diff mbox series

[isar-cip-core,RFC,1/1] image: Move root password

Message ID 20210118103704.18195-2-Quirin.Gylstorff@siemens.com (mailing list archive)
State Handled Elsewhere
Headers show
Series Move root password | expand

Commit Message

Quirin Gylstorff Jan. 18, 2021, 10:37 a.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

If cip-core is used upstream there is the possibility that the
root password is not set to a new value. Avoid this by moving the
password setting to the image.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 kas-cip.yml                                         | 4 ----
 recipes-core/images/cip-core-image-security.bb      | 3 +++
 recipes-core/images/cip-core-image.bb               | 8 +++++++-
 recipes-core/security-customizations/files/postinst | 6 ------
 4 files changed, 10 insertions(+), 11 deletions(-)
diff mbox series

Patch

diff --git a/kas-cip.yml b/kas-cip.yml
index 9514083..f2ed22e 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -41,7 +41,3 @@  local_conf_header:
     CONF_VERSION = "1"
   cross: |
     ISAR_CROSS_COMPILE = "1"
-  root_password: |
-    USERS += "root"
-    # 'root'
-    USER_root[password] = "oC3wEGl799tZU"
diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb
index 61ddc39..23219cb 100644
--- a/recipes-core/images/cip-core-image-security.bb
+++ b/recipes-core/images/cip-core-image-security.bb
@@ -11,6 +11,9 @@ 
 
 inherit image
 
+# for customization and root password
+require recipes-core/images/cip-core-image.bb
+
 DESCRIPTION = "CIP Core image including security packages"
 
 IMAGE_INSTALL += "security-customizations"
diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index 2cecde3..0f62edd 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -1,7 +1,7 @@ 
 #
 # CIP Core, generic profile
 #
-# Copyright (c) Siemens AG, 2019
+# Copyright (c) Siemens AG, 2019 - 2021
 #
 # Authors:
 #  Jan Kiszka <jan.kiszka@siemens.com>
@@ -11,6 +11,7 @@ 
 
 inherit image
 inherit image_uuid
+
 ISAR_RELEASE_CMD = "git -C ${LAYERDIR_cip-core} describe --tags --dirty --always --match 'v[0-9].[0-9]*'"
 DESCRIPTION = "CIP Core image"
 
@@ -19,3 +20,8 @@  IMAGE_INSTALL += "customizations"
 # for swupdate
 SWU_DESCRIPTION ??= "swupdate"
 include ${SWU_DESCRIPTION}.inc
+
+# add root user and set passwort
+USERS += "root"
+# 'root'
+USER_root[password] = "oC3wEGl799tZU"
diff --git a/recipes-core/security-customizations/files/postinst b/recipes-core/security-customizations/files/postinst
index 3699ba2..682ceec 100644
--- a/recipes-core/security-customizations/files/postinst
+++ b/recipes-core/security-customizations/files/postinst
@@ -4,12 +4,6 @@ 
 # Security Package configurations
 #
 
-echo "CIP Core Security Image (login: root/root)" > /etc/issue
-
-HOSTNAME=demo
-echo "$HOSTNAME" > /etc/hostname
-echo "127.0.0.1 $HOSTNAME" >> /etc/hosts
-
 # CR1.7: Strength of password-based authentication
 # Pam configuration to  enforce password strength
 PAM_PWD_FILE="/etc/pam.d/common-password"