one of
the package infrastructures) should be listed in this variable, and
not other random non-package targets.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
2015-04-14 10:16:51 +02:00
Jeremy Rosen
f4f62a3c16 Allow a single DHCP configuration via the system configuration submenu
This patch allows the setup of simple a single interface to be
automatically brought up and configured via DHCP on system startup.

The interface name can be set via a configuration option. This patch
does not support systemd-networkd, any complex network configuration should
be done via overlay of /etc/network/interfaces or the relevant networkd
configuration file

[Peter: rename to BR2_SYSTEM_DHCP, tweak help text & implementation]
Signed-off-by: Jérémy Rosen <jeremy.rosen@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-02 21:42:47 +01:00
Gustavo Zacarias
bcb835b042 system/inittab: update to fix bug #7442
Update inittabs (skeleton/busybox & sysvinit) to remove the trailing
REMOUNT_ROOTFS_RW comment used as magic string in system/system.mk to
enable/disable remounting the root filesystem rw or not since it affects
sysvinit in doing so properly as reported in bug #7442.

Instead update the sed expressions to match clean non-commented strings
by searching for "-o remount,rw /" and checking that's the end of the
line as well to avoid affecting possibly other remounts that a user can
have in a custom inittab.

Long-term the startup block of inittab should just move to a S00sysinit
script or similar so that rcS can pick it up directly.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-25 01:24:11 +02:00
Yann E. MORIN
02e5cef14c system: add option to choose what /bin/sh points to
Not all our shells do install a pointer to /bin/sh. Besides, between
those that do and multiple ones are enabled, the last one to install
wins the the symlink.

Add a new config choice in the system sub-menu that allows the user to
explicitly select the shell to provide /bin/sh. If busybox is not
enabled, default to using dash, a POSIX shell.

Remove the symlink creation from bash.mk at the same time.

Note: for every shell, we select them, except busybox, on which we
depend, on the assumption that we do not want to force busybox in case
the user decided not to enable it.

[Peter: remove redundant !BR2_PACKAGE_BUSYBOX dependency]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-12 15:51:38 +02:00
Fabio Porcedda
02b8860031 system: convert "system.mk" recipes to "target-finalize" hooks
Convert "system.mk" recipes to "target-finalize" hooks in order to:
- Ensure an ordering even if top-level parallel make is being used.
- Execute "system.mk" commands after the "target-finalize" initial message
  is printed so they can be clearly distinguished from packages
  building.

Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-06-29 16:42:39 +02:00
Assaf Inbal
a68a51257e getty: add the ability to pass options to getty
Signed-off-by: Assaf Inbal <shmuelzon@gmail.com>
Acked-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-09-15 22:17:53 +02:00
Assaf Inbal
ed6912e87d getty: Create specific getty config + cleanups
This commit introduces a specific BR2_TARGET_GENERIC_GETTY configuration flag.
This eliminates the need for checking if BR2_TARGET_GENERIC_GETTY_PORT is an
empty string or not. It also allows hiding various getty options when getty
isn't enabled.

Signed-off-by: Assaf Inbal <shmuelzon@gmail.com>
Acked-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-09-15 22:15:59 +02:00
Thomas De Schampheleire
59e0692095 host-mkpasswd: new package
Since the addition of root password setting support in buildroot, there have
been a few bug reports in this area ([1], [2]). In these cases, the system
mkpasswd did either not work, or did not provide the options we expect, like
-m <method>.

This patch adds a mkpasswd host package, based on the sources from whois. When
a non-empty root password is set, this package is used as a dependency.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>

[1] http://lists.busybox.net/pipermail/buildroot/2013-July/075771.html
[2] http://lists.busybox.net/pipermail/buildroot/2013-July/075869.html

[Thomas P: use $(INSTALL) instead of install, put -lcrypt at the end
of build command line to allow gcc to find the crypt() function in
lcrypt.]

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-08-10 19:49:32 +02:00
Jerzy Grzegorek
e0d9d33cc2 fix white spaces
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-07-20 21:13:57 +02:00
Tzu-Jung Lee
d67b3a54af skeleton: add default login port to /etc/securetty
We ran into a "Login incorrect" problem when running the same rootfs
image across platforms with different loging ports ttyS0/1/2/3.

Simply assignning "console" to BR2_TARGET_GENERIC_GETTY_PORT, which in
turn modifies the /etc/inittab, is not enough because the "console" device
was missing in the /etc/securetty.

While current securetty has enumerated a lot of ttys, this patch should save
some efforts to enumerate more.

[Peter: guard with single quotes]
Signed-off-by: Tzu-Jung Lee <tjlee@ambarella.com>
Signed-off-by: Spenser Gilliland <spenser@gillilanding.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-26 23:00:30 +02:00
Peter Korsgaard
4b2a40b6d7 system: simplify BR2_ROOTFS_SKELETON_DEFAULT handling
No functional change.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-01-06 21:52:18 +01:00
Yann E. MORIN
72defc45dd target: add different methods to encode passwords
Passwords can be encoded in different ways (from the weakest
to the strongest): des, md5, sha-256, sha-512

Add a choice entry to select the method, defaulting to 'md5'.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-01-06 21:52:18 +01:00
Yann E. MORIN
b98b191b5c system: set root password only for default skeleton
In case one is using a custom skeleton, the root pasword might already be
set in this case, and should not be overriden.

Just ask for (and set) the root password only for the default skeleton.

Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-01-06 21:46:47 +01:00
Peter Korsgaard
2bb2e62a4b system: TARGET_GENERIC_GETTY: allow it to be disabled
For some systems, you don't want to run any getty, so allow the option
to be disabled when the empty string is used.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-01-04 21:39:05 +01:00
Yann E. MORIN
a45871bfc6 target: add option to set the root password
Add an option in the menuconfig to specify a root password.

If set to empty, no root password is created; otherwise, the password is
encrypted using MD5 (MD5 is not the default for crypt(3), DES-56 is, but
MD5 is widely available, not-so-strong, but not-so-weak either).

Add a check for 'mkpasswd' as a new dependency.

[Peter: fix typo/capitilization and simplify logic]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-30 18:00:16 +01:00
Richard Braun
a0df7e1f0b system: add option to configure TERM variable
This option is useful for cases where the terminal isn't a bare serial
vt100, but e.g. a linux tty with more features.

Signed-off-by: Richard Braun <rbraun@sceen.net>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-16 01:01:14 +01:00
Thomas Petazzoni
6c3e3ad419 New top-level directory: system
This directory groups the following elements:
 * the default root filesystem skeleton
 * the default device tables
 * the Config.in options for system configuration (UART port for
   getty, system hostname, etc.)
 * the make rules to apply the system configuration options

Even though the skeleton and device tables could have lived in fs/, it
would have been strange to have the UART, system hostname and other
related options into fs/. A new system/ directory makes more sense.

As a consequence, this patch also removes target/Makefile.in, which
has become useless in the process.

[Peter: fixup TARGET_SKELETON settings / documentation to match]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-11-04 12:51:08 +01:00