[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

Daniel Dickinson openwrt at daniel.thecshore.com
Wed Dec 23 01:58:59 EST 2015


I am reworking this (requiring console login) as couple of packages for 
the packages feed, although it may require an image.mk or packages 
Makefile hook in order to embed an appropriate inittab into the image 
(since the inittab will need to be modified and we need to guarantee the 
correct order of actions; and inittab comes from base-files which is 
last thing done in the packages Makefile).

Regards,

Daniel

On 16/12/15 09:59 AM, openwrt at daniel.thecshore.com wrote:
> From: Daniel Dickinson <openwrt at daniel.thecshore.com>
>
> Some devices like generic PC's and Raspberry Pi/Pi2 are much more trivial to
> get hardware console access than a typical router scenario and therefore really
> ought to require login even on hardware console rather than a hardware console
> granting passwordless root access.
>
> Since we're at it, we also make requiring login on hardware console an
> easily configured build-time option.
>
> Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
> ---
>   config/Config-build.in                             | 17 ++++++++++++++++
>   package/base-files/Makefile                        | 23 +++++++++++++++++++++-
>   package/utils/busybox/Config-defaults.in           |  3 +++
>   .../linux/adm5120/base-files-console/etc/inittab   |  5 +++++
>   .../base-files-console/etc/uci-defaults/inittab    |  6 ++++++
>   .../linux/brcm2708/base-files-console/etc/inittab  |  4 ++++
>   .../linux/ipq806x/base-files-console/etc/inittab   |  4 ++++
>   target/linux/lantiq/base-files-console/etc/inittab |  3 +++
>   target/linux/malta/base-files-console/etc/inittab  |  7 +++++++
>   .../linux/mediatek/base-files-console/etc/inittab  |  3 +++
>   target/linux/mxs/base-files-console/etc/inittab    |  3 +++
>   target/linux/omap/base-files-console/etc/inittab   |  5 +++++
>   .../linux/omap24xx/base-files-console/etc/inittab  |  5 +++++
>   target/linux/ppc44x/base-files-console/etc/inittab |  4 ++++
>   .../linux/realview/base-files-console/etc/inittab  |  5 +++++
>   target/linux/sunxi/base-files-console/etc/inittab  |  5 +++++
>   target/linux/x86/base-files-console/etc/inittab    |  4 ++++
>   17 files changed, 105 insertions(+), 1 deletion(-)
>   create mode 100644 target/linux/adm5120/base-files-console/etc/inittab
>   create mode 100644 target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>   create mode 100644 target/linux/brcm2708/base-files-console/etc/inittab
>   create mode 100644 target/linux/ipq806x/base-files-console/etc/inittab
>   create mode 100644 target/linux/lantiq/base-files-console/etc/inittab
>   create mode 100644 target/linux/malta/base-files-console/etc/inittab
>   create mode 100644 target/linux/mediatek/base-files-console/etc/inittab
>   create mode 100644 target/linux/mxs/base-files-console/etc/inittab
>   create mode 100644 target/linux/omap/base-files-console/etc/inittab
>   create mode 100644 target/linux/omap24xx/base-files-console/etc/inittab
>   create mode 100644 target/linux/ppc44x/base-files-console/etc/inittab
>   create mode 100644 target/linux/realview/base-files-console/etc/inittab
>   create mode 100644 target/linux/sunxi/base-files-console/etc/inittab
>   create mode 100644 target/linux/x86/base-files-console/etc/inittab
>
> diff --git a/config/Config-build.in b/config/Config-build.in
> index 1a35c5d..f975d45 100644
> --- a/config/Config-build.in
> +++ b/config/Config-build.in
> @@ -75,6 +75,23 @@ menu "Global build settings"
>                     encrypted and unencrypted flavours, even when the encryption library
>                     is a 'heavier' one such as OpenSSL.
>
> +	config CONSOLE_LOGIN
> +		bool
> +		prompt "Require login even on hardware/serial console"
> +		default y if (TARGET_x86_generic || TARGET_x86_64 || TARGET_brcm2708)
> +		default n
> +		help
> +		  Enables Busybox applets getty and login and uses them instead of default
> +		  respawn of ash on hardware/serial consoles.  This is made the default for
> +		  targets which are fairly easy to gain hardware console access compared to
> +		  a typical router (which generally require more electronics skill or at least
> +                  equipment that than is common except with electronics enthusiasts and
> +                  professionals).  This includes the Raspberry Pi/Pi2 (built in HDMI and USB
> +		  support making adding a console trivial), and *generic* x86 32-bit and
> +		  64-bit systems (typically physical PCs for which it is also usually trivial
> +                  to add a keyboard and monitor without even rebooting).
> +
> +
>   	comment "Kernel build options"
>
>   	source "config/Config-kernel.in"
> diff --git a/package/base-files/Makefile b/package/base-files/Makefile
> index 1367fa9..b4fe806 100644
> --- a/package/base-files/Makefile
> +++ b/package/base-files/Makefile
> @@ -112,25 +112,46 @@ define Package/base-files/install
>   	if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
>   		$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
>   	fi
> +	$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(GENERIC_PLATFORM_DIR)/base-files-console/. ]; then \
> +		$(CP) $(GENERIC_PLATFORM_DIR)/base-files-console/* $(1)/; \
> +	fi)
>   	if [ -d $(PLATFORM_DIR)/base-files/. ]; then \
>   		$(CP) $(PLATFORM_DIR)/base-files/* $(1)/; \
>   	fi
> +	$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_DIR)/base-files-console/. ]; then \
> +		$(CP) $(PLATFORM_DIR)/base-files-console/* $(1)/; \
> +	fi)
>   	if [ -d $(PLATFORM_DIR)/base-files-$(PROFILE)/. ]; then \
>   		$(CP) $(PLATFORM_DIR)/base-files-$(PROFILE)/* $(1)/; \
>   	fi
> +	$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_DIR)/base-files-console-$(PROFILE)/. ]; then \
> +		$(CP) $(PLATFORM_DIR)/base-files-console-$(PROFILE)/* $(1)/; \
> +	fi)
>   	if [ -d $(PLATFORM_DIR)/$(PROFILE)/base-files/. ]; then \
>   		$(CP) $(PLATFORM_DIR)/$(PROFILE)/base-files/* $(1)/; \
>   	fi
> +	$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_DIR)/$(PROFILE)/base-files-console/. ]; then \
> +		$(CP) $(PLATFORM_DIR)/$(PROFILE)/base-files-console/* $(1)/; \
> +	fi)
>   	$(if $(filter-out $(PLATFORM_DIR),$(PLATFORM_SUBDIR)), \
>   		if [ -d $(PLATFORM_SUBDIR)/base-files/. ]; then \
>   			$(CP) $(PLATFORM_SUBDIR)/base-files/* $(1)/; \
>   		fi; \
> +		$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_SUBDIR)/base-files-console/. ]; then \
> +			$(CP) $(PLATFORM_SUBDIR)/base-files-console/* $(1)/; \
> +		fi;) \
>   		if [ -d $(PLATFORM_SUBDIR)/base-files-$(PROFILE)/. ]; then \
>   			$(CP) $(PLATFORM_SUBDIR)/base-files-$(PROFILE)/* $(1)/; \
>   		fi; \
> +		$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_SUBDIR)/base-files-$(PROFILE)-console/. ]; then \
> +			$(CP) $(PLATFORM_SUBDIR)/base-files-console-$(PROFILE)/* $(1)/; \
> +		fi;) \
>   		if [ -d $(PLATFORM_SUBDIR)/$(PROFILE)/base-files/. ]; then \
>   			$(CP) $(PLATFORM_SUBDIR)/$(PROFILE)/base-files/* $(1)/; \
> -		fi \
> +		fi; \
> +		$(if $(CONFIG_CONSOLE_LOGIN),if [ -d $(PLATFORM_SUBDIR)/$(PROFILE)/base-files-console/. ]; then \
> +			$(CP) $(PLATFORM_SUBDIR)/$(PROFILE)/base-files-console/* $(1)/; \
> +		fi) \
>   	)
>
>   	$(VERSION_SED) \
> diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in
> index 7a7b4a6..0986302 100644
> --- a/package/utils/busybox/Config-defaults.in
> +++ b/package/utils/busybox/Config-defaults.in
> @@ -1210,12 +1210,15 @@ config BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
>   	default n
>   config BUSYBOX_DEFAULT_GETTY
>   	bool
> +	default y if CONSOLE_LOGIN
>   	default n
>   config BUSYBOX_DEFAULT_LOGIN
>   	bool
> +	default y if CONSOLE_LOGIN
>   	default n
>   config BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD
>   	bool
> +	default y if CONSOLE_LOGIN
>   	default n
>   config BUSYBOX_DEFAULT_LOGIN_SCRIPTS
>   	bool
> diff --git a/target/linux/adm5120/base-files-console/etc/inittab b/target/linux/adm5120/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..fb677d6
> --- /dev/null
> +++ b/target/linux/adm5120/base-files-console/etc/inittab
> @@ -0,0 +1,5 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +tts/0::respawn:/sbin/getty -L 115200 tts/0
> +ttyAM0::respawn:/sbin/getty -L 115200 ttyAM0
> +tty1::respawn:/sbin/getty -L 115200 tty1
> diff --git a/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab b/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
> new file mode 100644
> index 0000000..97a31b1
> --- /dev/null
> +++ b/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
> @@ -0,0 +1,6 @@
> +#!/bin/sh
> +
> +CONSOLE="$(sed -e 's/^.*console=\(.*\),[0-9][0-9]*.*$/\1/' /proc/cmdline)"
> +SPEED="$(sed -e 's/^.*console=.*,\([0-9][0-9]*\).*$/\2/' /proc/cmdline)"
> +sed -i -e "s/::askconsole:\/bin\/ash --login/${CONSOLE:-ttyS0}::respawn:\/sbin\/getty -L ${SPEED:-115200} ${CONSOLE:-ttyS0}/" /etc/inittab
> +
> diff --git a/target/linux/brcm2708/base-files-console/etc/inittab b/target/linux/brcm2708/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..4e62ec9
> --- /dev/null
> +++ b/target/linux/brcm2708/base-files-console/etc/inittab
