From 478a8253cf7cfcaca3472ea0fab3b972efb0c90d Mon Sep 17 00:00:00 2001
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Thu, 18 Jul 2019 22:20:28 -0300
Subject: [PATCH] Build the images with an empty root password, disallowing
 remote root logins

---
 raspi0w.yaml | 10 ++--------
 raspi2.yaml  | 10 ++--------
 raspi3.yaml  | 10 ++--------
 3 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/raspi0w.yaml b/raspi0w.yaml
index 78b2a4a..9c697d3 100644
--- a/raspi0w.yaml
+++ b/raspi0w.yaml
@@ -89,19 +89,13 @@ steps:
   - shell: |
       echo "rpi-z" > "${ROOT?}/etc/hostname"
 
-      # '..VyaTFxP8kT6' is crypt.crypt('raspberry', '..')
-      sed -i 's,root:[^:]*,root:..VyaTFxP8kT6,' "${ROOT?}/etc/shadow"
-
-      sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin yes,g' "${ROOT?}/etc/ssh/sshd_config"
+      # Allow root logins with no password
+      sed -i 's,root:[^:]*:,root::' "${ROOT?}/etc/shadow"
 
       install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab"
 
       install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0"
 
-      mkdir -p "${ROOT?}/etc/iptables"
-      install -m 644 -o root -g root rules.v4 "${ROOT?}/etc/iptables/rules.v4"
-      install -m 644 -o root -g root rules.v6 "${ROOT?}/etc/iptables/rules.v6"
-
       install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi-resizerootfs"
       install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system"
       mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"
diff --git a/raspi2.yaml b/raspi2.yaml
index 0657871..7d6a915 100644
--- a/raspi2.yaml
+++ b/raspi2.yaml
@@ -87,19 +87,13 @@ steps:
   - shell: |
       echo "rpi2" > "${ROOT?}/etc/hostname"
 
-      # '..VyaTFxP8kT6' is crypt.crypt('raspberry', '..')
-      sed -i 's,root:[^:]*,root:..VyaTFxP8kT6,' "${ROOT?}/etc/shadow"
-
-      sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin yes,g' "${ROOT?}/etc/ssh/sshd_config"
+      # Allow root logins with no password
+      sed -i 's,root:[^:]*:,root::' "${ROOT?}/etc/shadow"
 
       install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab"
 
       install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0"
 
-      mkdir -p "${ROOT?}/etc/iptables"
-      install -m 644 -o root -g root rules.v4 "${ROOT?}/etc/iptables/rules.v4"
-      install -m 644 -o root -g root rules.v6 "${ROOT?}/etc/iptables/rules.v6"
-
       install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi3-resizerootfs"
       install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system"
       mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"
diff --git a/raspi3.yaml b/raspi3.yaml
index 8b7f7b0..f11e225 100644
--- a/raspi3.yaml
+++ b/raspi3.yaml
@@ -89,19 +89,13 @@ steps:
   - shell: |
       echo "rpi" > "${ROOT?}/etc/hostname"
 
-      # '..VyaTFxP8kT6' is crypt.crypt('raspberry', '..')
-      sed -i 's,root:[^:]*,root:..VyaTFxP8kT6,' "${ROOT?}/etc/shadow"
-
-      sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin yes,g' "${ROOT?}/etc/ssh/sshd_config"
+      # Allow root logins with no password
+      sed -i 's,root:[^:]*:,root::,' "${ROOT?}/etc/shadow"
 
       install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab"
 
       install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0"
 
-      mkdir -p "${ROOT?}/etc/iptables"
-      install -m 644 -o root -g root rules.v4 "${ROOT?}/etc/iptables/rules.v4"
-      install -m 644 -o root -g root rules.v6 "${ROOT?}/etc/iptables/rules.v6"
-
       install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi3-resizerootfs"
       install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system"
       mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"