core-image.bbclass: zap root password if debug-tweaks not enabled

If you do not have debug-tweaks in IMAGE_FEATURES, then zap the root
password so that you can't log in as root without a password in an image
potentially intended for a production system.

Also mention debug-tweaks in the comments listing IMAGE_FEATURES in this
file.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
index 507d6a60e61dd6414d91f0a53866808328d6a408..8e83d4abe1d50b3abe834337330b49cca6d70fb4 100644 (file)
--- a/meta/classes/core-image.bbclass
+++ b/meta/classes/core-image.bbclass
@@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3
 # - nfs-server          - NFS server (exports / over NFS to everybody)
 # - ssh-server-dropbear - SSH server (dropbear)
 # - ssh-server-openssh  - SSH server (openssh)
+# - debug-tweaks        - makes an image suitable for development
 #
 PACKAGE_GROUP_apps-console-core = "task-core-apps-console"
 PACKAGE_GROUP_x11-base = "task-core-x11-base"
@@ -65,3 +66,7 @@ inherit image
 
 # Create /etc/timestamp during image construction to give a reasonably sane default time setting
 ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
+
+# Zap the root password if debug-tweaks feature is not enabled
+ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
+