diff options
Diffstat (limited to 'meta/classes-recipe/rootfs-postcommands.bbclass')
| -rw-r--r-- | meta/classes-recipe/rootfs-postcommands.bbclass | 57 |
1 files changed, 37 insertions, 20 deletions
diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass b/meta/classes-recipe/rootfs-postcommands.bbclass index e81b69a239..8b5822a0b5 100644 --- a/meta/classes-recipe/rootfs-postcommands.bbclass +++ b/meta/classes-recipe/rootfs-postcommands.bbclass | |||
| @@ -4,20 +4,20 @@ | |||
| 4 | # SPDX-License-Identifier: MIT | 4 | # SPDX-License-Identifier: MIT |
| 5 | # | 5 | # |
| 6 | 6 | ||
| 7 | # Zap the root password if debug-tweaks and empty-root-password features are not enabled | 7 | # Zap the root password if empty-root-password feature is not enabled |
| 8 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ",d)}' | 8 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "empty-root-password", "", "zap_empty_root_password ",d)}' |
| 9 | 9 | ||
| 10 | # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks or allow-empty-password is enabled | 10 | # Allow dropbear/openssh to accept logins from accounts with an empty password string if allow-empty-password is enabled |
| 11 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password ", "",d)}' | 11 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "allow-empty-password", "ssh_allow_empty_password ", "",d)}' |
| 12 | 12 | ||
| 13 | # Allow dropbear/openssh to accept root logins if debug-tweaks or allow-root-login is enabled | 13 | # Allow dropbear/openssh to accept root logins if allow-root-login is enabled |
| 14 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "ssh_allow_root_login ", "",d)}' | 14 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "allow-root-login", "ssh_allow_root_login ", "",d)}' |
| 15 | 15 | ||
| 16 | # Autologin the root user on the serial console, if empty-root-password and serial-autologin-root are active | 16 | # Autologin the root user on the serial console, if empty-root-password and serial-autologin-root are active |
| 17 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", [ 'empty-root-password', 'serial-autologin-root' ], "serial_autologin_root ", "",d)}' | 17 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", [ 'empty-root-password', 'serial-autologin-root' ], "serial_autologin_root ", "",d)}' |
| 18 | 18 | ||
| 19 | # Enable postinst logging if debug-tweaks or post-install-logging is enabled | 19 | # Enable postinst logging if post-install-logging is enabled |
| 20 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging ", "",d)}' | 20 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "post-install-logging", "postinst_enable_logging ", "",d)}' |
| 21 | 21 | ||
| 22 | # Create /etc/timestamp during image construction to give a reasonably sane default time setting | 22 | # Create /etc/timestamp during image construction to give a reasonably sane default time setting |
| 23 | ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp " | 23 | ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp " |
| @@ -43,7 +43,7 @@ ROOTFS_POSTUNINSTALL_COMMAND =+ "write_image_manifest" | |||
| 43 | POSTINST_LOGFILE ?= "${localstatedir}/log/postinstall.log" | 43 | POSTINST_LOGFILE ?= "${localstatedir}/log/postinstall.log" |
| 44 | # Set default target for systemd images | 44 | # Set default target for systemd images |
| 45 | SYSTEMD_DEFAULT_TARGET ?= '${@bb.utils.contains_any("IMAGE_FEATURES", [ "x11-base", "weston" ], "graphical.target", "multi-user.target", d)}' | 45 | SYSTEMD_DEFAULT_TARGET ?= '${@bb.utils.contains_any("IMAGE_FEATURES", [ "x11-base", "weston" ], "graphical.target", "multi-user.target", d)}' |
| 46 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES", "systemd", "set_systemd_default_target systemd_sysusers_check", "", d)}' | 46 | ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES", "systemd", "set_systemd_default_target systemd_sysusers_check systemd_handle_machine_id", "", d)}' |
| 47 | 47 | ||
| 48 | ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile' | 48 | ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile' |
| 49 | 49 | ||
| @@ -173,6 +173,23 @@ python systemd_sysusers_check() { | |||
| 173 | check_group_exists(d, sid) | 173 | check_group_exists(d, sid) |
| 174 | } | 174 | } |
| 175 | 175 | ||
| 176 | systemd_handle_machine_id() { | ||
| 177 | if ${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "true", "false", d)}; then | ||
| 178 | # Create machine-id | ||
| 179 | # 20:12 < mezcalero> koen: you have three options: a) run systemd-machine-id-setup at install time, b) have / read-only and an empty file there (for stateless) and c) boot with / writable | ||
