From patchwork Mon Sep 23 17:18:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Crispin X-Patchwork-Id: 1988669 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=dMbuPvLj; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XC8s94qZhz1xsp for ; Tue, 24 Sep 2024 03:20:45 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=9ujrE7AVdfgx6gEZSiltaJOahJGknHUbFMl90Ty7GcU=; b=dMbuPvLjLnXF8K 7ZvESRF3neKJUdL/cq7++LSL8zBYgc/E/vQG7qcrMH7QqEY6XqoHRh8iclKf0bB2zo4F/sTFucgMS UYtUNIrvPw6Idr7e9fbHcZWyT+G2T3a7hISqxdUZ7jETlb+liiDa/iUlQVKYG/tI6+RM0DCIMBFth ys/SPhNXBopfW7LsojasCLE6kcjW9x1lXZvV9pW2V9gdfs096d04dgrUpddSFbKK1Sd63GEMoShVL Y5ZP8aKdz+y5FNqZ1MePkSUdgLHpomKJ9z2VPddmWpAKXtXTDylXgatxJHhLVSN00lKq1kORVEvfg ne6YQLpY0eQHCTTWC9XQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1ssmi5-000000006xd-3fSJ; Mon, 23 Sep 2024 17:18:53 +0000 Received: from nbd.name ([46.4.11.11]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1ssmhp-000000006rO-3Akf for openwrt-devel@lists.openwrt.org; Mon, 23 Sep 2024 17:18:41 +0000 Received: from [2a04:4540:1404:e800:43a1:93c8:f672:7397] (helo=bertha10..) by ds12 with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1ssmhl-00HS5P-0P for openwrt-devel@lists.openwrt.org; Mon, 23 Sep 2024 19:18:33 +0200 From: John Crispin To: openwrt-devel@lists.openwrt.org Subject: [PATCH 00/11] allow loading default credentials from flash Date: Mon, 23 Sep 2024 19:18:14 +0200 Message-Id: <20240923171825.148902-1-john@phrozen.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240923_101837_847739_33C55A91 X-CRM114-Status: UNSURE ( 8.87 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -1.9 (-) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The series adds board.d enhancements that allow loading persistently stored values that can then be used during config_generate. - root password - ssh auth key - wifi credentials - timezone - num_global_macaddr Content analysis details: (-1.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [46.4.11.11 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [46.4.11.11 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [46.4.11.11 listed in sa-trusted.bondedsender.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The series adds board.d enhancements that allow loading persistently stored values that can then be used during config_generate. - root password - ssh auth key - wifi credentials - timezone - num_global_macaddr There is a script that will attempt to load these values from the uboot-env. Daniel Golle (1): base-files: uci-defaults: allow setting wireless defaults John Crispin (10): base-files: uci-defaults: allow setting default credentials and ssh keys base-files: uci-defaults: allow setting default timezone base-files: uci-defaults: allow setting the number of MACs a radio can use base-files: execute uboot-env script before calling config_generate uboot-envtools: add fw_loadenv tool uboot-envtools: add a board.d script to load defaults from the environment wifi-scripts: populate default wifi credentials and country code from board.json dropbear: add a uci-defaults script for loading authorized keys base-files: add timezone to UCI during config_generate base-files: set root password if present inside board.json package/base-files/files/bin/config_generate | 5 ++ package/base-files/files/etc/init.d/boot | 3 +- .../files/etc/uci-defaults/50-root-passwd | 15 ++++ .../files/lib/functions/uci-defaults.sh | 77 +++++++++++++++++++ package/boot/uboot-envtools/Makefile | 3 + package/boot/uboot-envtools/files/fw_defaults | 16 ++++ package/boot/uboot-envtools/files/fw_loadenv | 26 +++++++ .../wifi-scripts/files/lib/wifi/mac80211.uc | 22 +++++- package/network/services/dropbear/Makefile | 2 + .../services/dropbear/files/dropbear.defaults | 15 ++++ 10 files changed, 179 insertions(+), 5 deletions(-) create mode 100644 package/base-files/files/etc/uci-defaults/50-root-passwd create mode 100644 package/boot/uboot-envtools/files/fw_defaults create mode 100644 package/boot/uboot-envtools/files/fw_loadenv create mode 100644 package/network/services/dropbear/files/dropbear.defaults