> -----Original Message-----
> From: Robert Yang <[email protected]>
> Sent: den 15 mars 2021 03:32
> To: Peter Kjellerstedt <[email protected]>; openembedded-
> [email protected]
> Subject: Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a
> warning when login with root is disabled
>
> On 3/12/21 10:13 PM, Peter Kjellerstedt wrote:
> >> -----Original Message-----
> >> From: Robert Yang <[email protected]>
> >> Sent: den 9 mars 2021 09:32
> >> To: Peter Kjellerstedt <[email protected]>; openembedded-
> >> [email protected]
> >> Subject: Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a
> >> warning when login with root is disabled
> >>
> >> Hi Peter,
> >>
> >> On 3/5/21 6:18 PM, Peter Kjellerstedt wrote:
> >>>> -----Original Message-----
> >>>> From: [email protected] <openembedded-
> >>>> [email protected]> On Behalf Of Robert Yang
> >>>> Sent: den 5 mars 2021 09:49
> >>>> To: [email protected]
> >>>> Subject: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a
> >> warning when login with root is disabled
> >>>>
> >>>> Fixed:
> >>>> EXTRA_IMAGE_FEATURES_remove = "debug-tweaks"
> >>>> $ bitbake core-image-minimal
> >>>>
> >>>> Then we can't login to the system with root without any messages. Add
> >>>> a warning makes it easy to debug.
> >>>>
> >>>> Signed-off-by: Robert Yang <[email protected]>
> >>>> ---
> >>>> meta/classes/rootfs-postcommands.bbclass | 6 +++++-
> >>>> 1 file changed, 5 insertions(+), 1 deletion(-)
> >>>>
> >>>> diff --git a/meta/classes/rootfs-postcommands.bbclass
> >> b/meta/classes/rootfs-postcommands.bbclass
> >>>> index 1f27a3d07a..e4fe416ac9 100644
> >>>> --- a/meta/classes/rootfs-postcommands.bbclass
> >>>> +++ b/meta/classes/rootfs-postcommands.bbclass
> >>>> @@ -147,7 +147,11 @@ read_only_rootfs_hook () {
> >>>> zap_empty_root_password () {
> >>>> if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
> >>>> sed -i 's%^root::%root:*:%' >>
> >>>> ${IMAGE_ROOTFS}/etc/shadow
> >>>> - fi
> >>>> + grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow
> >>>
> >>> That will match any /etc/shadow file with "root:" in it. Change it to:
> >>>
> >>> grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow
> >>
> >> Thanks, I will update it.
> >>
> >>>
> >>> And make this optional. We intentionally do not have a root password
> >>> set in our
> >>
> >> I don't quite understand about "optional", when the command is:
> >>
> >> grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow
> >>
> >> Then empty root password in shadow is:
> >> root::
> >>
> >> so empty root password won't be matched?
> >
> > Sorry, I was unclear. We do not have an empty password, we have
> > "root:*:..." in /etc/shadow, and we obviously do not want this warning.
>
> Thanks, makes sense, then let's drop this patch, this patch is for
> debugging only, it doesn't matter to drop it.
>
> I wonder how to login when the line is "root:*:..." in /etc/shadow?
In our case, you have to set a password the first time you access the product's
web page.
> // Robert
>
> >
> >> // Robert
> >
> > //Peter
> >
> >>> products when they are delivered due to the state law (SB-327) that
> >>> went into effect on January 1, 2020 in California, which prohibits
> >>> default passwords to be used in IoT products.
> >>>
> >>>> + if [ $? -eq 0 ]; then
> >>>> + bbwarn "Login with root user is disabled since
> >>>> zap_empty_root_password is enabled"
> >>>> + fi
> >>>> + fi
> >>>> if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then
> >>>> sed -i 's%^root::%root:*:%' >>
> >>>> ${IMAGE_ROOTFS}/etc/passwd
> >>>> fi
> >>>> --
> >>>> 2.17.1
> >>>
> >>> //Peter
//Peter
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149452):
https://lists.openembedded.org/g/openembedded-core/message/149452
Mute This Topic: https://lists.openembedded.org/mt/81098576/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-