diff --git a/meta-digi-del/classes/del-image.bbclass b/meta-digi-del/classes/del-image.bbclass index 029efcc08..39cb3285c 100644 --- a/meta-digi-del/classes/del-image.bbclass +++ b/meta-digi-del/classes/del-image.bbclass @@ -7,3 +7,26 @@ PACKAGE_GROUP_del-gstreamer = "task-del-gstreamer" PACKAGE_GROUP_del-network = "task-del-network" PACKAGE_GROUP_del-wireless = "task-del-wireless" PACKAGE_GROUP_del-debug = "task-del-debug" + +## DEL rootfs final tuning +del_rootfs_tuning() { + ####################################################################### + ## Set root password to 'root' if 'debug-tweaks' is NOT enabled. + ####################################################################### + MD5_ROOT_PASSWD='$1$SML0de4S$lOWs3t82QAH0oEf8NyNKA0' + if echo "${IMAGE_FEATURES}" | grep -qs debug-tweaks; then + : # No-op + else + # Shadow passwords ENABLED + if [ -f "${IMAGE_ROOTFS}/etc/shadow" ]; then + sed 's%^root:[^:]*:%root:x:%' <${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new + sed "s%^root:[^:]*:%root:${MD5_ROOT_PASSWD}:%" <${IMAGE_ROOTFS}/etc/shadow >${IMAGE_ROOTFS}/etc/shadow.new + mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd + mv ${IMAGE_ROOTFS}/etc/shadow.new ${IMAGE_ROOTFS}/etc/shadow + # Shadow passwords DISABLED + else + sed "s%^root:[^:]*:%root:${MD5_ROOT_PASSWD}:%" <${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new + mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd + fi + fi +} diff --git a/meta-digi-del/recipes-core/base-passwd/add-shadow-file.patch b/meta-digi-del/recipes-core/base-passwd/add-shadow-file.patch deleted file mode 100644 index 9d3754117..000000000 --- a/meta-digi-del/recipes-core/base-passwd/add-shadow-file.patch +++ /dev/null @@ -1,38 +0,0 @@ -From ac7746a741e005df07f35cf19bcf25ffff517750 Mon Sep 17 00:00:00 2001 -From: Alex Gonzalez -Date: Fri, 16 Nov 2012 12:05:15 +0100 -Subject: [PATCH] shadow.master: Adding shadow file. - -The root password is "root" when debug-tweaks is not enabled. Otherwise -the password is empty. - -Signed-off-by: Alex Gonzalez ---- - shadow.master | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - create mode 100644 shadow.master - -diff --git a/shadow.master b/shadow.master -new file mode 100644 -index 0000000..856efb0 ---- /dev/null -+++ b/shadow.master -@@ -0,0 +1,18 @@ -+root:\$1\$o/c1Q/E4\$jLGsldHxRdlYpEI3v6Sdv1::0::::: -+daemon:*::0::::: -+bin:*::0::::: -+sys:*::0::::: -+sync:*::0::::: -+games:*::0::::: -+man:*::0::::: -+lp:*::0::::: -+mail:*::0::::: -+news:*::0::::: -+uucp:*::0::::: -+proxy:*::0::::: -+www-data:*::0::::: -+backup:*::0::::: -+list:*::0::::: -+irc:*::0::::: -+gnats:*::0::::: -+nobody:*::0::::: diff --git a/meta-digi-del/recipes-core/base-passwd/base-passwd_3.5.24.bb b/meta-digi-del/recipes-core/base-passwd/base-passwd_3.5.24.bb deleted file mode 100644 index ffcdd91e6..000000000 --- a/meta-digi-del/recipes-core/base-passwd/base-passwd_3.5.24.bb +++ /dev/null @@ -1,106 +0,0 @@ -SUMMARY = "Base system master password/group files." -DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group). The update-passwd tool is also provided to keep the system databases synchronized with these master files." -SECTION = "base" -PR = "r1" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" - -SRC_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/base-passwd_${PV}.tar.gz \ - file://nobash.patch \ - file://root-home.patch \ - file://add-shadow-file.patch" - -SRC_URI[md5sum] = "8f6b9420c50e90edaff41eb2fb7e9e16" -SRC_URI[sha256sum] = "196083d6f675190d4e2cede0a5fa6b3c91088705c5386f76292fec8e74b6369e" - -S = "${WORKDIR}/base-passwd" - -inherit autotools - -SSTATEPOSTINSTFUNCS += "base_passwd_sstate_postinst" - -do_install () { - install -d -m 755 ${D}${sbindir} - install -o root -g root -p -m 755 update-passwd ${D}${sbindir}/ - install -d -m 755 ${D}${mandir}/man8 ${D}${mandir}/pl/man8 - install -p -m 644 man/update-passwd.8 ${D}${mandir}/man8/ - install -p -m 644 man/update-passwd.pl.8 \ - ${D}${mandir}/pl/man8/update-passwd.8 - gzip -9 ${D}${mandir}/man8/* ${D}${mandir}/pl/man8/* - install -d -m 755 ${D}${datadir}/base-passwd - install -o root -g root -p -m 644 passwd.master ${D}${datadir}/base-passwd/ - install -o root -g root -p -m 644 group.master ${D}${datadir}/base-passwd/ - install -o root -g shadow -p -m 644 shadow.master ${D}${datadir}/base-passwd/ - - install -d -m 755 ${D}${docdir}/${BPN} - install -p -m 644 debian/changelog ${D}${docdir}/${BPN}/ - gzip -9 ${D}${docdir}/${BPN}/* - install -p -m 644 README ${D}${docdir}/${BPN}/ - install -p -m 644 debian/copyright ${D}${docdir}/${BPN}/ -} - -base_passwd_sstate_postinst() { - if [ "${BB_CURRENTTASK}" = "populate_sysroot" -o "${BB_CURRENTTASK}" = "populate_sysroot_setscene" ] - then - # Staging does not copy ${sysconfdir} files into the - # target sysroot, so we need to do so manually. We - # put these files in the target sysroot so they can - # be used by recipes which use custom user/group - # permissions. - install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir} - install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/passwd.master ${STAGING_DIR_TARGET}${sysconfdir}/passwd - install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/group.master ${STAGING_DIR_TARGET}${sysconfdir}/group - install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/shadow.master ${STAGING_DIR_TARGET}${sysconfdir}/shadow - fi -} - -python populate_packages_prepend() { - # Add in the preinst function for ${PN} - # We have to do this here as prior to this, passwd/group.master - # would be unavailable. We need to create these files at preinst - # time before the files from the package may be available, hence - # storing the data from the files in the preinst directly. - - f = open(d.expand("${STAGING_DATADIR}/base-passwd/passwd.master"), 'r') - passwd = "".join(f.readlines()) - f.close() - f = open(d.expand("${STAGING_DATADIR}/base-passwd/group.master"), 'r') - group = "".join(f.readlines()) - f.close() - f = open(d.expand("${STAGING_DATADIR}/base-passwd/shadow.master"), 'r') - shadow = "".join(f.readlines()) - f.close() - - preinst = """#!/bin/sh -if [ ! -e $D${sysconfdir}/passwd ]; then - cat << EOF > $D${sysconfdir}/passwd -""" + passwd + """EOF -fi -if [ ! -e $D${sysconfdir}/group ]; then - cat << EOF > $D${sysconfdir}/group -""" + group + """EOF -fi -if [ ! -e $D${sysconfdir}/shadow ]; then - cat << EOF > $D${sysconfdir}/shadow -""" + shadow + """EOF -fi -chmod 640 $D${sysconfdir}/shadow -chgrp shadow $D${sysconfdir}/shadow -""" - d.setVar('pkg_preinst_${PN}', preinst) -} - -addtask do_package after do_populate_sysroot - -ALLOW_EMPTY_${PN} = "1" - -PACKAGES =+ "${PN}-update" -FILES_${PN}-update = "${sbindir}/* ${datadir}/${PN}" - -pkg_postinst_${PN}-update () { -#!/bin/sh -if [ -n "$D" ]; then - exit 0 -fi -${sbindir}/update-passwd -} diff --git a/meta-digi-del/recipes-core/base-passwd/nobash.patch b/meta-digi-del/recipes-core/base-passwd/nobash.patch deleted file mode 100644 index 637157644..000000000 --- a/meta-digi-del/recipes-core/base-passwd/nobash.patch +++ /dev/null @@ -1,23 +0,0 @@ -use /bin/sh instead of /bin/bash, since the latter may not be included in -some images such as minimal - -comment added by Kevin Tian , 2010-07-06 - -remove "*" for root since we don't have a /etc/shadow so far. - -by Kevin Tian , 2010-07-06 - -Patch managed by http://www.mn-logistik.de/unsupported/pxa250/patcher - -Upstream-Status: Invalid [configuration] - -Signed-off-by: Scott Garman - ---- base-passwd/passwd.master~nobash -+++ base-passwd/passwd.master -@@ -1,4 +1,4 @@ --root:*:0:0:root:/root:/bin/bash -+root::0:0:root:/root:/bin/sh - daemon:*:1:1:daemon:/usr/sbin:/bin/sh - bin:*:2:2:bin:/bin:/bin/sh - sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta-digi-del/recipes-core/base-passwd/root-home.patch b/meta-digi-del/recipes-core/base-passwd/root-home.patch deleted file mode 100644 index eab77f124..000000000 --- a/meta-digi-del/recipes-core/base-passwd/root-home.patch +++ /dev/null @@ -1,16 +0,0 @@ -we use /home/root instead of /root - -Comment added by Kevin Tian , 2010-07-06 - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Scott Garman - ---- base-passwd/passwd.master.orig 2005-07-08 06:26:22.000000000 +0200 -+++ base-passwd/passwd.master 2005-07-08 06:31:58.000000000 +0200 -@@ -1,4 +1,4 @@ --root::0:0:root:/root:/bin/sh -+root::0:0:root:/home/root:/bin/sh - daemon:*:1:1:daemon:/usr/sbin:/bin/sh - bin:*:2:2:bin:/bin:/bin/sh - sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta-digi-del/recipes-core/images/del-image-minimal-dev.bb b/meta-digi-del/recipes-core/images/del-image-minimal-dev.bb index 00f621650..f1aca8726 100644 --- a/meta-digi-del/recipes-core/images/del-image-minimal-dev.bb +++ b/meta-digi-del/recipes-core/images/del-image-minimal-dev.bb @@ -10,6 +10,7 @@ IMAGE_LINGUAS = " " LICENSE = "MIT" inherit core-image +inherit del-image IMAGE_FEATURES += "core-ssh-dropbear" IMAGE_FEATURES += "dev-pkgs" @@ -19,12 +20,5 @@ IMAGE_FEATURES += "dev-pkgs" # allow for empty password logins. IMAGE_FEATURES += "debug-tweaks" -# core-image disables the root password if debug-tweak is not enabled. -# This override will use the shadow file instead. -zap_root_password () { - sed 's%^root:[^:]*:%root:x:%' < ${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new - mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd -} - # remove not needed ipkg informations -ROOTFS_POSTPROCESS_COMMAND += "remove_packaging_data_files ; " +ROOTFS_POSTPROCESS_COMMAND += "remove_packaging_data_files; del_rootfs_tuning;" diff --git a/meta-digi-del/recipes-core/images/del-image-minimal.bb b/meta-digi-del/recipes-core/images/del-image-minimal.bb index fd31a8ae2..29057462b 100644 --- a/meta-digi-del/recipes-core/images/del-image-minimal.bb +++ b/meta-digi-del/recipes-core/images/del-image-minimal.bb @@ -24,14 +24,7 @@ IMAGE_FEATURES += '${@base_contains("MACHINE_FEATURES", "alsa", "del-audio", "", IMAGE_FEATURES += '${@base_contains("MACHINE_FEATURES", "accel-video", "del-gstreamer", "", d)}' IMAGE_FEATURES += '${@base_contains("MACHINE_FEATURES", "wifi", "del-wireless", "", d)}' -# core-image disables the root password if debug-tweak is not enabled. -# This override will use the shadow file instead. -zap_root_password () { - sed 's%^root:[^:]*:%root:x:%' < ${IMAGE_ROOTFS}/etc/passwd >${IMAGE_ROOTFS}/etc/passwd.new - mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd -} - IMAGE_ROOTFS_SIZE = "8192" # remove not needed ipkg informations -ROOTFS_POSTPROCESS_COMMAND += "remove_packaging_data_files ; " +ROOTFS_POSTPROCESS_COMMAND += "remove_packaging_data_files; del_rootfs_tuning;"