Home Explore Help
Sign In
qyg
/
isar-kylin-addpackage
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

meta: image-account-extension: allow clear-text-passwords

When setting a password, having to always do so in encrypted form seems
a little overkill. We often see the clear-text as comment above the
encrypted version anyways. Allowing to set the password as clear-text
makes it more obvious that things might not be super-secure, while
making a layer more readable ... say you are looking for the password an
image asks for.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
Henning Schild 3 years ago
parent
5e563ac4b7
commit
2bcfd6f7c2
3 changed files with 11 additions and 3 deletions
Unified View Show Diff Stats
  1. 1 0
      doc/user_manual.md
  2. 3 0
      meta-isar/conf/local.conf.sample
  3. 7 3
      meta/classes/image-account-extension.bbclass

+ 1 - 0
doc/user_manual.md
View File 

@@ -633,6 +633,7 @@ The `USERS` and `USER_<username>` variable works similar to the `GROUPS` and `GR
 
    - `create-home` - `useradd` will be called with `-m` to force creation of the users home directory.
 
    - `create-home` - `useradd` will be called with `-m` to force creation of the users home directory.
 
    - `system` - `useradd` will be called with `--system`.
 
    - `system` - `useradd` will be called with `--system`.
 
    - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password.
 
    - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password.
 
+   - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it.
 
 
 
 #### Home directory contents prefilling
 
 #### Home directory contents prefilling

+ 3 - 0
meta-isar/conf/local.conf.sample
View File 

@@ -217,5 +217,8 @@ USER_isar[home] = "/var/lib/isar"
 
 USER_isar[comment] = "My isar user"
 
 USER_isar[comment] = "My isar user"
 
 USER_isar[flags] = "system create-home"
 
 USER_isar[flags] = "system create-home"
 
 
 
+USER_isar[password] = "isar"
 
+USER_isar[flags] += "clear-text-password"
 
+
 
 # Uncomment the below line to debug WIC.
 
 # Uncomment the below line to debug WIC.
 
 # WIC_CREATE_EXTRA_ARGS += "-D"
 
 # WIC_CREATE_EXTRA_ARGS += "-D"

+ 7 - 3
meta/classes/image-account-extension.bbclass
View File 

@@ -8,7 +8,7 @@
 
 USERS ??= ""
 
 USERS ??= ""
 
 
 
 #USERS += "root"
 
 #USERS += "root"
 
-#USER_root[password] = "" # Encrypted password
 
+#USER_root[password] = "" # Encrypted password, or clear-text when [flags] = "clear-text-password"
 
 #USER_root[expire] = ""
 
 #USER_root[expire] = ""
 
 #USER_root[inactive] = ""
 
 #USER_root[inactive] = ""
 
 #USER_root[uid] = ""
 
 #USER_root[uid] = ""
 
@@ -17,7 +17,7 @@ USERS ??= ""
 
 #USER_root[home] = "/home/root"
 
 #USER_root[home] = "/home/root"
 
 #USER_root[shell] = "/bin/sh"
 
 #USER_root[shell] = "/bin/sh"
 
 #USER_root[groups] = "audio video"
 
 #USER_root[groups] = "audio video"
 
-#USER_root[flags] = "no-create-home create-home system allow-empty-password"
 
+#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password"
 
 
 
 GROUPS ??= ""
 
 GROUPS ??= ""
 
 
 
@@ -252,8 +252,12 @@ image_configure_accounts() {
 
 
 
         # Set password:
 
         # Set password:
 
         if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then
 
         if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then
 
+            chpasswd_args="-e"
 
+            if [ "${flags}" != "${flags%*,clear-text-password,*}" ]; then
 
+                chpasswd_args=""
 
+            fi
 
             printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \
 
             printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \
 
-                /usr/sbin/chpasswd -e
 
+                /usr/sbin/chpasswd $chpasswd_args
 
         fi
 
         fi
 
     done
 
     done
 
 }
 
 }