fragments: add a 'root-login-with-empty-password' fragment

Please see this for background/some discussion: https://lists.openembedded.org/g/openembedded-architecture/topic/115913545 Care should be taken to not enable this by default, and especially not for production images. Poky and oe-core default templates did it, and it was not a good starting point. Hopefully the fragment name, and the description that users will see when enabling the fragment will provide enough warning. (From OE-Core rev: e135458415dea5bbc4651e05dafe0b6903b65751) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-04 16:10:04 +00:00 · 2025-10-30 10:22:46 +01:00 · 2025-10-30 10:22:46 +01:00 · 7eefb05a15
commit 7eefb05a15
parent db1ba50813
1 changed files with 10 additions and 0 deletions
--- a/meta/conf/fragments/yocto/root-login-with-empty-password.conf
+++ b/meta/conf/fragments/yocto/root-login-with-empty-password.conf
@ -0,0 +1,10 @@
+BB_CONF_FRAGMENT_SUMMARY = "Log in as root without password on serial console and over ssh (use with caution)."
+BB_CONF_FRAGMENT_DESCRIPTION = "By default images are built such that root login is disabled \
+(which is the preferred, secure default). However, for testing and development purposes it can \
+be beneficial to be able to log in as root, both on serial console and over ssh connections, \
+which is what this fragment enables. Use with great caution, and ideally only in tightly \
+controlled local builds and CI testing environments, and never in artefacts that are deployed \
+into products. \
+"
+
+EXTRA_IMAGE_FEATURES += "allow-empty-password empty-root-password allow-root-login"