[OE-core] [PATCH 16/24] dropbear: add default config file to disable root login
Andre McCurdy
armccurdy at gmail.com
Fri May 25 03:34:59 UTC 2018
On Thu, May 24, 2018 at 7:48 PM, Robert Yang <liezhi.yang at windriver.com> wrote:
> From: Jackie Huang <jackie.huang at windriver.com>
>
> root login is disabled by default for openssh and we can
> enable it through IMAGE_FEATURES 'debug-tweaks' or
> 'allow-empty-password', so change to the same default
> behavior for dropbear.
>
> Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
> ---
> meta/recipes-core/dropbear/dropbear.inc | 3 +++
> meta/recipes-core/dropbear/dropbear/dropbear.default | 2 ++
> 2 files changed, 5 insertions(+)
> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear.default
>
> diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
> index 16ac644..3c79be9 100644
> --- a/meta/recipes-core/dropbear/dropbear.inc
> +++ b/meta/recipes-core/dropbear/dropbear.inc
> @@ -20,6 +20,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
> file://dropbearkey.service \
> file://dropbear@.service \
> file://dropbear.socket \
> + file://dropbear.default \
> ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} "
>
> PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
> @@ -63,6 +64,8 @@ do_install() {
> ${D}${sbindir} \
> ${D}${localstatedir}
>
> + install -m 0755 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear
Files in /etc/default don't need to be executable.
> +
> install -m 0755 dropbearmulti ${D}${sbindir}/
> ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient
>
> diff --git a/meta/recipes-core/dropbear/dropbear/dropbear.default b/meta/recipes-core/dropbear/dropbear/dropbear.default
> new file mode 100644
> index 0000000..522453a
> --- /dev/null
> +++ b/meta/recipes-core/dropbear/dropbear/dropbear.default
> @@ -0,0 +1,2 @@
> +# Disallow root logins by default
> +DROPBEAR_EXTRA_ARGS="-w"
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list