* [OE-core][PATCH V4 1/2] rootfs-postcommands.bbclass: fix echo + '\n' in 'no password' banner
@ 2025-12-01 5:25 Qi.Chen
2025-12-01 5:25 ` [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding " Qi.Chen
0 siblings, 1 reply; 5+ messages in thread
From: Qi.Chen @ 2025-12-01 5:25 UTC (permalink / raw)
To: openembedded-core; +Cc: alex
From: Chen Qi <Qi.Chen@windriver.com>
The '\n' means hostname instead of new line in /etc/issues.
bash and dash have different behavior on echo + '\n'.
So we avoid this '\n' and use an extra echo "" instead.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
meta/classes-recipe/rootfs-postcommands.bbclass | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass b/meta/classes-recipe/rootfs-postcommands.bbclass
index d3a569ba3e..f4fbc4c57e 100644
--- a/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -259,7 +259,8 @@ zap_empty_root_password () {
# This function adds a note to the login banner that the system is configured for root logins without password
#
add_empty_root_password_note () {
- echo "Type 'root' to login with superuser privileges (no password will be asked).\n" >> ${IMAGE_ROOTFS}/etc/issue
+ echo "Type 'root' to login with superuser privileges (no password will be asked)." >> ${IMAGE_ROOTFS}/etc/issue
+ echo "" >> ${IMAGE_ROOTFS}/etc/issue
}
#
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding 'no password' banner
2025-12-01 5:25 [OE-core][PATCH V4 1/2] rootfs-postcommands.bbclass: fix echo + '\n' in 'no password' banner Qi.Chen
@ 2025-12-01 5:25 ` Qi.Chen
2025-12-01 11:05 ` Alexander Kanavin
2025-12-03 19:37 ` Mathieu Dubois-Briand
0 siblings, 2 replies; 5+ messages in thread
From: Qi.Chen @ 2025-12-01 5:25 UTC (permalink / raw)
To: openembedded-core; +Cc: alex
From: Chen Qi <Qi.Chen@windriver.com>
It's possible that users use EXTRA_USERS_PARAMS to set password
for root or explicitly expire root password. So we need to check
these two cases to ensure the 'no password' banner is not misleading.
As an example, below are configurations to make an image requiring
setting a root password on first boot, but without having to first enter
a static initial password:
In conf/toolcfg.cfg:
OE_FRAGMENTS += "distro/poky core/yocto/root-login-with-empty-password
In local.conf:
INHERIT += "extrausers"
EXTRA_USERS_PARAMS += " passwd-expire root;"
Checking and adding such a banner is ensured to run as last steps of
ROOTFS_POSTPROCESS_COMMAND, regardless of IMAGE_FEATURES. In particualr,
we want to ensure that the function runs after set_user_group function
from extrausers.bbclass. So unlike other commands in this bbclass using
the '+=', this function uses ':append'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
meta/classes-recipe/rootfs-postcommands.bbclass | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass b/meta/classes-recipe/rootfs-postcommands.bbclass
index f4fbc4c57e..f57782b87b 100644
--- a/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -5,7 +5,7 @@
#
# Zap the root password if empty-root-password feature is not enabled
-ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "empty-root-password", "add_empty_root_password_note", "zap_empty_root_password ",d)}'
+ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "empty-root-password", "", "zap_empty_root_password ",d)}'
# Allow dropbear/openssh to accept logins from accounts with an empty password string if allow-empty-password is enabled
ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "allow-empty-password", "ssh_allow_empty_password ", "",d)}'
@@ -64,6 +64,10 @@ ROOTFS_POSTPROCESS_COMMAND += '${SORT_PASSWD_POSTPROCESS_COMMAND}'
#
ROOTFS_POSTPROCESS_COMMAND += 'rootfs_reproducible'
+# Check and add 'no root password' banner.
+# This needs to done at the end of ROOTFS_POSTPROCESS_COMMAND, thus using :append.
