From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7278939938131804160 X-Received: by 2002:a2e:2410:0:b0:2b9:ecab:d924 with SMTP id k16-20020a2e2410000000b002b9ecabd924mr3414417ljk.18.1694857205102; Sat, 16 Sep 2023 02:40:05 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:bc15:0:b0:2b6:9e60:5995 with SMTP id b21-20020a2ebc15000000b002b69e605995ls30650ljf.0.-pod-prod-07-eu; Sat, 16 Sep 2023 02:40:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHm6RB3cyFLVKBpvQxbMUzCWD5FsZr/D4ig58eoocb9bG8StyOdK4eFQzKA4Bd7d/BqX3UE X-Received: by 2002:a19:5e14:0:b0:500:8ffe:7486 with SMTP id s20-20020a195e14000000b005008ffe7486mr2570917lfb.4.1694857202854; Sat, 16 Sep 2023 02:40:02 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1694857202; cv=pass; d=google.com; s=arc-20160816; b=ntVSISIGFUEZOdrmgYRk1NGFQo8GxKq4hh+vja4JVWQKXpwkpkwgXL0rom6jkiWQVz yepetn4LfJvVdohsP9z/XJV2OFmGzgB0/pqB3cCFTmp/IElckeh8+HcHVFFKCNaAUnVB Mle+Mb1ozIe28BTwRIRnsOlQdG/wDV9wLVi8a4AbtSHUy+9rvhm2HJu+7J8G1w4wfo/5 VGVP1VOkFmkcG1VtnK0KAyHfQMA228mvyptWHFJF5RkXRTvi3l9uJs6P2uGj6gs5u6eB iQP0fM5J9efxidrquZpnp4Q93WFRFwuziHbRzgEm6hgrp78m8cgfeBH45xry5G+LnHsy v1IQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=XkTtiqW8m+VXDGuh9XFxc6LxMn3m/j42eoNmDacUMMU=; fh=Ya44QEZijmGwi3iM06vY2ri2uPgFJ4O2CEdNzu8WM0o=; b=xC0hPnaqHb6M0Rg23Su7xYD/UM08TnlsbTmdadYXfBpWhlZar9fqX60rwkbQw0AaCt b9CiNLWCeIBsEKZKcuLuwUzoIOAd6gyrBxbL1HLUrFhQn4fJgZR+aHm6szWfnq9S73SN jIZIDsYOl+uLeRmF0Qv2n9U4AUgDZeAS+ixkTBRvrPazYuM8qGDBb/OdG+9e8FwBBacc CdGHehCmR82iIt/skrOpRKJfljyy+4E1skSojjO2m5GXKd5Es2n26pVEVlLEG3lknvRk TJGFzYROWp/GgtqITEeo2wQG5Ozace+voX0XNU628cfJLqd+el6rRWNM6JaK5fI4eyfJ 8rYQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=PcfxPfLZ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe1f::604 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0604.outbound.protection.outlook.com. [2a01:111:f400:fe1f::604]) by gmr-mx.google.com with ESMTPS id c19-20020a056512075300b004fe3e3471c8si434046lfs.10.2023.09.16.02.40.02 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 16 Sep 2023 02:40:02 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe1f::604 as permitted sender) client-ip=2a01:111:f400:fe1f::604; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=PcfxPfLZ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe1f::604 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F9XkkO97i5CGlBdHiSjmqjQpyKxHg+kTekNVQ7s5/OTMNlKFK0zX2gROXiMhZWeXq5GE0V6vnv99F8z3v1g97quBsILCijhjOlpEMF3LlFO5oIKBsAv3V9OW1iaullDf34EOeIrQLSPLSRhHjU/6uMyKnVd7x87hBr+rVwVE1jUb+OHpTSNng1ebDEPD+Bmo8rxNbd3LjXI7fs5N8zlrkHSFFnexHVrhKZfYcY+lhbV0IQxeiEfOYYyZZfEP1wGk19jcveiVXeMthsDMMjNzfKjp/IG8sYFjePzRO09pwiZ5N9F28oKO86UcJBFgMCB+71dCcsLXOncy41icHTVk4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XkTtiqW8m+VXDGuh9XFxc6LxMn3m/j42eoNmDacUMMU=; b=bYEkqfyPcYbDmLzr/aiMAH/vff7Otjzyd4OUoFEao6KwqWVErl5WKYZvJg008EEHccn/SiPNI0RcuvWwN4EOU6symkj/yUAu3WtU1pBYSYucCzBO42jW+8AjtVlMxWB+eXUOA6H9zRyy6IB/RoCGopQjl025nFmCkV5BkdR/5Nac1aC8iPHfIZ8ikx/LR+FUQiMABlr7qsIpz09QQSi+Rq2e9RhuxrQixtS8BCRMWsBIsJrJCLd8A19PnyhyibqW5GUHTtvlRtx7p9SpDBGj5w3kskNZI0pInInAtuQpop5oR4xGNSK7UOJ5e4/R/gyoV9+4D4xvwcONi33aiyp93g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XkTtiqW8m+VXDGuh9XFxc6LxMn3m/j42eoNmDacUMMU=; b=PcfxPfLZRJMEVYwZKsw7JZXCGm4bi3Z1cKfAzXMEEygkc26CPm+fcroavV49E8cMDKGkmuqFKOtJznS1OCSLGHpPJd+db2HMCEc9qP/luEXp3Y3FHgDIJfFxUUyv8VlV0NfZPq0tmZKZipuvWwvPh3UlG0nXcB+mhh9UiOVK6xvB58dVQgctQbdnfK4ectlhnZ5USINkLO12PzBn6SLSGojlZNnMbWhTFm7GXxYRXxPYZO91UnFWAxR2y6z6lkYbOuUhtJi9NnhlsbPnyRx5nGUJzhGtEIpkdYayjUSsVzqEANmRX4oc6iF7qUE2KeNoUOCOXs7DYxIGrK0Qtd7wFg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by VI1PR10MB7753.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:1c6::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.19; Sat, 16 Sep 2023 09:40:00 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::7f20:d403:b43d:12e2]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::7f20:d403:b43d:12e2%3]) with mapi id 15.20.6792.021; Sat, 16 Sep 2023 09:40:00 +0000 Message-ID: Date: Sat, 16 Sep 2023 15:09:53 +0530 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 12/13] kas: Add options to activate predefined users Content-Language: en-US To: Uladzimir Bely , isar-users@googlegroups.com References: <20230915064426.27676-1-ubely@ilbers.de> <20230915064426.27676-13-ubely@ilbers.de> From: Jan Kiszka In-Reply-To: <20230915064426.27676-13-ubely@ilbers.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: MA0PR01CA0033.