* [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES @ 2016-11-23 7:49 Robert Yang 2016-11-23 7:49 ` [PATCH 1/2] rootfs-postcommands.bbclass: fix zap_empty_root_password Robert Yang ` (2 more replies) 0 siblings, 3 replies; 22+ messages in thread From: Robert Yang @ 2016-11-23 7:49 UTC (permalink / raw) To: openembedded-core Fixed 2 bugs: - Can't login as root when debug-tweaks/empty-root-password is not in IMAGE_FEATURES since no passwd. - When set root passwd and debug-tweaks/empty-root-password is in IMAGE_FEATURES, passwd is *required* to login. Filed https://bugzilla.yoctoproject.org/show_bug.cgi?id=10710, and marked doc changes required as yes. // Robert The following changes since commit a675b2c89e477af088faee9b3be96eae19a85f0b: sanity.bbclass: fix logging of an error (2016-11-15 15:18:50 +0000) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib rbt/root http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/root Robert Yang (2): rootfs-postcommands.bbclass: fix zap_empty_root_password base-passwd: set root's default password to 'root' meta/classes/rootfs-postcommands.bbclass | 8 ++++---- .../base-passwd/base-passwd/passwd_master.patch | 16 ++++++++++++++++ meta/recipes-core/base-passwd/base-passwd_3.5.29.bb | 1 + 3 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-core/base-passwd/base-passwd/passwd_master.patch -- 2.10.2 ^ permalink raw reply [flat|nested] 22+ messages in thread
* [PATCH 1/2] rootfs-postcommands.bbclass: fix zap_empty_root_password 2016-11-23 7:49 [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES Robert Yang @ 2016-11-23 7:49 ` Robert Yang 2016-11-23 7:49 ` [PATCH 2/2] base-passwd: set root's default password to 'root' Robert Yang 2016-11-30 3:15 ` [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES Robert Yang 2 siblings, 0 replies; 22+ messages in thread From: Robert Yang @ 2016-11-23 7:49 UTC (permalink / raw) To: openembedded-core [YOCTO #10710] The previous logic works when root passwd is blank, but it doesn't work when there is a root passws, for example: 1) Set a root passwd in base-passwd 2) IMAGE_FEATURES += "debug-tweaks" Start the target, it still requires passwd to login. Empty passwd if debug-tweaks is in IMAGE_FEATURES, else do nothing can fix problem. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- meta/classes/rootfs-postcommands.bbclass | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass index 0c7ceea..353dc4f 100644 --- a/meta/classes/rootfs-postcommands.bbclass +++ b/meta/classes/rootfs-postcommands.bbclass @@ -1,6 +1,6 @@ # Zap the root password if debug-tweaks feature is not enabled -ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ; ",d)}' +ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "empty_root_password ; ", "",d)}' # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks is enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password; ", "",d)}' @@ -105,12 +105,12 @@ read_only_rootfs_hook () { # # This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. # -zap_empty_root_password () { +empty_root_password () { if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then - sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow + sed -i 's%^root:[^:]*:%root::%' ${IMAGE_ROOTFS}/etc/shadow fi if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then - sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd + sed -i 's%^root:[^:]*:%root::%' ${IMAGE_ROOTFS}/etc/passwd fi } -- 2.10.2 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-23 7:49 [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES Robert Yang 2016-11-23 7:49 ` [PATCH 1/2] rootfs-postcommands.bbclass: fix zap_empty_root_password Robert Yang @ 2016-11-23 7:49 ` Robert Yang 2016-11-23 11:16 ` Patrick Ohly 2016-11-30 3:15 ` [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES Robert Yang 2 siblings, 1 reply; 22+ messages in thread From: Robert Yang @ 2016-11-23 7:49 UTC (permalink / raw) To: openembedded-core [YOCTO #10710] Otherwise, we can't login as root when debug-tweaks is not in IMAGE_FEATURES, and there is no other users to login by default, so there is no way to login. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- .../base-passwd/base-passwd/passwd_master.patch | 16 ++++++++++++++++ meta/recipes-core/base-passwd/base-passwd_3.5.29.bb | 1 + 2 files changed, 17 insertions(+) create mode 100644 meta/recipes-core/base-passwd/base-passwd/passwd_master.patch diff --git a/meta/recipes-core/base-passwd/base-passwd/passwd_master.patch b/meta/recipes-core/base-passwd/base-passwd/passwd_master.patch new file mode 100644 index 0000000..909c2a4 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/passwd_master.patch @@ -0,0 +1,16 @@ +Set root's default password to 'root' + +Upstream-Status: Inappropriate [OE config specific] + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> + +diff --git a/passwd.master b/passwd.master +index 82df9e5..c29e76d 100644 +--- a/passwd.master ++++ b/passwd.master +@@ -1,4 +1,4 @@ +-root::0:0:root:/root:/bin/sh ++root:6UZSjeWUui3JQ:0:0:root:/root:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/bin/sh + bin:*:2:2:bin:/bin:/bin/sh + sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb index 10457b2..a3477a1 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb @@ -12,6 +12,7 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar file://noshadow.patch \ file://input.patch \ file://disable-docs.patch \ + file://passwd_master.patch \ " SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421" -- 2.10.2 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-23 7:49 ` [PATCH 2/2] base-passwd: set root's default password to 'root' Robert Yang @ 2016-11-23 11:16 ` Patrick Ohly 2016-11-23 14:17 ` Burton, Ross 2016-11-24 2:01 ` Robert Yang 0 siblings, 2 replies; 22+ messages in thread From: Patrick Ohly @ 2016-11-23 11:16 UTC (permalink / raw) To: Robert Yang; +Cc: openembedded-core On Tue, 2016-11-22 at 23:49 -0800, Robert Yang wrote: > [YOCTO #10710] > > Otherwise, we can't login as root when debug-tweaks is not in > IMAGE_FEATURES, and there is no other users to login by default, so > there is no way to login. Wait a second, are you really suggesting that OE-core should have a default root password in its default configuration? That's very bad practice and I'm against doing it this way. Having a default password is one of the common vulnerabilities in actual devices on the market today. OE-core should make it hard to make that mistake, not actively introduce it. So if you think that having a root password set (instead of empty), then at least make it an opt-in behavior that explicitly has to be selected. Make it an image feature so that images with and without default password can be build in the same build configuration. Changing base-passwd doesn't achieve that. Even then I'm still wondering what the benefit of a well-known password compared to no password is. Both are equally insecure, so someone who wants to allow logins might as well go with "empty password". -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-23 11:16 ` Patrick Ohly @ 2016-11-23 14:17 ` Burton, Ross 2016-11-24 2:01 ` Robert Yang 1 sibling, 0 replies; 22+ messages in thread From: Burton, Ross @ 2016-11-23 14:17 UTC (permalink / raw) To: Patrick Ohly; +Cc: OE-core [-- Attachment #1: Type: text/plain, Size: 480 bytes --] On 23 November 2016 at 11:16, Patrick Ohly <patrick.ohly@intel.com> wrote: > Wait a second, are you really suggesting that OE-core should have a > default root password in its default configuration? > > That's very bad practice and I'm against doing it this way. Having a > default password is one of the common vulnerabilities in actual devices > on the market today. OE-core should make it hard to make that mistake, > not actively introduce it. > Agreed. Ross [-- Attachment #2: Type: text/html, Size: 905 bytes --] ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-23 11:16 ` Patrick Ohly 2016-11-23 14:17 ` Burton, Ross @ 2016-11-24 2:01 ` Robert Yang 2016-11-24 3:18 ` Paul Eggleton 2016-11-24 7:51 ` Mike Looijmans 1 sibling, 2 replies; 22+ messages in thread From: Robert Yang @ 2016-11-24 2:01 UTC (permalink / raw) To: Patrick Ohly; +Cc: openembedded-core On 11/23/2016 07:16 PM, Patrick Ohly wrote: > On Tue, 2016-11-22 at 23:49 -0800, Robert Yang wrote: >> [YOCTO #10710] >> >> Otherwise, we can't login as root when debug-tweaks is not in >> IMAGE_FEATURES, and there is no other users to login by default, so >> there is no way to login. > > Wait a second, are you really suggesting that OE-core should have a > default root password in its default configuration? > > That's very bad practice and I'm against doing it this way. Having a > default password is one of the common vulnerabilities in actual devices > on the market today. OE-core should make it hard to make that mistake, > not actively introduce it. > > So if you think that having a root password set (instead of empty), then > at least make it an opt-in behavior that explicitly has to be selected. > Make it an image feature so that images with and without default > password can be build in the same build configuration. Changing > base-passwd doesn't achieve that. > > Even then I'm still wondering what the benefit of a well-known password > compared to no password is. Both are equally insecure, so someone who > wants to allow logins might as well go with "empty password". The problem is that when debug-tweaks or empty-root-password is not in IMAGE_FEATURE, there is no way to login by default, which will surprise the user. How about: 1) Let user can set root passwd via a variable when building. Or/And 2) Warn the user at build time when the image is unable to login. // Robert > ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 2:01 ` Robert Yang @ 2016-11-24 3:18 ` Paul Eggleton 2016-11-24 3:38 ` Robert Yang 2016-11-24 7:51 ` Mike Looijmans 1 sibling, 1 reply; 22+ messages in thread From: Paul Eggleton @ 2016-11-24 3:18 UTC (permalink / raw) To: Robert Yang; +Cc: openembedded-core On Thu, 24 Nov 2016 10:01:59 Robert Yang wrote: > On 11/23/2016 07:16 PM, Patrick Ohly wrote: > > On Tue, 2016-11-22 at 23:49 -0800, Robert Yang wrote: > >> [YOCTO #10710] > >> > >> Otherwise, we can't login as root when debug-tweaks is not in > >> IMAGE_FEATURES, and there is no other users to login by default, so > >> there is no way to login. > > > > Wait a second, are you really suggesting that OE-core should have a > > default root password in its default configuration? > > > > That's very bad practice and I'm against doing it this way. Having a > > default password is one of the common vulnerabilities in actual devices > > on the market today. OE-core should make it hard to make that mistake, > > not actively introduce it. > > > > So if you think that having a root password set (instead of empty), then > > at least make it an opt-in behavior that explicitly has to be selected. > > Make it an image feature so that images with and without default > > password can be build in the same build configuration. Changing > > base-passwd doesn't achieve that. > > > > Even then I'm still wondering what the benefit of a well-known password > > compared to no password is. Both are equally insecure, so someone who > > wants to allow logins might as well go with "empty password". > > The problem is that when debug-tweaks or empty-root-password is not in > IMAGE_FEATURE, there is no way to login by default, which will surprise > the user. How about: > > 1) Let user can set root passwd via a variable when building. > > Or/And > > 2) Warn the user at build time when the image is unable to login. There are problems with both of these: 1) I'm concerned that by making it trivially easy this will encourage users to set a root password and forget they have done so. This may lead to yet more products going out with default root passwords, and that is not a good thing. 