parent
c810e9f334
commit
36f75094f3
@ -1,249 +0,0 @@
|
|||||||
#!/bin/sh -eu
|
|
||||||
|
|
||||||
ERRCNT=""
|
|
||||||
|
|
||||||
# Known good post-debootstrap values
|
|
||||||
passwd_bootstrap="7d89b96d37aab3fd22e4570862e3a8eb"
|
|
||||||
shadow_bootstrap="4627fdc1f1f2712bc52544d5501bcf81"
|
|
||||||
group_bootstrap="ffbe05611b49480cb289f343a67d7e7b"
|
|
||||||
gshadow_bootstrap="46121fc1a7d95f37e7a3fb21db8061e8"
|
|
||||||
|
|
||||||
# Current post-debootstrap values
|
|
||||||
passwd_hash=$(set -- $(md5sum /etc/passwd) && echo $1)
|
|
||||||
shadow_hash=$(set -- $(cat /etc/shadow | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1)
|
|
||||||
group_hash=$(set -- $(md5sum /etc/group) && echo $1)
|
|
||||||
gshadow_hash=$(set -- $(md5sum /etc/gshadow) && echo $1)
|
|
||||||
|
|
||||||
# /etc/passwd
|
|
||||||
if [ "$passwd_bootstrap" = "$passwd_hash" ]; then
|
|
||||||
cat > /etc/passwd <<EOF
|
|
||||||
root:x:0:0:root:/root:/bin/bash
|
|
||||||
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
|
|
||||||
bin:x:2:2:bin:/bin:/usr/sbin/nologin
|
|
||||||
sys:x:3:3:sys:/dev:/usr/sbin/nologin
|
|
||||||
sync:x:4:65534:sync:/bin:/bin/sync
|
|
||||||
games:x:5:60:games:/usr/games:/usr/sbin/nologin
|
|
||||||
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
|
|
||||||
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
|
|
||||||
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
|
|
||||||
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
|
|
||||||
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
|
|
||||||
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
|
|
||||||
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
|
|
||||||
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
|
|
||||||
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
|
|
||||||
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
|
|
||||||
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
|
|
||||||
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
|
|
||||||
messagebus:x:100:103::/var/run/dbus:/bin/false
|
|
||||||
snappypkg:x:101:104::/nonexistent:/bin/false
|
|
||||||
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
|
|
||||||
systemd-timesync:x:103:108:systemd Time Synchronization,,,:/run/systemd:/bin/false
|
|
||||||
systemd-network:x:104:109:systemd Network Management,,,:/run/systemd/netif:/bin/false
|
|
||||||
systemd-resolve:x:105:110:systemd Resolver,,,:/run/systemd/resolve:/bin/false
|
|
||||||
systemd-bus-proxy:x:106:111:systemd Bus Proxy,,,:/run/systemd:/bin/false
|
|
||||||
_apt:x:117:65534::/nonexistent:/bin/false
|
|
||||||
docker:x:107:113::/nonexistent:/bin/false
|
|
||||||
syslog:x:108:114::/home/syslog:/bin/false
|
|
||||||
dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/bin/false
|
|
||||||
tss:x:110:116::/var/lib/tpm:/bin/false
|
|
