On 07/11/2024 13:47, Ross Burton wrote: > Remove the 'debug-tweaks' IMAGE_FEATURE. It sounds friendly and kind to > developers, but it results primarily in an image which root can login > remotely without a password. This is incredibly useful for local > development and testing purposes, but we really want to be explicit that > this is what is happening instead of hiding it behind a vague "debug > tweaks" statement. > > To preserve the eixsting behaviour, debug-tweaks should be replaced with > these features: > > allow-empty-password empty-root-password allow-root-login > post-install-logging > > Signed-off-by: Ross Burton <[email protected]> > --- > meta/classes-recipe/core-image.bbclass | 11 ++++++----- > meta/classes-recipe/image.bbclass | 2 +- > meta/classes-recipe/rootfs-postcommands.bbclass | 16 ++++++++-------- > 3 files changed, 15 insertions(+), 14 deletions(-) > > diff --git a/meta/classes-recipe/core-image.bbclass > b/meta/classes-recipe/core-image.bbclass > index 40fc15cb04f..4072e420c58 100644 > --- a/meta/classes-recipe/core-image.bbclass > +++ b/meta/classes-recipe/core-image.bbclass > @@ -26,11 +26,6 @@ > # - ssh-server-openssh - SSH server (openssh) > # - hwcodecs - Install hardware acceleration codecs > # - package-management - installs package management tools and preserves > the package manager database > -# - debug-tweaks - makes an image suitable for development, e.g. > allowing passwordless root logins > -# - empty-root-password > -# - allow-empty-password > -# - allow-root-login > -# - post-install-logging > # - serial-autologin-root - with 'empty-root-password': autologin 'root' on > the serial console > # - dev-pkgs - development packages (headers, etc.) for all > installed packages in the rootfs > # - dbg-pkgs - debug symbol packages for all installed packages > in the rootfs > @@ -43,6 +38,12 @@ > # - stateless-rootfs - systemctl-native not run, image populated by > systemd at runtime > # - splash - bootup splash screen > # > +# Features for development purposes (previously part of debug-tweaks): > +# - empty-root-password - the root user has no password set > +# - allow-empty-password - users can have an empty password > +# - allow-root-login - the root user can login
We should clarify that this means allow root to login via SSH, login via the console doesn't depend on this feature. Other than that, this is a definite improvement. Ship it! Thanks, -- Paul Barker
OpenPGP_0x27F4B3459F002257.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#206850): https://lists.openembedded.org/g/openembedded-core/message/206850 Mute This Topic: https://lists.openembedded.org/mt/109443911/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
