On 3/12/21 10:13 PM, Peter Kjellerstedt wrote:
-----Original Message-----
From: Robert Yang <[email protected]>
Sent: den 9 mars 2021 09:32
To: Peter Kjellerstedt <[email protected]>; openembedded-
[email protected]
Subject: Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a
warning when login with root is disabled

Hi Peter,

On 3/5/21 6:18 PM, Peter Kjellerstedt wrote:
-----Original Message-----
From: [email protected] <openembedded-
[email protected]> On Behalf Of Robert Yang
Sent: den 5 mars 2021 09:49
To: [email protected]
Subject: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a
warning when login with root is disabled

Fixed:
EXTRA_IMAGE_FEATURES_remove = "debug-tweaks"
$ bitbake core-image-minimal

Then we can't login to the system with root without any messages. Add a
warning
makes it easy to debug.

Signed-off-by: Robert Yang <[email protected]>
---
   meta/classes/rootfs-postcommands.bbclass | 6 +++++-
   1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/classes/rootfs-postcommands.bbclass
b/meta/classes/rootfs-postcommands.bbclass
index 1f27a3d07a..e4fe416ac9 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -147,7 +147,11 @@ read_only_rootfs_hook () {
   zap_empty_root_password () {
        if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
                sed -i 's%^root::%root:*:%'
${IMAGE_ROOTFS}/etc/shadow
-        fi
+               grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow

That will match any /etc/shadow file with "root:" in it. Change it to:

                grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow

Thanks, I will update it.


And make this optional. We intentionally do not have a root password set
in our

I don't quite understand about "optional", when the command is:

grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow

Then empty root password in shadow is:
root::

so empty root password won't be matched?

Sorry, I was unclear. We do not have an empty password, we have
"root:*:..." in /etc/shadow, and we obviously do not want this warning.

Thanks, makes sense, then let's drop this patch, this patch is for debugging only, it doesn't matter to drop it.

I wonder how to login when the line is "root:*:..." in /etc/shadow?

// Robert


// Robert

//Peter

products when they are delivered due to the state law (SB-327) that went
into
effect on January 1, 2020 in California, which prohibits default
passwords to
be used in IoT products.

+               if [ $? -eq 0 ]; then
+                       bbwarn "Login with root user is disabled
since zap_empty_root_password is enabled"
+               fi
+       fi
        if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then
                sed -i 's%^root::%root:*:%'
${IMAGE_ROOTFS}/etc/passwd
        fi
--
2.17.1

//Peter

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149448): 
https://lists.openembedded.org/g/openembedded-core/message/149448
Mute This Topic: https://lists.openembedded.org/mt/81098576/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to