diff mbox series

[2/2] local.conf.sample: comment out the root-with-empty-password setting

Message ID 20251118165843.3674407-2-alex.kanavin@gmail.com
State New
Headers show
Series [1/2] local.conf.sample: do not set PACKAGE_CLASSES as it is matching oe-core's default | expand

Commit Message

Alexander Kanavin Nov. 18, 2025, 4:58 p.m. UTC 
From: Alexander Kanavin <alex@linutronix.de>

This was not a good default; the autobuilder relied on it, but this
has been fixed, there's now a separate fragment as well, and testimage
has a check for the needed image features. Let's take this out and
be more secure by default everywhere.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/conf/templates/default/local.conf.sample | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/meta/conf/templates/default/local.conf.sample b/meta/conf/templates/default/local.conf.sample
index 2639be3ddf1..fb6ed2c3bf2 100644
--- a/meta/conf/templates/default/local.conf.sample
+++ b/meta/conf/templates/default/local.conf.sample
@@ -122,8 +122,10 @@  MACHINE ??= "qemux86-64"
 # There are other features that can be used here too, see
 # meta/classes-recipe/image.bbclass and
 # meta/classes-recipe/core-image.bbclass for more details.
-# We default to allowing root login without a password for convenience.
-EXTRA_IMAGE_FEATURES ?= "allow-empty-password empty-root-password allow-root-login"
+#
+# The following will allow root login without a password for convenience.
+# Use with care, and never in product builds.
+#EXTRA_IMAGE_FEATURES ?= "allow-empty-password empty-root-password allow-root-login"
 
 #
 # Additional image features