diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-05 17:52:06 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-06 15:27:33 +0000 |
commit | 0051510ae3e8f5d4dcd1f074bba1bd9c7e2362d9 (patch) | |
tree | b0b2de5246440fe2552e45b172741b010d06c467 /meta | |
parent | 3428eddcd1c433c52f1886598479c5970dd400d5 (diff) | |
download | poky-0051510ae3e8f5d4dcd1f074bba1bd9c7e2362d9.tar.gz |
image/rootfs-postcommands: Separate out post rootfs commands to separate class
Reading image.bbclass is a little difficult as it has many post rootfs
helper functions and its hard to separate those from the core contents
of the rootfs/image code.
Moving it to a separate class would be one way of making it clearer
what these functions are. There are some comment layout improvements
but no code changes.
(From OE-Core rev: df4cb51c8e60fa46d4d15be8da3d84287ff08ae7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/image.bbclass | 240 | ||||
-rw-r--r-- | meta/classes/rootfs-postcommands.bbclass | 258 |
2 files changed, 259 insertions, 239 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 8242c568a8..da64cadd3a 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass | |||
@@ -191,31 +191,7 @@ inherit ${IMAGE_CLASSES} | |||
191 | 191 | ||
192 | IMAGE_POSTPROCESS_COMMAND ?= "" | 192 | IMAGE_POSTPROCESS_COMMAND ?= "" |
193 | 193 | ||
194 | # Zap the root password if debug-tweaks feature is not enabled | ||
195 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}' | ||
196 | 194 | ||
197 | # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled | ||
198 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}' | ||
199 | |||
200 | # Enable postinst logging if debug-tweaks is enabled | ||
201 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' | ||
202 | |||
203 | # Create /etc/timestamp during image construction to give a reasonably sane default time setting | ||
204 | ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; " | ||
205 | |||
206 | # Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled | ||
207 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}' | ||
208 | |||
209 | # Write manifest | ||
210 | IMAGE_MANIFEST = "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.manifest" | ||
211 | ROOTFS_POSTUNINSTALL_COMMAND =+ "write_image_manifest ; " | ||
212 | # Set default postinst log file | ||
213 | POSTINST_LOGFILE ?= "${localstatedir}/log/postinstall.log" | ||
214 | # Set default target for systemd images | ||
215 | SYSTEMD_DEFAULT_TARGET ?= '${@bb.utils.contains("IMAGE_FEATURES", "x11-base", "graphical.target", "multi-user.target", d)}' | ||
216 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES", "systemd", "set_systemd_default_target; ", "", d)}' | ||
217 | |||
218 | ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;' | ||
219 | 195 | ||
220 | # some default locales | 196 | # some default locales |
221 | IMAGE_LINGUAS ?= "de-de fr-fr en-gb" | 197 | IMAGE_LINGUAS ?= "de-de fr-fr en-gb" |
@@ -233,67 +209,7 @@ do_rootfs[cleandirs] += "${S}" | |||
233 | # task, so that we have a single fakeroot context for the whole process. | 209 | # task, so that we have a single fakeroot context for the whole process. |
234 | do_rootfs[umask] = "022" | 210 | do_rootfs[umask] = "022" |
235 | 211 | ||
236 | # A hook function to support read-only-rootfs IMAGE_FEATURES | 212 | inherit rootfs-postcommands |
237 | read_only_rootfs_hook () { | ||
238 | # Tweak the mount option and fs_passno for rootfs in fstab | ||
239 | sed -i -e '/^[#[:space:]]*\/dev\/root/{s/defaults/ro/;s/\([[:space:]]*[[:digit:]]\)\([[:space:]]*\)[[:digit:]]$/\1\20/}' ${IMAGE_ROOTFS}/etc/fstab | ||
240 | |||
241 | # If we're using openssh and the /etc/ssh directory has no pre-generated keys, | ||
242 | # we should configure openssh to use the configuration file /etc/ssh/sshd_config_readonly | ||
