* Re: [OE-core] [PATCH 1/1] extrausers: Add ability to force password change on first login
2021-03-08 18:08 ` [PATCH 1/1] extrausers: Add ability to force password change on first login Mark Hatle
@ 2021-03-08 18:50 ` Khem Raj
2021-03-08 19:11 ` Mark Hatle
2021-03-09 2:02 ` Chen Qi
2021-03-09 9:15 ` [OE-core] " Quentin Schulz
2 siblings, 1 reply; 9+ messages in thread
From: Khem Raj @ 2021-03-08 18:50 UTC (permalink / raw)
To: Mark Hatle, openembedded-core
On 3/8/21 10:08 AM, Mark Hatle wrote:
> From: Mark Hatle <mark.hatle@xilinx.com>
>
> As documented in shadow(5), the third parameter is the last login time. A
> special value of '0' is defined which causes the password system to force
> a password change on next login.
>
> Adding the variable "EXTRA_FORCE_PASSWORD_CHANGE", a space separated list of
> user names, we can use this to adjust the shadow file's third value for the
> listed users.
>
> Note: This does have the same dependencies as other usages of extrausers,
> specifically base-passwd and shadow.
>
I think it should check for r/w rootfs feature perhaps. unrelated to
this change but it seems it adds a dep on shadow disregarding DISTRO
policies where user might have chosen a different login managager, it
should perhaps warn about it.
> Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
> ---
> meta/classes/extrausers.bbclass | 29 +++++++++++++++++++++++++++--
> meta/conf/documentation.conf | 1 +
> 2 files changed, 28 insertions(+), 2 deletions(-)
>
> diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass
> index 90811bfe2a..e9d9358bef 100644
> --- a/meta/classes/extrausers.bbclass
> +++ b/meta/classes/extrausers.bbclass
> @@ -14,10 +14,10 @@
>
> inherit useradd_base
>
> -PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
> +PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS')) or bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
>
> # Image level user / group settings
> -ROOTFS_POSTPROCESS_COMMAND_append = " set_user_group;"
> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', ' set_user_group;'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
>
> # Image level user / group settings
> set_user_group () {
> @@ -66,6 +66,31 @@ set_user_group () {
> done
> }
>
> +# Image level force a specific user/users to reset their password on first login
> +# Note: this requires shadow passwords and login programs that respect the shadow
> +# expiration field.
> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', ' force_password_change;'][bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
> +
> +# Works by setting 'date of last password change' to 0, which has a special
> +# meaning of 'user should change her password the next time she will log in the
> +# system' See: shadow (5)
> +force_password_change () {
> + if [ ! -e ${IMAGE_ROOTFS}/etc/shadow ]; then
> + bberror "/etc/shadow does not exist in the image, unable to set password change on login."
> + return
> + fi
> + passwd_change_users="${EXTRA_FORCE_PASSWORD_CHANGE}"
> + export PSEUDO="${FAKEROOTENV} ${STAGING_DIR_NATIVE}${bindir}/pseudo"
> + for name in $passwd_change_users; do
> + if ! grep -q '^'$name':' ${IMAGE_ROOTFS}/etc/shadow ; then
> + bberror "Unable to find user $name in /etc/shadow, unable to set password change on login."
> + fi
> + bbnote "Set user $name to need a password change on first login."
> + cmd="sed -i ${IMAGE_ROOTFS}/etc/shadow -e 's,^'$name':\\([^:]*\\):[^:]*:,'$name':\\1:0:,'"
> + eval flock -x ${IMAGE_ROOTFS}${sysconfdir} -c \"$PSEUDO $cmd\" || true
> + done
> +}
> +
> USERADDEXTENSION ?= ""
>
> inherit ${USERADDEXTENSION}
> diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
> index c5a38b0764..d1c5b8b1a3 100644
> --- a/meta/conf/documentation.conf
> +++ b/meta/conf/documentation.conf
> @@ -169,6 +169,7 @@ EXTRA_OESCONS[doc] = "When a recipe inherits the scons class, this variable spec
> EXTRA_QMAKEVARS_POST[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be after the .pro file list on the command line."
> EXTRA_QMAKEVARS_PRE[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be before the .pro file list on the command line."
> EXTRA_USERS_PARAMS[doc] = "When a recipe inherits the extrausers class, this variable provides image level user and group operations."
> +EXTRA_FORCE_PASSWORD_CHANGE[doc] = "When a recipe inherits the extrausers class, this variable causes the specified users to require a password change on first login."
