[OE-core] [PATCH] openssh: allow root login when debug-tweaks is enabled
Phil Blundell
philb at gnu.org
Fri Sep 7 21:09:17 UTC 2012
On Fri, 2012-09-07 at 11:17 -0700, Saul Wold wrote:
> + for i in ${IMAGE_FEATURES};
> + do
> + if [ ${i} = "debug-tweaks" ]; then
Using ${IMAGE_FEATURES} in a package postinst is pretty unwholesome. If
you do:
$ IMAGE_FEATURES=debug-tweaks bitbake openssh
$ sleep $[21*86400]
$ IMAGE_FEATURES=no-debug-tweaks bitbake my-production-image
then there is a significant risk that you will accidentally get the
insecure openssh in your image without realising it.
I know dropbear does this sort of thing already but we should really try
not to add more of that stuff. If it's an IMAGE_FEATURE then it should
really be getting handled at the rootfs level, not burned into the
packages in the feed.
p.
More information about the Openembedded-core
mailing list