Hello Rudolf, Greg, On Thu, 23 May 2019 at 22:43, Rudolf Streif <rudolf.str...@ibeeto.com> wrote:
> > It eluded me earlier but in both instances the variable containing the > password does not seem to be expanded. > Could it be the spaces around the = equal sign must be removed? https://unix.stackexchange.com/questions/258727/spaces-in-variable-assignments-in-shell-scripts Regards, Leon > First version without the single quotes: > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > results in: > > NOTE: scribe: Performing usermod with [-R > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs > -p sakura] > > and with the quotes: > > SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" > > EXTRA_USERS_PARAMS = "\ > usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ > usermod -a -G sudo,dialout ${SAKURA_USER}; \ > " > results in: > NOTE: scribe: Performing usermod with [-R > /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs > -p '' sakura] > > It looks as if the variable SAKURA_PASS is not set at all. I looked at your > scribe.bb recipe you attached earlier but I could not find any reason why the > variable is not set. Is there a chance that it is overridden somewhere elase? > > :rjs > > > On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <gwil...@sakuraus.com> > wrote: > >> Rudolf, >> >> Here is the first half of the file, the whole file is over the 500k >> limit of free pastebin: >> >> https://pastebin.com/UcnKebce >> >> >> And here is the 2nd half of the file: >> >> https://pastebin.com/9117tdUU >> >> >> Greg >> ------------------------------ >> *From:* Rudolf Streif <rudolf.str...@ibeeto.com> >> *Sent:* Wednesday, May 22, 2019 12:42:40 PM >> *To:* Greg Wilson-Lindberg >> *Cc:* Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> Greg, >> Can you share the logfile via Pastebin? >> :rjs >> >> On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg < >> gwil...@sakuraus.com> wrote: >> >>> Rudolf, >>> >>> Something else is happening to me. I changed to this in the image recipe: >>> >>> SAKURA_USER = "sakura" >>> >>> SAKURA_PASSWD = "Distracted" >>> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" >>> >>> EXTRA_USERS_PARAMS = "\ >>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ >>> usermod -a -G sudo,dialout ${SAKURA_USER}; \ >>> " >>> >>> deleting all of the commented out lines, and I get this in the log file: >>> >>> >>> ..../scribe/1.0-r0/rootfs -p '' sakura] >>> >>> >>> nothing between the single quotes. It's acting like SAKURA_PASS is not >>> defined. >>> >>> This is only happening when I'm trying the MD5 password. >>> >>> >>> Greg >>> ------------------------------ >>> *From:* Rudolf Streif <rudolf.str...@ibeeto.com> >>> *Sent:* Tuesday, May 21, 2019 5:37:23 AM >>> *To:* Greg Wilson-Lindberg >>> *Cc:* Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> Greg, >>> >>> usermod does not work for the MD5 algorithm with the explicit password >>> hash as it contains the $ field delimiters which are interpreted by the >>> shell executing the usermod command. Use single quotes around the password >>> hash: >>> >>> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; >>> >>> :rjs >>> >>> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <gwil...@sakuraus.com> >>> wrote: >>> >>>> Hi Rudolf, >>>> >>>> I've had more time to work with this and I'm still having problems getting >>>> everything to work properly. I've attached the image recipe recipe that I'm >>>> using so I don't leave any thing out that may be relevant. >>>> >>>> When I build with a password that is no more more than 8 characters long >>>> and no non-alphabetic characters: >>>> >>>> SAKURA_PASSWD = "Distract" >>>> SAKURA_PASS = "WRsDFfg1BsrDM" >>>> >>>> everything works correctly. >>>> >>>> I first tried that using the `openssl ...` form, and then I tried the >>>> -1, MD5 BSD form and had problems, so I changed to doing the openssl >>>> on the command line and making sure that I don't have any characters >>>> that display as '.' or '/'. Again, if I don't do more than 8 characters >>>> and no special characters everything works. >>>> >>>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes >>>> and the log file shows the usermod being exectued correctly: >>>> >>>> NOTE: scribe: Performing usermod with [-R >>>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >>>> -p kyNsrvS0elMWU sakura] >>>> NOTE: scribe: Performing usermod with [-R >>>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >>>> -a -G sudo,dialout sakura] >>>> >>>> But when I try to sign in it doesn't work. >>>> >>>> I then tried the 10 character password 'Distracted', the build fails: >>>> >>>> NOTE: scribe: Performing usermod with [-R >>>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >>>> -p sakura] >>>> Usage: usermod [options] LOGIN >>>> >>>> Options: >>>> -c, --comment COMMENT new value of the GECOS field >>>> -d, --home HOME_DIR new home directory for the user account >>>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE >>>> -f, --inactive INACTIVE set password inactive after expiration >>>> to INACTIVE >>>> -g, --gid GROUP force use GROUP as new primary group >>>> -G, --groups GROUPS new list of supplementary GROUPS >>>> -a, --append append the user to the supplemental GROUPS >>>> mentioned by the -G option without removing >>>> him/her from other groups >>>> -h, --help display this help message and exit >>>> -l, --login NEW_LOGIN new value of the login name >>>> -L, --lock lock the user account >>>> -m, --move-home move contents of the home directory to the >>>> new location (use only with -d) >>>> -o, --non-unique allow using duplicate (non-unique) UID >>>> -p, --password PASSWORD use encrypted password for the new password >>>> -P, --clear-password PASSWORD use clear password for the new password >>>> -R, --root CHROOT_DIR directory to chroot into >>>> -s, --shell SHELL new login shell for the user account >>>> -u, --uid UID new UID for the user account >>>> -U, --unlock unlock the user account >>>> -v, --add-subuids FIRST-LAST add range of subordinate uids >>>> -V, --del-subuids FIRST-LAST remove range of subordinate uids >>>> -w, --add-subgids FIRST-LAST add range of subordinate gids >>>> -W, --del-subgids FIRST-LAST remove range of subordinate gids >>>> >>>> ERROR: scribe: usermod command did not succeed. >>>> >>>> So, even though I'm putting in the openssl output: >>>> openssl passwd -1 "Distracted" >>>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 >>>> >>>> that I get back from what should be a valid run of openssl, I don't see >>>> anything >>>> from the password on the usermod command line: >>>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" >>>> >>>> I don't understand why the short passwords and passing along the proper >>>> hash works, >>>> but not the longer password. >>>> >>>> It also doesn't make sense that I can't put in the '$' & '@' characters and >>>> have them work. >>>> >>>> Any suggestions would be greatly appreciated. >>>> >>>> Greg >>>> >>>> ------------------------------ >>>> *From:* Rudolf Streif <rudolf.str...@ibeeto.com> >>>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM >>>> *To:* Greg Wilson-Lindberg >>>> *Cc:* Yocto list discussion >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> Glad to hear that it works now. I am planning on attending the YP >>>> DevDay. >>>> >>>> :rjs >>>> >>>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <gwil...@sakuraus.com> >>>> wrote: >>>> >>>>> Thank you very much, that got me back on the right path. >>>>> >>>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference. >>>>> >>>>> Regards, >>>>> >>>>> [image: cid:image001.png@01D35D7D.179A7510] >>>>> >>>>> *Greg Wilson-Lindberg * >>>>> >>>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. * >>>>> >>>>> >>>>> >>>>> 1750 W 214 >>>>> <https://maps.google.com/?q=1750+W+214&entry=gmail&source=g>th Street >>>>> | Torrance, CA 90501 | U.S.A. >>>>> >>>>> T: +1 310 783 5075 >>>>> >>>>> F: +1 310 618 6902 | E: gwil...