| #!/bin/bash |
| |
| # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Customizes a Chrome OS release image by setting the chronos user password. |
| |
| # Usage: ./set_chronos_password.sh <image.bin> <chronos_password> [--force] |
| |
| # Load common constants and variables. |
| . "$(dirname "$0")/common.sh" |
| |
| change_chronos_password() { |
| local rootfs=$1 |
| local password=$2 |
| echo "Setting chronos password..." |
| local crypted_password="$(echo $password | openssl passwd -1 -stdin)" |
| local temp_shadow="$rootfs/etc/tempshadow" |
| echo "chronos:$crypted_password:14500:0:99999::::" \ |
| | sudo tee "$temp_shadow" > /dev/null |
| sudo grep -Ev ^chronos: "$rootfs/etc/shadow" \ |
| | sudo tee -a "$temp_shadow" > /dev/null |
| sudo mv -f "$temp_shadow" "$rootfs/etc/shadow" |
| } |
| |
| main() { |
| set -e |
| |
| local image=$1 |
| local chronos_password=$2 |
| if [ $# -ne 2 ] && [ $# -ne 3 ] || [ ! $3 = "--force" ] ; then |
| echo "Usage: $PROG <image.bin> <chronos_password> [--force]" |
| exit 1 |
| fi |
| |
| local loopdev=$(loopback_partscan "${image}") |
| local rootfs=$(make_temp_dir) |
| if [ $# -eq 2 ]; then |
| mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" |
| if ! no_chronos_password "$rootfs"; then |
| echo "Password is already set [use --force if you'd like to update it]" |
| exit 1 |
| fi |
| # Prepare for remounting read/write. We can't use `mount -o rw,remount` |
| # because of the bits in the ext4 header we've set to block that. See |
| # enable_rw_mount for details. |
| sudo umount "${rootfs}" |
| fi |
| mount_loop_image_partition "${loopdev}" 3 "${rootfs}" |
| change_chronos_password "$rootfs" "$chronos_password" |
| touch "$image" # Updates the image modification time. |
| echo "Password Set." |
| } |
| |
| main $@ |
