mirror of
https://git.launchpad.net/livecd-rootfs
synced 2025-10-24 13:34:16 +00:00
- adjust the {group,gshadow}_bootstrap values. The audio group used to be gid 1005 after the bootstrap and is now 29.
238 lines
5.8 KiB
Bash
Executable File
238 lines
5.8 KiB
Bash
Executable File
#!/bin/sh -eu
|
|
|
|
ERRCNT=""
|
|
|
|
# Known good post-debootstrap values
|
|
passwd_bootstrap="9738946debbc125bd6cf3f197582a8a5"
|
|
shadow_bootstrap="4d299751999cae6de045390dd568812c"
|
|
group_bootstrap="63632e6266046ef7e59a1f090f93a2de"
|
|
gshadow_bootstrap="0b17c40c462aba03bed49ce62300de73"
|
|
|
|
# Current post-debootstrap values
|
|
passwd_hash=$(set -- $(md5sum /etc/passwd) && echo $1)
|
|
shadow_hash=$(set -- $(cat /etc/shadow | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1)
|
|
group_hash=$(set -- $(md5sum /etc/group) && echo $1)
|
|
gshadow_hash=$(set -- $(md5sum /etc/gshadow) && echo $1)
|
|
|
|
# /etc/passwd
|
|
if [ "$passwd_bootstrap" = "$passwd_hash" ]; then
|
|
cat > /etc/passwd <<EOF
|
|
root:x:0:0:root:/root:/bin/bash
|
|
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
|
|
bin:x:2:2:bin:/bin:/usr/sbin/nologin
|
|
sys:x:3:3:sys:/dev:/usr/sbin/nologin
|
|
sync:x:4:65534:sync:/bin:/bin/sync
|
|
games:x:5:60:games:/usr/games:/usr/sbin/nologin
|
|
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
|
|
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
|
|
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
|
|
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
|
|
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
|
|
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
|
|
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
|
|
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
|
|
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
|
|
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
|
|
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
|
|
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
|
|
messagebus:x:100:103::/var/run/dbus:/bin/false
|
|
clickpkg:x:101:104::/nonexistent:/bin/false
|
|
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
|
|
systemd-timesync:x:103:108:systemd Time Synchronization,,,:/run/systemd:/bin/false
|
|
systemd-network:x:104:109:systemd Network Management,,,:/run/systemd/netif:/bin/false
|
|
systemd-resolve:x:105:110:systemd Resolver,,,:/run/systemd/resolve:/bin/false
|
|
systemd-bus-proxy:x:106:111:systemd Bus Proxy,,,:/run/systemd:/bin/false
|
|
docker:x:107:113::/nonexistent:/bin/false
|
|
EOF
|
|
else
|
|
echo "/etc/passwd post-debootstrap hash doesn't match record" >&2
|
|
echo "The output below might help to resolve the issue" >&2
|
|
cat /etc/passwd
|
|
echo "passwd md5sum: $passwd_hash" >&2
|
|
ERRCNT=1
|
|
fi
|
|
|
|
# /etc/shadow
|
|
if [ "$shadow_bootstrap" = "$shadow_hash" ]; then
|
|
cat > /etc/shadow <<EOF
|
|
root:*:16329:0:99999:7:::
|
|
daemon:*:16329:0:99999:7:::
|
|
bin:*:16329:0:99999:7:::
|
|
sys:*:16329:0:99999:7:::
|
|
sync:*:16329:0:99999:7:::
|
|
games:*:16329:0:99999:7:::
|
|
man:*:16329:0:99999:7:::
|
|
lp:*:16329:0:99999:7:::
|
|
mail:*:16329:0:99999:7:::
|
|
news:*:16329:0:99999:7:::
|
|
uucp:*:16329:0:99999:7:::
|
|
proxy:*:16329:0:99999:7:::
|
|
www-data:*:16329:0:99999:7:::
|
|
backup:*:16329:0:99999:7:::
|
|
list:*:16329:0:99999:7:::
|
|
irc:*:16329:0:99999:7:::
|
|
gnats:*:16329:0:99999:7:::
|
|
nobody:*:16329:0:99999:7:::
|
|
messagebus:*:16413:0:99999:7:::
|
|
clickpkg:*:16413:0:99999:7:::
|
|
sshd:*:16413:0:99999:7:::
|
|
