customize: virtual packages for build configuration #6311
Conversation
|
@aparcar @bobafetthotmail Heads up on this if you're interested. |
|
that's interesting, where do I write the root password to embed in the device(s)? Also, the no-password-shh-login does not seem to throw errors or stop build if keys for the no-password ssh login aren't found, it just loads a script that changes a configuration. That could lead to locking yourself out. |
It would look like: in your |
That's because there's more than one way around this. You could also pre-provision user accounts, seed their In general, having packages peek into the configuration of other packages is frowned upon because it makes things less deterministic. But I'm happy to consider reasonable patches. |
|
why not use the "files" overlay? i mean customizations are nice but why not use an existing functionality? |
Having it as a package makes it standardized and publicly reviewable, which should keep a good quality of the code in these customizations. With the "files" overlay everyone has to come up with a way that works for him, and does not share or allow review of it (as it lives in a local build system) automatically. This makes for many poor or buggy "solutions". While for this specific case it might be overkill, I like the idea of virtual packages like these for customizing automatically common things. |
Because that means that I'm stuck with a frozen snapshot of files... if Changing just the line that affects me means that I inherit all the other updates for free (at least for future builds). |
|
Hi, @pprindeville , sorry for the late reply (successfully choked my finger in the weekend ;) I will probably be a user of the disable-root-passwd-login. It will be better as a default OFF config option of dropbear/openssh package as that will be where I will lookup them up in the first place. To keep them in maintained state as shell commands scattered in the tree will be hard. The same also goes for preconfiguring root password. The security improvement is marginal, probably good for redistribution of firmware images, but personally I am not a fan of this. |
I originally tried that PR 5520 but it wasn't well received: so we keep going back and forth. |
|
@pprindeville My advice is that if this is really important to be in the repo, improve and try your best to make it happen. Otherwise, just have it in your local repo. No disappointment or discouragement. That's the distributed, decentralized way of git workflow I liked very much ;) |
This is a loose collection of virtual packages which when built, tweak the final image. It's mostly a workaround to overlay's going away. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
pprindeville
force-pushed
the
add-customize-package
branch
from
90d512f
to
e3c58bb
Compare
|
@pprindeville Is this still relevant? If so, please rebase against current master. |
Maintainer: me
Compile tested: x86_64, generic, HEAD (4fdc6ca)
Run tested: same
Description:
Adds
root-passwdas a virtual package andCONFIG_TARGET_ROOT_PASSWORDas a variable, allowing images to be built with a root password baked in.Adds
disable-openssh-password-loginas a virtual package which forces:in
/etc/ssh/sshd_config.