summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorYann E. MORIN <yann.morin.1998@free.fr>2012-12-28 14:07:33 +0000
committerPeter Korsgaard <jacmet@sunsite.dk>2012-12-30 18:00:16 +0100
commita45871bfc6a3f800548954dd364b5f53e81804ab (patch)
treec096d3defbcb6a8abfc424f2a24f6f14ebdbea47 /system
parentaa5d13568d193b741d4c20fb8670a3f7334efdcb (diff)
downloadbuildroot-novena-a45871bfc6a3f800548954dd364b5f53e81804ab.tar.gz
buildroot-novena-a45871bfc6a3f800548954dd364b5f53e81804ab.zip
target: add option to set the root password
Add an option in the menuconfig to specify a root password. If set to empty, no root password is created; otherwise, the password is encrypted using MD5 (MD5 is not the default for crypt(3), DES-56 is, but MD5 is widely available, not-so-strong, but not-so-weak either). Add a check for 'mkpasswd' as a new dependency. [Peter: fix typo/capitilization and simplify logic] Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Diffstat (limited to 'system')
-rw-r--r--system/Config.in21
-rw-r--r--system/system.mk9
2 files changed, 30 insertions, 0 deletions
diff --git a/system/Config.in b/system/Config.in
index a557ea035..f1c260a95 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -12,6 +12,27 @@ config BR2_TARGET_GENERIC_ISSUE
help
Select system banner (/etc/issue) to be displayed at login.
+config BR2_TARGET_GENERIC_ROOT_PASSWD
+ string "Root password"
+ default ""
+ help
+ Set the initial root password (in clear). It will be md5-encrypted.
+
+ If set to empty (the default), then no root password will be set,
+ and root will need no password to log in.
+
+ WARNING! WARNING!
+ Although pretty strong, MD5 is now an old hash function, and
+ suffers from some weaknesses, which makes it susceptible to attacks.
+ It is showing its age, so this root password should not be trusted
+ to properly secure any product that can be shipped to the wide,
+ hostile world.
+
+ WARNING! WARNING!
+ The password appears in clear in the .config file, and may appear
+ in the build log! Avoid using a valuable password if either the
+ .config file or the build log may be distributed!
+
choice
prompt "/dev management"
default BR2_ROOTFS_DEVICE_CREATION_STATIC
diff --git a/system/system.mk b/system/system.mk
index 353d0ba1b..7536ce649 100644
--- a/system/system.mk
+++ b/system/system.mk
@@ -1,5 +1,9 @@
TARGET_GENERIC_HOSTNAME:=$(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME))
TARGET_GENERIC_ISSUE:=$(call qstrip,$(BR2_TARGET_GENERIC_ISSUE))
+TARGET_GENERIC_ROOT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD))
+ifneq ($(TARGET_GENERIC_ROOT_PASSWD),)
+TARGET_GENERIC_ROOT_PASSWD_HASH=$(shell mkpasswd -m md5 "$(TARGET_GENERIC_ROOT_PASSWD)")
+endif
TARGET_GENERIC_GETTY:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT))
TARGET_GENERIC_GETTY_BAUDRATE:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE))
TARGET_GENERIC_GETTY_TERM:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_TERM))
@@ -14,6 +18,9 @@ target-generic-issue:
mkdir -p $(TARGET_DIR)/etc
echo "$(TARGET_GENERIC_ISSUE)" > $(TARGET_DIR)/etc/issue
+target-root-passwd:
+ $(SED) 's,^root:[^:]*:,root:$(TARGET_GENERIC_ROOT_PASSWD_HASH):,' $(TARGET_DIR)/etc/shadow
+
target-generic-getty-busybox:
$(SED) '/# GENERIC_SERIAL$$/s~^.*#~$(TARGET_GENERIC_GETTY)::respawn:/sbin/getty -L $(TARGET_GENERIC_GETTY) $(TARGET_GENERIC_GETTY_BAUDRATE) $(TARGET_GENERIC_GETTY_TERM) #~' \
$(TARGET_DIR)/etc/inittab
@@ -40,6 +47,8 @@ ifneq ($(TARGET_GENERIC_ISSUE),)
TARGETS += target-generic-issue
endif
+TARGETS += target-root-passwd
+
ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
ifeq ($(BR2_PACKAGE_SYSVINIT),y)
TARGETS += target-generic-getty-sysvinit