diff options
author | Paul Eggleton <paul.eggleton@linux.intel.com> | 2013-01-16 17:00:12 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-01-18 13:02:01 +0000 |
commit | 0937054e6e3e02565f57e60a8bdc14b0ad62e249 (patch) | |
tree | 1bdab29ed373c3e3448e21f37029caa0b34d52a1 | |
parent | 313039590171456b652fa7a2f5823c9b7060b20f (diff) | |
download | openembedded-core-0937054e6e3e02565f57e60a8bdc14b0ad62e249.tar.gz openembedded-core-0937054e6e3e02565f57e60a8bdc14b0ad62e249.tar.bz2 openembedded-core-0937054e6e3e02565f57e60a8bdc14b0ad62e249.zip |
classes/image: improve debug-tweaks ssh server configuration
Create a single postprocessing function that enables no-password logins
for both openssh and dropbear when debug-tweaks is in IMAGE_FEATURES,
changing its behaviour slightly:
* Run it regardless of whether ssh-server-* are in IMAGE_FEATURES so
that it still takes effect if these are installed by adding
dropbear/openssh to IMAGE_INSTALL.
* Enable it to be run from image.bbclass rather than core-image.bbclass
so that it works for images that are using the former.
Second half of the fix for [YOCTO #2578].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
-rw-r--r-- | meta/classes/core-image.bbclass | 3 | ||||
-rw-r--r-- | meta/classes/image.bbclass | 16 |
2 files changed, 14 insertions, 5 deletions
diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass index 2e67018536..e0f6dbb7d9 100644 --- a/meta/classes/core-image.bbclass +++ b/meta/classes/core-image.bbclass @@ -76,6 +76,3 @@ ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; " # Zap the root password if debug-tweaks feature is not enabled ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}' -# Allow openssh accept empty password login if both debug-tweaks and ssh-server-openssh are enabled -ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks ssh-server-openssh", "openssh_allow_empty_password; ", "",d)}' - diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index e49468949e..0293d2e358 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -167,6 +167,8 @@ inherit ${IMAGE_CLASSES} IMAGE_POSTPROCESS_COMMAND ?= "" MACHINE_POSTPROCESS_COMMAND ?= "" ROOTFS_POSTPROCESS_COMMAND_prepend = "run_intercept_scriptlets; " +# Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled +ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "ssh_allow_empty_password; ", "",d)}' # some default locales IMAGE_LINGUAS ?= "de-de fr-fr en-gb" @@ -396,12 +398,22 @@ zap_root_password () { mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd } -# allow openssh accept login with empty password string -openssh_allow_empty_password () { +# allow dropbear/openssh to accept root logins and logins from accounts with an empty password string +ssh_allow_empty_password () { if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then sed -i 's#.*PermitRootLogin.*#PermitRootLogin yes#' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config sed -i 's#.*PermitEmptyPasswords.*#PermitEmptyPasswords yes#' ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config fi + + if [ -e ${IMAGE_ROOTFS}${sbindir}/dropbear ] ; then + if grep -q DROPBEAR_EXTRA_ARGS ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear 2>/dev/null ; then + if ! grep -q "DROPBEAR_EXTRA_ARGS=.*-B" ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear ; then + sed -i 's/^DROPBEAR_EXTRA_ARGS="*\([^"]*\)"*/DROPBEAR_EXTRA_ARGS="\1 -B"/' ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear + fi + else + printf '\nDROPBEAR_EXTRA_ARGS="-B"\n' >> ${IMAGE_ROOTFS}${sysconfdir}/default/dropbear + fi + fi } # Turn any symbolic /sbin/init link into a file |