243 | # and the keys under /var/run/ssh. | ||
244 | if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then | ||
245 | if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then | ||
246 | echo "SYSCONFDIR=/etc/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
247 | echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
248 | else | ||
249 | echo "SYSCONFDIR=/var/run/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
250 | echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
251 | fi | ||
252 | fi | ||
253 | |||
254 | # Also tweak the key location for dropbear in the same way. | ||
255 | if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then | ||
256 | if [ -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then | ||
257 | echo "DROPBEAR_RSAKEY_DIR=/etc/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear | ||
258 | else | ||
259 | echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear | ||
260 | fi | ||
261 | fi | ||
262 | |||
263 | |||
264 | if ${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "true", "false", d)}; then | ||
265 | # Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes | ||
266 | if [ -e ${IMAGE_ROOTFS}/etc/default/rcS ]; then | ||
267 | sed -i 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' ${IMAGE_ROOTFS}/etc/default/rcS | ||
268 | fi | ||
269 | # Run populate-volatile.sh at rootfs time to set up basic files | ||
270 | # and directories to support read-only rootfs. | ||
271 | if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then | ||
272 | ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh | ||
273 | fi | ||
274 | fi | ||
275 | |||
276 | if ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "true", "false", d)}; then | ||
277 | # Update user database files so that services don't fail for a read-only systemd system | ||
278 | for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do | ||
279 | [ -e $conffile ] || continue | ||
280 | grep -v "^#" $conffile | sed -e '/^$/d' | while read type name id comment; do | ||
281 | if [ "$type" = "u" ]; then | ||
282 | useradd_params="" | ||
283 | [ "$id" != "-" ] && useradd_params="$useradd_params --uid $id" | ||
284 | [ "$comment" != "-" ] && useradd_params="$useradd_params --comment $comment" | ||
285 | useradd_params="$useradd_params --system $name" | ||
286 | eval useradd --root ${IMAGE_ROOTFS} $useradd_params || true | ||
287 | elif [ "$type" = "g" ]; then | ||
288 | groupadd_params="" | ||
289 | [ "$id" != "-" ] && groupadd_params="$groupadd_params --gid $id" | ||
290 | groupadd_params="$groupadd_params --system $name" | ||
291 | eval groupadd --root ${IMAGE_ROOTFS} $groupadd_params || true | ||
292 | fi | ||
293 | done | ||
294 | done | ||
295 | fi | ||
296 | } | ||
297 | 213 | ||
298 | PACKAGE_EXCLUDE ??= "" | 214 | PACKAGE_EXCLUDE ??= "" |
299 | PACKAGE_EXCLUDE[type] = "list" | 215 | PACKAGE_EXCLUDE[type] = "list" |
@@ -346,164 +262,10 @@ fakeroot python do_rootfs () { | |||
346 | create_image(d) | 262 | create_image(d) |
347 | } | 263 | } |
348 | 264 | ||
349 | insert_feed_uris () { | ||
350 | |||
351 | echo "Building feeds for [${DISTRO}].." | ||
352 | |||
353 | for line in ${FEED_URIS} | ||
354 | do | ||
355 | # strip leading and trailing spaces/tabs, then split into name and uri | ||
356 | line_clean="`echo "$line"|sed 's/^[ \t]*//;s/[ \t]*$//'`" | ||
357 | feed_name="`echo "$line_clean" | sed -n 's/\(.*\)##\(.*\)/\1/p'`" | ||
358 | feed_uri="`echo "$line_clean" | sed -n 's/\(.*\)##\(.*\)/\2/p'`" | ||
359 | |||
360 | echo "Added $feed_name feed with URL $feed_uri" | ||
361 | |||
362 | # insert new feed-sources | ||
363 | echo "src/gz $feed_name $feed_uri" >> ${IMAGE_ROOTFS}/etc/opkg/${feed_name}-feed.conf | ||
364 | done | ||
365 | } | ||
366 | |||