| 180 | touch ${IMAGE_ROOTFS}${sysconfdir}/machine-id | ||
| 181 | fi | ||
| 182 | # In order to be backward compatible with the previous OE-core specific (re)implementation of systemctl | ||
| 183 | # we need to touch machine-id when handling presets and when the rootfs is NOT stateless | ||
| 184 | if ${@ 'true' if not bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True, False, d) else 'false'}; then | ||
| 185 | touch ${IMAGE_ROOTFS}${sysconfdir}/machine-id | ||
| 186 | if [ -e ${IMAGE_ROOTFS}${root_prefix}/lib/systemd/systemd ]; then | ||
| 187 | systemctl --root="${IMAGE_ROOTFS}" --preset-mode=enable-only preset-all | ||
| 188 | systemctl --root="${IMAGE_ROOTFS}" --global --preset-mode=enable-only preset-all | ||
| 189 | fi | ||
| 190 | fi | ||
| 191 | } | ||
| 192 | |||
| 176 | # | 193 | # |
| 177 | # A hook function to support read-only-rootfs IMAGE_FEATURES | 194 | # A hook function to support read-only-rootfs IMAGE_FEATURES |
| 178 | # | 195 | # |
| @@ -206,7 +223,9 @@ read_only_rootfs_hook () { | |||
| 206 | # Also tweak the key location for dropbear in the same way. | 223 | # Also tweak the key location for dropbear in the same way. |
| 207 | if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then | 224 | if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then |
| 208 | if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then | 225 | if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then |
| 209 | echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear | 226 | if ! grep -q "^DROPBEAR_RSAKEY_DIR=" ${IMAGE_ROOTFS}/etc/default/dropbear ; then |
| 227 | echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear | ||
| 228 | fi | ||
| 210 | fi | 229 | fi |
| 211 | fi | 230 | fi |
| 212 | fi | 231 | fi |
| @@ -222,12 +241,6 @@ read_only_rootfs_hook () { | |||
| 222 | ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh | 241 | ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh |
| 223 | fi | 242 | fi |
| 224 | fi | 243 | fi |
| 225 | |||
| 226 | if ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "true", "false", d)}; then | ||
| 227 | # Create machine-id | ||
| 228 | # 20:12 < mezcalero> koen: you have three options: a) run systemd-machine-id-setup at install time, b) have / read-only and an empty file there (for stateless) and c) boot with / writable | ||
| 229 | touch ${IMAGE_ROOTFS}${sysconfdir}/machine-id | ||
| 230 | fi | ||
| 231 | } | 244 | } |
| 232 | 245 | ||
| 233 | # | 246 | # |
| @@ -306,19 +319,19 @@ serial_autologin_root () { | |||
| 306 | } | 319 | } |
| 307 | 320 | ||
| 308 | python tidy_shadowutils_files () { | 321 | python tidy_shadowutils_files () { |
| 309 | import rootfspostcommands | 322 | import oe.rootfspostcommands |
| 310 | rootfspostcommands.tidy_shadowutils_files(d.expand('${IMAGE_ROOTFS}${sysconfdir}')) | 323 | oe.rootfspostcommands.tidy_shadowutils_files(d.expand('${IMAGE_ROOTFS}${sysconfdir}')) |
| 311 | } | 324 | } |
| 312 | 325 | ||
| 313 | python sort_passwd () { | 326 | python sort_passwd () { |
| 314 | """ | 327 | """ |
| 315 | Deprecated in the favour of tidy_shadowutils_files. | 328 | Deprecated in the favour of tidy_shadowutils_files. |
| 316 | """ | 329 | """ |
| 317 | import rootfspostcommands | 330 | import oe.rootfspostcommands |
| 318 | bb.warn('[sort_passwd] You are using a deprecated function for ' | 331 | bb.warn('[sort_passwd] You are using a deprecated function for ' |
| 319 | 'SORT_PASSWD_POSTPROCESS_COMMAND. The default one is now called ' | 332 | 'SORT_PASSWD_POSTPROCESS_COMMAND. The default one is now called ' |
| 320 | '"tidy_shadowutils_files".') | 333 | '"tidy_shadowutils_files".') |
| 321 | rootfspostcommands.tidy_shadowutils_files(d.expand('${IMAGE_ROOTFS}${sysconfdir}')) | 334 | oe.rootfspostcommands.tidy_shadowutils_files(d.expand('${IMAGE_ROOTFS}${sysconfdir}')) |
| 322 | } | 335 | } |
| 323 | 336 | ||
| 324 | # | 337 | # |
| @@ -485,6 +498,10 @@ rootfs_reproducible () { | |||
| 485 | find ${IMAGE_ROOTFS}${sysconfdir}/gconf -name '%gconf.xml' -print0 | xargs -0r \ | 498 | find ${IMAGE_ROOTFS}${sysconfdir}/gconf -name '%gconf.xml' -print0 | xargs -0r \ |
| 486 | sed -i -e 's@\bmtime="[0-9][0-9]*"@mtime="'${REPRODUCIBLE_TIMESTAMP_ROOTFS}'"@g' | 499 | sed -i -e 's@\bmtime="[0-9][0-9]*"@mtime="'${REPRODUCIBLE_TIMESTAMP_ROOTFS}'"@g' |
| 487 | fi | 500 | fi |
| 501 | |||
| 502 | if [ -f ${IMAGE_ROOTFS}${localstatedir}/lib/opkg/status ]; then | ||
| 503 | sed -i 's/^Installed-Time: .*/Installed-Time: ${REPRODUCIBLE_TIMESTAMP_ROOTFS}/' ${IMAGE_ROOTFS}${localstatedir}/lib/opkg/status | ||
| 504 | fi | ||
| 488 | fi | 505 | fi |
| 489 | } | 506 | } |
| 490 | 507 | ||