| Message ID | 20210118103704.18195-1-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Move root password | expand |
On 18.01.21 11:37, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > If you use isar-cip-core downstream the root user in kas-cip.yml > can set the root password in a production image. Avoid this by moving > the user and password to cip-core-image. > > Should we rename the cip-core-image to cip-core-image-demo to > clarify the indented use? Not necessarily. A downstream user could still include or bbappend cip-core-image while overwriting the password variable. > > cip-core-image-security now requires cip-core-image as base. We could > move the content of cip-core-image-security to a include to fasilitate > the usage downstream. > Fine with me - except that the patch does two things in one: move the password AND also base the security on top of the core image. Split up please. Jan
From: Quirin Gylstorff <quirin.gylstorff@siemens.com> If you use isar-cip-core downstream the root user in kas-cip.yml can set the root password in a production image. Avoid this by moving the user and password to cip-core-image. Should we rename the cip-core-image to cip-core-image-demo to clarify the indented use? cip-core-image-security now requires cip-core-image as base. We could move the content of cip-core-image-security to a include to fasilitate the usage downstream. Quirin Gylstorff (1): image: Move root password kas-cip.yml | 4 ---- recipes-core/images/cip-core-image-security.bb | 3 +++ recipes-core/images/cip-core-image.bb | 8 +++++++- recipes-core/security-customizations/files/postinst | 6 ------ 4 files changed, 10 insertions(+), 11 deletions(-)