diff --git a/debian/changelog b/debian/changelog index 1dae2a81..69cf97a9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +livecd-rootfs (2.278) vivid; urgency=medium + + * Add live-build/ubuntu-core/hooks/99zz-check-uid-gid.chroot, copy of + live-build/ubuntu-touch/hooks/99zz-check-uid-gid.chroot with just the + error message changed. Currently, the passwd/group checks weren't run. + * live-build/ubuntu-touch/hooks/00-uid-gid-fix.chroot_early: also add input + group. + * Core: drop live-build/ubuntu-core/hooks/12-add-docker-user.chroot and move + docker user creation to + live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early; add ubuntu user + to docker group in + live-build/ubuntu-core/hooks/02-add_user_to_groups.chroot. This fixes + static uid/gid maps for docker user/group. + * Update post-debootstrap hashes in + live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early. + + -- Loïc Minier Wed, 04 Feb 2015 14:28:37 +0100 + livecd-rootfs (2.277) vivid; urgency=medium * live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early: add new "input" diff --git a/live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early b/live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early index df651ddc..2ac5f474 100755 --- a/live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early +++ b/live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early @@ -1,10 +1,10 @@ #!/bin/sh -eu # Known good post-debootstrap values -passwd_bootstrap="9738946debbc125bd6cf3f197582a8a5" -shadow_bootstrap="4d299751999cae6de045390dd568812c" -group_bootstrap="dd4a0ebdd3f5d170d5a46e6bade5c6c3" -gshadow_bootstrap="42025e85925432105b429b7c801a50a4" +passwd_bootstrap="9ebb1c3da5b0ad8f1d366528b32c97cb" +shadow_bootstrap="1c562aa2ed2f443b9151953e800eca16" +group_bootstrap="60cd81599d39db5d624e63c8c18d4a5e" +gshadow_bootstrap="3819432fb99fe6b8f38410c58d503de1" # Current post-debootstrap values passwd_hash=$(set -- $(md5sum /etc/passwd) && echo $1) @@ -40,6 +40,7 @@ systemd-timesync:x:103:108:systemd Time Synchronization,,,:/run/systemd:/bin/fal systemd-network:x:104:109:systemd Network Management,,,:/run/systemd/netif:/bin/false systemd-resolve:x:105:110:systemd Resolver,,,:/run/systemd/resolve:/bin/false systemd-bus-proxy:x:106:111:systemd Bus Proxy,,,:/run/systemd:/bin/false +docker:x:107:113::/nonexistent:/bin/false EOF else echo "/etc/passwd post-debootstrap hash doesn't match record" >&2 @@ -74,6 +75,7 @@ systemd-timesync:*:16413:0:99999:7::: systemd-network:*:16413:0:99999:7::: systemd-resolve:*:16413:0:99999:7::: systemd-bus-proxy:*:16413:0:99999:7::: +docker:*:16413:0:99999:7::: EOF else echo "/etc/shadow post-debootstrap hash doesn't match record" >&2 @@ -134,6 +136,7 @@ systemd-network:x:109: systemd-resolve:x:110: systemd-bus-proxy:x:111: input:x:112: +docker:x:113: EOF else echo "/etc/group post-debootstrap hash doesn't match record" >&2 @@ -194,6 +197,7 @@ systemd-network:!:: systemd-resolve:!:: systemd-bus-proxy:!:: input:!:: +docker:!:: EOF else echo "/etc/gshadow post-debootstrap hash doesn't match record" >&2 diff --git a/live-build/ubuntu-core/hooks/02-add_user_to_groups.chroot b/live-build/ubuntu-core/hooks/02-add_user_to_groups.chroot index 2e48e233..f0f93946 100755 --- a/live-build/ubuntu-core/hooks/02-add_user_to_groups.chroot +++ b/live-build/ubuntu-core/hooks/02-add_user_to_groups.chroot @@ -2,7 +2,7 @@ USER=ubuntu -DEFGROUPS="sudo" +DEFGROUPS="docker sudo" echo "I: add $USER to ($DEFGROUPS) group(s)" usermod -a -G ${DEFGROUPS} ${USER} diff --git a/live-build/ubuntu-core/hooks/12-add-docker-user.chroot b/live-build/ubuntu-core/hooks/12-add-docker-user.chroot deleted file mode 100644 index bc805186..00000000 --- a/live-build/ubuntu-core/hooks/12-add-docker-user.chroot +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -x - -# FIXME: add click hook for user creation - -USER=docker - -echo "I: creating docker user" - -addgroup --system --quiet $USER -adduser --system \ - --ingroup $USER \ - --disabled-login \ - --shell /bin/false \ - --no-create-home \ - $USER - -# ensure that the ubuntu user has the right group -adduser ubuntu docker diff --git a/live-build/ubuntu-core/hooks/99zz-check-uid-gid.chroot b/live-build/ubuntu-core/hooks/99zz-check-uid-gid.chroot new file mode 100755 index 00000000..4d7b807d --- /dev/null +++ b/live-build/ubuntu-core/hooks/99zz-check-uid-gid.chroot @@ -0,0 +1,52 @@ +#!/bin/sh -eu + +ERRCNT="" + +passwd_hash=$(set -- $(md5sum /etc/passwd) && echo $1) +shadow_hash=$(set -- $(cat /etc/shadow | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1) +group_length=$(cat /etc/group | wc -l) +gshadow_length=$(cat /etc/gshadow | wc -l) + +passwd_orig_hash=$(set -- $(md5sum /etc/passwd.orig) && echo $1) +shadow_orig_hash=$(set -- $(cat /etc/shadow.orig | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1) +group_orig_length=$(cat /etc/group.orig | wc -l) +gshadow_orig_length=$(cat /etc/gshadow.orig | wc -l) + +if [ "$passwd_hash" != "$passwd_orig_hash" ]; then + echo "/etc/passwd has changed during setup." >&2 + echo "The new /etc/passwd md5sum is: $passwd_hash" >&2 + diff -Nrup /etc/passwd.orig /etc/passwd >&2 || true + ERRCNT=1 +fi + +if [ "$shadow_hash" != "$shadow_orig_hash" ]; then + echo "/etc/shadow has changed during setup." >&2 + echo "The new /etc/shadow md5sum is: $shadow_hash" >&2 + diff -Nrup /etc/shadow.orig /etc/shadow >&2 || true + ERRCNT=1 +fi + +if [ "$group_length" != "$group_orig_length" ]; then + echo "/etc/group has changed during setup." >&2 + diff -Nrup /etc/group.orig /etc/group >&2 || true + ERRCNT=1 +fi + +if [ "$gshadow_length" != "$gshadow_orig_length" ]; then + echo "/etc/gshadow has changed during setup." >&2 + diff -Nrup /etc/gshadow.orig /etc/gshadow >&2 || true + ERRCNT=1 +fi + +if [ -n "$ERRCNT" ]; then + echo "There were changes to the password database," >&2 + echo "please adjust the values in the livecd-rootfs source in the file:" >&2 + echo "live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early" >&2 + echo >&2 + echo "Please check also if a maintainer script of the package" >&2 + echo "that added these entries perhaps created a home directory and," >&2 + echo "if needed, add code for creation of it to the above hook" >&2 + exit 1 +fi + +rm /etc/passwd.orig /etc/shadow.orig /etc/group.orig /etc/gshadow.orig diff --git a/live-build/ubuntu-touch/hooks/00-uid-gid-fix.chroot_early b/live-build/ubuntu-touch/hooks/00-uid-gid-fix.chroot_early index 91a64848..4f203560 100755 --- a/live-build/ubuntu-touch/hooks/00-uid-gid-fix.chroot_early +++ b/live-build/ubuntu-touch/hooks/00-uid-gid-fix.chroot_early @@ -175,6 +175,7 @@ systemd-network:x:117: systemd-resolve:x:118: systemd-bus-proxy:x:119: systemd-journal-remote:x:120: +input:x:121: EOF else echo "/etc/group post-debootstrap hash doesn't match record" >&2 @@ -256,6 +257,7 @@ systemd-network:!:: systemd-resolve:!:: systemd-bus-proxy:!:: systemd-journal-remote:!:: +input:!:: EOF else echo "/etc/gshadow post-debootstrap hash doesn't match record" >&2