Re: extrausers-bbclass: plaintext password (since shadow update to 4.9)


Peter Bergin
 

On 2021-08-30 14:54, Matthias Klein wrote:

Hello,

I am trying to find a working alternative for the old -P option.

Previous:
EXTRA_USERS_PARAMS = "usermod -P toor root;"

The suggestions from this thread don't seem to work: https://lists.openembedded.org/g/openembedded-core/topic/84548199

Current:
hash="$(python3 -c "import crypt; print(crypt.crypt('toor', crypt.METHOD_SHA512))")"
EXTRA_USERS_PARAMS = "usermod -p ${hash} root;"

The hashed password does not seem to be escaped properly in the extrausers-bbclass. The password in the shadow file is missing $ characters.

Is there a way (with the current master branch) to define a password?

You have to escape the password string in the recipe. Use '\\\$' to escape the '$' token. There are some levels of evaluation of the expression and that's the reason for multiple '\'. Just iterate until you have the correct string in the shadow file, also check the log.do_rootfs where you can see the parameters to usermod.

/Peter

Join yocto@lists.yoctoproject.org to automatically receive all group messages.