Skip to content
This repository was archived by the owner on Feb 25, 2023. It is now read-only.

Commit 62bbe1f

Browse files
StadicusStadicus
committed
build: add MAINTENANCEMENU option
The new maintenance menu needs to be tested in real builds but should not yet be enabled in production builds. By adding this feature, but disabled by default, it can be go into a more extensive security review. This commit: * adds the option BASE_MAINTENANCEMENU, default: 'false' * `startup-maintenance.service` is only enabled if set to true
1 parent 77dbe4a commit 62bbe1f

File tree

3 files changed

+11
-2
lines changed

3 files changed

+11
-2
lines changed

armbian/base/build.conf

+4
Original file line numberDiff line numberDiff line change
@@ -60,3 +60,7 @@
6060
# Make root filesystem read-only and overlay it with a temporary filesystem.
6161
# All changes are lost on reboot, guaranteeing a safe state.
6262
#BASE_OVERLAYROOT="true"
63+
64+
# Start Maintenance Menu if authorized maintenance token
65+
# is found on USB flasdrive on boot
66+
#BASE_MAINTENANCEMENU="false"

armbian/base/customize-armbian-rockpro64.sh

+6-1
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,7 @@ CONFIGURATION:
8181
AUTOSETUP SSD: ${BASE_AUTOSETUP_SSD}
8282
BITCOIN SERVICES ENABLED:
8383
${BASE_ENABLE_BITCOIN_SERVICES}
84+
MAINTENANCE MENU: ${BASE_MAINTENANCEMENU}
8485
8586
================================================================================
8687
BUILD OPTIONS:
@@ -179,6 +180,7 @@ BASE_DASHBOARD_HDMI_ENABLED="false"
179180
BASE_HDMI_BUILD="false"
180181
BASE_MINIMAL="true"
181182
BASE_OVERLAYROOT="true"
183+
BASE_MAINTENANCEMENU="false" # TODO(Stadicus): set "true" by default after further review
182184

183185
# Overwrite defaults if BASE_PRODUCTION_IMAGE set to "false"
184186
if [[ ${BASE_PRODUCTION_IMAGE} == "false" ]]; then
@@ -471,7 +473,10 @@ systemctl enable update-checks.service
471473

472474
## maintenance menu
473475
importFile /etc/systemd/system/startup-maintenance.service
474-
systemctl enable startup-maintenance.service
476+
477+
if [[ "${BASE_MAINTENANCEMENU}" == "true" ]]; then
478+
systemctl enable startup-maintenance.service
479+
fi
475480

476481
## disable ssh login messages
477482
echo "MOTD_DISABLE='header tips updates armbian-config'" >> /etc/default/armbian-motd

armbian/base/scripts/bbb-cmd.sh

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ possible commands:
1616
flashdrive <check|mount|unmount>
1717
backup <sysconfig|hsm_secret>
1818
restore <sysconfig|hsm_secret>
19-
reset <auth|config|image|ssd>
19+
reset <auth|config>
2020
mender-update <install|commit>
2121
presync <create|restore>
2222

0 commit comments

Comments
 (0)