debugd: Allow autologin on serial console

2025-02-22 07:50:04 -05:00 · 2022-10-11 17:03:49 +02:00 · 2022-10-11 17:03:49 +02:00 · 93801e1786
commit 93801e1786
parent 21617dc7db
3 changed files with 30 additions and 9 deletions
--- a/debugd/cmd/debugd/debugd.go
+++ b/debugd/cmd/debugd/debugd.go
@ -47,7 +47,7 @@ func main() {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()

-	if err := deploy.DeleteUserPassword(ctx, "root"); err != nil {
+	if err := deploy.EnableAutoLogin(ctx, fs, serviceManager); err != nil {
 		log.Errorf("root login: %w")
 	}

--- a/debugd/internal/debugd/constants.go
+++ b/debugd/internal/debugd/constants.go
@ -32,4 +32,8 @@ ExecStart=/run/state/bin/bootstrapper
 [Install]
 WantedBy=multi-user.target
 `
+	GettyAutologinOverrideFilename     = "/run/systemd/system/serial-getty@ttyS0.service.d/autologin.conf"
+	GettyAutologinOverrideUnitContents = `[Service]
+ExecStart=
+ExecStart=-/sbin/agetty -o '-p -f -- \\u' --autologin root --keep-baud 115200,57600,38400,9600 - $TERM`
 )
--- a/debugd/internal/debugd/deploy/seriallogin.go
+++ b/debugd/internal/debugd/deploy/seriallogin.go
@ -9,16 +9,33 @@ package deploy
 import (
 	"context"
 	"fmt"
-	"os/exec"
+	"os"
+	"path"
+
+	"github.com/edgelesssys/constellation/v2/debugd/internal/debugd"
+	"github.com/spf13/afero"
 )

-// DeleteUserPassword sets the user's password to an empty string
-// effectively allowing anyone with access to the serial console to log in.
-func DeleteUserPassword(ctx context.Context, user string) error {
-	cmd := exec.CommandContext(ctx, "passwd", "-d", user)
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("deleting user password: %q %w", output, err)
+// EnableAutoLogin installs a systemd unit override that allows passwordless root login
+// on the serial console.
+func EnableAutoLogin(ctx context.Context, fs afero.Fs, serviceManager serviceManager) error {
+	if err := fs.MkdirAll(path.Dir(debugd.GettyAutologinOverrideFilename), os.ModePerm); err != nil {
+		return fmt.Errorf("creating getty autologin override directory: %w", err)
+	}
+	if err := afero.WriteFile(fs, debugd.GettyAutologinOverrideFilename,
+		[]byte(debugd.GettyAutologinOverrideUnitContents), os.ModePerm); err != nil {
+		return fmt.Errorf("writing getty autologin override unit: %w", err)
+	}
+	if err := serviceManager.SystemdAction(ctx, ServiceManagerRequest{
+		Action: Reload,
+	}); err != nil {
+		return fmt.Errorf("reloading systemd units: %w", err)
+	}
+	if err := serviceManager.SystemdAction(ctx, ServiceManagerRequest{
+		Action: Restart,
+		Unit:   "serial-getty@ttyS0.service",
+	}); err != nil {
+		return fmt.Errorf("restarting getty: %w", err)
 	}
 	return nil
 }