mirror of
				https://git.launchpad.net/livecd-rootfs
				synced 2025-10-26 06:24:06 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			312 lines
		
	
	
		
			7.7 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			312 lines
		
	
	
		
			7.7 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/bin/sh -eu
 | |
| 
 | |
| ERRCNT=""
 | |
| 
 | |
| # Known good post-debootstrap values
 | |
| passwd_bootstrap="b1a93d7f7c6dfe40034b80e43de9ffc3"
 | |
| shadow_bootstrap="396cbe822f1dd1dd055bd5c6bcabd0c3"
 | |
| group_bootstrap="77a05f7c087eb2492f5970132aa436d4"
 | |
| gshadow_bootstrap="d610b4f0a42808f4d99b72dfff14435a"
 | |
| 
 | |
| # Current post-debootstrap values
 | |
| passwd_hash=$(set -- $(md5sum /etc/passwd) && echo $1)
 | |
| shadow_hash=$(set -- $(cat /etc/shadow | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1)
 | |
| group_hash=$(set -- $(md5sum /etc/group) && echo $1)
 | |
| gshadow_hash=$(set -- $(md5sum /etc/gshadow) && echo $1)
 | |
| 
 | |
| # /etc/passwd
 | |
| if [ "$passwd_bootstrap" = "$passwd_hash" ]; then
 | |
|     cat > /etc/passwd <<EOF
 | |
| root:x:0:0:root:/root:/bin/bash
 | |
| daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
 | |
| bin:x:2:2:bin:/bin:/usr/sbin/nologin
 | |
| sys:x:3:3:sys:/dev:/usr/sbin/nologin
 | |
| sync:x:4:65534:sync:/bin:/bin/sync
 | |
| games:x:5:60:games:/usr/games:/usr/sbin/nologin
 | |
| man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
 | |
| lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
 | |
| mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
 | |
| news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
 | |
| uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
 | |
| proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
 | |
| www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
 | |
| backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
 | |
| list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
 | |
| irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
 | |
| gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
 | |
| nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
 | |
| syslog:x:100:103::/home/syslog:/bin/false
 | |
| usermetrics:x:101:104:User Metrics:/var/lib/usermetrics:/bin/false
 | |
| messagebus:x:102:106::/var/run/dbus:/bin/false
 | |
| clickpkg:x:103:107::/nonexistent:/bin/false
 | |
| dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false
 | |
| sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
 | |
| rtkit:x:106:109:RealtimeKit,,,:/proc:/bin/false
 | |
| whoopsie:x:107:110::/nonexistent:/bin/false
 | |
| lightdm:x:108:111:Light Display Manager:/var/lib/lightdm:/bin/false
 | |
| lxc-dnsmasq:x:109:114:LXC dnsmasq,,,:/var/lib/lxc:/bin/false
 | |
| pulse:x:110:115:PulseAudio daemon,,,:/var/run/pulse:/bin/false
 | |
| system:x:1000:1000:system,,,:/nonexistent:/bin/false
 | |
| radio:x:1001:1001:radio,,,:/nonexistent:/bin/false
 | |
| systemd-timesync:x:111:113:systemd Time Synchronization,,,:/run/systemd:/bin/false
 | |
| systemd-network:x:112:117:systemd Network Management,,,:/run/systemd/netif:/bin/false
 | |
| systemd-resolve:x:113:118:systemd Resolver,,,:/run/systemd/resolve:/bin/false
 | |
| systemd-bus-proxy:x:114:119:systemd Bus Proxy,,,:/run/systemd:/bin/false
 | |
| nm-openvpn:x:115:120:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/bin/false
 | |
| EOF
 | |
| else
 | |
|     echo "/etc/passwd post-debootstrap hash doesn't match record" >&2
 | |
|     echo "The output below might help to resolve the issue" >&2
 | |
|     cat /etc/passwd
 | |
|     echo "passwd md5sum: $passwd_hash" >&2
 | |
|     ERRCNT=1
 | |
| fi
 | |
| 
 | |
| # /etc/shadow
 | |
| if [ "$shadow_bootstrap" = "$shadow_hash" ]; then
 | |
|     cat > /etc/shadow <<EOF
 | |
| root:*:16329:0:99999:7:::
 | |
| daemon:*:16329:0:99999:7:::
 | |
| bin:*:16329:0:99999:7:::
 | |
| sys:*:16329:0:99999:7:::
 | |
| sync:*:16329:0:99999:7:::
 | |
| games:*:16329:0:99999:7:::
 | |
| man:*:16329:0:99999:7:::
 | |
| lp:*:16329:0:99999:7:::
 | |
| mail:*:16329:0:99999:7:::
 | |
| news:*:16329:0:99999:7:::
 | |
| uucp:*:16329:0:99999:7:::
 | |
| proxy:*:16329:0:99999:7:::
 | |
| www-data:*:16329:0:99999:7:::
 | |
| backup:*:16329:0:99999:7:::
 | |
| list:*:16329:0:99999:7:::
 | |
| irc:*:16329:0:99999:7:::
 | |
| gnats:*:16329:0:99999:7:::
 | |
| nobody:*:16329:0:99999:7:::
 | |
| syslog:*:16329:0:99999:7:::
 | |
| usermetrics:*:16329:0:99999:7:::
 | |
| messagebus:*:16329:0:99999:7:::
 | |
| clickpkg:*:16329:0:99999:7:::
 | |
| dnsmasq:*:16329:0:99999:7:::
 | |
| sshd:*:16329:0:99999:7:::
 | |
| rtkit:*:16329:0:99999:7:::
 | |
| whoopsie:*:16329:0:99999:7:::
 | |
| lightdm:*:16329:0:99999:7:::
 | |
| lxc-dnsmasq:!:16329:0:99999:7:::
 | |
| pulse:*:16329:0:99999:7:::
 | |
| system:!:16329:0:99999:7:::
 | |
| radio:!:16329:0:99999:7:::
 | |
| systemd-timesync:*:16372:0:99999:7:::
 | |
| systemd-network:*:16372:0:99999:7:::
 | |
| systemd-resolve:*:16372:0:99999:7:::
 | |
| systemd-bus-proxy:*:16372:0:99999:7:::
 | |
| nm-openvpn:*:16909:0:99999:7:::
 | |
| EOF
 | |
| else
 | |
|     echo "/etc/shadow post-debootstrap hash doesn't match record" >&2
 | |
|     echo "The output below might help to resolve the issue" >&2
 | |
|     cat /etc/shadow
 | |
|     echo "shadow md5sum: $shadow_hash" >&2
 | |
|     ERRCNT=1
 | |
| fi
 | |
| 
 | |
| # /etc/group
 | |
| if [ "$group_bootstrap" = "$group_hash" ]; then
 | |
|     cat > /etc/group <<EOF
 | |
| root:x:0:
 | |
| daemon:x:1:
 | |
| bin:x:2:
 | |
| sys:x:3:
 | |
| adm:x:4:syslog
 | |
| tty:x:5:
 | |
| disk:x:6:
 | |
| lp:x:7:
 | |
| mail:x:8:
 | |
| news:x:9:
 | |
| uucp:x:10:
 | |
| man:x:12:
 | |
| proxy:x:13:
 | |
| kmem:x:15:
 | |
| dialout:x:20:
 | |
| fax:x:21:
 | |
| voice:x:22:
 | |
| cdrom:x:24:
 | |
| floppy:x:25:
 | |
| tape:x:26:
 | |
| sudo:x:27:
 | |
| audio:x:1005:
 | |
| dip:x:30:
 | |
| www-data:x:33:
 | |
| backup:x:34:
 | |
| operator:x:37:
 | |
| list:x:38:
 | |
| irc:x:39:
 | |
| src:x:40:
 | |
| gnats:x:41:
 | |
| shadow:x:42:
 | |
| utmp:x:43:
 | |
| video:x:44:
 | |
| sasl:x:45:
 | |
| plugdev:x:46:
 | |
| staff:x:50:
 | |
| games:x:60:
 | |
| users:x:100:
 | |
| nogroup:x:65534:
 | |
| netdev:x:101:
 | |
| crontab:x:102:
 | |
| syslog:x:103:
 | |
| usermetrics:x:104:
 | |
| systemd-journal:x:105:
 | |
| messagebus:x:106:
 | |
| clickpkg:x:107:
 | |
| ssh:x:108:
 | |
| rtkit:x:109:
 | |
| whoopsie:x:110:
 | |
| lightdm:x:111:
 | |
| nopasswdlogin:x:112:
 | |
| bluetooth:x:1002:
 | |
| lxc-dnsmasq:x:114:
 | |
| pulse:x:115:
 | |
| pulse-access:x:116:
 | |
| system:x:1000:
 | |
| radio:x:1001:
 | |
| gps:x:1021:
 | |
| android_net:x:3003:
 | |
| android_net2:x:3004:
 | |
| android_net3:x:3002:
 | |
| android_graphics:x:1003:
 | |
| android_input:x:1004:
 | |
| sdcard_rw:x:1015:
 | |
| android_media:x:1013:
 | |
| android_nvram:x:9997:
 | |
| android_cache:x:2001:
 | |
| systemd-timesync:x:113:
 | |
| systemd-network:x:117:
 | |
| systemd-resolve:x:118:
 | |
| systemd-bus-proxy:x:119:
 | |
| input:x:121:
 | |
| nm-openvpn:x:120:
 | |
| EOF
 | |
| else
 | |
|     echo "/etc/group post-debootstrap hash doesn't match record" >&2
 | |
|     echo "The output below might help to resolve the issue" >&2
 | |
|     cat /etc/group
 | |
|     echo "group md5sum: $group_hash" >&2
 | |
|     ERRCNT=1
 | |
| fi
 | |
| 
 | |
| # /etc/gshadow
 | |
| if [ "$gshadow_bootstrap" = "$gshadow_hash" ]; then
 | |
|     cat > /etc/gshadow <<EOF
 | |
| root:*::
 | |
| daemon:*::
 | |
| bin:*::
 | |
| sys:*::
 | |
| adm:*::syslog
 | |
| tty:*::
 | |
| disk:*::
 | |
| lp:*::
 | |
| mail:*::
 | |
| news:*::
 | |
| uucp:*::
 | |
| man:*::
 | |
| proxy:*::
 | |
| kmem:*::
 | |
| dialout:*::
 | |
| fax:*::
 | |
| voice:*::
 | |
| cdrom:*::
 | |
| floppy:*::
 | |
| tape:*::
 | |
| sudo:*::
 | |
| audio:*::pulse
 | |
| dip:*::
 | |
| www-data:*::
 | |
| backup:*::
 | |
| operator:*::
 | |
| list:*::
 | |
| irc:*::
 | |
| src:*::
 | |
| gnats:*::
 | |
| shadow:*::
 | |
| utmp:*::
 | |
| video:*::
 | |
| sasl:*::
 | |
| plugdev:*::
 | |
| staff:*::
 | |
| games:*::
 | |
| users:*::
 | |
| nogroup:*::
 | |
| netdev:!::
 | |
| crontab:!::
 | |
| syslog:!::
 | |
| usermetrics:!::
 | |
| systemd-journal:!::
 | |
| messagebus:!::
 | |
| clickpkg:!::
 | |
| ssh:!::
 | |
| rtkit:!::
 | |
| whoopsie:!::
 | |
| lightdm:!::
 | |
| nopasswdlogin:!::
 | |
| bluetooth:!::
 | |
| lxc-dnsmasq:!::
 | |
| pulse:!::
 | |
| pulse-access:!::
 | |
| system:!::
 | |
| radio:!::
 | |
| gps:!::
 | |
| android_net:!::
 | |
| android_net2:!::
 | |
| android_net3:!::
 | |
| android_graphics:!::
 | |
| android_input:!::
 | |
| sdcard_rw:!::
 | |
| android_media:!::
 | |
| android_nvram:!::
 | |
| android_cache:!::
 | |
| systemd-timesync:!::
 | |
| systemd-network:!::
 | |
| systemd-resolve:!::
 | |
| systemd-bus-proxy:!::
 | |
| input:!::
 | |
| nm-openvpn:!::
 | |
| EOF
 | |
| else
 | |
|     echo "/etc/gshadow post-debootstrap hash doesn't match record" >&2
 | |
|     echo "The output below might help to resolve the issue" >&2
 | |
|     cat /etc/gshadow
 | |
|     echo "gshadow md5sum: $gshadow_hash" >&2
 | |
|     ERRCNT=1
 | |
| fi
 | |
| 
 | |
| if [ -n "$ERRCNT" ]; then
 | |
|         echo "There were changes to the password database," >&2
 | |
|         echo "please adjust the values in the livecd-rootfs source in the file:" >&2
 | |
|         echo "live-build/ubuntu-touch/hooks/00-uid-gid-fix.chroot_early" >&2
 | |
|         echo >&2
 | |
|         echo "Please check also if a maintainer script of the package" >&2
 | |
|         echo "that added these entries perhaps created a home directory and," >&2
 | |
|         echo "if needed, add code for creation of it to the above hook" >&2
 | |
|         exit 1
 | |
| fi
 | |
| 
 | |
| # Create some missing directories
 | |
| mkdir -p /var/lib/lightdm
 | |
| chown lightdm:lightdm /var/lib/lightdm
 | |
| chmod 750 /var/lib/lightdm
 | |
| 
 | |
| mkdir -p /var/lib/usermetrics
 | |
| chown usermetrics:usermetrics /var/lib/usermetrics
 | |
| chmod 750 /var/lib/usermetrics
 | |
| 
 | |
| echo "adjusting ownership of /var/log" >&2
 | |
| chown root:syslog /var/log
 | |
| ls -ln /var | grep log >&2
 | |
| 
 | |
| # Record the current state for later comparison
 | |
| for file in /etc/passwd /etc/shadow /etc/group /etc/gshadow; do
 | |
|     rm -f ${file}-
 | |
|     cp ${file} ${file}.orig
 | |
| done
 |