[LEDE-DEV] Makefile question

Philip Prindeville philipp_subx at redfish-solutions.com
Sat Feb 11 19:24:51 PST 2017 

> On Feb 10, 2017, at 10:33 PM, David Lang <david at lang.hm> wrote:
> 
> On Fri, 10 Feb 2017, Philip Prindeville wrote:
> 
>> Hi.
>> 
>> I was wondering if there’s an obvious place to install a hook that’s:
>> 
>> (a) after all the packages have been installed;
>> (b) before the root filesystem image gets finalized;
>> 
>> I’d like to be able to run some simple sed scripts inside the root-to-be directory to make some changes, maybe do an rm etc/rc.d/S??sshd so that the sshd service is installed but isn’t enabled by default, maybe inject a new root password or create an extra user login, etc.
>> 
>> That sort of thing.
>> 
>> I looked around through the makefiles but nothing stood out.
>> 
>> Should be easy, right?
> 
> some of what you are talking about can be done by putting the replacement files in the /files heirarchy and they will replace the files created by the packages.


I thought about using files/ but here’s the problem.  Some of the packages that provide config files are quite length and change fairly often, so I don’t want to have to keep updating my copy of the file with my changes.

For example, /etc/LCDd.conf from lcdproc is about 1400 lines… yet I only need 9 lines changed to do what I need.

Other examples?  /etc/ssh/sshd_config is 136 lines long, but I only need 2 lines changed (turning off password logins, and forcing people to use Protocol v2 exclusively).  And that’s a file that changed whenever an CVE comes out, for instance when a cipher is found to be weaker than originally thought, etc.


> 
> This can't eliminate the /etc/rc.d/S* files as it only adds files, and it's not as flexibile as adding a user or changing a password (as it would just let you replace the /etc/passwd, /etc/shadow files, not modify them).
> 
> If you look for where the /files/* are copied into the filesystem, that is probably the place you would want to add your scripting hooks.

Good idea.  I’ll look there.

Thanks

> 
> David Lang_______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

More information about the Lede-dev mailing list