Preparing A Bootable Image
Note
These are only random notes!
Some of it might become relevant once we generate OS images, using Yocto maybe.
Adding User endless
For ages, the Pi OS came with user pi, and a well-known password
raspberry. If SSH access is configured, that user can login from
the net. This has been recognized as a major security flaw (to put it
mildly), especially as Raspberries tend to be opened up to the
internet by inexperienced users. http://rptl.io/newuser explains the
security implications, and describes how to create a dedicated user on
a running Pi.
Booting a Pi to create a user is inadequate if we want to create images automatically. Here’s how to create a user in an image without ever booting it [1].
Create user’s own primary group
Add the following line to
<rootfs-mountpoint>/etc/group,endless:x:1500
Create user
Add the following to
<rootfs-mountpoint>/etc/passwdendless:x:1500:1500:Endless User:/home/endless:/bin/bash
Add user to
sudogroupModify the
sudogroup record to contain theendlessuser,sudo:x:27:pi,endless
Create home directory
# mkdir <rootfs-mountpoint>/home/endless # chown 1500:1500 <rootfs-mountpoint>/home/endless
Create a password (the
opensslpackage needs to be installed),$ echo 'the-end1e$$-pa$$w0rd' | openssl passwd -6 -stdin $6$dgYaCZyRr1ikyqTM$xdSxOKCHRSryOdVMs18vZMHEtfSlDv.KO3BJTfV7DSLdNz62M5JUW6hEUqhlm2uAu8IZKeio81sZDeG7u7byw0
Note
This is a proof of concept. If you want to be serious, choose another password :-)
Add the following line to
<rootfs-mountpoint>/etc/shadowendless:$6$dgYaCZyRr1ikyqTM$xdSxOKCHRSryOdVMs18vZMHEtfSlDv.KO3BJTfV7DSLdNz62M5JUW6hEUqhlm2uAu8IZKeio81sZDeG7u7byw0:19734:0:99999:7:::
Starting SSH At Boot
Create a file <rootfs-mountpoint>/ssh.
Footnotes
Configure CAN Controller
In <bootfs-mountpoint>/firmware/config.txt, add the following lines,
dtparam=spi=on
dtoverlay=mcp2515-can0,oscillator=12000000,interrupt=25,spimaxfrequency=2000000