2) Having no root password in this scenario is not necessarily a mistake, it may be intentional. If nobody ever needs to log into your device via a terminal, then why would you need a root password set at all? In that scenario you wouldn't want to be implying "this could be wrong, you should set a root password". If we need more documentation around this so that people understand how this aspect works (and I don't doubt that we do, people do ask about it) then by all means we should improved the documentation. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 3:18 ` Paul Eggleton @ 2016-11-24 3:38 ` Robert Yang 2016-11-24 7:46 ` Patrick Ohly 0 siblings, 1 reply; 22+ messages in thread From: Robert Yang @ 2016-11-24 3:38 UTC (permalink / raw) To: Paul Eggleton; +Cc: openembedded-core On 11/24/2016 11:18 AM, Paul Eggleton wrote: > On Thu, 24 Nov 2016 10:01:59 Robert Yang wrote: >> On 11/23/2016 07:16 PM, Patrick Ohly wrote: >>> On Tue, 2016-11-22 at 23:49 -0800, Robert Yang wrote: >>>> [YOCTO #10710] >>>> >>>> Otherwise, we can't login as root when debug-tweaks is not in >>>> IMAGE_FEATURES, and there is no other users to login by default, so >>>> there is no way to login. >>> >>> Wait a second, are you really suggesting that OE-core should have a >>> default root password in its default configuration? >>> >>> That's very bad practice and I'm against doing it this way. Having a >>> default password is one of the common vulnerabilities in actual devices >>> on the market today. OE-core should make it hard to make that mistake, >>> not actively introduce it. >>> >>> So if you think that having a root password set (instead of empty), then >>> at least make it an opt-in behavior that explicitly has to be selected. >>> Make it an image feature so that images with and without default >>> password can be build in the same build configuration. Changing >>> base-passwd doesn't achieve that. >>> >>> Even then I'm still wondering what the benefit of a well-known password >>> compared to no password is. Both are equally insecure, so someone who >>> wants to allow logins might as well go with "empty password". >> >> The problem is that when debug-tweaks or empty-root-password is not in >> IMAGE_FEATURE, there is no way to login by default, which will surprise >> the user. How about: >> >> 1) Let user can set root passwd via a variable when building. >> >> Or/And >> >> 2) Warn the user at build time when the image is unable to login. > > There are problems with both of these: > > 1) I'm concerned that by making it trivially easy this will encourage users to > set a root password and forget they have done so. This may lead to yet more > products going out with default root passwords, and that is not a good thing. > > 2) Having no root password in this scenario is not necessarily a mistake, it > may be intentional. If nobody ever needs to log into your device via a > terminal, then why would you need a root password set at all? In that scenario > you wouldn't want to be implying "this could be wrong, you should set a root > password". Hi Paul, Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, and there is no passwd, so that user can login easily without a passwd, I think that current status is more unsafe ? And when user realizes this, he wants to add a passwd, but sorry, there is no easy way. The anaconda installer's (used by Redhat) kickstart file can easily sets a passwd, you can even set an un-encrypted password, are there many complains about that ? When people can get your device (hardware), it's hard to prevent people login you device. // Robert > > If we need more documentation around this so that people understand how this > aspect works (and I don't doubt that we do, people do ask about it) then by > all means we should improved the documentation. > > Cheers, > Paul > ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 3:38 ` Robert Yang @ 2016-11-24 7:46 ` Patrick Ohly 2016-11-24 8:27 ` Robert Yang ` (2 more replies) 0 siblings, 3 replies; 22+ messages in thread From: Patrick Ohly @ 2016-11-24 7:46 UTC (permalink / raw) To: Robert Yang; +Cc: Paul Eggleton, openembedded-core On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: > Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, and > there is no passwd, so that user can login easily without a passwd, I think > that current status is more unsafe ? Both well-known password and no password are unsafe. User "root" with password "root" is not even "more" safe already now, because tools that brute-force logins try that. Choosing something else would be a bit safer for a short while until the tools add it to their dictionary. Poky is also targeting a different audience than OE-core. Poky can assume to be used in a secure environment, OE-core can't (because it might be used for all kinds of devices). -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 7:46 ` Patrick Ohly @ 2016-11-24 8:27 ` Robert Yang 2016-11-24 14:09 ` Philip Balister 2016-11-24 18:59 ` Paul Eggleton 2 siblings, 0 replies; 22+ messages in thread From: Robert Yang @ 2016-11-24 8:27 UTC (permalink / raw) To: Patrick Ohly; +Cc: Paul Eggleton, openembedded-core On 11/24/2016 03:46 PM, Patrick Ohly wrote: > On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: >> Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, and >> there is no passwd, so that user can login easily without a passwd, I think >> that current status