[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices
Heinrich Schuchardt
xypron.glpk at gmx.de
Wed Dec 23 02:44:42 EST 2015
Hello Daniel,
my TP-LINK MR3020 (AR71XX, OpenWrt 15.05) uses /dev/ttyATH0 as serial
console .
I could not find this device in the getty commands of the inittab that
you create in the patch below.
I would feel more comfortable having a password verification on my
router. Shouldn't this be default on all targets?
Best regards
Heinrich Schuchardt
On 23.12.2015 07:58, Daniel Dickinson wrote:
> I am reworking this (requiring console login) as couple of packages for
> the packages feed, although it may require an image.mk or packages
> Makefile hook in order to embed an appropriate inittab into the image
> (since the inittab will need to be modified and we need to guarantee the
> correct order of actions; and inittab comes from base-files which is
> last thing done in the packages Makefile).
>
> Regards,
>
> Daniel
>
> On 16/12/15 09:59 AM, openwrt at daniel.thecshore.com wrote:
>> From: Daniel Dickinson <openwrt at daniel.thecshore.com>
>>
>> Some devices like generic PC's and Raspberry Pi/Pi2 are much more
>> trivial to
>> get hardware console access than a typical router scenario and
>> therefore really
>> ought to require login even on hardware console rather than a hardware
>> console
>> granting passwordless root access.
>>
>> Since we're at it, we also make requiring login on hardware console an
>> easily configured build-time option.
>>
>> Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
>> ---
>> config/Config-build.in | 17
>> ++++++++++++++++
>> package/base-files/Makefile | 23
>> +++++++++++++++++++++-
>> package/utils/busybox/Config-defaults.in | 3 +++
>> .../linux/adm5120/base-files-console/etc/inittab | 5 +++++
>> .../base-files-console/etc/uci-defaults/inittab | 6 ++++++
>> .../linux/brcm2708/base-files-console/etc/inittab | 4 ++++
>> .../linux/ipq806x/base-files-console/etc/inittab | 4 ++++
>> target/linux/lantiq/base-files-console/etc/inittab | 3 +++
>> target/linux/malta/base-files-console/etc/inittab | 7 +++++++
>> .../linux/mediatek/base-files-console/etc/inittab | 3 +++
>> target/linux/mxs/base-files-console/etc/inittab | 3 +++
>> target/linux/omap/base-files-console/etc/inittab | 5 +++++
>> .../linux/omap24xx/base-files-console/etc/inittab | 5 +++++
>> target/linux/ppc44x/base-files-console/etc/inittab | 4 ++++
>> .../linux/realview/base-files-console/etc/inittab | 5 +++++
>> target/linux/sunxi/base-files-console/etc/inittab | 5 +++++
>> target/linux/x86/base-files-console/etc/inittab | 4 ++++
>> 17 files changed, 105 insertions(+), 1 deletion(-)
>> create mode 100644 target/linux/adm5120/base-files-console/etc/inittab
>> create mode 100644
>> target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>> create mode 100644 target/linux/brcm2708/base-files-console/etc/inittab
>> create mode 100644 target/linux/ipq806x/base-files-console/etc/inittab
>> create mode 100644 target/linux/lantiq/base-files-console/etc/inittab
>> create mode 100644 target/linux/malta/base-files-console/etc/inittab
>> create mode 100644 target/linux/mediatek/base-files-console/etc/inittab
>> create mode 100644 target/linux/mxs/base-files-console/etc/inittab
>> create mode 100644 target/linux/omap/base-files-console/etc/inittab
>> create mode 100644 target/linux/omap24xx/base-files-console/etc/inittab
>> create mode 100644 target/linux/ppc44x/base-files-console/etc/inittab
>> create mode 100644 target/linux/realview/base-files-console/etc/inittab
>> create mode 100644 target/linux/sunxi/base-files-console/etc/inittab
>> create mode 100644 target/linux/x86/base-files-console/etc/inittab
>>
>> diff --git a/config/Config-build.in b/config/Config-build.in
>> index 1a35c5d..f975d45 100644
>> --- a/config/Config-build.in
>> +++ b/config/Config-build.in
>> @@ -75,6 +75,23 @@ menu "Global build settings"
>> encrypted and unencrypted flavours, even when the
>> encryption library
>> is a 'heavier' one such as OpenSSL.
