Re: [OE-core] [PATCH 16/24] dropbear: add default config file to disable root login

Thu, 24 May 2018 22:44:39 -0700 


On 05/25/2018 11:34 AM, Andre McCurdy wrote:

On Thu, May 24, 2018 at 7:48 PM, Robert Yang <[email protected]> wrote:

From: Jackie Huang <[email protected]>

root login is disabled by default for openssh and we can
enable it through IMAGE_FEATURES 'debug-tweaks' or
'allow-empty-password', so change to the same default
behavior for dropbear.

Signed-off-by: Jackie Huang <[email protected]>
---
  meta/recipes-core/dropbear/dropbear.inc              | 3 +++
  meta/recipes-core/dropbear/dropbear/dropbear.default | 2 ++
  2 files changed, 5 insertions(+)
  create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear.default

diff --git a/meta/recipes-core/dropbear/dropbear.inc 
b/meta/recipes-core/dropbear/dropbear.inc
index 16ac644..3c79be9 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -20,6 +20,7 @@ SRC_URI = 
"http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
             file://dropbearkey.service \
             file://[email protected] \
             file://dropbear.socket \
+           file://dropbear.default \
             ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', 
d)} "

  PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
@@ -63,6 +64,8 @@ do_install() {
                 ${D}${sbindir} \
                 ${D}${localstatedir}

+       install -m 0755 ${WORKDIR}/dropbear.default 
${D}${sysconfdir}/default/dropbear


Files in /etc/default don't need to be executable.


Thanks, I updated it to 0644 in the repo:

install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear

// Robert




+
         install -m 0755 dropbearmulti ${D}${sbindir}/
         ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient

diff --git a/meta/recipes-core/dropbear/dropbear/dropbear.default 
b/meta/recipes-core/dropbear/dropbear/dropbear.default
new file mode 100644
index 0000000..522453a
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/dropbear.default
@@ -0,0 +1,2 @@
+# Disallow root logins by default
+DROPBEAR_EXTRA_ARGS="-w"
--
2.7.4

--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core



--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core























					Reply via email to