raspbian password checking adjustment (also expire correct user) #1282
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
old line 12: the existing logic didn't make sense to me check for edison but expire root so adjusting to check for root, expire root old line 16-21: If you changed the password for 'pi' before running the script you'd never get to the part about changing root's password as it's disabled and locked by default and therefore /run/sshwarn will not exist. new line 16-32: Check if we are running Raspbian, check the build date against the current password date for both pi and root. If they are the same, we are using default passwords and prompt for change. Checking them independently and only information message once.
scottleibrand
approved these changes
Aug 6, 2019
|
The code block was mainly surrounding pi installs and I've added extra validation to verify it only gets run for the raspbian OS. Only thing touched for Edison was correcting the logic and worst-case scenario it prompts the user to reset the root password on next login. Unless checking the Edison user for password date and then forcing a password change for the root user makes sense to someone else. I've tested on a new install on rpi and it works as expected |
scottleibrand
pushed a commit
that referenced
this pull request
Oct 27, 2019
old line 12: the existing logic didn't make sense to me check for edison but expire root so adjusting to check for root, expire root old line 16-21: If you changed the password for 'pi' before running the script you'd never get to the part about changing root's password as it's disabled and locked by default and therefore /run/sshwarn will not exist. new line 16-32: Check if we are running Raspbian, check the build date against the current password date for both pi and root. If they are the same, we are using default passwords and prompt for change. Checking them independently and only information message once.
scottleibrand
added a commit
that referenced
this pull request
Oct 29, 2019
* Offline xDrip looping * Add the script to package.json * Add the glucose value * Changed the setup json to use the offline script * Also add the script to ns-loop shell script * Fix web script trying to access BG data when there's none * Better error logging * Output full filename on on parse error * Ensure JSON parse gets a string, not a stream * Don't read the file we're outputting to * Don't read file we're outputting to * Fix path typo * Try loading from router, not hardcoded address * Fix bug resulting from code restructuring * The apparently rare case where glucose is loaded from Nightscout before a new reading was available out misformatted data * Better error logging for wrong secret * Code cleanup * remove unused ns-glucose report instead of updating it * remove commented-out Spike stuff * tabs to sapces * Remove binary download options (#1252) * Remove binary download options * Add radiotags to runagain, and fix bug for radiofruit hardware type * Use Edison's FAT32 Partition (#1253) Mount the Edison's FAT32 partition to give us enough room to install golang. * Radiotags in oref0-runagain.sh (#1254) Pass radiotags to oref0-setup.sh from oref0-runagain.sh. * Add network module dependency (#1261) Fixes issue of `Cannot find module 'network'` in the ns-looplog. * Debian Buster compatibility (#1275) * Save hardwaretype in preferences.json Store hardwaretype so that it can be used elsewhere. * Install node v8 Make sure nodesource repo is used to install nodejs and npm. * Install node v8 Make sure nodesource repo is used to install nodejs and npm, except on armv6... * Switch Radiofruit openaps-menu back to main repo * fix systemctl syntax * skip bgproxy if we already have a new glucose value and it's time for another loop * checkip.amazonaws.com now puts spaces after commas * Allow oref0-upload-profile to also switch to new profile (#1285) * Unused local variables (#1284) * raspbian password checking adjustment (#1282) old line 12: the existing logic didn't make sense to me check for edison but expire root so adjusting to check for root, expire root old line 16-21: If you changed the password for 'pi' before running the script you'd never get to the part about changing root's password as it's disabled and locked by default and therefore /run/sshwarn will not exist. new line 16-32: Check if we are running Raspbian, check the build date against the current password date for both pi and root. If they are the same, we are using default passwords and prompt for change. Checking them independently and