From: Chen Qi <qi.c...@windriver.com> Previously, this function replaces the root password with '*' if 'debug-tweaks' is not in IMAGE_FEATURES. It not only zaps empty root password, but also zaps non-empty root password. That means, if the user uses a bbappend file for base-passwd to set the root password, he would not be able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set the root password, he would still not be able to login as root.
What we really want from this function is to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. This function should not remove non-empty root password because that password is usually deliberately set by the user. This patch renames zap_root_password to zap_empty_root_password to better reflect the intent of this function. It also modifies the code to make this function work correctly. Signed-off-by: Chen Qi <qi.c...@windriver.com> --- meta/classes/core-image.bbclass | 2 +- meta/classes/image.bbclass | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass index e7c34e2..fc4bd2f 100644 --- a/meta/classes/core-image.bbclass +++ b/meta/classes/core-image.bbclass @@ -74,7 +74,7 @@ inherit image ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; " # Zap the root password if debug-tweaks feature is not enabled -ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}' +ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_empty_root_password ; ",d)}' # Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}' diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 168f283..c6d9db8 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -562,11 +562,13 @@ rootfs_uninstall_unneeded () { fi } -# set '*' as the root password so the images -# can decide if they want it or not -zap_root_password () { - sed 's%^root:[^:]*:%root:*:%' < ${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new - mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd +# This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. +zap_empty_root_password () { + if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then + sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow + elif [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then + sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd + fi } # allow dropbear/openssh to accept root logins and logins from accounts with an empty password string @@ -648,7 +650,7 @@ rootfs_sysroot_relativelinks () { sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT} } -EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup +EXPORT_FUNCTIONS zap_empty_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup do_fetch[noexec] = "1" do_unpack[noexec] = "1" -- 1.7.9.5 _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core