securetty is supposed to restrict the terminals root is allowed to
login from. As it happens, login from busybox (w/ securetty support)
is actually enforcing use of securetty, while login from util-linux
is completely ignoring securetty altogether.
Remove securetty from our skeleton altogether and stop worrying about
it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, there are only two possibilities regarding the root account:
- it is enabled with no password (the default)
- it is enabled, using a clear-text, user-provided password
This is deemed insufficient in many cases, especially when the .config
file has to be published (e.g. for the GPL compliance, or any other
reason.).
Fix that in two ways:
- add a boolean option that allows/disallows root login altogether,
which defaults to 'y' to keep backward compatibility;
- accept already-encoded passwords, which we recognise as starting
with either of $1$, $5$ or $6$ (resp. for md5, sha256 or sha512).
Signed-off-by: Lorenzo M. Catucci <lorenzo@sancho.ccd.uniroma2.it>
[yann.morin.1998@free.fr:
- don't add a choice to select between clear-text/encoded password,
use a single prompt;
- differentiate in the password hook itself;
- rewrite parts of the help entry;
- rewrite and expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: "Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
Acked-by: "Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
Tested-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For clarity, this commit renames the TARGETS variable to the more
meaningful PACKAGES variable. Indeed, only packages (handled by one of
the package infrastructures) should be listed in this variable, and
not other random non-package targets.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
This patch allows the setup of simple a single interface to be
automatically brought up and configured via DHCP on system startup.
The interface name can be set via a configuration option. This patch
does not support systemd-networkd, any complex network configuration should
be done via overlay of /etc/network/interfaces or the relevant networkd
configuration file
[Peter: rename to BR2_SYSTEM_DHCP, tweak help text & implementation]
Signed-off-by: Jérémy Rosen <jeremy.rosen@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update inittabs (skeleton/busybox & sysvinit) to remove the trailing
REMOUNT_ROOTFS_RW comment used as magic string in system/system.mk to
enable/disable remounting the root filesystem rw or not since it affects
sysvinit in doing so properly as reported in bug #7442.
Instead update the sed expressions to match clean non-commented strings
by searching for "-o remount,rw /" and checking that's the end of the
line as well to avoid affecting possibly other remounts that a user can
have in a custom inittab.
Long-term the startup block of inittab should just move to a S00sysinit
script or similar so that rcS can pick it up directly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Not all our shells do install a pointer to /bin/sh. Besides, between
those that do and multiple ones are enabled, the last one to install
wins the the symlink.
Add a new config choice in the system sub-menu that allows the user to
explicitly select the shell to provide /bin/sh. If busybox is not
enabled, default to using dash, a POSIX shell.
Remove the symlink creation from bash.mk at the same time.
Note: for every shell, we select them, except busybox, on which we
depend, on the assumption that we do not want to force busybox in case
the user decided not to enable it.
[Peter: remove redundant !BR2_PACKAGE_BUSYBOX dependency]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Convert "system.mk" recipes to "target-finalize" hooks in order to:
- Ensure an ordering even if top-level parallel make is being used.
- Execute "system.mk" commands after the "target-finalize" initial message
is printed so they can be clearly distinguished from packages
building.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Assaf Inbal <shmuelzon@gmail.com>
Acked-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
This commit introduces a specific BR2_TARGET_GENERIC_GETTY configuration flag.
This eliminates the need for checking if BR2_TARGET_GENERIC_GETTY_PORT is an
empty string or not. It also allows hiding various getty options when getty
isn't enabled.
Signed-off-by: Assaf Inbal <shmuelzon@gmail.com>
Acked-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Since the addition of root password setting support in buildroot, there have
been a few bug reports in this area ([1], [2]). In these cases, the system
mkpasswd did either not work, or did not provide the options we expect, like
-m <method>.
This patch adds a mkpasswd host package, based on the sources from whois. When
a non-empty root password is set, this package is used as a dependency.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
[1] http://lists.busybox.net/pipermail/buildroot/2013-July/075771.html
[2] http://lists.busybox.net/pipermail/buildroot/2013-July/075869.html
[Thomas P: use $(INSTALL) instead of install, put -lcrypt at the end
of build command line to allow gcc to find the crypt() function in
lcrypt.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We ran into a "Login incorrect" problem when running the same rootfs
image across platforms with different loging ports ttyS0/1/2/3.
Simply assignning "console" to BR2_TARGET_GENERIC_GETTY_PORT, which in
turn modifies the /etc/inittab, is not enough because the "console" device
was missing in the /etc/securetty.
While current securetty has enumerated a lot of ttys, this patch should save
some efforts to enumerate more.
[Peter: guard with single quotes]
Signed-off-by: Tzu-Jung Lee <tjlee@ambarella.com>
Signed-off-by: Spenser Gilliland <spenser@gillilanding.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Passwords can be encoded in different ways (from the weakest
to the strongest): des, md5, sha-256, sha-512
Add a choice entry to select the method, defaulting to 'md5'.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
In case one is using a custom skeleton, the root pasword might already be
set in this case, and should not be overriden.
Just ask for (and set) the root password only for the default skeleton.
Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
For some systems, you don't want to run any getty, so allow the option
to be disabled when the empty string is used.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Add an option in the menuconfig to specify a root password.
If set to empty, no root password is created; otherwise, the password is
encrypted using MD5 (MD5 is not the default for crypt(3), DES-56 is, but
MD5 is widely available, not-so-strong, but not-so-weak either).
Add a check for 'mkpasswd' as a new dependency.
[Peter: fix typo/capitilization and simplify logic]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
This option is useful for cases where the terminal isn't a bare serial
vt100, but e.g. a linux tty with more features.
Signed-off-by: Richard Braun <rbraun@sceen.net>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
This directory groups the following elements:
* the default root filesystem skeleton
* the default device tables
* the Config.in options for system configuration (UART port for
getty, system hostname, etc.)
* the make rules to apply the system configuration options
Even though the skeleton and device tables could have lived in fs/, it
would have been strange to have the UART, system hostname and other
related options into fs/. A new system/ directory makes more sense.
As a consequence, this patch also removes target/Makefile.in, which
has become useless in the process.
[Peter: fixup TARGET_SKELETON settings / documentation to match]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>