summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJackie Huang <jackie.huang@windriver.com>2017-06-29 13:28:42 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-07-09 22:48:38 +0100
commit7c1adcc6d7e00c5b2ea427c7a023dc9faee40582 (patch)
tree94d9564f01ee3d684f1619ecd94f3e7b16c9f080
parentbe73d2bf15eb6b9afca324e0dd4b1a24c00a1f8e (diff)
downloadpoky-7c1adcc6d7e00c5b2ea427c7a023dc9faee40582.tar.gz
rootfs-postcommands: split ssh_allow_empty_password
"allow root login" should not be bundled in ssh_allow_empty_password, because some distro may want only one of "allow root login" and "allow empty password", so split it out into ssh_allow_root_login and add new imagefeature allow-root-login so they can be controlled separately, debug-tweaks will still include both of them. (From OE-Core rev: 1ab494f06a12548a902298afabd0a842161ef10d) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/image.bbclass2
-rw-r--r--meta/classes/rootfs-postcommands.bbclass25
-rw-r--r--meta/lib/oeqa/selftest/cases/imagefeatures.py4
3 files changed, 25 insertions, 6 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 2e880242d7..adc50c99bc 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -32,7 +32,7 @@ INHIBIT_DEFAULT_DEPS = "1"
32# IMAGE_FEATURES may contain any available package group 32# IMAGE_FEATURES may contain any available package group
33IMAGE_FEATURES ?= "" 33IMAGE_FEATURES ?= ""
34IMAGE_FEATURES[type] = "list" 34IMAGE_FEATURES[type] = "list"
35IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password allow-empty-password post-install-logging" 35IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password allow-empty-password allow-root-login post-install-logging"
36 36
37# Generate companion debugfs? 37# Generate companion debugfs?
38IMAGE_GEN_DEBUGFS ?= "0" 38IMAGE_GEN_DEBUGFS ?= "0"
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index 9d4d95e994..ca690a6e59 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -2,9 +2,12 @@
2# Zap the root password if debug-tweaks feature is not enabled 2# Zap the root password if debug-tweaks feature is not enabled
3ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}' 3ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}'
4 4
5# Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled 5# Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks or allow-empty-password is enabled
6ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}' 6ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}'
7 7
8# Allow dropbear/openssh to accept root logins if debug-tweaks or allow-root-login is enabled
9ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "ssh_allow_root_login; ", "",d)}'
10
8# Enable postinst logging if debug-tweaks is enabled 11# Enable postinst logging if debug-tweaks is enabled
9ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' 12ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}'
10 13
@@ -138,12 +141,11 @@ zap_empty_root_password () {
138} 141}
139 142
140# 143#
141# allow dropbear/openssh to accept root logins and logins from accounts with an empty password string 144# allow dropbear/openssh to accept logins from accounts with an empty password string
142# 145#
143ssh_allow_empty_password () { 146ssh_allow_empty_password () {
144 for config in sshd_config sshd_config_readonly; do 147 for config in sshd_config sshd_config_readonly; do
145 if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then 148 if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then
146 sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config
147 sed -i 's/^[#[:space:]]*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config 149 sed -i 's/^[#[:space:]]*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config
148 fi 150 fi
149 done 151 done
@@ -166,6 +168,23 @@ ssh_allow_empty_password () {
166 fi 168 fi
167} 169}
168 170
171#
172# allow dropbear/openssh to accept root logins
173#
174ssh_allow_root_login () {
175 for config in sshd_config sshd_config_readonly; do
176 if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then
177 sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config
178 fi
179 done
180
181 if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then
182 if grep -q DROPBEAR_EXTRA_ARGS ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear 2>/dev/null ; then
183 sed -i '/^DROPBEAR_EXTRA_ARGS=/ s/-w//' ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear
184 fi
185 fi
186}
187
169python sort_passwd () { 188python sort_passwd () {
170 import rootfspostcommands 189 import rootfspostcommands
171 rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}')) 190 rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}'))
diff --git a/meta/lib/oeqa/selftest/cases/imagefeatures.py b/meta/lib/oeqa/selftest/cases/imagefeatures.py
index 09e0b20625..b60ab8ae7e 100644
--- a/meta/lib/oeqa/selftest/cases/imagefeatures.py
+++ b/meta/lib/oeqa/selftest/cases/imagefeatures.py
@@ -23,7 +23,7 @@ class ImageFeatures(OESelftestTestCase):
23 AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> 23 AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
24 """ 24 """
25 25
26 features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh empty-root-password allow-empty-password"\n' 26 features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh empty-root-password allow-empty-password allow-root-login"\n'
27 features += 'INHERIT += "extrausers"\n' 27 features += 'INHERIT += "extrausers"\n'
28 features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user) 28 features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user)
29 self.write_config(features) 29 self.write_config(features)
@@ -49,7 +49,7 @@ class ImageFeatures(OESelftestTestCase):
49 AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> 49 AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
50 """ 50 """
51 51
52 features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh allow-empty-password"\n' 52 features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh allow-empty-password allow-root-login"\n'
53 features += 'INHERIT += "extrausers"\n' 53 features += 'INHERIT += "extrausers"\n'
54 features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user) 54 features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user)
55 self.write_config(features) 55 self.write_config(features)