Hi everyone especially @Zheng-Han ,
I have a question regarding security updates for the Omega2S.
Currently, the device is being shipped with OpenWrt 23.05.x. As far as I understand, this branch has reached end-of-life upstream and no longer receives ongoing security updates from the OpenWrt project.
Since Onion Corporation is selling products into the EU market, I would like to ask how this aligns with the requirements of the Cyber Resilience Act, which requires manufacturers of products with digital elements to provide security updates for a defined support period.
Specifically:
Are there plans to provide ongoing security patches for the Omega2S firmware?
Will there be an upgrade to a currently supported OpenWrt release?
Is there an official security support timeline for the Omega2S?
I’m asking purely from a security and compliance perspective, as long-term patch availability is becoming increasingly important for commercial deployments within the EU.
Thank you for any clarification.
While OpenWrt is a single user system, you can create additional users so you don't have to disclose the root user password. You can add the user by editing /etc/passwd and /etc/shadow or you can install the useradd package:
opkg install shadow-useradd
Now add a new user named "admin", but we don't want them to have shell access:
useradd admin -d /var -M -s /bin/false -p mytemporarypassword
The password is added in cleartext so you need to change it using the command:
passwd admin
Follow the prompts to set your password then you can confirm the new user has been added as required:
cat /etc/passwd
cat /etc/shadow
Since OnionOS uses ubus via rpc we need to add the user to the rpc user list. The configuration file is /etc/config/rcpd, but you can use uci commands to add the user:
uci add rpcd login
uci set rpcd.@login[-1].username='admin'
uci set rpcd.@login[-1].password='$p$admin'
uci add_list rpcd.@login[-1].read='*'
uci add_list rpcd.@login[-1].write='*'
uci commit rpcd
The username must match the username we just created and the structure of the password field causes the rpc daemon to use the system password we just created.
The "read" and "write" fields is set to an asterisk indicating that the user will have unrestricted access, the same as the root user.
You can confirm the new user had been added using a uci command:
uci show rpcd
rpcd.@login[0]=login
rpcd.@login[0].username='root'
rpcd.@login[0].password='$p$root'
rpcd.@login[0].read='*'
rpcd.@login[0].write='*'
rpcd.@login[1]=login
rpcd.@login[1].username='admin'
rpcd.@login[1].password='$p$admin'
rpcd.@login[1].read='*'
rpcd.@login[1].write='*'
Now restart the rpc daemon:
service rpcd restart
You can now login to OnionOS with the same functionality as the root user has, but the user has no console access.
@cyberai pls try running the checkCamera.py Example Python Program and posting the command line output and screenshots of the output.
This will give us a better idea of what's going on.