>
> #F
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 1/1] extrausers: Add ability to force password change on first login
2021-03-08 18:50 ` [OE-core] " Khem Raj
@ 2021-03-08 19:11 ` Mark Hatle
0 siblings, 0 replies; 9+ messages in thread
From: Mark Hatle @ 2021-03-08 19:11 UTC (permalink / raw)
To: Khem Raj, openembedded-core
On 3/8/21 12:50 PM, Khem Raj wrote:
>
>
> On 3/8/21 10:08 AM, Mark Hatle wrote:
>> From: Mark Hatle <mark.hatle@xilinx.com>
>>
>> As documented in shadow(5), the third parameter is the last login time. A
>> special value of '0' is defined which causes the password system to force
>> a password change on next login.
>>
>> Adding the variable "EXTRA_FORCE_PASSWORD_CHANGE", a space separated list of
>> user names, we can use this to adjust the shadow file's third value for the
>> listed users.
>>
>> Note: This does have the same dependencies as other usages of extrausers,
>> specifically base-passwd and shadow.
>>
>
> I think it should check for r/w rootfs feature perhaps. unrelated to
Is there a standard way to check for a r/w roots? If there is, easy to add.
> this change but it seems it adds a dep on shadow disregarding DISTRO
> policies where user might have chosen a different login managager, it
> should perhaps warn about it.
The dep on shadow is the same as any extrauser call. The dependency sets the
minimum login manager, but any login manager that supports proper shadow
password handling will work. If it doesn't support shadow password handling
then nothing breaks -- it just won't do anything. (Really nothing here that can
be enforced in this code block.)
util-linux login + pam for instance used to work. (I've not tested it though in
a few years.)
--Mark
>> Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
>> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
>> ---
>> meta/classes/extrausers.bbclass | 29 +++++++++++++++++++++++++++--
>> meta/conf/documentation.conf | 1 +
>> 2 files changed, 28 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass
>> index 90811bfe2a..e9d9358bef 100644
>> --- a/meta/classes/extrausers.bbclass
>> +++ b/meta/classes/extrausers.bbclass
>> @@ -14,10 +14,10 @@
>>
>> inherit useradd_base
>>
>> -PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
>> +PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS')) or bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
>>
>> # Image level user / group settings
>> -ROOTFS_POSTPROCESS_COMMAND_append = " set_user_group;"
>> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', ' set_user_group;'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
>>
>> # Image level user / group settings
>> set_user_group () {
>> @@ -66,6 +66,31 @@ set_user_group () {
>> done
>> }
>>
>> +# Image level force a specific user/users to reset their password on first login
>> +# Note: this requires shadow passwords and login programs that respect the shadow
>> +# expiration field.
>> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', ' force_password_change;'][bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
>> +
>> +# Works by setting 'date of last password change' to 0, which has a special
>> +# meaning of 'user should change her password the next time she will log in the
>> +# system' See: shadow (5)
>> +force_password_change () {
>> + if [ ! -e ${IMAGE_ROOTFS}/etc/shadow ]; then
>> + bberror "/etc/shadow does not exist in the image, unable to set password change on login."
>> + return
>> + fi
>> + passwd_change_users="${EXTRA_FORCE_PASSWORD_CHANGE}"
>> + export PSEUDO="${FAKEROOTENV} ${STAGING_DIR_NATIVE}${bindir}/pseudo"
>> + for name in $passwd_change_users; do
>> + if ! grep -q '^'$name':' ${IMAGE_ROOTFS}/etc/shadow ; then
>> + bberror "Unable to find user $name in /etc/shadow, unable to set password change on login."
>> + fi
>> + bbnote "Set user $name to need a password change on first login."
>> + cmd="sed -i ${IMAGE_ROOTFS}/etc/shadow -e 's,^'$name':\\([^:]*\\):[^:]*:,'$name':\\1:0:,'"
>> + eval flock -x ${IMAGE_ROOTFS}${sysconfdir} -c \"$PSEUDO $cmd\" || true
>> + done
>> +}
>> +
>> USERADDEXTENSION ?= ""
>>
>> inherit ${USERADDEXTENSION}
>> diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
>> index c5a38b0764..d1c5b8b1a3 100644
>> --- a/meta/conf/documentation.conf
>> +++ b/meta/conf/documentation.conf
>> @@ -169,6 +169,7 @@ EXTRA_OESCONS[doc] = "When a recipe inherits the scons class, this variable spec
>> EXTRA_QMAKEVARS_POST[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be after the .pro file list on the command line."
