Moving to sudo, and pwdfile with plymouth set screen for live and install modes.
This commit is contained in:
parent
0c40635fc3
commit
5beb52a4df
@ -37,7 +37,9 @@ SRC_URI = "\
|
|||||||
file://locale.conf \
|
file://locale.conf \
|
||||||
file://environment.sh \
|
file://environment.sh \
|
||||||
file://fstab \
|
file://fstab \
|
||||||
|
file://sudo-citadel \
|
||||||
file://citadel-ifconfig.sh \
|
file://citadel-ifconfig.sh \
|
||||||
|
file://citadel-setpassword.sh \
|
||||||
file://00-storage-tmpfiles.conf \
|
file://00-storage-tmpfiles.conf \
|
||||||
file://NetworkManager.conf \
|
file://NetworkManager.conf \
|
||||||
file://share/dot.bashrc \
|
file://share/dot.bashrc \
|
||||||
@ -48,6 +50,7 @@ SRC_URI = "\
|
|||||||
file://systemd/zram-swap.service \
|
file://systemd/zram-swap.service \
|
||||||
file://systemd/iptables.service \
|
file://systemd/iptables.service \
|
||||||
file://systemd/session-switcher.service \
|
file://systemd/session-switcher.service \
|
||||||
|
file://systemd/citadel-setpassword.service \
|
||||||
file://skel/profile \
|
file://skel/profile \
|
||||||
file://skel/bashrc \
|
file://skel/bashrc \
|
||||||
file://skel/vimrc \
|
file://skel/vimrc \
|
||||||
@ -64,12 +67,12 @@ USERADD_PACKAGES = "${PN}"
|
|||||||
USERADD_PARAM_${PN} = "-m -u 1000 -s /bin/bash citadel"
|
USERADD_PARAM_${PN} = "-m -u 1000 -s /bin/bash citadel"
|
||||||
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
|
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
|
||||||
|
|
||||||
# for citadel-ifconfig.sh
|
# for citadel-ifconfig.sh citadel-setpassword.sh
|
||||||
RDEPENDS_${PN} = "bash"
|
RDEPENDS_${PN} = "bash"
|
||||||
|
|
||||||
inherit allarch systemd useradd
|
inherit allarch systemd useradd
|
||||||
|
|
||||||
SYSTEMD_SERVICE_${PN} = "zram-swap.service watch-run-user.path iptables.service session-switcher.service"
|
SYSTEMD_SERVICE_${PN} = "zram-swap.service watch-run-user.path iptables.service session-switcher.service citadel-setpassword.service"
|
||||||
|
|
||||||
do_install() {
|
do_install() {
|
||||||
install -m 0755 -d ${D}/storage
|
install -m 0755 -d ${D}/storage
|
||||||
@ -83,14 +86,17 @@ do_install() {
|
|||||||
install -m 0755 -d ${D}${sysconfdir}/NetworkManager
|
install -m 0755 -d ${D}${sysconfdir}/NetworkManager
|
||||||
install -m 0755 -d ${D}${sysconfdir}/polkit-1/rules.d
|
install -m 0755 -d ${D}${sysconfdir}/polkit-1/rules.d
|
||||||
install -m 0755 -d ${D}${sysconfdir}/modprobe.d
|
install -m 0755 -d ${D}${sysconfdir}/modprobe.d
|
||||||
|
install -m 0755 -d ${D}${sysconfdir}/sudoers.d
|
||||||
install -m 0755 -d ${D}${datadir}/iptables
|
install -m 0755 -d ${D}${datadir}/iptables
|
||||||
install -m 0755 -d ${D}${datadir}/factory/skel
|
install -m 0755 -d ${D}${datadir}/factory/skel
|
||||||
install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager
|
install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager
|
||||||
install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager/system-connections
|
install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager/system-connections
|
||||||
|
install -m 0755 -d ${D}${datadir}/citadel
|
||||||
|
|
||||||
install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf
|
install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf
|
||||||
install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh
|
install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh
|
||||||
install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab
|
install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab
|
||||||
|