||||||
EOF
|
|
||||||
else
|
|
||||||
echo "/etc/passwd post-debootstrap hash doesn't match record" >&2
|
|
||||||
echo "The output below might help to resolve the issue" >&2
|
|
||||||
cat /etc/passwd
|
|
||||||
echo "passwd md5sum: $passwd_hash" >&2
|
|
||||||
ERRCNT=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# /etc/shadow
|
|
||||||
if [ "$shadow_bootstrap" = "$shadow_hash" ]; then
|
|
||||||
cat > /etc/shadow <<EOF
|
|
||||||
root:*:16329:0:99999:7:::
|
|
||||||
daemon:*:16329:0:99999:7:::
|
|
||||||
bin:*:16329:0:99999:7:::
|
|
||||||
sys:*:16329:0:99999:7:::
|
|
||||||
sync:*:16329:0:99999:7:::
|
|
||||||
games:*:16329:0:99999:7:::
|
|
||||||
man:*:16329:0:99999:7:::
|
|
||||||
lp:*:16329:0:99999:7:::
|
|
||||||
mail:*:16329:0:99999:7:::
|
|
||||||
news:*:16329:0:99999:7:::
|
|
||||||
uucp:*:16329:0:99999:7:::
|
|
||||||
proxy:*:16329:0:99999:7:::
|
|
||||||
www-data:*:16329:0:99999:7:::
|
|
||||||
backup:*:16329:0:99999:7:::
|
|
||||||
list:*:16329:0:99999:7:::
|
|
||||||
irc:*:16329:0:99999:7:::
|
|
||||||
gnats:*:16329:0:99999:7:::
|
|
||||||
nobody:*:16329:0:99999:7:::
|
|
||||||
messagebus:*:16413:0:99999:7:::
|
|
||||||
snappypkg:*:16413:0:99999:7:::
|
|
||||||
sshd:*:16413:0:99999:7:::
|
|
||||||
systemd-timesync:*:16413:0:99999:7:::
|
|
||||||
systemd-network:*:16413:0:99999:7:::
|
|
||||||
systemd-resolve:*:16413:0:99999:7:::
|
|
||||||
systemd-bus-proxy:*:16413:0:99999:7:::
|
|
||||||
_apt:*:16780:0:99999:7:::
|
|
||||||
docker:*:16413:0:99999:7:::
|
|
||||||
syslog:*:16521:0:99999:7:::
|
|
||||||
dnsmasq:*:16644:0:99999:7:::
|
|
||||||
tss:*:16701:0:99999:7:::
|
|
||||||
EOF
|
|
||||||
else
|
|
||||||
echo "/etc/shadow post-debootstrap hash doesn't match record" >&2
|
|
||||||
echo "The output below might help to resolve the issue" >&2
|
|
||||||
cat /etc/shadow
|
|
||||||
echo "shadow md5sum: $shadow_hash" >&2
|
|
||||||
ERRCNT=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# /etc/group
|
|
||||||
if [ "$group_bootstrap" = "$group_hash" ]; then
|
|
||||||
cat > /etc/group <<EOF
|
|
||||||
root:x:0:
|
|
||||||
daemon:x:1:
|
|
||||||
bin:x:2:
|
|
||||||
sys:x:3:
|
|
||||||
adm:x:4:syslog
|
|
||||||
tty:x:5:
|
|
||||||
disk:x:6:
|
|
||||||
lp:x:7:
|
|
||||||
mail:x:8:
|
|
||||||
news:x:9:
|
|
||||||
uucp:x:10:
|
|
||||||
man:x:12:
|
|
||||||
proxy:x:13:
|
|
||||||
kmem:x:15:
|
|
||||||
dialout:x:20:
|
|
||||||
fax:x:21:
|
|
||||||
voice:x:22:
|
|
||||||
cdrom:x:24:
|
|
||||||
floppy:x:25:
|
|
||||||
tape:x:26:
|
|
||||||
sudo:x:27:ubuntu
|
|
||||||
audio:x:1005:
|
|
||||||
dip:x:30:
|
|
||||||
www-data:x:33:
|
|
||||||
backup:x:34:
|
|
||||||
operator:x:37:
|
|
||||||
list:x:38:
|
|
||||||
irc:x:39:
|
|
||||||
src:x:40:
|
|
||||||
gnats:x:41:
|
|
||||||
shadow:x:42:
|
|
||||||
utmp:x:43:
|
|
||||||
video:x:44:
|
|
||||||
sasl:x:45:
|
|
||||||
plugdev:x:46:
