[OE-core] [PATCH v2 2/2] classes/image: improve debug-tweaks ssh server configuration
Martin Jansa
martin.jansa at gmail.com
Wed Jan 16 16:40:38 UTC 2013
On Wed, Jan 16, 2013 at 03:38:13PM +0000, Paul Eggleton wrote:
> Create a single postprocessing function that enables no-password logins
> for both openssh and dropbear when debug-tweaks is in IMAGE_FEATURES,
> changing its behaviour slightly:
> * Run it regardless of whether ssh-server-* are in IMAGE_FEATURES so
> that it still takes effect if these are installed by adding
> dropbear/openssh to IMAGE_INSTALL.
> * Enable it to be run from image.bbclass rather than core-image.bbclass
> so that it works for images that are using the former.
>
> Second half of the fix for [YOCTO #2578].
>
> Signed-off-by: Paul Eggleton <paul.eggleton at linux.intel.com>
> ---
> meta/classes/core-image.bbclass | 3 ---
> meta/classes/image.bbclass | 10 ++++++++--
> 2 files changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
> index 2e67018..e0f6dbb 100644
> --- a/meta/classes/core-image.bbclass
> +++ b/meta/classes/core-image.bbclass
> @@ -76,6 +76,3 @@ ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
>
> # Zap the root password if debug-tweaks feature is not enabled
> ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
> -# Allow openssh accept empty password login if both debug-tweaks and ssh-server-openssh are enabled
> -ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks ssh-server-openssh", "openssh_allow_empty_password; ", "",d)}'
> -
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index e494689..131958d 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -167,6 +167,8 @@ inherit ${IMAGE_CLASSES}
> IMAGE_POSTPROCESS_COMMAND ?= ""
> MACHINE_POSTPROCESS_COMMAND ?= ""
> ROOTFS_POSTPROCESS_COMMAND_prepend = "run_intercept_scriptlets; "
> +# Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled
> +ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "ssh_allow_empty_password; ", "",d)}'
>
> # some default locales
> IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
> @@ -396,12 +398,16 @@ zap_root_password () {
> mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
> }
>
> -# allow openssh accept login with empty password string
> -openssh_allow_empty_password () {
> +# allow dropbear/openssh to accept root logins and logins from accounts with an empty password string
> +ssh_allow_empty_password () {
> if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
> sed -i 's#.*PermitRootLogin.*#PermitRootLogin yes#' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config
> sed -i 's#.*PermitEmptyPasswords.*#PermitEmptyPasswords yes#' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config
> fi
> +
> + if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then
> + echo 'DROPBEAR_EXTRA_ARGS="-B"' > ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear
> + fi
Can we use >> here? In case some distro layer provides own
default/dropbear already?
Or grep + >> if you fear of duplication of that line, probably
should be using sed to add -B if DROPBEAR_EXTRA_ARGS line is already
there without -B.
Cheers,
--
Martin 'JaMa' Jansa jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20130116/e900c1e1/attachment-0002.sig>
More information about the Openembedded-core
mailing list