release: Complete NO_ROOTification of Vagrant builds

- Don't clean pkg files, they won't be recorded in the manifest anyway.
- Use pw's new metalog mode to create the vagrant user.  Note that we do
  not need to manually create the home directory, pw will do it, so just
  remove that.
- Write metalog entries for the vagrant user's ssh key dir and
  authorized keys file

Note, this depends on an updated pw being installed on the host.

Reviewed by:	emaste
MFC after:	1 day
Sponsored by:	Klara, Inc.
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D52631
This commit is contained in:
Mark Johnston
2025-09-19 21:01:52 +00:00
parent d518f64cef
commit 02dfca2458
+13 -12
View File
@@ -14,14 +14,16 @@ export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} shells/bash \
export VM_RC_LIST="firstboot_freebsd_update firstboot_pkgs growfs"
vagrant_common () {
# The firstboot_pkgs rc.d script will download the repository
# catalogue and install or update pkg when the instance first
# launches, so these files would just be replaced anyway; removing
# them from the image allows it to boot faster.
env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} clean -y -a
env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} delete -f -y pkg
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods
if [ -z "${NO_ROOT}" ]; then
# The firstboot_pkgs rc.d script will download the repository
# catalogue and install or update pkg when the instance first
# launches, so these files would just be replaced anyway;
# removing them from the image allows it to boot faster.
pkg -c ${DESTDIR} clean -y -a
pkg -c ${DESTDIR} delete -f -y pkg
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports
rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods
fi
# Vagrant instances use DHCP to get their network configuration.
echo 'ifconfig_DEFAULT="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf
@@ -40,8 +42,7 @@ vagrant_common () {
# Create the vagrant user with a password of vagrant
/usr/sbin/pw -R ${DESTDIR} \
groupadd vagrant -g 1001
chroot ${DESTDIR} mkdir -p /home/vagrant
/usr/sbin/pw -R ${DESTDIR} \
/usr/sbin/pw -R ${DESTDIR} -M ${DESTDIR}/METALOG \
useradd vagrant \
-m -M 0755 -w yes -n vagrant -u 1001 -g 1001 -G 0 \
-c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh'
@@ -58,11 +59,11 @@ vagrant_common () {
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys
chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys
metalog_add_data ./home/vagrant/.ssh/authorized_keys 0600
chmod 700 ${DESTDIR}/home/vagrant/.ssh
chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> METALOG
echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> ${DESTDIR}/METALOG
echo "./home/vagrant/.ssh/authorized_keys type=file uid=1001 gid=1001 mode=0600" >> ${DESTDIR}/METALOG
# Reboot quickly, Don't wait at the panic screen
echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf