Root Password Configuration¶

This guide covers configuring root and admin passwords for production images in the meta-tolomeo layer.

Table of Contents¶

Root Password Configuration
Table of Contents
Overview
- Account Configuration
Password Generation
- Generate Password Hash
Usage Examples

Overview¶

Production image recipes support setting custom passwords for both root and admin accounts through environment variables:

# Root account
DEFAULT_ROOT_PASSWORD ?= "$5$examplehash$abcdefghijklmnopqrstuvwx..."

# Admin account
DEFAULT_ADMIN_ACCOUNT ?= "admin"
DEFAULT_ADMIN_GROUP ?= "admin"
DEFAULT_ADMIN_PASSWORD ?= "$5$examplehash$abcdefghijklmnopqrstuvwx..."

Important: Passwords must be provided as hashed strings, not plaintext.

Account Configuration¶

Variable	Default	Description
`DEFAULT_ROOT_PASSWORD`	Example hash	Hashed password for root user
`DEFAULT_ADMIN_ACCOUNT`	`admin`	Username for admin account
`DEFAULT_ADMIN_GROUP`	`admin`	Primary group for admin user
`DEFAULT_ADMIN_PASSWORD`	Example hash	Hashed password for admin user
`DISABLE_ROOT`	`0`	Set to `1` to lock root account

Password Generation¶

Use mkpasswd to generate properly formatted password hashes:

Generate Password Hash¶

Interactive (recommended for security):

# Generate SHA-256 hash (prompts for password)
mkpasswd -m sha256crypt

Non-interactive (for automation):

# Generate hash for specific password
mkpasswd -m sha256crypt mypassword

Format for BitBake:

# Generate and format in one command
DEFAULT_ROOT_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt))

Note: The printf "%q" command properly escapes special characters for shell usage.

Usage Examples¶

Basic Build with Custom Passwords¶

Set root password:

DEFAULT_ROOT_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt)) \
kas build kas/tolomeo-qemux86-64_tolomeo-prod_image-prod.yml

Set admin password:

DEFAULT_ADMIN_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt)) \
kas build kas/tolomeo-qemux86-64_tolomeo-prod_image-prod.yml

Set both passwords:

DEFAULT_ROOT_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt)) \
DEFAULT_ADMIN_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt)) \
kas build kas/tolomeo-qemux86-64_tolomeo-prod_image-prod.yml

Disable Root Account¶

To lock the root account and only use the admin user:

DISABLE_ROOT=1 \
DEFAULT_ADMIN_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt)) \
kas build kas/tolomeo-qemux86-64_tolomeo-prod_image-prod.yml

Complete Build Example¶

With performance tuning:

DEFAULT_ROOT_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt)) \
DEFAULT_ADMIN_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt)) \
BB_NUMBER_THREADS="7" \
PARALLEL_MAKE="-j 10 -l 30" \
kas build kas/tolomeo-qemux86-64_tolomeo-prod_image-prod.yml

Using Environment Variables¶

For repeated builds, set passwords as environment variables:

# Generate and export passwords
export DEFAULT_ROOT_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt))
export DEFAULT_ADMIN_PASSWORD=$(printf "%q" $(mkpasswd -m sha256crypt))

# Build production target
kas build kas/tolomeo-qemux86-64_tolomeo-prod_image-prod.yml