367 | MULTILIBRE_ALLOW_REP =. "${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|${sysconfdir}|${nonarch_base_libdir}/udev|/lib/modules/[^/]*/modules.*|" | 265 | MULTILIBRE_ALLOW_REP =. "${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|${sysconfdir}|${nonarch_base_libdir}/udev|/lib/modules/[^/]*/modules.*|" |
368 | MULTILIB_CHECK_FILE = "${WORKDIR}/multilib_check.py" | 266 | MULTILIB_CHECK_FILE = "${WORKDIR}/multilib_check.py" |
369 | MULTILIB_TEMP_ROOTFS = "${WORKDIR}/multilib" | 267 | MULTILIB_TEMP_ROOTFS = "${WORKDIR}/multilib" |
370 | 268 | ||
371 | # This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. | ||
372 | zap_empty_root_password () { | ||
373 | if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then | ||
374 | sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow | ||
375 | fi | ||
376 | if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then | ||
377 | sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd | ||
378 | fi | ||
379 | } | ||
380 | |||
381 | # allow dropbear/openssh to accept root logins and logins from accounts with an empty password string | ||
382 | ssh_allow_empty_password () { | ||
383 | if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then | ||
384 | sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config | ||
385 | sed -i 's/^[#[:space:]]*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config | ||
386 | fi | ||
387 | |||
388 | if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then | ||
389 | if grep -q DROPBEAR_EXTRA_ARGS ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear 2>/dev/null ; then | ||
390 | if ! grep -q "DROPBEAR_EXTRA_ARGS=.*-B" ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear ; then | ||
391 | sed -i 's/^DROPBEAR_EXTRA_ARGS="*\([^"]*\)"*/DROPBEAR_EXTRA_ARGS="\1 -B"/' ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear | ||
392 | fi | ||
393 | else | ||
394 | printf '\nDROPBEAR_EXTRA_ARGS="-B"\n' >> ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear | ||
395 | fi | ||
396 | fi | ||
397 | |||
398 | if [ -d ${IMAGE_ROOTFS}${sysconfdir}/pam.d ] ; then | ||
399 | sed -i 's/nullok_secure/nullok/' ${IMAGE_ROOTFS}${sysconfdir}/pam.d/* | ||
400 | fi | ||
401 | } | ||
402 | |||
403 | # Disable DNS lookups, the SSH_DISABLE_DNS_LOOKUP can be overridden to allow | ||
404 | # distros to choose not to take this change | ||
405 | SSH_DISABLE_DNS_LOOKUP ?= " ssh_disable_dns_lookup ; " | ||
406 | ROOTFS_POSTPROCESS_COMMAND_append_qemuall = "${SSH_DISABLE_DNS_LOOKUP}" | ||
407 | ssh_disable_dns_lookup () { | ||
408 | if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then | ||
409 | sed -i -e 's:#UseDNS yes:UseDNS no:' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config | ||
410 | fi | ||
411 | } | ||
412 | |||
413 | # Enable postinst logging if debug-tweaks is enabled | ||
414 | postinst_enable_logging () { | ||
415 | mkdir -p ${IMAGE_ROOTFS}${sysconfdir}/default | ||
416 | echo "POSTINST_LOGGING=1" >> ${IMAGE_ROOTFS}${sysconfdir}/default/postinst | ||
417 | echo "LOGFILE=${POSTINST_LOGFILE}" >> ${IMAGE_ROOTFS}${sysconfdir}/default/postinst | ||
418 | } | ||
419 | |||
420 | # Modify systemd default target | ||
421 | set_systemd_default_target () { | ||
422 | if [ -d ${IMAGE_ROOTFS}${sysconfdir}/systemd/system -a -e ${IMAGE_ROOTFS}${systemd_unitdir}/system/${SYSTEMD_DEFAULT_TARGET} ]; then | ||
423 | ln -sf ${systemd_unitdir}/system/${SYSTEMD_DEFAULT_TARGET} ${IMAGE_ROOTFS}${sysconfdir}/systemd/system/default.target | ||
424 | fi | ||
425 | } | ||
426 | |||
427 | # If /var/volatile is not empty, we have seen problems where programs such as the | ||
428 | # journal make assumptions based on the contents of /var/volatile. The journal | ||
429 | # would then write to /var/volatile before it was mounted, thus hiding the | ||
430 | # items previously written. | ||
431 | # | ||
432 | # This change is to attempt to fix those types of issues in a way that doesn't | ||
