* [PATCH 0/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled
@ 2021-03-05 8:49 Robert Yang
2021-03-05 8:49 ` [PATCH 1/1] " Robert Yang
0 siblings, 1 reply; 7+ messages in thread
From: Robert Yang @ 2021-03-05 8:49 UTC (permalink / raw)
To: openembedded-core
The following changes since commit 6db24928d62aeb093a0e6da6619713eaca57a96f:
recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipes (2021-03-02 20:35:08 +0000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib rbt/root
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/root
Robert Yang (1):
rootfs-postcommands.bbclass: Print a warning when login with root is
disabled
meta/classes/rootfs-postcommands.bbclass | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--
2.17.1
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCH 1/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled 2021-03-05 8:49 [PATCH 0/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled Robert Yang @ 2021-03-05 8:49 ` Robert Yang 2021-03-05 10:18 ` [OE-core] " Peter Kjellerstedt 0 siblings, 1 reply; 7+ messages in thread From: Robert Yang @ 2021-03-05 8:49 UTC (permalink / raw) To: openembedded-core Fixed: EXTRA_IMAGE_FEATURES_remove = "debug-tweaks" $ bitbake core-image-minimal Then we can't login to the system with root without any messages. Add a warning makes it easy to debug. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- meta/classes/rootfs-postcommands.bbclass | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass index 1f27a3d07a..e4fe416ac9 100644 --- a/meta/classes/rootfs-postcommands.bbclass +++ b/meta/classes/rootfs-postcommands.bbclass @@ -147,7 +147,11 @@ read_only_rootfs_hook () { zap_empty_root_password () { if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow - fi + grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow + if [ $? -eq 0 ]; then + bbwarn "Login with root user is disabled since zap_empty_root_password is enabled" + fi + fi if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd fi -- 2.17.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled 2021-03-05 8:49 ` [PATCH 1/1] " Robert Yang @ 2021-03-05 10:18 ` Peter Kjellerstedt 2021-03-09 8:32 ` Robert Yang 0 siblings, 1 reply; 7+ messages in thread From: Peter Kjellerstedt @ 2021-03-05 10:18 UTC (permalink / raw) To: Robert Yang, openembedded-core@lists.openembedded.org > -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded- > core@lists.openembedded.org> On Behalf Of Robert Yang > Sent: den 5 mars 2021 09:49 > To: openembedded-core@lists.openembedded.org > Subject: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled > > Fixed: > EXTRA_IMAGE_FEATURES_remove = "debug-tweaks" > $ bitbake core-image-minimal > > Then we can't login to the system with root without any messages. Add a warning > makes it easy to debug. > > Signed-off-by: Robert Yang <liezhi.yang@windriver.com> > --- > meta/classes/rootfs-postcommands.bbclass | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass > index 1f27a3d07a..e4fe416ac9 100644 > --- a/meta/classes/rootfs-postcommands.bbclass > +++ b/meta/classes/rootfs-postcommands.bbclass > @@ -147,7 +147,11 @@ read_only_rootfs_hook () { > zap_empty_root_password () { > if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then > sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow > - fi > + grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow That will match any /etc/shadow file with "root:" in it. Change it to: grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow And make this optional. We intentionally do not have a root password set in our products when they are delivered due to the state law (SB-327) that went into effect on January 1, 2020 in California, which prohibits default passwords to be used in IoT products. > + if [ $? -eq 0 ]; then > + bbwarn "Login with root user is disabled since zap_empty_root_password is enabled" > + fi > + fi > if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then > sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd > fi > -- > 2.17.1 //Peter ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled 2021-03-05 10:18 ` [OE-core] " Peter Kjellerstedt @ 2021-03-09 8:32 ` Robert Yang 2021-03-12 14:13 ` Peter Kjellerstedt 0 siblings, 1 reply; 7+ messages in thread From: Robert Yang @ 2021-03-09 8:32 UTC (permalink / raw) To: Peter Kjellerstedt, openembedded-core@lists.openembedded.org Hi Peter, On 