mirror of
https://github.com/apache/nuttx.git
synced 2026-05-20 12:33:27 +08:00
Abhishek Mishra
ab6b1fd6f9
Introduce mkpasswd, a pure-C host tool for generating encrypted password
files at build time using TEA encryption. This enables secure,
credential-free firmware images while allowing build-time password
configuration.
Changes:
* Add mkpasswd.c host tool for TEA-based password hashing and encryption
* Integrate mkpasswd into Make build system (tools/Makefile.host)
* Add CMake support for mkpasswd compilation and ROMFS passwd generation
* Add CONFIG_BOARD_ETC_ROMFS_PASSWD_* configuration options to Kconfig
* Implement credential exclusion from defconfig to prevent password leaking
* Update savedefconfig.cmake to strip sensitive credentials
* Fix mkdir() portability for Windows Native builds (CONFIG_WINDOWS_NATIVE)
* Change default username from "admin" to "root" (POSIX convention)
* Improve build-failure error message with full menuconfig navigation path
BREAKING CHANGE: Boards enabling CONFIG_BOARD_ETC_ROMFS_PASSWD_ENABLE
must set CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD to a non-empty string
of at least 8 characters. The build now fails with an explicit error if
this config is left empty. To fix: run 'make menuconfig' and navigate to:
Board Selection --->
Auto-generate /etc/passwd at build time --->
Admin password
Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
137 lines
5.0 KiB
Makefile
137 lines
5.0 KiB
Makefile
############################################################################
|
|
# boards/Board.mk
|
|
#
|
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership. The
|
|
# ASF licenses this file to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance with the
|
|
# License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
############################################################################
|
|
|
|
ifneq ($(RCSRCS)$(RCRAWS),)
|
|
ETCDIR := etctmp
|
|
ETCSRC := $(ETCDIR:%=%.c)
|
|
|
|
CSRCS += $(ETCSRC)
|
|
|
|
RCOBJS = $(RCSRCS:%=$(ETCDIR)$(DELIM)%)
|
|
|
|
$(RCOBJS): $(ETCDIR)$(DELIM)%: %
|
|
$(Q) mkdir -p $(dir $@)
|
|
$(call PREPROCESS, $<, $@)
|
|
|
|
$(ETCSRC): $(foreach raw,$(RCRAWS), $(if $(wildcard $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw)), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw), $(if $(wildcard $(BOARD_COMMON_DIR)$(DELIM)$(raw)), $(BOARD_COMMON_DIR)$(DELIM)$(raw), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw)))) $(RCOBJS) $(TOPDIR)$(DELIM).config
|
|
$(foreach raw, $(RCRAWS), \
|
|
$(shell rm -rf $(ETCDIR)$(DELIM)$(raw)) \
|
|
$(shell mkdir -p $(dir $(ETCDIR)$(DELIM)$(raw))) \
|
|
$(shell cp -rfp $(if $(wildcard $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw)), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw), $(if $(wildcard $(BOARD_COMMON_DIR)$(DELIM)$(raw)), $(BOARD_COMMON_DIR)$(DELIM)$(raw), $(BOARD_DIR)$(DELIM)src$(DELIM)$(raw))) $(ETCDIR)$(DELIM)$(raw)))
|
|
ifeq ($(CONFIG_BOARD_ETC_ROMFS_PASSWD_ENABLE),y)
|
|
ifeq ($(strip $(patsubst "%",%,$(CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD))),)
|
|
$(error CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD must be set when BOARD_ETC_ROMFS_PASSWD_ENABLE is enabled. Run 'make menuconfig' and select a password at: Board Selection ---> Auto-generate /etc/passwd at build time ---> Admin password)
