Thread (3 messages) 3 messages, 2 authors, 2021-01-18

[cip-dev][isar-cip-core][RFC 1/1] image: Move root password

From: Quirin Gylstorff <hidden>
Date: 2021-01-18 10:37:09
Subsystem: the rest · Maintainer: Linus Torvalds 

From: Quirin Gylstorff <redacted>

If cip-core is used upstream there is the possibility that the
root password is not set to a new value. Avoid this by moving the
password setting to the image.

Signed-off-by: Quirin Gylstorff <redacted>
---
 kas-cip.yml                                         | 4 ----
 recipes-core/images/cip-core-image-security.bb      | 3 +++
 recipes-core/images/cip-core-image.bb               | 8 +++++++-
 recipes-core/security-customizations/files/postinst | 6 ------
 4 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/kas-cip.yml b/kas-cip.yml
index 9514083..f2ed22e 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -41,7 +41,3 @@ local_conf_header:
     CONF_VERSION = "1"
   cross: |
     ISAR_CROSS_COMPILE = "1"
-  root_password: |
-    USERS += "root"
-    # 'root'
-    USER_root[password] = "oC3wEGl799tZU"
diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb
index 61ddc39..23219cb 100644
--- a/recipes-core/images/cip-core-image-security.bb
+++ b/recipes-core/images/cip-core-image-security.bb
@@ -11,6 +11,9 @@
 
 inherit image
 
+# for customization and root password
+require recipes-core/images/cip-core-image.bb
+
 DESCRIPTION = "CIP Core image including security packages"
 
 IMAGE_INSTALL += "security-customizations"
diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index 2cecde3..0f62edd 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -1,7 +1,7 @@
 #
 # CIP Core, generic profile
 #
-# Copyright (c) Siemens AG, 2019
+# Copyright (c) Siemens AG, 2019 - 2021
 #
 # Authors:
 #  Jan Kiszka <jan.kiszka@siemens.com>
@@ -11,6 +11,7 @@
 
 inherit image
 inherit image_uuid
+
 ISAR_RELEASE_CMD = "git -C ${LAYERDIR_cip-core} describe --tags --dirty --always --match 'v[0-9].[0-9]*'"
 DESCRIPTION = "CIP Core image"
 
@@ -19,3 +20,8 @@ IMAGE_INSTALL += "customizations"
 # for swupdate
 SWU_DESCRIPTION ??= "swupdate"
 include ${SWU_DESCRIPTION}.inc
+
+# add root user and set passwort
+USERS += "root"
+# 'root'
+USER_root[password] = "oC3wEGl799tZU"
diff --git a/recipes-core/security-customizations/files/postinst b/recipes-core/security-customizations/files/postinst
index 3699ba2..682ceec 100644
--- a/recipes-core/security-customizations/files/postinst
+++ b/recipes-core/security-customizations/files/postinst
@@ -4,12 +4,6 @@
 # Security Package configurations
 #
 
-echo "CIP Core Security Image (login: root/root)" > /etc/issue
-
-HOSTNAME=demo
-echo "$HOSTNAME" > /etc/hostname
-echo "127.0.0.1 $HOSTNAME" >> /etc/hosts
-
 # CR1.7: Strength of password-based authentication
 # Pam configuration to  enforce password strength
 PAM_PWD_FILE="/etc/pam.d/common-password"
-- 
2.20.1

Attachments

Other recent patches touching these files
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help