install -m 0440 ${WORKDIR}/sudo-citadel ${D}${sysconfdir}/sudoers.d/citadel
|
||||||
install -m 0644 ${WORKDIR}/00-storage-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d
|
install -m 0644 ${WORKDIR}/00-storage-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d
|
||||||
install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager
|
install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager
|
||||||
|
|
||||||
@ -99,6 +105,7 @@ do_install() {
|
|||||||
install -m 644 ${WORKDIR}/systemd/iptables.service ${D}${systemd_system_unitdir}
|
install -m 644 ${WORKDIR}/systemd/iptables.service ${D}${systemd_system_unitdir}
|
||||||
|
|
||||||
install -m 644 ${WORKDIR}/systemd/session-switcher.service ${D}${systemd_system_unitdir}
|
install -m 644 ${WORKDIR}/systemd/session-switcher.service ${D}${systemd_system_unitdir}
|
||||||
|
install -m 644 ${WORKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir}
|
||||||
|
|
||||||
install -m 644 ${WORKDIR}/systemd/watch-run-user.path ${D}${systemd_system_unitdir}
|
install -m 644 ${WORKDIR}/systemd/watch-run-user.path ${D}${systemd_system_unitdir}
|
||||||
install -m 644 ${WORKDIR}/systemd/watch-run-user.service ${D}${systemd_system_unitdir}
|
install -m 644 ${WORKDIR}/systemd/watch-run-user.service ${D}${systemd_system_unitdir}
|
||||||
@ -114,6 +121,7 @@ do_install() {
|
|||||||
|
|
||||||
install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/
|
install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/
|
||||||
install -m 0755 ${WORKDIR}/citadel-ifconfig.sh ${D}${libexecdir}
|
install -m 0755 ${WORKDIR}/citadel-ifconfig.sh ${D}${libexecdir}
|
||||||
|
install -m 0754 ${WORKDIR}/citadel-setpassword.sh ${D}${libexecdir}
|
||||||
|
|
||||||
install -m 0644 ${WORKDIR}/udev/pci-pm.rules ${D}${sysconfdir}/udev/rules.d/
|
install -m 0644 ${WORKDIR}/udev/pci-pm.rules ${D}${sysconfdir}/udev/rules.d/
|
||||||
install -m 0644 ${WORKDIR}/udev/scsi-alpm.rules ${D}${sysconfdir}/udev/rules.d/
|
install -m 0644 ${WORKDIR}/udev/scsi-alpm.rules ${D}${sysconfdir}/udev/rules.d/
|
||||||
|
36
meta-citadel/recipes-citadel/citadel-config/files/citadel-setpassword.sh
Executable file
36
meta-citadel/recipes-citadel/citadel-config/files/citadel-setpassword.sh
Executable file
@ -0,0 +1,36 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PF="/storage/citadel-state/passwd"
|
||||||
|
if [ -e "${PF}" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
success=
|
||||||
|
for ((I = 0; I < 3; I++)); do
|
||||||
|
P1=
|
||||||
|
P2=
|
||||||
|
/usr/bin/plymouth display-message --text='Set new user password...'
|
||||||
|
/usr/bin/plymouth pause-progress
|
||||||
|
P1="$(/usr/bin/plymouth ask-for-password --prompt='Password')"
|
||||||
|
/usr/bin/plymouth unpause-progress
|
||||||
|
/usr/bin/plymouth pause-progress
|
||||||
|
P2="$(/usr/bin/plymouth ask-for-password --prompt='Confirm')"
|
||||||
|
|
||||||
|
if [ -n "${P1}" -a "${P1}" == "${P2}" ]; then
|
||||||
|
/usr/bin/plymouth unpause-progress
|
||||||
|
success=true
|
||||||
|
break;
|
||||||
|
fi
|
||||||
|
/usr/bin/plymouth display-message --text='Passwords do not match, try again...'
|
||||||
|
/usr/bin/plymouth unpause-progress
|
||||||
|
sleep 3
|
||||||
|
done
|
||||||
|
if [ -n "${success}" ]; then
|
||||||
|
crypt=$(echo -n "${P1}" | /usr/bin/mkpasswd -s -m sha-512)
|
||||||
|
echo "citadel:${crypt}" > ${PF}
|
||||||
|
chmod 444 "${PF}"
|
||||||
|
/usr/bin/plymouth display-message --text='Password set succesfully...'
|
||||||
|
else
|
||||||
|
/usr/bin/plymouth display-message --text='Failed to set password...'
