Moving to sudo, and pwdfile with plymouth set screen for live and install modes.

This commit is contained in:
xSmurf 2019-06-07 23:36:57 -04:00 committed by Bruce Leidl
parent 0c40635fc3
commit 5beb52a4df
11 changed files with 166 additions and 4 deletions

View File

@ -37,7 +37,9 @@ SRC_URI = "\
file://locale.conf \ file://locale.conf \
file://environment.sh \ file://environment.sh \
file://fstab \ file://fstab \
file://sudo-citadel \
file://citadel-ifconfig.sh \ file://citadel-ifconfig.sh \
file://citadel-setpassword.sh \
file://00-storage-tmpfiles.conf \ file://00-storage-tmpfiles.conf \
file://NetworkManager.conf \ file://NetworkManager.conf \
file://share/dot.bashrc \ file://share/dot.bashrc \
@ -48,6 +50,7 @@ SRC_URI = "\
file://systemd/zram-swap.service \ file://systemd/zram-swap.service \
file://systemd/iptables.service \ file://systemd/iptables.service \
file://systemd/session-switcher.service \ file://systemd/session-switcher.service \
file://systemd/citadel-setpassword.service \
file://skel/profile \ file://skel/profile \
file://skel/bashrc \ file://skel/bashrc \
file://skel/vimrc \ file://skel/vimrc \
@ -64,12 +67,12 @@ USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-m -u 1000 -s /bin/bash citadel" USERADD_PARAM_${PN} = "-m -u 1000 -s /bin/bash citadel"
INHIBIT_PACKAGE_DEBUG_SPLIT = "1" INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
# for citadel-ifconfig.sh # for citadel-ifconfig.sh citadel-setpassword.sh
RDEPENDS_${PN} = "bash" RDEPENDS_${PN} = "bash"
inherit allarch systemd useradd inherit allarch systemd useradd
SYSTEMD_SERVICE_${PN} = "zram-swap.service watch-run-user.path iptables.service session-switcher.service" SYSTEMD_SERVICE_${PN} = "zram-swap.service watch-run-user.path iptables.service session-switcher.service citadel-setpassword.service"
do_install() { do_install() {
install -m 0755 -d ${D}/storage install -m 0755 -d ${D}/storage
@ -83,14 +86,17 @@ do_install() {
install -m 0755 -d ${D}${sysconfdir}/NetworkManager install -m 0755 -d ${D}${sysconfdir}/NetworkManager
install -m 0755 -d ${D}${sysconfdir}/polkit-1/rules.d install -m 0755 -d ${D}${sysconfdir}/polkit-1/rules.d
install -m 0755 -d ${D}${sysconfdir}/modprobe.d install -m 0755 -d ${D}${sysconfdir}/modprobe.d
install -m 0755 -d ${D}${sysconfdir}/sudoers.d
install -m 0755 -d ${D}${datadir}/iptables install -m 0755 -d ${D}${datadir}/iptables
install -m 0755 -d ${D}${datadir}/factory/skel install -m 0755 -d ${D}${datadir}/factory/skel
install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager
install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager/system-connections install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager/system-connections
install -m 0755 -d ${D}${datadir}/citadel
install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf
install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh
install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab
install -m 0440 ${WORKDIR}/sudo-citadel ${D}${sysconfdir}/sudoers.d/citadel
install -m 0644 ${WORKDIR}/00-storage-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d install -m 0644 ${WORKDIR}/00-storage-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d
install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager
@ -99,6 +105,7 @@ do_install() {
install -m 644 ${WORKDIR}/systemd/iptables.service ${D}${systemd_system_unitdir} install -m 644 ${WORKDIR}/systemd/iptables.service ${D}${systemd_system_unitdir}
install -m 644 ${WORKDIR}/systemd/session-switcher.service ${D}${systemd_system_unitdir} install -m 644 ${WORKDIR}/systemd/session-switcher.service ${D}${systemd_system_unitdir}
install -m 644 ${WORKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir}
install -m 644 ${WORKDIR}/systemd/watch-run-user.path ${D}${systemd_system_unitdir} install -m 644 ${WORKDIR}/systemd/watch-run-user.path ${D}${systemd_system_unitdir}
install -m 644 ${WORKDIR}/systemd/watch-run-user.service ${D}${systemd_system_unitdir} install -m 644 ${WORKDIR}/systemd/watch-run-user.service ${D}${systemd_system_unitdir}
@ -114,6 +121,7 @@ do_install() {
install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/ install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/
install -m 0755 ${WORKDIR}/citadel-ifconfig.sh ${D}${libexecdir} install -m 0755 ${WORKDIR}/citadel-ifconfig.sh ${D}${libexecdir}
install -m 0754 ${WORKDIR}/citadel-setpassword.sh ${D}${libexecdir}
install -m 0644 ${WORKDIR}/udev/pci-pm.rules ${D}${sysconfdir}/udev/rules.d/ install -m 0644 ${WORKDIR}/udev/pci-pm.rules ${D}${sysconfdir}/udev/rules.d/
install -m 0644 ${WORKDIR}/udev/scsi-alpm.rules ${D}${sysconfdir}/udev/rules.d/ install -m 0644 ${WORKDIR}/udev/scsi-alpm.rules ${D}${sysconfdir}/udev/rules.d/

View File

@ -0,0 +1,36 @@
#!/bin/bash
PF="/storage/citadel-state/passwd"
if [ -e "${PF}" ]; then
exit 0
fi
success=
for ((I = 0; I < 3; I++)); do
P1=
P2=
/usr/bin/plymouth display-message --text='Set new user password...'
/usr/bin/plymouth pause-progress
P1="$(/usr/bin/plymouth ask-for-password --prompt='Password')"
/usr/bin/plymouth unpause-progress
/usr/bin/plymouth pause-progress
P2="$(/usr/bin/plymouth ask-for-password --prompt='Confirm')"
if [ -n "${P1}" -a "${P1}" == "${P2}" ]; then
/usr/bin/plymouth unpause-progress
success=true
break;
fi
/usr/bin/plymouth display-message --text='Passwords do not match, try again...'
/usr/bin/plymouth unpause-progress
sleep 3
done
if [ -n "${success}" ]; then
crypt=$(echo -n "${P1}" | /usr/bin/mkpasswd -s -m sha-512)
echo "citadel:${crypt}" > ${PF}
chmod 444 "${PF}"
/usr/bin/plymouth display-message --text='Password set succesfully...'
else
/usr/bin/plymouth display-message --text='Failed to set password...'
fi
exit 0;

View File

@ -0,0 +1,2 @@
# Citadel sudo
citadel ALL=(ALL:ALL) ALL

View File

@ -0,0 +1,14 @@
[Unit]
Description=Citadel Set Password
After=storage.mount
Requires=storage.mount
Before=gdm.service
[Service]
Type=oneshot
RemainAfterExit=no
ExecStart=/usr/libexec/citadel-setpassword.sh
[Install]
WantedBy=multi-user.target
RequiredBy=graphical.target

View File

@ -4,7 +4,7 @@ LICENSE = "MIT"
SYSTEMD_DEFAULT_TARGET = "graphical.target" SYSTEMD_DEFAULT_TARGET = "graphical.target"
ROOTFS_POSTPROCESS_COMMAND += "set_citadel_user_password; symlink_lib64; setup_var; append_os_release;" ROOTFS_POSTPROCESS_COMMAND += "set_disable_root_password; symlink_lib64; setup_var; append_os_release;"
IMAGE_INSTALL += "\ IMAGE_INSTALL += "\
packagegroup-citadel-base \ packagegroup-citadel-base \
@ -18,7 +18,7 @@ require citadel-image.inc
inherit citadel-image inherit citadel-image
set_blank_user_password() { set_blank_user_password() {
sed -i 's%^citadel:!:%citadel::%' ${IMAGE_ROOTFS}/etc/shadow sed -i 's%^citadel::%citadel:!:%' ${IMAGE_ROOTFS}/etc/shadow
} }
set_citadel_user_password() { set_citadel_user_password() {
@ -26,6 +26,10 @@ set_citadel_user_password() {
sed -i 's%^citadel:!:%citadel:aadg8rGtZzOY6:%' ${IMAGE_ROOTFS}/etc/shadow sed -i 's%^citadel:!:%citadel:aadg8rGtZzOY6:%' ${IMAGE_ROOTFS}/etc/shadow
} }
set_disable_root_password() {
sed -i 's%^root::%root:!:%' ${IMAGE_ROOTFS}/etc/shadow
}
setup_var() { setup_var() {
install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/var install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/var
install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/home install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/home

