Patchwork [1/4] core-image.bbclass: zap root password if debug-tweaks not enabled

login
register
mail settings
Submitter Paul Eggleton
Date Sept. 7, 2011, 4:05 p.m.
Message ID <edd6036c0484f56edb74d8a42359dfb7c5602a79.1315411460.git.paul.eggleton@linux.intel.com>
Download mbox | patch
Permalink /patch/11189/
State New, archived
Headers show

Comments

Paul Eggleton - Sept. 7, 2011, 4:05 p.m.
If you do not have debug-tweaks in IMAGE_FEATURES, then zap the root
password so that you can't log in as root without a password in an image
potentially intended for a production system.

Also mention debug-tweaks in the comments listing IMAGE_FEATURES in this
file.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 meta/classes/core-image.bbclass |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

Patch

diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
index 507d6a6..8e83d4a 100644
--- a/meta/classes/core-image.bbclass
+++ b/meta/classes/core-image.bbclass
@@ -26,6 +26,7 @@  LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3
 # - nfs-server          - NFS server (exports / over NFS to everybody)
 # - ssh-server-dropbear - SSH server (dropbear)
 # - ssh-server-openssh  - SSH server (openssh)
+# - debug-tweaks        - makes an image suitable for development
 #
 PACKAGE_GROUP_apps-console-core = "task-core-apps-console"
 PACKAGE_GROUP_x11-base = "task-core-x11-base"
@@ -65,3 +66,7 @@  inherit image
 
 # Create /etc/timestamp during image construction to give a reasonably sane default time setting
 ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
+
+# Zap the root password if debug-tweaks feature is not enabled
+ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
+