[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

openwrt at daniel.thecshore.com openwrt at daniel.thecshore.com
Wed Dec 16 09:59:15 EST 2015


From: Daniel Dickinson <openwrt at daniel.thecshore.com>

Some devices like generic PC's and Raspberry Pi/Pi2 are much more trivial to
get hardware console access than a typical router scenario and therefore really
ought to require login even on hardware console rather than a hardware console
granting passwordless root access.

Since we're at it, we also make requiring login on hardware console an
easily configured build-time option.

Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
---
 config/Config-build.in                             | 17 ++++++++++++++++
 package/base-files/Makefile                        | 23 +++++++++++++++++++++-
 package/utils/busybox/Config-defaults.in           |  3 +++
 .../linux/adm5120/base-files-console/etc/inittab   |  5 +++++
 .../base-files-console/etc/uci-defaults/inittab    |  6 ++++++
 .../linux/brcm2708/base-files-console/etc/inittab  |  4 ++++
 .../linux/ipq806x/base-files-console/etc/inittab   |  4 ++++
 target/linux/lantiq/base-files-console/etc/inittab |  3 +++
 target/linux/malta/base-files-console/etc/inittab  |  7 +++++++
 .../linux/mediatek/base-files-console/etc/inittab  |  3 +++
 target/linux/mxs/base-files-console/etc/inittab    |  3 +++
 target/linux/omap/base-files-console/etc/inittab   |  5 +++++
 .../linux/omap24xx/base-files-console/etc/inittab  |  5 +++++
 target/linux/ppc44x/base-files-console/etc/inittab |  4 ++++
 .../linux/realview/base-files-console/etc/inittab  |  5 +++++
 target/linux/sunxi/base-files-console/etc/inittab  |  5 +++++
 target/linux/x86/base-files-console/etc/inittab    |  4 ++++
 17 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 target/linux/adm5120/base-files-console/etc/inittab
 create mode 100644 target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
 create mode 100644 target/linux/brcm2708/base-files-console/etc/inittab
 create mode 100644 target/linux/ipq806x/base-files-console/etc/inittab
 create mode 100644 target/linux/lantiq/base-files-console/etc/inittab
 create mode 100644 target/linux/malta/base-files-console/etc/inittab
 create mode 100644 target/linux/mediatek/base-files-console/etc/inittab
 create mode 100644 target/linux/mxs/base-files-console/etc/inittab
 create mode 100644 target/linux/omap/base-files-console/etc/inittab
 create mode 100644 target/linux/omap24xx/base-files-console/etc/inittab
 create mode 100644 target/linux/ppc44x/base-files-console/etc/inittab
 create mode 100644 target/linux/realview/base-files-console/etc/inittab
 create mode 100644 target/linux/sunxi/base-files-console/etc/inittab
 create mode 100644 target/linux/x86/base-files-console/etc/inittab

diff --git a/config/Config-build.in b/config/Config-build.in
index 1a35c5d..f975d45 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -75,6 +75,23 @@ menu "Global build settings"
                   encrypted and unencrypted flavours, even when the encryption library
                   is a 'heavier' one such as OpenSSL.
 
+	config CONSOLE_LOGIN
+		bool
+		prompt "Require login even on hardware/serial console"
+		default y if (TARGET_x86_generic || TARGET_x86_64 || TARGET_brcm2708)
+		default n
+		help
+		  Enables Busybox applets getty and login and uses them instead of default
+		  respawn of ash on hardware/serial consoles.  This is made the default for
+		  targets which are fairly easy to gain hardware console access compared to
+		  a typical router (which generally require more electronics skill or at least
+                  equipment that than is common except with electronics enthusiasts and
+                  professionals).  This includes the Raspberry Pi/Pi2 (built in HDMI and USB
+		  support making adding a console trivial), and *generic* x86 32-bit and 
+		  64-bit systems (typically physical PCs for which it is also usually trivial
+                  to add a keyboard and monitor without even rebooting).
+
+
 	comment "Kernel build options"
 
 	source "config/Config-kernel.in"
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index 1367fa9..b4fe806 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -112,25 +112,46 @@ define Package/base-files/install
 	if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
 		$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
 	fi
+	$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(GENERIC_PLATFORM_DIR)/base-files-console/. ]; then \
+		$(CP) $(GENERIC_PLATFORM_DIR)/base-files-console/* $(1)/; \
+	fi)
 	if [ -d $(PLATFORM_DIR)/base-files/. ]; then \
 		$(CP) $(PLATFORM_DIR)/base-files/* $(1)/; \
 	fi
+	$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_DIR)/base-files-console/. ]; then \
+		$(CP) $(PLATFORM_DIR)/base-files-console/* $(1)/; \
+	fi)
 	if [ -d $(PLATFORM_DIR)/base-files-$(PROFILE)/. ]; then \
 		$(CP) $(PLATFORM_DIR)/base-files-$(PROFILE)/* $(1)/; \
 	fi
+	$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_DIR)/base-files-console-$(PROFILE)/. ]; then \
+		$(CP) $(PLATFORM_DIR)/base-files-console-$(PROFILE)/* $(1)/; \
+	fi)
 	if [ -d $(PLATFORM_DIR)/$(PROFILE)/base-files/. ]; then \
 		$(CP) $(PLATFORM_DIR)/$(PROFILE)/base-files/* $(1)/; \
 	fi
+	$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_DIR)/$(PROFILE)/base-files-console/. ]; then \
+		$(CP) $(PLATFORM_DIR)/$(PROFILE)/base-files-console/* $(1)/; \
+	fi)
 	$(if $(filter-out $(PLATFORM_DIR),$(PLATFORM_SUBDIR)), \
 		if [ -d $(PLATFORM_SUBDIR)/base-files/. ]; then \
 			$(CP) $(PLATFORM_SUBDIR)/base-files/* $(1)/; \
 		fi; \
+		$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_SUBDIR)/base-files-console/. ]; then \
+			$(CP) $(PLATFORM_SUBDIR)/base-files-console/* $(1)/; \
+		fi;) \
 		if [ -d $(PLATFORM_SUBDIR)/base-files-$(PROFILE)/. ]; then \
 			$(CP) $(PLATFORM_SUBDIR)/base-files-$(PROFILE)/* $(1)/; \
 		fi; \
+		$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_SUBDIR)/base-files-$(PROFILE)-console/. ]; then \
+			$(CP) $(PLATFORM_SUBDIR)/base-files-console-$(PROFILE)/* $(1)/; \
+		fi;) \
 		if [ -d $(PLATFORM_SUBDIR)/$(PROFILE)/base-files/. ]; then \
 			$(CP) $(PLATFORM_SUBDIR)/$(PROFILE)/base-files/* $(1)/; \
-		fi \
+		fi; \
+		$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_SUBDIR)/$(PROFILE)/base-files-console/. ]; then \
+			$(CP) $(PLATFORM_SUBDIR)/$(PROFILE)/base-files-console/* $(1)/; \
+		fi) \
 	)
 
