install --ondev: run setup_login for installer OS (MR 2026)
Run setup_login() while creating the installer OS too, in order to disable passwordless root login. Note that this may sound like a security flaw, but it isn't. * setup_login already ran for the target OS, meaning after the installation is done, one is not be able to login as root without password * root login without password was only possible via serial console (or by attaching a keyboard), not via SSH * getting root rights via serial in the installer OS is actually desired for debugging, we add a debug user with sudo set up by default: https://wiki.postmarketos.org/wiki/On-device_installer#Debug_user So even though this isn't a problem, disable it to avoid confusion.
This commit is contained in:
parent
7320caead0
commit
1b67c11396
|
@ -202,12 +202,14 @@ def set_user(args):
|
||||||
pmb.chroot.root(args, ["addgroup", args.user, group], suffix)
|
pmb.chroot.root(args, ["addgroup", args.user, group], suffix)
|
||||||
|
|
||||||
|
|
||||||
def setup_login(args):
|
def setup_login(args, suffix):
|
||||||
"""
|
"""
|
||||||
Loop until the password for user has been set successfully, and disable root
|
Loop until the password for user has been set successfully, and disable root
|
||||||
login.
|
login.
|
||||||
|
|
||||||
|
:param suffix: of the chroot, where passwd will be execute (either the
|
||||||
|
f"rootfs_{args.device}", or f"installer_{args.device}")
|
||||||
"""
|
"""
|
||||||
suffix = "rootfs_" + args.device
|
|
||||||
if not args.on_device_installer:
|
if not args.on_device_installer:
|
||||||
# User password
|
# User password
|
||||||
logging.info(" *** SET LOGIN PASSWORD FOR: '" + args.user + "' ***")
|
logging.info(" *** SET LOGIN PASSWORD FOR: '" + args.user + "' ***")
|
||||||
|
@ -646,6 +648,9 @@ def install_on_device_installer(args, step, steps):
|
||||||
logging.info(f"(native) rm {img_boot}")
|
logging.info(f"(native) rm {img_boot}")
|
||||||
pmb.chroot.root(args, ["rm", f"/home/pmos/rootfs/{img_boot}"])
|
pmb.chroot.root(args, ["rm", f"/home/pmos/rootfs/{img_boot}"])
|
||||||
|
|
||||||
|
# Disable root login
|
||||||
|
setup_login(args, suffix_installer)
|
||||||
|
|
||||||
# Generate installer image
|
# Generate installer image
|
||||||
size_reserve = round(os.path.getsize(img_path_dest) / 1024 / 1024) + 200
|
size_reserve = round(os.path.getsize(img_path_dest) / 1024 / 1024) + 200
|
||||||
boot_label = "pmOS_inst_boot"
|
boot_label = "pmOS_inst_boot"
|
||||||
|
@ -703,7 +708,7 @@ def create_device_rootfs(args, step, steps):
|
||||||
pmb.chroot.initfs.build(args, flavor, suffix)
|
pmb.chroot.initfs.build(args, flavor, suffix)
|
||||||
|
|
||||||
# Set the user password
|
# Set the user password
|
||||||
setup_login(args)
|
setup_login(args, suffix)
|
||||||
|
|
||||||
# Set the keymap if the device requires it
|
# Set the keymap if the device requires it
|
||||||
setup_keymap(args)
|
setup_keymap(args)
|
||||||
|
|
Loading…
Reference in New Issue