|
|
||||||
staff:x:50:
|
|
||||||
games:x:60:
|
|
||||||
users:x:100:
|
|
||||||
nogroup:x:65534:
|
|
||||||
netdev:x:101:
|
|
||||||
crontab:x:102:
|
|
||||||
messagebus:x:103:
|
|
||||||
snappypkg:x:104:
|
|
||||||
ssh:x:105:
|
|
||||||
systemd-journal:x:106:
|
|
||||||
systemd-timesync:x:108:
|
|
||||||
systemd-network:x:109:
|
|
||||||
systemd-resolve:x:110:
|
|
||||||
systemd-bus-proxy:x:111:
|
|
||||||
docker:x:113:ubuntu
|
|
||||||
syslog:x:114:
|
|
||||||
pkcs11:x:115:root
|
|
||||||
tss:x:116:
|
|
||||||
input:x:107:
|
|
||||||
EOF
|
|
||||||
else
|
|
||||||
echo "/etc/group post-debootstrap hash doesn't match record" >&2
|
|
||||||
echo "The output below might help to resolve the issue" >&2
|
|
||||||
cat /etc/group
|
|
||||||
echo "group md5sum: $group_hash" >&2
|
|
||||||
ERRCNT=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# /etc/gshadow
|
|
||||||
if [ "$gshadow_bootstrap" = "$gshadow_hash" ]; then
|
|
||||||
cat > /etc/gshadow <<EOF
|
|
||||||
root:*::
|
|
||||||
daemon:*::
|
|
||||||
bin:*::
|
|
||||||
sys:*::
|
|
||||||
adm:*::syslog
|
|
||||||
tty:*::
|
|
||||||
disk:*::
|
|
||||||
lp:*::
|
|
||||||
mail:*::
|
|
||||||
news:*::
|
|
||||||
uucp:*::
|
|
||||||
man:*::
|
|
||||||
proxy:*::
|
|
||||||
kmem:*::
|
|
||||||
dialout:*::
|
|
||||||
fax:*::
|
|
||||||
voice:*::
|
|
||||||
cdrom:*::
|
|
||||||
floppy:*::
|
|
||||||
tape:*::
|
|
||||||
sudo:*::ubuntu
|
|
||||||
audio:*::pulse
|
|
||||||
dip:*::
|
|
||||||
www-data:*::
|
|
||||||
backup:*::
|
|
||||||
operator:*::
|
|
||||||
list:*::
|
|
||||||
irc:*::
|
|
||||||
src:*::
|
|
||||||
gnats:*::
|
|
||||||
shadow:*::
|
|
||||||
utmp:*::
|
|
||||||
video:*::
|
|
||||||
sasl:*::
|
|
||||||
plugdev:*::
|
|
||||||
staff:*::
|
|
||||||
games:*::
|
|
||||||
users:*::
|
|
||||||
nogroup:*::
|
|
||||||
netdev:!::
|
|
||||||
crontab:!::
|
|
||||||
messagebus:!::
|
|
||||||
snappypkg:!::
|
|
||||||
ssh:!::
|
|
||||||
systemd-journal:!::
|
|
||||||
systemd-timesync:!::
|
|
||||||
systemd-network:!::
|
|
||||||
systemd-resolve:!::
|
|
||||||
systemd-bus-proxy:!::
|
|
||||||
docker:!::ubuntu
|
|
||||||
syslog:!::
|
|
||||||
pkcs11:!::root
|
|
||||||
tss:!::
|
|
||||||
input:!::
|
|
||||||
EOF
|
|
||||||
else
|
|
||||||
echo "/etc/gshadow post-debootstrap hash doesn't match record" >&2
|
|
||||||
echo "The output below might help to resolve the issue" >&2
|
|
||||||
cat /etc/gshadow
|
|
||||||
echo "gshadow md5sum: $gshadow_hash" >&2
|
|
||||||
ERRCNT=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$ERRCNT" ]; then
|
|
||||||
echo "There were changes to the password database," >&2
|
|
||||||
echo "please adjust the values in the livecd-rootfs source in the file:" >&2
|
|
||||||
echo "live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early" >&2
|
|
||||||
echo >&2
|
|
||||||
echo "Please check also if a maintainer script of the package" >&2
