From patchwork Thu Sep 13 22:16:30 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 183748 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from silver.osuosl.org (silver.osuosl.org [140.211.166.136]) by ozlabs.org (Postfix) with ESMTP id 066212C007B for ; Fri, 14 Sep 2012 08:16:40 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 3DC1C304DC; Thu, 13 Sep 2012 22:16:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUEl+zG-wulx; Thu, 13 Sep 2012 22:16:36 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 313ED3049D; Thu, 13 Sep 2012 22:16:36 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (whitealder.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 1BB218F74A for ; Thu, 13 Sep 2012 22:16:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id B33F88CE10 for ; Thu, 13 Sep 2012 22:16:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xfs9BzywosDk for ; Thu, 13 Sep 2012 22:16:33 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from smtp.smtpout.orange.fr (smtp07.smtpout.orange.fr [80.12.242.129]) by whitealder.osuosl.org (Postfix) with ESMTP id E9BC78CDC0 for ; Thu, 13 Sep 2012 22:16:32 +0000 (UTC) Received: from treguer.bzh.lan ([90.32.30.11]) by mwinf5d66 with ME id ymGX1j0050EPY8y03mGXHP; Fri, 14 Sep 2012 00:16:32 +0200 From: "Yann E. MORIN" To: buildroot@busybox.net Date: Fri, 14 Sep 2012 00:16:30 +0200 Message-Id: <1347574590-13716-2-git-send-email-yann.morin.1998@free.fr> X-Mailer: git-send-email 1.7.2.5 In-Reply-To: <1347574590-13716-1-git-send-email-yann.morin.1998@free.fr> References: <1347574590-13716-1-git-send-email-yann.morin.1998@free.fr> Cc: "Yann E. MORIN" Subject: [Buildroot] [PATCH 2/2] target: add different methods to encode the root password X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: buildroot-bounces@busybox.net The password can be encoded in different ways (from the weakest to the strongest): des, md5, sha-256, sha-512 Add a choice entry to select the method, defaulting to 'des'. Signed-off-by: "Yann E. MORIN" --- target/generic/Config.in | 46 ++++++++++++++++++++++++++++++++++++++++++++ target/generic/Makefile.in | 3 +- 2 files changed, 48 insertions(+), 1 deletions(-) diff --git a/target/generic/Config.in b/target/generic/Config.in index b376c85..9933df6 100644 --- a/target/generic/Config.in +++ b/target/generic/Config.in @@ -27,6 +27,52 @@ config BR2_TARGET_GENERIC_ROOT_PASSWD if either the .config file or the build log may be distributed! choice + bool "root password encoding" + depends on BR2_TARGET_GENERIC_ROOT_PASSWD != "" + default BR2_TARGET_GENERIC_ROOT_PASSWD_DES + +config BR2_TARGET_GENERIC_ROOT_PASSWD_DES + bool "des" + help + Use standard 56-bit DES-based crypt(3). + + The default, wildly available, but also the weakest. + +config BR2_TARGET_GENERIC_ROOT_PASSWD_MD5 + bool "md5" + help + Use MD5 to encode the password. + + Although not default, still wildly available, and pretty good. + +config BR2_TARGET_GENERIC_ROOT_PASSWD_SHA256 + bool "sha-256" + help + Use SHA256 to encode the password. + + Very strong, but not ubiquitous, although available in glibc + for some time now. Choose only if you are sure your C library + understands SHA256 passwords. + +config BR2_TARGET_GENERIC_ROOT_PASSWD_SHA512 + bool "sha-512" + help + Use SHA512 to encode the password. + + Extremely strong, but not ubiquitous, although available in glibc + for some time now. Choose only if you are sure your C library + understands SHA512 passwords. + +endchoice # root passwd encoding + +config BR2_TARGET_GENERIC_ROOT_PASSWD_METHOD + string + default "des" if BR2_TARGET_GENERIC_ROOT_PASSWD_DES + default "md5" if BR2_TARGET_GENERIC_ROOT_PASSWD_MD5 + default "sha-256" if BR2_TARGET_GENERIC_ROOT_PASSWD_SHA256 + default "sha-512" if BR2_TARGET_GENERIC_ROOT_PASSWD_SHA512 + +choice prompt "/dev management" default BR2_ROOTFS_DEVICE_CREATION_STATIC diff --git a/target/generic/Makefile.in b/target/generic/Makefile.in index 1021b10..674665b 100644 --- a/target/generic/Makefile.in +++ b/target/generic/Makefile.in @@ -1,6 +1,7 @@ TARGET_GENERIC_HOSTNAME:=$(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME)) TARGET_GENERIC_ISSUE:=$(call qstrip,$(BR2_TARGET_GENERIC_ISSUE)) TARGET_GENERIC_ROOT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD)) +TARGET_GENERIC_ROOT_PASSWD_METHOD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD_METHOD)) TARGET_GENERIC_GETTY:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT)) TARGET_GENERIC_GETTY_BAUDRATE:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE)) @@ -18,7 +19,7 @@ target-no-root-passwd: $(SED) "s/^root:[^:]*:/root::/" $(TARGET_DIR)/etc/shadow target-root-passwd: - root_passwd="$$( mkpasswd -m des "$(TARGET_GENERIC_ROOT_PASSWD)" )"; \ + root_passwd="$$( mkpasswd -m "$(TARGET_GENERIC_ROOT_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)" )"; \ $(SED) "s,^root::,root:$${root_passwd}:," $(TARGET_DIR)/etc/shadow target-generic-getty-busybox: