image.bbclass: fix for zap_root_password
Previously, this function replaces the root password with '*' if 'debug-tweaks' is not in IMAGE_FEATURES. It not only zaps empty root password, but also zaps non-empty root password. That means, if the user uses a bbappend file for base-passwd to set the root password, he would not be able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set the root password, he would still not be able to login as root. What we really want from this function is to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. This function should not remove non-empty root password because that password is usually deliberately set by the user. This patch renames zap_root_password to zap_empty_root_password to better reflect the intent of this function. It also modifies the code to make this function work correctly. (From OE-Core rev: c1037a74f934966a0df8c85138b09d672b9f8b36) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
7b58b5feaa
commit
c38fee231b
|
@ -74,7 +74,7 @@ inherit image
|
|||
ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
|
||||
|
||||
# Zap the root password if debug-tweaks feature is not enabled
|
||||
ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
|
||||
ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_empty_root_password ; ",d)}'
|
||||
|
||||
# Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled
|
||||
ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}'
|
||||
|
|
|
@ -562,11 +562,13 @@ rootfs_uninstall_unneeded () {
|
|||
fi
|
||||
}
|
||||
|
||||
# set '*' as the root password so the images
|
||||
# can decide if they want it or not
|
||||
zap_root_password () {
|
||||
sed 's%^root:[^:]*:%root:*:%' < ${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new
|
||||
mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
|
||||
# This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES.
|
||||
zap_empty_root_password () {
|
||||
if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
|
||||
sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow
|
||||
elif [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then
|
||||
sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd
|
||||
fi
|
||||
}
|
||||
|
||||
# allow dropbear/openssh to accept root logins and logins from accounts with an empty password string
|
||||
|
@ -648,7 +650,7 @@ rootfs_sysroot_relativelinks () {
|
|||
sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT}
|
||||
}
|
||||
|
||||
EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
|
||||
EXPORT_FUNCTIONS zap_empty_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
|
||||
|
||||
do_fetch[noexec] = "1"
|
||||
do_unpack[noexec] = "1"
|
||||
|
|
Loading…
Reference in New Issue