Moving to sudo, and pwdfile with plymouth set screen for live and install modes.
This commit is contained in:
parent
0c40635fc3
commit
5beb52a4df
@ -37,7 +37,9 @@ SRC_URI = "\
|
||||
file://locale.conf \
|
||||
file://environment.sh \
|
||||
file://fstab \
|
||||
file://sudo-citadel \
|
||||
file://citadel-ifconfig.sh \
|
||||
file://citadel-setpassword.sh \
|
||||
file://00-storage-tmpfiles.conf \
|
||||
file://NetworkManager.conf \
|
||||
file://share/dot.bashrc \
|
||||
@ -48,6 +50,7 @@ SRC_URI = "\
|
||||
file://systemd/zram-swap.service \
|
||||
file://systemd/iptables.service \
|
||||
file://systemd/session-switcher.service \
|
||||
file://systemd/citadel-setpassword.service \
|
||||
file://skel/profile \
|
||||
file://skel/bashrc \
|
||||
file://skel/vimrc \
|
||||
@ -64,12 +67,12 @@ USERADD_PACKAGES = "${PN}"
|
||||
USERADD_PARAM_${PN} = "-m -u 1000 -s /bin/bash citadel"
|
||||
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
|
||||
|
||||
# for citadel-ifconfig.sh
|
||||
# for citadel-ifconfig.sh citadel-setpassword.sh
|
||||
RDEPENDS_${PN} = "bash"
|
||||
|
||||
inherit allarch systemd useradd
|
||||
|
||||
SYSTEMD_SERVICE_${PN} = "zram-swap.service watch-run-user.path iptables.service session-switcher.service"
|
||||
SYSTEMD_SERVICE_${PN} = "zram-swap.service watch-run-user.path iptables.service session-switcher.service citadel-setpassword.service"
|
||||
|
||||
do_install() {
|
||||
install -m 0755 -d ${D}/storage
|
||||
@ -83,14 +86,17 @@ do_install() {
|
||||
install -m 0755 -d ${D}${sysconfdir}/NetworkManager
|
||||
install -m 0755 -d ${D}${sysconfdir}/polkit-1/rules.d
|
||||
install -m 0755 -d ${D}${sysconfdir}/modprobe.d
|
||||
install -m 0755 -d ${D}${sysconfdir}/sudoers.d
|
||||
install -m 0755 -d ${D}${datadir}/iptables
|
||||
install -m 0755 -d ${D}${datadir}/factory/skel
|
||||
install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager
|
||||
install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager/system-connections
|
||||
install -m 0755 -d ${D}${datadir}/citadel
|
||||
|
||||
install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf
|
||||
install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh
|
||||
install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab
|
||||
install -m 0440 ${WORKDIR}/sudo-citadel ${D}${sysconfdir}/sudoers.d/citadel
|
||||
install -m 0644 ${WORKDIR}/00-storage-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d
|
||||
install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager
|
||||
|
||||
@ -99,6 +105,7 @@ do_install() {
|
||||
install -m 644 ${WORKDIR}/systemd/iptables.service ${D}${systemd_system_unitdir}
|
||||
|
||||
install -m 644 ${WORKDIR}/systemd/session-switcher.service ${D}${systemd_system_unitdir}
|
||||
install -m 644 ${WORKDIR}/systemd/citadel-setpassword.service ${D}${systemd_system_unitdir}
|
||||
|
||||
install -m 644 ${WORKDIR}/systemd/watch-run-user.path ${D}${systemd_system_unitdir}
|
||||
install -m 644 ${WORKDIR}/systemd/watch-run-user.service ${D}${systemd_system_unitdir}
|
||||
@ -114,6 +121,7 @@ do_install() {
|
||||
|
||||
install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/
|
||||
install -m 0755 ${WORKDIR}/citadel-ifconfig.sh ${D}${libexecdir}
|
||||
install -m 0754 ${WORKDIR}/citadel-setpassword.sh ${D}${libexecdir}
|
||||
|
||||
install -m 0644 ${WORKDIR}/udev/pci-pm.rules ${D}${sysconfdir}/udev/rules.d/
|
||||
install -m 0644 ${WORKDIR}/udev/scsi-alpm.rules ${D}${sysconfdir}/udev/rules.d/
|
||||
|
36
meta-citadel/recipes-citadel/citadel-config/files/citadel-setpassword.sh
Executable file
36
meta-citadel/recipes-citadel/citadel-config/files/citadel-setpassword.sh
Executable file
@ -0,0 +1,36 @@
|
||||
#!/bin/bash
|
||||
|
||||
PF="/storage/citadel-state/passwd"
|
||||
if [ -e "${PF}" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
success=
|
||||
for ((I = 0; I < 3; I++)); do
|
||||
P1=
|
||||
P2=
|
||||
/usr/bin/plymouth display-message --text='Set new user password...'
