petitboot: Enable user separation
Turn on support for unprivileged user accounts in the Petitboot
environment, including setting up a basic non-root user and group.
The implementation also requires using the agetty package rather than
the busybox getty utility, calling the initial pb-console helper on
login rather than directly, and moving some shell init logic from
Petitboot and into a .shrc script.
If no root password is configured in NVRAM or at runtime then this has
no effect aside from some nicer shell behaviour. Once a password is
configured then most actions in Petitboot will require this password and
the shell runs as a normal user.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
diff --git a/openpower/package/petitboot/petitboot.mk b/openpower/package/petitboot/petitboot.mk
index 7e5de91..ac0a298 100644
--- a/openpower/package/petitboot/petitboot.mk
+++ b/openpower/package/petitboot/petitboot.mk
@@ -13,6 +13,7 @@
PETITBOOT_CONF_OPTS += --with-ncurses --without-twin-x11 --without-twin-fbdev \
--localstatedir=/var \
+ --enable-crypt \
HOST_PROG_KEXEC=/usr/sbin/kexec \
HOST_PROG_SHUTDOWN=/usr/libexec/petitboot/bb-kexec-reboot \
$(if $(BR2_PACKAGE_BUSYBOX),--with-tftp=busybox --enable-busybox)
@@ -61,7 +62,11 @@
ln -sf /usr/sbin/pb-udhcpc \
$(TARGET_DIR)/usr/share/udhcpc/default.script.d/
- mkdir -p $(TARGET_DIR)/var/log/petitboot
+ mkdir -p $(TARGET_DIR)/home/petituser
+ $(INSTALL) -D -m 0755 $(BR2_EXTERNAL_OP_BUILD_PATH)/package/petitboot/shell_profile \
+ $(TARGET_DIR)/home/petituser/.profile
+ $(INSTALL) -D -m 0755 $(BR2_EXTERNAL_OP_BUILD_PATH)/package/petitboot/shell_config \
+ $(TARGET_DIR)/home/petituser/.shrc
$(MAKE) -C $(@D)/po DESTDIR=$(TARGET_DIR) install
endef