Import patches-unapplied version 2.453 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 70a41fd45c903321d6379955ec04b19a1c8e5bd4

New changelog entries:
  [ Chris Glass ]
  * Create vagrant user for vagrant image, per upstream requirements.
  [ Colin Watson ]
  * Mount and unmount /dev recursively, to cope with setups where there are
    interesting bind-mounts under /dev (e.g. loop devices bind-mounted by
    LXD).  LP: #1716465.

debian/changelog

@@ -1,3 +1,15 @@
+livecd-rootfs (2.453) artful; urgency=medium
+
+  [ Chris Glass ]
+  * Create vagrant user for vagrant image, per upstream requirements.
+
+  [ Colin Watson ]
+  * Mount and unmount /dev recursively, to cope with setups where there are
+    interesting bind-mounts under /dev (e.g. loop devices bind-mounted by
+    LXD).  LP: #1716465.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 11 Sep 2017 11:39:11 -0700
+
 livecd-rootfs (2.452) artful; urgency=medium
 
   * Fix suppressing kpartx error

live-build/functions

@@ -79,8 +79,7 @@ mount_image() {
 setup_mountpoint() {
     local mountpoint="$1"
 
-    mount --bind /dev "$mountpoint/dev"
+    mount --rbind /dev "$mountpoint/dev"
-    mount devpts-live -t proc "$mountpoint/dev/pts"
     mount proc-live -t proc "$mountpoint/proc"
     mount sysfs-live -t sysfs "$mountpoint/sys"
     mount -t tmpfs none "$mountpoint/tmp"
@@ -141,11 +140,7 @@ umount_settle() {
 umount_partition() {
     local mountpoint=${1}
     mv resolv.conf.tmp "$mountpoint/etc/resolv.conf"
-    for submnt in proc sys dev/pts dev tmp;
+    umount -R $mountpoint
-    do
-        umount $mountpoint/$submnt
-    done
-    umount $mountpoint
     udevadm settle
 
     if [ -n "${rootfs_dev_mapper}" -a -b "${rootfs_dev_mapper}" ]; then

live-build/ubuntu-cpc/hooks/032-root-squashfs.binary

@@ -39,8 +39,7 @@ chroot binary/boot/squashfs.dir dpkg-divert --remove --local --rename /usr/sbin/
 mv resolv.conf.tmp "binary/boot/squashfs.dir/etc/resolv.conf"
 umount "binary/boot/squashfs.dir/proc"
 umount "binary/boot/squashfs.dir/sys"
-umount "binary/boot/squashfs.dir/dev/pts"
+umount -R "binary/boot/squashfs.dir/dev"
-umount "binary/boot/squashfs.dir/dev"
 umount "binary/boot/squashfs.dir/tmp"
 
 squashfs_f="${PWD}/livecd.ubuntu-cpc.squashfs"

live-build/ubuntu-cpc/hooks/042-vagrant.binary

@@ -67,6 +67,29 @@ chroot ${mount_d} apt-get update
 # avoid pulling into a cloud image.
 chroot ${mount_d} apt-get install --no-install-recommends -y virtualbox-guest-utils
 chroot ${mount_d} apt-get clean
+
+# Create and setup users inside the image.
+# Vagrant users expect a "vagrant" user with a "vagrant" username.
+# See https://www.vagrantup.com/docs/boxes/base.html
+# Note: We decided NOT to allow root login with a default password.
+chroot ${mount_d} adduser vagrant
+echo "vagrant:vagrant" | chroot ${mount_d} chpasswd
+
+# The vagrant user should have passwordless sudo.
+cat << EOF > ${mount_d}/etc/sudoers.d/vagrant
+vagrant ALL=(ALL) NOPASSWD:ALL
+EOF
+
+# Add the insecure vagrant pubkey to the vagrant user, as is expected by the
+# vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html)
+chroot ${mount_d} chmod 0440 /etc/sudoers.d/vagrant
+chroot ${mount_d} mkdir -p /home/vagrant/.ssh
+cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+EOF
+chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh
+chroot ${mount_d} chmod 700 /home/vagrant/.ssh
+
 umount_disk_image "$mount_d"
 rmdir "$mount_d"
 
@@ -80,12 +103,6 @@ prefix="${distro}-${suite}-${version}-cloudimg"
 vmdk_f="${box_d}/${prefix}.vmdk"
 create_vmdk ${derivative_img} ${vmdk_f}
 
-# Vagrant needs a base user. We either inject the well-known SSH key
-# or use password authentication. Both are ugly. So we'll use a password
-# and make it random. This obviously is insecure...but at least its
-# better than the alternatives.
-ubuntu_user_pass=$(openssl rand -hex 12)
-
 ####################################
 # Create the ConfigDrive
 # This is a cloud-init piece that instructs cloud-init to configure
@@ -98,9 +115,6 @@ cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk"
 # except via local host.
 cat > ${seed_d}/user-data <<END
 #cloud-config
-password: ${ubuntu_user_pass}
-chpasswd: { expire: False }
-ssh_pwauth: True
 manage_etc_hosts: localhost
 END
 
@@ -141,8 +155,6 @@ load include_vagrantfile if File.exist?(include_vagrantfile)
 
 Vagrant.configure("2") do |config|
   config.vm.base_mac = "${macaddr}"
-  config.ssh.username = "ubuntu"
-  config.ssh.password = "${ubuntu_user_pass}"
 
   config.vm.provider "virtualbox" do |vb|
      vb.customize [ "modifyvm", :id, "--uart1", "0x3F8", "4" ]

live-build/ubuntu-server/hooks/032-installer-squashfs.binary

@@ -155,8 +155,7 @@ umount "$SQUASH_ROOT"
 # Then we can start unmounting the "real" root:
 umount "binary/boot/squashfs.dir/proc"
 umount "binary/boot/squashfs.dir/sys"
-umount "binary/boot/squashfs.dir/dev/pts"
+umount -R "binary/boot/squashfs.dir/dev"
-umount "binary/boot/squashfs.dir/dev"
 umount "binary/boot/squashfs.dir/tmp"
 
 squashfs_f="${PWD}/livecd.${PROJECT}.installer.squashfs"