diff options
Diffstat (limited to 'meta/classes/image.bbclass')
-rw-r--r-- | meta/classes/image.bbclass | 66 |
1 files changed, 46 insertions, 20 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 6bbfaf8208..893eb40898 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -22,7 +22,7 @@ inherit ${TESTIMAGECLASS} # IMAGE_FEATURES may contain any available package group IMAGE_FEATURES ?= "" IMAGE_FEATURES[type] = "list" -IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs" +IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password allow-empty-password post-install-logging" # rootfs bootstrap install ROOTFS_BOOTSTRAP_INSTALL = "${@bb.utils.contains("IMAGE_FEATURES", "package-management", "", "${ROOTFS_PKGMANAGE_BOOTSTRAP}",d)}" @@ -52,7 +52,10 @@ def check_image_features(d): features = set(oe.data.typed_value('IMAGE_FEATURES', d)) for feature in features: if feature not in valid_features: - bb.fatal("'%s' in IMAGE_FEATURES is not a valid image feature. Valid features: %s" % (feature, ' '.join(valid_features))) + if bb.utils.contains('EXTRA_IMAGE_FEATURES', feature, True, False, d): + raise bb.parse.SkipRecipe("'%s' in IMAGE_FEATURES (added via EXTRA_IMAGE_FEATURES) is not a valid image feature. Valid features: %s" % (feature, ' '.join(valid_features))) + else: + raise bb.parse.SkipRecipe("'%s' in IMAGE_FEATURES is not a valid image feature. Valid features: %s" % (feature, ' '.join(valid_features))) IMAGE_INSTALL ?= "" IMAGE_INSTALL[type] = "list" @@ -63,6 +66,7 @@ PACKAGE_INSTALL_ATTEMPTONLY ?= "${FEATURE_INSTALL_OPTIONAL}" EXCLUDE_FROM_WORLD = "1" USE_DEVFS ?= "1" +USE_DEPMOD ?= "1" PID = "${@os.getpid()}" @@ -72,8 +76,10 @@ LDCONFIGDEPEND ?= "ldconfig-native:do_populate_sysroot" LDCONFIGDEPEND_libc-uclibc = "" LDCONFIGDEPEND_libc-musl = "" -do_rootfs[depends] += "makedevs-native:do_populate_sysroot virtual/fakeroot-native:do_populate_sysroot ${LDCONFIGDEPEND}" -do_rootfs[depends] += "virtual/update-alternatives-native:do_populate_sysroot update-rc.d-native:do_populate_sysroot" +do_rootfs[depends] += " \ + makedevs-native:do_populate_sysroot virtual/fakeroot-native:do_populate_sysroot ${LDCONFIGDEPEND} \ + virtual/update-alternatives-native:do_populate_sysroot update-rc.d-native:do_populate_sysroot \ + virtual/kernel:do_packagedata" do_rootfs[recrdeptask] += "do_packagedata" def command_variables(d): @@ -94,8 +100,8 @@ def rootfs_variables(d): 'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','RM_OLD_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS','SDK_OS', 'SDK_OUTPUT','SDKPATHNATIVE','SDKTARGETSYSROOT','SDK_DIR','SDK_VENDOR','SDKIMAGE_INSTALL_COMPLEMENTARY','SDK_PACKAGE_ARCHS','SDK_OUTPUT','SDKTARGETSYSROOT','MULTILIBRE_ALLOW_REP', 'MULTILIB_TEMP_ROOTFS','MULTILIB_VARIANTS','MULTILIBS','ALL_MULTILIB_PACKAGE_ARCHS','MULTILIB_GLOBAL_VARIANTS','BAD_RECOMMENDATIONS','NO_RECOMMENDATIONS','PACKAGE_ARCHS', - 'PACKAGE_CLASSES','TARGET_VENDOR','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','BUILDNAME','USE_DEVFS', - 'STAGING_KERNEL_DIR','COMPRESSIONTYPES'] + 'PACKAGE_CLASSES','TARGET_VENDOR','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','USE_DEVFS', + 'COMPRESSIONTYPES'] variables.extend(command_variables(d)) variables.extend(variable_depends(d)) return " ".join(variables) @@ -156,14 +162,19 @@ IMAGE_CLASSES += "image_types" inherit ${IMAGE_CLASSES} IMAGE_POSTPROCESS_COMMAND ?= "" -MACHINE_POSTPROCESS_COMMAND ?= "" + +# Zap the root password if debug-tweaks feature is not enabled +ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}' + # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled -ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "debug-tweaks", "ssh_allow_empty_password; ", "",d)}' +ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}' + # Enable postinst logging if debug-tweaks is enabled -ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "debug-tweaks", "postinst_enable_logging; ", "",d)}' +ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' + # Write manifest IMAGE_MANIFEST = "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.manifest" -ROOTFS_POSTPROCESS_COMMAND =+ "write_image_manifest ; " +ROOTFS_POSTUNINSTALL_COMMAND =+ "write_image_manifest ; " # Set default postinst log file POSTINST_LOGFILE ?= "${localstatedir}/log/postinstall.log" # Set default target for systemd images @@ -188,18 +199,17 @@ do_rootfs[cleandirs] += "${S}" do_rootfs[umask] = "022" # A hook function to support read-only-rootfs IMAGE_FEATURES -# Currently, it only supports sysvinit system. read_only_rootfs_hook () { # Tweak the mount option and fs_passno for rootfs in fstab sed -i -e '/^[#[:space:]]*\/dev\/root/{s/defaults/ro/;s/\([[:space:]]*[[:digit:]]\)\([[:space:]]*\)[[:digit:]]$/\1\20/}' ${IMAGE_ROOTFS}/etc/fstab if ${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "true", "false", d)}; then - # Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes + # Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes if [ -e ${IMAGE_ROOTFS}/etc/default/rcS ]; then sed -i 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' ${IMAGE_ROOTFS}/etc/default/rcS fi - # Run populate-volatile.sh at rootfs time to set up basic files - # and directories to support read-only rootfs. + # Run populate-volatile.sh at rootfs time to set up basic files + # and directories to support read-only rootfs. if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh fi @@ -216,6 +226,27 @@ read_only_rootfs_hook () { fi fi fi + + if ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "true", "false", d)}; then + # Update user database files so that services don't fail for a read-only systemd system + for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do + [ -e $conffile ] || continue + grep -v "^#" $conffile | sed -e '/^$/d' | while read type name id comment; do + if [ "$type" = "u" ]; then + useradd_params="" + [ "$id" != "-" ] && useradd_params="$useradd_params --uid $id" + [ "$comment" != "-" ] && useradd_params="$useradd_params --comment $comment" + useradd_params="$useradd_params --system $name" + eval useradd --root ${IMAGE_ROOTFS} $useradd_params || true + elif [ "$type" = "g" ]; then + groupadd_params="" + [ "$id" != "-" ] && groupadd_params="$groupadd_params --gid $id" + groupadd_params="$groupadd_params --system $name" + eval groupadd --root ${IMAGE_ROOTFS} $groupadd_params || true + fi + done + done + fi } PACKAGE_EXCLUDE ??= "" @@ -367,12 +398,6 @@ python write_image_manifest () { image_manifest.write(image_list_installed_packages(d, 'ver')) } -# Make login manager(s) enable automatic login. -# Useful for devices where we do not want to log in at all (e.g. phones) -set_image_autologin () { - sed -i 's%^AUTOLOGIN=\"false"%AUTOLOGIN="true"%g' ${IMAGE_ROOTFS}/etc/sysconfig/gpelogin -} - # Can be use to create /etc/timestamp during image construction to give a reasonably # sane default time setting rootfs_update_timestamp () { @@ -410,6 +435,7 @@ do_compile[noexec] = "1" do_install[noexec] = "1" do_populate_sysroot[noexec] = "1" do_package[noexec] = "1" +do_package_qa[noexec] = "1" do_packagedata[noexec] = "1" do_package_write_ipk[noexec] = "1" do_package_write_deb[noexec] = "1" |