VerityBook/quirks/nss.sh

#!/usr/bin/bash -ex

sed -i -e 's#^\(passwd:.*\) files#\1 files db altfile#g;s#^\(shadow:.*\) files#\1 files altfiles db#g;s#^\(group:.*\) files#\1 files altfiles db#g' \
    "$sysroot"/etc/nsswitch.conf
mkdir -p "$sysroot"/usr/db
sed -i -e 's#/var/db#/usr/db#g' "$sysroot"/lib*/libnss_db-2*.so "$sysroot"/var/db/Makefile

egrep -e '^(adm|wheel):.*' "$sysroot"/etc/group > "$sysroot"/etc/group.adm
egrep -e '^(adm|wheel):.*' "$sysroot"/etc/gshadow > "$sysroot"/etc/gshadow.adm

sed -i -e 's#:/root:#:/var/root:#g' "$sysroot"/etc/passwd

sed -i -e '/^wheel:.*/d;/^adm:.*/d' "$sysroot"/etc/group "$sysroot"/etc/gshadow

chroot "$sysroot" bash -c 'make -C /var/db /usr/db/passwd.db /usr/db/shadow.db /usr/db/gshadow.db /usr/db/group.db && mv /etc/{passwd,shadow,group,gshadow} /lib && >/etc/passwd && > /etc/shadow && >/etc/group && >/etc/gshadow'

mv "$sysroot"/etc/group.adm "$sysroot"/etc/group
mv "$sysroot"/etc/gshadow.adm "$sysroot"/etc/gshadow
chmod 0000 "$sysroot"/etc/gshadow "$sysroot"/etc/shadow

mkdir -p "$sysroot"/usr/share/factory/cfg
mv "$sysroot"/etc/passwd \
    "$sysroot"/etc/sub{u,g}id \
    "$sysroot"/etc/shadow \
    "$sysroot"/etc/group \
    "$sysroot"/etc/gshadow \
    "$sysroot"/usr/share/factory/cfg/

rm -f "$sysroot"/etc/shadow- "$sysroot"/etc/gshadow-

sed -i -e 's!^# directory = /etc!directory = /var!g' "$sysroot"/etc/libuser.conf

for i in passwd shadow group gshadow .pwd.lock subuid subgid; do
    ln -sfnr "$sysroot"/cfg/"$i" "$sysroot"/etc/"$i"
done

sed -i -e 's#/etc/passwd#/cfg/passwd#g;s#/etc/npasswd#/cfg/npasswd#g' \
    "$sysroot"/usr/lib*/security/pam_unix.so

sed -i -e 's#/etc/shadow#/cfg/shadow#g;s#/etc/nshadow#/cfg/nshadow#g' \
    "$sysroot"/usr/lib*/security/pam_unix.so

sed -i -e 's#/etc/.pwdXXXXXX#/cfg/.pwdXXXXXX#g' \
    "$sysroot"/usr/lib*/security/pam_unix.so

sed -i -e 's#/etc/passwd#/cfg/passwd#g;s#/etc/shadow#/cfg/shadow#g;s#/etc/gshadow#/cfg/gshadow#g;s#/etc/group#/cfg/group#g;s#/etc/subuid#/cfg/subuid#g;s#/etc/subgid#/cfg/subgid#g' \
    "$sysroot"/usr/sbin/user{add,mod,del} \
    "$sysroot"/usr/sbin/group{add,mod,del} \
    "$sysroot"/usr/bin/newgidmap \
    "$sysroot"/usr/bin/newuidmap \
    "$sysroot"/usr/sbin/newusers

sed -i -e 's#/etc/.pwd.lock#/cfg/.pwd.lock#g' \
    "$sysroot"/lib*/libc.so.* \
    "$sysroot"/usr/lib/systemd/libsystemd-shared*.so

[[ -e "$sysroot"/usr/lib*/librpmostree-1.so.1 ]] \
    && sed -i -e 's#/etc/.pwd.lock#/cfg/.pwd.lock#g' \
    "$sysroot"/usr/lib*/librpmostree-1.so.1

mkdir -p "$sysroot"/usr/share/factory/var/root
chown +0.+0 "$sysroot"/usr/share/factory/var/root

cat > "$sysroot"/usr/lib/tmpfiles.d/home.conf <<EOF
C /var/root - - - - -
C /cfg/passwd - - - - -
C /cfg/shadow - - - - -
C /cfg/group - - - - -
C /cfg/gshadow - - - - -
C /cfg/subuid - - - - -
C /cfg/subgid - - - - -
EOF
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`#!/usr/bin/bash -ex`
update 2018-09-10 15:50:31 +02:00
update 2018-09-07 16:47:54 +02:00			`sed -i -e 's#^\(passwd:.\) files#\1 files db altfile#g;s#^\(shadow:.\) files#\1 files altfiles db#g;s#^\(group:.*\) files#\1 files altfiles db#g' \`
			`"$sysroot"/etc/nsswitch.conf`
			`mkdir -p "$sysroot"/usr/db`
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`sed -i -e 's#/var/db#/usr/db#g' "$sysroot"/lib/libnss_db-2.so "$sysroot"/var/db/Makefile`
update 2018-09-07 16:47:54 +02:00
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`egrep -e '^(adm\|wheel):.*' "$sysroot"/etc/group > "$sysroot"/etc/group.adm`
			`egrep -e '^(adm\|wheel):.*' "$sysroot"/etc/gshadow > "$sysroot"/etc/gshadow.adm`
update 2018-09-07 16:47:54 +02:00
update 2018-09-10 14:19:20 +02:00			`sed -i -e 's#:/root:#:/var/root:#g' "$sysroot"/etc/passwd`

update 2018-09-07 16:47:54 +02:00			`sed -i -e '/^wheel:./d;/^adm:./d' "$sysroot"/etc/group "$sysroot"/etc/gshadow`

