From aa1d6621213d8c828bdfd5428c2486cd6deeb43b Mon Sep 17 00:00:00 2001 From: Peter Steenbergen Date: Mon, 12 Nov 2018 13:20:09 +0100 Subject: [PATCH] MycroftOS: Buildroot: Multiple changes and fixes - Make sure there is no getty being spawned on TTY1 - Switch from Dropbear to Openssh so we can disable locale being sent over --- .../board/raspberrypi/cmdline.txt | 2 +- .../board/raspberrypi/post-build.sh | 10 +- .../configs/mycroftos_rpi3_defconfig | 1 - buildroot-external/rootfs-overlay/etc/inittab | 40 ++++++ .../rootfs-overlay/etc/ssh/sshd_config | 118 ++++++++++++++++++ 5 files changed, 164 insertions(+), 7 deletions(-) create mode 100644 buildroot-external/rootfs-overlay/etc/inittab create mode 100644 buildroot-external/rootfs-overlay/etc/ssh/sshd_config diff --git a/buildroot-external/board/raspberrypi/cmdline.txt b/buildroot-external/board/raspberrypi/cmdline.txt index ab7ed224..79389324 100644 --- a/buildroot-external/board/raspberrypi/cmdline.txt +++ b/buildroot-external/board/raspberrypi/cmdline.txt @@ -1 +1 @@ -root=/dev/mmcblk0p2 console=tty3 consoleblank=0 loglevel=3 vt.global_cursor_default=0 logo.nologo rootwait fastboot noswap quiet +root=/dev/mmcblk0p2 console=tty3 consoleblank=0 loglevel=1 vt.global_cursor_default=0 logo.nologo rootwait fastboot noswap quiet diff --git a/buildroot-external/board/raspberrypi/post-build.sh b/buildroot-external/board/raspberrypi/post-build.sh index b0cf4f2d..89554604 100755 --- a/buildroot-external/board/raspberrypi/post-build.sh +++ b/buildroot-external/board/raspberrypi/post-build.sh @@ -4,11 +4,11 @@ set -u set -e # Add a console on tty1 -if [ -e ${TARGET_DIR}/etc/inittab ]; then - grep -qE '^tty1::' ${TARGET_DIR}/etc/inittab || \ - sed -i '/GENERIC_SERIAL/a\ -tty1::respawn:/sbin/getty -L tty1 0 vt100 # HDMI console' ${TARGET_DIR}/etc/inittab -fi +#if [ -e ${TARGET_DIR}/etc/inittab ]; then +# grep -qE '^tty1::' ${TARGET_DIR}/etc/inittab || \ +# sed -i '/GENERIC_SERIAL/a\ +#tty1::respawn:/sbin/getty -L tty1 0 vt100 # HDMI console' ${TARGET_DIR}/etc/inittab +#fi cp -f ../buildroot-external/board/raspberrypi/config.txt ${BINARIES_DIR}/rpi-firmware/config.txt cp -f ../buildroot-external/board/raspberrypi/cmdline.txt ${BINARIES_DIR}/rpi-firmware/cmdline.txt diff --git a/buildroot-external/configs/mycroftos_rpi3_defconfig b/buildroot-external/configs/mycroftos_rpi3_defconfig index aa0615b5..334acc25 100644 --- a/buildroot-external/configs/mycroftos_rpi3_defconfig +++ b/buildroot-external/configs/mycroftos_rpi3_defconfig @@ -147,7 +147,6 @@ BR2_PACKAGE_PCRE2_32=y BR2_PACKAGE_CONNMAN=y BR2_PACKAGE_CONNMAN_WIFI=y BR2_PACKAGE_CONNMAN_BLUETOOTH=y -BR2_PACKAGE_DROPBEAR=y BR2_PACKAGE_IW=y BR2_PACKAGE_NTP=y BR2_PACKAGE_OPENSSH=y diff --git a/buildroot-external/rootfs-overlay/etc/inittab b/buildroot-external/rootfs-overlay/etc/inittab new file mode 100644 index 00000000..26f3be5d --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/inittab @@ -0,0 +1,40 @@ +# /etc/inittab +# +# Copyright (C) 2001 Erik Andersen +# +# Note: BusyBox init doesn't support runlevels. The runlevels field is +# completely ignored by BusyBox init. If you want runlevels, use +# sysvinit. +# +# Format for each entry: ::: +# +# id == tty to run on, or empty for /dev/console +# runlevels == ignored +# action == one of sysinit, respawn, askfirst, wait, and once +# process == program to run + +# Startup the system +::sysinit:/bin/mount -t proc proc /proc +::sysinit:/bin/mount -o remount,rw / +::sysinit:/bin/mkdir -p /dev/pts /dev/shm +::sysinit:/bin/mount -a +::sysinit:/sbin/swapon -a +null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd +null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin +null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout +null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr +::sysinit:/bin/hostname -F /etc/hostname +# now run any rc scripts +::sysinit:/etc/init.d/rcS + +# Put a getty on the serial port +#ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100 # GENERIC_SERIAL +#tty1::respawn:/sbin/getty -L tty1 0 vt100 # HDMI console + +# Stuff to do for the 3-finger salute +#::ctrlaltdel:/sbin/reboot + +# Stuff to do before rebooting +::shutdown:/etc/init.d/rcK +::shutdown:/sbin/swapoff -a +::shutdown:/bin/umount -a -r diff --git a/buildroot-external/rootfs-overlay/etc/ssh/sshd_config b/buildroot-external/rootfs-overlay/etc/ssh/sshd_config new file mode 100644 index 00000000..1b03ca9e --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/ssh/sshd_config @@ -0,0 +1,118 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server + +AcceptEnv LANG LC_*