From: Johan Oudinet <johan.oudinet@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] Proposed patch: allow setting an hashed root password
Date: Mon, 23 Mar 2015 12:05:37 +0100 [thread overview]
Message-ID: <CAJtjsKZU3p5ScRQH2b+pLPLqP6z82BHeWizHu43EAzBR1N-KXA@mail.gmail.com> (raw)
In-Reply-To: <20150322225625.GB26325@free.fr>
Lorenze, Yann, All,
On Sun, Mar 22, 2015 at 11:56 PM, Yann E. MORIN <yann.morin.1998@free.fr> wrote:
>
> Alternatively, you could also tweak the root password from a post-build
> script, see BR2_ROOTFS_POST_BUILD_SCRIPT:
> http://buildroot.net/downloads/manual/manual.html#rootfs-custom
>
> script which could look something like:
>
> #!/bin/sh
> PASSWD='your-encoded-password'
> sed -r -i -e "s/^root:[^:]+:/root:${PASSWD}:/" "${TARGET_DIR}/etc/passwd"
>
> And in the end, I wonder if that would not be the best option...
>
This is the solution we do internally. I'm not sure how hard it is for
us to send it upstream as it implies several changes. I'll look into
it this week.
Basically, we have a script to ease the access to BR2_* variables
inside post_build scripts, then we have a post_build script that looks
to BR2_TARGET_GENERIC_ROOT_PASSWD and:
- if it's empty, it does nothing;
- if it starts by $1$, $5$, or $6$, it assumes it is already
encrypted, and skip the encoding part
- otherwise, first it encodes it by calling mkpasswd with the
BR2_TARGET_GENERIC_PASSWD_METHOD method, then it replaces the second
field of the root user in the /etc/shadow file
So, one can either put a password in clear text in the .config or an
already encrypted password, which allows us to share a defconfig with
a non-empty password for root.
Best regards,
--
Johan
next prev parent reply other threads:[~2015-03-23 11:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-22 15:09 [Buildroot] Proposed patch: allow setting an hashed root password Lorenzo Catucci
2015-03-22 16:00 ` Yann E. MORIN
2015-03-22 16:14 ` Arnout Vandecappelle
2015-03-22 17:31 ` Yann E. MORIN
[not found] ` <550F3EDE.8090106@ccd.uniroma2.it>
2015-03-22 22:56 ` Yann E. MORIN
2015-03-23 11:05 ` Johan Oudinet [this message]
2015-03-23 18:48 ` Yann E. MORIN
2015-03-23 23:30 ` [Buildroot] [PATCH v2] Restructure root password handling Lorenzo M. Catucci
2015-03-24 12:13 ` [Buildroot] [PATCH v3] " Lorenzo M. Catucci
2015-03-24 18:56 ` Yann E. MORIN
2015-03-24 0:03 ` [Buildroot] Proposed patch: allow setting an hashed root password Lorenzo M. Catucci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJtjsKZU3p5ScRQH2b+pLPLqP6z82BHeWizHu43EAzBR1N-KXA@mail.gmail.com \
--to=johan.oudinet@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.