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a01:b8::15) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|VI1PR10MB7753:EE_ X-MS-Office365-Filtering-Correlation-Id: 56124933-707b-4ab1-e755-08dbb698e58b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jSBn78Y16WTxtrtEExoslwTZ5K8vXw5AcMnPjp2zKc1uscPP2FXFFymFoEB++ICf8cFTRP8nuXVPSX8k7/5wE75ewcqAxT6sEsCRFdD3nB4zZ3XLopkWSvkEOguDsU50fgY9NJffFaRBtnwZ+2zwmHAMoO9X9uxFAf7Hy7x86CcZvzZz+NpV/QKUwCp49E6gQLXGG2djVPmLFBC3Sd48ZjFwo2VoNnO1dPbFOYAsqTFF3pp/+GlfCJkWOoYUCmDEC4JHVT1BSx7wWdM0Rs+/nTifJrU4yO7rsQrzeTLRcIMcItsdOnh9c7UcWVkE2e/DNJErIfxnmkaJAvpUQN4vTcvd7Z9aFeeQ7ZvN2PpcKQR/BBA5qzXriA9OqrD0t80Ro7hvojKjUtWbL5QMsskaWP1qJZ68chfa0cqR9vZ5fvvv9OauYlg0b7aVtgI8iDVOuQT4wb84wmb01ss4OuhuvOoq61Kujbn9FSBZtllVzHy8ZmO0MBv4iBpYmLTe6ckVMJLBbd0PCB4JAWYyqRppLx2S/CHgQQbO+kS1FRd8U1g6R/Eykqzdwq7tP4bmU7STOUg5ImwMo9ruw2wiH4K0fVEL6NrwVM00ZVR8OIvI7p5Hhq9FQ4CNnNRWbgqIDGkakAQEVF4ioA0wm7T4ZuAExw6lFDfS1cq3Mfm3pBoQjjmp+dV9sbg2tDUwpLJhb4hyOw4jKzwBuAi/sJUVI49iKg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(376002)(396003)(39860400002)(136003)(366004)(346002)(1800799009)(186009)(451199024)(478600001)(6666004)(6506007)(53546011)(6486002)(6512007)(2906002)(2616005)(44832011)(8936002)(66476007)(66946007)(66556008)(41300700001)(26005)(8676002)(5660300002)(83380400001)(316002)(31696002)(36756003)(82960400001)(86362001)(38100700002)(31686004)(26730200005)(19860200003)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bEp4YVBLZHY3YXFhZ2ZkZVEwbFgyd0hPUmdNMjVLUm1Mb1JJczF0QkJkT1Rt?= =?utf-8?B?ZkFjOVYrajNTREMxemU3WllJWVFTTW5VMEpMTFR5Z2Rpb0RtV0RoS3htbHRl?= =?utf-8?B?TGlHZ0xEWDUreW90WnB2N1ArR0h3VTRNSkdCTmpHZ1VrbzlCMExxdXc3UEps?= =?utf-8?B?MVgzaFdQbEZoclBzeDFSRDNUMjYrMXlnS0pNVXJ4S3ozYStNSmtRWER0R096?= =?utf-8?B?dVJrQWo1ajZwR2pYZnUvZ0xzaGR6ZlU5QU9QQTByTGN3eTZhZ0l2dFNoRFZZ?= =?utf-8?B?a3dmZDBycDArTDdqcXVvQXdrWnNrS3FEL2pYeTdUV0pCaDBoUDRxRnZBUHNW?= =?utf-8?B?M3E0R0VCWEg2M1IzRnZTRytuWW1NeGdEUks1UCtsTWFnZzg2bE1xZTZMaFBl?= =?utf-8?B?TnhSNnhIcGN0VGdrdHVMMW4zOGtqalVBNG02R1lvdEFtWFZUZi95ZFN6Y1p5?= =?utf-8?B?aVdWdXFyU3FvdGpWY0tkMHduNHRHMXhHZ0l5dFJaS3hKR0FWT2pXaUNWQjZ3?= =?utf-8?B?d2l3bXpsUFpKUXpQVHA0dWdKNDlCYU9CZU10aUU3ZkNqeE9CWnZIRXd4eG1x?= =?utf-8?B?cGM3MXdsRzEvUStPSmNobFdkdlZQNVRzTVBhK1ZGaHQ5VTlJZldUR3FNQ3NB?= =?utf-8?B?YTRCdnJraHRPVHNEZEdldjB3dS9EeWYxdm9iVFFsSlQ0TTJyb2l5R1RGVXZp?= =?utf-8?B?aEhmUzdvaWVIYTdDRWNaaFJWVjdiRnVrd0cwWEs5TlZ4b1duQnRkZHhoVHB2?= =?utf-8?B?VUc5Sll2ek5taC9LY2g4c2xkcjAvUjY0bWI2WG5GdkRjaDBoMmhmZk9iOS8w?= =?utf-8?B?a3BHSTRIMmFuTGJpRzEwM0tHWHhicmo0MWwzc2NUek52bWd2empZbXJDLyts?