On Sat, 29 Nov 2025 at 16:41, Chen Qi via lists.openembedded.org <[email protected]> wrote: > It's possible that users use EXTRA_USERS_PARAMS to set password > for root or explicitly expire root password. So we need to check > these two cases to ensure the 'no password' banner is not misleading. > > As an example: > In conf/toolcfg.cfg: > OE_FRAGMENTS += "distro/poky core/yocto/root-login-with-empty-password > In local.conf: > INHERIT += "extrausers" > EXTRA_USERS_PARAMS += " passwd-expire root;" > > Note that allowing 'empty-root-password' image feature + setting/expiring > root password has been working since available. This patch focuses on > the banner. We want to ensure that it's there only when root really has > empty password.
Ok, it took me a moment (and an image build/runqemu execution) to figure out the use case for the above. Which is: make an image that requires setting a root password on first boot, but without having to first enter a static initial password. In which case the banner is indeed misleading. The patch can probably be tweaked to ensure the check for needing to add a banner runs last (at the point where no further modifications to the root filesystem are going to happen), and it can be made unconditional, and only checking the actual content of the root filesystem, and not accessing IMAGE_FEATURES at all. Is that ok? Can you do it like that? And tweak the commit message to explain what that configuration actually does :) Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#226946): https://lists.openembedded.org/g/openembedded-core/message/226946 Mute This Topic: https://lists.openembedded.org/mt/116527245/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