3/5/21 6:18 PM, Peter Kjellerstedt wrote: >> -----Original Message----- >> From: openembedded-core@lists.openembedded.org <openembedded- >> core@lists.openembedded.org> On Behalf Of Robert Yang >> Sent: den 5 mars 2021 09:49 >> To: openembedded-core@lists.openembedded.org >> Subject: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled >> >> Fixed: >> EXTRA_IMAGE_FEATURES_remove = "debug-tweaks" >> $ bitbake core-image-minimal >> >> Then we can't login to the system with root without any messages. Add a warning >> makes it easy to debug. >> >> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> >> --- >> meta/classes/rootfs-postcommands.bbclass | 6 +++++- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass >> index 1f27a3d07a..e4fe416ac9 100644 >> --- a/meta/classes/rootfs-postcommands.bbclass >> +++ b/meta/classes/rootfs-postcommands.bbclass >> @@ -147,7 +147,11 @@ read_only_rootfs_hook () { >> zap_empty_root_password () { >> if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then >> sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow >> - fi >> + grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow > > That will match any /etc/shadow file with "root:" in it. Change it to: > > grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow Thanks, I will update it. > > And make this optional. We intentionally do not have a root password set in our I don't quite understand about "optional", when the command is: grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow Then empty root password in shadow is: root:: so empty root password won't be matched? // Robert > products when they are delivered due to the state law (SB-327) that went into > effect on January 1, 2020 in California, which prohibits default passwords to > be used in IoT products. > >> + if [ $? -eq 0 ]; then >> + bbwarn "Login with root user is disabled since zap_empty_root_password is enabled" >> + fi >> + fi >> if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then >> sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd >> fi >> -- >> 2.17.1 > > //Peter > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled 2021-03-09 8:32 ` Robert Yang @ 2021-03-12 14:13 ` Peter Kjellerstedt 2021-03-15 2:31 ` Robert Yang 0 siblings, 1 reply; 7+ messages in thread From: Peter Kjellerstedt @ 2021-03-12 14:13 UTC (permalink / raw) To: Robert Yang, openembedded-core@lists.openembedded.org > -----Original Message----- > From: Robert Yang <liezhi.yang@windriver.com> > Sent: den 9 mars 2021 09:32 > To: Peter Kjellerstedt <peter.kjellerstedt@axis.com>; openembedded- > core@lists.openembedded.org > Subject: Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a > warning when login with root is disabled > > Hi Peter, > > On 3/5/21 6:18 PM, Peter Kjellerstedt wrote: > >> -----Original Message----- > >> From: openembedded-core@lists.openembedded.org <openembedded- > >> core@lists.openembedded.org> On Behalf Of Robert Yang > >> Sent: den 5 mars 2021 09:49 > >> To: openembedded-core@lists.openembedded.org > >> Subject: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a > warning when login with root is disabled > >> > >> Fixed: > >> EXTRA_IMAGE_FEATURES_remove = "debug-tweaks" > >> $ bitbake core-image-minimal > >> > >> Then we can't login to the system with root without any messages. Add a > warning > >> makes it easy to debug. > >> > >> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> > >> --- > >> meta/classes/rootfs-postcommands.bbclass | 6 +++++- > >> 1 file changed, 5 insertions(+), 1 deletion(-) > >> > >> diff --git a/meta/classes/rootfs-postcommands.bbclass > b/meta/classes/rootfs-postcommands.bbclass > >> index 1f27a3d07a..e4fe416ac9 100644 > >> --- a/meta/classes/rootfs-postcommands.bbclass > >> +++ b/meta/classes/rootfs-postcommands.bbclass > >> @@ -147,7 +147,11 @@ read_only_rootfs_hook () { > >> zap_empty_root_password () { > >> if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then > >> sed -i 's%^root::%root:*:%' > ${IMAGE_ROOTFS}/etc/shadow > >> - fi > >> + grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow > > > > That will match any /etc/shadow file with "root:" in it. Change it to: > > > > grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow > > Thanks, I will update it. > > > > > And make this optional. We intentionally do not have a root password set > in our > > I don't quite understand about "optional", when the command is: > > grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow > > Then empty root password in shadow is: > root:: > > so empty root password won't be matched? Sorry, I was unclear. We do not have an empty password, we have "root:*:..." in /etc/shadow, and we obviously do not want this warning. > // Robert //Peter > > products when they are delivered due to the state law (SB-327) that went > into > > effect on January 1, 2020 in California, which prohibits default > passwords to > > be used in IoT products. > > > >> + if [ $? -eq 0 ]; then > >> + bbwarn "Login with root user is disabled > since zap_empty_root_password is enabled" > >> + fi > >> + fi > >> if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then > >> sed -i 's%^root::%root:*:%' > ${IMAGE_ROOTFS}/etc/passwd > >> fi > >> -- > >> 2.17.1 > > > > //Peter > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled 2021-03-12 14:13 ` Peter Kjellerstedt @ 2021-03-15 2:31 ` Robert Yang 2021-03-15 11:14 ` Peter Kjellerstedt 0 siblings, 1 reply; 7+ messages in thread From: Robert Yang @ 2021-03-15 2:31 UTC (permalink / raw) To: Peter Kjellerstedt, openembedded-core@lists.openembedded.org On 3/12/21 10:13 PM, Peter Kjellerstedt wrote: >> -----Original Message----- >> From: Robert Yang <liezhi.yang@windriver.com> >> Sent: den 9 mars 2021 09:32 >> To: Peter Kjellerstedt <peter.kjellerstedt@axis.com>; openembedded- >> core@lists.openembedded.org >> Subject: Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a >> warning when login with root is disabled >> >> Hi Peter, >> >> On 3/5/21 6:18 PM, Peter Kjellerstedt wrote: >>>> -----Original Message----- >>>> From: openembedded-core@lists.openembedded.org <openembedded- >>>> core@lists.openembedded.org> On Behalf Of Robert Yang >>>> Sent: den 5 mars 2021 09:49 >>>> To: openembedded-core@lists.openembedded.org >>>> Subject: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a >> warning when login with root is disabled >>>> >>>> Fixed: >>>> EXTRA_IMAGE_FEATURES_remove = "debug-tweaks" >>>> $ bitbake core-image-minimal >>>> >>>> Then we can't login to the system with root without any messages. Add a >> warning >>>> makes it easy to debug. >>>> >>>> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> >>>> --- >>>> meta/classes/rootfs-postcommands.bbclass | 6 +++++- >>>> 1 file changed, 5 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/meta/classes/rootfs-postcommands.bbclass >> b/meta/classes/rootfs-postcommands.bbclass >>>> index 1f27a3d07a..e4fe416ac9 100644 >>>> --- a/meta/classes/rootfs-postcommands.bbclass >>>> +++ b/meta/classes/rootfs-postcommands.bbclass >>>> @@ -147,7 +147,11 @@ read_only_rootfs_hook () { >>>> zap_empty_root_password () { >>>> if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then >>>> sed -i 's%^root::%root:*:%' >> ${IMAGE_ROOTFS}/etc/shadow >>>> - fi >>>> + grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow >>> >>> That will match any /etc/shadow file with "root:" in it. Change it to: >>> >>> grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow >> >> Thanks, I will update it. >> >>> >>> And make this optional. We intentionally do not have a root password set >> in our >> >> I don't quite understand about "optional", when the command is: >> >> grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow >> >> Then empty root password in shadow is: >> root:: >> >> so empty root password won't be matched? > > Sorry, I was unclear. We do not have an empty password, we have > "root:*:..." in /etc/shadow, and we obviously do not want this warning. Thanks, makes sense, then let's drop this patch, this patch is for debugging only, it doesn't matter to drop it. I wonder how to login when the line is "root:*:..." in /etc/shadow? // Robert > >> // Robert > > //Peter > >>> products when they are delivered due to the state law (SB-327) that went >> into >>> effect on January 1, 2020 in California, which prohibits default >> passwords to >>> be used in IoT products. >>> >>>> + if [ $? -eq 0 ]; then >>>> + bbwarn "Login with root user is disabled >> since zap_empty_root_password is enabled" >>>> + fi >>>> + fi >>>> if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then >>>> sed -i 's%^root::%root:*:%' >> ${IMAGE_ROOTFS}/etc/passwd >>>> fi >>>> -- >>>> 2.17.1 >>> >>> //Peter >>> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled 2021-03-15 2:31 ` Robert Yang @ 2021-03-15 11:14 ` Peter Kjellerstedt 0 siblings, 0 replies; 7+ messages in thread From: Peter Kjellerstedt @ 2021-03-15 11:14 UTC (permalink / raw) To: Robert Yang, openembedded-core@lists.openembedded.org > -----Original Message----- > From: Robert Yang <liezhi.yang@windriver.com> > Sent: den 15 mars 2021 03:32 > To: Peter Kjellerstedt <peter.kjellerstedt@axis.com>; openembedded- > core@lists.openembedded.org > Subject: Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a > warning when login with root is disabled > > On 3/12/21 10:13 PM, Peter Kjellerstedt wrote: > >> -----Original Message----- > >> From: Robert Yang <liezhi.yang@windriver.com> > >> Sent: den 9 mars 2021 09:32 > >> To: Peter Kjellerstedt <peter.kjellerstedt@axis.com>; openembedded- > >> core@lists.openembedded.org > >> Subject: Re: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a > >> warning when login with root is disabled > >> > >> Hi Peter, > >> > >> On 3/5/21 6:18 PM, Peter Kjellerstedt wrote: > >>>> -----Original Message----- > >>>> From: openembedded-core@lists.openembedded.org <openembedded- > >>>> core@lists.openembedded.org> On Behalf Of Robert Yang > >>>> Sent: den 5 mars 2021 09:49 > >>>> To: openembedded-core@lists.openembedded.org > >>>> Subject: [OE-core] [PATCH 1/1] rootfs-postcommands.bbclass: Print a > >> warning when login with root is disabled > >>>> > >>>> Fixed: > >>>> EXTRA_IMAGE_FEATURES_remove = "debug-tweaks" > >>>> $ bitbake core-image-minimal > >>>> > >>>> Then we can't login to the system with root without any messages. Add > >>>> a warning makes it easy to debug. > >>>> > >>>> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> > >>>> --- > >>>> meta/classes/rootfs-postcommands.bbclass | 6 +++++- > >>>> 1 file changed, 5 insertions(+), 1 deletion(-) > >>>> > >>>> diff --git a/meta/classes/rootfs-postcommands.bbclass > >> b/meta/classes/rootfs-postcommands.bbclass > >>>> index 1f27a3d07a..e4fe416ac9 100644 > >>>> --- a/meta/classes/rootfs-postcommands.bbclass > >>>> +++ b/meta/classes/rootfs-postcommands.bbclass > >>>> @@ -147,7 +147,11 @@ read_only_rootfs_hook () { > >>>> zap_empty_root_password () { > >>>> if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then > >>>> sed -i 's%^root::%root:*:%' >> ${IMAGE_ROOTFS}/etc/shadow > >>>> - fi > >>>> + grep -q '^root:*:' ${IMAGE_ROOTFS}/etc/shadow > >>> > >>> That will match any /etc/shadow file with "root:" in it. Change it to: > >>> > >>> grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow > >> > >> Thanks, I will update it. > >> > >>> > >>> And make this optional. We intentionally do not have a root password > >>> set in our > >> > >> I don't quite understand about "optional", when the command is: > >> > >> grep -q '^root:\*:' ${IMAGE_ROOTFS}/etc/shadow > >> > >> Then empty root password in shadow is: > >> root:: > >> > >> so empty root password won't be matched? > > > > Sorry, I was unclear. We do not have an empty password, we have > > "root:*:..." in /etc/shadow, and we obviously do not want this warning. > > Thanks, makes sense, then let's drop this patch, this patch is for > debugging only, it doesn't matter to drop it. > > I wonder how to login when the line is "root:*:..." in /etc/shadow? In our case, you have to set a password the first time you access the product's web page. > // Robert > > > > >> // Robert > > > > //Peter > > > >>> products when they are delivered due to the state law (SB-327) that > >>> went into effect on January 1, 2020 in California, which prohibits > >>> default passwords to be used in IoT products. > >>> > >>>> + if [ $? -eq 0 ]; then > >>>> + bbwarn "Login with root user is disabled since zap_empty_root_password is enabled" > >>>> + fi > >>>> + fi > >>>> if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then > >>>> sed -i 's%^root::%root:*:%' >> ${IMAGE_ROOTFS}/etc/passwd > >>>> fi > >>>> -- > >>>> 2.17.1 > >>> > >>> //Peter //Peter ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-03-15 11:14 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-03-05 8:49 [PATCH 0/1] rootfs-postcommands.bbclass: Print a warning when login with root is disabled Robert Yang 2021-03-05 8:49 ` [PATCH 1/1] " Robert Yang 2021-03-05 10:18 ` [OE-core] " Peter Kjellerstedt 2021-03-09 8:32 ` Robert Yang 2021-03-12 14:13 ` Peter Kjellerstedt 2021-03-15 2:31 ` Robert Yang 2021-03-15 11:14 ` Peter Kjellerstedt
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox