initrdscripts: make it possbile to secure grub with a password
* an example setup for the IDU can be found on https://projects.sysmocom.de/redmine/projects/sob-idu/wiki/ProvisioningSetup Fixes: SYS#1130
This commit is contained in:
parent
88300710db
commit
21356b7508
|
@ -4,4 +4,16 @@ change_udev_automounter_ro() {
|
||||||
sed -i -e 's/\-t auto/\-t auto \-o ro/' ${IMAGE_ROOTFS}/etc/udev/scripts/mount.sh
|
sed -i -e 's/\-t auto/\-t auto \-o ro/' ${IMAGE_ROOTFS}/etc/udev/scripts/mount.sh
|
||||||
}
|
}
|
||||||
|
|
||||||
ROOTFS_POSTPROCESS_COMMAND += "change_udev_automounter_ro ; "
|
bootuser = "${@d.getVar('BOOT_USER', True) or ""}"
|
||||||
|
bootpasswd = "${@d.getVar('BOOT_PASSWD', True) or ""}"
|
||||||
|
|
||||||
|
set_boot_passwd() {
|
||||||
|
if [ -n "${bootpasswd}" ] && [ -n "${bootuser}" ]; then
|
||||||
|
sed -e "s/^\(BOOTPASSWD=\)/\1${bootpasswd}/g" \
|
||||||
|
-e "s/^\(BOOTUSER=\)/\1${bootuser}/g" \
|
||||||
|
-i ${IMAGE_ROOTFS}/install.sh
|
||||||
|
echo "Generated new grub-passwd"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
ROOTFS_POSTPROCESS_COMMAND += "change_udev_automounter_ro ; set_boot_passwd; "
|
||||||
|
|
|
@ -175,10 +175,22 @@ terminal_input --append serial
|
||||||
terminal_output --append serial
|
terminal_output --append serial
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
BOOTPASSWD=
|
||||||
|
BOOTUSER=
|
||||||
|
if [ -n "${BOOTPASSWD}" ] && [ -n "${BOOTUSER}" ]; then
|
||||||
|
cat >> $GRUBCFG << EOF
|
||||||
|
set superusers="$BOOTUSER"
|
||||||
|
password $BOOTUSER $BOOTPASSWD
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -f /etc/grub.d/40_custom ] ; then
|
if [ -f /etc/grub.d/40_custom ] ; then
|
||||||
echo "Preparing custom grub2 menu..."
|
echo "Preparing custom grub2 menu..."
|
||||||
|
|
||||||
cat /etc/grub.d/40_custom >> $GRUBCFG
|
cat /etc/grub.d/40_custom >> $GRUBCFG
|
||||||
|
if [ -n "${BOOTPASSWD}" ] && [ -n "${BOOTUSER}" ]; then
|
||||||
|
sed -i "s/\(menuentry\)\(.*\)\({\)/\1\2--unrestricted \3/g" $GRUBCFG
|
||||||
|
fi
|
||||||
sed -i "s@__ROOTFS__@$rootfs $rootwait@g" $GRUBCFG
|
sed -i "s@__ROOTFS__@$rootfs $rootwait@g" $GRUBCFG
|
||||||
sed -i "s/__VIDEO_MODE__/$kernel_cmdline_video_mode/g" $GRUBCFG
|
sed -i "s/__VIDEO_MODE__/$kernel_cmdline_video_mode/g" $GRUBCFG
|
||||||
sed -i "s/__VGA_MODE__/$kernel_cmdline_vga_mode/g" $GRUBCFG
|
sed -i "s/__VGA_MODE__/$kernel_cmdline_vga_mode/g" $GRUBCFG
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
SYSMOCOM := "${@os.path.dirname(bb.data.getVar('FILE', d, True))}"
|
SYSMOCOM := "${@os.path.dirname(bb.data.getVar('FILE', d, True))}"
|
||||||
FILESEXTRAPATHS_prepend := "${SYSMOCOM}/files:"
|
FILESEXTRAPATHS_prepend := "${SYSMOCOM}/files:"
|
||||||
|
|
||||||
PRINC = "1"
|
PRINC = "2"
|
||||||
|
|
||||||
RDEPENDS_${PN} += "e2fsprogs-e2fsck"
|
RDEPENDS_${PN} += "e2fsprogs-e2fsck"
|
||||||
|
|
Loading…
Reference in New Issue