+ROOTFS_POSTPROCESS_COMMAND:append = " add_empty_root_password_note"
+
# Resolve the ID as described in the sysusers.d(5) manual: ID can be a numeric
# uid, a couple uid:gid or uid:groupname or it is '-' meaning leaving it
# automatic or it can be a path. In the latter, the uid/gid matches the
@@ -259,8 +263,12 @@ zap_empty_root_password () {
# This function adds a note to the login banner that the system is configured for root logins without password
#
add_empty_root_password_note () {
- echo "Type 'root' to login with superuser privileges (no password will be asked)." >> ${IMAGE_ROOTFS}/etc/issue
- echo "" >> ${IMAGE_ROOTFS}/etc/issue
+ rootpw="`grep '^root:' ${IMAGE_ROOTFS}/etc/shadow | cut -d':' -f2`"
+ rootpw_lastchanged="`grep "^root:" ${IMAGE_ROOTFS}/etc/shadow | cut -d: -f3`"
+ if [ -z "$rootpw" -a "$rootpw_lastchanged" != "0" ]; then
+ echo "Type 'root' to login with superuser privileges (no password will be asked)." >> ${IMAGE_ROOTFS}/etc/issue
+ echo "" >> ${IMAGE_ROOTFS}/etc/issue
+ fi
}
#
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding 'no password' banner
2025-12-01 5:25 ` [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding " Qi.Chen
@ 2025-12-01 11:05 ` Alexander Kanavin
2025-12-03 19:37 ` Mathieu Dubois-Briand
1 sibling, 0 replies; 5+ messages in thread
From: Alexander Kanavin @ 2025-12-01 11:05 UTC (permalink / raw)
To: Qi.Chen; +Cc: openembedded-core, alex
Thanks, I think this is fine.
Alex
On Mon, 1 Dec 2025 at 06:25, Chen Qi via lists.openembedded.org
<Qi.Chen=windriver.com@lists.openembedded.org> wrote:
>
> From: Chen Qi <Qi.Chen@windriver.com>
>
> It's possible that users use EXTRA_USERS_PARAMS to set password
> for root or explicitly expire root password. So we need to check
> these two cases to ensure the 'no password' banner is not misleading.
>
> As an example, below are configurations to make an image requiring
> setting a root password on first boot, but without having to first enter
> a static initial password:
>
> In conf/toolcfg.cfg:
> OE_FRAGMENTS += "distro/poky core/yocto/root-login-with-empty-password
> In local.conf:
> INHERIT += "extrausers"
> EXTRA_USERS_PARAMS += " passwd-expire root;"
>
> Checking and adding such a banner is ensured to run as last steps of
> ROOTFS_POSTPROCESS_COMMAND, regardless of IMAGE_FEATURES. In particualr,
> we want to ensure that the function runs after set_user_group function
> from extrausers.bbclass. So unlike other commands in this bbclass using
> the '+=', this function uses ':append'.
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
> meta/classes-recipe/rootfs-postcommands.bbclass | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass b/meta/classes-recipe/rootfs-postcommands.bbclass
> index f4fbc4c57e..f57782b87b 100644
> --- a/meta/classes-recipe/rootfs-postcommands.bbclass
> +++ b/meta/classes-recipe/rootfs-postcommands.bbclass
> @@ -5,7 +5,7 @@
> #
>
> # Zap the root password if empty-root-password feature is not enabled
> -ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "empty-root-password", "add_empty_root_password_note", "zap_empty_root_password ",d)}'
> +ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "empty-root-password", "", "zap_empty_root_password ",d)}'
>
> # Allow dropbear/openssh to accept logins from accounts with an empty password string if allow-empty-password is enabled
> ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "allow-empty-password", "ssh_allow_empty_password ", "",d)}'
> @@ -64,6 +64,10 @@ ROOTFS_POSTPROCESS_COMMAND += '${SORT_PASSWD_POSTPROCESS_COMMAND}'
> #
> ROOTFS_POSTPROCESS_COMMAND += 'rootfs_reproducible'
>
> +# Check and add 'no root password' banner.