|
|
||||||
echo "that added these entries perhaps created a home directory and," >&2
|
|
||||||
echo "if needed, add code for creation of it to the above hook" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Record the current state for later comparison
|
|
||||||
for file in /etc/passwd /etc/shadow /etc/group /etc/gshadow; do
|
|
||||||
rm -f ${file}-
|
|
||||||
cp ${file} ${file}.orig
|
|
||||||
done
|
|
@ -1,19 +0,0 @@
|
|||||||
#!/bin/sh -ex
|
|
||||||
|
|
||||||
ARCH=$(dpkg --print-architecture)
|
|
||||||
|
|
||||||
case $ARCH in
|
|
||||||
i386|amd64)
|
|
||||||
dpkg-divert --quiet --add \
|
|
||||||
--divert /usr/sbin/grub-install.REAL --rename \
|
|
||||||
/usr/sbin/grub-install
|
|
||||||
|
|
||||||
cat > /usr/sbin/grub-install <<'EOF'
|
|
||||||
#! /bin/sh
|
|
||||||
echo "grub-install: diverted by livecd-rootfs (will be called later)" >&2
|
|
||||||
exit 0
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod +x /usr/sbin/grub-install
|
|
||||||
;;
|
|
||||||
esac
|
|
@ -1,24 +0,0 @@
|
|||||||
#!/bin/sh -x
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# There is no default user anymore, console-conf is responsible
|
|
||||||
# for creating one
|
|
||||||
|
|
||||||
# setup the required files for extrausers
|
|
||||||
for name in group gshadow passwd shadow subuid subgid; do
|
|
||||||
touch /var/lib/extrausers/$name
|
|
||||||
done
|
|
||||||
|
|
||||||
for name in gshadow shadow; do
|
|
||||||
chmod 640 /var/lib/extrausers/$name
|
|
||||||
chown root:shadow /var/lib/extrausers/$name
|
|
||||||
done
|
|
||||||
|
|
||||||
# Enable libnss-extrusers
|
|
||||||
sed -i 's/^group:.*compat/\0 extrausers/' /etc/nsswitch.conf
|
|
||||||
sed -i 's/^passwd:.*compat/\0 extrausers/' /etc/nsswitch.conf
|
|
||||||
sed -i 's/^shadow:.*compat/\0 extrausers/' /etc/nsswitch.conf
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
#!/bin/sh -x
|
|
||||||
|
|
||||||
# Boot using systemd and disable quiet boot
|
|
||||||
# to see what is happening.
|
|
||||||
systemd=/lib/systemd/systemd
|
|
||||||
if [ -f /etc/default/grub ]; then
|
|
||||||
sed -i \
|
|
||||||
-e "s,^\\([ ]*GRUB_CMDLINE_LINUX\\)=\"\"$,\\1=\"init=$systemd\",g" \
|
|
||||||
-e 's,^\([ ]*GRUB_CMDLINE_LINUX_DEFAULT\)="quiet splash",\1="",g' \
|
|
||||||
/etc/default/grub
|
|
||||||
fi
|
|
@ -1,6 +0,0 @@
|
|||||||
#!/bin/sh -x
|
|
||||||
|
|
||||||
cat >>/etc/fstab<<EOT
|
|
||||||
# Minimal setup required for systemd to provide a r/w FS
|
|
||||||
/dev/root / rootfs defaults 0 1
|
|
||||||
EOT
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh -x
|
|
||||||
|
|
||||||
# Change default cache partition (until LP: #1373467 is fixed).
|
|
||||||
if [ -f /etc/system-image/client.ini ]; then
|
|
||||||
sed -ie 's!cache_partition: /android/cache/recovery!cache_partition: /userdata/cache!g' \
|
|
||||||
/etc/system-image/client.ini
|
|
||||||
fi
|
|
@ -1,26 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
set -e
|
|
||||||
|
|
||||||
mkdir -p /etc/writable/default
|
|
||||||
|
|
||||||
# cloud-init needs to be able to modify hostname and has the ability to
|
|
||||||
# set the other two.
|
|
||||||
for f in timezone localtime hostname watchdog.conf; do
|
|
||||||
if [ -e /etc/$f ]; then
|
|
||||||
echo "I: Moving /etc/$f to /etc/writable/"
|
|
||||||
mv /etc/$f /etc/writable/$f
|
|
||||||
fi
|
|
||||||
echo "I: Linking /etc/$f to /etc/writable/"
|
|
||||||
ln -s writable/$f /etc/$f
|
|
||||||
done
|
|
||||||
|
|
||||||
# do the same for /etc/default files
|
|
||||||
for f in watchdog; do
|
|
||||||
if [ -e /etc/default/$f ]; then
|
|
||||||
echo "I: Moving /etc/default/$f to /etc/writable/default"
|
|
||||||
mv /etc/default/$f /etc/writable/default/$f
|
|
||||||
fi
|
|
||||||
echo "I: Linking /etc/default/$f to /etc/writable/default"
|
|
||||||
ln -s /etc/writable/default/$f /etc/default/$f
|
|
||||||
done
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/bin/sh -x
|
|
||||||
|
|
||||||
[ -d /etc/cloud/cloud.cfg.d ] || mkdir -p /etc/cloud/cloud.cfg.d
|
|
||||||
|
|
||||||
cat >> /etc/cloud/cloud.cfg.d/99-snappy-disable-network-config.cfg <<EOF
|
|
||||||
network:
|
|
||||||
config: disabled
|
|
||||||
EOF
|
|
@ -1,22 +0,0 @@
|
|||||||
#!/bin/sh -x
|
|
||||||
|
|
||||||
echo "I: Remove unneeded files from /usr/share/doc "
|
|
||||||
find binary/boot/filesystem.dir/usr/share/doc -depth -type f ! -name copyright|xargs rm -f || true
|
|
||||||
find binary/boot/filesystem.dir/usr/share/doc -empty|xargs rmdir || true
|
|
||||||
find binary/boot/filesystem.dir/usr/share/doc -type f -exec gzip -9 {} \;
|
|
||||||
|
|
||||||
echo "I: Remove man/info pages"
|
|
||||||
rm -rf binary/boot/filesystem.dir/usr/share/man \
|
|
||||||
binary/boot/filesystem.dir/usr/share/groff \
|
|
||||||
binary/boot/filesystem.dir/usr/share/info \
|
|
||||||
binary/boot/filesystem.dir/usr/share/lintian \
|
|
||||||
binary/boot/filesystem.dir/usr/share/linda \
|
|
||||||
binary/boot/filesystem.dir/var/cache/man
|
|
||||||
|
|
||||||
|
|
||||||
echo "I: Removing /var/lib/apt/lists/*"
|
|
||||||
find binary/boot/filesystem.dir/var/lib/apt/lists/ -type f | xargs rm -f
|
|
||||||
|
|
||||||
echo "I: Removing /var/cache/apt/*.bin"
|
|
||||||
rm -f binary/boot/filesystem.dir/var/cache/apt/*.bin
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# we want a really minimal image
|
|
||||||
apt-get purge -y locales
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
echo "I: Checking if we are amd64 and libc6:i386 should be installed"
|
|
||||||
|
|
||||||
if [ "$(dpkg --print-architecture)" = "amd64" ]; then
|
|
||||||
echo "I: Enabling i386 multiarch support on amd64"
|
|
||||||
dpkg --add-architecture i386
|
|
||||||
|
|
||||||
apt-get -y update
|
|
||||||
|
|
||||||
echo "I: Installing libc6:i386 in amd64 image"
|
|
||||||
apt-get -y install libc6:i386
|
|
||||||
|
|
||||||
echo "I: Removing /var/lib/apt/lists/*"
|
|
||||||
find /var/lib/apt/lists/ -type f | xargs rm -f
|
|
||||||
|
|
||||||
echo "I: Removing /var/cache/apt/*.bin"
|
|
||||||
rm -f /var/cache/apt/*.bin
|
|
||||||
fi
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
cat >/etc/default/locale<<EOF
|
|
||||||
LANG="C.UTF-8"
|
|
||||||
EOF
|
|
@ -1,12 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
cat >/etc/motd<<EOF
|
|
||||||
Welcome to Snappy Ubuntu Core, a transactionally updated Ubuntu.
|
|
||||||
|
|
||||||
* See https://ubuntu.com/snappy
|
|
||||||
|
|
||||||
It's a brave new world here in Snappy Ubuntu Core! This machine
|
|
||||||
does not use apt-get or deb packages. Please see 'snap --help'
|
|
||||||
for app installation and transactional updates.
|
|
||||||
|
|
||||||
EOF
|
|
@ -1,4 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# see bug https://bugs.launchpad.net/snappy-ubuntu/+bug/1442231
|
|
||||||
rm -f /etc/init.d/grub-common
|
|
@ -1,16 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
mkdir -p /boot/uboot
|
|
||||||
cat > /etc/fw_env.config <<EOF
|
|
||||||
# snappy u-boot env config
|
|
||||||
# its crucial that we have the two entries here
|
|
||||||
# u-boot/tools/env/fw_env.c
|
|
||||||
# will read only 4 header bytes if its a single
|
|
||||||
# line but our header has 5 byte. by having two
|
|
||||||
# entries like this in the config it magically
|
|
||||||
# switches to the 5 byte header type
|
|
||||||
/boot/uboot/uboot.env 0x0000 0x20000
|
|
||||||
/boot/uboot/uboot.env 0x0000 0x20000
|
|
||||||
EOF
|
|
@ -1,10 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
echo "creating mtab and modules dir" >&2
|
|
||||||
ln -sf ../proc/self/mounts /etc/mtab
|
|
||||||
mkdir -p /lib/modules
|
|
||||||
mkdir -p /lib/firmware
|
|
||||||
mkdir -p /writable
|
|
||||||
mkdir -p /var/lib/systemd/rfkill
|
|
@ -1,18 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Create the security policy version file. Its important that the file
|
|
||||||
# content changes every time an of the "apparmor" or "seccomp" policies
|
|
||||||
# (or its generators) get updated.
|
|
||||||
#
|
|
||||||
# snappy will use this file for its "snappy policygen --regenerate-all"
|
|
||||||
# systemd unit. It will store the security-policy-version file on each
|
|
||||||
# --regenerate-all call. On each boot it will compare the stored version
|
|
||||||
# with the version on the image and if they are different regenerate the
|
|
||||||
# policies
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
|
|
||||||
echo "create security policy version" >&2
|
|
||||||
mkdir -p /usr/share/snappy/
|
|
||||||
apt list --installed apparmor ubuntu-core-security-* > /usr/share/snappy/security-policy-version
|
|
@ -1,21 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
IVER="$(dpkg -s initramfs-tools-ubuntu-core | \
|
|
||||||
sed -n '/^Version:/{s/^[^: ]*: \([^: ]*\).*/\1/;p;}')"
|
|
||||||
|
|
||||||
# fail the build if we did not find the snappy initrd package
|
|
||||||
[ -n "$IVER" ] || exit 1
|
|
||||||
|
|
||||||
update-initramfs.REAL -c -kcore-$IVER -v
|
|
||||||
|
|
||||||
cd /boot
|
|
||||||
ln -s initrd.img-core-$IVER initrd.img-core
|
|
||||||
cd -
|
|
||||||
|
|
||||||
sha1sum /boot/initrd.img-core >/var/lib/initramfs-tools/core
|
|
||||||
|
|
||||||
# for snapcraft backwards compatibility
|
|
||||||
mkdir -p /usr/lib/ubuntu-core-generic-initrd
|
|
||||||
cp -a /boot/initrd.img-core* /usr/lib/ubuntu-core-generic-initrd/
|
|
@ -1,18 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
echo "I: Creating warning to use snappy when apt-get is used"
|
|
||||||
|
|
||||||
PREFIX=binary/boot/filesystem.dir
|
|
||||||
|
|
||||||
mkdir -p $PREFIX/usr/local/bin
|
|
||||||
cat >$PREFIX/usr/local/bin/no-apt <<EOF
|
|
||||||
#!/bin/sh
|
|
||||||
echo "Ubuntu Core does not use apt-get, see 'snap --help'!"
