Hi everybody,
to deploy minimal OpenWrt images on multiple routers it is necessary to
set a root password, while building the deployable file.
Therefore i added a patch that is setting a "default" password in the
"/etc/shadow" file of the "base-files" package. It is using the openssl
command of the building host to create the hash of the password.
Here are the diff files for both the current development branch (Barrier
Braker) and the 12.09 branch..please add the patches to both branches,
to be able to use it in the currently stable release as well.
*devel-branch (http://git.openwrt.org/?p=openwrt.git;a=summary):*
Signed-off-by: Benjamin Pflueg <b...@bensbox.de>
---
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index 207af35..494047e 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -9,6 +9,7 @@
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/version.mk
include $(INCLUDE_DIR)/kernel.mk
+include $(INCLUDE_DIR)/baseconf.mk
PKG_NAME:=base-files
PKG_RELEASE:=152
@@ -113,6 +114,11 @@ define Package/base-files/install
$(1)/etc/openwrt_version \
$(1)/etc/openwrt_release
+ $(if $(filter $(BASECONF_ROOT_PASSWORD),x), \
+ $(SED) 's/%P/x/g' $(1)/etc/shadow, \
+ $(SED) 's/%P/$(shell $(OPENSSL) passwd -1
$(BASECONF_ROOT_PASSWORD) | $(SED_PLAIN) -e 's/[/.$$^]/\\&/g' |
$(SED_PLAIN) -e 's/\$$/\$$\$$/g')/' $(1)/etc/shadow \
+ )
+
mkdir -p $(1)/CONTROL
mkdir -p $(1)/dev
mkdir -p $(1)/etc/crontabs
diff --git a/package/base-files/files/etc/shadow
b/package/base-files/files/etc/shadow
index 4b4154f..f35be79 100644
--- a/package/base-files/files/etc/shadow
+++ b/package/base-files/files/etc/shadow
@@ -1,4 +1,4 @@
-root::0:0:99999:7:::
+root:%P:0:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
diff --git a/package/base-files/image-config.in
b/package/base-files/image-config.in
index a9eb78c..2f2e22a 100644
--- a/package/base-files/image-config.in
+++ b/package/base-files/image-config.in
@@ -221,3 +221,19 @@ menuconfig SMIMEOPT
Path to a file containing the passphrase for the signing key.
If the signing key is not encrypted and does not
require a passphrase,
this option may be left blank.
+
+menuconfig BASECONFOPT
+ bool "Base system configurations" if IMAGEOPT
+ default n
+ help
+ In here you can set configurations like a default root password.
+ They are suppose to be very basic and default settings to the
+ vanilla OpenWRT firmware.
+
+ config BASECONF_ROOT_PASSWORD
+ string
+ prompt "Custom default root password" if BASECONFOPT
+ help
+ Usually the firmware does not have the root password set.
+ Here you can set a default one, that will be in effect
+ even after a factory reset.
diff --git a/rules.mk b/rules.mk
index a84636a..ef8ef2f 100644
--- a/rules.mk
+++ b/rules.mk
@@ -196,10 +196,12 @@ TARGET_AR:=$(TARGET_CROSS)ar
TARGET_RANLIB:=$(TARGET_CROSS)ranlib
TARGET_CXX:=$(TARGET_CROSS)g++
KPATCH:=$(SCRIPT_DIR)/patch-kernel.sh
-SED:=$(STAGING_DIR_HOST)/bin/sed -i -e
+SED_PLAIN:=$(STAGING_DIR_HOST)/bin/sed
+SED:=$(SED_PLAIN) -i -e
CP:=cp -fpR
LN:=ln -sf
XARGS:=xargs -r
+OPENSSL:=openssl
INSTALL_BIN:=install -m0755
INSTALL_DIR:=install -d -m0755
diff --git a/include/baseconf.mk b/include/baseconf.mk
new file mode 100644
index 0000000..ad8db58
--- /dev/null
+++ b/include/baseconf.mk
@@ -0,0 +1,6 @@
+
+PKG_CONFIG_DEPENDS += \
+ CONFIG_BASECONF_ROOT_PASSWORD
+
+BASECONF_ROOT_PASSWORD:=$(call qstrip,$(CONFIG_BASECONF_ROOT_PASSWORD))
+BASECONF_ROOT_PASSWORD:=$(if
$(BASECONF_ROOT_PASSWORD),$(BASECONF_ROOT_PASSWORD),x)
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