is more unsafe ? > > Both well-known password and no password are unsafe. User "root" with > password "root" is not even "more" safe already now, because tools that > brute-force logins try that. Choosing something else would be a bit > safer for a short while until the tools add it to their dictionary. I meant add an interface to let user can set their password here. // Robert > > Poky is also targeting a different audience than OE-core. Poky can > assume to be used in a secure environment, OE-core can't (because it > might be used for all kinds of devices). > ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 7:46 ` Patrick Ohly 2016-11-24 8:27 ` Robert Yang @ 2016-11-24 14:09 ` Philip Balister 2016-11-24 14:54 ` Patrick Ohly 2016-11-24 18:59 ` Paul Eggleton 2 siblings, 1 reply; 22+ messages in thread From: Philip Balister @ 2016-11-24 14:09 UTC (permalink / raw) To: Patrick Ohly, Robert Yang; +Cc: Paul Eggleton, openembedded-core On 11/24/2016 02:46 AM, Patrick Ohly wrote: > On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: >> Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, and >> there is no passwd, so that user can login easily without a passwd, I think >> that current status is more unsafe ? > > Both well-known password and no password are unsafe. User "root" with > password "root" is not even "more" safe already now, because tools that > brute-force logins try that. Choosing something else would be a bit > safer for a short while until the tools add it to their dictionary. > > Poky is also targeting a different audience than OE-core. Poky can > assume to be used in a secure environment, OE-core can't (because it > might be used for all kinds of devices). > That is the first time I've heard Poky is targeting an audience assumed to be running in a secure environment. Should we document what Poky this somewhere? From where I sit, this seems to be an odd limitation. Philip ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 14:09 ` Philip Balister @ 2016-11-24 14:54 ` Patrick Ohly 0 siblings, 0 replies; 22+ messages in thread From: Patrick Ohly @ 2016-11-24 14:54 UTC (permalink / raw) To: Philip Balister; +Cc: Paul Eggleton, openembedded-core On Thu, 2016-11-24 at 09:09 -0500, Philip Balister wrote: > On 11/24/2016 02:46 AM, Patrick Ohly wrote: > > On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: > >> Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, and > >> there is no passwd, so that user can login easily without a passwd, I think > >> that current status is more unsafe ? > > > > Both well-known password and no password are unsafe. User "root" with > > password "root" is not even "more" safe already now, because tools that > > brute-force logins try that. Choosing something else would be a bit > > safer for a short while until the tools add it to their dictionary. > > > > Poky is also targeting a different audience than OE-core. Poky can > > assume to be used in a secure environment, OE-core can't (because it > > might be used for all kinds of devices). > > > > That is the first time I've heard Poky is targeting an audience assumed > to be running in a secure environment. At least the default local.conf seems to be meant for that (easy-of-use for developers preferred over security in a hostile environment). > Should we document what Poky this > somewhere? From where I sit, this seems to be an odd limitation. I'm not aware of a document explicitly documenting this either. I wouldn't call it a limitation, though: a real product could be built with a configuration that doesn't enable debug-tweaks. As Paul said before, more documentation about first boot, login mechanisms, security considerations, etc. certainly would be useful. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 7:46 ` Patrick Ohly 2016-11-24 8:27 ` Robert Yang 2016-11-24 14:09 ` Philip Balister @ 2016-11-24 18:59 ` Paul Eggleton 2016-11-29 1:57 ` Khem Raj 2 siblings, 1 reply; 22+ messages in thread From: Paul Eggleton @ 2016-11-24 18:59 UTC (permalink / raw) To: Patrick Ohly, Robert Yang; +Cc: openembedded-core On Thu, 24 Nov 2016 08:46:29 Patrick Ohly wrote: > On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: > > Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, > > and > > there is no passwd, so that user can login easily without a passwd, I > > think > > that current status is more unsafe ? > > Both well-known password and no password are unsafe. User "root" with > password "root" is not even "more" safe already now, because tools that > brute-force logins try that. Choosing something else would be a bit > safer for a short while until the tools add it to their dictionary. > > Poky is also targeting a different audience than OE-core. Poky can > assume to be used in a secure environment, OE-core can't (because it > might be used for all kinds of devices). I don't think that's part of the design goals on either side, it's simply about making development easier. The feature is clearly labelled "debug- tweaks" because it's for debugging not for production. It could be that we should make it do other things like append a notice to /etc/issue to avoid people leaving it on for production, if that is a concern. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 18:59 ` Paul Eggleton @ 2016-11-29 1:57 ` Khem Raj 2016-11-29 2:45 ` Robert Yang 0 siblings, 1 reply; 22+ messages in thread From: Khem Raj @ 2016-11-29 1:57 UTC (permalink / raw) To: Paul Eggleton; +Cc: openembedded-core > On Nov 24, 2016, at 10:59 AM, Paul Eggleton <paul.eggleton@linux.intel.com> wrote: > > On Thu, 24 Nov 2016 08:46:29 Patrick Ohly wrote: >> On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: >>> Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, >>> and >>> there is no passwd, so that user can login easily without a passwd, I >>> think >>> that current status is more unsafe ? >> >> Both well-known password and no password are unsafe. User "root" with >> password "root" is not even "more" safe already now, because tools that >> brute-force logins try that. Choosing something else would be a bit >> safer for a short while until the tools add it to their dictionary. >> >> Poky is also targeting a different audience than OE-core. Poky can >> assume to be used in a secure environment, OE-core can't (because it >> might be used for all kinds of devices). > > I don't think that's part of the design goals on either side, it's simply > about making development easier. The feature is clearly labelled "debug- > tweaks" because it's for debugging not for production. It could be that we > should make it do other things like append a notice to /etc/issue to avoid > people leaving it on for production, if that is a concern. > Sometimes such goals can lead to problems. Making development easier by all means if you can ensure a hard error on production e.g. debug-tweaks can then never be part of production images. Otherwise someone will forget it and it will be discovered on millions of devices in field along with the user project will be red-faced. ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-29 1:57 ` Khem Raj @ 2016-11-29 2:45 ` Robert Yang 2016-11-29 3:45 ` Paul Eggleton 0 siblings, 1 reply; 22+ messages in thread From: Robert Yang @ 2016-11-29 2:45 UTC (permalink / raw) To: Khem Raj, Paul Eggleton; +Cc: openembedded-core On 11/29/2016 09:57 AM, Khem Raj wrote: > >> On Nov 24, 2016, at 10:59 AM, Paul Eggleton <paul.eggleton@linux.intel.com> wrote: >> >> On Thu, 24 Nov 2016 08:46:29 Patrick Ohly wrote: >>> On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: >>>> Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, >>>> and >>>> there is no passwd, so that user can login easily without a passwd, I >>>> think >>>> that current status is more unsafe ? >>> >>> Both well-known password and no password are unsafe. User "root" with >>> password "root" is not even "more" safe already now, because tools that >>> brute-force logins try that. Choosing something else would be a bit >>> safer for a short while until the tools add it to their dictionary. >>> >>> Poky is also targeting a different audience than OE-core. Poky can >>> assume to be used in a secure environment, OE-core can't (because it >>> might be used for all kinds of devices). >> >> I don't think that's part of the design goals on either side, it's simply >> about making development easier. The feature is clearly labelled "debug- >> tweaks" because it's for debugging not for production. It could be that we >> should make it do other things like append a notice to /etc/issue to avoid >> people leaving it on for production, if that is a concern. >> > > Sometimes such goals can lead to problems. Making development easier by > all means if you can ensure a hard error on production e.g. debug-tweaks can > then never be part of production images. Otherwise someone will forget it > and it will be discovered on millions of devices in field along with the user > project will be red-faced. Will something like IMAGE_FEATURES += "production" help here ? We may also need something like IMAGE_FEATURES += "test" to make it can work with -ctestimage. // Robert > ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-29 2:45 ` Robert Yang @ 2016-11-29 3:45 ` Paul Eggleton 2016-11-29 5:36 ` Robert Yang 0 siblings, 1 reply; 22+ messages in thread From: Paul Eggleton @ 2016-11-29 3:45 UTC (permalink / raw) To: Robert Yang, Khem Raj; +Cc: openembedded-core On Tue, 29 Nov 2016 10:45:51 Robert Yang wrote: > On 11/29/2016 09:57 AM, Khem Raj wrote: > >> On Nov 24, 2016, at 10:59 AM, Paul Eggleton > >> <paul.eggleton@linux.intel.com> wrote:>> > >> On Thu, 24 Nov 2016 08:46:29 Patrick Ohly wrote: > >>> On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: > >>>> Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, > >>>> and > >>>> there is no passwd, so that user can login easily without a passwd, I > >>>> think > >>>> that current status is more unsafe ? > >>> > >>> Both well-known password and no password are unsafe. User "root" with > >>> password "root" is not even "more" safe already now, because tools that > >>> brute-force logins try that. Choosing something else would be a bit > >>> safer for a short while until the tools add it to their dictionary. > >>> > >>> Poky is also targeting a different audience than OE-core. Poky can > >>> assume to be used in a secure environment, OE-core can't (because it > >>> might be used for all kinds of devices). > >> > >> I don't think that's part of the design goals on either side, it's simply > >> about making development easier. The feature is clearly labelled "debug- > >> tweaks" because it's for debugging not for production. It could be that > >> we > >> should make it do other things like append a notice to /etc/issue to > >> avoid > >> people leaving it on for production, if that is a concern. > > > > Sometimes such goals can lead to problems. Making development easier by > > all means if you can ensure a hard error on production e.g. debug-tweaks > > can then never be part of production images. Otherwise someone will > > forget it and it will be discovered on millions of devices in field along > > with the user project will be red-faced. Right. FWIW in mitigation I did write the raw material for the following section of the YP manuals, though I don't know how many people have ended up reading it: http://www.yoctoproject.org/docs/current/dev-manual/dev-manual.html#making-images-more-secure In there there is an explicit mention of disabling debug-tweaks. Looking around the place it could be that we need more warnings about this being on by default though. > Will something like IMAGE_FEATURES += "production" help here ? I'd like to see something like this - at least give the user some way of saying "I really am in production now, so error out on anything that I shouldn't be doing there". I wonder if it potentially goes further than just conflicting with things like debug-tweaks and empty-root-password. > We may also need something like IMAGE_FEATURES += "test" to make it can work > with -ctestimage. Not sure I follow your reasoning here - can you explain what this feature would do? Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-29 3:45 ` Paul Eggleton @ 2016-11-29 5:36 ` Robert Yang 2016-11-29 6:27 ` Paul Eggleton 0 siblings, 1 reply; 22+ messages in thread From: Robert Yang @ 2016-11-29 5:36 UTC (permalink / raw) To: Paul Eggleton, Khem Raj; +Cc: openembedded-core On 11/29/2016 11:45 AM, Paul Eggleton wrote: > On Tue, 29 Nov 2016 10:45:51 Robert Yang wrote: >> On 11/29/2016 09:57 AM, Khem Raj wrote: >>>> On Nov 24, 2016, at 10:59 AM, Paul Eggleton >>>> <paul.eggleton@linux.intel.com> wrote:>> >>>> On Thu, 24 Nov 2016 08:46:29 Patrick Ohly wrote: >>>>> On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: >>>>>> Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, >>>>>> and >>>>>> there is no passwd, so that user can login easily without a passwd, I >>>>>> think >>>>>> that current status is more unsafe ? >>>>> >>>>> Both well-known password and no password are unsafe. User "root" with >>>>> password "root" is not even "more" safe already now, because tools that >>>>> brute-force logins try that. Choosing something else would be a bit >>>>> safer for a short while until the tools add it to their dictionary. >>>>> >>>>> Poky is also targeting a different audience than OE-core. Poky can >>>>> assume to be used in a secure environment, OE-core can't (because it >>>>> might be used for all kinds of devices). >>>> >>>> I don't think that's part of the design goals on either side, it's simply >>>> about making development easier. The feature is clearly labelled "debug- >>>> tweaks" because it's for debugging not for production. It could be that >>>> we >>>> should make it do other things like append a notice to /etc/issue to >>>> avoid >>>> people leaving it on for production, if that is a concern. >>> >>> Sometimes such goals can lead to problems. Making development easier by >>> all means if you can ensure a hard error on production e.g. debug-tweaks >>> can then never be part of production images. Otherwise someone will >>> forget it and it will be discovered on millions of devices in field along >>> with the user project will be red-faced. > > Right. FWIW in mitigation I did write the raw material for the following > section of the YP manuals, though I don't know how many people have ended > up reading it: > > http://www.yoctoproject.org/docs/current/dev-manual/dev-manual.html#making-images-more-secure > > In there there is an explicit mention of disabling debug-tweaks. Looking > around the place it could be that we need more warnings about this being > on by default though. > >> Will something like IMAGE_FEATURES += "production" help here ? > > I'd like to see something like this - at least give the user some way of > saying "I really am in production now, so error out on anything that I > shouldn't be doing there". I wonder if it potentially goes further than > just conflicting with things like debug-tweaks and empty-root-password. > >> We may also need something like IMAGE_FEATURES += "test" to make it can work >> with -ctestimage. > > Not sure I follow your reasoning here - can you explain what this feature > would do? For example, the "bitbake <image> -ctestimage" requires a few pkgs installed, such as psplash-default, see the testcase in meta/lib/oeqa/runtime/smart.py: def test_smart_install(self): self.smart('remove -y psplash-default') self.smart('install -y psplash-default') The test would fail without psplash-default installed, and also it requires sshd installed on the target. When IMAGE_FETURES += "test", we can install these required packages, I'm not sure this is a good idea, or maybe we can enhance testimge.bbclass to do it. Another way to fix the problem might be not hardcode the package name. // Robert > > Cheers, > Paul > ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-29 5:36 ` Robert Yang @ 2016-11-29 6:27 ` Paul Eggleton 0 siblings, 0 replies; 22+ messages in thread From: Paul Eggleton @ 2016-11-29 6:27 UTC (permalink / raw) To: Robert Yang; +Cc: openembedded-core On Tue, 29 Nov 2016 13:36:58 Robert Yang wrote: > On 11/29/2016 11:45 AM, Paul Eggleton wrote: > > On Tue, 29 Nov 2016 10:45:51 Robert Yang wrote: > >> We may also need something like IMAGE_FEATURES += "test" to make it can > >> work with -ctestimage. > > > > Not sure I follow your reasoning here - can you explain what this feature > > would do? > > For example, the "bitbake <image> -ctestimage" requires a few pkgs > installed, such as psplash-default, see the testcase in > meta/lib/oeqa/runtime/smart.py: > > def test_smart_install(self): > self.smart('remove -y psplash-default') > self.smart('install -y psplash-default') > > The test would fail without psplash-default installed, and also it requires > sshd installed on the target. When IMAGE_FETURES += "test", we can install > these required packages, I'm not sure this is a good idea, or maybe we can > enhance testimge.bbclass to do it. Another way to fix the problem might be > not hardcode the package name. We have other means of dealing with that specifically - i.e. have the test skip itself if a package required for the test is not in the image. I think we already have examples of that. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 2/2] base-passwd: set root's default password to 'root' 2016-11-24 2:01 ` Robert Yang 2016-11-24 3:18 ` Paul Eggleton @ 2016-11-24 7:51 ` Mike Looijmans 1 sibling, 0 replies; 22+ messages in thread From: Mike Looijmans @ 2016-11-24 7:51 UTC (permalink / raw) To: openembedded-core On 24-11-16 03:01, Robert Yang wrote: > > > On 11/23/2016 07:16 PM, Patrick Ohly wrote: >> On Tue, 2016-11-22 at 23:49 -0800, Robert Yang wrote: >>> [YOCTO #10710] >>> >>> Otherwise, we can't login as root when debug-tweaks is not in >>> IMAGE_FEATURES, and there is no other users to login by default, so >>> there is no way to login. >> >> Wait a second, are you really suggesting that OE-core should have a >> default root password in its default configuration? >> >> That's very bad practice and I'm against doing it this way. Having a >> default password is one of the common vulnerabilities in actual devices >> on the market today. OE-core should make it hard to make that mistake, >> not actively introduce it. >> >> So if you think that having a root password set (instead of empty), then >> at least make it an opt-in behavior that explicitly has to be selected. >> Make it an image feature so that images with and without default >> password can be build in the same build configuration. Changing >> base-passwd doesn't achieve that. >> >> Even then I'm still wondering what the benefit of a well-known password >> compared to no password is. Both are equally insecure, so someone who >> wants to allow logins might as well go with "empty password". > > The problem is that when debug-tweaks or empty-root-password is not in > IMAGE_FEATURE, there is no way to login by default, which will surprise > the user. How about: We've used the following workaround for that in settop box images. Basically, what you want is that login as root without password is possible, since that can only be done from a local network connection or a serial port, which implies that you have physical access to the device anyway. But you do NOT want to be able to login using SSH with a blank password, because you'd typically forward that port from a router. So remove "debug-tweaks" but don't kill the logon: # Some features in image.bbclass we do NOT want, so override them # to be empty. We want to log in as root, but NOT via SSH. So we want # to live without debug-tweaks... zap_root_password () { true } > 1) Let user can set root passwd via a variable when building. > 2) Warn the user at build time when the image is unable to login. Setting a root password at build time is a very very very bad idea. It's only okay if there's ever going to be only one instance of your product in the world. It's much better to have a blank or missing password. At least that makes it possible to check whether the user has configured it already, like for SSH. By default, SSH won't let you in until you have a password or a keyfile, which allows your device to be hooked up to the internet without a "gap" where you could access it with a trivial password. Having written that, a bit more thought on the initial access is good. I for one would be glad to get rid of the aforementioned workaround. Kind regards, Mike Looijmans System Expert TOPIC Products Materiaalweg 4, NL-5681 RJ Best Postbus 440, NL-5680 AK Best Telefoon: +31 (0) 499 33 69 79 E-mail: mike.looijmans@topicproducts.com Website: www.topicproducts.com Please consider the environment before printing this e-mail ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES 2016-11-23 7:49 [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES Robert Yang 2016-11-23 7:49 ` [PATCH 1/2] rootfs-postcommands.bbclass: fix zap_empty_root_password Robert Yang 2016-11-23 7:49 ` [PATCH 2/2] base-passwd: set root's default password to 'root' Robert Yang @ 2016-11-30 3:15 ` Robert Yang 2016-11-30 9:28 ` ChenQi 2 siblings, 1 reply; 22+ messages in thread From: Robert Yang @ 2016-11-30 3:15 UTC (permalink / raw) To: openembedded-core, Paul Eggleton, Burton, Ross, Khem Raj, Mike Looijmans, Patrick Ohly Hello, According to the discussions, here are things that we may do, please feel free to give your comments. 1) Add an image feature like "production", which will conflict with debug-tweaks, and check for some common security issues ? 2) Add a way like ROOT_PASSWD to let user can set root passwd easily ? 3) Do nothing, leave it as the current status. // Robert On 11/23/2016 03:49 PM, Robert Yang wrote: > Fixed 2 bugs: > - Can't login as root when debug-tweaks/empty-root-password is not in > IMAGE_FEATURES since no passwd. > - When set root passwd and debug-tweaks/empty-root-password is in > IMAGE_FEATURES, passwd is *required* to login. > > Filed https://bugzilla.yoctoproject.org/show_bug.cgi?id=10710, and > marked doc changes required as yes. > > // Robert > > The following changes since commit a675b2c89e477af088faee9b3be96eae19a85f0b: > > sanity.bbclass: fix logging of an error (2016-11-15 15:18:50 +0000) > > are available in the git repository at: > > git://git.openembedded.org/openembedded-core-contrib rbt/root > http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/root > > Robert Yang (2): > rootfs-postcommands.bbclass: fix zap_empty_root_password > base-passwd: set root's default password to 'root' > > meta/classes/rootfs-postcommands.bbclass | 8 ++++---- > .../base-passwd/base-passwd/passwd_master.patch | 16 ++++++++++++++++ > meta/recipes-core/base-passwd/base-passwd_3.5.29.bb | 1 + > 3 files changed, 21 insertions(+), 4 deletions(-) > create mode 100644 meta/recipes-core/base-passwd/base-passwd/passwd_master.patch > ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES 2016-11-30 3:15 ` [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES Robert Yang @ 2016-11-30 9:28 ` ChenQi 2016-11-30 9:32 ` ChenQi 0 siblings, 1 reply; 22+ messages in thread From: ChenQi @ 2016-11-30 9:28 UTC (permalink / raw) To: openembedded-core We could make use of EXTRA_USERS_PARAMS here. More details are in meta/classes/extrausers.bbclass. I haven't tested it myself, but maybe lines below could work: INHERIT += "extrausers" EXTRA_USERS_PARAMS = "\ usermod -p 'root' root; \ " This info could also be found in local.conf.sample.extended. Best Regards, Chen Qi On 11/30/2016 11:15 AM, Robert Yang wrote: > Hello, > > According to the discussions, here are things that we may do, > please feel free to give your comments. > 1) Add an image feature like "production", which will conflict with > debug-tweaks, and check for some common security issues ? > > 2) Add a way like ROOT_PASSWD to let user can set root passwd easily ? > > 3) Do nothing, leave it as the current status. > > // Robert > > On 11/23/2016 03:49 PM, Robert Yang wrote: >> Fixed 2 bugs: >> - Can't login as root when debug-tweaks/empty-root-password is not in >> IMAGE_FEATURES since no passwd. >> - When set root passwd and debug-tweaks/empty-root-password is in >> IMAGE_FEATURES, passwd is *required* to login. >> >> Filed https://bugzilla.yoctoproject.org/show_bug.cgi?id=10710, and >> marked doc changes required as yes. >> >> // Robert >> >> The following changes since commit >> a675b2c89e477af088faee9b3be96eae19a85f0b: >> >> sanity.bbclass: fix logging of an error (2016-11-15 15:18:50 +0000) >> >> are available in the git repository at: >> >> git://git.openembedded.org/openembedded-core-contrib rbt/root >> http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/root >> >> Robert Yang (2): >> rootfs-postcommands.bbclass: fix zap_empty_root_password >> base-passwd: set root's default password to 'root' >> >> meta/classes/rootfs-postcommands.bbclass | 8 ++++---- >> .../base-passwd/base-passwd/passwd_master.patch | 16 >> ++++++++++++++++ >> meta/recipes-core/base-passwd/base-passwd_3.5.29.bb | 1 + >> 3 files changed, 21 insertions(+), 4 deletions(-) >> create mode 100644 >> meta/recipes-core/base-passwd/base-passwd/passwd_master.patch >> ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES 2016-11-30 9:28 ` ChenQi @ 2016-11-30 9:32 ` ChenQi 0 siblings, 0 replies; 22+ messages in thread From: ChenQi @ 2016-11-30 9:32 UTC (permalink / raw) To: openembedded-core On 11/30/2016 05:28 PM, ChenQi wrote: > We could make use of EXTRA_USERS_PARAMS here. > More details are in meta/classes/extrausers.bbclass. > > I haven't tested it myself, but maybe lines below could work: > INHERIT += "extrausers" > EXTRA_USERS_PARAMS = "\ > usermod -p 'root' root; \ > " > It should be '-P' instead of '-p'. We implement setting clear text password ourselves via allow-for-setting-password-in-clear-text.patch in shadow package. Regards, Chen Qi > This info could also be found in local.conf.sample.extended. > > Best Regards, > Chen Qi > > On 11/30/2016 11:15 AM, Robert Yang wrote: >> Hello, >> >> According to the discussions, here are things that we may do, >> please feel free to give your comments. >> 1) Add an image feature like "production", which will conflict with >> debug-tweaks, and check for some common security issues ? >> >> 2) Add a way like ROOT_PASSWD to let user can set root passwd easily ? >> >> 3) Do nothing, leave it as the current status. >> >> // Robert >> >> On 11/23/2016 03:49 PM, Robert Yang wrote: >>> Fixed 2 bugs: >>> - Can't login as root when debug-tweaks/empty-root-password is not in >>> IMAGE_FEATURES since no passwd. >>> - When set root passwd and debug-tweaks/empty-root-password is in >>> IMAGE_FEATURES, passwd is *required* to login. >>> >>> Filed https://bugzilla.yoctoproject.org/show_bug.cgi?id=10710, and >>> marked doc changes required as yes. >>> >>> // Robert >>> >>> The following changes since commit >>> a675b2c89e477af088faee9b3be96eae19a85f0b: >>> >>> sanity.bbclass: fix logging of an error (2016-11-15 15:18:50 +0000) >>> >>> are available in the git repository at: >>> >>> git://git.openembedded.org/openembedded-core-contrib rbt/root >>> http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/root >>> >>> >>> Robert Yang (2): >>> rootfs-postcommands.bbclass: fix zap_empty_root_password >>> base-passwd: set root's default password to 'root' >>> >>> meta/classes/rootfs-postcommands.bbclass | 8 ++++---- >>> .../base-passwd/base-passwd/passwd_master.patch | 16 >>> ++++++++++++++++ >>> meta/recipes-core/base-passwd/base-passwd_3.5.29.bb | 1 + >>> 3 files changed, 21 insertions(+), 4 deletions(-) >>> create mode 100644 >>> meta/recipes-core/base-passwd/base-passwd/passwd_master.patch >>> > ^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2016-11-30 9:31 UTC | newest] Thread overview: 22+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-11-23 7:49 [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES Robert Yang 2016-11-23 7:49 ` [PATCH 1/2] rootfs-postcommands.bbclass: fix zap_empty_root_password Robert Yang 2016-11-23 7:49 ` [PATCH 2/2] base-passwd: set root's default password to 'root' Robert Yang 2016-11-23 11:16 ` Patrick Ohly 2016-11-23 14:17 ` Burton, Ross 2016-11-24 2:01 ` Robert Yang 2016-11-24 3:18 ` Paul Eggleton 2016-11-24 3:38 ` Robert Yang 2016-11-24 7:46 ` Patrick Ohly 2016-11-24 8:27 ` Robert Yang 2016-11-24 14:09 ` Philip Balister 2016-11-24 14:54 ` Patrick Ohly 2016-11-24 18:59 ` Paul Eggleton 2016-11-29 1:57 ` Khem Raj 2016-11-29 2:45 ` Robert Yang 2016-11-29 3:45 ` Paul Eggleton 2016-11-29 5:36 ` Robert Yang 2016-11-29 6:27 ` Paul Eggleton 2016-11-24 7:51 ` Mike Looijmans 2016-11-30 3:15 ` [PATCH 0/2] fix can't login when debug-tweaks is not in IMAGE_FEATURES Robert Yang 2016-11-30 9:28 ` ChenQi 2016-11-30 9:32 ` ChenQi
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.