Modify

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#18206 closed defect (fixed)

Password reset after upgrading

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: Cc:

Description

Hi.

I've compiled and upgraded to r43032 and lost ssh access. Then I did went to LuCI, showed a warning that root password was not set but other configurations were there, such as wifi.
I did the firmware upgrade with "Keep settings" option set on LuCI.

Thanks.

Attachments (0)

Change History (16)

comment:1 in reply to: ↑ description ; follow-up: Changed 3 years ago by bittorf@…

I did the firmware upgrade with "Keep settings" option set on LuCI.

set a new password in failsafe mode:
http://wiki.openwrt.org/doc/howto/generic.failsafe

this happens when you upgrade from a very old revision without shadow-support IMHO.
maybe the script added in r29865 did not his work?

comment:2 in reply to: ↑ 1 Changed 3 years ago by anonymous

Replying to bittorf@…:

I did the firmware upgrade with "Keep settings" option set on LuCI.

set a new password in failsafe mode:
http://wiki.openwrt.org/doc/howto/generic.failsafe

this happens when you upgrade from a very old revision without shadow-support IMHO.
maybe the script added in r29865 did not his work?

I did upgraded from around r43011.
For me, this issue isn't really problematic, but could be for others.
Also, setting a new password on 10 devices on LuCI every firmware upgrade takes a while.

Thanks.

comment:3 Changed 3 years ago by hnyman

The same happened for me. Upgraded from 2-3 days old trunk build (either 34006 or 34031) to 34045. All other settings were intact, but Luci complained that no password was set and I logged in via Luci without password.

My shh public key had survived along other settings, so ssh access was also possible.

Other people have apparently also found this bug: https://forum.openwrt.org/viewtopic.php?pid=251952#p251952

comment:4 Changed 3 years ago by mroek

As hnyman mentioned, I also observed the same thing, and I actually updated from r43032, which was just a day old. I did not get the issue when I updated from r43014 to r43032, even though the OP in this issue got the bug when updating to r43032.

To recap, for me the issue appeared when updating from r43032 -> r43045, but it was only the password that was lost/reset, all other settings remained.

comment:5 Changed 3 years ago by hnyman

Well, I flashed 43052 and then again back to 43045, and password survived both times. So, this does not happen always.

Due to my ar71xx/wndr3700 community build I am flashing my routers almost daily. As this has not happened to me ever before, I suspect this bug to be something new.

comment:6 Changed 3 years ago by hnyman

I now updated from 45031 to 45052 and lost the password again. After sysupgrade the dates of passwd and shadow do not match:

root@OpenWrt:/etc# ls -l passwd shadow
-rw-rw-r--    1 root     root           190 Oct 24 19:39 passwd
-rw-------    1 root     root           115 Oct 24 17:14 shadow

I have a theory that this was caused by r43017 and has already been fixed with r43041. The passwd disappears if you sysupgrade from 43017-43040. (Around 43017 there were several intertwined tweaks to the scripts. So it may also have been one of the other related check-ins)

Jow comments in r43041:

Changeset r43017 reworked the ipkg control metadata generation but broke
the export of conffiles, postinst and prerm defines.

Change the code back to rely on shvar and shexport, this is required to
properly output multiline contents.

I suppose that somehow the definition of "conffiles to keep" of the base-files package does not properly include /etc/shadow. Support for shadow has been added later, and it is probably not defined quite that deeply in the code as /etc/passwd is.

comment:7 Changed 3 years ago by hnyman

/etc/shadow is defined as a conffile in base-files:
https://dev.openwrt.org/browser/trunk/package/base-files/Makefile#L37

But it is not defined in the deeper list
https://dev.openwrt.org/browser/trunk/package/base-files/files/lib/upgrade/keep.d/base-files-essential

I assume that failure in exporting base-files' conffiles variable led to situation, where /etc/shadow was not copied to the backup archive in the sysupgrade process.

Should /etc/shadow be added to the global base-files-essential list????

comment:8 follow-up: Changed 3 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

fixed in r43061, r43062

comment:9 in reply to: ↑ 8 Changed 3 years ago by anonymous

Replying to nbd:

fixed in r43061, r43062

Hi.

I did build and upgraded today to r43076 and problem still exists.

Before r43032 I did build and upgraded every 2~4 days and this never occurred. "Keep settings" option still work for everything else I have configured.

Am I missing something?

Thanks.

comment:10 follow-ups: Changed 3 years ago by nbd

did you try upgrading to the same firmware again after setting the password?

comment:11 Changed 3 years ago by hnyman

Like I said above in comment:6:

The passwd disappears if you sysupgrade from 43017-43040.

Those firmware versions did not properly define the config files to preserve in sysupgrade. The fix does not retroactively change the old firmware in your router. If you upgrade from 43032, then /etc/shadow and your password will get lost.

To prevent that, you need to edit /etc/keep.d/base-files-essentials to include also "/etc/shadow". But that needs to be done before the sysupgrade, and most users will read this advice only after upgrading and having already lost the password. :-(

comment:12 follow-up: Changed 3 years ago by jow

Is /etc/shadow detected by "opkg list-changed-conffiles" in current versions now?

comment:13 in reply to: ↑ 12 Changed 3 years ago by mroek

Replying to jow:

Is /etc/shadow detected by "opkg list-changed-conffiles" in current versions now?

From my r43063-router

root@WDR4300:~# opkg list-changed-conffiles
/etc/shadow
/etc/profile
/etc/sysctl.conf
/etc/config/system
/etc/collectd.conf
/etc/config/ddns
/etc/config/dhcp
/etc/dropbear/dropbear_rsa_host_key
/etc/dropbear/dropbear_dss_host_key
/etc/config/dropbear
/etc/config/firewall
/etc/config/luci_devinfo
/etc/config/luci_statistics
/etc/config/luci
/etc/config/upnpd
/etc/config/openvpn
/etc/config/qos
/etc/config/uhttpd

So I guess the answer is yes.

comment:14 in reply to: ↑ 10 Changed 3 years ago by anonymous

Replying to nbd:

did you try upgrading to the same firmware again after setting the password?

Yes.
Every configuration remains, including password, at r43076.

comment:15 in reply to: ↑ 10 Changed 3 years ago by anonymous

Replying to nbd:

did you try upgrading to the same firmware again after setting the password?

Yes.
Configuration as been kept, including password, at r43076.

comment:16 Changed 3 years ago by anonymous

Built and upgraded to r43091 from r43076, every configuration as been kept, including password.

Thanks.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.