433 | # affect users that may not be using /var/volatile. | ||
434 | empty_var_volatile () { | ||
435 | if [ -e ${IMAGE_ROOTFS}/etc/fstab ]; then | ||
436 | match=`awk '$1 !~ "#" && $2 ~ /\/var\/volatile/{print $2}' ${IMAGE_ROOTFS}/etc/fstab 2> /dev/null` | ||
437 | if [ -n "$match" ]; then | ||
438 | find ${IMAGE_ROOTFS}/var/volatile -mindepth 1 -delete | ||
439 | fi | ||
440 | fi | ||
441 | } | ||
442 | |||
443 | # Turn any symbolic /sbin/init link into a file | ||
444 | remove_init_link () { | ||
445 | if [ -h ${IMAGE_ROOTFS}/sbin/init ]; then | ||
446 | LINKFILE=${IMAGE_ROOTFS}`readlink ${IMAGE_ROOTFS}/sbin/init` | ||
447 | rm ${IMAGE_ROOTFS}/sbin/init | ||
448 | cp $LINKFILE ${IMAGE_ROOTFS}/sbin/init | ||
449 | fi | ||
450 | } | ||
451 | |||
452 | make_zimage_symlink_relative () { | ||
453 | if [ -L ${IMAGE_ROOTFS}/boot/zImage ]; then | ||
454 | (cd ${IMAGE_ROOTFS}/boot/ && for i in `ls zImage-* | sort`; do ln -sf $i zImage; done) | ||
455 | fi | ||
456 | } | ||
457 | |||
458 | python write_image_manifest () { | ||
459 | from oe.rootfs import image_list_installed_packages | ||
460 | with open(d.getVar('IMAGE_MANIFEST', True), 'w+') as image_manifest: | ||
461 | image_manifest.write(image_list_installed_packages(d, 'ver')) | ||
462 | image_manifest.write("\n") | ||
463 | } | ||
464 | |||
465 | # Can be use to create /etc/timestamp during image construction to give a reasonably | ||
466 | # sane default time setting | ||
467 | rootfs_update_timestamp () { | ||
468 | date -u +%4Y%2m%2d%2H%2M%2S >${IMAGE_ROOTFS}/etc/timestamp | ||
469 | } | ||
470 | |||
471 | # Prevent X from being started | ||
472 | rootfs_no_x_startup () { | ||
473 | if [ -f ${IMAGE_ROOTFS}/etc/init.d/xserver-nodm ]; then | ||
474 | chmod a-x ${IMAGE_ROOTFS}/etc/init.d/xserver-nodm | ||
475 | fi | ||
476 | } | ||
477 | |||
478 | rootfs_trim_schemas () { | ||
479 | for schema in ${IMAGE_ROOTFS}/etc/gconf/schemas/*.schemas | ||
480 | do | ||
481 | # Need this in case no files exist | ||
482 | if [ -e $schema ]; then | ||
483 | oe-trim-schemas $schema > $schema.new | ||
484 | mv $schema.new $schema | ||
485 | fi | ||
486 | done | ||
487 | } | ||
488 | |||
489 | rootfs_check_host_user_contaminated () { | ||
490 | contaminated="${WORKDIR}/host-user-contaminated.txt" | ||
491 | HOST_USER_UID="$(PSEUDO_UNLOAD=1 id -u)" | ||
492 | HOST_USER_GID="$(PSEUDO_UNLOAD=1 id -g)" | ||
493 | |||
494 | find "${IMAGE_ROOTFS}" -wholename "${IMAGE_ROOTFS}/home" -prune \ | ||
495 | -user "$HOST_USER_UID" -o -group "$HOST_USER_GID" >"$contaminated" | ||
496 | |||
497 | if [ -s "$contaminated" ]; then | ||
498 | echo "WARNING: Paths in the rootfs are owned by the same user or group as the user running bitbake. See the logfile for the specific paths." | ||
499 | cat "$contaminated" | sed "s,^, ," | ||
500 | fi | ||
501 | } | ||
502 | |||
503 | # Make any absolute links in a sysroot relative | ||
504 | rootfs_sysroot_relativelinks () { | ||
505 | sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT} | ||
506 | } | ||
507 | 269 | ||
508 | do_fetch[noexec] = "1" | 270 | do_fetch[noexec] = "1" |
509 | do_unpack[noexec] = "1" | 271 | do_unpack[noexec] = "1" |
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass new file mode 100644 index 0000000000..7c440acf00 --- /dev/null +++ b/meta/classes/rootfs-postcommands.bbclass | |||
@@ -0,0 +1,258 @@ | |||
1 | |||
2 | # Zap the root password if debug-tweaks feature is not enabled | ||
3 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}' | ||
4 | |||
5 | # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled | ||
6 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}' | ||
7 | |||
8 | # Enable postinst logging if debug-tweaks is enabled | ||
9 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' | ||
10 | |||
