diff options
| author | Jackie Huang <jackie.huang@windriver.com> | 2017-06-29 13:28:42 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-07-09 22:48:38 +0100 |
| commit | 7c1adcc6d7e00c5b2ea427c7a023dc9faee40582 (patch) | |
| tree | 94d9564f01ee3d684f1619ecd94f3e7b16c9f080 /meta/classes | |
| parent | be73d2bf15eb6b9afca324e0dd4b1a24c00a1f8e (diff) | |
| download | poky-7c1adcc6d7e00c5b2ea427c7a023dc9faee40582.tar.gz | |
rootfs-postcommands: split ssh_allow_empty_password
"allow root login" should not be bundled in ssh_allow_empty_password,
because some distro may want only one of "allow root login" and "allow
empty password", so split it out into ssh_allow_root_login and add new
imagefeature allow-root-login so they can be controlled separately,
debug-tweaks will still include both of them.
(From OE-Core rev: 1ab494f06a12548a902298afabd0a842161ef10d)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/image.bbclass | 2 | ||||
| -rw-r--r-- | meta/classes/rootfs-postcommands.bbclass | 25 |
2 files changed, 23 insertions, 4 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 2e880242d7..adc50c99bc 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass | |||
| @@ -32,7 +32,7 @@ INHIBIT_DEFAULT_DEPS = "1" | |||
| 32 | # IMAGE_FEATURES may contain any available package group | 32 | # IMAGE_FEATURES may contain any available package group |
| 33 | IMAGE_FEATURES ?= "" | 33 | IMAGE_FEATURES ?= "" |
| 34 | IMAGE_FEATURES[type] = "list" | 34 | IMAGE_FEATURES[type] = "list" |
| 35 | IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password allow-empty-password post-install-logging" | 35 | IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password allow-empty-password allow-root-login post-install-logging" |
| 36 | 36 | ||
| 37 | # Generate companion debugfs? | 37 | # Generate companion debugfs? |
| 38 | IMAGE_GEN_DEBUGFS ?= "0" | 38 | IMAGE_GEN_DEBUGFS ?= "0" |
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass index 9d4d95e994..ca690a6e59 100644 --- a/meta/classes/rootfs-postcommands.bbclass +++ b/meta/classes/rootfs-postcommands.bbclass | |||
| @@ -2,9 +2,12 @@ | |||
| 2 | # Zap the root password if debug-tweaks feature is not enabled | 2 | # Zap the root password if debug-tweaks feature is not enabled |
| 3 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}' | 3 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}' |
| 4 | 4 | ||
| 5 | # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled | 5 | # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks or allow-empty-password is enabled |
| 6 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}' | 6 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}' |
| 7 | 7 | ||
| 8 | # Allow dropbear/openssh to accept root logins if debug-tweaks or allow-root-login is enabled | ||
| 9 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "ssh_allow_root_login; ", "",d)}' | ||
| 10 | |||
| 8 | # Enable postinst logging if debug-tweaks is enabled | 11 | # Enable postinst logging if debug-tweaks is enabled |
| 9 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' | 12 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' |
| 10 | 13 | ||
| @@ -138,12 +141,11 @@ zap_empty_root_password () { | |||
| 138 | } | 141 | } |
| 139 | 142 | ||
| 140 | # | 143 | # |
| 141 | # allow dropbear/openssh to accept root logins and logins from accounts with an empty password string | 144 | # allow dropbear/openssh to accept logins from accounts with an empty password string |
| 142 | # | 145 | # |
| 143 | ssh_allow_empty_password () { | 146 | ssh_allow_empty_password () { |
| 144 | for config in sshd_config sshd_config_readonly; do | 147 | for config in sshd_config sshd_config_readonly; do |
| 145 | if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then | 148 | if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then |
| 146 | sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config | ||
| 147 | sed -i 's/^[#[:space:]]*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config | 149 | sed -i 's/^[#[:space:]]*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config |
| 148 | fi | 150 | fi |
| 149 | done | 151 | done |
| @@ -166,6 +168,23 @@ ssh_allow_empty_password () { | |||
| 166 | fi | 168 | fi |
| 167 | } | 169 | } |
| 168 | 170 | ||
| 171 | # | ||
| 172 | # allow dropbear/openssh to accept root logins | ||
| 173 | # | ||
| 174 | ssh_allow_root_login () { | ||
| 175 | for config in sshd_config sshd_config_readonly; do | ||
| 176 | if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then | ||
| 177 | sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config | ||
| 178 | fi | ||
| 179 | done | ||
| 180 | |||
| 181 | if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then | ||
| 182 | if grep -q DROPBEAR_EXTRA_ARGS ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear 2>/dev/null ; then | ||
| 183 | sed -i '/^DROPBEAR_EXTRA_ARGS=/ s/-w//' ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear | ||
| 184 | fi | ||
| 185 | fi | ||
| 186 | } | ||
| 187 | |||
| 169 | python sort_passwd () { | 188 | python sort_passwd () { |
| 170 | import rootfspostcommands | 189 | import rootfspostcommands |
| 171 | rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}')) | 190 | rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}')) |