forked from kernelkit/infix
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use default pwd hash from VPD in QEMU
This commit does several things. Its end goal is to fetch the admin password hash from VPD memory during factory bootstrap. To accomplish this probe creates a new file /run/system.json with information read from a fw_cfg QEMU partition. The data from /run/system.json is then later used during config bootstrap to fill in the factory administrator password. The idea is to make QEMU behave the same way hardware does, i.e. a default/factory password should be fetched and used from "hardware memory". The hardware portion of this is yet to be done. Signed-off-by: Richard Alpe <richard@bit42.se>
- Loading branch information
Showing
8 changed files
with
101 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,35 @@ | ||
#!/bin/sh | ||
# Probe for various types of harware features | ||
|
||
if dmesg |grep -q QEMU || test -d /sys/module/qemu_fw_cfg; then | ||
initctl cond set qemu | ||
#TODO Rewrite this script in python before extending it further | ||
#TODO Remove fallback temporary development hash | ||
|
||
gen_qemu_system_file() { | ||
vbd_json="$(onieprom /sys/firmware/qemu_fw_cfg/by_name/opt/vbd/raw)" | ||
if [ $? -ne 0 ]; then | ||
logger -p user.crit -t "probe" "Error, running onieprom tool" | ||
exit 1 | ||
fi | ||
|
||
pwhash="$(echo "$vbd_json" | jq -r '.["vendor-extension"][0][1]' | jq -r '.pwhash')" | ||
if [ -z "$pwhash" ] || [ "$pwhash" = "null" ]; then | ||
logger -p user.crit -t "probe" "Error, didn't find password hash" | ||
exit 1 | ||
fi | ||
|
||
system_json="$(echo "$vbd_json" | jq -r 'del(."vendor-extension")')" | ||
system_json="$(echo "$system_json" | jq --arg val "$pwhash" '. += {"pwhash": $val}')" | ||
echo "$system_json" > /run/system.json | ||
} | ||
|
||
if dmesg | grep -q QEMU || test -d /sys/module/qemu_fw_cfg; then | ||
initctl cond set qemu | ||
gen_qemu_system_file | ||
else | ||
# NOTE: All this code will soon go away. | ||
echo -e "\n\n\e[31mWARNING! Probe failed to get password hash from hardware\n" \ | ||
"Falling back to temporary hash\e[0m\n" > /dev/console | ||
# Clear Test = admin | ||
echo '{"pwhash": "$5$n2xoZAmITmPYjOTO$pbWHoa1Mu25a0e.akViAf9uWRvUgbq9BbcmzWWaNP0A"}' > /run/system.json | ||
fi | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
pkglibexec_SCRIPTS = bootstrap error load \ | ||
gen-hostkeys gen-hostname gen-interfaces | ||
gen-hostkeys gen-admin-auth gen-hostname gen-interfaces |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/bin/sh | ||
|
||
pwhash="$(cat /run/system.json | jq '.pwhash')" | ||
|
||
if [ -z "$pwhash" ] || [ "$pwhash" = "null" ]; then | ||
exit 1 | ||
fi | ||
|
||
cat <<EOF | ||
{ | ||
"ietf-system:system": { | ||
"authentication": { | ||
"user": [ | ||
{ | ||
"name": "admin", | ||
"password": $pwhash, | ||
"infix-system:shell": "infix-shell-type:clish" | ||
} | ||
] | ||
} | ||
} | ||
} | ||
EOF |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
factorydir = $(pkgdatadir)/factory.d | ||
dist_factory_DATA = 10-authentication.json 10-nacm.json \ | ||
dist_factory_DATA = 10-nacm.json \ | ||
10-netconf-server.json 10-system.json |