11 | # Create /etc/timestamp during image construction to give a reasonably sane default time setting | ||
12 | ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; " | ||
13 | |||
14 | # Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled | ||
15 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}' | ||
16 | |||
17 | # Write manifest | ||
18 | IMAGE_MANIFEST = "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.manifest" | ||
19 | ROOTFS_POSTUNINSTALL_COMMAND =+ "write_image_manifest ; " | ||
20 | # Set default postinst log file | ||
21 | POSTINST_LOGFILE ?= "${localstatedir}/log/postinstall.log" | ||
22 | # Set default target for systemd images | ||
23 | SYSTEMD_DEFAULT_TARGET ?= '${@bb.utils.contains("IMAGE_FEATURES", "x11-base", "graphical.target", "multi-user.target", d)}' | ||
24 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES", "systemd", "set_systemd_default_target; ", "", d)}' | ||
25 | |||
26 | ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;' | ||
27 | |||
28 | # Disable DNS lookups, the SSH_DISABLE_DNS_LOOKUP can be overridden to allow | ||
29 | # distros to choose not to take this change | ||
30 | SSH_DISABLE_DNS_LOOKUP ?= " ssh_disable_dns_lookup ; " | ||
31 | ROOTFS_POSTPROCESS_COMMAND_append_qemuall = "${SSH_DISABLE_DNS_LOOKUP}" | ||
32 | |||
33 | |||
34 | |||
35 | # | ||
36 | # A hook function to support read-only-rootfs IMAGE_FEATURES | ||
37 | # | ||
38 | read_only_rootfs_hook () { | ||
39 | # Tweak the mount option and fs_passno for rootfs in fstab | ||
40 | sed -i -e '/^[#[:space:]]*\/dev\/root/{s/defaults/ro/;s/\([[:space:]]*[[:digit:]]\)\([[:space:]]*\)[[:digit:]]$/\1\20/}' ${IMAGE_ROOTFS}/etc/fstab | ||
41 | |||
42 | # If we're using openssh and the /etc/ssh directory has no pre-generated keys, | ||
43 | # we should configure openssh to use the configuration file /etc/ssh/sshd_config_readonly | ||
44 | # and the keys under /var/run/ssh. | ||
45 | if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then | ||
46 | if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then | ||
47 | echo "SYSCONFDIR=/etc/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
48 | echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
49 | else | ||
50 | echo "SYSCONFDIR=/var/run/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
51 | echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
52 | fi | ||
53 | fi | ||
54 | |||
55 | # Also tweak the key location for dropbear in the same way. | ||
56 | if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then | ||
57 | if [ -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then | ||
58 | echo "DROPBEAR_RSAKEY_DIR=/etc/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear | ||
59 | else | ||
60 | echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear | ||
61 | fi | ||
62 | fi | ||
63 | |||
64 | |||
65 | if ${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "true", "false", d)}; then | ||
66 | # Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes | ||
67 | if [ -e ${IMAGE_ROOTFS}/etc/default/rcS ]; then | ||
68 | sed -i 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' ${IMAGE_ROOTFS}/etc/default/rcS | ||
69 | fi | ||
70 | # Run populate-volatile.sh at rootfs time to set up basic files | ||
71 | # and directories to support read-only rootfs. | ||
72 | if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then | ||
73 | ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh | ||
74 | fi | ||
75 | fi | ||
76 | |||
77 | if ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "true", "false", d)}; then | ||
78 | # Update user database files so that services don't fail for a read-only systemd system | ||
79 | for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do | ||
80 | [ -e $conffile ] || continue | ||
81 | grep -v "^#" $conffile | sed -e '/^$/d' | while read type name id comment; do | ||
82 | if [ "$type" = "u" ]; then | ||
83 | useradd_params="" | ||
84 | [ "$id" != "-" ] && useradd_params="$useradd_params --uid $id" | ||
85 | [ "$comment" != "-" ] && useradd_params="$useradd_params --comment $comment" | ||
86 | useradd_params="$useradd_params --system $name" | ||
87 | eval useradd --root ${IMAGE_ROOTFS} $useradd_params || true | ||
88 | elif [ "$type" = "g" ]; then | ||
89 | groupadd_params="" | ||
90 | [ "$id" != "-" ] && groupadd_params="$groupadd_params --gid $id" | ||
91 | groupadd_params="$groupadd_params --system $name" | ||
92 | eval groupadd --root ${IMAGE_ROOTFS} $groupadd_params || true | ||
93 | fi | ||
94 | done | ||
95 | done | ||
96 | fi | ||
97 | } | ||
98 | |||
99 | # | ||
100 | # This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. | ||
101 | # | ||
102 | zap_empty_root_password () { | ||
103 | if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then | ||
104 | sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow | ||
105 | fi | ||
106 | if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then | ||
107 | sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd | ||
108 | fi | ||
109 | } | ||
110 | |||
111 | # | ||
112 | # allow dropbear/openssh to accept root logins and logins from accounts with an empty password string | ||
113 | # | ||
114 | ssh_allow_empty_password () { | ||
115 | if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then | ||
116 | sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config | ||
117 | sed -i 's/^[#[:space:]]*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config | ||
118 | fi | ||
119 | |||
120 | if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then | ||
121 | if grep -q DROPBEAR_EXTRA_ARGS ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear 2>/dev/null ; then | ||
122 | if ! grep -q "DROPBEAR_EXTRA_ARGS=.*-B" ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear ; then | ||
123 | sed -i 's/^DROPBEAR_EXTRA_ARGS="*\([^"]*\)"*/DROPBEAR_EXTRA_ARGS="\1 -B"/' ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear | ||
124 | fi | ||
125 | else | ||
126 | printf '\nDROPBEAR_EXTRA_ARGS="-B"\n' >> ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear | ||
127 | fi | ||
128 | fi | ||
129 | |||
130 | if [ -d ${IMAGE_ROOTFS}${sysconfdir}/pam.d ] ; then | ||
131 | sed -i 's/nullok_secure/nullok/' ${IMAGE_ROOTFS}${sysconfdir}/pam.d/* | ||
132 | fi | ||
133 | } | ||
134 | |||
135 | ssh_disable_dns_lookup () { | ||
136 | if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then | ||
137 | sed -i -e 's:#UseDNS yes:UseDNS no:' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config | ||
138 | fi | ||
139 | } | ||
140 | |||
141 | # | ||
142 | # Enable postinst logging if debug-tweaks is enabled | ||
143 | # | ||
144 | postinst_enable_logging () { | ||
145 | mkdir -p ${IMAGE_ROOTFS}${sysconfdir}/default | ||
146 | echo "POSTINST_LOGGING=1" >> ${IMAGE_ROOTFS}${sysconfdir}/default/postinst | ||
147 | echo "LOGFILE=${POSTINST_LOGFILE}" >> ${IMAGE_ROOTFS}${sysconfdir}/default/postinst | ||
148 | } | ||
149 | |||
150 | # | ||
151 | # Modify systemd default target | ||
152 | # | ||
153 | set_systemd_default_target () { | ||
154 | if [ -d ${IMAGE_ROOTFS}${sysconfdir}/systemd/system -a -e ${IMAGE_ROOTFS}${systemd_unitdir}/system/${SYSTEMD_DEFAULT_TARGET} ]; then | ||
155 | ln -sf ${systemd_unitdir}/system/${SYSTEMD_DEFAULT_TARGET} ${IMAGE_ROOTFS}${sysconfdir}/systemd/system/default.target | ||
156 | fi | ||
157 | } | ||
158 | |||
159 | # If /var/volatile is not empty, we have seen problems where programs such as the | ||
160 | # journal make assumptions based on the contents of /var/volatile. The journal | ||
161 | # would then write to /var/volatile before it was mounted, thus hiding the | ||
162 | # items previously written. | ||
163 | # | ||
