Greg, It eluded me earlier but in both instances the variable containing the password does not seem to be expanded.
First version without the single quotes: SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p ${SAKURA_PASS} ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " results in: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p sakura] and with the quotes: SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" EXTRA_USERS_PARAMS = "\ usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ usermod -a -G sudo,dialout ${SAKURA_USER}; \ " results in: NOTE: scribe: Performing usermod with [-R /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs -p '' sakura] It looks as if the variable SAKURA_PASS is not set at all. I looked at your scribe.bb recipe you attached earlier but I could not find any reason why the variable is not set. Is there a chance that it is overridden somewhere elase? :rjs On Wed, May 22, 2019 at 1:28 PM Greg Wilson-Lindberg <gwil...@sakuraus.com> wrote: > Rudolf, > > Here is the first half of the file, the whole file is over the 500k limit > of free pastebin: > > https://pastebin.com/UcnKebce > > > And here is the 2nd half of the file: > > https://pastebin.com/9117tdUU > > > Greg > ------------------------------ > *From:* Rudolf Streif <rudolf.str...@ibeeto.com> > *Sent:* Wednesday, May 22, 2019 12:42:40 PM > *To:* Greg Wilson-Lindberg > *Cc:* Yocto list discussion > *Subject:* Re: [yocto] problem adding a user > > Greg, > Can you share the logfile via Pastebin? > :rjs > > On Tue, May 21, 2019 at 11:09 AM Greg Wilson-Lindberg < > gwil...@sakuraus.com> wrote: > >> Rudolf, >> >> Something else is happening to me. I changed to this in the image recipe: >> >> SAKURA_USER = "sakura" >> >> SAKURA_PASSWD = "Distracted" >> SAKURA_PASS = "$1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0" >> >> EXTRA_USERS_PARAMS = "\ >> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; \ >> usermod -a -G sudo,dialout ${SAKURA_USER}; \ >> " >> >> deleting all of the commented out lines, and I get this in the log file: >> >> >> ..../scribe/1.0-r0/rootfs -p '' sakura] >> >> >> nothing between the single quotes. It's acting like SAKURA_PASS is not >> defined. >> >> This is only happening when I'm trying the MD5 password. >> >> >> Greg >> ------------------------------ >> *From:* Rudolf Streif <rudolf.str...@ibeeto.com> >> *Sent:* Tuesday, May 21, 2019 5:37:23 AM >> *To:* Greg Wilson-Lindberg >> *Cc:* Yocto list discussion >> *Subject:* Re: [yocto] problem adding a user >> >> Greg, >> >> usermod does not work for the MD5 algorithm with the explicit password >> hash as it contains the $ field delimiters which are interpreted by the >> shell executing the usermod command. Use single quotes around the password >> hash: >> >> usermod -p '${SAKURA_PASS}' ${SAKURA_USER}; >> >> :rjs >> >> On Mon, May 20, 2019, 11:55 Greg Wilson-Lindberg <gwil...@sakuraus.com> >> wrote: >> >>> Hi Rudolf, >>> >>> I've had more time to work with this and I'm still having problems getting >>> everything to work properly. I've attached the image recipe recipe that I'm >>> using so I don't leave any thing out that may be relevant. >>> >>> When I build with a password that is no more more than 8 characters long >>> and no non-alphabetic characters: >>> >>> SAKURA_PASSWD = "Distract" >>> SAKURA_PASS = "WRsDFfg1BsrDM" >>> >>> everything works correctly. >>> >>> I first tried that using the `openssl ...` form, and then I tried the >>> -1, MD5 BSD form and had problems, so I changed to doing the openssl >>> on the command line and making sure that I don't have any characters >>> that display as '.' or '/'. Again, if I don't do more than 8 characters >>> and no special characters everything works. >>> >>> When I changed to using 'Ds$tr@ct' it stopped working. The build finishes >>> and the log file shows the usermod being exectued correctly: >>> >>> NOTE: scribe: Performing usermod with [-R >>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >>> -p kyNsrvS0elMWU sakura] >>> NOTE: scribe: Performing usermod with [-R >>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >>> -a -G sudo,dialout sakura] >>> >>> But when I try to sign in it doesn't work. >>> >>> I then tried the 10 character password 'Distracted', the build fails: >>> >>> NOTE: scribe: Performing usermod with [-R >>> /home/gwilson/Qt/Qt-5.12.3/Yocto-build-RPi3/build-raspberrypi3/tmp/work/raspberrypi3-poky-linux-gnueabi/scribe/1.0-r0/rootfs >>> -p sakura] >>> Usage: usermod [options] LOGIN >>> >>> Options: >>> -c, --comment COMMENT new value of the GECOS field >>> -d, --home HOME_DIR new home directory for the user account >>> -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE >>> -f, --inactive INACTIVE set password inactive after expiration >>> to INACTIVE >>> -g, --gid GROUP force use GROUP as new primary group >>> -G, --groups GROUPS new list of supplementary GROUPS >>> -a, --append append the user to the supplemental GROUPS >>> mentioned by the -G option without removing >>> him/her from other groups >>> -h, --help display this help message and exit >>> -l, --login NEW_LOGIN new value of the login name >>> -L, --lock lock the user account >>> -m, --move-home move contents of the home directory to the >>> new location (use only with -d) >>> -o, --non-unique allow using duplicate (non-unique) UID >>> -p, --password PASSWORD use encrypted password for the new password >>> -P, --clear-password PASSWORD use clear password for the new password >>> -R, --root CHROOT_DIR directory to chroot into >>> -s, --shell SHELL new login shell for the user account >>> -u, --uid UID new UID for the user account >>> -U, --unlock unlock the user account >>> -v, --add-subuids FIRST-LAST add range of subordinate uids >>> -V, --del-subuids FIRST-LAST remove range of subordinate uids >>> -w, --add-subgids FIRST-LAST add range of subordinate gids >>> -W, --del-subgids FIRST-LAST remove range of subordinate gids >>> >>> ERROR: scribe: usermod command did not succeed. >>> >>> So, even though I'm putting in the openssl output: >>> openssl passwd -1 "Distracted" >>> $1$QVO3K6Ii$fvkoDKnlzz3d5uVoL7KcM0 >>> >>> that I get back from what should be a valid run of openssl, I don't see >>> anything >>> from the password on the usermod command line: >>> "...linux-gnueabi/scribe/1.0-r0/rootfs -p sakura]" >>> >>> I don't understand why the short passwords and passing along the proper >>> hash works, >>> but not the longer password. >>> >>> It also doesn't make sense that I can't put in the '$' & '@' characters and >>> have them work. >>> >>> Any suggestions would be greatly appreciated. >>> >>> Greg >>> >>> ------------------------------ >>> *From:* Rudolf Streif <rudolf.str...@ibeeto.com> >>> *Sent:* Wednesday, May 15, 2019 4:58:26 PM >>> *To:* Greg Wilson-Lindberg >>> *Cc:* Yocto list discussion >>> *Subject:* Re: [yocto] problem adding a user >>> >>> Glad to hear that it works now. I am planning on attending the YP >>> DevDay. >>> >>> :rjs >>> >>> On Wed, May 15, 2019, 13:53 Greg Wilson-Lindberg <gwil...@sakuraus.com> >>> wrote: >>> >>>> Thank you very much, that got me back on the right path. >>>> >>>> Maybe I'll see you at the Yocto day at the Embedded Linux Conference. >>>> >>>> Regards, >>>> >>>> [image: cid:image001.png@01D35D7D.179A7510] >>>> >>>> *Greg Wilson-Lindberg * >>>> >>>> *Principal Firmware Engineer | Sakura Finetek USA, Inc. * >>>> >>>> >>>> >>>> 1750 W 214th Street | Torrance, CA 90501 | U.S.A. >>>> >>>> T: +1 310 783 5075 >>>> >>>> F: +1 310 618 6902 | E: gwil...