diff options
| author | John Klug <john.klug@multitech.com> | 2017-04-21 10:35:44 -0500 |
|---|---|---|
| committer | John Klug <john.klug@multitech.com> | 2017-05-23 15:22:10 -0500 |
| commit | 00ce6692fd0287c15b7f6e5aa25fa66eb2221971 (patch) | |
| tree | bc86a0166540bc2d16fe720df226a1201e9ae58a | |
| parent | df5312a5710020377380fd4e5b0e971366edc319 (diff) | |
| download | meta-mlinux-00ce6692fd0287c15b7f6e5aa25fa66eb2221971.tar.gz meta-mlinux-00ce6692fd0287c15b7f6e5aa25fa66eb2221971.tar.bz2 meta-mlinux-00ce6692fd0287c15b7f6e5aa25fa66eb2221971.zip | |
mtadm user, root password removed, sudo
| -rw-r--r-- | classes/mlinux-image.bbclass | 8 | ||||
| -rw-r--r-- | recipes-core/images/mlinux-factory-image.bb | 2 | ||||
| -rw-r--r-- | recipes-core/images/mlinux-minimal-image.bb | 2 | ||||
| -rw-r--r-- | recipes-core/initscripts/initscripts-1.0/umountfs | 11 | ||||
| -rw-r--r-- | recipes-core/useradd/useradd.bb | 47 |
5 files changed, 63 insertions, 7 deletions
diff --git a/classes/mlinux-image.bbclass b/classes/mlinux-image.bbclass index 785160e..3c3bcaa 100644 --- a/classes/mlinux-image.bbclass +++ b/classes/mlinux-image.bbclass @@ -2,12 +2,14 @@ # having file mod times of zero confuses cron IMAGE_CMD_jffs2 = "mkfs.jffs2 --root=${IMAGE_ROOTFS} --output=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.jffs2 ${EXTRA_IMAGECMD}" -# set specified root password in image using ROOT_PASSWORD_HASH +# set specified mtadm password in image using ROOT_PASSWORD_HASH mlinux_set_root_password () { + echo IMAGE_ROOTFS is ${IMAGE_ROOTFS} >/tmp/m_set_root_pwd.txt + ls ${IMAGE_ROOTFS} >/tmp/ls_pwd.txt if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then - sed -i 's%^root:[^:]*:%root:${ROOT_PASSWORD_HASH}:%' ${IMAGE_ROOTFS}/etc/shadow + sed -i 's%^mtadm:[^:]*:%mtadm:${ROOT_PASSWORD_HASH}:%' ${IMAGE_ROOTFS}/etc/shadow elif [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then - sed -i 's%^root:[^:]*:%root:${ROOT_PASSWORD_HASH}:%' ${IMAGE_ROOTFS}/etc/passwd + sed -i 's%^mtadm:[^:]*:%mtadm:${ROOT_PASSWORD_HASH}:%' ${IMAGE_ROOTFS}/etc/passwd fi } ROOTFS_POSTPROCESS_COMMAND += "mlinux_set_root_password;" diff --git a/recipes-core/images/mlinux-factory-image.bb b/recipes-core/images/mlinux-factory-image.bb index cc8401b..9e59bfb 100644 --- a/recipes-core/images/mlinux-factory-image.bb +++ b/recipes-core/images/mlinux-factory-image.bb @@ -70,7 +70,7 @@ IMAGE_INSTALL += "ruby" IMAGE_INSTALL += "ruby-serialport" # OpenJDK Java runtime -IMAGE_INSTALL += "openjdk-8" +# IMAGE_INSTALL += "openjdk-8" # OpenJDK with JamVM VM (Multi-Tech default) # IMAGE_INSTALL += "jamvm" # OpenJDK with CACAO VM (run with 'java -cacao') diff --git a/recipes-core/images/mlinux-minimal-image.bb b/recipes-core/images/mlinux-minimal-image.bb index 2f2d61b..1a92e8e 100644 --- a/recipes-core/images/mlinux-minimal-image.bb +++ b/recipes-core/images/mlinux-minimal-image.bb @@ -16,8 +16,10 @@ CORE_FEATURES = "packagegroup-core-boot packagegroup-distro-base \ openssh-sftp-server \ util-linux-mount util-linux-umount \ start-stop-daemon \ + sudo \ ${CORE_IMAGE_EXTRA_INSTALL} \ mlinux-feed-configs \ + useradd \ " NETWORKING_FEATURES = "ppp curl iproute2 \ diff --git a/recipes-core/initscripts/initscripts-1.0/umountfs b/recipes-core/initscripts/initscripts-1.0/umountfs index 8c12ebe..bfd4d47 100644 --- a/recipes-core/initscripts/initscripts-1.0/umountfs +++ b/recipes-core/initscripts/initscripts-1.0/umountfs @@ -10,6 +10,7 @@ ### END INIT INFO PATH=/sbin:/bin:/usr/sbin:/usr/bin +upgrade_fname="/var/volatile/do_flash_upgrade" umount_all() { echo "Deactivating swap..." @@ -256,9 +257,13 @@ flash_upgrade() { } # do flash on reboot if do_flash_upgrade exists -if [ -f /var/volatile/do_flash_upgrade ]; then - flash_upgrade /var/volatile - flash_upgrade /media/card +# and is owned by root +if [[ -f ${upgrade_fname} ]] ; then + owner=$(stat -c%u "${upgrade_fname}") + if ((${#owner} > 0)) && ((owner == 0)) ; then + flash_upgrade /var/volatile + flash_upgrade /media/card + fi fi umount_all diff --git a/recipes-core/useradd/useradd.bb b/recipes-core/useradd/useradd.bb new file mode 100644 index 0000000..0afa3b1 --- /dev/null +++ b/recipes-core/useradd/useradd.bb @@ -0,0 +1,47 @@ +SUMMARY = "Add mtadm user" +DESCRIPTION = "Add mtadm user for security purposes" +SECTION = "mtadm" +PR = "r1" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +S = "${WORKDIR}" + +inherit useradd + +# You must set USERADD_PACKAGES when you inherit useradd. This +# lists which output packages will include the user/group +# creation code. +#USERADD_PACKAGES = "${PN} ${PN}-user3" +USERADD_PACKAGES = "${PN}" + +# You must also set USERADD_PARAM and/or GROUPADD_PARAM when +# you inherit useradd. + +# GROUPADD_PARAM works the same way, which you set to the options +# you'd normally pass to the groupadd command. This will create +# groups group1 and group2: +GROUPADD_PARAM_${PN} = "-r -g 27 sudo" + +# USERADD_PARAM specifies command line options to pass to the +# useradd command. Multiple users can be created by separating +# the commands with a semicolon. Here we'll create two users, +# user1 and user2: +USERADD_PARAM_${PN} = "-u 50 -G sudo -m -r -s /bin/bash mtadm" + +do_install () { + # If the recipe doesn't have a file, the ipk + # is deleted, and it does nothing. + # Create a .ssh directory for mtadm. + install -d 0700 ${D}/home/mtadm/.ssh + chown mtadm:mtadm ${D}/home/mtadm + chown mtadm:mtadm ${D}/home/mtadm/.ssh +} + +FILES_${PN} = "/home/mtadm/.ssh" + +# Prevents do_package failures with: +# debugsources.list: No such file or directory: +INHIBIT_PACKAGE_DEBUG_SPLIT = "1" + |