From 3ed266091c6beafd34e5a002099442caeef28a7b Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Thu, 19 Apr 2018 13:29:33 +0100 Subject: [PATCH 1/2] Ensure MAAS squashfsi are clean of passwords. LP: #1764991. --- debian/changelog | 6 +++++ .../hooks/031-maas-squashfs.binary | 23 ++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index aeb1824d..fb40803c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +livecd-rootfs (2.523) UNRELEASED; urgency=medium + + * Ensure MAAS squashfsi are clean of passwords. LP: #1764991. + + -- Dimitri John Ledkov Thu, 19 Apr 2018 13:29:08 +0100 + livecd-rootfs (2.522) bionic; urgency=medium * Remove landscape-common from minimal image, and handle restoring it in diff --git a/live-build/ubuntu-server/hooks/031-maas-squashfs.binary b/live-build/ubuntu-server/hooks/031-maas-squashfs.binary index 1e46aa3d..855e376b 100755 --- a/live-build/ubuntu-server/hooks/031-maas-squashfs.binary +++ b/live-build/ubuntu-server/hooks/031-maas-squashfs.binary @@ -44,6 +44,10 @@ mount_overlay "$SQUASH_ROOT/" "$OVERLAY_RACK_ROOT/" "$RACK_ROOT/" "RACK" setup_mountpoint $RACK_ROOT env DEBIAN_FRONTEND=noninteractive chroot $RACK_ROOT apt-get -y install maas-rack-controller +rm -f $RACK_ROOT/etc/maas/rackd.conf +chroot $RACK_ROOT sh -c 'echo RESET maas/default-maas-url | debconf-communicate maas-common' +chroot $RACK_ROOT sh -c 'echo RESET maas-rack-controller/maas-url | debconf-communicate maas-common' +chroot $RACK_ROOT sh -c 'echo RESET maas-rack-controller/maas-url | debconf-communicate maas-rack-controller' teardown_mountpoint $RACK_ROOT umount "$RACK_ROOT" @@ -53,8 +57,25 @@ umount "$RACK_ROOT" mount_overlay "$OVERLAY_RACK_ROOT/:$SQUASH_ROOT/" "$OVERLAY_REGION_ROOT/" "$REGION_ROOT/" "REGION" setup_mountpoint $REGION_ROOT + env DEBIAN_FRONTEND=noninteractive chroot $REGION_ROOT apt-get -y install maas -chroot $REGION_ROOT pg_ctlcluster 10 main stop + +# 'Reset' dbconfig state +chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.prerm remove +chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.postrm remove +chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.postrm purge +chroot $REGION_ROOT sh -c 'echo RESET maas/default-maas-url | debconf-communicate maas-common' + +chroot $REGION_ROOT pg_ctlcluster $(/bin/ls $REGION_ROOT/var/lib/postgresql/) main stop || : + +# "Forget" passwords +rm -f $REGION_ROOT/etc/maas/rackd.conf +rm -f $REGION_ROOT/etc/maas/regiond.conf + +# After the install, one may call the below to "reconfigure" maas-region-controller +## debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.config configure +## debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.postinst configure + teardown_mountpoint "$REGION_ROOT" umount "$REGION_ROOT" From f32b6ed2616b0dbabdb668a38829e28a4de5b423 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Thu, 19 Apr 2018 14:52:39 +0100 Subject: [PATCH 2/2] Clear maas role password --- live-build/ubuntu-server/hooks/031-maas-squashfs.binary | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/live-build/ubuntu-server/hooks/031-maas-squashfs.binary b/live-build/ubuntu-server/hooks/031-maas-squashfs.binary index 855e376b..ba348ba3 100755 --- a/live-build/ubuntu-server/hooks/031-maas-squashfs.binary +++ b/live-build/ubuntu-server/hooks/031-maas-squashfs.binary @@ -60,17 +60,15 @@ setup_mountpoint $REGION_ROOT env DEBIAN_FRONTEND=noninteractive chroot $REGION_ROOT apt-get -y install maas -# 'Reset' dbconfig state +# Forget how things had to be configured chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.prerm remove chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.postrm remove chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.postrm purge chroot $REGION_ROOT sh -c 'echo RESET maas/default-maas-url | debconf-communicate maas-common' - -chroot $REGION_ROOT pg_ctlcluster $(/bin/ls $REGION_ROOT/var/lib/postgresql/) main stop || : - -# "Forget" passwords +chroot $REGION_ROOT sudo -u postgres psql -c 'alter role maas password null;' rm -f $REGION_ROOT/etc/maas/rackd.conf rm -f $REGION_ROOT/etc/maas/regiond.conf +chroot $REGION_ROOT pg_ctlcluster $(/bin/ls $REGION_ROOT/var/lib/postgresql/) main stop || : # After the install, one may call the below to "reconfigure" maas-region-controller ## debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.config configure