@sakuraus.com >>>> >>>> www.sakuraus.com >>>> >>>> >>>> >>>> [image: cid:image002.png@01D35D7D.179A7510] >>>> >>>> [image: cid:image003.png@01D35D7D.179A7510] >>>> ------------------------------ >>>> >>>> Confidentiality Notice: This e-mail transmission may contain >>>> confidential or legally privileged information that is intended only for >>>> the individual or entity named in the e-mail address. If you are not the >>>> intended recipient, you are hereby notified that any disclosure, copying, >>>> distribution, or reliance upon the contents of this e-mail is strictly >>>> prohibited. If you have received this e-mail transmission in error, please >>>> reply to the sender, so that Sakura Finetek USA, Inc. can arrange for >>>> proper delivery, and then please delete the message from your inbox. Thank >>>> you. >>>> >>>> >>>> >>>> >>>> >>>> *From:* Rudolf J Streif [mailto:rudolf.str...@ibeeto.com] >>>> *Sent:* Wednesday, May 15, 2019 01:30 PM >>>> *To:* Greg Wilson-Lindberg <gwil...@sakuraus.com>; Yocto list >>>> discussion <yocto@yoctoproject.org> >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> >>>> >>>> Instead of >>>> >>>> >>>> >>>> useradd -p `openssl passwd test` sakura >>>> >>>> >>>> >>>> which attempts to add the user and set the password which fails if the >>>> user already exists, use >>>> >>>> >>>> >>>> usermod -p `openssl passwd test` sakura >>>> >>>> >>>> >>>> which sets the user's password. >>>> >>>> >>>> >>>> :rjs >>>> >>>> >>>> >>>> On 5/15/19 1:18 PM, Greg Wilson-Lindberg wrote: >>>> >>>> Ok, I had been using the useradd class in a couple of other recipes to >>>> allow me to copy files to the sakura user directory and another location, >>>> but owned by sakura. That seems to have been what was causing the problem. >>>> >>>> >>>> >>>> I had been using the extrausers class in my top level image recipe. >>>> >>>> >>>> So now how do I get all of this to work together? Do I need to put >>>> everything that touches the sakura user in the same recipe? It seems that I >>>> need to use only one of the useradd or extrausers classes? >>>> >>>> >>>> >>>> Greg >>>> ------------------------------ >>>> >>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>>> <rudolf.str...@ibeeto.com> >>>> *Sent:* Wednesday, May 15, 2019 12:31 PM >>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> >>>> >>>> The ! for the password in /etc/shadow indicates that the account is >>>> disabled: >>>> >>>> sakura:!:18031:0:99999:7::: >>>> >>>> >>>> >>>> Either there is something wrong with the password generation or it gets >>>> disabled by something else. Maybe it's worth trying with a plain image >>>> without Boot2Qt or anything else. >>>> >>>> >>>> >>>> :rjs >>>> >>>> >>>> >>>> >>>> >>>> On 5/15/19 11:46 AM, Greg Wilson-Lindberg wrote: >>>> >>>> Hi Rudolf, >>>> >>>> 1st, yes I inherit extrausers. Attached are the passwd & shadow files. >>>> >>>> >>>> >>>> It shouldn't make any difference, but I'm building this for an RPi3 >>>> using the Qt Boot2Qt version of the Yocto environment, distro 2.5.3. >>>> >>>> >>>> >>>> Greg >>>> ------------------------------ >>>> >>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>>> <rudolf.str...@ibeeto.com> >>>> *Sent:* Wednesday, May 15, 2019 11:26 AM >>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> >>>> >>>> Hi Greg, >>>> >>>> >>>> >>>> > I've also tried both the back-quote and the single-quote, no >>>> difference. >>>> >>>> >>>> >>>> Help me to understand this. the back-quotes are the right ones. If you >>>> use the single ones your password in the /etc/shadow ends up being 'openssl >>>> passwd test' (without the quotes), unless the build fails because of a >>>> parsing error (I have not tried it). Silly question, you did inherit >>>> extrausers class? >>>> >>>> >>>> >>>> Can you post your /etc/passwd and /etc/shadow >>>> >>>> >>>> >>>> I am surprised that this does not work with your setup. I have been >>>> doing this a gazillion