diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2013-12-11 13:41:36 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-12-14 09:16:37 +0000 |
| commit | c38fee231b42b9123dd1fd102235eac6240ba4c8 (patch) | |
| tree | c221fcba9bde5019a0e009b7a47d7be5fe12c6ca /meta/classes/image.bbclass | |
| parent | 7b58b5feaa22c82e997165fc130c8545f5b1a129 (diff) | |
| download | poky-c38fee231b42b9123dd1fd102235eac6240ba4c8.tar.gz | |
image.bbclass: fix for zap_root_password
Previously, this function replaces the root password with '*' if
'debug-tweaks' is not in IMAGE_FEATURES. It not only zaps empty root
password, but also zaps non-empty root password. That means, if the
user uses a bbappend file for base-passwd to set the root password, he
would not be able to login as root; if the user uses 'EXTRA_USERS_PARAMS'
to set the root password, he would still not be able to login as root.
What we really want from this function is to disallow empty root password
if 'debug-tweaks' is not in IMAGE_FEATURES. This function should not remove
non-empty root password because that password is usually deliberately set
by the user.
This patch renames zap_root_password to zap_empty_root_password to
better reflect the intent of this function. It also modifies the code
to make this function work correctly.
(From OE-Core rev: c1037a74f934966a0df8c85138b09d672b9f8b36)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/image.bbclass')
| -rw-r--r-- | meta/classes/image.bbclass | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 012aef3bcc..c59572104d 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass | |||
| @@ -562,11 +562,13 @@ rootfs_uninstall_unneeded () { | |||
| 562 | fi | 562 | fi |
| 563 | } | 563 | } |
| 564 | 564 | ||
| 565 | # set '*' as the root password so the images | 565 | # This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. |
| 566 | # can decide if they want it or not | 566 | zap_empty_root_password () { |
| 567 | zap_root_password () { | 567 | if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then |
| 568 | sed 's%^root:[^:]*:%root:*:%' < ${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new | 568 | sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow |
| 569 | mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd | 569 | elif [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then |
| 570 | sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd | ||
| 571 | fi | ||
| 570 | } | 572 | } |
| 571 | 573 | ||
| 572 | # allow dropbear/openssh to accept root logins and logins from accounts with an empty password string | 574 | # allow dropbear/openssh to accept root logins and logins from accounts with an empty password string |
| @@ -648,7 +650,7 @@ rootfs_sysroot_relativelinks () { | |||
| 648 | sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT} | 650 | sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT} |
| 649 | } | 651 | } |
| 650 | 652 | ||
| 651 | EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup | 653 | EXPORT_FUNCTIONS zap_empty_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup |
| 652 | 654 | ||
| 653 | do_fetch[noexec] = "1" | 655 | do_fetch[noexec] = "1" |
| 654 | do_unpack[noexec] = "1" | 656 | do_unpack[noexec] = "1" |