base-passwd now creates the _apt user
This commit is contained in:
parent
80ade97458
commit
eb7cf54155
2 changed files with 6 additions and 32 deletions
|
@ -10,13 +10,8 @@ echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH"
|
||||||
# order in comparison to the systemd users
|
# order in comparison to the systemd users
|
||||||
# https://bugs.debian.org/969631
|
# https://bugs.debian.org/969631
|
||||||
# we cannot use useradd because passwd is not Essential:yes
|
# we cannot use useradd because passwd is not Essential:yes
|
||||||
#
|
|
||||||
# with cron 3.0pl1-142 and the introduction of cron-daemon-common, installation
|
|
||||||
# order of cron and systemd started to differ between debootstrap and
|
|
||||||
# mmdebstrap, resulting in different gid values
|
|
||||||
{{ CMD }} --variant={{ VARIANT }} --mode={{ MODE }} \
|
{{ CMD }} --variant={{ VARIANT }} --mode={{ MODE }} \
|
||||||
--essential-hook='if [ {{ VARIANT }} = - ]; then echo _apt:*:100:65534::/nonexistent:/usr/sbin/nologin >> "$1"/etc/passwd; fi' \
|
--essential-hook='case {{ DIST }} in oldstable|stable) if [ {{ VARIANT }} = - ]; then echo _apt:*:100:65534::/nonexistent:/usr/sbin/nologin >> "$1"/etc/passwd; fi;; esac' \
|
||||||
--essential-hook='if [ {{ VARIANT }} = - ] && [ {{ DIST }} = unstable -o {{ DIST }} = testing ]; then printf "systemd-journal:x:999:\nsystemd-network:x:998:\ncrontab:x:101:" >> "$1"/etc/group; fi' \
|
|
||||||
$(case {{ DIST }} in oldstable|stable) : ;; *) echo --hook-dir=./hooks/merged-usr ;; esac) \
|
$(case {{ DIST }} in oldstable|stable) : ;; *) echo --hook-dir=./hooks/merged-usr ;; esac) \
|
||||||
{{ DIST }} /tmp/debian-{{ DIST }}-mm.tar {{ MIRROR }}
|
{{ DIST }} /tmp/debian-{{ DIST }}-mm.tar {{ MIRROR }}
|
||||||
|
|
||||||
|
@ -152,21 +147,13 @@ done
|
||||||
# Because of unreproducible uids (#969631) we created the _apt user ourselves
|
# Because of unreproducible uids (#969631) we created the _apt user ourselves
|
||||||
# and because passwd is not Essential:yes we didn't use useradd. But newer
|
# and because passwd is not Essential:yes we didn't use useradd. But newer
|
||||||
# versions of adduser and shadow will create a different /etc/shadow
|
# versions of adduser and shadow will create a different /etc/shadow
|
||||||
|
case {{ DIST }} in oldstable|stable)
|
||||||
for f in shadow shadow-; do
|
for f in shadow shadow-; do
|
||||||
if grep -q '^_apt:!:' /tmp/debian-{{ DIST }}-debootstrap/etc/$f; then
|
if grep -q '^_apt:!:' /tmp/debian-{{ DIST }}-debootstrap/etc/$f; then
|
||||||
sed -i 's/^_apt:\*:\([^:]\+\):0:99999:7:::$/_apt:!:\1::::::/' /tmp/debian-{{ DIST }}-mm/etc/$f
|
sed -i 's/^_apt:\*:\([^:]\+\):0:99999:7:::$/_apt:!:\1::::::/' /tmp/debian-{{ DIST }}-mm/etc/$f
|
||||||
fi
|
fi
|
||||||
done
|
done;;
|
||||||
# same as above but for cron and systemd groups
|
esac
|
||||||
for f in gshadow gshadow-; do
|
|
||||||
for group in systemd-journal systemd-network crontab; do
|
|
||||||
for password in "!" "!\\*"; do
|
|
||||||
if grep -q '^'"$group"':'"$password"':' /tmp/debian-{{ DIST }}-debootstrap/etc/$f; then
|
|
||||||
sed -i 's/^'"$group"':x::/'"$group"':'"$password"'::/' /tmp/debian-{{ DIST }}-mm/etc/$f
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
done
|
|
||||||
done
|
|
||||||
|
|
||||||
for log in faillog lastlog; do
|
for log in faillog lastlog; do
|
||||||
if ! cmp /tmp/debian-{{ DIST }}-debootstrap/var/log/$log /tmp/debian-{{ DIST }}-mm/var/log/$log >&2;then
|
if ! cmp /tmp/debian-{{ DIST }}-debootstrap/var/log/$log /tmp/debian-{{ DIST }}-mm/var/log/$log >&2;then
|
||||||
|
@ -196,18 +183,6 @@ else
|
||||||
echo no difference for /etc/shadow- on {{ DIST }} {{ VARIANT }} >&2
|
echo no difference for /etc/shadow- on {{ DIST }} {{ VARIANT }} >&2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Because of unreproducible uids (#969631) we created the _apt user ourselves