times always with success. >>>> >>>> >>>> >>>> :rjs >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 5/15/19 11:03 AM, Greg Wilson-Lindberg wrote: >>>> >>>> Hi Rudolf, >>>> >>>> Thanks for the reply, and the information on how openssl works. >>>> >>>> >>>> >>>> I'm trying to create a user with the same group name so the code that >>>> I'm using reduces to: >>>> >>>> EXTRA_USERS_PARAMS = "\ >>>> >>>> useradd -p `openssl passwd test` sakura; \ >>>> >>>> usermod -a -G sudo ${SAKURA_USER}; \ >>>> >>>> " >>>> >>>> I also, as you can see, removed the macros to eliminate as much >>>> confusion as possible. >>>> >>>> >>>> >>>> I still can't login in using the password 'test'. >>>> >>>> >>>> >>>> I've also tried both the back-quote and the single-quote, no difference. >>>> >>>> Regards, >>>> >>>> >>>> >>>> Greg >>>> ------------------------------ >>>> >>>> *From:* Rudolf J Streif <rudolf.str...@ibeeto.com> >>>> <rudolf.str...@ibeeto.com> >>>> *Sent:* Wednesday, May 15, 2019 10:07:47 AM >>>> *To:* Greg Wilson-Lindberg; Yocto list discussion >>>> *Subject:* Re: [yocto] problem adding a user >>>> >>>> >>>> >>>> Hi Greg, >>>> >>>> Well, I suppose I wrote the book you are referring to... >>>> >>>> >>>> Using >>>> >>>> useradd -p PASSWORD USER >>>> >>>> takes the password hash for PASSWORD hence the use of openssl in: >>>> >>>> useadd -p `openssl passwd PASSWORD` USER >>>> >>>> openssl password creates the password hash using the original crypt >>>> hash >>>> algorithm if no other options are specified. e.g. >>>> >>>> $ openssl passwd hello >>>> 6hEsTksgRkeiI >>>> >>>> With this the first two characters of the output is the salt and the >>>> rest is the password hash. If you want openssl to create the same >>>> result >>>> again: >>>> >>>> $ openssl passwd -salt "6h" hello >>>> 6hEsTksgRkeiI >>>> >>>> You can use newer algorithms like MD5 based BSD password algorithm 1: >>>> >>>> $ openssl passwd -1 hello >>>> $1$4Mu8Fcs.$eIKgPP7RCYrb3lFZjhADA1 >>>> >>>> $1 : password algorithm 1 >>>> $4Mu8Fcs. : salt >>>> $eIKgPP7RCYrb3lFZjhADA1 : password hash >>>> >>>> >>>> If you log into the system you have to use the clear password. The >>>> system reads the salt, creates the password hash and compares the >>>> results. >>>> >>>> >>>> :rjs >>>> >>>> >>>> On 5/14/19 5:34 PM, Greg Wilson-Lindberg wrote: >>>> > I'm trying to use the example in "Embedded Linux Systems with the >>>> Yocto Project" to add a user to my Yocto build. In the book the sample >>>> code: >>>> > >>>> > useradd -p `openssl passwd ${DEV_PASSWORD}` developer; \ >>>> > >>>> > uses openssl to generate the encrypted password string to pass to >>>> useradd. I have never been able to get this to work. When I run the openssl >>>> > command on the cmd line I get a different value every time, this >>>> seems wrong, How can the password code compare against it if every encode >>>> > produces a different value? >>>> > >>>> > I am getting the user added to the system, the home directory shows >>>> up and the user is in the passwd and group files. I just can't login to the >>>> > account. >>>> > >>>> > I've obviously got something confused, any help would be appreciated. >>>> > >>>> > Greg Wilson-Lindberg >>>> > >>>> >>>> -- >>>> ----- >>>> Rudolf J Streif >>>> CEO/CTO ibeeto >>>> +1.855.442.3396 x700 >>>> >>>> -- >>>> >>>> ----- >>>> >>>> Rudolf J Streif >>>> >>>> CEO/CTO ibeeto >>>> >>>> +1.855.442.3396 x700 >>>> >>>> -- >>>> >>>> ----- >>>> >>>> Rudolf J Streif >>>> >>>> CEO/CTO ibeeto >>>> >>>> +1.855.442.3396 x700 >>>> >>>> -- >>>> >>>> ----- >>>> >>>> Rudolf J Streif >>>> >>>> CEO/CTO ibeeto >>>> >>>> +1.855.442.3396 x700 >>>> >>>> > > -- > Rudolf J Streif > CEO/CTO > ibeeto, Streif Enterprises Inc. > -- Rudolf J Streif CEO/CTO ibeeto, Streif Enterprises Inc.
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto