Re: [OE-core] [PATCH v2 2/2] classes/image: improve debug-tweaks ssh server configuration

Wed, 16 Jan 2013 08:41:37 -0800 

On Wed, Jan 16, 2013 at 03:38:13PM +0000, Paul Eggleton wrote:
> Create a single postprocessing function that enables no-password logins
> for both openssh and dropbear when debug-tweaks is in IMAGE_FEATURES,
> changing its behaviour slightly:
> * Run it regardless of whether ssh-server-* are in IMAGE_FEATURES so
>   that it still takes effect if these are installed by adding
>   dropbear/openssh to IMAGE_INSTALL.
> * Enable it to be run from image.bbclass rather than core-image.bbclass
>   so that it works for images that are using the former.
> 
> Second half of the fix for [YOCTO #2578].
> 
> Signed-off-by: Paul Eggleton <[email protected]>
> ---
>  meta/classes/core-image.bbclass |    3 ---
>  meta/classes/image.bbclass      |   10 ++++++++--
>  2 files changed, 8 insertions(+), 5 deletions(-)
> 
> diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
> index 2e67018..e0f6dbb 100644
> --- a/meta/classes/core-image.bbclass
> +++ b/meta/classes/core-image.bbclass
> @@ -76,6 +76,3 @@ ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
>  
>  # Zap the root password if debug-tweaks feature is not enabled
>  ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", 
> "debug-tweaks", "", "zap_root_password ; ",d)}'
> -# Allow openssh accept empty password login if both debug-tweaks and 
> ssh-server-openssh are enabled
> -ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", 
> "debug-tweaks ssh-server-openssh", "openssh_allow_empty_password; ", "",d)}'
> -
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index e494689..131958d 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -167,6 +167,8 @@ inherit ${IMAGE_CLASSES}
>  IMAGE_POSTPROCESS_COMMAND ?= ""
>  MACHINE_POSTPROCESS_COMMAND ?= ""
>  ROOTFS_POSTPROCESS_COMMAND_prepend = "run_intercept_scriptlets; "
> +# Allow dropbear/openssh to accept logins from accounts with an empty 
> password string if debug-tweaks is enabled
> +ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", 
> "debug-tweaks", "ssh_allow_empty_password; ", "",d)}'
>  
>  # some default locales
>  IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
> @@ -396,12 +398,16 @@ zap_root_password () {
>       mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
>  } 
>  
> -# allow openssh accept login with empty password string
> -openssh_allow_empty_password () {
> +# allow dropbear/openssh to accept root logins and logins from accounts with 
> an empty password string
> +ssh_allow_empty_password () {
>       if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
>               sed -i 's#.*PermitRootLogin.*#PermitRootLogin yes#' 
> ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config
>               sed -i 's#.*PermitEmptyPasswords.*#PermitEmptyPasswords yes#' 
> ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config
>       fi
> +
> +     if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then
> +             echo 'DROPBEAR_EXTRA_ARGS="-B"' > 
> ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear
> +     fi

Can we use >> here? In case some distro layer provides own
default/dropbear already?

Or grep + >> if you fear of duplication of that line, probably 
should be using sed to add -B if DROPBEAR_EXTRA_ARGS line is already
there without -B.

Cheers,

-- 
Martin 'JaMa' Jansa     jabber: [email protected]

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Reply via email to