			`chroot "$sysroot" bash -c 'make -C /var/db /usr/db/passwd.db /usr/db/shadow.db /usr/db/gshadow.db /usr/db/group.db && mv /etc/{passwd,shadow,group,gshadow} /lib && >/etc/passwd && > /etc/shadow && >/etc/group && >/etc/gshadow'`

move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`mv "$sysroot"/etc/group.adm "$sysroot"/etc/group`
			`mv "$sysroot"/etc/gshadow.adm "$sysroot"/etc/gshadow`
			`chmod 0000 "$sysroot"/etc/gshadow "$sysroot"/etc/shadow`
update 2018-09-10 15:50:31 +02:00
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`mkdir -p "$sysroot"/usr/share/factory/cfg`
			`mv "$sysroot"/etc/passwd \`
			`"$sysroot"/etc/sub{u,g}id \`
			`"$sysroot"/etc/shadow \`
			`"$sysroot"/etc/group \`
			`"$sysroot"/etc/gshadow \`
			`"$sysroot"/usr/share/factory/cfg/`
update 2018-09-07 16:47:54 +02:00
update 2018-09-10 15:50:31 +02:00			`rm -f "$sysroot"/etc/shadow- "$sysroot"/etc/gshadow-`

update 2018-09-07 16:47:54 +02:00			`sed -i -e 's!^# directory = /etc!directory = /var!g' "$sysroot"/etc/libuser.conf`

quirks/nss.sh: don't create /home/admin 2018-09-12 16:39:52 +02:00			`for i in passwd shadow group gshadow .pwd.lock subuid subgid; do`
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`ln -sfnr "$sysroot"/cfg/"$i" "$sysroot"/etc/"$i"`
update 2018-09-07 16:47:54 +02:00			`done`

move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`sed -i -e 's#/etc/passwd#/cfg/passwd#g;s#/etc/npasswd#/cfg/npasswd#g' \`
			`"$sysroot"/usr/lib*/security/pam_unix.so`

			`sed -i -e 's#/etc/shadow#/cfg/shadow#g;s#/etc/nshadow#/cfg/nshadow#g' \`
			`"$sysroot"/usr/lib*/security/pam_unix.so`

			`sed -i -e 's#/etc/.pwdXXXXXX#/cfg/.pwdXXXXXX#g' \`
			`"$sysroot"/usr/lib*/security/pam_unix.so`

			`sed -i -e 's#/etc/passwd#/cfg/passwd#g;s#/etc/shadow#/cfg/shadow#g;s#/etc/gshadow#/cfg/gshadow#g;s#/etc/group#/cfg/group#g;s#/etc/subuid#/cfg/subuid#g;s#/etc/subgid#/cfg/subgid#g' \`
			`"$sysroot"/usr/sbin/user{add,mod,del} \`
			`"$sysroot"/usr/sbin/group{add,mod,del} \`
			`"$sysroot"/usr/bin/newgidmap \`
			`"$sysroot"/usr/bin/newuidmap \`
			`"$sysroot"/usr/sbin/newusers`

			`sed -i -e 's#/etc/.pwd.lock#/cfg/.pwd.lock#g' \`
update 2018-09-07 16:47:54 +02:00			`"$sysroot"/lib/libc.so. \`
			`"$sysroot"/usr/lib/systemd/libsystemd-shared*.so`

use single image for squashfs and dmverity 2018-09-11 16:47:20 +02:00			`[[ -e "$sysroot"/usr/lib*/librpmostree-1.so.1 ]] \`
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`&& sed -i -e 's#/etc/.pwd.lock#/cfg/.pwd.lock#g' \`
use single image for squashfs and dmverity 2018-09-11 16:47:20 +02:00			`"$sysroot"/usr/lib*/librpmostree-1.so.1`
update 2018-09-07 16:47:54 +02:00
update 2018-09-10 14:19:20 +02:00			`mkdir -p "$sysroot"/usr/share/factory/var/root`
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`chown +0.+0 "$sysroot"/usr/share/factory/var/root`
update 2018-09-10 14:19:20 +02:00
update 2018-09-07 16:47:54 +02:00			`cat > "$sysroot"/usr/lib/tmpfiles.d/home.conf <<EOF`
update 2018-09-10 14:19:20 +02:00			`C /var/root - - - - -`
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00			`C /cfg/passwd - - - - -`
			`C /cfg/shadow - - - - -`
			`C /cfg/group - - - - -`
			`C /cfg/gshadow - - - - -`
			`C /cfg/subuid - - - - -`
			`C /cfg/subgid - - - - -`
update 2018-09-07 16:47:54 +02:00			`EOF`
move everything configurable to /cfg and try selinux 2018-09-17 17:32:13 +02:00