From ce664be75f887c57731d3c53089462f25c2de69f Mon Sep 17 00:00:00 2001 From: Balint Reczey Date: Thu, 21 Dec 2017 09:20:32 +0100 Subject: [PATCH] Import patches-unapplied version 2.408.27 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 6be108d84763e754152b03b31ff01998edc673bb New changelog entries: * Don't ask for password and GECOS while creating vagrant user (LP: #1569237) * Added a "vagrant" user to the vagrant image in addition to the "ubuntu" user, in accordance with the vagrant community's expectations (LP: #1569237) --- debian/changelog | 14 ++++++++ .../ubuntu-cpc/hooks/042-vagrant.binary | 36 +++++++++++++------ 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/debian/changelog b/debian/changelog index e18925cc..daf80bd7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +livecd-rootfs (2.408.27) xenial; urgency=medium + + * Don't ask for password and GECOS while creating vagrant user + (LP: #1569237) + + -- Balint Reczey Thu, 21 Dec 2017 09:20:32 +0100 + +livecd-rootfs (2.408.26) xenial; urgency=medium + + * Added a "vagrant" user to the vagrant image in addition to the "ubuntu" + user, in accordance with the vagrant community's expectations (LP: #1569237) + + -- Christopher Glass (Ubuntu) Thu, 07 Dec 2017 14:00:59 +0100 + livecd-rootfs (2.408.25) xenial; urgency=medium * Sort and list dependencies nicely diff --git a/live-build/ubuntu-cpc/hooks/042-vagrant.binary b/live-build/ubuntu-cpc/hooks/042-vagrant.binary index c52f6f38..0894157e 100755 --- a/live-build/ubuntu-cpc/hooks/042-vagrant.binary +++ b/live-build/ubuntu-cpc/hooks/042-vagrant.binary @@ -58,6 +58,31 @@ chroot ${mount_d} apt-get update # avoid pulling into a cloud image. chroot ${mount_d} apt-get install --no-install-recommends -y virtualbox-guest-utils chroot ${mount_d} apt-get clean + +# Create and setup users inside the image. +# Vagrant users expect a "vagrant" user with a "vagrant" username. +# See https://www.vagrantup.com/docs/boxes/base.html +# Note: We decided NOT to allow root login with a default password. +# --disabled-password and --gecos need to be passed to avoid adduser +# asking questions when running in an interactive shell +chroot ${mount_d} adduser vagrant --disabled-password --gecos "" +echo "vagrant:vagrant" | chroot ${mount_d} chpasswd + +# The vagrant user should have passwordless sudo. +cat << EOF > ${mount_d}/etc/sudoers.d/vagrant +vagrant ALL=(ALL) NOPASSWD:ALL +EOF + +# Add the insecure vagrant pubkey to the vagrant user, as is expected by the +# vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html) +chroot ${mount_d} chmod 0440 /etc/sudoers.d/vagrant +chroot ${mount_d} mkdir -p /home/vagrant/.ssh +cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOF +chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh +chroot ${mount_d} chmod 700 /home/vagrant/.ssh + umount_disk_image "$mount_d" rmdir "$mount_d" @@ -71,12 +96,6 @@ prefix="${distro}-${suite}-${version}-cloudimg" vmdk_f="${box_d}/${prefix}.vmdk" create_vmdk ${derivative_img} ${vmdk_f} -# Vagrant needs a base user. We either inject the well-known SSH key -# or use password authentication. Both are ugly. So we'll use a password -# and make it random. This obviously is insecure...but at least its -# better than the alternatives. -ubuntu_user_pass=$(openssl rand -hex 12) - #################################### # Create the ConfigDrive # This is a cloud-init piece that instructs cloud-init to configure @@ -89,9 +108,6 @@ cdrom_vmdk_f="${box_d}/${prefix}-configdrive.vmdk" # except via local host. cat > ${seed_d}/user-data <