diff --git a/build.sh b/build.sh index e8bd978..85a47a9 100755 --- a/build.sh +++ b/build.sh @@ -317,8 +317,6 @@ export LOG_FILE="${WORK_DIR}/build.log" export TARGET_HOSTNAME=${TARGET_HOSTNAME:-chillcraftos} export FIRST_USER_NAME=${FIRST_USER_NAME:-system} -export FIRST_USER_PASS -export DISABLE_FIRST_BOOT_USER_RENAME=${DISABLE_FIRST_BOOT_USER_RENAME:-0} export FIRST_USER_ISSYSTEM=${FIRST_USER_ISSYSTEM:-true} export WPA_COUNTRY export ENABLE_SSH="${ENABLE_SSH:-0}" @@ -398,17 +396,6 @@ if [[ ! "$FIRST_USER_NAME" =~ ^[a-z][-a-z0-9_]*$ ]]; then exit 1 fi -if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]] && [ -z "${FIRST_USER_PASS}" ]; then - echo "To disable user rename on first boot, FIRST_USER_PASS needs to be set" - echo "Not setting FIRST_USER_PASS makes your system vulnerable and open to cyberattacks" - exit 1 -fi - -if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]]; then - echo "User rename on the first boot is disabled" - echo "Be advised of the security risks linked to shipping a device with default username/password set." -fi - if [[ -n "${APT_PROXY}" ]] && ! curl --silent "${APT_PROXY}" >/dev/null ; then echo "Could not reach APT_PROXY server: ${APT_PROXY}" exit 1 diff --git a/docs/config.md b/docs/config.md index 7fafb8d..68f1e00 100644 --- a/docs/config.md +++ b/docs/config.md @@ -111,22 +111,9 @@ The following environment variables are supported: To get the current value from a running system, look in `/etc/timezone`. - * `FIRST_USER_NAME` (Default: `pi`) + * `FIRST_USER_NAME` (Default: `system`) - Username for the first user. This user only exists during the image creation process. Unless - `DISABLE_FIRST_BOOT_USER_RENAME` is set to `1`, this user will be renamed on the first boot with - a name chosen by the final user. This security feature is designed to prevent shipping images - with a default username and help prevent malicious actors from taking over your devices. - - * `FIRST_USER_PASS` (Default: unset) - - Password for the first user. If unset, the account is locked. - - * `DISABLE_FIRST_BOOT_USER_RENAME` (Default: `0`) - - Disable the renaming of the first user during the first boot. This make it so `FIRST_USER_NAME` - stays activated. `FIRST_USER_PASS` must be set for this to work. Please be aware of the implied - security risk of defining a default username and password for your devices. + Username for the first user. This user only exists during the image creation process. * `WPA_COUNTRY` (Default: unset) diff --git a/export-image/02-set-sources/01-run.sh b/export-image/01-set-sources/01-run.sh similarity index 100% rename from export-image/02-set-sources/01-run.sh rename to export-image/01-set-sources/01-run.sh diff --git a/export-image/01-user-rename/00-packages b/export-image/01-user-rename/00-packages deleted file mode 100644 index 1cde73d..0000000 --- a/export-image/01-user-rename/00-packages +++ /dev/null @@ -1 +0,0 @@ -#userconf-pi diff --git a/export-image/01-user-rename/01-run.sh b/export-image/01-user-rename/01-run.sh deleted file mode 100755 index 7af6c06..0000000 --- a/export-image/01-user-rename/01-run.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -e - -#if [[ "${DISABLE_FIRST_BOOT_USER_RENAME}" == "0" ]]; then -# on_chroot <<- EOF -# SUDO_USER="${FIRST_USER_NAME}" rename-user -f -s -# EOF -#else -# rm -f "${ROOTFS_DIR}/etc/xdg/autostart/piwiz.desktop" -#fi diff --git a/export-image/03-network/01-run.sh b/export-image/02-network/01-run.sh similarity index 100% rename from export-image/03-network/01-run.sh rename to export-image/02-network/01-run.sh diff --git a/export-image/03-network/files/resolv.conf b/export-image/02-network/files/resolv.conf similarity index 100% rename from export-image/03-network/files/resolv.conf rename to export-image/02-network/files/resolv.conf diff --git a/export-image/04-set-partuuid/00-run.sh b/export-image/03-set-partuuid/00-run.sh similarity index 89% rename from export-image/04-set-partuuid/00-run.sh rename to export-image/03-set-partuuid/00-run.sh index 7acbe79..15eb3fd 100755 --- a/export-image/04-set-partuuid/00-run.sh +++ b/export-image/03-set-partuuid/00-run.sh @@ -5,8 +5,8 @@ IMG_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img" IMGID="$(dd if="${IMG_FILE}" skip=440 bs=1 count=4 2>/dev/null | xxd -e | cut -f 2 -d' ')" BOOT_PARTUUID="${IMGID}-01" -ROOT_PARTUUID="${IMGID}-02" -RECOVERY_PARTUUID="${IMGID}-03" +RECOVERY_PARTUUID="${IMGID}-02" +ROOT_PARTUUID="${IMGID}-03" sed -i "s/BOOTDEV/PARTUUID=${BOOT_PARTUUID}/" "${ROOTFS_DIR}/etc/fstab" sed -i "s/ROOTDEV/PARTUUID=${ROOT_PARTUUID}/" "${ROOTFS_DIR}/etc/fstab" diff --git a/export-image/05-finalise/01-run.sh b/export-image/04-finalise/01-run.sh similarity index 100% rename from export-image/05-finalise/01-run.sh rename to export-image/04-finalise/01-run.sh diff --git a/export-image/prerun.sh b/export-image/prerun.sh index 0638796..b1585d1 100755 --- a/export-image/prerun.sh +++ b/export-image/prerun.sh @@ -49,8 +49,8 @@ done ensure_loopdev_partitions "$LOOP_DEV" BOOT_DEV="${LOOP_DEV}p1" -ROOT_DEV="${LOOP_DEV}p2" -RECOVERY_DEV="${LOOP_DEV}p3" +RECOVERY_DEV="${LOOP_DEV}p2" +ROOT_DEV="${LOOP_DEV}p3" ROOT_FEATURES="^huge_file" for FEATURE in 64bit; do diff --git a/export-iso/02-set-sources/01-run.sh b/export-iso/01-set-sources/01-run.sh similarity index 100% rename from export-iso/02-set-sources/01-run.sh rename to export-iso/01-set-sources/01-run.sh diff --git a/export-iso/01-user-rename/00-packages b/export-iso/01-user-rename/00-packages deleted file mode 100644 index 1cde73d..0000000 --- a/export-iso/01-user-rename/00-packages +++ /dev/null @@ -1 +0,0 @@ -#userconf-pi diff --git a/export-iso/01-user-rename/01-run.sh b/export-iso/01-user-rename/01-run.sh deleted file mode 100755 index 7af6c06..0000000 --- a/export-iso/01-user-rename/01-run.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -e - -#if [[ "${DISABLE_FIRST_BOOT_USER_RENAME}" == "0" ]]; then -# on_chroot <<- EOF -# SUDO_USER="${FIRST_USER_NAME}" rename-user -f -s -# EOF -#else -# rm -f "${ROOTFS_DIR}/etc/xdg/autostart/piwiz.desktop" -#fi diff --git a/export-iso/03-network/01-run.sh b/export-iso/02-network/01-run.sh similarity index 100% rename from export-iso/03-network/01-run.sh rename to export-iso/02-network/01-run.sh diff --git a/export-iso/03-network/files/resolv.conf b/export-iso/02-network/files/resolv.conf similarity index 100% rename from export-iso/03-network/files/resolv.conf rename to export-iso/02-network/files/resolv.conf diff --git a/export-iso/04-set-partuuid/00-run.sh b/export-iso/03-set-partuuid/00-run.sh similarity index 100% rename from export-iso/04-set-partuuid/00-run.sh rename to export-iso/03-set-partuuid/00-run.sh diff --git a/export-iso/05-finalise/01-run.sh b/export-iso/04-finalise/01-run.sh similarity index 100% rename from export-iso/05-finalise/01-run.sh rename to export-iso/04-finalise/01-run.sh diff --git a/export-iso/prerun.sh b/export-iso/prerun.sh index 79e6f99..5211459 100755 --- a/export-iso/prerun.sh +++ b/export-iso/prerun.sh @@ -21,7 +21,7 @@ ROOT_PART_START=$((BOOT_PART_START + BOOT_PART_SIZE)) ROOT_PART_SIZE=$(((ROOT_SIZE + ROOT_MARGIN + ALIGN - 1) / ALIGN * ALIGN)) RECOVERY_PART_START=$((ROOT_PART_START + ROOT_PART_SIZE)) RECOVERY_PART_SIZE=$(((RECOVERY_SIZE + ALIGN - 1) / ALIGN * ALIGN)) -IMG_SIZE=$((RECOVERY_PART_START + RECOVERY_PART_SIZE)) +IMG_SIZE=$((BOOT_PART_START + BOOT_PART_SIZE + ROOT_PART_SIZE + RECOVERY_PART_SIZE)) # Create raw image truncate -s "${IMG_SIZE}" "${IMG_FILE}" diff --git a/stage1/01-sys-tweaks/00-run.sh b/stage1/01-sys-tweaks/00-run.sh index 686161b..e9e4b8b 100755 --- a/stage1/01-sys-tweaks/00-run.sh +++ b/stage1/01-sys-tweaks/00-run.sh @@ -14,8 +14,5 @@ if ! id -u ${FIRST_USER_NAME} >/dev/null 2>&1; then fi fi -if [ -n "${FIRST_USER_PASS}" ]; then - echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd -fi echo "root:root" | chpasswd EOF