|
|
||||||
EOF
|
|
||||||
chmod 755 $PREFIX/usr/local/bin/no-apt
|
|
||||||
|
|
||||||
for cmd in apt apt-cache apt-get; do
|
|
||||||
ln -s no-apt $PREFIX/usr/local/bin/$cmd
|
|
||||||
done
|
|
@ -1,40 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
echo "I: Creating xdg helper"
|
|
||||||
|
|
||||||
PREFIX=binary/boot/filesystem.dir
|
|
||||||
|
|
||||||
mkdir -p $PREFIX/usr/local/bin
|
|
||||||
cat >$PREFIX/usr/local/bin/xdg-open <<EOF
|
|
||||||
#!/bin/sh
|
|
||||||
dbus-send --print-reply --session --dest=com.canonical.SafeLauncher / com.canonical.SafeLauncher.OpenURL string:"\$1"
|
|
||||||
EOF
|
|
||||||
chmod 755 $PREFIX/usr/local/bin/xdg-open
|
|
||||||
|
|
||||||
# corresponding .desktop entry, needed for mimetype registration
|
|
||||||
mkdir -p $PREFIX/usr/local/share/applications
|
|
||||||
cat >$PREFIX/usr/local/share/applications/xdg-open.desktop <<EOF
|
|
||||||
[Desktop Entry]
|
|
||||||
Version=1.0
|
|
||||||
Name=Url Handler Script
|
|
||||||
Exec=/usr/local/bin/xdg-open %u
|
|
||||||
MimeType=x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/mailto;x-scheme-handler/help;
|
|
||||||
Type=Application
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# define xdg-open as the default handler for common types
|
|
||||||
cat >$PREFIX/usr/local/share/applications/mimeapps.list <<EOF
|
|
||||||
[Added Associations]
|
|
||||||
x-scheme-handler/http=xdg-open.desktop
|
|
||||||
x-scheme-handler/https=xdg-open.desktop
|
|
||||||
x-scheme-handler/mailto=xdg-open.desktop
|
|
||||||
x-scheme-handler/help=xdg-open.desktop
|
|
||||||
|
|
||||||
[Default Applications]
|
|
||||||
x-scheme-handler/http=xdg-open.desktop
|
|
||||||
x-scheme-handler/https=xdg-open.desktop
|
|
||||||
x-scheme-handler/mailto=xdg-open.desktop
|
|
||||||
x-scheme-handler/help=xdg-open.desktop
|
|
||||||
EOF
|
|
@ -1,30 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# removing debian packaging artifacts
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
echo "I: Removing the debian legacy"
|
|
||||||
|
|
||||||
PREFIX=binary/boot/filesystem.dir
|
|
||||||
|
|
||||||
# store manifest of all installed packages
|
|
||||||
(cd $PREFIX
|
|
||||||
install -m755 -d usr/share/snappy
|
|
||||||
chroot . dpkg -l > usr/share/snappy/dpkg.list
|
|
||||||
)
|
|
||||||
|
|
||||||
# dpkg-deb and dpkg purposefully left behind
|
|
||||||
(cd $PREFIX
|
|
||||||
chroot . dpkg --purge apt
|
|
||||||
rm -r \
|
|
||||||
var/lib/dpkg \
|
|
||||||
var/log/apt
|
|
||||||
rm \
|
|
||||||
usr/bin/dpkg-query \
|
|
||||||
usr/bin/dpkg-split \
|
|
||||||
usr/bin/dpkg-divert \
|
|
||||||
usr/bin/dpkg-trigger \
|
|
||||||
usr/bin/dpkg-statoverride \
|
|
||||||
usr/bin/dpkg-maintscript-helper
|
|
||||||
)
|
|
@ -1,13 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# create hostfs entry
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
echo "I: Adding var/lib/snapd/hostfs"
|
|
||||||
|
|
||||||
PREFIX=binary/boot/filesystem.dir
|
|
||||||
|
|
||||||
(cd $PREFIX
|
|
||||||
install -m755 -d var/lib/snapd/hostfs
|
|
||||||
)
|
|
@ -1,10 +0,0 @@
|
|||||||
#! /bin/sh -ex
|
|
||||||
|
|
||||||
ARCH=$(dpkg --print-architecture)
|
|
||||||
|
|
||||||
case $ARCH in
|
|
||||||
i386|amd64)
|
|
||||||
rm -f /usr/sbin/grub-install
|
|
||||||
dpkg-divert --quiet --remove --rename /usr/sbin/grub-install
|
|
||||||
;;
|
|
||||||
esac
|
|
@ -1,52 +0,0 @@
|
|||||||
#!/bin/sh -eu
|
|
||||||
|
|
||||||
ERRCNT=""
|
|
||||||
|
|
||||||
passwd_hash=$(set -- $(md5sum /etc/passwd) && echo $1)
|
|
||||||
shadow_hash=$(set -- $(cat /etc/shadow | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1)
|
|
||||||
group_length=$(cat /etc/group | wc -l)
|
|
||||||
gshadow_length=$(cat /etc/gshadow | wc -l)
|
|
||||||
|
|
||||||
passwd_orig_hash=$(set -- $(md5sum /etc/passwd.orig) && echo $1)
|
|
||||||
shadow_orig_hash=$(set -- $(cat /etc/shadow.orig | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1)
|
|
||||||
group_orig_length=$(cat /etc/group.orig | wc -l)
|
|
||||||
gshadow_orig_length=$(cat /etc/gshadow.orig | wc -l)
|
|
||||||
|
|
||||||
if [ "$passwd_hash" != "$passwd_orig_hash" ]; then
|
|
||||||
echo "/etc/passwd has changed during setup." >&2
|
|
||||||
echo "The new /etc/passwd md5sum is: $passwd_hash" >&2
|
|
||||||
diff -Nrup /etc/passwd.orig /etc/passwd >&2 || true
|
|
||||||
ERRCNT=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$shadow_hash" != "$shadow_orig_hash" ]; then
|
|
||||||
echo "/etc/shadow has changed during setup." >&2
|
|
||||||
echo "The new /etc/shadow md5sum is: $shadow_hash" >&2
|
|
||||||
diff -Nrup /etc/shadow.orig /etc/shadow >&2 || true
|
|
||||||
ERRCNT=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$group_length" != "$group_orig_length" ]; then
|
|
||||||
echo "/etc/group has changed during setup." >&2
|
|
||||||
diff -Nrup /etc/group.orig /etc/group >&2 || true
|
|
||||||
ERRCNT=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$gshadow_length" != "$gshadow_orig_length" ]; then
|
|
||||||
echo "/etc/gshadow has changed during setup." >&2
|
|
||||||
diff -Nrup /etc/gshadow.orig /etc/gshadow >&2 || true
|
|
||||||
ERRCNT=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$ERRCNT" ]; then
|
|
||||||
echo "There were changes to the password database," >&2
|
|
||||||
echo "please adjust the values in the livecd-rootfs source in the file:" >&2
|
|
||||||
echo "live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early" >&2
|
|
||||||
echo >&2
|
|
||||||
echo "Please check also if a maintainer script of the package" >&2
|
|
||||||
echo "that added these entries perhaps created a home directory and," >&2
|
|
||||||
echo "if needed, add code for creation of it to the above hook" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
rm /etc/passwd.orig /etc/shadow.orig /etc/group.orig /etc/gshadow.orig
|
|
@ -1,9 +0,0 @@
|
|||||||
127.0.0.1 localhost.localdomain localhost
|
|
||||||
::1 localhost6.localdomain6 localhost6
|
|
||||||
|
|
||||||
# The following lines are desirable for IPv6 capable hosts
|
|
||||||
::1 localhost ip6-localhost ip6-loopback
|
|
||||||
fe00::0 ip6-localnet
|
|
||||||
ff02::1 ip6-allnodes
|
|
||||||
ff02::2 ip6-allrouters
|
|
||||||
ff02::3 ip6-allhosts
|
|
Loading…
Reference in new issue