diff options
Diffstat (limited to 'documentation/dev-manual')
| -rw-r--r-- | documentation/dev-manual/build-quality.rst | 2 | ||||
| -rw-r--r-- | documentation/dev-manual/customizing-images.rst | 3 | ||||
| -rw-r--r-- | documentation/dev-manual/securing-images.rst | 12 |
3 files changed, 8 insertions, 9 deletions
diff --git a/documentation/dev-manual/build-quality.rst b/documentation/dev-manual/build-quality.rst index 713ea3a48e..fbe5fb6f0b 100644 --- a/documentation/dev-manual/build-quality.rst +++ b/documentation/dev-manual/build-quality.rst | |||
| @@ -236,7 +236,7 @@ Here is an example of ``image-info.txt``: | |||
| 236 | DISTRO_VERSION = 3.4+snapshot-a0245d7be08f3d24ea1875e9f8872aa6bbff93be | 236 | DISTRO_VERSION = 3.4+snapshot-a0245d7be08f3d24ea1875e9f8872aa6bbff93be |
| 237 | USER_CLASSES = buildstats | 237 | USER_CLASSES = buildstats |
| 238 | IMAGE_CLASSES = qemuboot qemuboot license_image | 238 | IMAGE_CLASSES = qemuboot qemuboot license_image |
| 239 | IMAGE_FEATURES = debug-tweaks | 239 | IMAGE_FEATURES = allow-empty-password empty-root-password allow-root-login post-install-logging |
| 240 | IMAGE_LINGUAS = | 240 | IMAGE_LINGUAS = |
| 241 | IMAGE_INSTALL = packagegroup-core-boot speex speexdsp | 241 | IMAGE_INSTALL = packagegroup-core-boot speex speexdsp |
| 242 | BAD_RECOMMENDATIONS = | 242 | BAD_RECOMMENDATIONS = |
diff --git a/documentation/dev-manual/customizing-images.rst b/documentation/dev-manual/customizing-images.rst index 5b18958ade..6348259446 100644 --- a/documentation/dev-manual/customizing-images.rst +++ b/documentation/dev-manual/customizing-images.rst | |||
| @@ -62,8 +62,7 @@ To understand how these features work, the best reference is | |||
| 62 | :ref:`meta/classes-recipe/image.bbclass <ref-classes-image>`. | 62 | :ref:`meta/classes-recipe/image.bbclass <ref-classes-image>`. |
| 63 | This class lists out the available | 63 | This class lists out the available |
| 64 | :term:`IMAGE_FEATURES` of which most map to package groups while some, such | 64 | :term:`IMAGE_FEATURES` of which most map to package groups while some, such |
| 65 | as ``debug-tweaks`` and ``read-only-rootfs``, resolve as general | 65 | as ``read-only-rootfs``, resolve as general configuration settings. |
| 66 | configuration settings. | ||
| 67 | 66 | ||
| 68 | In summary, the file looks at the contents of the :term:`IMAGE_FEATURES` | 67 | In summary, the file looks at the contents of the :term:`IMAGE_FEATURES` |
| 69 | variable and then maps or configures the feature accordingly. Based on | 68 | variable and then maps or configures the feature accordingly. Based on |
diff --git a/documentation/dev-manual/securing-images.rst b/documentation/dev-manual/securing-images.rst index e5791d3d6d..f4b528e559 100644 --- a/documentation/dev-manual/securing-images.rst +++ b/documentation/dev-manual/securing-images.rst | |||
| @@ -107,18 +107,18 @@ Considerations Specific to the OpenEmbedded Build System | |||
| 107 | You can take some steps that are specific to the OpenEmbedded build | 107 | You can take some steps that are specific to the OpenEmbedded build |
| 108 | system to make your images more secure: | 108 | system to make your images more secure: |
| 109 | 109 | ||
| 110 | - Ensure "debug-tweaks" is not one of your selected | 110 | - Ensure that "allow-empty-password", "allow-root-login", or |
| 111 | :term:`IMAGE_FEATURES`. | 111 | "empty-root-password" are not one of your selected :term:`IMAGE_FEATURES`. |
| 112 | When creating a new project, the default is to provide you with an | 112 | When creating a new project, the default is to provide you with an |
| 113 | initial ``local.conf`` file that enables this feature using the | 113 | initial ``local.conf`` file that enables these features using the |
| 114 | :term:`EXTRA_IMAGE_FEATURES` | 114 | :term:`EXTRA_IMAGE_FEATURES` |
| 115 | variable with the line:: | 115 | variable with the line:: |
| 116 | 116 | ||
| 117 | EXTRA_IMAGE_FEATURES = "debug-tweaks" | 117 | EXTRA_IMAGE_FEATURES = "allow-empty-password empty-root-password allow-root-login" |
| 118 | 118 | ||
| 119 | To disable that feature, simply comment out that line in your | 119 | To disable these features, simply comment out that line in your |
| 120 | ``local.conf`` file, or make sure :term:`IMAGE_FEATURES` does not contain | 120 | ``local.conf`` file, or make sure :term:`IMAGE_FEATURES` does not contain |
| 121 | "debug-tweaks" before producing your final image. Among other things, | 121 | any of these features before producing your final image. Among other things, |
| 122 | leaving this in place sets the root password as blank, which makes | 122 | leaving this in place sets the root password as blank, which makes |
| 123 | logging in for debugging or inspection easy during development but | 123 | logging in for debugging or inspection easy during development but |
| 124 | also means anyone can easily log in during production. | 124 | also means anyone can easily log in during production. |