From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6654511347151142912 X-Received: by 2002:a1c:9cc2:: with SMTP id f185mr349742wme.10.1549374160748; Tue, 05 Feb 2019 05:42:40 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:6582:: with SMTP id z124ls2382174wmb.10.gmail; Tue, 05 Feb 2019 05:42:40 -0800 (PST) X-Google-Smtp-Source: AHgI3IZbDdy5Q31YDagnvF25m2+eFLn3Ek0+XZaa4K7gJCL1jSZ+3xcB12MdCFAAf1n4Tepvf8E0 X-Received: by 2002:a1c:9cc2:: with SMTP id f185mr349738wme.10.1549374160235; Tue, 05 Feb 2019 05:42:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549374160; cv=none; d=google.com; s=arc-20160816; b=yKB6KWa/UPMZYvGAQwWqstEnATjMtzFgIz/F16eObiFBHWkX92ryPt//tR0oUrpHgi vx4C+bbzH3MFresWgooHpjgVpebcdYvrkXEmCHOd8lAdLrjSBfvTeaw4Knw3txshLnu7 5WC7gehjJ/Skk/kC6X+abA52DMe6pBOWIqYjKc8C4wuIEXlV1mBJfCr9/ovWvxIahZ0F VeH8rNpsk1/I5HJbUmD9rBgMbgDgVrth0IgB2uA72CH4su4oHIyfttWu/EVekHp7lrEg kS6/AYeNEAHuAj5bLnnAK4VJprYWpffdw9IkADqb4yzsGi7IQAofStCFV7Gj1xAvaTCn 3RWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=fUOjlamG07qjF+akiE32hMFyO6jR6DSLmxfMrctMVvo=; b=TDT3PO7KyUhxiPsVdN48I35Jql+/NBV/lSCKGTSzmQU/syX6xLq6uSM5WH42Es6+gD +WTRI39TVpAQHiERD+VNUorgml5b9EIVJIVHwE+dNUlZLk0xPV+VZrmjVo7x+qewJ4Da IfJfDcvVRupqnQW9wEZt1wdwPDCkMjgbrkcmKI1/adyR3/5CkqFxXXnclrDiECRGxF9M ucwcZ4eGmS1BTLGajY5uEjyyFmmwsHp5cX4QTDFCYPv+jn6w3OVPp6PUS2g24p3w+72e kNfDixgzcsN/Fyj5pe+8wLYYfGIo6yMPQXWwm7QrUaqX65v0VhgfD5Tl2G5Xny0Z3HLn PNVw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id 64si528659wma.1.2019.02.05.05.42.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Feb 2019 05:42:40 -0800 (PST) Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x15Dgd6u006264 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 5 Feb 2019 14:42:39 +0100 Received: from ring.ppmd.siemens.net (linux-ses-ext02.ppmd.siemens.net [139.25.69.181]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x15Dgc1s012842; Tue, 5 Feb 2019 14:42:39 +0100 From: claudius.heine.ext@siemens.com To: isar-users@googlegroups.com Cc: Claudius Heine Subject: [RFC PATCH 1/2] meta: add isar-cfg-rootpw recipe for setting root password Date: Tue, 5 Feb 2019 14:42:34 +0100 Message-Id: <20190205134235.27523-2-claudius.heine.ext@siemens.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190205134235.27523-1-claudius.heine.ext@siemens.com> References: <20190205134235.27523-1-claudius.heine.ext@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: 8LtqxK9AjLc2 From: Claudius Heine The isar-cfg-rootpw recipe is a central point to set the root password for images. It provides the `CFG_ROOT_LOCKED` and `CFG_ROOT_PW` variables, that can be set from any `.conf` file or via `isar-cfg-rootpw.bbappend`. The `CFG_ROOT_LOCKED` variable that can be set to "1" in order to lock the root account, other values leave the account unlocked. The `CFG_ROOT_RW` variable contains either a root password, or is empty, in which case login without password is possible. Signed-off-by: Claudius Heine --- meta-isar/conf/local.conf.sample | 3 ++- .../recipes-app/example-raw/files/postinst | 4 ---- .../isar-cfg-rootpw/files/postinst.tmpl | 11 +++++++++++ .../isar-cfg-rootpw/isar-cfg-rootpw.bb | 19 +++++++++++++++++++ 4 files changed, 32 insertions(+), 5 deletions(-) create mode 100644 meta/recipes-support/isar-cfg-rootpw/files/postinst.tmpl create mode 100644 meta/recipes-support/isar-cfg-rootpw/isar-cfg-rootpw.bb diff --git a/meta-isar/conf/local.conf.sample b/meta-isar/conf/local.conf.sample index a671b20..a2bdd7e 100644 --- a/meta-isar/conf/local.conf.sample +++ b/meta-isar/conf/local.conf.sample @@ -161,7 +161,8 @@ CONF_VERSION = "1" # # The default list of extra packages to be installed. -IMAGE_INSTALL = "hello-isar example-raw example-module-${KERNEL_NAME} enable-fsck" +IMAGE_INSTALL = "hello-isar example-raw example-module-${KERNEL_NAME} enable-fsck \ + isar-cfg-rootpw" # # Enable cross-compilation support diff --git a/meta-isar/recipes-app/example-raw/files/postinst b/meta-isar/recipes-app/example-raw/files/postinst index f60be8c..f48d993 100644 --- a/meta-isar/recipes-app/example-raw/files/postinst +++ b/meta-isar/recipes-app/example-raw/files/postinst @@ -15,8 +15,4 @@ fi chown -R isar:isar /var/lib/isar -# this wins over meta-isar/recipes-core/images/files/*configscript.sh -# but we take the same password for this example -echo "root:root" | chpasswd - echo "isar" > /etc/hostname diff --git a/meta/recipes-support/isar-cfg-rootpw/files/postinst.tmpl b/meta/recipes-support/isar-cfg-rootpw/files/postinst.tmpl new file mode 100644 index 0000000..51e901e --- /dev/null +++ b/meta/recipes-support/isar-cfg-rootpw/files/postinst.tmpl @@ -0,0 +1,11 @@ +#!/bin/sh +set -e +if [ "${CFG_ROOT_LOCKED}" == "1" ]; then + passwd -l root +else + if [ -n "${CFG_ROOT_PW}" ]; then + echo "root:${CFG_ROOT_PW}" | chpasswd + else + passwd -d root + fi +fi diff --git a/meta/recipes-support/isar-cfg-rootpw/isar-cfg-rootpw.bb b/meta/recipes-support/isar-cfg-rootpw/isar-cfg-rootpw.bb new file mode 100644 index 0000000..adee3b5 --- /dev/null +++ b/meta/recipes-support/isar-cfg-rootpw/isar-cfg-rootpw.bb @@ -0,0 +1,19 @@ +# This software is a part of ISAR. + +DESCRIPTION = "Isar configuration package for root password" +MAINTAINER = "isar-users " +DEBIAN_DEPENDS = "passwd" + +SRC_URI = "file://postinst.tmpl" + +TEMPLATE_FILES = "postinst.tmpl" +TEMPLATE_VARS = "CFG_ROOT_PW CFG_ROOT_LOCKED" + +CFG_ROOT_PW ??= "" +CFG_ROOT_LOCKED ??= "0" + +inherit dpkg-raw + +do_install() { + echo "intentionally left blank" +} -- 2.20.1