synit
/
pmbootstrap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

install --ondev: run setup_login for installer OS (MR 2026) 

Run setup_login() while creating the installer OS too, in order to
disable passwordless root login.

Note that this may sound like a security flaw, but it isn't.
* setup_login already ran for the target OS, meaning after the
  installation is done, one is not be able to login as root without
  password
* root login without password was only possible via serial console (or by
  attaching a keyboard), not via SSH
* getting root rights via serial in the installer OS is actually desired
  for debugging, we add a debug user with sudo set up by default:
  https://wiki.postmarketos.org/wiki/On-device_installer#Debug_user

So even though this isn't a problem, disable it to avoid confusion.
This commit is contained in:
Oliver Smith 2021-02-08 22:46:37 +01:00
parent 7320caead0
commit 1b67c11396
No known key found for this signature in database
GPG Key ID: 5AE7F5513E0885CB
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pmb/install/_install.py
View File

@ -202,12 +202,14 @@ def set_user(args):
pmb.chroot.root(args, ["addgroup", args.user, group], suffix)
def setup_login(args):
def setup_login(args, suffix):
"""
Loop until the password for user has been set successfully, and disable root
login.
:param suffix: of the chroot, where passwd will be execute (either the
f"rootfs_{args.device}", or f"installer_{args.device}")
"""
suffix = "rootfs_" + args.device
if not args.on_device_installer:
# User password
logging.info(" *** SET LOGIN PASSWORD FOR: '" + args.user + "' ***")
@ -646,6 +648,9 @@ def install_on_device_installer(args, step, steps):
logging.info(f"(native) rm {img_boot}")
pmb.chroot.root(args, ["rm", f"/home/pmos/rootfs/{img_boot}"])
# Disable root login
setup_login(args, suffix_installer)
# Generate installer image
size_reserve = round(os.path.getsize(img_path_dest) / 1024 / 1024) + 200
boot_label = "pmOS_inst_boot"
@ -703,7 +708,7 @@ def create_device_rootfs(args, step, steps):
pmb.chroot.initfs.build(args, flavor, suffix)
# Set the user password
setup_login(args)
setup_login(args, suffix)
# Set the keymap if the device requires it
setup_keymap(args)