> +# This needs to done at the end of ROOTFS_POSTPROCESS_COMMAND, thus using :append.
> +ROOTFS_POSTPROCESS_COMMAND:append = " add_empty_root_password_note"
> +
> # Resolve the ID as described in the sysusers.d(5) manual: ID can be a numeric
> # uid, a couple uid:gid or uid:groupname or it is '-' meaning leaving it
> # automatic or it can be a path. In the latter, the uid/gid matches the
> @@ -259,8 +263,12 @@ zap_empty_root_password () {
> # This function adds a note to the login banner that the system is configured for root logins without password
> #
> add_empty_root_password_note () {
> - echo "Type 'root' to login with superuser privileges (no password will be asked)." >> ${IMAGE_ROOTFS}/etc/issue
> - echo "" >> ${IMAGE_ROOTFS}/etc/issue
> + rootpw="`grep '^root:' ${IMAGE_ROOTFS}/etc/shadow | cut -d':' -f2`"
> + rootpw_lastchanged="`grep "^root:" ${IMAGE_ROOTFS}/etc/shadow | cut -d: -f3`"
> + if [ -z "$rootpw" -a "$rootpw_lastchanged" != "0" ]; then
> + echo "Type 'root' to login with superuser privileges (no password will be asked)." >> ${IMAGE_ROOTFS}/etc/issue
> + echo "" >> ${IMAGE_ROOTFS}/etc/issue
> + fi
> }
>
> #
> --
> 2.43.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#227114): https://lists.openembedded.org/g/openembedded-core/message/227114
> Mute This Topic: https://lists.openembedded.org/mt/116551793/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding 'no password' banner
2025-12-01 5:25 ` [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding " Qi.Chen
2025-12-01 11:05 ` Alexander Kanavin
@ 2025-12-03 19:37 ` Mathieu Dubois-Briand
2025-12-04 3:13 ` Chen, Qi
1 sibling, 1 reply; 5+ messages in thread
From: Mathieu Dubois-Briand @ 2025-12-03 19:37 UTC (permalink / raw)
To: Qi.Chen, openembedded-core; +Cc: alex
On Mon Dec 1, 2025 at 6:25 AM CET, Chen Qi via lists.openembedded.org wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
>
> It's possible that users use EXTRA_USERS_PARAMS to set password
> for root or explicitly expire root password. So we need to check
> these two cases to ensure the 'no password' banner is not misleading.
>
> As an example, below are configurations to make an image requiring
> setting a root password on first boot, but without having to first enter
> a static initial password:
>
> In conf/toolcfg.cfg:
> OE_FRAGMENTS += "distro/poky core/yocto/root-login-with-empty-password
> In local.conf:
> INHERIT += "extrausers"
> EXTRA_USERS_PARAMS += " passwd-expire root;"
>
> Checking and adding such a banner is ensured to run as last steps of
> ROOTFS_POSTPROCESS_COMMAND, regardless of IMAGE_FEATURES. In particualr,
> we want to ensure that the function runs after set_user_group function
> from extrausers.bbclass. So unlike other commands in this bbclass using
> the '+=', this function uses ':append'.
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
Hi Chen,
Thanks for your patch.
It looks like this is breaking the
containerimage.ContainerImageTests.test_expected_files selftest:
2025-12-03 13:55:47,169 - oe-selftest - INFO - containerimage.ContainerImageTests.test_expected_files (subunit.RemotedTestCase)
2025-12-03 13:55:47,176 - oe-selftest - INFO - ... FAIL
...
AssertionError: Lists differ: ['./'[14 chars]/etc/issue', './etc/ld.so.cache', './etc/times[112 chars]ib/'] != ['./'[14 chars]/etc/ld.so.cache', './etc/timestamp', './etc/v[97 chars]ib/']
First differing element 2:
'./etc/issue'
'./etc/ld.so.cache'
First list contains 1 additional elements.