 	$(VERSION_SED) \
diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in
index 7a7b4a6..0986302 100644
--- a/package/utils/busybox/Config-defaults.in
+++ b/package/utils/busybox/Config-defaults.in
@@ -1210,12 +1210,15 @@ config BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
 	default n
 config BUSYBOX_DEFAULT_GETTY
 	bool
+	default y if CONSOLE_LOGIN
 	default n
 config BUSYBOX_DEFAULT_LOGIN
 	bool
+	default y if CONSOLE_LOGIN
 	default n
 config BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD
 	bool
+	default y if CONSOLE_LOGIN
 	default n
 config BUSYBOX_DEFAULT_LOGIN_SCRIPTS
 	bool
diff --git a/target/linux/adm5120/base-files-console/etc/inittab b/target/linux/adm5120/base-files-console/etc/inittab
new file mode 100644
index 0000000..fb677d6
--- /dev/null
+++ b/target/linux/adm5120/base-files-console/etc/inittab
@@ -0,0 +1,5 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+tts/0::respawn:/sbin/getty -L 115200 tts/0
+ttyAM0::respawn:/sbin/getty -L 115200 ttyAM0
+tty1::respawn:/sbin/getty -L 115200 tty1
diff --git a/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab b/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
new file mode 100644
index 0000000..97a31b1
--- /dev/null
+++ b/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+CONSOLE="$(sed -e 's/^.*console=\(.*\),[0-9][0-9]*.*$/\1/' /proc/cmdline)"
+SPEED="$(sed -e 's/^.*console=.*,\([0-9][0-9]*\).*$/\2/' /proc/cmdline)"
+sed -i -e "s/::askconsole:\/bin\/ash --login/${CONSOLE:-ttyS0}::respawn:\/sbin\/getty -L ${SPEED:-115200} ${CONSOLE:-ttyS0}/" /etc/inittab
+
diff --git a/target/linux/brcm2708/base-files-console/etc/inittab b/target/linux/brcm2708/base-files-console/etc/inittab
new file mode 100644
index 0000000..4e62ec9
--- /dev/null
+++ b/target/linux/brcm2708/base-files-console/etc/inittab
@@ -0,0 +1,4 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
+tty1::respawn:/sbin/getty -L 115200 tty1
diff --git a/target/linux/ipq806x/base-files-console/etc/inittab b/target/linux/ipq806x/base-files-console/etc/inittab
new file mode 100644
index 0000000..3886602
--- /dev/null
+++ b/target/linux/ipq806x/base-files-console/etc/inittab
@@ -0,0 +1,4 @@
+# Copyright (c) 2013 The Linux Foundation. All rights reserved.
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+ttyMSM0::respawn:/sbin/getty -L 115200 ttyMSM0
diff --git a/target/linux/lantiq/base-files-console/etc/inittab b/target/linux/lantiq/base-files-console/etc/inittab
new file mode 100644
index 0000000..5e9d0ca
--- /dev/null
+++ b/target/linux/lantiq/base-files-console/etc/inittab
@@ -0,0 +1,3 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K stop
+ttyLTQ0::respawn:/sbin/getty -L 11520 ttyLTQ0
diff --git a/target/linux/malta/base-files-console/etc/inittab b/target/linux/malta/base-files-console/etc/inittab
new file mode 100644
index 0000000..5fb3c2f
--- /dev/null
+++ b/target/linux/malta/base-files-console/etc/inittab
@@ -0,0 +1,7 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+tts/0::respawn:/sbin/getty -L 115200 tts/0
+ttyS0::respawn:/sbin/getty -L 115200 ttyS0
+ttyS1::respawn:/sbin/getty -L 115200 ttyS1
+ttyS2::respawn:/sbin/getty -L 115200 ttyS2
+tty1::respawn:/sbin/getty -L 115200 tty1
diff --git a/target/linux/mediatek/base-files-console/etc/inittab b/target/linux/mediatek/base-files-console/etc/inittab
new file mode 100644
index 0000000..2f00c85
--- /dev/null
+++ b/target/linux/mediatek/base-files-console/etc/inittab
@@ -0,0 +1,3 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+ttyS0::respawn:/sbin/getty -L 115200 ttyS0
diff --git a/target/linux/mxs/base-files-console/etc/inittab b/target/linux/mxs/base-files-console/etc/inittab
new file mode 100644
index 0000000..f66e29c
--- /dev/null
+++ b/target/linux/mxs/base-files-console/etc/inittab
@@ -0,0 +1,3 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
diff --git a/target/linux/omap/base-files-console/etc/inittab b/target/linux/omap/base-files-console/etc/inittab
new file mode 100644
index 0000000..69a7f69
--- /dev/null
+++ b/target/linux/omap/base-files-console/etc/inittab
@@ -0,0 +1,5 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+ttyO0::respawn:/sbin/getty -L 115200 ttyO0
+ttyO2::respawn:/sbin/getty -L 115200 ttyO2
+tty1::respawn:/sbin/getty -L 115200 tty1
diff --git a/target/linux/omap24xx/base-files-console/etc/inittab b/target/linux/omap24xx/base-files-console/etc/inittab
new file mode 100644
index 0000000..bf19849
--- /dev/null
+++ b/target/linux/omap24xx/base-files-console/etc/inittab
@@ -0,0 +1,5 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+tts/0::respawn:/sbin/getty -L 115200 tts/0
+ttyO2::respawn:/sbin/getty -L 115200 ttyO2
+tty1::respawn:/sbin/getty -L 115200 tty1
diff --git a/target/linux/ppc44x/base-files-console/etc/inittab b/target/linux/ppc44x/base-files-console/etc/inittab
new file mode 100644
index 0000000..23206fa
--- /dev/null
+++ b/target/linux/ppc44x/base-files-console/etc/inittab
@@ -0,0 +1,4 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+ttyS0::respawn:/sbin/getty -L 115200 ttyS0
+ttyS1::respawn:/sbin/getty -L 115200 ttyS1
diff --git a/target/linux/realview/base-files-console/etc/inittab b/target/linux/realview/base-files-console/etc/inittab
new file mode 100644
index 0000000..a14f90f
--- /dev/null
+++ b/target/linux/realview/base-files-console/etc/inittab
@@ -0,0 +1,5 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+tts/0::respawn:/sbin/getty -L 115200 tts/0
+ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
+tty1::respawn:/sbin/getty -L 115200 tty1
diff --git a/target/linux/sunxi/base-files-console/etc/inittab b/target/linux/sunxi/base-files-console/etc/inittab
new file mode 100644
index 0000000..b4c80de
--- /dev/null
+++ b/target/linux/sunxi/base-files-console/etc/inittab
@@ -0,0 +1,5 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+tts/0::respawn:/sbin/getty -L 115200 tts/0
+ttyS0::respawn:/sbin/getty -L 115200 ttyS0
+tty1::respawn:/sbin/getty -L 115200 tty1
diff --git a/target/linux/x86/base-files-console/etc/inittab b/target/linux/x86/base-files-console/etc/inittab
new file mode 100644
index 0000000..060cd53
--- /dev/null
+++ b/target/linux/x86/base-files-console/etc/inittab
@@ -0,0 +1,4 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+ttyS0::respawn:/sbin/getty -L 115200 ttyS0
+tty1::respawn:/sbin/getty -L 115200 tty1
-- 
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list