From 91b584dfd24846d9aaa455bfa33a2882364189e4 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 15 Nov 2025 13:05:37 -0600 Subject: [PATCH] utils: Add option to run root shell on console Until I develop a captive portal-based mechanism for initially configuring the WiFi on Raspberry Pi machines, the easiest way to do initial provisioning is using the CLI via the serial console. Since the root account has no password, and I don't want to have to specify one in downstream projects' configurations, I've added a configuration option to enable automatically launching a root shell connected to the serial console instead of a login prompt. The security risks here are pretty minimal, because someone would need phyiscal access to the device in order to use this shell, in which case they could use any number of other methods to get control of the system. --- configs/aimeeos_qemu_aarch64_defconfig | 2 +- package/aimee-os-utils/Config.in | 22 ++++++++++++++++++ package/aimee-os-utils/aimee-os-utils.mk | 16 +++++++++++++ package/aimee-os-utils/root-shell@.service | 26 ++++++++++++++++++++++ 4 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 package/aimee-os-utils/root-shell@.service diff --git a/configs/aimeeos_qemu_aarch64_defconfig b/configs/aimeeos_qemu_aarch64_defconfig index 166cf7d..acb3d79 100644 --- a/configs/aimeeos_qemu_aarch64_defconfig +++ b/configs/aimeeos_qemu_aarch64_defconfig @@ -11,4 +11,4 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y # BR2_PACKAGE_BUSYBOX is not set # BR2_TARGET_ROOTFS_TAR is not set AIMEEOS=y -AIMEEOS_DEFAULT_ROOTFLAGS="systemd.mask=serial-getty@ttyAMA0 systemd.debug_shell systemd.default_debug_tty=ttyAMA0" +BR2_PACKAGE_AIMEE_OS_ROOT_SHELL=y diff --git a/package/aimee-os-utils/Config.in b/package/aimee-os-utils/Config.in index 04027ff..8837c2c 100644 --- a/package/aimee-os-utils/Config.in +++ b/package/aimee-os-utils/Config.in @@ -8,3 +8,25 @@ config BR2_PACKAGE_AIMEE_OS_UTILS select BR2_PACKAGE_UTIL_LINUX_SWITCH_ROOT select BR2_PACKAGE_WGET select BR2_TARGET_GRUB2_INSTALL_TOOLS + +if BR2_PACKAGE_AIMEE_OS_UTILS + +config AIMEE_OS_ROOT_SHELL + bool "Spawn a root shell on the serial console by default" + help + With this option enabled, the system will boot up normally, with + a root shell connected to the default serial console. This is + useful for initial provisioning and troubleshooting. + +if AIMEE_OS_ROOT_SHELL + +config AIMEE_OS_ROOT_SHELL_CONSOLE + string "Console name" + default ttyAMA0 + help + Name of the console device where the root shell will be spawned. + Do not include the /dev prefix + +endif + +endif diff --git a/package/aimee-os-utils/aimee-os-utils.mk b/package/aimee-os-utils/aimee-os-utils.mk index 01edf84..f00373c 100644 --- a/package/aimee-os-utils/aimee-os-utils.mk +++ b/package/aimee-os-utils/aimee-os-utils.mk @@ -28,4 +28,20 @@ define AIMEE_OS_UTILS_INSTALL_INIT_SYSTEMD $(TARGET_DIR)/usr/lib/systemd/network/90-default.network endef +define AIMEE_OS_UTILS_ROOT_SHELL_INSTALL + +$(INSTALL) -D -m u=rw,go=r \ + $(AIMEE_OS_UTILS_PKGDIR)/root-shell@.service \ + $(TARGET_DIR)/usr/lib/systemd/system/root-shell@.service +$(INSTALL) -d -m u=rwx,go=rx \ + $(TARGET_DIR)/usr/lib/systemd/system-preset +printf 'enable root-shell@.service %s\n' \ + $(AIMEE_OS_ROOT_SHELL_CONSOLE) \ + > $(TARGET_DIR)/usr/lib/systemd/system-preset/50-root-shell.preset +endef + +ifeq ($(AIMEE_OS_ROOT_SHELL),y) +AIMEE_OS_UTILS_INSTALL_INIT_SYSTEMD += $(AIMEE_OS_UTILS_ROOT_SHELL_INSTALL) +endif + $(eval $(generic-package)) diff --git a/package/aimee-os-utils/root-shell@.service b/package/aimee-os-utils/root-shell@.service new file mode 100644 index 0000000..f1c1776 --- /dev/null +++ b/package/aimee-os-utils/root-shell@.service @@ -0,0 +1,26 @@ +[Unit] +Description=root shell on %I +After=sshd.service +Conflicts=shutdown.target +Conflicts=getty@%i.service serial-getty@%i.service + +[Service] +Type=idle +Environment=TERM=linux +ExecStart=/bin/sh +Restart=always +RestartSec=0 +StandardInput=tty +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +KillMode=process +IgnoreSIGPIPE=no +KillSignal=SIGHUP + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION + +[Install] +WantedBy=multi-user.target