summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Klug <john.klug@multitech.com>2017-04-21 10:35:44 -0500
committerJohn Klug <john.klug@multitech.com>2017-05-23 15:22:10 -0500
commit00ce6692fd0287c15b7f6e5aa25fa66eb2221971 (patch)
treebc86a0166540bc2d16fe720df226a1201e9ae58a
parentdf5312a5710020377380fd4e5b0e971366edc319 (diff)
downloadmeta-mlinux-00ce6692fd0287c15b7f6e5aa25fa66eb2221971.tar.gz
meta-mlinux-00ce6692fd0287c15b7f6e5aa25fa66eb2221971.tar.bz2
meta-mlinux-00ce6692fd0287c15b7f6e5aa25fa66eb2221971.zip
mtadm user, root password removed, sudo
-rw-r--r--classes/mlinux-image.bbclass8
-rw-r--r--recipes-core/images/mlinux-factory-image.bb2
-rw-r--r--recipes-core/images/mlinux-minimal-image.bb2
-rw-r--r--recipes-core/initscripts/initscripts-1.0/umountfs11
-rw-r--r--recipes-core/useradd/useradd.bb47
5 files changed, 63 insertions, 7 deletions
diff --git a/classes/mlinux-image.bbclass b/classes/mlinux-image.bbclass
index 785160e..3c3bcaa 100644
--- a/classes/mlinux-image.bbclass
+++ b/classes/mlinux-image.bbclass
@@ -2,12 +2,14 @@
# having file mod times of zero confuses cron
IMAGE_CMD_jffs2 = "mkfs.jffs2 --root=${IMAGE_ROOTFS} --output=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.jffs2 ${EXTRA_IMAGECMD}"
-# set specified root password in image using ROOT_PASSWORD_HASH
+# set specified mtadm password in image using ROOT_PASSWORD_HASH
mlinux_set_root_password () {
+ echo IMAGE_ROOTFS is ${IMAGE_ROOTFS} >/tmp/m_set_root_pwd.txt
+ ls ${IMAGE_ROOTFS} >/tmp/ls_pwd.txt
if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
- sed -i 's%^root:[^:]*:%root:${ROOT_PASSWORD_HASH}:%' ${IMAGE_ROOTFS}/etc/shadow
+ sed -i 's%^mtadm:[^:]*:%mtadm:${ROOT_PASSWORD_HASH}:%' ${IMAGE_ROOTFS}/etc/shadow
elif [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then
- sed -i 's%^root:[^:]*:%root:${ROOT_PASSWORD_HASH}:%' ${IMAGE_ROOTFS}/etc/passwd
+ sed -i 's%^mtadm:[^:]*:%mtadm:${ROOT_PASSWORD_HASH}:%' ${IMAGE_ROOTFS}/etc/passwd
fi
}
ROOTFS_POSTPROCESS_COMMAND += "mlinux_set_root_password;"
diff --git a/recipes-core/images/mlinux-factory-image.bb b/recipes-core/images/mlinux-factory-image.bb
index cc8401b..9e59bfb 100644
--- a/recipes-core/images/mlinux-factory-image.bb
+++ b/recipes-core/images/mlinux-factory-image.bb
@@ -70,7 +70,7 @@ IMAGE_INSTALL += "ruby"
IMAGE_INSTALL += "ruby-serialport"
# OpenJDK Java runtime
-IMAGE_INSTALL += "openjdk-8"
+# IMAGE_INSTALL += "openjdk-8"
# OpenJDK with JamVM VM (Multi-Tech default)
# IMAGE_INSTALL += "jamvm"
# OpenJDK with CACAO VM (run with 'java -cacao')
diff --git a/recipes-core/images/mlinux-minimal-image.bb b/recipes-core/images/mlinux-minimal-image.bb
index 2f2d61b..1a92e8e 100644
--- a/recipes-core/images/mlinux-minimal-image.bb
+++ b/recipes-core/images/mlinux-minimal-image.bb
@@ -16,8 +16,10 @@ CORE_FEATURES = "packagegroup-core-boot packagegroup-distro-base \
openssh-sftp-server \
util-linux-mount util-linux-umount \
start-stop-daemon \
+ sudo \
${CORE_IMAGE_EXTRA_INSTALL} \
mlinux-feed-configs \
+ useradd \
"
NETWORKING_FEATURES = "ppp curl iproute2 \
diff --git a/recipes-core/initscripts/initscripts-1.0/umountfs b/recipes-core/initscripts/initscripts-1.0/umountfs
index 8c12ebe..bfd4d47 100644
--- a/recipes-core/initscripts/initscripts-1.0/umountfs
+++ b/recipes-core/initscripts/initscripts-1.0/umountfs
@@ -10,6 +10,7 @@
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
+upgrade_fname="/var/volatile/do_flash_upgrade"
umount_all() {
echo "Deactivating swap..."
@@ -256,9 +257,13 @@ flash_upgrade() {
}
# do flash on reboot if do_flash_upgrade exists
-if [ -f /var/volatile/do_flash_upgrade ]; then
- flash_upgrade /var/volatile
- flash_upgrade /media/card
+# and is owned by root
+if [[ -f ${upgrade_fname} ]] ; then
+ owner=$(stat -c%u "${upgrade_fname}")
+ if ((${#owner} > 0)) && ((owner == 0)) ; then
+ flash_upgrade /var/volatile
+ flash_upgrade /media/card
+ fi
fi
umount_all
diff --git a/recipes-core/useradd/useradd.bb b/recipes-core/useradd/useradd.bb
new file mode 100644
index 0000000..0afa3b1
--- /dev/null
+++ b/recipes-core/useradd/useradd.bb
@@ -0,0 +1,47 @@
+SUMMARY = "Add mtadm user"
+DESCRIPTION = "Add mtadm user for security purposes"
+SECTION = "mtadm"
+PR = "r1"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+S = "${WORKDIR}"
+
+inherit useradd
+
+# You must set USERADD_PACKAGES when you inherit useradd. This
+# lists which output packages will include the user/group
+# creation code.
+#USERADD_PACKAGES = "${PN} ${PN}-user3"
+USERADD_PACKAGES = "${PN}"
+
+# You must also set USERADD_PARAM and/or GROUPADD_PARAM when
+# you inherit useradd.
+
+# GROUPADD_PARAM works the same way, which you set to the options
+# you'd normally pass to the groupadd command. This will create
+# groups group1 and group2:
+GROUPADD_PARAM_${PN} = "-r -g 27 sudo"
+
+# USERADD_PARAM specifies command line options to pass to the
+# useradd command. Multiple users can be created by separating
+# the commands with a semicolon. Here we'll create two users,
+# user1 and user2:
+USERADD_PARAM_${PN} = "-u 50 -G sudo -m -r -s /bin/bash mtadm"
+
+do_install () {
+ # If the recipe doesn't have a file, the ipk
+ # is deleted, and it does nothing.
+ # Create a .ssh directory for mtadm.
+ install -d 0700 ${D}/home/mtadm/.ssh
+ chown mtadm:mtadm ${D}/home/mtadm
+ chown mtadm:mtadm ${D}/home/mtadm/.ssh
+}
+
+FILES_${PN} = "/home/mtadm/.ssh"
+
+# Prevents do_package failures with:
+# debugsources.list: No such file or directory:
+INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
+