The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=02dfca2458081587d8224c5ebf8bde99fa360f94
commit 02dfca2458081587d8224c5ebf8bde99fa360f94 Author: Mark Johnston <[email protected]> AuthorDate: 2025-09-19 21:01:52 +0000 Commit: Mark Johnston <[email protected]> CommitDate: 2025-10-04 12:43:14 +0000 release: Complete NO_ROOTification of Vagrant builds - Don't clean pkg files, they won't be recorded in the manifest anyway. - Use pw's new metalog mode to create the vagrant user. Note that we do not need to manually create the home directory, pw will do it, so just remove that. - Write metalog entries for the vagrant user's ssh key dir and authorized keys file Note, this depends on an updated pw being installed on the host. Reviewed by: emaste MFC after: 1 day Sponsored by: Klara, Inc. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52631 --- release/tools/vagrant.conf | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/release/tools/vagrant.conf b/release/tools/vagrant.conf index 7ab0e1238693..5b0f38b740a6 100644 --- a/release/tools/vagrant.conf +++ b/release/tools/vagrant.conf @@ -14,14 +14,16 @@ export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} shells/bash \ export VM_RC_LIST="firstboot_freebsd_update firstboot_pkgs growfs" vagrant_common () { - # The firstboot_pkgs rc.d script will download the repository - # catalogue and install or update pkg when the instance first - # launches, so these files would just be replaced anyway; removing - # them from the image allows it to boot faster. - env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} clean -y -a - env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} delete -f -y pkg - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods + if [ -z "${NO_ROOT}" ]; then + # The firstboot_pkgs rc.d script will download the repository + # catalogue and install or update pkg when the instance first + # launches, so these files would just be replaced anyway; + # removing them from the image allows it to boot faster. + pkg -c ${DESTDIR} clean -y -a + pkg -c ${DESTDIR} delete -f -y pkg + rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports + rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods + fi # Vagrant instances use DHCP to get their network configuration. echo 'ifconfig_DEFAULT="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf @@ -40,8 +42,7 @@ vagrant_common () { # Create the vagrant user with a password of vagrant /usr/sbin/pw -R ${DESTDIR} \ groupadd vagrant -g 1001 - chroot ${DESTDIR} mkdir -p /home/vagrant - /usr/sbin/pw -R ${DESTDIR} \ + /usr/sbin/pw -R ${DESTDIR} -M ${DESTDIR}/METALOG \ useradd vagrant \ -m -M 0755 -w yes -n vagrant -u 1001 -g 1001 -G 0 \ -c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh' @@ -58,11 +59,11 @@ vagrant_common () { echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys - metalog_add_data ./home/vagrant/.ssh/authorized_keys 0600 chmod 700 ${DESTDIR}/home/vagrant/.ssh chown -R 1001 ${DESTDIR}/home/vagrant/.ssh - echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> METALOG + echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> ${DESTDIR}/METALOG + echo "./home/vagrant/.ssh/authorized_keys type=file uid=1001 gid=1001 mode=0600" >> ${DESTDIR}/METALOG # Reboot quickly, Don't wait at the panic screen echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf
