mtadm user, root password removed, sudo

4 files changed, 58 insertions, 4 deletions

diff --git a/recipes-core/images/mlinux-factory-image.bb b/recipes-core/images/mlinux-factory-image.bb
index cc8401b..9e59bfb 100644
--- a/recipes-core/images/mlinux-factory-image.bb
+++ b/recipes-core/images/mlinux-factory-image.bb
@@ -70,7 +70,7 @@ IMAGE_INSTALL += "ruby"
 IMAGE_INSTALL += "ruby-serialport"
 
 # OpenJDK Java runtime
-IMAGE_INSTALL += "openjdk-8"
+# IMAGE_INSTALL += "openjdk-8"
 # OpenJDK with JamVM VM (Multi-Tech default)
 # IMAGE_INSTALL += "jamvm"
 # OpenJDK with CACAO VM (run with 'java -cacao')
diff --git a/recipes-core/images/mlinux-minimal-image.bb b/recipes-core/images/mlinux-minimal-image.bb
index 2f2d61b..1a92e8e 100644
--- a/recipes-core/images/mlinux-minimal-image.bb
+++ b/recipes-core/images/mlinux-minimal-image.bb
@@ -16,8 +16,10 @@ CORE_FEATURES = "packagegroup-core-boot packagegroup-distro-base \
                  openssh-sftp-server \
                  util-linux-mount util-linux-umount \
                  start-stop-daemon \
+		 sudo \
                  ${CORE_IMAGE_EXTRA_INSTALL} \
                  mlinux-feed-configs \
+		 useradd \
                  "
 
 NETWORKING_FEATURES = "ppp curl iproute2 \
diff --git a/recipes-core/initscripts/initscripts-1.0/umountfs b/recipes-core/initscripts/initscripts-1.0/umountfs
index 8c12ebe..bfd4d47 100644
--- a/recipes-core/initscripts/initscripts-1.0/umountfs
+++ b/recipes-core/initscripts/initscripts-1.0/umountfs
@@ -10,6 +10,7 @@
 ### END INIT INFO
 
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
+upgrade_fname="/var/volatile/do_flash_upgrade"
 
 umount_all() {
   echo "Deactivating swap..."
@@ -256,9 +257,13 @@ flash_upgrade() {
 }
 
 # do flash on reboot if do_flash_upgrade exists
-if [ -f /var/volatile/do_flash_upgrade ]; then
-    flash_upgrade /var/volatile
-    flash_upgrade /media/card
+# and is owned by root
+if [[ -f ${upgrade_fname} ]] ; then
+    owner=$(stat -c%u "${upgrade_fname}")
+    if ((${#owner} > 0)) && ((owner == 0)) ; then
+      flash_upgrade /var/volatile
+      flash_upgrade /media/card
+    fi
 fi
 
 umount_all
diff --git a/recipes-core/useradd/useradd.bb b/recipes-core/useradd/useradd.bb
new file mode 100644
index 0000000..0afa3b1
--- /dev/null
+++ b/recipes-core/useradd/useradd.bb
@@ -0,0 +1,47 @@
+SUMMARY = "Add mtadm user"
+DESCRIPTION = "Add mtadm user for security purposes"
+SECTION = "mtadm"
+PR = "r1"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+S = "${WORKDIR}"
+
+inherit useradd
+
+# You must set USERADD_PACKAGES when you inherit useradd. This
+# lists which output packages will include the user/group
+# creation code.
+#USERADD_PACKAGES = "${PN} ${PN}-user3"
+USERADD_PACKAGES = "${PN}"
+
+# You must also set USERADD_PARAM and/or GROUPADD_PARAM when
+# you inherit useradd.
+
+# GROUPADD_PARAM works the same way, which you set to the options
+# you'd normally pass to the groupadd command. This will create
+# groups group1 and group2:
+GROUPADD_PARAM_${PN} = "-r  -g 27 sudo"
+
+# USERADD_PARAM specifies command line options to pass to the
+# useradd command. Multiple users can be created by separating
+# the commands with a semicolon. Here we'll create two users,
+# user1 and user2:
+USERADD_PARAM_${PN} = "-u 50 -G sudo -m -r -s /bin/bash mtadm"
+
+do_install () {
+        # If the recipe doesn't have a file, the ipk
+        # is deleted, and it does nothing.
+        # Create a .ssh directory for mtadm.
+        install -d 0700 ${D}/home/mtadm/.ssh
+	chown mtadm:mtadm ${D}/home/mtadm
+	chown mtadm:mtadm ${D}/home/mtadm/.ssh
+}
+
+FILES_${PN} = "/home/mtadm/.ssh"
+
+# Prevents do_package failures with:
+# debugsources.list: No such file or directory:
+INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
+