|
||||||
|
fi
|
||||||
|
exit 0;
|
@ -0,0 +1,2 @@
|
|||||||
|
# Citadel sudo
|
||||||
|
citadel ALL=(ALL:ALL) ALL
|
@ -0,0 +1,14 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Citadel Set Password
|
||||||
|
After=storage.mount
|
||||||
|
Requires=storage.mount
|
||||||
|
Before=gdm.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=no
|
||||||
|
ExecStart=/usr/libexec/citadel-setpassword.sh
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
RequiredBy=graphical.target
|
@ -4,7 +4,7 @@ LICENSE = "MIT"
|
|||||||
|
|
||||||
SYSTEMD_DEFAULT_TARGET = "graphical.target"
|
SYSTEMD_DEFAULT_TARGET = "graphical.target"
|
||||||
|
|
||||||
ROOTFS_POSTPROCESS_COMMAND += "set_citadel_user_password; symlink_lib64; setup_var; append_os_release;"
|
ROOTFS_POSTPROCESS_COMMAND += "set_disable_root_password; symlink_lib64; setup_var; append_os_release;"
|
||||||
|
|
||||||
IMAGE_INSTALL += "\
|
IMAGE_INSTALL += "\
|
||||||
packagegroup-citadel-base \
|
packagegroup-citadel-base \
|
||||||
@ -18,7 +18,7 @@ require citadel-image.inc
|
|||||||
inherit citadel-image
|
inherit citadel-image
|
||||||
|
|
||||||
set_blank_user_password() {
|
set_blank_user_password() {
|
||||||
sed -i 's%^citadel:!:%citadel::%' ${IMAGE_ROOTFS}/etc/shadow
|
sed -i 's%^citadel::%citadel:!:%' ${IMAGE_ROOTFS}/etc/shadow
|
||||||
}
|
}
|
||||||
|
|
||||||
set_citadel_user_password() {
|
set_citadel_user_password() {
|
||||||
@ -26,6 +26,10 @@ set_citadel_user_password() {
|
|||||||
sed -i 's%^citadel:!:%citadel:aadg8rGtZzOY6:%' ${IMAGE_ROOTFS}/etc/shadow
|
sed -i 's%^citadel:!:%citadel:aadg8rGtZzOY6:%' ${IMAGE_ROOTFS}/etc/shadow
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_disable_root_password() {
|
||||||
|
sed -i 's%^root::%root:!:%' ${IMAGE_ROOTFS}/etc/shadow
|
||||||
|
}
|
||||||
|
|
||||||
setup_var() {
|
setup_var() {
|
||||||
install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/var
|
install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/var
|
||||||
install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/home
|
install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/home
|
||||||
|
@ -70,10 +70,13 @@ RDEPENDS_${PN} = "\
|
|||||||
e2fsprogs-resize2fs \
|
e2fsprogs-resize2fs \
|
||||||
dosfstools \
|
dosfstools \
|
||||||
libpam \
|
libpam \
|
||||||
|
libpam-pwdfile \
|
||||||
|
mkpasswd \
|
||||||
wireguard-tools \
|
wireguard-tools \
|
||||||
resolvconf \
|
resolvconf \
|
||||||
udisks2 \
|
udisks2 \
|
||||||
efivar \
|
efivar \
|
||||||
efibootmgr \
|
efibootmgr \
|
||||||
iw \
|
iw \
|
||||||
|
sudo \
|
||||||
"
|
"
|
||||||
|
29
meta-citadel/recipes-support/libidn2/libidn2_2.0.5.bb
Normal file
29
meta-citadel/recipes-support/libidn2/libidn2_2.0.5.bb
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
SUMMARY = "Internationalized Domain Name support library"
|
||||||
|
DESCRIPTION = "Implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names (IDN) working group."
|
||||||
|
HOMEPAGE = "http://www.gnu.org/software/libidn/"
|
||||||
|
SECTION = "libs"
|
||||||
|
LICENSE = "(GPLv2+ | LGPLv3) & GPLv3+"
|
||||||
|
LIC_FILES_CHKSUM = "file://COPYING;md5=ab90e75ef97cc6318ce4f2fbda62fe4d \
|
||||||
|
file://COPYING.LESSERv3;md5=e6a600fd5e1d9cbde2d983680233ad02 \
|
||||||
|
file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
|
||||||
|
file://src/idn2.c;endline=16;md5=0283aec28e049f5bcaaeee52aa865874 \
|
||||||
|
file://lib/idn2.h.in;endline=27;md5=c2cd28d3f87260f157f022eabb83714f"
|
||||||
|
|
||||||
|
SRC_URI = "${GNU_MIRROR}/libidn/${BPN}-${PV}.tar.gz"
|
||||||
|
|
||||||
|
SRC_URI[md5sum] = "eaf9a5b9d03b0cce3760f34b3124eb36"
|
||||||
|
SRC_URI[sha256sum] = "53f69170886f1fa6fa5b332439c7a77a7d22626a82ef17e2c1224858bb4ca2b8"
|
||||||
|
|
||||||
|
DEPENDS = "virtual/libiconv libunistring"
|
||||||
|
|
||||||
|
inherit pkgconfig autotools gettext texinfo gtk-doc lib_package
|
||||||
|
|
||||||
|
EXTRA_OECONF += "--disable-rpath \
|
||||||
|
--with-libunistring-prefix=${STAGING_EXECPREFIXDIR} \
|
||||||
|
"
|
||||||
|
|
||||||
|
LICENSE_${PN} = "(GPLv2+ | LGPLv3)"
|
||||||
|
LICENSE_${PN}-bin = "GPLv3+"
|
||||||
|
|
||||||
|
BBCLASSEXTEND = "native nativesdk"
|
||||||
|
|
@ -0,0 +1,24 @@
|
|||||||
|
SUMMARY = "PAM pwdfile library"
|
||||||
|
SECTION = "libs"
|
||||||
|
|
||||||
|
LICENSE = "BSD"
|
||||||
|
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
|
||||||
|
|
||||||
|
SRC_URI = "https://github.com/tiwe-de/libpam-pwdfile/archive/v${PV}.tar.gz"
|
||||||
|
SRC_URI[md5sum] = "1546a57bfe50800175f7cbc88ade4a15"
|
||||||
|
SRC_URI[sha256sum] = "5b8db1397cff9cadfd1bb96f53c134b787ab0e6a0fbedb71040541d340313ba2"
|
||||||
|
|
||||||
|
S = "${WORKDIR}/libpam-pwdfile-${PV}"
|
||||||
|
|
||||||
|
DEPENDS = "libpam libxcrypt"
|
||||||
|
inherit lib_package pkgconfig
|
||||||
|
|
||||||
|
FILES_${PN} += "${libdir}/security/pam_pwdfile.so"
|
||||||
|
|
||||||
|
do_compile_class() {
|
||||||
|
oe_runmake CC_FOR_BUILD="${BUILD_CC}" PAM_LIB_DIR=${libdir}/security
|
||||||
|
}
|
||||||
|
|
||||||
|
do_install() {
|
||||||
|
oe_runmake install DESTDIR=${D} PAM_LIB_DIR=${libdir}/security
|
||||||
|
}
|
19
meta-citadel/recipes-support/mkpasswd/mkpasswd_5.4.2.bb
Normal file
19
meta-citadel/recipes-support/mkpasswd/mkpasswd_5.4.2.bb
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
LICENSE = "GPLv2"
|
||||||
|
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
|
||||||
|
|
||||||
|
SRC_URI = "http://ftp.debian.org/debian/pool/main/w/whois/whois_${PV}.tar.xz"
|
||||||
|
SRC_URI[md5sum] = "8bbf1105702b9a03445211f45bd53efe"
|
||||||
|
SRC_URI[sha256sum] = "eee33a3b3a56912fbf115a7dd24ed60314e2707a3ad6aa604ca2752c1ed01f57"
|
||||||
|
S = "${WORKDIR}/whois-${PV}"
|
||||||
|
|
||||||
|
DEPENDS = "libxcrypt libidn2"
|
||||||
|
RDEPENDS_${PN} = "libxcrypt libidn2"
|
||||||
|
inherit pkgconfig gettext
|
||||||
|
|
||||||
|
do_compile() {
|
||||||
|
oe_runmake CC_FOR_BUILD="${BUILD_CC}" BASEDIR=${D}
|
||||||
|
}
|
||||||
|
|
||||||
|
do_install() {
|
||||||
|
oe_runmake install-mkpasswd DESTDIR=${D} BASEDIR=${D}
|
||||||
|
}
|
20
meta-citadel/recipes-support/pam/files/pam.d/common-auth
Normal file
20
meta-citadel/recipes-support/pam/files/pam.d/common-auth
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#
|
||||||
|
# /etc/pam.d/common-auth - authentication settings common to all services
|
||||||
|
#
|
||||||
|
# This file is included from other service-specific PAM config files,
|
||||||
|
# and should contain a list of the authentication modules that define
|
||||||
|
# the central authentication scheme for use on the system
|
||||||
|
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
|
||||||
|
# traditional Unix authentication mechanisms.
|
||||||
|
|
||||||
|
# here are the per-package modules (the "Primary" block)
|
||||||
|
# citadel pwdfile support
|
||||||
|
auth [success=2 authinfo_unavail=reset new_authtok_reqd=ok ignore=ignore default=bad] pam_pwdfile.so pwdfile=/storage/citadel-state/passwd
|
||||||
|
auth [success=1 default=ignore] pam_unix.so nullok_secure
|
||||||
|
# here's the fallback if no module succeeds
|
||||||
|
auth requisite pam_deny.so
|
||||||
|
# prime the stack with a positive return value if there isn't one already;
|
||||||
|
# this avoids us returning an error just because nothing sets a success code
|
||||||
|
# since the modules above will each just jump around
|
||||||
|
auth required pam_permit.so
|
||||||
|
# and here are more per-package modules (the "Additional" block)
|
3
meta-citadel/recipes-support/pam/libpam_%.bbappend
Normal file
3
meta-citadel/recipes-support/pam/libpam_%.bbappend
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
|
||||||
|
|
||||||
|
SRC_URI += "file://pam.d/common-auth"
|
Loading…
Reference in New Issue
Block a user