Added OctoPrint user, improved security, fixed GUI
Added OctoPrint user to run OctoPrint daemon (not implemented yet) Really removed LightDM Fixed OctoPrint not building
This commit is contained in:
parent
b94d01cea2
commit
d96d6ee980
7 changed files with 14 additions and 172 deletions
|
@ -56,6 +56,9 @@ disable_overscan=1
|
||||||
# Enable audio (loads snd_bcm2835)
|
# Enable audio (loads snd_bcm2835)
|
||||||
dtparam=audio=on
|
dtparam=audio=on
|
||||||
|
|
||||||
|
# Memory split
|
||||||
|
gpu_mem=128
|
||||||
|
|
||||||
[pi4]
|
[pi4]
|
||||||
# Enable DRM VC4 V3D driver on top of the dispmanx display stack
|
# Enable DRM VC4 V3D driver on top of the dispmanx display stack
|
||||||
dtoverlay=vc4-fkms-v3d
|
dtoverlay=vc4-fkms-v3d
|
||||||
|
@ -63,3 +66,4 @@ max_framebuffers=2
|
||||||
|
|
||||||
[all]
|
[all]
|
||||||
#dtoverlay=vc4-fkms-v3d
|
#dtoverlay=vc4-fkms-v3d
|
||||||
|
|
||||||
|
|
|
@ -11,8 +11,8 @@ on_chroot << EOF
|
||||||
if ! id -u ${FIRST_USER_NAME} >/dev/null 2>&1; then
|
if ! id -u ${FIRST_USER_NAME} >/dev/null 2>&1; then
|
||||||
adduser --disabled-password --gecos "" ${FIRST_USER_NAME}
|
adduser --disabled-password --gecos "" ${FIRST_USER_NAME}
|
||||||
fi
|
fi
|
||||||
|
adduser --disabled-password --gecos "" octoprint
|
||||||
echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd
|
echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd
|
||||||
echo "root:root" | chpasswd
|
echo "octoprint:$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c20)" | chpasswd
|
||||||
|
echo "root:$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c20)" | chpasswd
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -40,9 +40,12 @@ on_chroot <<EOF
|
||||||
for GRP in input spi i2c gpio; do
|
for GRP in input spi i2c gpio; do
|
||||||
groupadd -f -r "\$GRP"
|
groupadd -f -r "\$GRP"
|
||||||
done
|
done
|
||||||
for GRP in adm dialout tty cdrom audio users sudo video games plugdev input gpio spi i2c netdev; do
|
for GRP in adm cdrom audio users sudo video games plugdev input gpio spi i2c netdev; do
|
||||||
adduser $FIRST_USER_NAME \$GRP
|
adduser $FIRST_USER_NAME \$GRP
|
||||||
done
|
done
|
||||||
|
for GRP in dialout plugdev video users; do
|
||||||
|
adduser octoprint \$GRP
|
||||||
|
done
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
on_chroot << EOF
|
on_chroot << EOF
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash -e
|
#!/bin/bash -e
|
||||||
|
|
||||||
if [ -d /home/${FIRST_USER_NAME} ];
|
if [ -d /home/octoprint ];
|
||||||
cd /home/${FIRST_USER_NAME} || exit 1
|
cd /home/octoprint || exit 1
|
||||||
mkdir OctoPrint || exit 1
|
mkdir OctoPrint || exit 1
|
||||||
cd OctoPrint || exit 1
|
cd OctoPrint || exit 1
|
||||||
virtualenv venv || exit 1
|
virtualenv venv || exit 1
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/bash -e
|
#!/bin/bash -e
|
||||||
|
|
||||||
install -m 644 files/nodm.conf /etc/nodm.conf
|
echo -n -e "NODM_USER=${FIRST_USER_NAME}\nNODM_XSESSION=/home/${FIRST_USER_NAME}/.xinitrc" > /etc/nodm.conf
|
||||||
|
|
||||||
on_chroot << EOF
|
on_chroot << EOF
|
||||||
update-alternatives --install /usr/bin/x-www-browser \
|
update-alternatives --install /usr/bin/x-www-browser \
|
||||||
|
|
|
@ -2,4 +2,3 @@
|
||||||
|
|
||||||
#rm -f "${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d/wait.conf"
|
#rm -f "${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d/wait.conf"
|
||||||
|
|
||||||
install -m 644 files/lightdm.conf "${ROOTFS_DIR}/etc/lightdm/lightdm.conf"
|
|
||||||
|
|
|
@ -1,164 +0,0 @@
|
||||||
#
|
|
||||||
# General configuration
|
|
||||||
#
|
|
||||||
# start-default-seat = True to always start one seat if none are defined in the configuration
|
|
||||||
# greeter-user = User to run greeter as
|
|
||||||
# minimum-display-number = Minimum display number to use for X servers
|
|
||||||
# minimum-vt = First VT to run displays on
|
|
||||||
# lock-memory = True to prevent memory from being paged to disk
|
|
||||||
# user-authority-in-system-dir = True if session authority should be in the system location
|
|
||||||
# guest-account-script = Script to be run to setup guest account
|
|
||||||
# logind-check-graphical = True to on start seats that are marked as graphical by logind
|
|
||||||
# log-directory = Directory to log information to
|
|
||||||
# run-directory = Directory to put running state in
|
|
||||||
# cache-directory = Directory to cache to
|
|
||||||
# sessions-directory = Directory to find sessions
|
|
||||||
# remote-sessions-directory = Directory to find remote sessions
|
|
||||||
# greeters-directory = Directory to find greeters
|
|
||||||
# backup-logs = True to move add a .old suffix to old log files when opening new ones
|
|
||||||
# dbus-service = True if LightDM provides a D-Bus service to control it
|
|
||||||
#
|
|
||||||
[LightDM]
|
|
||||||
#start-default-seat=true
|
|
||||||
#greeter-user=lightdm
|
|
||||||
#minimum-display-number=0
|
|
||||||
#minimum-vt=7 # Setting this to a value < 7 implies security issues, see FS#46799
|
|
||||||
#lock-memory=true
|
|
||||||
#user-authority-in-system-dir=false
|
|
||||||
#guest-account-script=guest-account
|
|
||||||
#logind-check-graphical=false
|
|
||||||
#log-directory=/var/log/lightdm
|
|
||||||
run-directory=/run/lightdm
|
|
||||||
#cache-directory=/var/cache/lightdm
|
|
||||||
#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
|
|
||||||
#remote-sessions-directory=/usr/share/lightdm/remote-sessions
|
|
||||||
#greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters
|
|
||||||
#backup-logs=true
|
|
||||||
#dbus-service=true
|
|
||||||
|
|
||||||
#
|
|
||||||
# Seat configuration
|
|
||||||
#
|
|
||||||
# Seat configuration is matched against the seat name glob in the section, for example:
|
|
||||||
# [Seat:*] matches all seats and is applied first.
|
|
||||||
# [Seat:seat0] matches the seat named "seat0".
|
|
||||||
# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client".
|
|
||||||
#
|
|
||||||
# type = Seat type (local, xremote)
|
|
||||||
# pam-service = PAM service to use for login
|
|
||||||
# pam-autologin-service = PAM service to use for autologin
|
|
||||||
# pam-greeter-service = PAM service to use for greeters
|
|
||||||
# xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
|
|
||||||
# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option)
|
|
||||||
# xserver-config = Config file to pass to X server
|
|
||||||
# xserver-layout = Layout to pass to X server
|
|
||||||
# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
|
|
||||||
# xserver-share = True if the X server is shared for both greeter and session
|
|
||||||
# xserver-hostname = Hostname of X server (only for type=xremote)
|
|
||||||
# xserver-display-number = Display number of X server (only for type=xremote)
|
|
||||||
# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
|
|
||||||
# xdmcp-port = XDMCP UDP/IP port to communicate on
|
|
||||||
# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
|
|
||||||
# greeter-session = Session to load for greeter
|
|
||||||
# greeter-hide-users = True to hide the user list
|
|
||||||
# greeter-allow-guest = True if the greeter should show a guest login option
|
|
||||||
# greeter-show-manual-login = True if the greeter should offer a manual login option
|
|
||||||
# greeter-show-remote-login = True if the greeter should offer a remote login option
|
|
||||||
# user-session = Session to load for users
|
|
||||||
# allow-user-switching = True if allowed to switch users
|
|
||||||
# allow-guest = True if guest login is allowed
|
|
||||||
# guest-session = Session to load for guests (overrides user-session)
|
|
||||||
# session-wrapper = Wrapper script to run session with
|
|
||||||
# greeter-wrapper = Wrapper script to run greeter with
|
|
||||||
# guest-wrapper = Wrapper script to run guest sessions with
|
|
||||||
# display-setup-script = Script to run when starting a greeter session (runs as root)
|
|
||||||
# display-stopped-script = Script to run after stopping the display server (runs as root)
|
|
||||||
# greeter-setup-script = Script to run when starting a greeter (runs as root)
|
|
||||||
# session-setup-script = Script to run when starting a user session (runs as root)
|
|
||||||
# session-cleanup-script = Script to run when quitting a user session (runs as root)
|
|
||||||
# autologin-guest = True to log in as guest by default
|
|
||||||
# autologin-user = User to log in with by default (overrides autologin-guest)
|
|
||||||
# autologin-user-timeout = Number of seconds to wait before loading default user
|
|
||||||
# autologin-session = Session to load for automatic login (overrides user-session)
|
|
||||||
# autologin-in-background = True if autologin session should not be immediately activated
|
|
||||||
# exit-on-failure = True if the daemon should exit if this seat fails
|
|
||||||
#
|
|
||||||
[Seat:*]
|
|
||||||
#type=local
|
|
||||||
#pam-service=lightdm
|
|
||||||
#pam-autologin-service=lightdm-autologin
|
|
||||||
#pam-greeter-service=lightdm-greeter
|
|
||||||
#xserver-command=X
|
|
||||||
#xmir-command=Xmir
|
|
||||||
#xserver-config=
|
|
||||||
#xserver-layout=
|
|
||||||
#xserver-allow-tcp=false
|
|
||||||
#xserver-share=true
|
|
||||||
#xserver-hostname=
|
|
||||||
#xserver-display-number=
|
|
||||||
#xdmcp-manager=
|
|
||||||
#xdmcp-port=177
|
|
||||||
#xdmcp-key=
|
|
||||||
#greeter-session=example-gtk-gnome
|
|
||||||
#greeter-hide-users=false
|
|
||||||
#greeter-allow-guest=true
|
|
||||||
#greeter-show-manual-login=false
|
|
||||||
#greeter-show-remote-login=true
|
|
||||||
#user-session=default
|
|
||||||
#allow-user-switching=true
|
|
||||||
#allow-guest=true
|
|
||||||
#guest-session=
|
|
||||||
session-wrapper=/etc/lightdm/Xsession
|
|
||||||
#greeter-wrapper=
|
|
||||||
#guest-wrapper=
|
|
||||||
#display-setup-script=
|
|
||||||
#display-stopped-script=
|
|
||||||
#greeter-setup-script=
|
|
||||||
#session-setup-script=
|
|
||||||
#session-cleanup-script=
|
|
||||||
#autologin-guest=false
|
|
||||||
autologin-user=pi
|
|
||||||
autologin-user-timeout=0
|
|
||||||
#autologin-in-background=false
|
|
||||||
#autologin-session=openbox
|
|
||||||
#exit-on-failure=false
|
|
||||||
|
|
||||||
#
|
|
||||||
# XDMCP Server configuration
|
|
||||||
#
|
|
||||||
# enabled = True if XDMCP connections should be allowed
|
|
||||||
# port = UDP/IP port to listen for connections on
|
|
||||||
# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present)
|
|
||||||
# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
|
|
||||||
# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset)
|
|
||||||
#
|
|
||||||
# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively
|
|
||||||
# it can be a word and the first 7 characters are used as the key.
|
|
||||||
#
|
|
||||||
[XDMCPServer]
|
|
||||||
#enabled=false
|
|
||||||
#port=177
|
|
||||||
#listen-address=
|
|
||||||
#key=
|
|
||||||
#hostname=
|
|
||||||
|
|
||||||
#
|
|
||||||
# VNC Server configuration
|
|
||||||
#
|
|
||||||
# enabled = True if VNC connections should be allowed
|
|
||||||
# command = Command to run Xvnc server with
|
|
||||||
# port = TCP/IP port to listen for connections on
|
|
||||||
# listen-address = Host/address to listen for VNC connections (use all addresses if not present)
|
|
||||||
# width = Width of display to use
|
|
||||||
# height = Height of display to use
|
|
||||||
# depth = Color depth of display to use
|
|
||||||
#
|
|
||||||
[VNCServer]
|
|
||||||
#enabled=false
|
|
||||||
#command=Xvnc
|
|
||||||
#port=5900
|
|
||||||
#listen-address=
|
|
||||||
#width=1024
|
|
||||||
#height=768
|
|
||||||
#depth=8
|
|
||||||
|
|
Loading…
Reference in a new issue