From cc8a6e270950d1172882daa09f7ab63ea0190e7c Mon Sep 17 00:00:00 2001 From: Christopher Glass Date: Thu, 24 Aug 2017 19:17:17 +0200 Subject: [PATCH] Turns out the user adding should be done when the chroot is available... --- .../ubuntu-cpc/hooks/042-vagrant.binary | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index b675f58a..67597a5e 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -67,6 +67,29 @@ chroot ${mount_d} apt-get update # avoid pulling into a cloud image. chroot ${mount_d} apt-get install --no-install-recommends -y virtualbox-guest-utils chroot ${mount_d} apt-get clean + +# Create and setup users inside the image. +# Vagrant users expect a "vagrant" user with a "vagrant" username, and that the +# root password is set to "vagrant" as well. +# See https://www.vagrantup.com/docs/boxes/base.html +chroot ${mount_d} useradd -m vagrant -s /bin/bash +echo "root:vagrant" | chroot ${mount_d} chpasswd +echo "vagrant:vagrant" | chroot ${mount_d} chpasswd + +# The vagrant user should have passwordless sudo. +cat << EOF > ${mount_d}/etc/sudoers.d/vagrant +vagrant ALL=(ALL) NOPASSWD:ALL +EOF + +# Add the insecure vagrant pubkey to the vagrant user, as is expected by the +# vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) +chroot ${mout_d} chmod 0440 /etc/sudoers.d/vagrant +chroot ${mount_d} mkdir -p /home/vagrant/.ssh +chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh +cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOF + umount_disk_image "$mount_d" rmdir "$mount_d" @@ -94,28 +117,6 @@ ubuntu_user_pass=$(openssl rand -hex 12) cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk" -# Create and setup users inside the image. -# Vagrant users expect a "vagrant" user with a "vagrant" username, and that the -# root password is set to "vagrant" as well. -# See https://www.vagrantup.com/docs/boxes/base.html -chroot ${mount_d} useradd -m vagrant -s /bin/bash -echo "root:vagrant" | chroot ${mount_d} chpasswd -echo "vagrant:vagrant" | chroot ${mount_d} chpasswd - -# The vagrant user should have passwordless sudo. -cat << EOF > ${mount_d}/etc/sudoers.d/vagrant -vagrant ALL=(ALL) NOPASSWD:ALL -EOF - -# Add the insecure vagrant pubkey to the vagrant user, as is expected by the -# vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) -chroot ${mout_d} chmod 0440 /etc/sudoers.d/vagrant -chroot ${mount_d} mkdir -p /home/vagrant/.ssh -chroot ${mount_d} chown -R vagrant: /home/vagrant/.ssh -cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key -EOF - # Create the user-data. This is totally insecure, but so is Vagrant. To # mitigate this insecurity, the vagrant instance is not accessible # except via local host.