adding support for groups for live user
This commit is contained in:
parent
2db702107d
commit
c2cfd3298f
@ -2,6 +2,9 @@
|
|||||||
-switch from python-pygpgme to python-gpgme for better performance. also clean up bGPG in general; reference KANT.
|
-switch from python-pygpgme to python-gpgme for better performance. also clean up bGPG in general; reference KANT.
|
||||||
-more pythonic! classes (because inits help), use list or tuple constant for checksums, try vars-ing the configparser stuff (and move defaults to in-code?),
|
-more pythonic! classes (because inits help), use list or tuple constant for checksums, try vars-ing the configparser stuff (and move defaults to in-code?),
|
||||||
change path combinations to use os.path.join etc.
|
change path combinations to use os.path.join etc.
|
||||||
|
-modularity: https://stackoverflow.com/a/8719100
|
||||||
|
|
||||||
|
-mtree-like functionality; if mtree spec is found, apply that to files in overlay (or chroot even); otherwise copy from overlay and don't touch chroot
|
||||||
|
|
||||||
-i_am_a_racecar optimizations
|
-i_am_a_racecar optimizations
|
||||||
- different distro guests (debian, etc.)- https://stackoverflow.com/questions/2349991/python-how-to-import-other-python-files/20749411#20749411
|
- different distro guests (debian, etc.)- https://stackoverflow.com/questions/2349991/python-how-to-import-other-python-files/20749411#20749411
|
||||||
@ -29,6 +32,8 @@
|
|||||||
--iPXE's curl
|
--iPXE's curl
|
||||||
--initrd's curl
|
--initrd's curl
|
||||||
-WISH: Better logging/debugging
|
-WISH: Better logging/debugging
|
||||||
|
https://web.archive.org/web/20170726052946/http://www.lexev.org/en/2013/python-logging-every-day/
|
||||||
|
|
||||||
-WISH: signing for secureboot releases (PreLoader and loader.efi handle this okay, but require manual intervention)
|
-WISH: signing for secureboot releases (PreLoader and loader.efi handle this okay, but require manual intervention)
|
||||||
-does loader.efi support splash backgrounds? can i implement that differently somehow?
|
-does loader.efi support splash backgrounds? can i implement that differently somehow?
|
||||||
--yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
|
--yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
|
||||||
|
@ -7,6 +7,8 @@ NOTE: Due to requiring various mounting and chrooting, BDisk must be run as the
|
|||||||
|
|
||||||
To initiate a build, simply run `<basedir>/bdisk/bdisk.py`. That's it! Everything should continue automatically.
|
To initiate a build, simply run `<basedir>/bdisk/bdisk.py`. That's it! Everything should continue automatically.
|
||||||
|
|
||||||
|
If you'd like to specify a path to a specific build configuration, you can use `<basedir>/bdisk/bdisk.py path/to/build.ini`. The default is _/etc/bdisk/build.ini_ (plus <<the_code_build_ini_code_,other locations>>).
|
||||||
|
|
||||||
If you're using a packaged version you installed from your distro's package manager, you instead should run wherever it installs to. Most likely this is going to be `/usr/sbin/bdisk`. (On systemd build hosts that have done the https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge/[/usr merge^], you can use `/usr/sbin/bdisk` or `/sbin/bdisk`.)
|
If you're using a packaged version you installed from your distro's package manager, you instead should run wherever it installs to. Most likely this is going to be `/usr/sbin/bdisk`. (On systemd build hosts that have done the https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge/[/usr merge^], you can use `/usr/sbin/bdisk` or `/sbin/bdisk`.)
|
||||||
|
|
||||||
If you encounter any issues during the process, make sure you read the documentation -- if your issue still isn't addressed, please be sure to file a <<bug_reports_feature_requests,bug report>>!
|
If you encounter any issues during the process, make sure you read the documentation -- if your issue still isn't addressed, please be sure to file a <<bug_reports_feature_requests,bug report>>!
|
||||||
|
@ -35,6 +35,7 @@ We'll go into more detail for each section below.
