From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6659376390151864320
X-Received: by 2002:a2e:8593:: with SMTP id b19mr1248981lji.5.1550506891621;
        Mon, 18 Feb 2019 08:21:31 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a2e:42c5:: with SMTP id h66-v6ls1659769ljf.7.gmail; Mon, 18
 Feb 2019 08:21:31 -0800 (PST)
X-Google-Smtp-Source: AHgI3IZFKAzl20UIVfD3c8cJAP3hrdlHxtI3zHamn5m3Irt1sQEP0j/svbYdtDnkeTrtGmJSwUGq
X-Received: by 2002:a2e:7f12:: with SMTP id a18-v6mr1392417ljd.2.1550506891087;
        Mon, 18 Feb 2019 08:21:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550506891; cv=none;
        d=google.com; s=arc-20160816;
        b=mtHASpENqct7byNXw8Q8hS8yg0uz15wBD0ktSjV6vR++V5m9MDA0ZR+EXP86UsGT38
         WjujgQ4zjEA9IQWWtI6Febl9z2hbYGwbVQk/Pf/ftsVxmFhJPSu8Tp4BQY/RCHfIo4Bd
         2f/cOeAPIoi5MYbtC5OWJiFnyEJiIpnJ6vM+GxfMrKtP52LcGZyhudTJ61Xj1xLfd5Iv
         T2XXlm/sxFSAy9WJs07vAagwozfIdzaK6Zhb4tswHS0E/B5AL8Aq2H//6JUbCjHOsXiM
         /cOodlX9shOS2Duxa+eknJdHVpl0MRf344rffKSt9smVEd7VcO78oB7ZeQozI3eOsivL
         0yRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from;
        bh=OWhWJQLosmNfPc46C9ljQRl069Bv5/n/uo68s4XypJQ=;
        b=e9VbPCeLHzRrbAZskKEEgdy6R+Zgns81MVYNo62VVJInaLxVeHtagTystjMKcbD+va
         l1qamnzcl1BG6rxNx4kICunf8yO02ID98IcEtqUo1ph2fJnbE8PHUT/d1gyn5rHKTx45
         W1VPVepj3riceOP2rwJZATWwMF8u5hPfFpJLz/Wu9+UCR7kKh8ipVX/Nt7wrbmnRVaIE
         wnHOFaSdL98fJNEnsXhgaHPThL5pbQRSpRwh1RSax4gaYi0SawPuDR1xY6EnHM+9krPe
         375/Xo7nGHH715wPmYoDNbBauvyjY5h6tKQOXmCUz8PKYu9dkotMF5v93w3qdQk5LWd3
         TbwA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com
Return-Path: <claudius.heine.ext@siemens.com>
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id m16si529748lfl.0.2019.02.18.08.21.30
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 18 Feb 2019 08:21:31 -0800 (PST)
Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x1IGLTKX006336
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 18 Feb 2019 17:21:29 +0100
Received: from ring.ppmd.siemens.net (linux-ses-ext02.ppmd.siemens.net [139.25.69.232])
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x1IGLTpv009615;
	Mon, 18 Feb 2019 17:21:29 +0100
From: claudius.heine.ext@siemens.com
To: isar-users@googlegroups.com
Cc: Claudius Heine <ch@denx.de>
Subject: [PATCH] added 'isar-cfg-userpw' package
Date: Mon, 18 Feb 2019 17:21:13 +0100
Message-Id: <20190218162113.8538-1-claudius.heine.ext@siemens.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUID: BsWMuIxFzvsZ

From: Claudius Heine <ch@denx.de>

With this package setting of arbitrary user passwords should be
possible.

To do this use the 'CFG_USER_PW' variable as described in the user
manual.

Signed-off-by: Claudius Heine <ch@denx.de>
---
 doc/user_manual.md                            |  1 +
 meta-isar/conf/local.conf.sample              |  2 ++
 meta/classes/isar-image.bbclass               |  2 +-
 .../isar-cfg-userpw/files/postinst.tmpl       | 15 ++++++++++++
 .../isar-cfg-userpw/isar-cfg-userpw.bb        | 23 +++++++++++++++++++
 5 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/isar-cfg-userpw/files/postinst.tmpl
 create mode 100644 meta/recipes-support/isar-cfg-userpw/isar-cfg-userpw.bb

diff --git a/doc/user_manual.md b/doc/user_manual.md
index db0bf85..53bb36a 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -328,6 +328,7 @@ Some other variables include:
  - `DISTRO_APT_PREMIRRORS` - The preferred mirror (append it to the default URI in the format `ftp.debian.org my.preferred.mirror`. This variable is optional.
  - `CFG_ROOT_PW` - The encrypted root password to be set. To encrypt password use `mkpasswd`. You find `mkpasswd` in the `whois` package of Debian. If the variable is empty, root login is passwordless.
  - `CFG_ROOT_LOCKED` - If set to `1` the root account will be locked.
+ - `CFG_USER_PW` - A space separated list of user names and encrypted passwords separated by a colon. (e.g. `username1:encryptedpw1 username2:encryptedpw2`)
 
 ---
 
diff --git a/meta-isar/conf/local.conf.sample b/meta-isar/conf/local.conf.sample
index e5827aa..494a283 100644
--- a/meta-isar/conf/local.conf.sample
+++ b/meta-isar/conf/local.conf.sample
@@ -178,3 +178,5 @@ ISAR_CROSS_COMPILE ?= "0"
 #   mkpasswd -m sha512crypt -R 10000
 # mkpasswd is part of the 'whois' package of Debian
 CFG_ROOT_PW ?= "$6$rounds=10000$RXeWrnFmkY$DtuS/OmsAS2cCEDo0BF5qQsizIrq6jPgXnwv3PHqREJeKd1sXdHX/ayQtuQWVDHe0KIO0/sVH8dvQm1KthF0d/"
+# Set user 'isar' password to 'isar':
+CFG_USER_PW ?= "isar:$6$rounds=10000$WMnSt8s9nLE$M/0eQVs0f05VpW8uzscs54GUwzhh/gjN3Vb85QEIIh1XihyvE.Xw4reJSxHqWcP0I0CnllKhseg6SRcGIIx7P1"
diff --git a/meta/classes/isar-image.bbclass b/meta/classes/isar-image.bbclass
index cdd1651..0100d0b 100644
--- a/meta/classes/isar-image.bbclass
+++ b/meta/classes/isar-image.bbclass
@@ -17,7 +17,7 @@ SRC_URI += "${@ cfg_script(d) }"
 
 DEPENDS += "${IMAGE_INSTALL} ${IMAGE_TRANSIENT_PACKAGES}"
 
-IMAGE_TRANSIENT_PACKAGES += "isar-cfg-localepurge isar-cfg-rootpw"
+IMAGE_TRANSIENT_PACKAGES += "isar-cfg-localepurge isar-cfg-rootpw isar-cfg-userpw"
 
 WORKDIR = "${TMPDIR}/work/${DISTRO}-${DISTRO_ARCH}/${PN}"
 
diff --git a/meta/recipes-support/isar-cfg-userpw/files/postinst.tmpl b/meta/recipes-support/isar-cfg-userpw/files/postinst.tmpl
new file mode 100644
index 0000000..47fffd0
--- /dev/null
+++ b/meta/recipes-support/isar-cfg-userpw/files/postinst.tmpl
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+USER_ENTRIES='${CFG_USER_PW} '
+
+while true; do
+    USER_ENTRY="${USER_ENTRIES%% *}" # First element of list
+    USER_ENTRIES="${USER_ENTRIES#${USER_ENTRY} }" # Rest of list
+
+    if [ -z "${USER_ENTRY}" ]; then
+        break
+    fi
+
+    printf '%s' "${USER_ENTRY}" | chpasswd -e
+done
diff --git a/meta/recipes-support/isar-cfg-userpw/isar-cfg-userpw.bb b/meta/recipes-support/isar-cfg-userpw/isar-cfg-userpw.bb
new file mode 100644
index 0000000..75b0446
--- /dev/null
+++ b/meta/recipes-support/isar-cfg-userpw/isar-cfg-userpw.bb
@@ -0,0 +1,23 @@
+# This software is a part of ISAR.
+
+DESCRIPTION = "Isar configuration package for user passwords"
+MAINTAINER = "isar-users <isar-users@googlegroups.com>"
+DEBIAN_DEPENDS = "passwd"
+
+SRC_URI = "file://postinst.tmpl"
+
+TEMPLATE_FILES = "postinst.tmpl"
+TEMPLATE_VARS = "CFG_USER_PW"
+
+CFG_USER_PW ?= ""
+
+python() {
+    # Enforce CFG_USER_PW to be a single space separated array
+    d.setVar("CFG_USER_PW", " ".join(d.getVar("CFG_USER_PW", True).split()))
+}
+
+inherit dpkg-raw
+
+do_install() {
+    echo "intentionally left blank"
+}
-- 
2.20.1