Sysupgrade.conf

ncompact · March 14, 2022, 7:39am

stupid question

because sysupgrade adds files
that are not present in the file list (/etc/sysupgrade.conf)?

and example:

/etc/opkg/keys/0b26f36ae0f4106d
/etc/opkg/keys/1035ac73cc4e59e3
/etc/shadow

and many others

immagine

jow · March 14, 2022, 7:40am

... and what is the question exactly?

ncompact · March 14, 2022, 7:43am

I would like it not to generate an archive containing files that I have not expressly inserted

jow · March 14, 2022, 7:45am

This is not possible. Sysupgrade will consult /lib/upgrade/keep.d/ (which you could delete) and opkg list-changed-conffiles (which you can't simply override) to assemble the list of files to backup. Through sysupgrade.conf you can only amend this list.

ncompact · March 14, 2022, 7:50am

thank you support

ncompact · March 14, 2022, 7:56am

if it may interest someone else just using sysupgrade
I advise you to be careful you have files that are present in the archive especially if like me you do not remember passwords 64 characters long
I was able to solve using the "vim" editor to remove the password in the
/etc/shadow
to restore the configuration without password

grrr2 · March 14, 2022, 8:11am

it seems you mixed up something:

sysupgrade is used to upgrade to a new release (i.e. overwrite the whole router) by keeping (if you wish) your current settings, including your password (i.e. after upgrade keep using your old passwords & configuration instead of vanilla configuration).
above your talking about backup, which indeed using sysupgrade.conf to include all relevant files so you can restore your current config if needed.

but unless you enter a 64 char long password sysupgrade/backup will not make one for you. also 64 (?) char string you see in /etc/shadow is the encrypted version of your password, not the plain text version.

using a system password-less is not a wise habit, it is quite a big security gap, thus if you once did set a password for root (which is the very first thing suggesting by the system after fresh install) then it is obviously saved in the backup file. so not sure what you try to imply, what is really your concern here to be honest.

ncompact · March 14, 2022, 8:26am

this was the first time I restored an archive, usually I sign the passwords I set in text files, unfortunately in this case I created the archive a year ago and I did not remember exactly where I had entered the password.
and not having enough time to go back to the one set, I tried to find an alternative solution.
my main concern is that it may happen to someone else or even myself in the future as passwords I prefer to have them generated by a program rather than using shorter passwords.

lleachii · March 14, 2022, 12:24pm

My password is successfully saved and restored upon sysupgrade. It doesn't matter if it's simple or complex. I do recall a thread some time ago - that some versions of OpenWrt had issues with a long password.

It seems like the OP is trying to save a plain-text copy of the password on the device in a separate file (or perhaps a hash of it or something based on a personal cert - as the OP noted they sign the password???); but is not making that point clear.

Three options:

Tell the OpenWrt to save that text file
Consider switching to SSH key-based logins, since your password isn't "human-readable" anyways (i.e. it's not a password designed to be remembered by the user)
Set a browser, SSH client, etc. to save the password (I thought this would have to be done anyway)