mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 00:39:46 +00:00
Code Issues Projects Releases Wiki Activity

rootfs-postcommands: split ssh_allow_empty_password

Browse Source 
"allow root login" should not be bundled in ssh_allow_empty_password,
because some distro may want only one of "allow root login" and "allow
empty password", so split it out into ssh_allow_root_login and add new
imagefeature allow-root-login so they can be controlled separately,
debug-tweaks will still include both of them.

(From OE-Core rev: 1ab494f06a12548a902298afabd0a842161ef10d)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Jackie Huang
2017-06-29 13:28:42 +08:00
committed by Richard Purdie
parent be73d2bf15
commit 7c1adcc6d7
3 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/classes/image.bbclass
+1 -1
View File
@@ -32,7 +32,7 @@ INHIBIT_DEFAULT_DEPS = "1"
# IMAGE_FEATURES may contain any available package group # IMAGE_FEATURES may contain any available package group
IMAGE_FEATURES ?= "" IMAGE_FEATURES ?= ""
IMAGE_FEATURES[type] = "list" IMAGE_FEATURES[type] = "list"
IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password allow-empty-password post-install-logging" IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password allow-empty-password allow-root-login post-install-logging"
# Generate companion debugfs? # Generate companion debugfs?
IMAGE_GEN_DEBUGFS ?= "0" IMAGE_GEN_DEBUGFS ?= "0"
meta/classes/rootfs-postcommands.bbclass
+22 -3
View File
@@ -2,9 +2,12 @@
# Zap the root password if debug-tweaks feature is not enabled # Zap the root password if debug-tweaks feature is not enabled
ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}' ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}'
# Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks or allow-empty-password is enabled
ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}' ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}'
# Allow dropbear/openssh to accept root logins if debug-tweaks or allow-root-login is enabled
ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "ssh_allow_root_login; ", "",d)}'
# Enable postinst logging if debug-tweaks is enabled # Enable postinst logging if debug-tweaks is enabled
ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}'
@@ -138,12 +141,11 @@ zap_empty_root_password () {
} }
# #
# allow dropbear/openssh to accept root logins and logins from accounts with an empty password string # allow dropbear/openssh to accept logins from accounts with an empty password string
# #
ssh_allow_empty_password () { ssh_allow_empty_password () {
for config in sshd_config sshd_config_readonly; do for config in sshd_config sshd_config_readonly; do
if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then
sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config
sed -i 's/^[#[:space:]]*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config sed -i 's/^[#[:space:]]*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config
fi fi
done done
@@ -166,6 +168,23 @@ ssh_allow_empty_password () {
fi fi
} }
#
# allow dropbear/openssh to accept root logins
#
ssh_allow_root_login () {
for config in sshd_config sshd_config_readonly; do
if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config ]; then
sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' ${IMAGE_ROOTFS}${sysconfdir}/ssh/$config
fi
done
if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then
if grep -q DROPBEAR_EXTRA_ARGS ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear 2>/dev/null ; then
sed -i '/^DROPBEAR_EXTRA_ARGS=/ s/-w//' ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear
fi
fi
}
python sort_passwd () { python sort_passwd () {
import rootfspostcommands import rootfspostcommands
rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}')) rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}'))
meta/lib/oeqa/selftest/cases/imagefeatures.py
+2 -2
View File
@@ -23,7 +23,7 @@ class ImageFeatures(OESelftestTestCase):
AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
""" """
features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh empty-root-password allow-empty-password"\n' features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh empty-root-password allow-empty-password allow-root-login"\n'
features += 'INHERIT += "extrausers"\n' features += 'INHERIT += "extrausers"\n'
features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user) features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user)
self.write_config(features) self.write_config(features)
@@ -49,7 +49,7 @@ class ImageFeatures(OESelftestTestCase):
AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
""" """
features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh allow-empty-password"\n' features = 'EXTRA_IMAGE_FEATURES = "ssh-server-openssh allow-empty-password allow-root-login"\n'
features += 'INHERIT += "extrausers"\n' features += 'INHERIT += "extrausers"\n'
features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user) features += 'EXTRA_USERS_PARAMS = "useradd -p \'\' {}; usermod -s /bin/sh {};"'.format(self.test_user, self.test_user)
self.write_config(features) self.write_config(features)