First extra element 12:
'./var/lib/'
['./',
'./etc/',
- './etc/issue',
'./etc/ld.so.cache',
'./etc/timestamp',
'./etc/version',
'./run/',
'./usr/',
'./usr/bin/',
'./usr/bin/theapp',
'./var/',
'./var/cache/',
'./var/lib/']
https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/2787
https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/2682
https://autobuilder.yoctoproject.org/valkyrie/#/builders/23/builds/2926
Can you have a look at this?
Thanks,
Mathieu
--
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding 'no password' banner
2025-12-03 19:37 ` Mathieu Dubois-Briand
@ 2025-12-04 3:13 ` Chen, Qi
0 siblings, 0 replies; 5+ messages in thread
From: Chen, Qi @ 2025-12-04 3:13 UTC (permalink / raw)
To: Mathieu Dubois-Briand, openembedded-core@lists.openembedded.org
Cc: alex@linutronix.de
Yes, of course. I'll look into it.
Regards,
Qi
-----Original Message-----
From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Sent: Thursday, December 4, 2025 3:37 AM
To: Chen, Qi <Qi.Chen@windriver.com>; openembedded-core@lists.openembedded.org
Cc: alex@linutronix.de
Subject: Re: [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding 'no password' banner
On Mon Dec 1, 2025 at 6:25 AM CET, Chen Qi via lists.openembedded.org wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
>
> It's possible that users use EXTRA_USERS_PARAMS to set password for
> root or explicitly expire root password. So we need to check these two
> cases to ensure the 'no password' banner is not misleading.
>
> As an example, below are configurations to make an image requiring
> setting a root password on first boot, but without having to first
> enter a static initial password:
>
> In conf/toolcfg.cfg:
> OE_FRAGMENTS += "distro/poky core/yocto/root-login-with-empty-password
> In local.conf:
> INHERIT += "extrausers"
> EXTRA_USERS_PARAMS += " passwd-expire root;"
>
> Checking and adding such a banner is ensured to run as last steps of
> ROOTFS_POSTPROCESS_COMMAND, regardless of IMAGE_FEATURES. In
> particualr, we want to ensure that the function runs after
> set_user_group function from extrausers.bbclass. So unlike other
> commands in this bbclass using the '+=', this function uses ':append'.
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
Hi Chen,
Thanks for your patch.
It looks like this is breaking the
containerimage.ContainerImageTests.test_expected_files selftest:
2025-12-03 13:55:47,169 - oe-selftest - INFO - containerimage.ContainerImageTests.test_expected_files (subunit.RemotedTestCase)
2025-12-03 13:55:47,176 - oe-selftest - INFO - ... FAIL ...
AssertionError: Lists differ: ['./'[14 chars]/etc/issue', './etc/ld.so.cache', './etc/times[112 chars]ib/'] != ['./'[14 chars]/etc/ld.so.cache', './etc/timestamp', './etc/v[97 chars]ib/']
First differing element 2:
'./etc/issue'
'./etc/ld.so.cache'
First list contains 1 additional elements.
First extra element 12:
'./var/lib/'
['./',
'./etc/',
- './etc/issue',
'./etc/ld.so.cache',
'./etc/timestamp',
'./etc/version',
'./run/',
'./usr/',
'./usr/bin/',
'./usr/bin/theapp',
'./var/',
'./var/cache/',
'./var/lib/']
https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/2787
https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/2682
https://autobuilder.yoctoproject.org/valkyrie/#/builders/23/builds/2926
Can you have a look at this?
Thanks,
Mathieu
--
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-12-04 3:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-01 5:25 [OE-core][PATCH V4 1/2] rootfs-postcommands.bbclass: fix echo + '\n' in 'no password' banner Qi.Chen
2025-12-01 5:25 ` [OE-core][PATCH V4 2/2] rootfs-postcommands.bbclass: fix adding " Qi.Chen
2025-12-01 11:05 ` Alexander Kanavin
2025-12-03 19:37 ` Mathieu Dubois-Briand
2025-12-04 3:13 ` Chen, Qi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.