* [Buildroot] [PATCH 0/2 v4] enhance root password (branch yem/passwd)
@ 2015-03-24 18:54 Yann E. MORIN
2015-03-24 18:54 ` [Buildroot] [PATCH 1/2 v4] system: remove DES password encoding Yann E. MORIN
2015-03-24 18:54 ` [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords Yann E. MORIN
0 siblings, 2 replies; 7+ messages in thread
From: Yann E. MORIN @ 2015-03-24 18:54 UTC (permalink / raw)
To: buildroot
Hello All!
This series allows setting analready-ecoded root pasword. See the commit
log of patch 2/2 for the whole explanation.
Changes v3 -> v4:
- ditch support for DES-encoded passwords (Yann)
- use a single kconfig option to set both encoded and clear-text
password (Yann)
Regards,
Yann E. MORIN.
The following changes since commit 22014e038047dfa2a303fecce0a22d1c5811b6a5:
mongoose: bump to version 5.6 (2015-03-23 23:17:32 +0100)
are available in the git repository at:
git://git.busybox.net/~ymorin/git/buildroot yem/passwd
for you to fetch changes up to a13aae8e9670b5cb069379dee94735deb3663f21:
system: allow/disallow root login, accept encoded passwords (2015-03-24 19:48:42 +0100)
----------------------------------------------------------------
Lorenzo Catucci (1):
system: allow/disallow root login, accept encoded passwords
Yann E. MORIN (1):
system: remove DES password encoding
Config.in.legacy | 7 +++++++
system/Config.in | 37 +++++++++++++++++++------------------
system/system.mk | 24 ++++++++++++++++++++----
3 files changed, 46 insertions(+), 22 deletions(-)
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/2 v4] system: remove DES password encoding
2015-03-24 18:54 [Buildroot] [PATCH 0/2 v4] enhance root password (branch yem/passwd) Yann E. MORIN
@ 2015-03-24 18:54 ` Yann E. MORIN
2015-04-10 20:31 ` Thomas Petazzoni
2015-03-24 18:54 ` [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords Yann E. MORIN
1 sibling, 1 reply; 7+ messages in thread
From: Yann E. MORIN @ 2015-03-24 18:54 UTC (permalink / raw)
To: buildroot
DES is long dead, it is insecure as hell, and virtually all known
crypt(3) implementations now all support at least md5.
Besides, the character-space of DES-encoded passwords are a sub-set
of the character-space for a clear-text password, so we can't easily
differentiate between the two. Since we're going to change the root
password prompt to support settign encoded passwords (as well as
clear-text passwords), we can't keep DES or we'd be unable to decide
whether we'd need to encode the password or not.
Remove DES encoding altogether (and add a legacy entry). The default is
still md5, and thus there's no backward-compatibility 'select' to add.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Lorenzo Catucci <lorenzo@sancho.ccd.uniroma2.it>
---
Config.in.legacy | 7 +++++++
system/Config.in | 9 ---------
2 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/Config.in.legacy b/Config.in.legacy
index 1f57671..2fad28f 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -101,6 +101,13 @@ endif
###############################################################################
comment "Legacy options removed in 2015.05"
+config BR2_TARGET_GENERIC_PASSWD_DES
+ bool "Encoding passwords with DES has been removed"
+ select BR2_LEGACY
+ help
+ Paswords can now only be encoded with either of md5, sha256 or sha512.
+ The default is md5, which is stronger that DES (but still pretty weak).
+
config BR2_PACKAGE_VALGRIND_PTRCHECK
bool "valgrind's PTRCheck was renamed to SGCheck"
select BR2_LEGACY
diff --git a/system/Config.in b/system/Config.in
index 9973cc2..8621def 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -27,14 +27,6 @@ choice
Note: this is used at build-time, and *not* at runtime.
-config BR2_TARGET_GENERIC_PASSWD_DES
- bool "des"
- help
- Use standard 56-bit DES-based crypt(3) to encode passwords.
-
- Old, wildly available, but also the weakest, very susceptible to
- brute-force attacks.
-
config BR2_TARGET_GENERIC_PASSWD_MD5
bool "md5"
help
@@ -67,7 +59,6 @@ endchoice # Passwd encoding
config BR2_TARGET_GENERIC_PASSWD_METHOD
string
- default "des" if BR2_TARGET_GENERIC_PASSWD_DES
default "md5" if BR2_TARGET_GENERIC_PASSWD_MD5
default "sha-256" if BR2_TARGET_GENERIC_PASSWD_SHA256
default "sha-512" if BR2_TARGET_GENERIC_PASSWD_SHA512
--
1.9.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords
2015-03-24 18:54 [Buildroot] [PATCH 0/2 v4] enhance root password (branch yem/passwd) Yann E. MORIN
2015-03-24 18:54 ` [Buildroot] [PATCH 1/2 v4] system: remove DES password encoding Yann E. MORIN
@ 2015-03-24 18:54 ` Yann E. MORIN
2015-03-24 21:20 ` Lorenzo M. Catucci
2015-04-10 20:39 ` Thomas Petazzoni
1 sibling, 2 replies; 7+ messages in thread
From: Yann E. MORIN @ 2015-03-24 18:54 UTC (permalink / raw)
To: buildroot
From: Lorenzo Catucci <lorenzo@sancho.ccd.uniroma2.it>
Currently, there is only three possibilities regarding the root account:
- it is enabled with no password (the default)
- it is enabled, using a clear-text, user-provided password
- it is disabled if the user sets the clear-text password to '*'
This is deemed insufficient in many cases, especially when the .config
file has to be published (e.g. for the GPL compliance, or any other
reason.).
Fix that in two ways:
- add a bolean option that allows/diesaloows root login altogether,
which defaults to 'y' to keep backward compatibility;
- accept already-encoded passwords, which we recognise as starting
with either of $1$, $5$ or $6$ (resp. for md5, sha256 or sha512).
For backward-compatibility, we stil accept '*' to disable the
account.
Signed-off-by: Lorenzo M. Catucci <lorenzo@sancho.ccd.uniroma2.it>
[yann.morin.1998 at free.fr:
- don't add a choice to select between clear-text/encoded password,
use a single prompt;
- differentiate in the password hook itself;
- rewrite parts of the help entry;
- rewrite and expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
Note: this can only go in if DES encoded is ditched, because its
character-space is the same as for clear-text passwords.
---
system/Config.in | 28 +++++++++++++++++++---------
system/system.mk | 24 ++++++++++++++++++++----
2 files changed, 39 insertions(+), 13 deletions(-)
diff --git a/system/Config.in b/system/Config.in
index 8621def..17a626b 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -179,26 +179,36 @@ endif
if BR2_ROOTFS_SKELETON_DEFAULT
+config BR2_TARGET_ENABLE_ROOT_LOGIN
+ bool "Enable root login"
+ default "y"
+ help
+ Enable root login password
+
config BR2_TARGET_GENERIC_ROOT_PASSWD
string "Root password"
default ""
+ depends on BR2_TARGET_ENABLE_ROOT_LOGIN
help
- Set the initial root password (in clear). It will be md5-encrypted.
+ Set the initial root password.
If set to empty (the default), then no root password will be set,
and root will need no password to log in.
- WARNING! WARNING!
- Although pretty strong, MD5 is now an old hash function, and
- suffers from some weaknesses, which makes it susceptible to attacks.
- It is showing its age, so this root password should not be trusted
- to properly secure any product that can be shipped to the wide,
- hostile world.
+ If the password starts with any of $1$, $5$ or $6$, it is considered
+ to be already crypt-encoded with respectively md5, sha256 or sha512.
+ Any other value is taken to be a clear-text value, and is crypt-encoded
+ as per the "Passwords encoding" scheme, above.
+
+ Note: "$" signs in the hashed password must be doubled. For example,
+ if the hashed password is "$1$longsalt$v35DIIeMo4yUfI23yditq0", then
+ you must enter it as "$$1$$longsalt$$v35DIIeMo4yUfI23yditq0".
WARNING! WARNING!
- The password appears in clear in the .config file, and may appear
+ The password appears as-is in the .config file, and may appear
in the build log! Avoid using a valuable password if either the
- .config file or the build log may be distributed!
+ .config file or the build log may be distributed, or at the
+ very least use a strong cryptographic hash for your password!
choice
bool "/bin/sh"
diff --git a/system/system.mk b/system/system.mk
index 4a1eb4a..2ac5d08 100644
--- a/system/system.mk
+++ b/system/system.mk
@@ -34,7 +34,7 @@ endef
TARGET_FINALIZE_HOOKS += SYSTEM_ISSUE
endif
-ifneq ($(TARGET_GENERIC_ROOT_PASSWD),)
+ifneq ($(BR2_TARGET_ENABLE_ROOT_LOGIN),)
TARGETS += host-mkpasswd
endif
@@ -70,9 +70,25 @@ TARGET_FINALIZE_HOOKS += SET_NETWORK
ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
define SYSTEM_ROOT_PASSWD
- [ -n "$(TARGET_GENERIC_ROOT_PASSWD)" ] && \
- TARGET_GENERIC_ROOT_PASSWD_HASH=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)"); \
- $(SED) "s,^root:[^:]*:,root:$$TARGET_GENERIC_ROOT_PASSWD_HASH:," $(TARGET_DIR)/etc/shadow
+ if [ "$(BR2_TARGET_ENABLE_ROOT_LOGIN)" = "y" ]; then \
+ case '$(TARGET_GENERIC_ROOT_PASSWD)' in \
+ ("") \
+ ROOT_PASSWD=""; \
+ ;; \
+ ("$$1$$"*|"$$5$$"*|"$$6$$"*) \
+ ROOT_PASSWD='$(TARGET_GENERIC_ROOT_PASSWD)'; \
+ ;; \
+ ('*') \
+ ROOT_PASSWD='*'; \
+ ;; \
+ (*) \
+ ROOT_PASSWD=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)"); \
+ ;; \
+ esac; \
+ else \
+ ROOT_PASSWD='*'; \
+ fi; \
+ $(SED) "s,^root:[^:]*:,root:$${ROOT_PASSWD}:," $(TARGET_DIR)/etc/shadow
endef
TARGET_FINALIZE_HOOKS += SYSTEM_ROOT_PASSWD
--
1.9.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords
2015-03-24 18:54 ` [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords Yann E. MORIN
@ 2015-03-24 21:20 ` Lorenzo M. Catucci
2015-04-10 20:39 ` Thomas Petazzoni
1 sibling, 0 replies; 7+ messages in thread
From: Lorenzo M. Catucci @ 2015-03-24 21:20 UTC (permalink / raw)
To: buildroot
Thank you, Yann!
On 24/03/2015 19:54, Yann E. MORIN wrote:
> From: Lorenzo Catucci <lorenzo@sancho.ccd.uniroma2.it>
>
> Currently, there is only three possibilities regarding the root account:
> - it is enabled with no password (the default)
> - it is enabled, using a clear-text, user-provided password
> - it is disabled if the user sets the clear-text password to '*'
>
> This is deemed insufficient in many cases, especially when the .config
> file has to be published (e.g. for the GPL compliance, or any other
> reason.).
>
> Fix that in two ways:
>
> - add a bolean option that allows/diesaloows root login altogether,
> which defaults to 'y' to keep backward compatibility;
>
> - accept already-encoded passwords, which we recognise as starting
> with either of $1$, $5$ or $6$ (resp. for md5, sha256 or sha512).
> For backward-compatibility, we stil accept '*' to disable the
> account.
>
Works very well for me, especially since my primary need was a config option
disabling root login; still, you summarized very well the reason I'd rather
use a decent sha-512 encoded root password if I were to distribute my
applicance's config file.
Thank you once more, yours
lorenzo
--
+-------------------------+----------------------------------------------+
| Lorenzo M. Catucci | Centro di Calcolo e Documentazione |
| catucci at ccd.uniroma2.it | Universit? degli Studi di Roma "Tor Vergata" |
| | Via O. Raimondo 18 ** I-00173 ROMA ** ITALY |
| Tel. +39 06 7259 2255 | Fax. +39 06 7259 2125 |
+-------------------------+----------------------------------------------+
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/2 v4] system: remove DES password encoding
2015-03-24 18:54 ` [Buildroot] [PATCH 1/2 v4] system: remove DES password encoding Yann E. MORIN
@ 2015-04-10 20:31 ` Thomas Petazzoni
0 siblings, 0 replies; 7+ messages in thread
From: Thomas Petazzoni @ 2015-04-10 20:31 UTC (permalink / raw)
To: buildroot
Dear Yann E. MORIN,
On Tue, 24 Mar 2015 19:54:15 +0100, Yann E. MORIN wrote:
> DES is long dead, it is insecure as hell, and virtually all known
> crypt(3) implementations now all support at least md5.
>
> Besides, the character-space of DES-encoded passwords are a sub-set
> of the character-space for a clear-text password, so we can't easily
> differentiate between the two. Since we're going to change the root
> password prompt to support settign encoded passwords (as well as
I've fixed settign -> setting.
> clear-text passwords), we can't keep DES or we'd be unable to decide
> whether we'd need to encode the password or not.
>
> Remove DES encoding altogether (and add a legacy entry). The default is
> still md5, and thus there's no backward-compatibility 'select' to add.
>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> Cc: Lorenzo Catucci <lorenzo@sancho.ccd.uniroma2.it>
> ---
> Config.in.legacy | 7 +++++++
> system/Config.in | 9 ---------
> 2 files changed, 7 insertions(+), 9 deletions(-)
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords
2015-03-24 18:54 ` [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords Yann E. MORIN
2015-03-24 21:20 ` Lorenzo M. Catucci
@ 2015-04-10 20:39 ` Thomas Petazzoni
2015-04-10 20:53 ` Yann E. MORIN
1 sibling, 1 reply; 7+ messages in thread
From: Thomas Petazzoni @ 2015-04-10 20:39 UTC (permalink / raw)
To: buildroot
Dear Yann E. MORIN,
On Tue, 24 Mar 2015 19:54:16 +0100, Yann E. MORIN wrote:
> Currently, there is only three possibilities regarding the root account:
> - it is enabled with no password (the default)
> - it is enabled, using a clear-text, user-provided password
> - it is disabled if the user sets the clear-text password to '*'
>
> This is deemed insufficient in many cases, especially when the .config
> file has to be published (e.g. for the GPL compliance, or any other
> reason.).
>
> Fix that in two ways:
>
> - add a bolean option that allows/diesaloows root login altogether,
disallows.
> which defaults to 'y' to keep backward compatibility;
>
> - accept already-encoded passwords, which we recognise as starting
> with either of $1$, $5$ or $6$ (resp. for md5, sha256 or sha512).
> For backward-compatibility, we stil accept '*' to disable the
still.
> @@ -70,9 +70,25 @@ TARGET_FINALIZE_HOOKS += SET_NETWORK
> ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
>
> define SYSTEM_ROOT_PASSWD
> - [ -n "$(TARGET_GENERIC_ROOT_PASSWD)" ] && \
> - TARGET_GENERIC_ROOT_PASSWD_HASH=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)"); \
> - $(SED) "s,^root:[^:]*:,root:$$TARGET_GENERIC_ROOT_PASSWD_HASH:," $(TARGET_DIR)/etc/shadow
> + if [ "$(BR2_TARGET_ENABLE_ROOT_LOGIN)" = "y" ]; then \
> + case '$(TARGET_GENERIC_ROOT_PASSWD)' in \
> + ("") \
> + ROOT_PASSWD=""; \
> + ;; \
> + ("$$1$$"*|"$$5$$"*|"$$6$$"*) \
> + ROOT_PASSWD='$(TARGET_GENERIC_ROOT_PASSWD)'; \
> + ;; \
> + ('*') \
> + ROOT_PASSWD='*'; \
> + ;; \
> + (*) \
> + ROOT_PASSWD=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)"); \
> + ;; \
> + esac; \
> + else \
> + ROOT_PASSWD='*'; \
> + fi; \
> + $(SED) "s,^root:[^:]*:,root:$${ROOT_PASSWD}:," $(TARGET_DIR)/etc/shadow
Argh. Can we use make instead of turning Buildroot into a build system
written in shell ?
ifeq ($(BR2_TARGET_ENABLE_ROOT_LOGIN),)
SYSTEM_ROOT_PASSWORD = *
else
ifeq ($(TARGET_GENERIC_ROOT_PASSWORD),)
SYSTEM_ROOT_PASSWORD =
# I believe we could simplify this, and assume that if the password
# starts with $$, we have an already encoded password.
else ifeq ($(or $(filter $$1$$%,$(TARGET_GENERIC_ROOT_PASSWORD)),$(filter $$5$$%,$(TARGET_GENERIC_ROOT_PASSWORD)),$(filter $$6$$%,$(TARGET_GENERIC_ROOT_PASSWORD)))
SYSTEM_ROOT_PASSWORD = $(TARGET_GENERIC_ROOT_PASSWORD))
else ifeq ($(TARGET_GENERIC_ROOT_PASSWORD),*)
SYSTEM_ROOT_PASSWORD = $(TARGET_GENERIC_ROOT_PASSWORD))
else
SYSTEM_ROOT_PASSWORD = $(shell $(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)")
endif
endif
(Completely untested, of course).
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords
2015-04-10 20:39 ` Thomas Petazzoni
@ 2015-04-10 20:53 ` Yann E. MORIN
0 siblings, 0 replies; 7+ messages in thread
From: Yann E. MORIN @ 2015-04-10 20:53 UTC (permalink / raw)
To: buildroot
Thomas, All,
On 2015-04-10 22:39 +0200, Thomas Petazzoni spake thusly:
> On Tue, 24 Mar 2015 19:54:16 +0100, Yann E. MORIN wrote:
> > Currently, there is only three possibilities regarding the root account:
> > - it is enabled with no password (the default)
> > - it is enabled, using a clear-text, user-provided password
> > - it is disabled if the user sets the clear-text password to '*'
> >
> > This is deemed insufficient in many cases, especially when the .config
> > file has to be published (e.g. for the GPL compliance, or any other
> > reason.).
> >
> > Fix that in two ways:
> >
> > - add a bolean option that allows/diesaloows root login altogether,
>
> disallows.
OK.
> > which defaults to 'y' to keep backward compatibility;
> >
> > - accept already-encoded passwords, which we recognise as starting
> > with either of $1$, $5$ or $6$ (resp. for md5, sha256 or sha512).
> > For backward-compatibility, we stil accept '*' to disable the
>
> still.
Well, I was wrong on that one: if the password is '*', it is
crypt-encoded. We in fact could *not* use '*' to disable root login at
all... I'll rework that part, and since we now have the option to
explicitly allow/disallow (without typo) root logins, recognising that
magic value is not needed.
> > @@ -70,9 +70,25 @@ TARGET_FINALIZE_HOOKS += SET_NETWORK
> > ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
> >
> > define SYSTEM_ROOT_PASSWD
> > - [ -n "$(TARGET_GENERIC_ROOT_PASSWD)" ] && \
> > - TARGET_GENERIC_ROOT_PASSWD_HASH=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)"); \
> > - $(SED) "s,^root:[^:]*:,root:$$TARGET_GENERIC_ROOT_PASSWD_HASH:," $(TARGET_DIR)/etc/shadow
> > + if [ "$(BR2_TARGET_ENABLE_ROOT_LOGIN)" = "y" ]; then \
> > + case '$(TARGET_GENERIC_ROOT_PASSWD)' in \
> > + ("") \
> > + ROOT_PASSWD=""; \
> > + ;; \
> > + ("$$1$$"*|"$$5$$"*|"$$6$$"*) \
> > + ROOT_PASSWD='$(TARGET_GENERIC_ROOT_PASSWD)'; \
> > + ;; \
> > + ('*') \
> > + ROOT_PASSWD='*'; \
> > + ;; \
> > + (*) \
> > + ROOT_PASSWD=$$($(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)"); \
> > + ;; \
> > + esac; \
> > + else \
> > + ROOT_PASSWD='*'; \
> > + fi; \
> > + $(SED) "s,^root:[^:]*:,root:$${ROOT_PASSWD}:," $(TARGET_DIR)/etc/shadow
>
> Argh. Can we use make instead of turning Buildroot into a build system
> written in shell ?
>
> ifeq ($(BR2_TARGET_ENABLE_ROOT_LOGIN),)
> SYSTEM_ROOT_PASSWORD = *
> else
> ifeq ($(TARGET_GENERIC_ROOT_PASSWORD),)
> SYSTEM_ROOT_PASSWORD =
> # I believe we could simplify this, and assume that if the password
> # starts with $$, we have an already encoded password.
> else ifeq ($(or $(filter $$1$$%,$(TARGET_GENERIC_ROOT_PASSWORD)),$(filter $$5$$%,$(TARGET_GENERIC_ROOT_PASSWORD)),$(filter $$6$$%,$(TARGET_GENERIC_ROOT_PASSWORD)))
> SYSTEM_ROOT_PASSWORD = $(TARGET_GENERIC_ROOT_PASSWORD))
> else ifeq ($(TARGET_GENERIC_ROOT_PASSWORD),*)
> SYSTEM_ROOT_PASSWORD = $(TARGET_GENERIC_ROOT_PASSWORD))
> else
> SYSTEM_ROOT_PASSWORD = $(shell $(MKPASSWD) -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)")
> endif
> endif
>
> (Completely untested, of course).
OK, will try to make it work (hint: it does not right now: missing
operand to the ifeq for md5/sha256/sha512 case). ;-)
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-04-10 20:53 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-24 18:54 [Buildroot] [PATCH 0/2 v4] enhance root password (branch yem/passwd) Yann E. MORIN
2015-03-24 18:54 ` [Buildroot] [PATCH 1/2 v4] system: remove DES password encoding Yann E. MORIN
2015-04-10 20:31 ` Thomas Petazzoni
2015-03-24 18:54 ` [Buildroot] [PATCH 2/2 v4] system: allow/disallow root login, accept encoded passwords Yann E. MORIN
2015-03-24 21:20 ` Lorenzo M. Catucci
2015-04-10 20:39 ` Thomas Petazzoni
2015-04-10 20:53 ` Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.