aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2013-12-11 05:41:36 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-12-14 09:16:37 (GMT)
commitc38fee231b42b9123dd1fd102235eac6240ba4c8 (patch)
treec221fcba9bde5019a0e009b7a47d7be5fe12c6ca
parent7b58b5feaa22c82e997165fc130c8545f5b1a129 (diff)
downloadpoky-c38fee231b42b9123dd1fd102235eac6240ba4c8.zip
poky-c38fee231b42b9123dd1fd102235eac6240ba4c8.tar.gz
poky-c38fee231b42b9123dd1fd102235eac6240ba4c8.tar.bz2
image.bbclass: fix for zap_root_password
Previously, this function replaces the root password with '*' if 'debug-tweaks' is not in IMAGE_FEATURES. It not only zaps empty root password, but also zaps non-empty root password. That means, if the user uses a bbappend file for base-passwd to set the root password, he would not be able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set the root password, he would still not be able to login as root. What we really want from this function is to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. This function should not remove non-empty root password because that password is usually deliberately set by the user. This patch renames zap_root_password to zap_empty_root_password to better reflect the intent of this function. It also modifies the code to make this function work correctly. (From OE-Core rev: c1037a74f934966a0df8c85138b09d672b9f8b36) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/core-image.bbclass2
-rw-r--r--meta/classes/image.bbclass14
2 files changed, 9 insertions, 7 deletions
diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
index e7c34e2..fc4bd2f 100644
--- a/meta/classes/core-image.bbclass
+++ b/meta/classes/core-image.bbclass
@@ -74,7 +74,7 @@ inherit image
ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
# Zap the root password if debug-tweaks feature is not enabled
-ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
+ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_empty_root_password ; ",d)}'
# Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled
ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}'
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 012aef3..c595721 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -562,11 +562,13 @@ rootfs_uninstall_unneeded () {
fi
}
-# set '*' as the root password so the images
-# can decide if they want it or not
-zap_root_password () {
- sed 's%^root:[^:]*:%root:*:%' < ${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new
- mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
+# This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES.
+zap_empty_root_password () {
+ if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
+ sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow
+ elif [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then
+ sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd
+ fi
}
# allow dropbear/openssh to accept root logins and logins from accounts with an empty password string
@@ -648,7 +650,7 @@ rootfs_sysroot_relativelinks () {
sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT}
}
-EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
+EXPORT_FUNCTIONS zap_empty_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
do_fetch[noexec] = "1"
do_unpack[noexec] = "1"