>>
>> + config CONSOLE_LOGIN
>> + bool
>> + prompt "Require login even on hardware/serial console"
>> + default y if (TARGET_x86_generic || TARGET_x86_64 ||
>> TARGET_brcm2708)
>> + default n
>> + help
>> + Enables Busybox applets getty and login and uses them
>> instead of default
>> + respawn of ash on hardware/serial consoles. This is made
>> the default for
>> + targets which are fairly easy to gain hardware console
>> access compared to
>> + a typical router (which generally require more electronics
>> skill or at least
>> + equipment that than is common except with
>> electronics enthusiasts and
>> + professionals). This includes the Raspberry Pi/Pi2
>> (built in HDMI and USB
>> + support making adding a console trivial), and *generic* x86
>> 32-bit and
>> + 64-bit systems (typically physical PCs for which it is also
>> usually trivial
>> + to add a keyboard and monitor without even rebooting).
>> +
>> +
>> comment "Kernel build options"
>>
>> source "config/Config-kernel.in"
>> diff --git a/package/base-files/Makefile b/package/base-files/Makefile
>> index 1367fa9..b4fe806 100644
>> --- a/package/base-files/Makefile
>> +++ b/package/base-files/Makefile
>> @@ -112,25 +112,46 @@ define Package/base-files/install
>> if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
>> $(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
>> fi
>> + $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(GENERIC_PLATFORM_DIR)/base-files-console/. ]; then \
>> + $(CP) $(GENERIC_PLATFORM_DIR)/base-files-console/* $(1)/; \
>> + fi)
>> if [ -d $(PLATFORM_DIR)/base-files/. ]; then \
>> $(CP) $(PLATFORM_DIR)/base-files/* $(1)/; \
>> fi
>> + $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_DIR)/base-files-console/. ]; then \
>> + $(CP) $(PLATFORM_DIR)/base-files-console/* $(1)/; \
>> + fi)
>> if [ -d $(PLATFORM_DIR)/base-files-$(PROFILE)/. ]; then \
>> $(CP) $(PLATFORM_DIR)/base-files-$(PROFILE)/* $(1)/; \
>> fi
>> + $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_DIR)/base-files-console-$(PROFILE)/. ]; then \
>> + $(CP) $(PLATFORM_DIR)/base-files-console-$(PROFILE)/* $(1)/; \
>> + fi)
>> if [ -d $(PLATFORM_DIR)/$(PROFILE)/base-files/. ]; then \
>> $(CP) $(PLATFORM_DIR)/$(PROFILE)/base-files/* $(1)/; \
>> fi
>> + $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_DIR)/$(PROFILE)/base-files-console/. ]; then \
>> + $(CP) $(PLATFORM_DIR)/$(PROFILE)/base-files-console/* $(1)/; \
>> + fi)
>> $(if $(filter-out $(PLATFORM_DIR),$(PLATFORM_SUBDIR)), \
>> if [ -d $(PLATFORM_SUBDIR)/base-files/. ]; then \
>> $(CP) $(PLATFORM_SUBDIR)/base-files/* $(1)/; \
>> fi; \
>> + $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_SUBDIR)/base-files-console/. ]; then \
>> + $(CP) $(PLATFORM_SUBDIR)/base-files-console/* $(1)/; \
>> + fi;) \
>> if [ -d $(PLATFORM_SUBDIR)/base-files-$(PROFILE)/. ]; then \
>> $(CP) $(PLATFORM_SUBDIR)/base-files-$(PROFILE)/* $(1)/; \
>> fi; \
>> + $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_SUBDIR)/base-files-$(PROFILE)-console/. ]; then \
>> + $(CP) $(PLATFORM_SUBDIR)/base-files-console-$(PROFILE)/*
>> $(1)/; \
>> + fi;) \
>> if [ -d $(PLATFORM_SUBDIR)/$(PROFILE)/base-files/. ]; then \
>> $(CP) $(PLATFORM_SUBDIR)/$(PROFILE)/base-files/* $(1)/; \
>> - fi \
>> + fi; \
>> + $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_SUBDIR)/$(PROFILE)/base-files-console/. ]; then \
>> + $(CP) $(PLATFORM_SUBDIR)/$(PROFILE)/base-files-console/*
>> $(1)/; \
>> + fi) \
>> )
>>
>> $(VERSION_SED) \
>> diff --git a/package/utils/busybox/Config-defaults.in
>> b/package/utils/busybox/Config-defaults.in
>> index 7a7b4a6..0986302 100644
>> --- a/package/utils/busybox/Config-defaults.in
>> +++ b/package/utils/busybox/Config-defaults.in
>> @@ -1210,12 +1210,15 @@ config
>> BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
>> default n
>> config BUSYBOX_DEFAULT_GETTY
>> bool
>> + default y if CONSOLE_LOGIN
>> default n
>> config BUSYBOX_DEFAULT_LOGIN
>> bool
>> + default y if CONSOLE_LOGIN
>> default n
>> config BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD
>> bool
>> + default y if CONSOLE_LOGIN
>> default n
>> config BUSYBOX_DEFAULT_LOGIN_SCRIPTS
>> bool
>> diff --git a/target/linux/adm5120/base-files-console/etc/inittab
>> b/target/linux/adm5120/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..fb677d6
>> --- /dev/null
>> +++ b/target/linux/adm5120/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyAM0::respawn:/sbin/getty -L 115200 ttyAM0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git
