From: Alexander Kanavin Date: Thu, 30 Oct 2025 09:22:46 +0000 (+0100) Subject: fragments: add a 'root-login-with-empty-password' fragment X-Git-Tag: yocto-5.3~87 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e135458415dea5bbc4651e05dafe0b6903b65751;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git fragments: add a 'root-login-with-empty-password' fragment Please see this for background/some discussion: https://lists.openembedded.org/g/openembedded-architecture/topic/115913545 Care should be taken to not enable this by default, and especially not for production images. Poky and oe-core default templates did it, and it was not a good starting point. Hopefully the fragment name, and the description that users will see when enabling the fragment will provide enough warning. Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- diff --git a/meta/conf/fragments/yocto/root-login-with-empty-password.conf b/meta/conf/fragments/yocto/root-login-with-empty-password.conf new file mode 100644 index 0000000000..86aec0e152 --- /dev/null +++ b/meta/conf/fragments/yocto/root-login-with-empty-password.conf @@ -0,0 +1,10 @@ +BB_CONF_FRAGMENT_SUMMARY = "Log in as root without password on serial console and over ssh (use with caution)." +BB_CONF_FRAGMENT_DESCRIPTION = "By default images are built such that root login is disabled \ +(which is the preferred, secure default). However, for testing and development purposes it can \ +be beneficial to be able to log in as root, both on serial console and over ssh connections, \ +which is what this fragment enables. Use with great caution, and ideally only in tightly \ +controlled local builds and CI testing environments, and never in artefacts that are deployed \ +into products. \ +" + +EXTRA_IMAGE_FEATURES += "allow-empty-password empty-root-password allow-root-login"