> -----Original Message-----
> From: Robert Yang <[email protected]>
> Sent: den 9 mars 2021 09:32
> To: Peter Kjellerstedt <[email protected]>; openembedded-
> [email protected]
> Subject: Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a
> warning when login with root is disabled
> 
> Hi Peter,
> 
> On 3/5/21 6:18 PM, Peter Kjellerstedt wrote:
> >> -----Original Message-----
> >> From: [email protected] <openembedded-
> >> [email protected]> On Behalf Of Robert Yang
> >> Sent: den 5 mars 2021 09:49
> >> To: [email protected]
> >> Subject: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a
> warning when login with root is disabled
> >>
> >> Fixed:
> >> EXTRA_IMAGE_FEATURES_remove = "debug-tweaks"
> >> $ bitbake core-image-minimal
> >>
> >> Then we can't login to the system with root without any messages. Add a
> warning
> >> makes it easy to debug.
> >>
> >> Signed-off-by: Robert Yang <[email protected]>
> >> ---
> >>   meta/classes/rootfs-postcommands.bbclass | 6 +++++-
> >>   1 file changed, 5 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/meta/classes/rootfs-postcommands.bbclass
> b/meta/classes/rootfs-postcommands.bbclass
> >> index 1f27a3d07a..e4fe416ac9 100644
> >> --- a/meta/classes/rootfs-postcommands.bbclass
> >> +++ b/meta/classes/rootfs-postcommands.bbclass
> >> @@ -147,7 +147,11 @@ read_only_rootfs_hook () {
> >>   zap_empty_root_password () {
> >>    if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
> >>            sed -i 's%^root::%root:*:%'
> ${IMAGE_ROOTFS}/etc/shadow
> >> -        fi
> >> +          grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow
> >
> > That will match any /etc/shadow file with "root:" in it. Change it to:
> >
> >             grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow
> 
> Thanks, I will update it.
> 
> >
> > And make this optional. We intentionally do not have a root password set
> in our
> 
> I don't quite understand about "optional", when the command is:
> 
> grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow
> 
> Then empty root password in shadow is:
> root::
> 
> so empty root password won't be matched?

Sorry, I was unclear. We do not have an empty password, we have 
"root:*:..." in /etc/shadow, and we obviously do not want this warning.

> // Robert

//Peter

> > products when they are delivered due to the state law (SB-327) that went
> into
> > effect on January 1, 2020 in California, which prohibits default
> passwords to
> > be used in IoT products.
> >
> >> +          if [ $? -eq 0 ]; then
> >> +                  bbwarn "Login with root user is disabled
> since zap_empty_root_password is enabled"
> >> +          fi
> >> +  fi
> >>    if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then
> >>            sed -i 's%^root::%root:*:%'
> ${IMAGE_ROOTFS}/etc/passwd
> >>    fi
> >> --
> >> 2.17.1
> >
> > //Peter
> >
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149345): 
https://lists.openembedded.org/g/openembedded-core/message/149345
Mute This Topic: https://lists.openembedded.org/mt/81098576/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to