Abhishek-2808 opened a new pull request, #18715: URL: https://github.com/apache/nuttx/pull/18715
## Summary This PR introduces build-time generation of the `/etc/passwd` file for the ROMFS image when authentication is enabled. Instead of relying on a static etc/passwd file embedded in the source tree, the passwd entry is now generated during the build using the configuration values: - `CONFIG_ETC_ROMFS_PASSWD_USER` - `CONFIG_ETC_ROMFS_PASSWD_PASSWORD` - `CONFIG_ETC_ROMFS_PASSWD_UID` - `CONFIG_ETC_ROMFS_PASSWD_GID` - `CONFIG_ETC_ROMFS_PASSWD_HOME` The generated passwd entry is written into the ROMFS staging directory and included in the firmware image. ## Behavior Authentication disabled - No passwd generation occurs. - System behavior remains unchanged. Authentication enabled - The build generates `/etc/passwd` automatically. - The password is hashed before being stored in the ROMFS image. - The plaintext password is never embedded in the firmware. Password missing - If `CONFIG_ETC_ROMFS_GENPASSWD=y` but the password is empty, the build fails with an explicit error. This ensures that credentials are always explicitly configured when authentication is enabled and prevents firmware images from being built with empty passwords. ## Security Improvement Previously /etc/passwd could be included as a static file in the ROMFS source tree. With this change, the credentials are generated at build time and must be explicitly configured, avoiding implicit or default credentials in firmware images. ## Testing **General passwd entry** <img width="478" height="51" alt="image" src="https://github.com/user-attachments/assets/2b6379ce-c4f3-46a8-8776-334b536e8057"; /> **Plaintext passwd check** <img width="602" height="40" alt="image" src="https://github.com/user-attachments/assets/91b19a54-99a0-462b-a575-7d7d24001dca"; /> **Build failure when passwd is empty** <img width="1136" height="185" alt="image" src="https://github.com/user-attachments/assets/ff4d26c4-0277-498a-8ea1-e18b5000fd54"; /> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
