classes-recipe/core-image: drop debug-tweaks IMAGE_FEATURE

Remove the 'debug-tweaks' IMAGE_FEATURE. It sounds friendly and kind to developers, but it results primarily in an image which root can login remotely without a password. This is incredibly useful for local development and testing purposes, but we really want to be explicit that this is what is happening instead of hiding it behind a vague "debug tweaks" statement. To preserve the eixsting behaviour, debug-tweaks should be replaced with these features: allow-empty-password empty-root-password allow-root-login post-install-logging (From OE-Core rev: 2c229f9542c6ba608912e14c9c3f783c3fa89349) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-07-19 12:59:02 +02:00 · 2024-11-07 13:47:52 +00:00 · 2024-11-07 13:47:52 +00:00 · 43b8b3fa72
commit 43b8b3fa72
parent 226ec2ce74
3 changed files with 15 additions and 14 deletions
--- a/meta/classes-recipe/core-image.bbclass
+++ b/meta/classes-recipe/core-image.bbclass
@ -26,11 +26,6 @@
 # - ssh-server-openssh  - SSH server (openssh)
 # - hwcodecs            - Install hardware acceleration codecs
 # - package-management  - installs package management tools and preserves the package manager database
-# - debug-tweaks        - makes an image suitable for development, e.g. allowing passwordless root logins
-#   - empty-root-password
-#   - allow-empty-password
-#   - allow-root-login
-#   - post-install-logging
 # - serial-autologin-root - with 'empty-root-password': autologin 'root' on the serial console
 # - dev-pkgs            - development packages (headers, etc.) for all installed packages in the rootfs
 # - dbg-pkgs            - debug symbol packages for all installed packages in the rootfs
@ -43,6 +38,12 @@
 # - stateless-rootfs    - systemctl-native not run, image populated by systemd at runtime
 # - splash              - bootup splash screen
 #
+# Features for development purposes (previously part of debug-tweaks):
+# - empty-root-password  - the root user has no password set
+# - allow-empty-password - users can have an empty password
+# - allow-root-login     - the root user can login
+# - post-install-logging - log the output of postinstall scriptlets
+#
 FEATURE_PACKAGES_weston = "packagegroup-core-weston"
 FEATURE_PACKAGES_x11 = "packagegroup-core-x11"
 FEATURE_PACKAGES_x11-base = "packagegroup-core-x11-base"
--- a/meta/classes-recipe/image.bbclass
+++ b/meta/classes-recipe/image.bbclass
@ -40,7 +40,7 @@ INHIBIT_DEFAULT_DEPS = "1"
 # IMAGE_FEATURES may contain any available package group
 IMAGE_FEATURES ?= ""
 IMAGE_FEATURES[type] = "list"
-IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs read-only-rootfs-delayed-postinsts stateless-rootfs empty-root-password allow-empty-password allow-root-login serial-autologin-root post-install-logging overlayfs-etc"
+IMAGE_FEATURES[validitems] += "read-only-rootfs read-only-rootfs-delayed-postinsts stateless-rootfs empty-root-password allow-empty-password allow-root-login serial-autologin-root post-install-logging overlayfs-etc"

 # Generate companion debugfs?
 IMAGE_GEN_DEBUGFS ?= "0"
--- a/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/meta/classes-recipe/rootfs-postcommands.bbclass
@ -4,20 +4,20 @@
 # SPDX-License-Identifier: MIT
 #

-# Zap the root password if debug-tweaks and empty-root-password features are not enabled
-ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password ",d)}'
+# Zap the root password if empty-root-password feature is not enabled
+ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "empty-root-password", "", "zap_empty_root_password ",d)}'

-# Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks or allow-empty-password is enabled
-ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-empty-password' ], "ssh_allow_empty_password ", "",d)}'
+# Allow dropbear/openssh to accept logins from accounts with an empty password string if allow-empty-password is enabled
+ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "allow-empty-password", "ssh_allow_empty_password ", "",d)}'

-# Allow dropbear/openssh to accept root logins if debug-tweaks or allow-root-login is enabled
-ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "ssh_allow_root_login ", "",d)}'
+# Allow dropbear/openssh to accept root logins if allow-root-login is enabled
+ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "allow-root-login", "ssh_allow_root_login ", "",d)}'

 # Autologin the root user on the serial console, if empty-root-password and serial-autologin-root are active
 ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", [ 'empty-root-password', 'serial-autologin-root' ], "serial_autologin_root ", "",d)}'

-# Enable postinst logging if debug-tweaks or post-install-logging is enabled
-ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging ", "",d)}'
+# Enable postinst logging if post-install-logging is enabled
+ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "post-install-logging", "postinst_enable_logging ", "",d)}'

 # Create /etc/timestamp during image construction to give a reasonably sane default time setting
 ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp "