From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7094274201591218176 X-Received: by 2002:a17:906:730e:b0:6f4:e9e7:4f4 with SMTP id di14-20020a170906730e00b006f4e9e704f4mr5176354ejc.509.1651764428088; Thu, 05 May 2022 08:27:08 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:907:7ea2:b0:6f4:dcbc:baa9 with SMTP id qb34-20020a1709077ea200b006f4dcbcbaa9ls1903608ejc.2.gmail; Thu, 05 May 2022 08:27:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwiiNHa9hTED3xT38NffdobCSQ0de5Q0DVHyFUMs2fkVTm0+UXxcwMci9DB7D4JbQ+ObRtH X-Received: by 2002:a17:907:9805:b0:6f4:fe0e:5547 with SMTP id ji5-20020a170907980500b006f4fe0e5547mr2765305ejc.426.1651764427104; Thu, 05 May 2022 08:27:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651764427; cv=none; d=google.com; s=arc-20160816; b=q9jYxrW0RJKQblQZjMc5iLiRm2KP8HMuzO3DOksF6f3IVbgGN8caX1yGkmZHg7QM60 6mpKGZPRBblDL4PfntK7hA9OOghYiuSbG702PDQDFGfRyZgOTgFrj8fj8MFIoTBXNP6g gAY/mXePgOsJRmtCK69OjVAdo5nZaogTqyabNAl2BnJRlNvero9qRSekLEpRR0S9aE+7 0LCYwLE8X7yHC4+I9QyWmD4HG+PgUZVd1v6eSB3uJ8K2RqFem6J2S2CPwQt20O+1c++5 FK22+gXKArPCFF6+CWwBlqSC0aUO+TKhjpN/7q8CJxKTXyV4DTBqfQURA/ZCY9d12MeA 7Hww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:subject:organization:from:to :content-language:mime-version:date:message-id:dkim-signature; bh=SU6dCQBnkg6xL1JYTcfS1OT7xAveitosf/8v9SwCjUA=; b=0SQPY+KLieOH1EEpHx2F8NH4YI0sdjp+/0OkXsnXtw2w/AncifTWxIMbgNQ3F9oJy+ MXWKA5nn0pxHWkkgnXuxyBkoknKjvZeR9Tp77iQIqrpoIhI9GMT+zcuX3VsArj2nnraA S6lOLDTusvw3dEDF61N1d9Efdt1ZTwRGMk/1O4auhx5FF6sHVw5bQa2sk2kdMMpTvOPs Aqd/I0g+F4wacXaly9JXhEelmwzBTZpq2rO4QD5WehJBuwGDVurhIxKLh4pO+bJWofYT L7fMdweF8WUmvkx3kQzWEBsG7O39/t8mxl/OXf3HRiaRkoDajPgAzF9X/1tHuf6ZrDzU 80zQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=Dyhg5Bb5; spf=pass (google.com: domain of fm-51332-20220505152706162fca1b45154cb49c-c8pwnk@rts-flowmailer.siemens.com designates 185.136.65.225 as permitted sender) smtp.mailfrom=fm-51332-20220505152706162fca1b45154cb49c-C8PwNk@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net. [185.136.65.225]) by gmr-mx.google.com with ESMTPS id p17-20020aa7d311000000b0041cf5333d81si114324edq.4.2022.05.05.08.27.07 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 May 2022 08:27:07 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-20220505152706162fca1b45154cb49c-c8pwnk@rts-flowmailer.siemens.com designates 185.136.65.225 as permitted sender) client-ip=185.136.65.225; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=Dyhg5Bb5; spf=pass (google.com: domain of fm-51332-20220505152706162fca1b45154cb49c-c8pwnk@rts-flowmailer.siemens.com designates 185.136.65.225 as permitted sender) smtp.mailfrom=fm-51332-20220505152706162fca1b45154cb49c-C8PwNk@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 20220505152706162fca1b45154cb49c for ; Thu, 05 May 2022 17:27:06 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=quirin.gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=SU6dCQBnkg6xL1JYTcfS1OT7xAveitosf/8v9SwCjUA=; b=Dyhg5Bb5UGzT9clDcXHnwecJ6vhIhl5OB8/UHCvuXOE/iPfiw3xcd2O20XbILSSxqigJr+ gyMkoaM6JDaCwT/19SYedUNEB4fPWn4G/iKB4G6TQ6V2rpvrs8UiZsjQXxdsX+ADeb+nC3zh R9SkCUMxkBETZG6Qwat8fDakhJA34=; Message-ID: <6b5d5d99-a53e-9370-c893-252ffbf0b25a@siemens.com> Date: Thu, 5 May 2022 17:27:05 +0200 MIME-Version: 1.0 Content-Language: en-US To: Claudius Heine , "Kiszka, Jan (CT RDA IOT SES-DE)" , isar-users From: Gylstorff Quirin Organization: Siemens Subject: Expired root user Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-TUID: RJsN+1spQcAU Hi all, in meta-iot2050[1] the password of the root user is set to expired to force the user to reset the password during the first boot. This currently done in a postinst [2] by calling: ``` passwd --expire root ``` An alternative way would be the setting: ``` USER_root[expire] = "1970-01-01" ``` Both variants have the issue that the installation of packages which add new users will fail with a error message similar to: ``` Setting up systemd (247.3-7) ... Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service -> /lib/systemd/system/getty@.service. Created symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target -> /lib/systemd/system/remote-fs.target. Created symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> /lib/systemd/system/systemd-pstore.service. Initializing machine ID from random generator. Your account has expired; please contact your system administrator. chfn: PAM: Authentication failure adduser: `/bin/chfn -f systemd Network Management systemd-network' returned error code 1. Exiting. dpkg: error processing package systemd (--configure): installed systemd package post-installation script subprocess returned error exit status 1 Setting up dmsetup (2:1.02.175-2.1) ... Errors were encountered while processing: systemd E: Sub-process /usr/bin/dpkg returned an error code (1) WARNING: exit code 100 from a shell command. ``` Possible solutions are: - moving the account creation / modification to the rootfs postprocessing - using the systemd first boot service[3] for changing the root password Claudius was there are reason why the accounts are created/modified before installing the rootfs? You add the functionality with 163f50 meta/classes: add image-account-extension class Quirin [1]: https://github.com/siemens/meta-iot2050 [2]: https://github.com/siemens/meta-iot2050/blob/master/recipes-core/customizations-example/files/postinst [3]: https://www.freedesktop.org/software/systemd/man/systemd-firstboot.html#