systemd-timesync:*:16413:0:99999:7:::
|
|
systemd-network:*:16413:0:99999:7:::
|
|
systemd-resolve:*:16413:0:99999:7:::
|
|
systemd-bus-proxy:*:16413:0:99999:7:::
|
|
docker:*:16413:0:99999:7:::
|
|
EOF
|
|
else
|
|
echo "/etc/shadow post-debootstrap hash doesn't match record" >&2
|
|
echo "The output below might help to resolve the issue" >&2
|
|
cat /etc/shadow
|
|
echo "shadow md5sum: $shadow_hash" >&2
|
|
ERRCNT=1
|
|
fi
|
|
|
|
# /etc/group
|
|
if [ "$group_bootstrap" = "$group_hash" ]; then
|
|
cat > /etc/group <<EOF
|
|
root:x:0:
|
|
daemon:x:1:
|
|
bin:x:2:
|
|
sys:x:3:
|
|
adm:x:4:syslog
|
|
tty:x:5:
|
|
disk:x:6:
|
|
lp:x:7:
|
|
mail:x:8:
|
|
news:x:9:
|
|
uucp:x:10:
|
|
man:x:12:
|
|
proxy:x:13:
|
|
kmem:x:15:
|
|
dialout:x:20:
|
|
fax:x:21:
|
|
voice:x:22:
|
|
cdrom:x:24:
|
|
floppy:x:25:
|
|
tape:x:26:
|
|
sudo:x:27:
|
|
audio:x:1005:
|
|
dip:x:30:
|
|
www-data:x:33:
|
|
backup:x:34:
|
|
operator:x:37:
|
|
list:x:38:
|
|
irc:x:39:
|
|
src:x:40:
|
|
gnats:x:41:
|
|
shadow:x:42:
|
|
utmp:x:43:
|
|
video:x:44:
|
|
sasl:x:45:
|
|
plugdev:x:46:
|
|
staff:x:50:
|
|
games:x:60:
|
|
users:x:100:
|
|
nogroup:x:65534:
|
|
netdev:x:101:
|
|
crontab:x:102:
|
|
messagebus:x:103:
|
|
clickpkg:x:104:
|
|
ssh:x:105:
|
|
systemd-journal:x:106:
|
|
systemd-journal-remote:x:107:
|
|
systemd-timesync:x:108:
|
|
systemd-network:x:109:
|
|
systemd-resolve:x:110:
|
|
systemd-bus-proxy:x:111:
|
|
input:x:112:
|
|
docker:x:113:
|
|
EOF
|
|
else
|
|
echo "/etc/group post-debootstrap hash doesn't match record" >&2
|
|
echo "The output below might help to resolve the issue" >&2
|
|
cat /etc/group
|
|
echo "group md5sum: $group_hash" >&2
|
|
ERRCNT=1
|
|
fi
|
|
|
|
# /etc/gshadow
|
|
if [ "$gshadow_bootstrap" = "$gshadow_hash" ]; then
|
|
cat > /etc/gshadow <<EOF
|
|
root:*::
|
|
daemon:*::
|
|
bin:*::
|
|
sys:*::
|
|
adm:*::syslog
|
|
tty:*::
|
|
disk:*::
|
|
lp:*::
|
|
mail:*::
|
|
news:*::
|
|
uucp:*::
|
|
man:*::
|
|
proxy:*::
|
|
kmem:*::
|
|
dialout:*::
|
|
fax:*::
|
|
voice:*::
|
|
cdrom:*::
|
|
floppy:*::
|
|
tape:*::
|
|
sudo:*::
|
|
audio:*::pulse
|
|
dip:*::
|
|
www-data:*::
|
|
backup:*::
|
|
operator:*::
|
|
list:*::
|
|
irc:*::
|
|
src:*::
|
|
gnats:*::
|
|
shadow:*::
|
|
utmp:*::
|
|
video:*::
|
|
sasl:*::
|
|
plugdev:*::
|
|
staff:*::
|
|
games:*::
|
|
users:*::
|
|
nogroup:*::
|
|
netdev:!::
|
|
crontab:!::
|
|
messagebus:!::
|
|
clickpkg:!::
|
|
ssh:!::
|
|
systemd-journal:!::
|
|
systemd-journal-remote:!::
|
|
systemd-timesync:!::
|
|
systemd-network:!::
|
|
systemd-resolve:!::
|
|
systemd-bus-proxy:!::
|
|
input:!::
|
|
docker:!::
|
|
EOF
|
|
else
|
|
echo "/etc/gshadow post-debootstrap hash doesn't match record" >&2
|
|
echo "The output below might help to resolve the issue" >&2
|
|
cat /etc/gshadow
|
|
echo "gshadow md5sum: $gshadow_hash" >&2
|
|
ERRCNT=1
|
|
fi
|
|
|
|
if [ -n "$ERRCNT" ]; then
|
|
echo "There were changes to the password database," >&2
|
|
echo "please adjust the values in the livecd-rootfs source in the file:" >&2
|
|
echo "live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early" >&2
|
|
echo >&2
|
|
echo "Please check also if a maintainer script of the package" >&2
|
|
echo "that added these entries perhaps created a home directory and," >&2
|
|
echo "if needed, add code for creation of it to the above hook" >&2
|
|
exit 1
|
|
fi
|
|
|
|
|
|
# Record the current state for later comparison
|
|
for file in /etc/passwd /etc/shadow /etc/group /etc/gshadow; do
|
|
rm -f ${file}-
|
|
cp ${file} ${file}.orig
|
|
done
|