@sakuraus.com >>>>> >>>>> www.sakuraus.com >>>>> >>>>> >>>>> >>>>> [image: cid:image002.png@01D35D7D.179A7510] >>>>> >>>>> [image: cid:image003.png@01D35D7D.179A7510] >>>>> ------------------------------ >>>>> >>>>> Confidentiality Notice: This e-mail transmission may contain >>>>> confidential or legally privileged information that is intended only for >>>>> the individual or entity named in the e-mail address. If you are not the >>>>> intended recipient, you are hereby notified that any disclosure, copying, >>>>> distribution, or reliance upon the contents of this e-mail is strictly >>>>> prohibited. If you have received this e-mail transmission in error, please >>>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for >>>>> proper delivery, and then please delete the message from your inbox. Thank >>>>> you. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Rudolf J Streif [mailto:rudolf.str...@ibeeto.com] >>>>> *Sent:* Wednesday, May 15, 2019 01:30 PM >>>>> *To:* Greg Wilson-Lindberg <gwil...@sakuraus.com>; Yocto list >>>>> discussion <yocto@yoctoproject.org> >>>>> *Subject:* Re: [yocto] problem adding a user >>>>> >>>>> >>>>> >>>>> Instead of >>>>> >>>>> >>>>> >>>>> useradd -p `openssl passwd test` sakura >>>>> >>>>> >>>>> >>>>> which attempts to add the user and set the password which fails if the >>>>> user already exists, use >>>>> >>>>> >>>>> >>>>> usermod -p `openssl passwd test` sakura >>>>> >>>>> >>>>> >>>>> which sets the user's password. >>>>> >>>>> >>>>> >>>>> :rjs >>>>> >>>>> >>>>> >>>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: >>>>> >>>>> Ok, I had been using the useradd class in a couple of other recipes to >>>>> allow me to copy files to the sakura user directory and another location, >>>>> but owned by sakura. That seems to have been what was causing the problem. >>>>> >>>>> >>>>> >>>>> I had been using the extrausers class in my top level image recipe. >>>>> >>>>> >>>>> So now how do I get all of this to work together? Do I need to put >>>>> everything that touches the sakura user in the same recipe? It seems that >>>>> I >>>>> need to use only one of the useradd or extrausers classes? >>>>> >>>>> >>>>> >>>>> Greg >>>>> ------------------------------ >>>>> >>>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>>>> <rudolf.str...@ibeeto.com> >>>>> *Sent:* Wednesday, May 15, 2019 12:31 PM >>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>>> *Subject:* Re: [yocto] problem adding a user >>>>> >>>>> >>>>> >>>>> The ! for the password in /etc/shadow indicates that the account is >>>>> disabled: >>>>> >>>>> sakura:!:18031:0:99999:7::: >>>>> >>>>> >>>>> >>>>> Either there is something wrong with the password generation or it >>>>> gets disabled by something else. Maybe it's worth trying with a plain >>>>> image >>>>> without Boot2Qt or anything else. >>>>> >>>>> >>>>> >>>>> :rjs >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: >>>>> >>>>> Hi Rudolf, >>>>> >>>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files. >>>>> >>>>> >>>>> >>>>> It shouldn't make any difference, but I'm building this for an RPi3 >>>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. >>>>> >>>>> >>>>> >>>>> Greg >>>>> ------------------------------ >>>>> >>>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>>>> <rudolf.str...@ibeeto.com> >>>>> *Sent:* Wednesday, May 15, 2019 11:26 AM >>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>>> *Subject:* Re: [yocto] problem adding a user >>>>> >>>>> >>>>> >>>>> Hi Greg, >>>>> >>>>> >>>>> >>>>> > I've also tried both the back-quote and the single-quote, no >>>>> difference. >>>>> >>>>> >>>>> >>>>> Help me to understand this. the back-quotes are the right ones. If you >>>>> use the single ones your password in the /etc/shadow ends up being >>>>> 'openssl >>>>> passwd test' (without the quotes), unless the build fails because of a >>>>> parsing error (I have not tried it). Silly question, you did inherit >>>>> extrausers class? >>>>> >>>>> >>>>> >>>>> Can you post your /etc/passwd and /etc/shadow >>>>> >>>>> >>>>> >>>>> I am surprised that this does not work with your setup. I have been >>>>> doing this a gazillion times always with success. >>>>> >>>>> >>>>> >>>>> :rjs >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >>>>> >>>>> Hi Rudolf, >>>>> >>>>> Thanks for the reply, and the information on how openssl works. >>>>> >>>>> >>>>> >>>>> I'm trying to create a user with the same group name so the code that >>>>> I'm using reduces to: >>>>> >>>>> EXTRA_USERS_PARAMS = "\ >>>>> >>>>> useradd -p `openssl passwd test` sakura; \ >>>>> >>>>> usermod -a -G sudo ${SAKURA_USER}; \ >>>>> >>>>> " >>>>> >>>>> I also, as you can see, removed the macros to eliminate as much >>>>> confusion as possible. >>>>> >>>>> >>>>> >>>>> I still can't login in using the password 'test'. >>>>> >>>>> >>>>> >>>>> I've also tried both the back-quote and the single-quote, no >>>>> difference. >>>>> >>>>> Regards, >>>>> >>>>> >>>>> >>>>> Greg >>>>> ------------------------------ >>>>> >>>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>>>> <rudolf.str...@ibeeto.com> >>>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >>>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>>> *Subject:* Re: [yocto] problem adding a user >>>>> >>>>> >>>>> >>>>> Hi Greg, >>>>> >>>>> Well, I suppose I wrote the book you are referring to... >>>>> >>>>> >>>>> Using >>>>> >>>>> useradd -p PASSWORD USER >>>>> >>>>> takes the password hash for PASSWORD hence the use of openssl in: >>>>> >>>>> useadd -p `openssl passwd PASSWORD` USER >>>>> >>>>> openssl password creates the password hash using the original crypt >>>>> hash >>>>> algorithm if no other options are specified. e.g. >>>>> >>>>> $ openssl passwd hello >>>>> 6hEsTksgRkeiI >>>>> >>>>> With this the first two characters of the output is the salt and the >>>>> rest is the password hash. If you want openssl to create the same >>>>> result >>>>> again: >>>>> >>>>> $ openssl passwd -salt "6h" hello >>>>> 6hEsTksgRkeiI >>>>> >>>>> You can use newer algorithms like MD5 based BSD password algorithm 1: >>>>> >>>>> $ openssl passwd -1 hello >>>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >>>>> >>>>> $1 : password algorithm 1 >>>>> $4Mu8Fcs. : salt >>>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash >>>>> >>>>> >>>>> If you log into the system you have to use the clear password. The >>>>> system reads the salt, creates the password hash and compares the >>>>> results. >>>>> >>>>> >>>>> :rjs >>>>> >>>>> >>>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >>>>> > I'm trying to use the example in "Embedded Linux Systems with the >>>>> Yocto Project" to add a user to my Yocto build. In the book the sample >>>>> code: >>>>> > >>>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >>>>> > >>>>> > uses openssl to generate the encrypted password string to pass to >>>>> useradd. I have never been able to get this to work. When I run the >>>>> openssl >>>>> > command on the cmd line I get a different value every time, this >>>>> seems wrong, How can the password code compare against it if every encode >>>>> > produces a different value? >>>>> > >>>>> > I am getting the user added to the system, the home directory shows >>>>> up and the user is in the passwd and group files. I just can't login to >>>>> the >>>>> > account. >>>>> > >>>>> > I've obviously got something confused, any help would be appreciated. >>>>> > >>>>> > Greg Wilson-Lindberg >>>>> > >>>>> >>>>> -- >>>>> ----- >>>>> Rudolf J Streif >>>>> CEO/CTO ibeeto >>>>> +1.855.442.3396 x700 >>>>> >>>>> -- >>>>> >>>>> ----- >>>>> >>>>> Rudolf J Streif >>>>> >>>>> CEO/CTO ibeeto >>>>> >>>>> +1.855.442.3396 x700 >>>>> >>>>> -- >>>>> >>>>> ----- >>>>> >>>>> Rudolf J Streif >>>>> >>>>> CEO/CTO ibeeto >>>>> >>>>> +1.855.442.3396 x700 >>>>> >>>>> -- >>>>> >>>>> ----- >>>>> >>>>> Rudolf J Streif >>>>> >>>>> CEO/CTO ibeeto >>>>> >>>>> +1.855.442.3396 x700 >>>>> >>>>> >> >> -- >> Rudolf J Streif >> CEO/CTO >> ibeeto, Streif Enterprises Inc. >> > > > -- > Rudolf J Streif > CEO/CTO > ibeeto, Streif Enterprises Inc. > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto > -- Leon Woestenberg l...@sidebranch.com T: +31 40 711 42 76 M: +31 6 472 30 372 Sidebranch Embedded Systems Eindhoven, The Netherlands http://www.sidebranch.com
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
