[isar-cip-core][RFC 1/1] image: Move root password


Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

If cip-core is used upstream there is the possibility that the
root password is not set to a new value. Avoid this by moving the
password setting to the image.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas-cip.yml | 4 ----
recipes-core/images/cip-core-image-security.bb | 3 +++
recipes-core/images/cip-core-image.bb | 8 +++++++-
recipes-core/security-customizations/files/postinst | 6 ------
4 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/kas-cip.yml b/kas-cip.yml
index 9514083..f2ed22e 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -41,7 +41,3 @@ local_conf_header:
CONF_VERSION = "1"
cross: |
ISAR_CROSS_COMPILE = "1"
- root_password: |
- USERS += "root"
- # 'root'
- USER_root[password] = "oC3wEGl799tZU"
diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb
index 61ddc39..23219cb 100644
--- a/recipes-core/images/cip-core-image-security.bb
+++ b/recipes-core/images/cip-core-image-security.bb
@@ -11,6 +11,9 @@

inherit image

+# for customization and root password
+require recipes-core/images/cip-core-image.bb
+
DESCRIPTION = "CIP Core image including security packages"

IMAGE_INSTALL += "security-customizations"
diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index 2cecde3..0f62edd 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -1,7 +1,7 @@
#
# CIP Core, generic profile
#
-# Copyright (c) Siemens AG, 2019
+# Copyright (c) Siemens AG, 2019 - 2021
#
# Authors:
# Jan Kiszka <jan.kiszka@...>
@@ -11,6 +11,7 @@

inherit image
inherit image_uuid
+
ISAR_RELEASE_CMD = "git -C ${LAYERDIR_cip-core} describe --tags --dirty --always --match 'v[0-9].[0-9]*'"
DESCRIPTION = "CIP Core image"

@@ -19,3 +20,8 @@ IMAGE_INSTALL += "customizations"
# for swupdate
SWU_DESCRIPTION ??= "swupdate"
include ${SWU_DESCRIPTION}.inc
+
+# add root user and set passwort
+USERS += "root"
+# 'root'
+USER_root[password] = "oC3wEGl799tZU"
diff --git a/recipes-core/security-customizations/files/postinst b/recipes-core/security-customizations/files/postinst
index 3699ba2..682ceec 100644
--- a/recipes-core/security-customizations/files/postinst
+++ b/recipes-core/security-customizations/files/postinst
@@ -4,12 +4,6 @@
# Security Package configurations
#

-echo "CIP Core Security Image (login: root/root)" > /etc/issue
-
-HOSTNAME=demo
-echo "$HOSTNAME" > /etc/hostname
-echo "127.0.0.1 $HOSTNAME" >> /etc/hosts
-
# CR1.7: Strength of password-based authentication
# Pam configuration to enforce password strength
PAM_PWD_FILE="/etc/pam.d/common-password"
--
2.20.1

Join cip-dev@lists.cip-project.org to automatically receive all group messages.