[OE-core] [PATCH v2 2/2] classes/image: improve debug-tweaks ssh server configuration
Paul Eggleton
paul.eggleton at linux.intel.com
Wed Jan 16 16:56:42 UTC 2013
On Wednesday 16 January 2013 17:40:38 Martin Jansa wrote:
> On Wed, Jan 16, 2013 at 03:38:13PM +0000, Paul Eggleton wrote:
> > Create a single postprocessing function that enables no-password logins
> > for both openssh and dropbear when debug-tweaks is in IMAGE_FEATURES,
> > changing its behaviour slightly:
> > * Run it regardless of whether ssh-server-* are in IMAGE_FEATURES so
> >
> > that it still takes effect if these are installed by adding
> > dropbear/openssh to IMAGE_INSTALL.
> >
> > * Enable it to be run from image.bbclass rather than core-image.bbclass
> >
> > so that it works for images that are using the former.
> >
> > Second half of the fix for [YOCTO #2578].
> >
> > Signed-off-by: Paul Eggleton <paul.eggleton at linux.intel.com>
> > ---
> >
> > meta/classes/core-image.bbclass | 3 ---
> > meta/classes/image.bbclass | 10 ++++++++--
> > 2 files changed, 8 insertions(+), 5 deletions(-)
> >
> > diff --git a/meta/classes/core-image.bbclass
> > b/meta/classes/core-image.bbclass index 2e67018..e0f6dbb 100644
> > --- a/meta/classes/core-image.bbclass
> > +++ b/meta/classes/core-image.bbclass
> > @@ -76,6 +76,3 @@ ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ;
> > ">
> > # Zap the root password if debug-tweaks feature is not enabled
> > ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES",
> > "debug-tweaks", "", "zap_root_password ; ",d)}'>
> > -# Allow openssh accept empty password login if both debug-tweaks and
> > ssh-server-openssh are enabled -ROOTFS_POSTPROCESS_COMMAND +=
> > '${@base_contains("IMAGE_FEATURES", "debug-tweaks ssh-server-openssh",
> > "openssh_allow_empty_password; ", "",d)}' -
> > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> > index e494689..131958d 100644
> > --- a/meta/classes/image.bbclass
> > +++ b/meta/classes/image.bbclass
> > @@ -167,6 +167,8 @@ inherit ${IMAGE_CLASSES}
> >
> > IMAGE_POSTPROCESS_COMMAND ?= ""
> > MACHINE_POSTPROCESS_COMMAND ?= ""
> > ROOTFS_POSTPROCESS_COMMAND_prepend = "run_intercept_scriptlets; "
> >
> > +# Allow dropbear/openssh to accept logins from accounts with an empty
> > password string if debug-tweaks is enabled +ROOTFS_POSTPROCESS_COMMAND +=
> > '${@base_contains("IMAGE_FEATURES", "debug-tweaks",
> > "ssh_allow_empty_password; ", "",d)}'>
> > # some default locales
> > IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
> >
> > @@ -396,12 +398,16 @@ zap_root_password () {
> >
> > mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
> >
> > }
> >
> > -# allow openssh accept login with empty password string
> > -openssh_allow_empty_password () {
> > +# allow dropbear/openssh to accept root logins and logins from accounts
> > with an empty password string +ssh_allow_empty_password () {
> >
> > if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
> >
> > sed -i 's#.*PermitRootLogin.*#PermitRootLogin yes#'
> > ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config sed -i
> > 's#.*PermitEmptyPasswords.*#PermitEmptyPasswords yes#'
> > ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config>
> > fi
> >
> > +
> > + if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then
> > + echo 'DROPBEAR_EXTRA_ARGS="-B"' >
> > ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear + fi
>
> Can we use >> here? In case some distro layer provides own
> default/dropbear already?
>
> Or grep + >> if you fear of duplication of that line, probably
> should be using sed to add -B if DROPBEAR_EXTRA_ARGS line is already
> there without -B.
Slightly ahead of you :) see discussion with Chris.
Cheers,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
More information about the Openembedded-core
mailing list