release: Complete NO_ROOTification of Vagrant builds
- Don't clean pkg files, they won't be recorded in the manifest anyway. - Use pw's new metalog mode to create the vagrant user. Note that we do not need to manually create the home directory, pw will do it, so just remove that. - Write metalog entries for the vagrant user's ssh key dir and authorized keys file Note, this depends on an updated pw being installed on the host. Reviewed by: emaste MFC after: 1 day Sponsored by: Klara, Inc. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52631
This commit is contained in:
+13
-12
@@ -14,14 +14,16 @@ export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} shells/bash \
|
||||
export VM_RC_LIST="firstboot_freebsd_update firstboot_pkgs growfs"
|
||||
|
||||
vagrant_common () {
|
||||
# The firstboot_pkgs rc.d script will download the repository
|
||||
# catalogue and install or update pkg when the instance first
|
||||
# launches, so these files would just be replaced anyway; removing
|
||||
# them from the image allows it to boot faster.
|
||||
env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} clean -y -a
|
||||
env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} delete -f -y pkg
|
||||
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports
|
||||
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods
|
||||
if [ -z "${NO_ROOT}" ]; then
|
||||
# The firstboot_pkgs rc.d script will download the repository
|
||||
# catalogue and install or update pkg when the instance first
|
||||
# launches, so these files would just be replaced anyway;
|
||||
# removing them from the image allows it to boot faster.
|
||||
pkg -c ${DESTDIR} clean -y -a
|
||||
pkg -c ${DESTDIR} delete -f -y pkg
|
||||
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports
|
||||
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods
|
||||
fi
|
||||
|
||||
# Vagrant instances use DHCP to get their network configuration.
|
||||
echo 'ifconfig_DEFAULT="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf
|
||||
@@ -40,8 +42,7 @@ vagrant_common () {
|
||||
# Create the vagrant user with a password of vagrant
|
||||
/usr/sbin/pw -R ${DESTDIR} \
|
||||
groupadd vagrant -g 1001
|
||||
chroot ${DESTDIR} mkdir -p /home/vagrant
|
||||
/usr/sbin/pw -R ${DESTDIR} \
|
||||
/usr/sbin/pw -R ${DESTDIR} -M ${DESTDIR}/METALOG \
|
||||
useradd vagrant \
|
||||
-m -M 0755 -w yes -n vagrant -u 1001 -g 1001 -G 0 \
|
||||
-c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh'
|
||||
@@ -58,11 +59,11 @@ vagrant_common () {
|
||||
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys
|
||||
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys
|
||||
chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys
|
||||
metalog_add_data ./home/vagrant/.ssh/authorized_keys 0600
|
||||
|
||||
chmod 700 ${DESTDIR}/home/vagrant/.ssh
|
||||
chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
|
||||
echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> METALOG
|
||||
echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> ${DESTDIR}/METALOG
|
||||
echo "./home/vagrant/.ssh/authorized_keys type=file uid=1001 gid=1001 mode=0600" >> ${DESTDIR}/METALOG
|
||||
|
||||
# Reboot quickly, Don't wait at the panic screen
|
||||
echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf
|
||||
|
||||
Reference in New Issue
Block a user