|
|
endif
|
|
$(Q) mkdir -p $(ETCDIR)$(DELIM)$(CONFIG_ETC_ROMFSMOUNTPT)
|
|
$(Q) $(TOPDIR)$(DELIM)tools$(DELIM)mkpasswd$(HOSTEXEEXT) \
|
|
--user $(CONFIG_BOARD_ETC_ROMFS_PASSWD_USER) \
|
|
--password $(CONFIG_BOARD_ETC_ROMFS_PASSWD_PASSWORD) \
|
|
--uid $(CONFIG_BOARD_ETC_ROMFS_PASSWD_UID) \
|
|
--gid $(CONFIG_BOARD_ETC_ROMFS_PASSWD_GID) \
|
|
--home $(CONFIG_BOARD_ETC_ROMFS_PASSWD_HOME) \
|
|
$(if $(CONFIG_FSUTILS_PASSWD_KEY1),--key1 $(CONFIG_FSUTILS_PASSWD_KEY1)) \
|
|
$(if $(CONFIG_FSUTILS_PASSWD_KEY2),--key2 $(CONFIG_FSUTILS_PASSWD_KEY2)) \
|
|
$(if $(CONFIG_FSUTILS_PASSWD_KEY3),--key3 $(CONFIG_FSUTILS_PASSWD_KEY3)) \
|
|
$(if $(CONFIG_FSUTILS_PASSWD_KEY4),--key4 $(CONFIG_FSUTILS_PASSWD_KEY4)) \
|
|
-o $(ETCDIR)$(DELIM)$(CONFIG_ETC_ROMFSMOUNTPT)$(DELIM)passwd
|
|
endif
|
|
$(Q) genromfs -f romfs.img -d $(ETCDIR)$(DELIM)$(CONFIG_ETC_ROMFSMOUNTPT) -V "NSHInitVol"
|
|
$(Q) echo "#include <nuttx/compiler.h>" > $@
|
|
$(Q) xxd -i romfs.img | sed -e "s/^unsigned char/const unsigned char aligned_data(4)/g" >> $@
|
|
$(Q) rm romfs.img
|
|
endif
|
|
|
|
ifneq ($(ZDSVERSION),)
|
|
AOBJS = $(ASRCS:.S=$(OBJEXT))
|
|
else
|
|
AOBJS = $(ASRCS:$(ASMEXT)=$(OBJEXT))
|
|
endif
|
|
COBJS = $(CSRCS:.c=$(OBJEXT))
|
|
CXXOBJS = $(CXXSRCS:.cxx=$(OBJEXT))
|
|
|
|
SRCS = $(ASRCS) $(CSRCS)
|
|
OBJS = $(AOBJS) $(COBJS)
|
|
|
|
SCHEDSRCDIR = $(TOPDIR)$(DELIM)sched
|
|
ARCHSRCDIR = $(TOPDIR)$(DELIM)arch$(DELIM)$(CONFIG_ARCH)$(DELIM)src
|
|
ifneq ($(CONFIG_ARCH_FAMILY),)
|
|
ARCH_FAMILY = $(patsubst "%",%,$(CONFIG_ARCH_FAMILY))
|
|
endif
|
|
|
|
CFLAGS += ${INCDIR_PREFIX}"$(SCHEDSRCDIR)"
|
|
CFLAGS += ${INCDIR_PREFIX}"$(ARCHSRCDIR)$(DELIM)chip"
|
|
ifneq ($(CONFIG_ARCH_SIM),y)
|
|
CFLAGS += ${INCDIR_PREFIX}"$(ARCHSRCDIR)$(DELIM)common"
|
|
endif
|
|
ifneq ($(ARCH_FAMILY),)
|
|
CFLAGS += ${INCDIR_PREFIX}"$(ARCHSRCDIR)$(DELIM)$(ARCH_FAMILY)"
|
|
endif
|
|
|
|
all: libboard$(LIBEXT)
|
|
|
|
ifneq ($(ZDSVERSION),)
|
|
$(ASRCS) $(HEAD_ASRC): %$(ASMEXT): %.S
|
|
$(Q) $(CPP) $(CPPFLAGS) $(call CONVERT_PATH,$<) -o $@.tmp
|
|
$(Q) cat $@.tmp | sed -e "s/^#/;/g" > $@
|
|
$(Q) rm $@.tmp
|
|
endif
|
|
|
|
$(AOBJS): %$(OBJEXT): %$(ASMEXT)
|
|
$(call ASSEMBLE, $<, $@)
|
|
|
|
$(COBJS) $(LINKOBJS): %$(OBJEXT): %.c
|
|
$(call COMPILE, $<, $@)
|
|
|
|
$(CXXOBJS) $(LINKOBJS): %$(OBJEXT): %.cxx
|
|
$(call COMPILEXX, $<, $@)
|
|
|
|
libboard$(LIBEXT): $(OBJS) $(CXXOBJS)
|
|
$(call ARCHIVE, $@, $(OBJS) $(CXXOBJS))
|
|
|
|
.depend: Makefile $(SRCS) $(CXXSRCS) $(RCSRCS) $(TOPDIR)$(DELIM).config
|
|
ifneq ($(ZDSVERSION),)
|
|
$(Q) $(MKDEP) $(DEPPATH) "$(CC)" -- $(CFLAGS) -- $(SRCS) >Make.dep
|
|
else
|
|
$(Q) $(MKDEP) $(DEPPATH) $(CC) -- $(CFLAGS) -- $(SRCS) >Make.dep
|
|
endif
|
|
ifneq ($(CXXSRCS),)
|
|
$(Q) $(MKDEP) $(DEPPATH) "$(CXX)" -- $(CXXFLAGS) -- $(CXXSRCS) >>Make.dep
|
|
endif
|
|
ifneq ($(RCSRCS),)
|
|
$(Q) $(MKDEP) $(DEPPATH) "$(CPP)" --obj-path . -- $(CPPFLAGS) -- $(RCSRCS) >>Make.dep
|
|
endif
|
|
$(Q) touch $@
|
|
|
|
depend: .depend
|
|
|
|
context::
|
|
|
|
clean::
|
|
$(call DELFILE, libboard$(LIBEXT))
|
|
$(call DELFILE, $(ETCSRC))
|
|
$(call DELDIR, $(ETCDIR))
|
|
$(call CLEAN)
|
|
|
|
distclean:: clean
|
|
$(call DELFILE, Make.dep)
|
|
$(call DELFILE, .depend)
|
|
|
|
-include Make.dep
|