only information message once. * fix wrong interface choose (#1286) By default, choose the first interface found with a control socket in the socket path. * fix bootstrap to put tune-dia-and-peak argument on openaps-install, not the curl * Allow G4 Share serial to be blank (#1268) * Categorize improvements for libre 1 minute data (#1238) * Work in progress on categorize * Determine date & dateString properties in prepGlucose map function * Filter invalid records in filterRecords filter function * Clean up for loop to remove previously performed checks * Average any values that fall within the 2 minute deadband * Increase limit to allow for 1 minute data * Ensure 1440 (60*24) records can be downloaded * refactoring: round_basal (#1294) - parametrized mocha test * Improved rounding of mmol/L units in oref0-upload-profile (#1295) * Round ISF properly in oref0-upload-profile with mmol/L units * Round BG targets properly in oref0-upload-profile with mmol/L units * Add explanations for unit conversion code * Reestablish bluetooth connection after failure to set bluetooth hci name (#1291) * Reset bluetooth adapter if fail to set bluetooth hci name * Check to make sure oref0-bluetoothup not already running * Stop bluetoothd and allow next cycle to handle restart * per #1288, only use minZTUAMPredBG if enableUAM, and use minGuardBG otherwise (#1292) * run oref0-set-system-clock after oref0-set-device-clocks in case rig is offline (#1290) * run oref0-set-system-clock if oref0-set-device-clocks fails * remove output redirection for debugging * run oref0-set-system-clock regardless of return code from oref0-set-device-clocks * fix tabs that should be spaces * Fix case mismatch that causes values in mg/dl to be multiplied by 18 (#1296) * Add checks to make sure variables are defined. (#1297) * Update bin/all-autosens-history.sh Add 2019 Co-Authored-By: viq <[email protected]> * lodash 4.17.15 per npm audit fix * Have autotune sync to NS nightly after autotune runs (#1098) * Have autotune sync to NS nightly after autotune runs This will keep Nightscout in sync with autotune after the nightly run. * always round insulin to carb ratios to 0.1g * round basal rates to 0.01 U/h, not 0.001 * sleep 60s to generate a new profile.json * Standalone MRAA installer for OpenAPS v0.7.0 (#1302) * Standalone MRAA installer for OpenAPS v0.7.0 Addresses #1270 * Add oref0-mraa-install to package.json * Unused local variables (#1301) * Unused local variables * Unused local variables * Upload preferences.json and oref0 version to devicestatus (#1300) * per #1288, only use minZTUAMPredBG if enableUAM, and use minGuardBG otherwise * upload preferences.json to devicestatus * use --preferences instead of positional arguments * yargs entry for --preferences * upload oref0 package.json version string * redact sensitive fields in preferences.json * reduce size of large logfiles like new -date ones * remove old commented-out code * remove old commented and deprecated code * Refactor enable smb in determine-basal.js (#1299) * Move the enable SMB into its own dedicated function This will allow easier SMB conditional implementations * Forgot to remove the existing logic... * fix function naming * function fix round 2 * don't let kill the script if oref0 already exists * Travis CI: Upgrade to Python 3.8 and add more flake8 tests (#1304) * Non-breaking space (#1305) * Non-breaking space detected by eslint * Detect socket timeout and don't log stack trace * whitespace * Add ECONNREFUSED to safe error list, better error message * Reduced logging (#1309) * Detect socket timeout and don't log stack trace * Add ECONNREFUSED to safe error list, better error message * Consolidate IP logging to same line as xDrip load notification, remove unused variables * Disabled xDrip logging after first error * expand one-line json to properly count glucose entries
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
old line 12: the existing logic didn't make sense to me check for edison but expire root so adjusting to check for root, expire root
old line 16-21: If you changed the password for 'pi' before running the script you'd never get to the part about changing root's password as it's disabled and locked by default and therefore
/run/sshwarnwill not exist.new line 16-32: Check if we are running Raspbian, check the build date against the current password date for both pi and root. If they are the same, we are using default passwords and prompt for change. Checking them independently and only display information message once.
Let me know if you have questions.