| Message ID | 20251029120835.4075555-4-alex.kanavin@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [1/6] bbconfigbuild/configfragments.py: run discover_fragments() only once when enabling them | expand |
Hello, Le mer. 29 oct. 2025 à 12:09, Alexander Kanavin via lists.openembedded.org <alex.kanavin=gmail.com@lists.openembedded.org> a écrit : > From: Alexander Kanavin <alex@linutronix.de> > > Please see this for background/some discussion: > https://lists.openembedded.org/g/openembedded-architecture/topic/115913545 > > Care should be taken to not enable this by default, and especially not for > production images. Poky and oe-core default templates did it, and it was > not a good starting point. Hopefully the fragment name, and the description > that users will see when enabling the fragment will provide enough warning. > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > --- > .../fragments/yocto/root-login-without-password.conf | 10 ++++++++++ > 1 file changed, 10 insertions(+) > create mode 100644 > meta/conf/fragments/yocto/root-login-without-password.conf > > diff --git a/meta/conf/fragments/yocto/root-login-without-password.conf > b/meta/conf/fragments/yocto/root-login-without-password.conf > new file mode 100644 > index 00000000000..e3857fc44b4 > --- /dev/null > +++ b/meta/conf/fragments/yocto/root-login-without-password.conf > @@ -0,0 +1,10 @@ > +BB_CONF_FRAGMENT_SUMMARY = "Log in as root without password on serial > console and over ssh (use with caution)." > +BB_CONF_FRAGMENT_DESCRIPTION = "By default images are built such that > root login is disabled \ > +(which is the preferred, secure default). However, for testing and > development purposes it can \ > +be beneficial to be able to log in as root, both on serial console and > over ssh connections, \ > +which is what this fragment enables. Use with great cauion, and ideally > only in tightly \ Small typo au "caution" here +controlled local builds and CI testing environments, and never in > artefacts that are deployed \ > +into products. \ > +" > + > +EXTRA_IMAGE_FEATURES += "allow-empty-password empty-root-password > allow-root-login" > -- > 2.39.5 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#225452): > https://lists.openembedded.org/g/openembedded-core/message/225452 > Mute This Topic: https://lists.openembedded.org/mt/116010925/4316185 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > yoann.congal@smile.fr] > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/conf/fragments/yocto/root-login-without-password.conf b/meta/conf/fragments/yocto/root-login-without-password.conf new file mode 100644 index 00000000000..e3857fc44b4 --- /dev/null +++ b/meta/conf/fragments/yocto/root-login-without-password.conf @@ -0,0 +1,10 @@ +BB_CONF_FRAGMENT_SUMMARY = "Log in as root without password on serial console and over ssh (use with caution)." +BB_CONF_FRAGMENT_DESCRIPTION = "By default images are built such that root login is disabled \ +(which is the preferred, secure default). However, for testing and development purposes it can \ +be beneficial to be able to log in as root, both on serial console and over ssh connections, \ +which is what this fragment enables. Use with great cauion, and ideally only in tightly \ +controlled local builds and CI testing environments, and never in artefacts that are deployed \ +into products. \ +" + +EXTRA_IMAGE_FEATURES += "allow-empty-password empty-root-password allow-root-login"