= =?utf-8?B?RG8wM05VMkFJMWMwRFFXWEVEbUZDeVRPazFwSlFlUm52WGs2azZnZkdnaEdz?= =?utf-8?B?Yi8rOWlRL3R0VVhKN2FRS0dzZ3ZpZjM1UEJMdXdab0hvck4rT0NEUnhNYVJp?= =?utf-8?B?bUgyWnFSUjhubEtqdzZZVmNkRUtqbG53bHhXRkVnTzBtUDZGV1JlTmtTUXJ1?= =?utf-8?B?c29zeitVTW8yWVFoYU90ZCtMY1pxSVZ3R3JqTE04cHZqbFkrWTVOUjk4KzBy?= =?utf-8?B?eFpiL3JkR2t5WHVwRmJDSG1MNWQ5OVpDbUwvYWh0eXdoc3dwMGZRYmM2cWh1?= =?utf-8?B?MnpORnNITVpJamJkelEyclMycDZvYkxzd1crd2p5a0JkOHVHSy9FZ3N6anRD?= =?utf-8?B?NWpMOFpBTUM3S2NsVFIvM1MvaW9MYmFYNlB5RmxpN1ZrVTZETnpJLzhSUzlv?= =?utf-8?B?K2lEc0N5amdSREdiZ0kvQ2RpOEdNZ0JITkJSdzBjeGhzZk9iK1Z2Y1hHL0p4?= =?utf-8?B?eTVPV1F2eU9xdy83QTY4RnA0bm1RRHZMbUZGR1VlUE9QNFBpVVdjdHQweE0w?= =?utf-8?B?OFBDcUxyc2VhNHlZK1VteDFpNldGZXpFV1Z4VEZia24rTzlpbUh5NU9pcVov?= =?utf-8?B?ZHVoTHpIc2RXbHpvYUdlYTRZUEd4OEVsTkdpaVNiSHA5aHREQmJSNHRISGhK?= =?utf-8?B?bm5KYktYeGJEL0MxVjJ6eHJuZVdiRTdJWWNjaFowRHJ4b2ZWUzlLbnBRaGhI?= =?utf-8?B?U0xvM3ZiVFI1c0EyWE85cHpFMXRIcjRvS2txTkl1UjNWWGpyVjBBZEUxOVNq?= =?utf-8?B?TGdheWxqdmFvZis3ZnZiSEZMaC9BSCt1bEU2NElTSkxMeEhCVmlPT0VLdDI4?= =?utf-8?B?bUx0T3h3M2ZPblZhb2xHcm1wMUtZcFo0OVlsRi9ycnFhbGdUbjMwNnk3N2cx?= =?utf-8?B?NmRITSt6RVBuVkgyaldURGlMTFl6RHNCdnp5b3IxK3Fpcmh6amtsVS9HRlRL?= =?utf-8?B?bnhDN3VxWHh6Ymd0YWpWWTNIck1jWmlFTnQ5bnhxOFhaSjhmYjhiSmhwTzJz?= =?utf-8?B?Ni9zL1FoaDllMFRtZ3IzU1lDbjAyQUtLTVBoQ0NEWnl6dC9qWlRqQ1J1dDFJ?= =?utf-8?B?RU01dlZhSGwwVVhSU1lReTZuYm91QndBQit3SVNUVW9QWllLeDJLOHpRaDg3?= =?utf-8?B?KzNRYXJhcUhsMlRSU0RRQkxhWmV0amdZSmJLL1ZZMnFmdVU0UThVVExHOHU0?= =?utf-8?B?a2d1MytKQU9pa09YRGlNeElVdDNHdWpSWjFHZ0ZIVExiQlZ3VHY3SWhFdmlO?= =?utf-8?B?Nnc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 56124933-707b-4ab1-e755-08dbb698e58b X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2023 09:40:00.7996 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5R0VmfRexkrWAZAQuLlL7vUiavt0Xvx5QwqnYa116Z3wkxXBOLsHlDEZVppyCEZy3qP32vKkroHfWEhXdV9N5w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB7753 X-TUID: VO/1BhEnXO54 On 15.09.23 12:14, Uladzimir Bely wrote: > This allows to enable 'root' and 'isar' users and set their passwords. > > Signed-off-by: Uladzimir Bely > --- > kas/opt/Kconfig | 41 +++++++++++++++++++++++++++++++++++++++++ > kas/opt/user-isar.yml | 16 ++++++++++++++++ > kas/opt/user-root.yml | 7 +++++++ > 3 files changed, 64 insertions(+) > create mode 100644 kas/opt/user-isar.yml > create mode 100644 kas/opt/user-root.yml > > diff --git a/kas/opt/Kconfig b/kas/opt/Kconfig > index 113a6c9a..7eb4840b 100644 > --- a/kas/opt/Kconfig > +++ b/kas/opt/Kconfig > @@ -75,6 +75,47 @@ config KAS_INCLUDE_PACKAGES_DISTRO > endmenu > > > +menu "User management" > + > +config USER_ROOT > + bool "Activate 'root' user" > + help > + Enables root user. > + > +config KAS_USER_ROOT_PASSWORD > + string "Password for 'root' user" > + default "$6$rounds=10000$RXeWrnFmkY$DtuS/OmsAS2cCEDo0BF5qQsizIrq6jPgXnwv3PHqREJeKd1sXdHX/ayQtuQWVDHe0KIO0/sVH8dvQm1KthF0d/" Better ask for the cleartext password and set the required flag for root as well. Jan > + depends on USER_ROOT > + help > + Set password for 'root' user. Default value 'root', encrypted by: > + 'mkpasswd -m sha512crypt -R 10000' > + > +config KAS_INCLUDE_USER_ROOT > + string > + default "kas/opt/user-root.yml" > + depends on USER_ROOT > + > + > +config USER_ISAR > + bool "Activate 'isar' user" > + default y > + help > + Enables `isar` user. > + > +config KAS_USER_ISAR_PASSWORD > + string "Password for 'isar' user" > + default "isar" > + depends on USER_ISAR > + help > + Set password for 'isar' user. > + > +config KAS_INCLUDE_USER_ISAR > + string > + default "kas/opt/user-isar.yml" > + depends on USER_ISAR > + > +endmenu > + > config KAS_IMAGE_FSTYPES > string "Additional image fstypes" > default "" > diff --git a/kas/opt/user-isar.yml b/kas/opt/user-isar.yml > new file mode 100644 > index 00000000..f249e4e7 > --- /dev/null > +++ b/kas/opt/user-isar.yml > @@ -0,0 +1,16 @@ > +header: > + version: 14 > + > +local_conf_header: > + user-isar: | > + GROUPS += "isar" > + GROUP_isar[flags] = "system" > + > + USERS += "isar" > + USER_isar[gid] = "isar" > + USER_isar[home] = "/var/lib/isar" > + USER_isar[comment] = "My isar user" > + USER_isar[flags] = "system create-home" > + > + USER_isar[password] = "${KAS_USER_ISAR_PASSWORD}" > + USER_isar[flags] += "clear-text-password" > diff --git a/kas/opt/user-root.yml b/kas/opt/user-root.yml > new file mode 100644 > index 00000000..9c301767 > --- /dev/null > +++ b/kas/opt/user-root.yml > @@ -0,0 +1,7 @@ > +header: > + version: 14 > + > +local_conf_header: > + user-root: | > + USERS += "root" > + USER_root[password] ??= "${KAS_USER_ROOT_PASSWORD}" -- Siemens AG, Technology Linux Expert Center