From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
To: jan.kiszka@siemens.com, isar-users@googlegroups.com,
henning.schild@siemens.com
Subject: [PATCH v3 2/2] classes/image-account-extension: Add flag to force password change on first login
Date: Tue, 17 May 2022 14:37:13 +0200 [thread overview]
Message-ID: <20220517123713.675215-3-Quirin.Gylstorff@siemens.com> (raw)
In-Reply-To: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com>
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This avoids possible errors if `passwd --expire root` is
set during package installation.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
doc/user_manual.md | 1 +
meta/classes/image-account-extension.bbclass | 7 ++++++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/doc/user_manual.md b/doc/user_manual.md
index cdb73224..02874b6d 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -678,6 +678,7 @@ The `USERS` and `USER_<username>` variable works similar to the `GROUPS` and `GR
- `system` - `useradd` will be called with `--system`.
- `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password.
- `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it.
+ - `force-passwd-change` - Force the user to change to password on first login.
#### Home directory contents prefilling
diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass
index c64ba769..70950a7b 100644
--- a/meta/classes/image-account-extension.bbclass
+++ b/meta/classes/image-account-extension.bbclass
@@ -17,7 +17,7 @@ USERS ??= ""
#USER_root[home] = "/home/root"
#USER_root[shell] = "/bin/sh"
#USER_root[groups] = "audio video"
-#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password"
+#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password force-passwd-change"
GROUPS ??= ""
@@ -258,5 +258,10 @@ image_postprocess_accounts() {
printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \
/usr/sbin/chpasswd $chpasswd_args
fi
+ if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then
+ echo "Execute passwd to force password change on first boot for \"$name\""
+ sudo -E chroot '${ROOTFSDIR}' \
+ /usr/bin/passwd --expire "$name"
+ fi
done
}
--
2.35.1
next prev parent reply other threads:[~2022-05-17 12:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-17 12:37 [PATCH v3 0/2] Fix possible build errors due to expired root account Quirin Gylstorff
2022-05-17 12:37 ` [PATCH v3 1/2] classes/image-account-extension:Move account configuration to post-process Quirin Gylstorff
2022-09-02 9:37 ` Uladzimir Bely
2022-09-05 11:01 ` Uladzimir Bely
2022-05-17 12:37 ` Quirin Gylstorff [this message]
2022-05-25 6:17 ` [PATCH v3 0/2] Fix possible build errors due to expired root account Anton Mikanovich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220517123713.675215-3-Quirin.Gylstorff@siemens.com \
--to=quirin.gylstorff@siemens.com \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox