ref-manual: add a note about hard-coded passwords

It seems prudent to point out that hard-coding passwords in the manner detailed in the example is not a good idea in production. This type of mistake has unfortunately been made by many device vendors (outside of the Yocto Project context) leading to security vulnerabilities. (From yocto-docs rev: 1d07dba9423ae0a841eccb58c297e31b63c3965d) Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Paul Eggleton <paul.eggleton@microsoft.com> 2022-04-21 18:40:35 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-04-25 15:14:08 +0100
commit: 30b4b153d61cea0b1ce4faf7b41f2e454cb4ec9f (patch)
tree: d80d89b1cbf1ee58a009e43f56fe63c65366b467 /documentation/ref-manual
parent: 11025bed13d78fca060e719181ceba29bce9299f (diff)
download: poky-30b4b153d61cea0b1ce4faf7b41f2e454cb4ec9f.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 6ba792d3f9..60423d8533 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -576,6 +576,14 @@ Finally, here is an example that sets the root password::
       usermod -p '${PASSWD}' root; \
       "
+.. note::
+   From a security perspective, hardcoding a default password is not
+   generally a good idea or even legal in some jurisdictions. It is 
+   recommended that you do not do this if you are building a production 
+   image.
 .. _ref-classes-features_check:
 ``features_check.bbclass``
author	Paul Eggleton <paul.eggleton@microsoft.com>	2022-04-21 18:40:35 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-25 15:14:08 +0100
commit	30b4b153d61cea0b1ce4faf7b41f2e454cb4ec9f (patch)
tree	d80d89b1cbf1ee58a009e43f56fe63c65366b467 /documentation/ref-manual
parent	11025bed13d78fca060e719181ceba29bce9299f (diff)
download	poky-30b4b153d61cea0b1ce4faf7b41f2e454cb4ec9f.tar.gz

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 6ba792d3f9..60423d8533 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst
@@ -576,6 +576,14 @@ Finally, here is an example that sets the root password::
576	usermod -p '${PASSWD}' root; \	576	usermod -p '${PASSWD}' root; \
577	"	577	"
578		578
		579	.. note::
		580
		581	From a security perspective, hardcoding a default password is not
		582	generally a good idea or even legal in some jurisdictions. It is
		583	recommended that you do not do this if you are building a production
		584	image.
		585
		586
579	.. _ref-classes-features_check:	587	.. _ref-classes-features_check:
580		588
581	``features_check.bbclass``	589	``features_check.bbclass``