>> a/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>> b/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>> new file mode 100644
>> index 0000000..97a31b1
>> --- /dev/null
>> +++ b/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>> @@ -0,0 +1,6 @@
>> +#!/bin/sh
>> +
>> +CONSOLE="$(sed -e 's/^.*console=\(.*\),[0-9][0-9]*.*$/\1/'
>> /proc/cmdline)"
>> +SPEED="$(sed -e 's/^.*console=.*,\([0-9][0-9]*\).*$/\2/' /proc/cmdline)"
>> +sed -i -e "s/::askconsole:\/bin\/ash
>> --login/${CONSOLE:-ttyS0}::respawn:\/sbin\/getty -L ${SPEED:-115200}
>> ${CONSOLE:-ttyS0}/" /etc/inittab
>> +
>> diff --git a/target/linux/brcm2708/base-files-console/etc/inittab
>> b/target/linux/brcm2708/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..4e62ec9
>> --- /dev/null
>> +++ b/target/linux/brcm2708/base-files-console/etc/inittab
>> @@ -0,0 +1,4 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/ipq806x/base-files-console/etc/inittab
>> b/target/linux/ipq806x/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..3886602
>> --- /dev/null
>> +++ b/target/linux/ipq806x/base-files-console/etc/inittab
>> @@ -0,0 +1,4 @@
>> +# Copyright (c) 2013 The Linux Foundation. All rights reserved.
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyMSM0::respawn:/sbin/getty -L 115200 ttyMSM0
>> diff --git a/target/linux/lantiq/base-files-console/etc/inittab
>> b/target/linux/lantiq/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..5e9d0ca
>> --- /dev/null
>> +++ b/target/linux/lantiq/base-files-console/etc/inittab
>> @@ -0,0 +1,3 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K stop
>> +ttyLTQ0::respawn:/sbin/getty -L 11520 ttyLTQ0
>> diff --git a/target/linux/malta/base-files-console/etc/inittab
>> b/target/linux/malta/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..5fb3c2f
>> --- /dev/null
>> +++ b/target/linux/malta/base-files-console/etc/inittab
>> @@ -0,0 +1,7 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> +ttyS1::respawn:/sbin/getty -L 115200 ttyS1
>> +ttyS2::respawn:/sbin/getty -L 115200 ttyS2
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/mediatek/base-files-console/etc/inittab
>> b/target/linux/mediatek/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..2f00c85
>> --- /dev/null
>> +++ b/target/linux/mediatek/base-files-console/etc/inittab
>> @@ -0,0 +1,3 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> diff --git a/target/linux/mxs/base-files-console/etc/inittab
>> b/target/linux/mxs/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..f66e29c
>> --- /dev/null
>> +++ b/target/linux/mxs/base-files-console/etc/inittab
>> @@ -0,0 +1,3 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
>> diff --git a/target/linux/omap/base-files-console/etc/inittab
>> b/target/linux/omap/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..69a7f69
>> --- /dev/null
>> +++ b/target/linux/omap/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyO0::respawn:/sbin/getty -L 115200 ttyO0
>> +ttyO2::respawn:/sbin/getty -L 115200 ttyO2
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/omap24xx/base-files-console/etc/inittab
>> b/target/linux/omap24xx/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..bf19849
>> --- /dev/null
>> +++ b/target/linux/omap24xx/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyO2::respawn:/sbin/getty -L 115200 ttyO2
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/ppc44x/base-files-console/etc/inittab
>> b/target/linux/ppc44x/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..23206fa
>> --- /dev/null
>> +++ b/target/linux/ppc44x/base-files-console/etc/inittab
>> @@ -0,0 +1,4 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> +ttyS1::respawn:/sbin/getty -L 115200 ttyS1
>> diff --git a/target/linux/realview/base-files-console/etc/inittab
>> b/target/linux/realview/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..a14f90f
>> --- /dev/null
>> +++ b/target/linux/realview/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/sunxi/base-files-console/etc/inittab
>> b/target/linux/sunxi/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..b4c80de
>> --- /dev/null
>> +++ b/target/linux/sunxi/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/x86/base-files-console/etc/inittab
>> b/target/linux/x86/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..060cd53
>> --- /dev/null
>> +++ b/target/linux/x86/base-files-console/etc/inittab
>> @@ -0,0 +1,4 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list