diff options
| author | Antonin Godard <antonin.godard@bootlin.com> | 2024-12-20 13:16:35 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-12-28 10:57:47 +0000 |
| commit | abef9b08dc1e8de7c4088d982641a2784b98f378 (patch) | |
| tree | ea32f4068107dc2bea17d2001e88120884eec37a /documentation/dev-manual/securing-images.rst | |
| parent | e4c4208d126c133f8b36b6add5d917830237d5bc (diff) | |
| download | poky-abef9b08dc1e8de7c4088d982641a2784b98f378.tar.gz | |
Remove debug-tweaks references
We no longer provide this feature, so remove documentation for it. In
most cases, we can replace occurrences of "debug-tweaks" by
"allow-empty-password empty-root-password allow-root-login
post-install-logging" to achieve what this feature previously enabled.
Subtle, but the default local.conf does not include
post-install-logging, so in parts where there is mention of the default
local.conf file, adjust the documentation to only mention the first
three above.
In the intro manual, instead of providing instructions that replace
EXTRA_IMAGE_FEATURES entirely, provide ones that append
EXTRA_IMAGE_FEATURES.
(From yocto-docs rev: f0efd4c7df91863304b92514664bdd1fa62b1fbb)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/dev-manual/securing-images.rst')
| -rw-r--r-- | documentation/dev-manual/securing-images.rst | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/documentation/dev-manual/securing-images.rst b/documentation/dev-manual/securing-images.rst index e5791d3d6d..f4b528e559 100644 --- a/documentation/dev-manual/securing-images.rst +++ b/documentation/dev-manual/securing-images.rst | |||
| @@ -107,18 +107,18 @@ Considerations Specific to the OpenEmbedded Build System | |||
| 107 | You can take some steps that are specific to the OpenEmbedded build | 107 | You can take some steps that are specific to the OpenEmbedded build |
| 108 | system to make your images more secure: | 108 | system to make your images more secure: |
| 109 | 109 | ||
| 110 | - Ensure "debug-tweaks" is not one of your selected | 110 | - Ensure that "allow-empty-password", "allow-root-login", or |
| 111 | :term:`IMAGE_FEATURES`. | 111 | "empty-root-password" are not one of your selected :term:`IMAGE_FEATURES`. |
| 112 | When creating a new project, the default is to provide you with an | 112 | When creating a new project, the default is to provide you with an |
| 113 | initial ``local.conf`` file that enables this feature using the | 113 | initial ``local.conf`` file that enables these features using the |
| 114 | :term:`EXTRA_IMAGE_FEATURES` | 114 | :term:`EXTRA_IMAGE_FEATURES` |
| 115 | variable with the line:: | 115 | variable with the line:: |
| 116 | 116 | ||
| 117 | EXTRA_IMAGE_FEATURES = "debug-tweaks" | 117 | EXTRA_IMAGE_FEATURES = "allow-empty-password empty-root-password allow-root-login" |
| 118 | 118 | ||
| 119 | To disable that feature, simply comment out that line in your | 119 | To disable these features, simply comment out that line in your |
| 120 | ``local.conf`` file, or make sure :term:`IMAGE_FEATURES` does not contain | 120 | ``local.conf`` file, or make sure :term:`IMAGE_FEATURES` does not contain |
| 121 | "debug-tweaks" before producing your final image. Among other things, | 121 | any of these features before producing your final image. Among other things, |
| 122 | leaving this in place sets the root password as blank, which makes | 122 | leaving this in place sets the root password as blank, which makes |
| 123 | logging in for debugging or inspection easy during development but | 123 | logging in for debugging or inspection easy during development but |
| 124 | also means anyone can easily log in during production. | 124 | also means anyone can easily log in during production. |