git: 135cb071e068 - main - release: Prepare Vagrant cloudware images for building as non-root

Tue, 16 Sep 2025 13:51:48 -0700 

The branch main has been updated by markj:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=135cb071e0683ea947c308a2de404d1185558ea6

commit 135cb071e0683ea947c308a2de404d1185558ea6
Author:     Mark Johnston <ma...@freebsd.org>
AuthorDate: 2025-09-16 16:54:25 +0000
Commit:     Mark Johnston <ma...@freebsd.org>
CommitDate: 2025-09-16 20:50:33 +0000

    release: Prepare Vagrant cloudware images for building as non-root
    
    Add metalog entries for various files.  This is a bit incomplete as
    pw(8) doesn't yet have support for emitting metalog entries, which we
    need since it's used here to create an interactive user.
    
    Reviewed by:    emaste
    MFC after:      3 days
    Sponsored by:   The FreeBSD Foundation
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D52456
---
 release/tools/vagrant.conf | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/release/tools/vagrant.conf b/release/tools/vagrant.conf
index 506174d0ea16..7ab0e1238693 100644
--- a/release/tools/vagrant.conf
+++ b/release/tools/vagrant.conf
@@ -47,19 +47,22 @@ vagrant_common () {
                -c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh'
 
        # Change root's password to vagrant
-       echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} \
-               usermod root -h 0
+       echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} usermod root -h 0
 
        # Configure sudo to allow the vagrant user
        echo 'vagrant ALL=(ALL:ALL) NOPASSWD: ALL' >> 
${DESTDIR}/usr/local/etc/sudoers
 
        # Configure the vagrant ssh keys
        mkdir ${DESTDIR}/home/vagrant/.ssh
-       chmod 700 ${DESTDIR}/home/vagrant/.ssh
+
        echo "ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==
 vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys
        echo "ssh-ed25519 
AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant 
insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys
-       chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
        chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys
+       metalog_add_data ./home/vagrant/.ssh/authorized_keys 0600
+
+       chmod 700 ${DESTDIR}/home/vagrant/.ssh
+       chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
+       echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> 
METALOG
 
        # Reboot quickly, Don't wait at the panic screen
        echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf
@@ -68,6 +71,7 @@ vagrant_common () {
 
        # The console is not interactive, so we might as well boot quickly.
        echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
+       metalog_add_data ./boot/loader.conf
 
        # The first time the VM boots, the installed "first boot" scripts
        # should be allowed to run:

Reply via email to