* [Buildroot] [PATCH v2 0/8] Add /etc/shells handling
@ 2018-01-17 17:44 Romain Naour
2018-01-17 17:44 ` [Buildroot] [PATCH v2 1/8] package/skeleton-init-common: add /bin/sh to /etc/shells Romain Naour
` (7 more replies)
0 siblings, 8 replies; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
Started with commit [1], all package providing a shell interpreter
should be listed in /etc/shells file to avoid issues with dropbear
or other tools.
Although a macro could be added to pkg-generic.mk to avoid
duplicating the /etc/shells handling, there is less than ten
shell packages in Buildroot. So add /etc/shells handling as
a POST_INSTALL_TARGET_HOOKS or inside INSTALL_TARGET_CMDS.
[1] 4d279697afbf8fb295274784103be2b837113d5e
Romain Naour (8):
package/skeleton-init-common: add /bin/sh to /etc/shells
package/busybox: add /bin/{a,hu}sh to /etc/shells
package/dash: add /etc/dash to /etc/shells
package/screen: add /usr/bin/screen to /etc/shells
package/tmux: add /usr/bin/tmux to /etc/shells
package/zsh: add /bin/zsh to /etc/shells
package/mksh: add /bin/mksh to /etc/shells
package/bash: add missing double-dollar for /etc/shells
package/bash/bash.mk | 2 +-
package/busybox/busybox.mk | 14 ++++++++++++++
package/dash/dash.mk | 4 ++++
package/mksh/mksh.mk | 8 ++++++++
package/screen/screen.mk | 9 ++++++++-
package/skeleton-init-common/skeleton-init-common.mk | 7 +++++++
package/tmux/tmux.mk | 8 ++++++++
package/zsh/zsh.mk | 8 ++++++++
8 files changed, 58 insertions(+), 2 deletions(-)
--
2.7.4
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 1/8] package/skeleton-init-common: add /bin/sh to /etc/shells
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
@ 2018-01-17 17:44 ` Romain Naour
2018-01-17 18:44 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 2/8] package/busybox: add /bin/{a, hu}sh " Romain Naour
` (6 subsequent siblings)
7 siblings, 1 reply; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
Add the default shell /bin/sh to /etc/shells only if BR2_SYSTEM_BIN_SH_NONE
is not selected.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
v2: add double-dollar after /bin/sh (Yann)
remove empty /etc/shells from skeleton (Yann, Peter)
move the hook right after it's defined (Yann)
---
package/skeleton-init-common/skeleton-init-common.mk | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/package/skeleton-init-common/skeleton-init-common.mk b/package/skeleton-init-common/skeleton-init-common.mk
index 8228a81..03cb744 100644
--- a/package/skeleton-init-common/skeleton-init-common.mk
+++ b/package/skeleton-init-common/skeleton-init-common.mk
@@ -79,6 +79,13 @@ define SKELETON_INIT_COMMON_SET_BIN_SH
rm -f $(TARGET_DIR)/bin/sh
endef
else
+# Add /bin/sh to /etc/shells otherwise some login tools like dropbear
+# can reject the user connexion. See man shells.
+define SKELETON_INIT_COMMON_ADD_SH_TO_SHELLS
+ grep -qsE '^/bin/sh$$' $(TARGET_DIR)/etc/shells \
+ || echo "/bin/sh" >> $(TARGET_DIR)/etc/shells
+endef
+SKELETON_INIT_COMMON_POST_INSTALL_TARGET_HOOKS += SKELETON_INIT_COMMON_ADD_SH_TO_SHELLS
ifneq ($(SKELETON_INIT_COMMON_BIN_SH),)
define SKELETON_INIT_COMMON_SET_BIN_SH
ln -sf $(SKELETON_INIT_COMMON_BIN_SH) $(TARGET_DIR)/bin/sh
--
2.7.4
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 2/8] package/busybox: add /bin/{a, hu}sh to /etc/shells
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
2018-01-17 17:44 ` [Buildroot] [PATCH v2 1/8] package/skeleton-init-common: add /bin/sh to /etc/shells Romain Naour
@ 2018-01-17 17:44 ` Romain Naour
2018-01-17 18:48 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 3/8] package/dash: add /etc/dash " Romain Naour
` (5 subsequent siblings)
7 siblings, 1 reply; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
When ash (busybox) is selected, /bin/{a,hu}sh is not added to /etc/shells
(see man shells). So, login tools like dropbear reject the ssh
connexions for users using {a,hu}sh as shell in /etc/passwd.
buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
v2: add double-dollar after /bin/{a,hu}sh (Yann)
add hush handling
msh has been removed from Busybox 1.28
https://git.busybox.net/busybox/commit/?id=2e989ef232e35750df573898077dd356003705b2
msh is unlikely used.
---
package/busybox/busybox.mk | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
index d0bbd3f..1865306 100644
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -258,6 +258,19 @@ define BUSYBOX_INSTALL_TELNET_SCRIPT
fi
endef
+# Add /bin/{a,hu}sh to /etc/shells otherwise some login tools like dropbear
+# can reject the user connexion. See man shells.
+define BUSYBOX_INSTALL_ADD_TO_SHELLS
+ if grep -q CONFIG_ASH=y $(@D)/.config; then \
+ grep -qsE '^/bin/ash$$' $(TARGET_DIR)/etc/shells \
+ || echo "/bin/ash" >> $(TARGET_DIR)/etc/shells; \
+ fi
+ if grep -q CONFIG_HUSH=y $(@D)/.config; then \
+ grep -qsE '^/bin/hush$$' $(TARGET_DIR)/etc/shells \
+ || echo "/bin/hush" >> $(TARGET_DIR)/etc/shells; \
+ fi
+endef
+
# Enable "noclobber" in install.sh, to prevent BusyBox from overwriting any
# full-blown versions of apps installed by other packages with sym/hard links.
define BUSYBOX_NOCLOBBER_INSTALL
@@ -291,6 +304,7 @@ define BUSYBOX_INSTALL_TARGET_CMDS
$(BUSYBOX_INSTALL_INITTAB)
$(BUSYBOX_INSTALL_UDHCPC_SCRIPT)
$(BUSYBOX_INSTALL_MDEV_CONF)
+ $(BUSYBOX_INSTALL_ADD_TO_SHELLS)
endef
define BUSYBOX_INSTALL_INIT_SYSV
--
2.7.4
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 3/8] package/dash: add /etc/dash to /etc/shells
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
2018-01-17 17:44 ` [Buildroot] [PATCH v2 1/8] package/skeleton-init-common: add /bin/sh to /etc/shells Romain Naour
2018-01-17 17:44 ` [Buildroot] [PATCH v2 2/8] package/busybox: add /bin/{a, hu}sh " Romain Naour
@ 2018-01-17 17:44 ` Romain Naour
2018-01-17 19:19 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 4/8] package/screen: add /usr/bin/screen " Romain Naour
` (4 subsequent siblings)
7 siblings, 1 reply; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
When dash is selected, /bin/dash is not added to /etc/shells
(see man shells). So, login tools like dropbear reject the ssh
connexions for users using dash as shell in /etc/passwd.
buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
v2: add double-dollar after /bin/dash (Yann)
---
package/dash/dash.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/dash/dash.mk b/package/dash/dash.mk
index c8b4164..e39fe0a 100644
--- a/package/dash/dash.mk
+++ b/package/dash/dash.mk
@@ -9,8 +9,12 @@ DASH_SITE = http://gondor.apana.org.au/~herbert/dash/files
DASH_LICENSE = BSD-3-Clause, GPL-2.0+ (mksignames.c)
DASH_LICENSE_FILES = COPYING
+# Add /bin/dash to /etc/shells otherwise some login tools like dropbear
+# can reject the user connexion. See man shells.
define DASH_INSTALL_TARGET_CMDS
$(INSTALL) -m 0755 $(@D)/src/dash $(TARGET_DIR)/bin/dash
+ grep -qsE '^/bin/dash$$' $(TARGET_DIR)/etc/shells \
+ || echo "/bin/dash" >> $(TARGET_DIR)/etc/shells
endef
$(eval $(autotools-package))
--
2.7.4
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 4/8] package/screen: add /usr/bin/screen to /etc/shells
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
` (2 preceding siblings ...)
2018-01-17 17:44 ` [Buildroot] [PATCH v2 3/8] package/dash: add /etc/dash " Romain Naour
@ 2018-01-17 17:44 ` Romain Naour
2018-01-17 19:25 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 5/8] package/tmux: add /usr/bin/tmux " Romain Naour
` (3 subsequent siblings)
7 siblings, 1 reply; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
When screen is selected, /usr/bin/screen is not added to /etc/shells
(see man shells). So, login tools like dropbear reject the ssh
connexions for users using screen as shell in /etc/passwd.
buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
v2: add double-dollar after /usr/bin/screen (Yann)
remove /etc/shells handling from SCREEN_INSTALL_SCREENRC (Yann)
fix conding style (Yann)
---
package/screen/screen.mk | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/package/screen/screen.mk b/package/screen/screen.mk
index 8d67c04..b6428fa 100644
--- a/package/screen/screen.mk
+++ b/package/screen/screen.mk
@@ -17,7 +17,14 @@ SCREEN_INSTALL_TARGET_OPTS = DESTDIR=$(TARGET_DIR) SCREEN=screen install_bin
define SCREEN_INSTALL_SCREENRC
$(INSTALL) -m 0755 -D $(@D)/etc/screenrc $(TARGET_DIR)/etc/screenrc
endef
-
SCREEN_POST_INSTALL_TARGET_HOOKS += SCREEN_INSTALL_SCREENRC
+# Add /usr/bin/screen to /etc/shells otherwise some login tools like dropbear
+# can reject the user connexion. See man shells.
+define SCREEN_INSTALL_ADD_SCREEN_TO_SHELLS
+ grep -qsE '^/usr/bin/screen$$' $(TARGET_DIR)/etc/shells \
+ || echo "/usr/bin/screen" >> $(TARGET_DIR)/etc/shells
+endef
+SCREEN_POST_INSTALL_TARGET_HOOKS += SCREEN_INSTALL_ADD_SCREEN_TO_SHELLS
+
$(eval $(autotools-package))
--
2.7.4
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 5/8] package/tmux: add /usr/bin/tmux to /etc/shells
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
` (3 preceding siblings ...)
2018-01-17 17:44 ` [Buildroot] [PATCH v2 4/8] package/screen: add /usr/bin/screen " Romain Naour
@ 2018-01-17 17:44 ` Romain Naour
2018-01-17 19:25 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 6/8] package/zsh: add /bin/zsh " Romain Naour
` (2 subsequent siblings)
7 siblings, 1 reply; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
When tmux is selected, /usr/bin/tmux is not added to /etc/shells
(see man shells). So, login tools like dropbear reject the ssh
connexions for users using tmux as shell in /etc/passwd.
buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
v2: add double-dollar after /usr/bin/tmux (Yann)
---
package/tmux/tmux.mk | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/package/tmux/tmux.mk b/package/tmux/tmux.mk
index 6e03d01..94833ed 100644
--- a/package/tmux/tmux.mk
+++ b/package/tmux/tmux.mk
@@ -10,4 +10,12 @@ TMUX_LICENSE = ISC
TMUX_LICENSE_FILES = README
TMUX_DEPENDENCIES = libevent ncurses host-pkgconf
+# Add /usr/bin/tmux to /etc/shells otherwise some login tools like dropbear
+# can reject the user connexion. See man shells.
+define TMUX_INSTALL_ADD_TMUX_TO_SHELLS
+ grep -qsE '^/usr/bin/tmux$$' $(TARGET_DIR)/etc/shells \
+ || echo "/usr/bin/tmux" >> $(TARGET_DIR)/etc/shells
+endef
+TMUX_POST_INSTALL_TARGET_HOOKS += TMUX_INSTALL_ADD_TMUX_TO_SHELLS
+
$(eval $(autotools-package))
--
2.7.4
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 6/8] package/zsh: add /bin/zsh to /etc/shells
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
` (4 preceding siblings ...)
2018-01-17 17:44 ` [Buildroot] [PATCH v2 5/8] package/tmux: add /usr/bin/tmux " Romain Naour
@ 2018-01-17 17:44 ` Romain Naour
2018-01-17 19:26 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 7/8] package/mksh: add /bin/mksh " Romain Naour
2018-01-17 17:44 ` [Buildroot] [PATCH v2 8/8] package/bash: add missing double-dollar for /etc/shells Romain Naour
7 siblings, 1 reply; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
When zsh is selected, /bin/zsh is not added to /etc/shells
(see man shells). So, login tools like dropbear reject the ssh
connexions for users using zsh as shell in /etc/passwd.
buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
v2: add double-dollar after /bin/zsh (Yann)
---
package/zsh/zsh.mk | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/package/zsh/zsh.mk b/package/zsh/zsh.mk
index bfd0a1a..3afb467 100644
--- a/package/zsh/zsh.mk
+++ b/package/zsh/zsh.mk
@@ -34,6 +34,14 @@ else
ZSH_CONF_OPTS += --disable-pcre
endif
+# Add /bin/zsh to /etc/shells otherwise some login tools like dropbear
+# can reject the user connexion. See man shells.
+define ZSH_INSTALL_ADD_ZSH_TO_SHELLS
+ grep -qsE '^/bin/zsh$$' $(TARGET_DIR)/etc/shells \
+ || echo "/bin/zsh" >> $(TARGET_DIR)/etc/shells
+endef
+ZSH_POST_INSTALL_TARGET_HOOKS += ZSH_INSTALL_ADD_ZSH_TO_SHELLS
+
# Remove versioned zsh-x.y.z binary taking up space
define ZSH_TARGET_INSTALL_FIXUPS
rm -f $(TARGET_DIR)/bin/zsh-$(ZSH_VERSION)
--
2.7.4
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 7/8] package/mksh: add /bin/mksh to /etc/shells
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
` (5 preceding siblings ...)
2018-01-17 17:44 ` [Buildroot] [PATCH v2 6/8] package/zsh: add /bin/zsh " Romain Naour
@ 2018-01-17 17:44 ` Romain Naour
2018-01-17 19:29 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 8/8] package/bash: add missing double-dollar for /etc/shells Romain Naour
7 siblings, 1 reply; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
When mksh is selected, /bin/mksh is not added to /etc/shells
(see man shells). So, login tools like dropbear reject the ssh
connexions for users using mksh as shell in /etc/passwd.
buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
v2: add double-dollar after /bin/mksh (Yann)
---
package/mksh/mksh.mk | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/package/mksh/mksh.mk b/package/mksh/mksh.mk
index b5706db..9160543 100644
--- a/package/mksh/mksh.mk
+++ b/package/mksh/mksh.mk
@@ -21,4 +21,12 @@ define MKSH_INSTALL_TARGET_CMDS
$(INSTALL) -m 0755 -D $(@D)/mksh $(TARGET_DIR)/bin/mksh
endef
+# Add /bin/mksh to /etc/shells otherwise some login tools like dropbear
+# can reject the user connexion. See man shells.
+define MKSH_INSTALL_ADD_MKSH_TO_SHELLS
+ grep -qsE '^/bin/mksh$$' $(TARGET_DIR)/etc/shells \
+ || echo "/bin/mksh" >> $(TARGET_DIR)/etc/shells
+endef
+MKSH_POST_INSTALL_TARGET_HOOKS += MKSH_INSTALL_ADD_MKSH_TO_SHELLS
+
$(eval $(generic-package))
--
2.7.4
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 8/8] package/bash: add missing double-dollar for /etc/shells
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
` (6 preceding siblings ...)
2018-01-17 17:44 ` [Buildroot] [PATCH v2 7/8] package/mksh: add /bin/mksh " Romain Naour
@ 2018-01-17 17:44 ` Romain Naour
2018-01-17 19:30 ` Yann E. MORIN
7 siblings, 1 reply; 17+ messages in thread
From: Romain Naour @ 2018-01-17 17:44 UTC (permalink / raw)
To: buildroot
Commit 4d279697afbf8fb295274784103be2b837113d5e missed one comment
from Yann E. Morin about the double-dollar.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
package/bash/bash.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/bash/bash.mk b/package/bash/bash.mk
index 03f8f28..ab6b43b 100644
--- a/package/bash/bash.mk
+++ b/package/bash/bash.mk
@@ -46,7 +46,7 @@ define BASH_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
DESTDIR=$(TARGET_DIR) exec_prefix=/ install
rm -f $(TARGET_DIR)/bin/bashbug
- grep -qsE '^/bin/bash' $(TARGET_DIR)/etc/shells \
+ grep -qsE '^/bin/bash$$' $(TARGET_DIR)/etc/shells \
|| echo "/bin/bash" >> $(TARGET_DIR)/etc/shells
endef
--
2.7.4
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 1/8] package/skeleton-init-common: add /bin/sh to /etc/shells
2018-01-17 17:44 ` [Buildroot] [PATCH v2 1/8] package/skeleton-init-common: add /bin/sh to /etc/shells Romain Naour
@ 2018-01-17 18:44 ` Yann E. MORIN
0 siblings, 0 replies; 17+ messages in thread
From: Yann E. MORIN @ 2018-01-17 18:44 UTC (permalink / raw)
To: buildroot
Romain, All,
On 2018-01-17 18:44 +0100, Romain Naour spake thusly:
> Add the default shell /bin/sh to /etc/shells only if BR2_SYSTEM_BIN_SH_NONE
> is not selected.
>
> Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Regards,
Yann E. MORIN.
> ---
> v2: add double-dollar after /bin/sh (Yann)
> remove empty /etc/shells from skeleton (Yann, Peter)
> move the hook right after it's defined (Yann)
> ---
> package/skeleton-init-common/skeleton-init-common.mk | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/package/skeleton-init-common/skeleton-init-common.mk b/package/skeleton-init-common/skeleton-init-common.mk
> index 8228a81..03cb744 100644
> --- a/package/skeleton-init-common/skeleton-init-common.mk
> +++ b/package/skeleton-init-common/skeleton-init-common.mk
> @@ -79,6 +79,13 @@ define SKELETON_INIT_COMMON_SET_BIN_SH
> rm -f $(TARGET_DIR)/bin/sh
> endef
> else
> +# Add /bin/sh to /etc/shells otherwise some login tools like dropbear
> +# can reject the user connexion. See man shells.
> +define SKELETON_INIT_COMMON_ADD_SH_TO_SHELLS
> + grep -qsE '^/bin/sh$$' $(TARGET_DIR)/etc/shells \
> + || echo "/bin/sh" >> $(TARGET_DIR)/etc/shells
> +endef
> +SKELETON_INIT_COMMON_POST_INSTALL_TARGET_HOOKS += SKELETON_INIT_COMMON_ADD_SH_TO_SHELLS
> ifneq ($(SKELETON_INIT_COMMON_BIN_SH),)
> define SKELETON_INIT_COMMON_SET_BIN_SH
> ln -sf $(SKELETON_INIT_COMMON_BIN_SH) $(TARGET_DIR)/bin/sh
> --
> 2.7.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 2/8] package/busybox: add /bin/{a, hu}sh to /etc/shells
2018-01-17 17:44 ` [Buildroot] [PATCH v2 2/8] package/busybox: add /bin/{a, hu}sh " Romain Naour
@ 2018-01-17 18:48 ` Yann E. MORIN
0 siblings, 0 replies; 17+ messages in thread
From: Yann E. MORIN @ 2018-01-17 18:48 UTC (permalink / raw)
To: buildroot
Romain, All,
On 2018-01-17 18:44 +0100, Romain Naour spake thusly:
> When ash (busybox) is selected, /bin/{a,hu}sh is not added to /etc/shells
> (see man shells). So, login tools like dropbear reject the ssh
> connexions for users using {a,hu}sh as shell in /etc/passwd.
>
> buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
>
> Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Yet, a comment, see below...
> ---
> v2: add double-dollar after /bin/{a,hu}sh (Yann)
> add hush handling
> msh has been removed from Busybox 1.28
> https://git.busybox.net/busybox/commit/?id=2e989ef232e35750df573898077dd356003705b2
> msh is unlikely used.
> ---
> package/busybox/busybox.mk | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
> index d0bbd3f..1865306 100644
> --- a/package/busybox/busybox.mk
> +++ b/package/busybox/busybox.mk
> @@ -258,6 +258,19 @@ define BUSYBOX_INSTALL_TELNET_SCRIPT
> fi
> endef
>
> +# Add /bin/{a,hu}sh to /etc/shells otherwise some login tools like dropbear
> +# can reject the user connexion. See man shells.
> +define BUSYBOX_INSTALL_ADD_TO_SHELLS
> + if grep -q CONFIG_ASH=y $(@D)/.config; then \
Idealy, I would have also ensured that the pattern is anchored to the
beining (and end) of the line:
if grep -qsE '^CONFIG_ASH=y$$' $(@D)/.config; then \
But in practice, I don't think it is necessary. Hence my acked-by.
> + grep -qsE '^/bin/ash$$' $(TARGET_DIR)/etc/shells \
> + || echo "/bin/ash" >> $(TARGET_DIR)/etc/shells; \
> + fi
> + if grep -q CONFIG_HUSH=y $(@D)/.config; then \
Ditto.
Regards,
Yann E. MORIN.
> + grep -qsE '^/bin/hush$$' $(TARGET_DIR)/etc/shells \
> + || echo "/bin/hush" >> $(TARGET_DIR)/etc/shells; \
> + fi
> +endef
> +
> # Enable "noclobber" in install.sh, to prevent BusyBox from overwriting any
> # full-blown versions of apps installed by other packages with sym/hard links.
> define BUSYBOX_NOCLOBBER_INSTALL
> @@ -291,6 +304,7 @@ define BUSYBOX_INSTALL_TARGET_CMDS
> $(BUSYBOX_INSTALL_INITTAB)
> $(BUSYBOX_INSTALL_UDHCPC_SCRIPT)
> $(BUSYBOX_INSTALL_MDEV_CONF)
> + $(BUSYBOX_INSTALL_ADD_TO_SHELLS)
> endef
>
> define BUSYBOX_INSTALL_INIT_SYSV
> --
> 2.7.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 3/8] package/dash: add /etc/dash to /etc/shells
2018-01-17 17:44 ` [Buildroot] [PATCH v2 3/8] package/dash: add /etc/dash " Romain Naour
@ 2018-01-17 19:19 ` Yann E. MORIN
0 siblings, 0 replies; 17+ messages in thread
From: Yann E. MORIN @ 2018-01-17 19:19 UTC (permalink / raw)
To: buildroot
Romain, All,
On 2018-01-17 18:44 +0100, Romain Naour spake thusly:
> When dash is selected, /bin/dash is not added to /etc/shells
> (see man shells). So, login tools like dropbear reject the ssh
> connexions for users using dash as shell in /etc/passwd.
>
> buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
>
> Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Regards,
Yann E. MORIN.
> ---
> v2: add double-dollar after /bin/dash (Yann)
> ---
> package/dash/dash.mk | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/package/dash/dash.mk b/package/dash/dash.mk
> index c8b4164..e39fe0a 100644
> --- a/package/dash/dash.mk
> +++ b/package/dash/dash.mk
> @@ -9,8 +9,12 @@ DASH_SITE = http://gondor.apana.org.au/~herbert/dash/files
> DASH_LICENSE = BSD-3-Clause, GPL-2.0+ (mksignames.c)
> DASH_LICENSE_FILES = COPYING
>
> +# Add /bin/dash to /etc/shells otherwise some login tools like dropbear
> +# can reject the user connexion. See man shells.
> define DASH_INSTALL_TARGET_CMDS
> $(INSTALL) -m 0755 $(@D)/src/dash $(TARGET_DIR)/bin/dash
> + grep -qsE '^/bin/dash$$' $(TARGET_DIR)/etc/shells \
> + || echo "/bin/dash" >> $(TARGET_DIR)/etc/shells
> endef
>
> $(eval $(autotools-package))
> --
> 2.7.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 4/8] package/screen: add /usr/bin/screen to /etc/shells
2018-01-17 17:44 ` [Buildroot] [PATCH v2 4/8] package/screen: add /usr/bin/screen " Romain Naour
@ 2018-01-17 19:25 ` Yann E. MORIN
0 siblings, 0 replies; 17+ messages in thread
From: Yann E. MORIN @ 2018-01-17 19:25 UTC (permalink / raw)
To: buildroot
Romain, All,
On 2018-01-17 18:44 +0100, Romain Naour spake thusly:
> When screen is selected, /usr/bin/screen is not added to /etc/shells
> (see man shells). So, login tools like dropbear reject the ssh
> connexions for users using screen as shell in /etc/passwd.
>
> buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
>
> Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Yet, a comment below...
> ---
> v2: add double-dollar after /usr/bin/screen (Yann)
> remove /etc/shells handling from SCREEN_INSTALL_SCREENRC (Yann)
> fix conding style (Yann)
> ---
> package/screen/screen.mk | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/package/screen/screen.mk b/package/screen/screen.mk
> index 8d67c04..b6428fa 100644
> --- a/package/screen/screen.mk
> +++ b/package/screen/screen.mk
> @@ -17,7 +17,14 @@ SCREEN_INSTALL_TARGET_OPTS = DESTDIR=$(TARGET_DIR) SCREEN=screen install_bin
> define SCREEN_INSTALL_SCREENRC
> $(INSTALL) -m 0755 -D $(@D)/etc/screenrc $(TARGET_DIR)/etc/screenrc
> endef
Spurious removal of empty line.
I personally prefer when there is no empty line between the hook
definition and its registration, but we are not consistent throughout
the tree.
But since this file had pre-existing empty liens, it is better to keep
it as-is.
But my ack still stands as I prefer it that way! ;-)
Regards,
Yann E. MORIN.
> -
> SCREEN_POST_INSTALL_TARGET_HOOKS += SCREEN_INSTALL_SCREENRC
>
> +# Add /usr/bin/screen to /etc/shells otherwise some login tools like dropbear
> +# can reject the user connexion. See man shells.
> +define SCREEN_INSTALL_ADD_SCREEN_TO_SHELLS
> + grep -qsE '^/usr/bin/screen$$' $(TARGET_DIR)/etc/shells \
> + || echo "/usr/bin/screen" >> $(TARGET_DIR)/etc/shells
> +endef
> +SCREEN_POST_INSTALL_TARGET_HOOKS += SCREEN_INSTALL_ADD_SCREEN_TO_SHELLS
> +
> $(eval $(autotools-package))
> --
> 2.7.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 5/8] package/tmux: add /usr/bin/tmux to /etc/shells
2018-01-17 17:44 ` [Buildroot] [PATCH v2 5/8] package/tmux: add /usr/bin/tmux " Romain Naour
@ 2018-01-17 19:25 ` Yann E. MORIN
0 siblings, 0 replies; 17+ messages in thread
From: Yann E. MORIN @ 2018-01-17 19:25 UTC (permalink / raw)
To: buildroot
Romain, All,
On 2018-01-17 18:44 +0100, Romain Naour spake thusly:
> When tmux is selected, /usr/bin/tmux is not added to /etc/shells
> (see man shells). So, login tools like dropbear reject the ssh
> connexions for users using tmux as shell in /etc/passwd.
>
> buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
>
> Signed-off-by: Romain Naour <romain.naour@smile.fr>
> Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Regards,
Yann E. MORIN.
> ---
> v2: add double-dollar after /usr/bin/tmux (Yann)
> ---
> package/tmux/tmux.mk | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/package/tmux/tmux.mk b/package/tmux/tmux.mk
> index 6e03d01..94833ed 100644
> --- a/package/tmux/tmux.mk
> +++ b/package/tmux/tmux.mk
> @@ -10,4 +10,12 @@ TMUX_LICENSE = ISC
> TMUX_LICENSE_FILES = README
> TMUX_DEPENDENCIES = libevent ncurses host-pkgconf
>
> +# Add /usr/bin/tmux to /etc/shells otherwise some login tools like dropbear
> +# can reject the user connexion. See man shells.
> +define TMUX_INSTALL_ADD_TMUX_TO_SHELLS
> + grep -qsE '^/usr/bin/tmux$$' $(TARGET_DIR)/etc/shells \
> + || echo "/usr/bin/tmux" >> $(TARGET_DIR)/etc/shells
> +endef
> +TMUX_POST_INSTALL_TARGET_HOOKS += TMUX_INSTALL_ADD_TMUX_TO_SHELLS
> +
> $(eval $(autotools-package))
> --
> 2.7.4
>
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 6/8] package/zsh: add /bin/zsh to /etc/shells
2018-01-17 17:44 ` [Buildroot] [PATCH v2 6/8] package/zsh: add /bin/zsh " Romain Naour
@ 2018-01-17 19:26 ` Yann E. MORIN
0 siblings, 0 replies; 17+ messages in thread
From: Yann E. MORIN @ 2018-01-17 19:26 UTC (permalink / raw)
To: buildroot
Romain, All,
On 2018-01-17 18:44 +0100, Romain Naour spake thusly:
> When zsh is selected, /bin/zsh is not added to /etc/shells
> (see man shells). So, login tools like dropbear reject the ssh
> connexions for users using zsh as shell in /etc/passwd.
>
> buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
>
> Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Regards,
Yann E. MORIN.
> ---
> v2: add double-dollar after /bin/zsh (Yann)
> ---
> package/zsh/zsh.mk | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/package/zsh/zsh.mk b/package/zsh/zsh.mk
> index bfd0a1a..3afb467 100644
> --- a/package/zsh/zsh.mk
> +++ b/package/zsh/zsh.mk
> @@ -34,6 +34,14 @@ else
> ZSH_CONF_OPTS += --disable-pcre
> endif
>
> +# Add /bin/zsh to /etc/shells otherwise some login tools like dropbear
> +# can reject the user connexion. See man shells.
> +define ZSH_INSTALL_ADD_ZSH_TO_SHELLS
> + grep -qsE '^/bin/zsh$$' $(TARGET_DIR)/etc/shells \
> + || echo "/bin/zsh" >> $(TARGET_DIR)/etc/shells
> +endef
> +ZSH_POST_INSTALL_TARGET_HOOKS += ZSH_INSTALL_ADD_ZSH_TO_SHELLS
> +
> # Remove versioned zsh-x.y.z binary taking up space
> define ZSH_TARGET_INSTALL_FIXUPS
> rm -f $(TARGET_DIR)/bin/zsh-$(ZSH_VERSION)
> --
> 2.7.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 7/8] package/mksh: add /bin/mksh to /etc/shells
2018-01-17 17:44 ` [Buildroot] [PATCH v2 7/8] package/mksh: add /bin/mksh " Romain Naour
@ 2018-01-17 19:29 ` Yann E. MORIN
0 siblings, 0 replies; 17+ messages in thread
From: Yann E. MORIN @ 2018-01-17 19:29 UTC (permalink / raw)
To: buildroot
Romain, All,
On 2018-01-17 18:44 +0100, Romain Naour spake thusly:
> When mksh is selected, /bin/mksh is not added to /etc/shells
> (see man shells). So, login tools like dropbear reject the ssh
> connexions for users using mksh as shell in /etc/passwd.
>
> buildroot authpriv.warn dropbear[853]: User 'kubu' has invalid shell, rejected
>
> Signed-off-by: Romain Naour <romain.naour@smile.fr>
> ---
> v2: add double-dollar after /bin/mksh (Yann)
> ---
> package/mksh/mksh.mk | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/package/mksh/mksh.mk b/package/mksh/mksh.mk
> index b5706db..9160543 100644
> --- a/package/mksh/mksh.mk
> +++ b/package/mksh/mksh.mk
> @@ -21,4 +21,12 @@ define MKSH_INSTALL_TARGET_CMDS
> $(INSTALL) -m 0755 -D $(@D)/mksh $(TARGET_DIR)/bin/mksh
> endef
>
> +# Add /bin/mksh to /etc/shells otherwise some login tools like dropbear
> +# can reject the user connexion. See man shells.
> +define MKSH_INSTALL_ADD_MKSH_TO_SHELLS
> + grep -qsE '^/bin/mksh$$' $(TARGET_DIR)/etc/shells \
> + || echo "/bin/mksh" >> $(TARGET_DIR)/etc/shells
> +endef
> +MKSH_POST_INSTALL_TARGET_HOOKS += MKSH_INSTALL_ADD_MKSH_TO_SHELLS
Since mksh is a generic package, you could just include that code
within MKSH_ISNTALL_TARGET_CMDS, and do without the hook:
define MKSH_INSTALL_TARGET_CMDS
$(INSTALL) -m 0755 -D $(@D)/mksh $(TARGET_DIR)/bin/mksh
grep -qsE '^/bin/mksh$$' $(TARGET_DIR)/etc/shells \
|| echo "/bin/mksh" >> $(TARGET_DIR)/etc/shells
endef
Regards,
Yann E. MORIN.
> $(eval $(generic-package))
> --
> 2.7.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v2 8/8] package/bash: add missing double-dollar for /etc/shells
2018-01-17 17:44 ` [Buildroot] [PATCH v2 8/8] package/bash: add missing double-dollar for /etc/shells Romain Naour
@ 2018-01-17 19:30 ` Yann E. MORIN
0 siblings, 0 replies; 17+ messages in thread
From: Yann E. MORIN @ 2018-01-17 19:30 UTC (permalink / raw)
To: buildroot
Romain, All,
On 2018-01-17 18:44 +0100, Romain Naour spake thusly:
> Commit 4d279697afbf8fb295274784103be2b837113d5e missed one comment
> from Yann E. Morin about the double-dollar.
>
> Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Regards,
Yann E. MORIN.
> ---
> package/bash/bash.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/package/bash/bash.mk b/package/bash/bash.mk
> index 03f8f28..ab6b43b 100644
> --- a/package/bash/bash.mk
> +++ b/package/bash/bash.mk
> @@ -46,7 +46,7 @@ define BASH_INSTALL_TARGET_CMDS
> $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
> DESTDIR=$(TARGET_DIR) exec_prefix=/ install
> rm -f $(TARGET_DIR)/bin/bashbug
> - grep -qsE '^/bin/bash' $(TARGET_DIR)/etc/shells \
> + grep -qsE '^/bin/bash$$' $(TARGET_DIR)/etc/shells \
> || echo "/bin/bash" >> $(TARGET_DIR)/etc/shells
> endef
>
> --
> 2.7.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2018-01-17 19:30 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-17 17:44 [Buildroot] [PATCH v2 0/8] Add /etc/shells handling Romain Naour
2018-01-17 17:44 ` [Buildroot] [PATCH v2 1/8] package/skeleton-init-common: add /bin/sh to /etc/shells Romain Naour
2018-01-17 18:44 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 2/8] package/busybox: add /bin/{a, hu}sh " Romain Naour
2018-01-17 18:48 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 3/8] package/dash: add /etc/dash " Romain Naour
2018-01-17 19:19 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 4/8] package/screen: add /usr/bin/screen " Romain Naour
2018-01-17 19:25 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 5/8] package/tmux: add /usr/bin/tmux " Romain Naour
2018-01-17 19:25 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 6/8] package/zsh: add /bin/zsh " Romain Naour
2018-01-17 19:26 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 7/8] package/mksh: add /bin/mksh " Romain Naour
2018-01-17 19:29 ` Yann E. MORIN
2018-01-17 17:44 ` [Buildroot] [PATCH v2 8/8] package/bash: add missing double-dollar for /etc/shells Romain Naour
2018-01-17 19:30 ` Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.