|
|||||||
[user]
|
[user]
|
||||||
username = ${bdisk:uxname}
|
username = ${bdisk:uxname}
|
||||||
name = Default user
|
name = Default user
|
||||||
|
groups = ${bdisk:uxname},admin
|
||||||
password = $$6$$t92Uvm1ETLocDb1D$$BvI0Sa6CSXxzIKBinIaJHb1gLJWheoXp7WzdideAJN46aChFu3hKg07QaIJNk4dfIJ2ry3tEfo3FRvstKWasg/
|
password = $$6$$t92Uvm1ETLocDb1D$$BvI0Sa6CSXxzIKBinIaJHb1gLJWheoXp7WzdideAJN46aChFu3hKg07QaIJNk4dfIJ2ry3tEfo3FRvstKWasg/
|
||||||
[source_x86_64]
|
[source_x86_64]
|
||||||
mirror = mirror.us.leaseweb.net
|
mirror = mirror.us.leaseweb.net
|
||||||
@ -192,6 +193,15 @@ What comment/description/real name should be used for the user? For more informa
|
|||||||
|
|
||||||
. ASCII only
|
. ASCII only
|
||||||
|
|
||||||
|
==== `groups`
|
||||||
|
What groups this user should be added to, comma-separated. They will be created if they don't exist yet. Standard *nix group names rules apply:
|
||||||
|
|
||||||
|
. ASCII only
|
||||||
|
. 32 characters or less
|
||||||
|
. Can only contain lower-case letters, numeric digits, underscores, or dashes (and can end with a dollar sign)
|
||||||
|
. Must start with a (lower-case) letter or underscore
|
||||||
|
. No whitespace
|
||||||
|
|
||||||
==== `password`
|
==== `password`
|
||||||
The escaped, salted, hashed string to use for the non-root user.
|
The escaped, salted, hashed string to use for the non-root user.
|
||||||
|
|
||||||
|
@ -26,6 +26,7 @@ user = yes
|
|||||||
[user]
|
[user]
|
||||||
username = ${bdisk:uxname}
|
username = ${bdisk:uxname}
|
||||||
name = Default user
|
name = Default user
|
||||||
|
groups = ${bdisk:uxname},admin
|
||||||
password =
|
password =
|
||||||
|
|
||||||
[source_x86_64]
|
[source_x86_64]
|
||||||
|
@ -26,6 +26,7 @@ user = yes
|
|||||||
[user]
|
[user]
|
||||||
username = ${bdisk:uxname}
|
username = ${bdisk:uxname}
|
||||||
name = Default user
|
name = Default user
|
||||||
|
groups = ${bdisk:uxname},admin
|
||||||
password =
|
password =
|
||||||
|
|
||||||
[source_x86_64]
|
[source_x86_64]
|
||||||
|
@ -141,7 +141,12 @@ then
|
|||||||
fi
|
fi
|
||||||
# Add the regular user
|
# Add the regular user
|
||||||
useradd -m -s /bin/bash -c "${USERCOMMENT}" ${REGUSR}
|
useradd -m -s /bin/bash -c "${USERCOMMENT}" ${REGUSR}
|
||||||
usermod -aG users,games,video,audio ${REGUSR}
|
usermod -aG users,games,video,audio ${REGUSR} # TODO: remove this in lieu of $REGUSR_GRPS? these are all kind of required, though, for regular users anyways
|
||||||
|
for g in $(echo ${REGUSR_GRPS} | sed 's/,[[:space:]]*/ /g');
|
||||||
|
do
|
||||||
|
getent group ${g} > /dev/null 2>&1 || groupadd ${g}
|
||||||
|
usermod -aG ${g} ${REGUSR}
|
||||||
|
done
|
||||||
passwd -d ${REGUSR}
|
passwd -d ${REGUSR}
|
||||||
# Add them to sudoers
|
# Add them to sudoers
|
||||||
mkdir -p /etc/sudoers.d
|
mkdir -p /etc/sudoers.d
|
||||||
|
@ -4,6 +4,7 @@ export PNAME='{{ bdisk['name'] }}'
|
|||||||
export DISTPUB='{{ bdisk['dev'] }}'
|
export DISTPUB='{{ bdisk['dev'] }}'
|
||||||
export DISTDESC='{{ bdisk['desc'] }}'
|
export DISTDESC='{{ bdisk['desc'] }}'
|
||||||
export REGUSR='{{ user['username']|lower }}'
|
export REGUSR='{{ user['username']|lower }}'
|
||||||
|
export REGUSR_GRPS='{{ user['groups'] }}'
|
||||||
export USERCOMMENT='{{ user['name'] }}'
|
export USERCOMMENT='{{ user['name'] }}'
|
||||||
export REGUSR_PASS='{{ user['password'] }}'
|
export REGUSR_PASS='{{ user['password'] }}'
|
||||||
export ROOT_PASS='{{ bdisk['root_password'] }}'
|
export ROOT_PASS='{{ bdisk['root_password'] }}'
|
||||||
|
Loading…
Reference in New Issue
Block a user