> @@ -0,0 +1,4 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
> +tty1::respawn:/sbin/getty -L 115200 tty1
> diff --git a/target/linux/ipq806x/base-files-console/etc/inittab b/target/linux/ipq806x/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..3886602
> --- /dev/null
> +++ b/target/linux/ipq806x/base-files-console/etc/inittab
> @@ -0,0 +1,4 @@
> +# Copyright (c) 2013 The Linux Foundation. All rights reserved.
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +ttyMSM0::respawn:/sbin/getty -L 115200 ttyMSM0
> diff --git a/target/linux/lantiq/base-files-console/etc/inittab b/target/linux/lantiq/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..5e9d0ca
> --- /dev/null
> +++ b/target/linux/lantiq/base-files-console/etc/inittab
> @@ -0,0 +1,3 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K stop
> +ttyLTQ0::respawn:/sbin/getty -L 11520 ttyLTQ0
> diff --git a/target/linux/malta/base-files-console/etc/inittab b/target/linux/malta/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..5fb3c2f
> --- /dev/null
> +++ b/target/linux/malta/base-files-console/etc/inittab
> @@ -0,0 +1,7 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +tts/0::respawn:/sbin/getty -L 115200 tts/0
> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
> +ttyS1::respawn:/sbin/getty -L 115200 ttyS1
> +ttyS2::respawn:/sbin/getty -L 115200 ttyS2
> +tty1::respawn:/sbin/getty -L 115200 tty1
> diff --git a/target/linux/mediatek/base-files-console/etc/inittab b/target/linux/mediatek/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..2f00c85
> --- /dev/null
> +++ b/target/linux/mediatek/base-files-console/etc/inittab
> @@ -0,0 +1,3 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
> diff --git a/target/linux/mxs/base-files-console/etc/inittab b/target/linux/mxs/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..f66e29c
> --- /dev/null
> +++ b/target/linux/mxs/base-files-console/etc/inittab
> @@ -0,0 +1,3 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
> diff --git a/target/linux/omap/base-files-console/etc/inittab b/target/linux/omap/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..69a7f69
> --- /dev/null
> +++ b/target/linux/omap/base-files-console/etc/inittab
> @@ -0,0 +1,5 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +ttyO0::respawn:/sbin/getty -L 115200 ttyO0
> +ttyO2::respawn:/sbin/getty -L 115200 ttyO2
> +tty1::respawn:/sbin/getty -L 115200 tty1
> diff --git a/target/linux/omap24xx/base-files-console/etc/inittab b/target/linux/omap24xx/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..bf19849
> --- /dev/null
> +++ b/target/linux/omap24xx/base-files-console/etc/inittab
> @@ -0,0 +1,5 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +tts/0::respawn:/sbin/getty -L 115200 tts/0
> +ttyO2::respawn:/sbin/getty -L 115200 ttyO2
> +tty1::respawn:/sbin/getty -L 115200 tty1
> diff --git a/target/linux/ppc44x/base-files-console/etc/inittab b/target/linux/ppc44x/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..23206fa
> --- /dev/null
> +++ b/target/linux/ppc44x/base-files-console/etc/inittab
> @@ -0,0 +1,4 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
> +ttyS1::respawn:/sbin/getty -L 115200 ttyS1
> diff --git a/target/linux/realview/base-files-console/etc/inittab b/target/linux/realview/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..a14f90f
> --- /dev/null
> +++ b/target/linux/realview/base-files-console/etc/inittab
> @@ -0,0 +1,5 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +tts/0::respawn:/sbin/getty -L 115200 tts/0
> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
> +tty1::respawn:/sbin/getty -L 115200 tty1
> diff --git a/target/linux/sunxi/base-files-console/etc/inittab b/target/linux/sunxi/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..b4c80de
> --- /dev/null
> +++ b/target/linux/sunxi/base-files-console/etc/inittab
> @@ -0,0 +1,5 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +tts/0::respawn:/sbin/getty -L 115200 tts/0
> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
> +tty1::respawn:/sbin/getty -L 115200 tty1
> diff --git a/target/linux/x86/base-files-console/etc/inittab b/target/linux/x86/base-files-console/etc/inittab
> new file mode 100644
> index 0000000..060cd53
> --- /dev/null
> +++ b/target/linux/x86/base-files-console/etc/inittab
> @@ -0,0 +1,4 @@
> +::sysinit:/etc/init.d/rcS S boot
> +::shutdown:/etc/init.d/rcS K shutdown
> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
> +tty1::respawn:/sbin/getty -L 115200 tty1
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list