Message ID | 20220615162207.1153708-1-michael.opdenacker@bootlin.com |
---|---|
State | New |
Headers | show |
Series | ref-manual: correct description of empty-root-passwd in IMAGE_FEATURES | expand |
Hi Michael, On 6/15/22 18:22, Michael Opdenacker via lists.yoctoproject.org wrote: > From: Michael Opdenacker <michael.opdenacker@bootlin.com> > > "empty-root-passwd" doesn't actually set an empty root password. > It just doesn't touch the initial root password which is empty by default. > I'm not sure we should care about the implementation details in the docs. > Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> > --- > documentation/ref-manual/features.rst | 15 +++++++++++++-- > 1 file changed, 13 insertions(+), 2 deletions(-) > > diff --git a/documentation/ref-manual/features.rst b/documentation/ref-manual/features.rst > index f7abb417ba..76bb3bceac 100644 > --- a/documentation/ref-manual/features.rst > +++ b/documentation/ref-manual/features.rst > @@ -216,8 +216,19 @@ Here are the image features available for all images: > - *doc-pkgs:* Installs documentation packages for all packages > installed in a given image. > > -- *empty-root-password:* Sets the root password to an empty string, > - which allows logins with a blank password. > +- *empty-root-password:* This feature or ``debug-tweaks`` is required if > + you want to allow root login with an empty password. If these features > + are not present in :term:`IMAGE_FEATURES`, a non-empty password is > + forced in ``/etc/passwd`` and ``/etc/shadow`` if such files exist. > + I guess the two important pieces of information there are: - debug-tweaks enables empty-root-password? Can we add this info to debug-tweaks paragraph/section? - if neither are set, a random password is generated during build for the root user? > + .. note:: > + ``empty-root-passwd`` doesn't set an empty root password by itself. > + You get an initial empty root password thanks to the > + :oe_git:`base-passwd </openembedded-core/tree/meta/recipes-core/base-passwd/>` > + and :oe_git:`shadow </openembedded-core/tree/meta/recipes-extended/shadow/>` > + recipes, and the presence of ``empty-root-passwd`` or ``debug-tweaks`` > + just disables the mechanism which forces an non-empty password for the > + root user. > I'm not sure this kind of information has its place in the docs? Cheers, Quentin
diff --git a/documentation/ref-manual/features.rst b/documentation/ref-manual/features.rst index f7abb417ba..76bb3bceac 100644 --- a/documentation/ref-manual/features.rst +++ b/documentation/ref-manual/features.rst @@ -216,8 +216,19 @@ Here are the image features available for all images: - *doc-pkgs:* Installs documentation packages for all packages installed in a given image. -- *empty-root-password:* Sets the root password to an empty string, - which allows logins with a blank password. +- *empty-root-password:* This feature or ``debug-tweaks`` is required if + you want to allow root login with an empty password. If these features + are not present in :term:`IMAGE_FEATURES`, a non-empty password is + forced in ``/etc/passwd`` and ``/etc/shadow`` if such files exist. + + .. note:: + ``empty-root-passwd`` doesn't set an empty root password by itself. + You get an initial empty root password thanks to the + :oe_git:`base-passwd </openembedded-core/tree/meta/recipes-core/base-passwd/>` + and :oe_git:`shadow </openembedded-core/tree/meta/recipes-extended/shadow/>` + recipes, and the presence of ``empty-root-passwd`` or ``debug-tweaks`` + just disables the mechanism which forces an non-empty password for the + root user. - *overlayfs-etc:* Configures the ``/etc`` directory to be in ``overlayfs``. This allows to store device specific information elsewhere, especially