View File

@ -70,10 +70,13 @@ RDEPENDS_${PN} = "\
e2fsprogs-resize2fs \ e2fsprogs-resize2fs \
dosfstools \ dosfstools \
libpam \ libpam \
libpam-pwdfile \
mkpasswd \
wireguard-tools \ wireguard-tools \
resolvconf \ resolvconf \
udisks2 \ udisks2 \
efivar \ efivar \
efibootmgr \ efibootmgr \
iw \ iw \
sudo \
" "

View File

@ -0,0 +1,29 @@
SUMMARY = "Internationalized Domain Name support library"
DESCRIPTION = "Implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names (IDN) working group."
HOMEPAGE = "http://www.gnu.org/software/libidn/"
SECTION = "libs"
LICENSE = "(GPLv2+ | LGPLv3) & GPLv3+"
LIC_FILES_CHKSUM = "file://COPYING;md5=ab90e75ef97cc6318ce4f2fbda62fe4d \
file://COPYING.LESSERv3;md5=e6a600fd5e1d9cbde2d983680233ad02 \
file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://src/idn2.c;endline=16;md5=0283aec28e049f5bcaaeee52aa865874 \
file://lib/idn2.h.in;endline=27;md5=c2cd28d3f87260f157f022eabb83714f"
SRC_URI = "${GNU_MIRROR}/libidn/${BPN}-${PV}.tar.gz"
SRC_URI[md5sum] = "eaf9a5b9d03b0cce3760f34b3124eb36"
SRC_URI[sha256sum] = "53f69170886f1fa6fa5b332439c7a77a7d22626a82ef17e2c1224858bb4ca2b8"
DEPENDS = "virtual/libiconv libunistring"
inherit pkgconfig autotools gettext texinfo gtk-doc lib_package
EXTRA_OECONF += "--disable-rpath \
--with-libunistring-prefix=${STAGING_EXECPREFIXDIR} \
"
LICENSE_${PN} = "(GPLv2+ | LGPLv3)"
LICENSE_${PN}-bin = "GPLv3+"
BBCLASSEXTEND = "native nativesdk"

View File

@ -0,0 +1,24 @@
SUMMARY = "PAM pwdfile library"
SECTION = "libs"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
SRC_URI = "https://github.com/tiwe-de/libpam-pwdfile/archive/v${PV}.tar.gz"
SRC_URI[md5sum] = "1546a57bfe50800175f7cbc88ade4a15"
SRC_URI[sha256sum] = "5b8db1397cff9cadfd1bb96f53c134b787ab0e6a0fbedb71040541d340313ba2"
S = "${WORKDIR}/libpam-pwdfile-${PV}"
DEPENDS = "libpam libxcrypt"
inherit lib_package pkgconfig
FILES_${PN} += "${libdir}/security/pam_pwdfile.so"
do_compile_class() {
oe_runmake CC_FOR_BUILD="${BUILD_CC}" PAM_LIB_DIR=${libdir}/security
}
do_install() {
oe_runmake install DESTDIR=${D} PAM_LIB_DIR=${libdir}/security
}

View File

@ -0,0 +1,19 @@
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "http://ftp.debian.org/debian/pool/main/w/whois/whois_${PV}.tar.xz"
SRC_URI[md5sum] = "8bbf1105702b9a03445211f45bd53efe"
SRC_URI[sha256sum] = "eee33a3b3a56912fbf115a7dd24ed60314e2707a3ad6aa604ca2752c1ed01f57"
S = "${WORKDIR}/whois-${PV}"
DEPENDS = "libxcrypt libidn2"
RDEPENDS_${PN} = "libxcrypt libidn2"
inherit pkgconfig gettext
do_compile() {
oe_runmake CC_FOR_BUILD="${BUILD_CC}" BASEDIR=${D}
}
do_install() {
oe_runmake install-mkpasswd DESTDIR=${D} BASEDIR=${D}
}

View File

@ -0,0 +1,20 @@
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
# here are the per-package modules (the "Primary" block)
# citadel pwdfile support
auth [success=2 authinfo_unavail=reset new_authtok_reqd=ok ignore=ignore default=bad] pam_pwdfile.so pwdfile=/storage/citadel-state/passwd
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)

View File

@ -0,0 +1,3 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI += "file://pam.d/common-auth"