|
|
||||||
# and because passwd is not Essential:yes we didn't use useradd. But passwd
|
|
||||||
# since 1:4.11.1+dfsg1-1 will create empty mail files, so we create it too.
|
|
||||||
# https://bugs.debian.org/1004710
|
|
||||||
if [ {{ VARIANT }} = - ]; then
|
|
||||||
if [ -e /tmp/debian-{{ DIST }}-debootstrap/var/mail/_apt ]; then
|
|
||||||
touch /tmp/debian-{{ DIST }}-mm/var/mail/_apt
|
|
||||||
chmod 660 /tmp/debian-{{ DIST }}-mm/var/mail/_apt
|
|
||||||
chown 100:8 /tmp/debian-{{ DIST }}-mm/var/mail/_apt
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# check if the file content differs
|
# check if the file content differs
|
||||||
diff --unified --no-dereference --recursive /tmp/debian-{{ DIST }}-debootstrap /tmp/debian-{{ DIST }}-mm >&2
|
diff --unified --no-dereference --recursive /tmp/debian-{{ DIST }}-debootstrap /tmp/debian-{{ DIST }}-mm >&2
|
||||||
|
|
||||||
|
@ -217,7 +192,7 @@ find /tmp/debian-{{ DIST }}-debootstrap /tmp/debian-{{ DIST }}-mm -type d -print
|
||||||
# debootstrap never ran apt -- fixing permissions
|
# debootstrap never ran apt -- fixing permissions
|
||||||
for d in ./var/lib/apt/lists/partial ./var/cache/apt/archives/partial; do
|
for d in ./var/lib/apt/lists/partial ./var/cache/apt/archives/partial; do
|
||||||
chroot /tmp/debian-{{ DIST }}-debootstrap chmod 0700 $d
|
chroot /tmp/debian-{{ DIST }}-debootstrap chmod 0700 $d
|
||||||
chroot /tmp/debian-{{ DIST }}-debootstrap chown _apt:root $d
|
chroot /tmp/debian-{{ DIST }}-debootstrap chown $(id -u _apt):root $d
|
||||||
done
|
done
|
||||||
tar -C /tmp/debian-{{ DIST }}-debootstrap --numeric-owner --sort=name --clamp-mtime --mtime=$(date --utc --date=@{{ SOURCE_DATE_EPOCH }} --iso-8601=seconds) -cf /tmp/root1.tar .
|
tar -C /tmp/debian-{{ DIST }}-debootstrap --numeric-owner --sort=name --clamp-mtime --mtime=$(date --utc --date=@{{ SOURCE_DATE_EPOCH }} --iso-8601=seconds) -cf /tmp/root1.tar .
|
||||||
tar -C /tmp/debian-{{ DIST }}-mm --numeric-owner --sort=name --clamp-mtime --mtime=$(date --utc --date=@{{ SOURCE_DATE_EPOCH }} --iso-8601=seconds) -cf /tmp/root2.tar .
|
tar -C /tmp/debian-{{ DIST }}-mm --numeric-owner --sort=name --clamp-mtime --mtime=$(date --utc --date=@{{ SOURCE_DATE_EPOCH }} --iso-8601=seconds) -cf /tmp/root2.tar .
|
||||||
|
|
|
@ -33,8 +33,7 @@ rmdir /tmp/debian-chroot
|
||||||
cmp /tmp/debian-chroot.tar /tmp/debian-chroot-shiftedback.tar
|
cmp /tmp/debian-chroot.tar /tmp/debian-chroot-shiftedback.tar
|
||||||
# manually adjust uid/gid and compare "tar -t" output
|
# manually adjust uid/gid and compare "tar -t" output
|
||||||
tar --numeric-owner -tvf /tmp/debian-chroot.tar \
|
tar --numeric-owner -tvf /tmp/debian-chroot.tar \
|
||||||
| sed 's# 100/0 # 100100/100000 #' \
|
| sed 's# 42/0 # 100042/100000 #' \
|
||||||
| sed 's# 100/8 # 100100/100008 #' \
|
|
||||||
| sed 's# 0/0 # 100000/100000 #' \
|
| sed 's# 0/0 # 100000/100000 #' \
|
||||||
| sed 's# 0/5 # 100000/100005 #' \
|
| sed 's# 0/5 # 100000/100005 #' \
|
||||||
| sed 's# 0/8 # 100000/100008 #' \
|
| sed 's# 0/8 # 100000/100008 #' \
|
||||||
|
|
Loading…
Reference in a new issue