diff --git a/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-is-password-set-by-default b/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-is-password-set-by-default new file mode 100644 index 000000000..25aecd657 --- /dev/null +++ b/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-is-password-set-by-default @@ -0,0 +1,28 @@ +#!/bin/sh + +if [ "$1" = "-h" ]; then + echo "usage: $0" + echo + echo "After April 2024 all product are shipped with the BlueTooth PIN as" + echo "default password, this wasn't the case before that." + echo + echo "Returns if the product left the factory with the PIN as password," + echo "which can e.g. be used to restore a product to its default factory state." + echo + echo "example:" + echo + echo " if ve-is-password-set-by-default; then" + echo " There was a unique password set by default and it should be restored for factory default" + echo " else:" + echo " The product left the factory without a default unique password, and the user is" + echo " expected to set one first if a password is required or disable the password check." +fi + +installer_version="$(sed -n '3p' /data/venus/installer-version 2>/dev/null)" + +if [ ${installer_version:-0} -ge 20240405000000 ]; then + exit 0 +else + exit 1 +fi + diff --git a/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-password-as-in-factory b/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-password-as-in-factory new file mode 100644 index 000000000..98230f488 --- /dev/null +++ b/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-password-as-in-factory @@ -0,0 +1,19 @@ +#!/bin/sh + +if [ "$1" = "-h" ]; then + echo "usage: $0" + echo + echo "Simple helper to set a password back to how it was after it left the factory" + echo "if there is currently none set. If it left the factory without a default password," + echo "this script does nothing, since there is no default password already. If it left" + echo "the factory with the BlueTooth PIN code as password that will be restored" + echo + echo "The intended usage is that after running a factory default script, i.o.w removing" + echo "most of /data, this script will be called to restore the default password to" + echo "factory default. Which migh be the PIN code or none at all." +fi + +if [ ! -f /data/conf/vncpassword.txt ] && ve-is-password-set-by-default; then + ve-set-passwd-to-pincode +fi + diff --git a/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-set-passwd-to-pincode b/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-set-passwd-to-pincode new file mode 100644 index 000000000..2db2703b4 --- /dev/null +++ b/meta-bsp/recipes-bsp/machine-runtime-conf/files/ve-set-passwd-to-pincode @@ -0,0 +1,44 @@ +#!/usr/bin/python3 + +import argparse +import bcrypt +import glob +import os +import subprocess + +from datetime import datetime + +parser = argparse.ArgumentParser( + description='Set the default password to the BlueTooth pincode as read from the EEPROM.', + epilog='Victron Energy B.V.' + ) +parser.add_argument('--allow-default', action='store_true', help='Assume a default 000000 pincode if reading from the EEPROM failed'); + +args = parser.parse_args() + +pin = "000000" +try: + pin = subprocess.check_output(['/opt/victronenergy/venus-eeprom/eeprom', '--show', 'bluetooth-pin'], encoding="utf-8").strip() +except: + if not args.allow_default: + print("Reading the pincode from the EEPROM failed, giving up!", file=sys.stderr) + os.exit(1) + pass + +# Check randomness, since this might run during boot. +hash = bcrypt.hashpw(pin.encode('utf-8'), bcrypt.gensalt(prefix=b"2a", rounds=8)) + +# syncs -> make sure it is actually on the storage medium, so it is still there if power is cut. +passwd_file = "/data/conf/vncpassword.txt" +with open(passwd_file + ".tmp", "w") as f: + f.write(hash.decode('utf-8')) + f.flush() + os.fsync(f.fileno()) + +os.rename(passwd_file + ".tmp", passwd_file); + +dst_dir = os.path.dirname(passwd_file) +fd = os.open(dst_dir, 0) +os.fsync(fd) +os.close(fd) + diff --git a/meta-bsp/recipes-bsp/machine-runtime-conf/machine-runtime-conf_0.3.bb b/meta-bsp/recipes-bsp/machine-runtime-conf/machine-runtime-conf_0.3.bb index dec8f106f..70378c650 100644 --- a/meta-bsp/recipes-bsp/machine-runtime-conf/machine-runtime-conf_0.3.bb +++ b/meta-bsp/recipes-bsp/machine-runtime-conf/machine-runtime-conf_0.3.bb @@ -16,6 +16,9 @@ SRC_URI += " \ file://product-id \ file://product-name \ file://machine-conf.sh \ + file://ve-is-password-set-by-default \ + file://ve-password-as-in-factory \ + file://ve-set-passwd-to-pincode \ " SRC_URI:append:ccgx = " file://get-unique-id.c" SRC_URI:append:sunxi = "\ @@ -26,7 +29,7 @@ SRC_URI:append:sunxi = "\ inherit update-rc.d -RDEPENDS:${PN} += "bash" +RDEPENDS:${PN} += "bash python3-core" INITSCRIPT_NAME = "machine-conf.sh" INITSCRIPT_PARAMS = "start 90 S ." @@ -79,6 +82,9 @@ do_install:append() { install -d ${D}/${base_sbindir} install -m 755 ${WORKDIR}/get-unique-id ${D}/${base_sbindir} + install -m 755 ${WORKDIR}/ve-is-password-set-by-default ${D}/${base_sbindir} + install -m 755 ${WORKDIR}/ve-password-as-in-factory ${D}/${base_sbindir} + install -m 755 ${WORKDIR}/ve-set-passwd-to-pincode ${D}/${base_sbindir} install -d ${D}/${bindir} install -m 755 ${WORKDIR}/bad-unique-id ${D}/${bindir}