164 | # This change is to attempt to fix those types of issues in a way that doesn't | ||
165 | # affect users that may not be using /var/volatile. | ||
166 | empty_var_volatile () { | ||
167 | if [ -e ${IMAGE_ROOTFS}/etc/fstab ]; then | ||
168 | match=`awk '$1 !~ "#" && $2 ~ /\/var\/volatile/{print $2}' ${IMAGE_ROOTFS}/etc/fstab 2> /dev/null` | ||
169 | if [ -n "$match" ]; then | ||
170 | find ${IMAGE_ROOTFS}/var/volatile -mindepth 1 -delete | ||
171 | fi | ||
172 | fi | ||
173 | } | ||
174 | |||
175 | # Turn any symbolic /sbin/init link into a file | ||
176 | remove_init_link () { | ||
177 | if [ -h ${IMAGE_ROOTFS}/sbin/init ]; then | ||
178 | LINKFILE=${IMAGE_ROOTFS}`readlink ${IMAGE_ROOTFS}/sbin/init` | ||
179 | rm ${IMAGE_ROOTFS}/sbin/init | ||
180 | cp $LINKFILE ${IMAGE_ROOTFS}/sbin/init | ||
181 | fi | ||
182 | } | ||
183 | |||
184 | make_zimage_symlink_relative () { | ||
185 | if [ -L ${IMAGE_ROOTFS}/boot/zImage ]; then | ||
186 | (cd ${IMAGE_ROOTFS}/boot/ && for i in `ls zImage-* | sort`; do ln -sf $i zImage; done) | ||
187 | fi | ||
188 | } | ||
189 | |||
190 | insert_feed_uris () { | ||
191 | |||
192 | echo "Building feeds for [${DISTRO}].." | ||
193 | |||
194 | for line in ${FEED_URIS} | ||
195 | do | ||
196 | # strip leading and trailing spaces/tabs, then split into name and uri | ||
197 | line_clean="`echo "$line"|sed 's/^[ \t]*//;s/[ \t]*$//'`" | ||
198 | feed_name="`echo "$line_clean" | sed -n 's/\(.*\)##\(.*\)/\1/p'`" | ||
199 | feed_uri="`echo "$line_clean" | sed -n 's/\(.*\)##\(.*\)/\2/p'`" | ||
200 | |||
201 | echo "Added $feed_name feed with URL $feed_uri" | ||
202 | |||
203 | # insert new feed-sources | ||
204 | echo "src/gz $feed_name $feed_uri" >> ${IMAGE_ROOTFS}/etc/opkg/${feed_name}-feed.conf | ||
205 | done | ||
206 | } | ||
207 | |||
208 | python write_image_manifest () { | ||
209 | from oe.rootfs import image_list_installed_packages | ||
210 | with open(d.getVar('IMAGE_MANIFEST', True), 'w+') as image_manifest: | ||
211 | image_manifest.write(image_list_installed_packages(d, 'ver')) | ||
212 | image_manifest.write("\n") | ||
213 | } | ||
214 | |||
215 | # Can be use to create /etc/timestamp during image construction to give a reasonably | ||
216 | # sane default time setting | ||
217 | rootfs_update_timestamp () { | ||
218 | date -u +%4Y%2m%2d%2H%2M%2S >${IMAGE_ROOTFS}/etc/timestamp | ||
219 | } | ||
220 | |||
221 | # Prevent X from being started | ||
222 | rootfs_no_x_startup () { | ||
223 | if [ -f ${IMAGE_ROOTFS}/etc/init.d/xserver-nodm ]; then | ||
224 | chmod a-x ${IMAGE_ROOTFS}/etc/init.d/xserver-nodm | ||
225 | fi | ||
226 | } | ||
227 | |||
228 | rootfs_trim_schemas () { | ||
229 | for schema in ${IMAGE_ROOTFS}/etc/gconf/schemas/*.schemas | ||
230 | do | ||
231 | # Need this in case no files exist | ||
232 | if [ -e $schema ]; then | ||
233 | oe-trim-schemas $schema > $schema.new | ||
234 | mv $schema.new $schema | ||
235 | fi | ||
236 | done | ||
237 | } | ||
238 | |||
239 | rootfs_check_host_user_contaminated () { | ||
240 | contaminated="${WORKDIR}/host-user-contaminated.txt" | ||
241 | HOST_USER_UID="$(PSEUDO_UNLOAD=1 id -u)" | ||
242 | HOST_USER_GID="$(PSEUDO_UNLOAD=1 id -g)" | ||
243 | |||
244 | find "${IMAGE_ROOTFS}" -wholename "${IMAGE_ROOTFS}/home" -prune \ | ||
245 | -user "$HOST_USER_UID" -o -group "$HOST_USER_GID" >"$contaminated" | ||
246 | |||
247 | if [ -s "$contaminated" ]; then | ||
248 | echo "WARNING: Paths in the rootfs are owned by the same user or group as the user running bitbake. See the logfile for the specific paths." | ||
249 | cat "$contaminated" | sed "s,^, ," | ||
250 | fi | ||
251 | } | ||
252 | |||
253 | # Make any absolute links in a sysroot relative | ||
254 | rootfs_sysroot_relativelinks () { | ||
255 | sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT} | ||
256 | } | ||
257 | |||
258 | |||