Patchwork [V2,2/3] image.bbclass: fix for zap_root_password

login
register
mail settings
Submitter Qi.Chen@windriver.com
Date Dec. 11, 2013, 5:57 a.m.
Message ID <3c55225e992723f3309778708a12805870a54a39.1386741230.git.Qi.Chen@windriver.com>
Download mbox | patch
Permalink /patch/63201/
State New
Headers show

Comments

Qi.Chen@windriver.com - Dec. 11, 2013, 5:57 a.m.
From: Chen Qi <Qi.Chen@windriver.com>

Previously, this function replaces the root password with '*' if
'debug-tweaks' is not in IMAGE_FEATURES. It not only zaps empty root
password, but also zaps non-empty root password. That means, if the
user uses a bbappend file for base-passwd to set the root password, he
would not be able to login as root; if the user uses 'EXTRA_USERS_PARAMS'
to set the root password, he would still not be able to login as root.

What we really want from this function is to disallow empty root password
if 'debug-tweaks' is not in IMAGE_FEATURES. This function should not remove
non-empty root password because that password is usually deliberately set
by the user.

This patch renames zap_root_password to zap_empty_root_password to
better reflect the intent of this function. It also modifies the code
to make this function work correctly.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 meta/classes/core-image.bbclass |    2 +-
 meta/classes/image.bbclass      |   14 ++++++++------
 2 files changed, 9 insertions(+), 7 deletions(-)

Patch

diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
index e7c34e2..fc4bd2f 100644
--- a/meta/classes/core-image.bbclass
+++ b/meta/classes/core-image.bbclass
@@ -74,7 +74,7 @@  inherit image
 ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
 
 # Zap the root password if debug-tweaks feature is not enabled
-ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
+ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_empty_root_password ; ",d)}'
 
 # Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}'
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 168f283..c6d9db8 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -562,11 +562,13 @@  rootfs_uninstall_unneeded () {
 	fi
 }
 
-# set '*' as the root password so the images
-# can decide if they want it or not
-zap_root_password () {
-	sed 's%^root:[^:]*:%root:*:%' < ${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new
-	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
+# This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES.
+zap_empty_root_password () {
+	if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
+		sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow
+	elif [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then
+		sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd
+	fi
 } 
 
 # allow dropbear/openssh to accept root logins and logins from accounts with an empty password string
@@ -648,7 +650,7 @@  rootfs_sysroot_relativelinks () {
 	sysroot-relativelinks.py ${SDK_OUTPUT}/${SDKTARGETSYSROOT}
 }
 
-EXPORT_FUNCTIONS zap_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
+EXPORT_FUNCTIONS zap_empty_root_password remove_init_link do_rootfs make_zimage_symlink_relative set_image_autologin rootfs_update_timestamp rootfs_no_x_startup
 
 do_fetch[noexec] = "1"
 do_unpack[noexec] = "1"