From: Henning Schild <henning.schild@siemens.com>
To: "[ext] claudius.heine.ext@siemens.com" <claudius.heine.ext@siemens.com>
Cc: <isar-users@googlegroups.com>, Claudius Heine <ch@denx.de>
Subject: Re: [RFC PATCH 1/2] meta: add isar-cfg-rootpw recipe for setting root password
Date: Wed, 6 Feb 2019 13:12:25 +0100 [thread overview]
Message-ID: <20190206131225.7d2b6212@md1za8fc.ad001.siemens.net> (raw)
In-Reply-To: <20190205134235.27523-2-claudius.heine.ext@siemens.com>
Good idea to tackle the password problem! The current way of not having
a fallback in Isar means that every layer has to somehow deal with the
rootpw, and once you start combining layers you get conflicts of
multiple packages wanting to set the password.
The result is a "random" password depending on the install order of the
several packages.
We need one central way (fallback) again. One that supports
one/emtpy/no passwd cases just like your suggestion.
What i do not like is the fact that the package will always have the
same PN-PV, even if the content is different. Say you find the .dep
somewhere and install it with "dpkg -i", the result will be pretty
random again, depending on where you found the .deb.
Henning
Am Tue, 5 Feb 2019 14:42:34 +0100
schrieb "[ext] claudius.heine.ext@siemens.com"
<claudius.heine.ext@siemens.com>:
> From: Claudius Heine <ch@denx.de>
>
> The isar-cfg-rootpw recipe is a central point to set the root password
> for images. It provides the `CFG_ROOT_LOCKED` and `CFG_ROOT_PW`
> variables, that can be set from any `.conf` file or via
> `isar-cfg-rootpw.bbappend`.
>
> The `CFG_ROOT_LOCKED` variable that can be set to "1" in order to lock
> the root account, other values leave the account unlocked.
>
> The `CFG_ROOT_RW` variable contains either a root password, or is
> empty, in which case login without password is possible.
>
> Signed-off-by: Claudius Heine <ch@denx.de>
> ---
> meta-isar/conf/local.conf.sample | 3 ++-
> .../recipes-app/example-raw/files/postinst | 4 ----
> .../isar-cfg-rootpw/files/postinst.tmpl | 11 +++++++++++
> .../isar-cfg-rootpw/isar-cfg-rootpw.bb | 19
> +++++++++++++++++++ 4 files changed, 32 insertions(+), 5 deletions(-)
> create mode 100644
> meta/recipes-support/isar-cfg-rootpw/files/postinst.tmpl create mode
> 100644 meta/recipes-support/isar-cfg-rootpw/isar-cfg-rootpw.bb
>
> diff --git a/meta-isar/conf/local.conf.sample
> b/meta-isar/conf/local.conf.sample index a671b20..a2bdd7e 100644
> --- a/meta-isar/conf/local.conf.sample
> +++ b/meta-isar/conf/local.conf.sample
> @@ -161,7 +161,8 @@ CONF_VERSION = "1"
>
> #
> # The default list of extra packages to be installed.
> -IMAGE_INSTALL = "hello-isar example-raw
> example-module-${KERNEL_NAME} enable-fsck" +IMAGE_INSTALL =
> "hello-isar example-raw example-module-${KERNEL_NAME} enable-fsck \
> + isar-cfg-rootpw"
>
> #
> # Enable cross-compilation support
> diff --git a/meta-isar/recipes-app/example-raw/files/postinst
> b/meta-isar/recipes-app/example-raw/files/postinst index
> f60be8c..f48d993 100644 ---
> a/meta-isar/recipes-app/example-raw/files/postinst +++
> b/meta-isar/recipes-app/example-raw/files/postinst @@ -15,8 +15,4 @@
> fi
> chown -R isar:isar /var/lib/isar
>
> -# this wins over meta-isar/recipes-core/images/files/*configscript.sh
> -# but we take the same password for this example
> -echo "root:root" | chpasswd
> -
> echo "isar" > /etc/hostname
> diff --git a/meta/recipes-support/isar-cfg-rootpw/files/postinst.tmpl
> b/meta/recipes-support/isar-cfg-rootpw/files/postinst.tmpl new file
> mode 100644 index 0000000..51e901e
> --- /dev/null
> +++ b/meta/recipes-support/isar-cfg-rootpw/files/postinst.tmpl
> @@ -0,0 +1,11 @@
> +#!/bin/sh
> +set -e
> +if [ "${CFG_ROOT_LOCKED}" == "1" ]; then
> + passwd -l root
> +else
> + if [ -n "${CFG_ROOT_PW}" ]; then
> + echo "root:${CFG_ROOT_PW}" | chpasswd
> + else
> + passwd -d root
> + fi
> +fi
> diff --git a/meta/recipes-support/isar-cfg-rootpw/isar-cfg-rootpw.bb
> b/meta/recipes-support/isar-cfg-rootpw/isar-cfg-rootpw.bb new file
> mode 100644 index 0000000..adee3b5
> --- /dev/null
> +++ b/meta/recipes-support/isar-cfg-rootpw/isar-cfg-rootpw.bb
> @@ -0,0 +1,19 @@
> +# This software is a part of ISAR.
> +
> +DESCRIPTION = "Isar configuration package for root password"
> +MAINTAINER = "isar-users <isar-users@googlegroups.com>"
> +DEBIAN_DEPENDS = "passwd"
> +
> +SRC_URI = "file://postinst.tmpl"
> +
> +TEMPLATE_FILES = "postinst.tmpl"
> +TEMPLATE_VARS = "CFG_ROOT_PW CFG_ROOT_LOCKED"
> +
> +CFG_ROOT_PW ??= ""
> +CFG_ROOT_LOCKED ??= "0"
> +
> +inherit dpkg-raw
> +
> +do_install() {
> + echo "intentionally left blank"
> +}
next prev parent reply other threads:[~2019-02-06 12:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-05 13:42 [RFC PATCH 0/2] Centralize root password and hostname setting claudius.heine.ext
2019-02-05 13:42 ` [RFC PATCH 1/2] meta: add isar-cfg-rootpw recipe for setting root password claudius.heine.ext
2019-02-06 12:12 ` Henning Schild [this message]
2019-02-05 13:42 ` [RFC PATCH 2/2] meta: add isar-cfg-hostname recipe for setting the hostname claudius.heine.ext
2019-02-06 12:15 ` Henning Schild
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190206131225.7d2b6212@md1za8fc.ad001.siemens.net \
--to=henning.schild@siemens.com \
--cc=ch@denx.de \
--cc=claudius.heine.ext@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox