classes/image-account-extension: Add flag to force password change on…

… first login This avoids possible errors if `passwd --expire root` is set during package installation. Signed-off-by: Quirin Gylstorff <[email protected]>
fmoessbauer · May 25, 2022 · 361b5b6 · 361b5b6
1 parent 9c15f49
commit 361b5b6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/doc/user_manual.md b/doc/user_manual.md
@@ -678,6 +678,7 @@ The `USERS` and `USER_<username>` variable works similar to the `GROUPS` and `GR
    - `system` - `useradd` will be called with `--system`.
    - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password.
    - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it.
+   - `force-passwd-change` - Force the user to change to password on first login.
 
 #### Home directory contents prefilling
 

diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass
@@ -17,7 +17,7 @@ USERS ??= ""
 #USER_root[home] = "/home/root"
 #USER_root[shell] = "/bin/sh"
 #USER_root[groups] = "audio video"
-#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password"
+#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password force-passwd-change"
 
 GROUPS ??= ""
 
@@ -258,5 +258,10 @@ image_postprocess_accounts() {
             printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \
                 /usr/sbin/chpasswd $chpasswd_args
         fi
+        if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then
+            echo "Execute passwd to force password change on first boot for \"$name\""
+            sudo -E chroot '${ROOTFSDIR}' \
+                /usr/bin/passwd --expire "$name"
+        fi
     done
 }