>> EXTRA_QMAKEVARS_PRE[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be before the .pro file list on the command line."
>> EXTRA_USERS_PARAMS[doc] = "When a recipe inherits the extrausers class, this variable provides image level user and group operations."
>> +EXTRA_FORCE_PASSWORD_CHANGE[doc] = "When a recipe inherits the extrausers class, this variable causes the specified users to require a password change on first login."
>>
>> #F
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 1/1] extrausers: Add ability to force password change on first login
2021-03-08 18:08 ` [PATCH 1/1] extrausers: Add ability to force password change on first login Mark Hatle
2021-03-08 18:50 ` [OE-core] " Khem Raj
@ 2021-03-09 2:02 ` Chen Qi
2021-03-09 18:46 ` Mark Hatle
2021-03-09 9:15 ` [OE-core] " Quentin Schulz
2 siblings, 1 reply; 9+ messages in thread
From: Chen Qi @ 2021-03-09 2:02 UTC (permalink / raw)
To: Mark Hatle, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 4197 bytes --]
Hi Mark,
Is it something similar to 'passwd-expire' in this extrausers.bbclass?
Best Regards,
Chen Qi
On 03/09/2021 02:08 AM, Mark Hatle wrote:
> As documented in shadow(5), the third parameter is the last login time. A
> special value of '0' is defined which causes the password system to force
> a password change on next login.
>
> Adding the variable "EXTRA_FORCE_PASSWORD_CHANGE", a space separated list of
> user names, we can use this to adjust the shadow file's third value for the
> listed users.
>
> Note: This does have the same dependencies as other usages of extrausers,
> specifically base-passwd and shadow.
>
> Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
> ---
> meta/classes/extrausers.bbclass | 29 +++++++++++++++++++++++++++--
> meta/conf/documentation.conf | 1 +
> 2 files changed, 28 insertions(+), 2 deletions(-)
>
> diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass
> index 90811bfe2a..e9d9358bef 100644
> --- a/meta/classes/extrausers.bbclass
> +++ b/meta/classes/extrausers.bbclass
> @@ -14,10 +14,10 @@
>
> inherit useradd_base
>
> -PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
> +PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS')) or bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
>
> # Image level user / group settings
> -ROOTFS_POSTPROCESS_COMMAND_append = " set_user_group;"
> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', ' set_user_group;'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
>
> # Image level user / group settings
> set_user_group () {
> @@ -66,6 +66,31 @@ set_user_group () {
> done
> }
>
> +# Image level force a specific user/users to reset their password on first login
> +# Note: this requires shadow passwords and login programs that respect the shadow
> +# expiration field.
> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', ' force_password_change;'][bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
> +
> +# Works by setting 'date of last password change' to 0, which has a special
> +# meaning of 'user should change her password the next time she will log in the
> +# system' See: shadow (5)
> +force_password_change () {
> + if [ ! -e ${IMAGE_ROOTFS}/etc/shadow ]; then
> + bberror "/etc/shadow does not exist in the image, unable to set password change on login."
> + return
> + fi
> + passwd_change_users="${EXTRA_FORCE_PASSWORD_CHANGE}"
> + export PSEUDO="${FAKEROOTENV} ${STAGING_DIR_NATIVE}${bindir}/pseudo"
> + for name in $passwd_change_users; do
> + if ! grep -q '^'$name':' ${IMAGE_ROOTFS}/etc/shadow ; then
> + bberror "Unable to find user $name in /etc/shadow, unable to set password change on login."
> + fi
> + bbnote "Set user $name to need a password change on first login."
> + cmd="sed -i ${IMAGE_ROOTFS}/etc/shadow -e 's,^'$name':\\([^:]*\\):[^:]*:,'$name':\\1:0:,'"
> + eval flock -x ${IMAGE_ROOTFS}${sysconfdir} -c \"$PSEUDO $cmd\" || true
> + done
> +}
> +
> USERADDEXTENSION ?= ""
>
> inherit ${USERADDEXTENSION}
> diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
> index c5a38b0764..d1c5b8b1a3 100644
> --- a/meta/conf/documentation.conf
> +++ b/meta/conf/documentation.conf
> @@ -169,6 +169,7 @@ EXTRA_OESCONS[doc] = "When a recipe inherits the scons class, this variable spec
> EXTRA_QMAKEVARS_POST[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be after the .pro file list on the command line."
> EXTRA_QMAKEVARS_PRE[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be before the .pro file list on the command line."
> EXTRA_USERS_PARAMS[doc] = "When a recipe inherits the extrausers class, this variable provides image level user and group operations."
> +EXTRA_FORCE_PASSWORD_CHANGE[doc] = "When a recipe inherits the extrausers class, this variable causes the specified users to require a password change on first login."
>
> #F
>
>
>
>
>
[-- Attachment #2: Type: text/html, Size: 5168 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 1/1] extrausers: Add ability to force password change on first login
2021-03-09 2:02 ` Chen Qi
@ 2021-03-09 18:46 ` Mark Hatle
2022-05-24 20:37 ` Livius
0 siblings, 1 reply; 9+ messages in thread
From: Mark Hatle @ 2021-03-09 18:46 UTC (permalink / raw)
To: Chen Qi, openembedded-core; +Cc: Quentin Schulz
On 3/8/21 8:02 PM, Chen Qi wrote:
> Hi Mark,
>
> Is it something similar to 'passwd-expire' in this extrausers.bbclass?
I wasn't aware of that evening existing. Yes it looks like it does the same thing.
I can withdraw my change then, but we may want to considering adding something
to the documentation about security practices. For accounts that are created by
the build system, it's best practices to either not make them able to be logged
in with (login locked out '-P *' on the adduser) or force the password to be
reset on next login (using passwd-expire).
--Mark
> Best Regards,
> Chen Qi
>
> On 03/09/2021 02:08 AM, Mark Hatle wrote:
>> As documented in shadow(5), the third parameter is the last login time. A
>> special value of '0' is defined which causes the password system to force
>> a password change on next login.
>>
>> Adding the variable "EXTRA_FORCE_PASSWORD_CHANGE", a space separated list of
>> user names, we can use this to adjust the shadow file's third value for the
>> listed users.
>>
>> Note: This does have the same dependencies as other usages of extrausers,
>> specifically base-passwd and shadow.
>>
>> Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
>> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
>> ---
>> meta/classes/extrausers.bbclass | 29 +++++++++++++++++++++++++++--
>> meta/conf/documentation.conf | 1 +
>> 2 files changed, 28 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass
>> index 90811bfe2a..e9d9358bef 100644
>> --- a/meta/classes/extrausers.bbclass
>> +++ b/meta/classes/extrausers.bbclass
>> @@ -14,10 +14,10 @@
>>
>> inherit useradd_base
>>
>> -PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
>> +PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS')) or bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
>>
>> # Image level user / group settings
>> -ROOTFS_POSTPROCESS_COMMAND_append = " set_user_group;"
>> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', ' set_user_group;'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
>>
>> # Image level user / group settings
>> set_user_group () {
>> @@ -66,6 +66,31 @@ set_user_group () {
>> done
>> }
>>
>> +# Image level force a specific user/users to reset their password on first login
>> +# Note: this requires shadow passwords and login programs that respect the shadow
>> +# expiration field.
>> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', '
>> force_password_change;'][bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
>> +
>> +# Works by setting 'date of last password change' to 0, which has a special
>> +# meaning of 'user should change her password the next time she will log in the
>> +# system' See: shadow (5)
>> +force_password_change () {
>> + if [ ! -e ${IMAGE_ROOTFS}/etc/shadow ]; then
>> + bberror "/etc/shadow does not exist in the image, unable to set password change on login."
>> + return
>> + fi
>> + passwd_change_users="${EXTRA_FORCE_PASSWORD_CHANGE}"
>> + export PSEUDO="${FAKEROOTENV} ${STAGING_DIR_NATIVE}${bindir}/pseudo"
>> + for name in $passwd_change_users; do
>> + if ! grep -q '^'$name':' ${IMAGE_ROOTFS}/etc/shadow ; then
>> + bberror "Unable to find user $name in /etc/shadow, unable to set password change on login."
>> + fi
>> + bbnote "Set user $name to need a password change on first login."
>> + cmd="sed -i ${IMAGE_ROOTFS}/etc/shadow -e 's,^'$name':\\([^:]*\\):[^:]*:,'$name':\\1:0:,'"
>> + eval flock -x ${IMAGE_ROOTFS}${sysconfdir} -c \"$PSEUDO $cmd\" || true
>> + done
>> +}
>> +
>> USERADDEXTENSION ?= ""
>>
>> inherit ${USERADDEXTENSION}
>> diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
>> index c5a38b0764..d1c5b8b1a3 100644
>> --- a/meta/conf/documentation.conf
>> +++ b/meta/conf/documentation.conf
>> @@ -169,6 +169,7 @@ EXTRA_OESCONS[doc] = "When a recipe inherits the scons class, this variable spec
>> EXTRA_QMAKEVARS_POST[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be after the .pro file list on the command line."
>> EXTRA_QMAKEVARS_PRE[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be before the .pro file list on the command line."
>> EXTRA_USERS_PARAMS[doc] = "When a recipe inherits the extrausers class, this variable provides image level user and group operations."
>> +EXTRA_FORCE_PASSWORD_CHANGE[doc] = "When a recipe inherits the extrausers class, this variable causes the specified users to require a password change on first login."
>>
>> #F
>>
>>
>>
>
>
>
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 1/1] extrausers: Add ability to force password change on first login
2021-03-08 18:08 ` [PATCH 1/1] extrausers: Add ability to force password change on first login Mark Hatle
2021-03-08 18:50 ` [OE-core] " Khem Raj
2021-03-09 2:02 ` Chen Qi
@ 2021-03-09 9:15 ` Quentin Schulz
2 siblings, 0 replies; 9+ messages in thread
From: Quentin Schulz @ 2021-03-09 9:15 UTC (permalink / raw)
To: Mark Hatle; +Cc: openembedded-core
Hi Mark,
On Mon, Mar 08, 2021 at 12:08:36PM -0600, Mark Hatle wrote:
> From: Mark Hatle <mark.hatle@xilinx.com>
>
> As documented in shadow(5), the third parameter is the last login time. A
> special value of '0' is defined which causes the password system to force
> a password change on next login.
>
> Adding the variable "EXTRA_FORCE_PASSWORD_CHANGE", a space separated list of
> user names, we can use this to adjust the shadow file's third value for the
> listed users.
>
> Note: This does have the same dependencies as other usages of extrausers,
> specifically base-passwd and shadow.
>
> Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
> ---
> meta/classes/extrausers.bbclass | 29 +++++++++++++++++++++++++++--
> meta/conf/documentation.conf | 1 +
> 2 files changed, 28 insertions(+), 2 deletions(-)
>
> diff --git a/meta/classes/extrausers.bbclass b/meta/classes/extrausers.bbclass
> index 90811bfe2a..e9d9358bef 100644
> --- a/meta/classes/extrausers.bbclass
> +++ b/meta/classes/extrausers.bbclass
> @@ -14,10 +14,10 @@
>
> inherit useradd_base
>
> -PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
> +PACKAGE_INSTALL_append = " ${@['', 'base-passwd shadow'][bool(d.getVar('EXTRA_USERS_PARAMS')) or bool(d.getVar('EXTRA_FORCE_PASSWORD_CHANGE'))]}"
>
> # Image level user / group settings
> -ROOTFS_POSTPROCESS_COMMAND_append = " set_user_group;"
> +ROOTFS_POSTPROCESS_COMMAND_append = "${@['', ' set_user_group;'][bool(d.getVar('EXTRA_USERS_PARAMS'))]}"
>
Am i the only one having a hard time reading this for what seems to be a
simple if condition?
Would the following work/make more sense?
${@'set_user_group;' if d.getVar('EXTRA_USERS_PARAMS'} else ''}?
Not saying there is a need to change, since I can see you merely
modified the original implementation, just wondering about the story
behind this choice.
[...]
> diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
> index c5a38b0764..d1c5b8b1a3 100644
> --- a/meta/conf/documentation.conf
> +++ b/meta/conf/documentation.conf
> @@ -169,6 +169,7 @@ EXTRA_OESCONS[doc] = "When a recipe inherits the scons class, this variable spec
> EXTRA_QMAKEVARS_POST[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be after the .pro file list on the command line."
> EXTRA_QMAKEVARS_PRE[doc] = "Configuration variables or options you want to pass to qmake when the arguments need to be before the .pro file list on the command line."
> EXTRA_USERS_PARAMS[doc] = "When a recipe inherits the extrausers class, this variable provides image level user and group operations."
> +EXTRA_FORCE_PASSWORD_CHANGE[doc] = "When a recipe inherits the extrausers class, this variable causes the specified users to require a password change on first login."
>
The actual reason for this mail below :)
Could you send a patch to yocto-docs to add this new variable to
ref-manual/variables and ref-classes/extrausers when this gets merged
please?
Thanks!
Quentin
^ permalink raw reply [flat|nested] 9+ messages in thread