|
||||
/usr/bin/plymouth pause-progress
|
||||
P1="$(/usr/bin/plymouth ask-for-password --prompt='Password')"
|
||||
/usr/bin/plymouth unpause-progress
|
||||
/usr/bin/plymouth pause-progress
|
||||
P2="$(/usr/bin/plymouth ask-for-password --prompt='Confirm')"
|
||||
|
||||
if [ -n "${P1}" -a "${P1}" == "${P2}" ]; then
|
||||
/usr/bin/plymouth unpause-progress
|
||||
success=true
|
||||
break;
|
||||
fi
|
||||
/usr/bin/plymouth display-message --text='Passwords do not match, try again...'
|
||||
/usr/bin/plymouth unpause-progress
|
||||
sleep 3
|
||||
done
|
||||
if [ -n "${success}" ]; then
|
||||
crypt=$(echo -n "${P1}" | /usr/bin/mkpasswd -s -m sha-512)
|
||||
echo "citadel:${crypt}" > ${PF}
|
||||
chmod 444 "${PF}"
|
||||
/usr/bin/plymouth display-message --text='Password set succesfully...'
|
||||
else
|
||||
/usr/bin/plymouth display-message --text='Failed to set password...'
|
||||
fi
|
||||
exit 0;
|
@ -0,0 +1,2 @@
|
||||
# Citadel sudo
|
||||
citadel ALL=(ALL:ALL) ALL
|
@ -0,0 +1,14 @@
|
||||
[Unit]
|
||||
Description=Citadel Set Password
|
||||
After=storage.mount
|
||||
Requires=storage.mount
|
||||
Before=gdm.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=no
|
||||
ExecStart=/usr/libexec/citadel-setpassword.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
RequiredBy=graphical.target
|
@ -4,7 +4,7 @@ LICENSE = "MIT"
|
||||
|
||||
SYSTEMD_DEFAULT_TARGET = "graphical.target"
|
||||
|
||||
ROOTFS_POSTPROCESS_COMMAND += "set_citadel_user_password; symlink_lib64; setup_var; append_os_release;"
|
||||
ROOTFS_POSTPROCESS_COMMAND += "set_disable_root_password; symlink_lib64; setup_var; append_os_release;"
|
||||
|
||||
IMAGE_INSTALL += "\
|
||||
packagegroup-citadel-base \
|
||||
@ -18,7 +18,7 @@ require citadel-image.inc
|
||||
inherit citadel-image
|
||||
|
||||
set_blank_user_password() {
|
||||
sed -i 's%^citadel:!:%citadel::%' ${IMAGE_ROOTFS}/etc/shadow
|
||||
sed -i 's%^citadel::%citadel:!:%' ${IMAGE_ROOTFS}/etc/shadow
|
||||
}
|
||||
|
||||
set_citadel_user_password() {
|
||||
@ -26,6 +26,10 @@ set_citadel_user_password() {
|
||||
sed -i 's%^citadel:!:%citadel:aadg8rGtZzOY6:%' ${IMAGE_ROOTFS}/etc/shadow
|
||||
}
|
||||
|
||||
set_disable_root_password() {
|
||||
sed -i 's%^root::%root:!:%' ${IMAGE_ROOTFS}/etc/shadow
|
||||
}
|
||||
|
||||
setup_var() {
|
||||
install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/var
|
||||
install -m 0755 -d ${IMAGE_ROOTFS}/usr/share/factory/home
|
||||
|
@ -70,10 +70,13 @@ RDEPENDS_${PN} = "\
|
||||
e2fsprogs-resize2fs \
|
||||
dosfstools \
|
||||
libpam \
|
||||
libpam-pwdfile \
|
||||
mkpasswd \
|
||||
wireguard-tools \
|
||||
resolvconf \
|
||||
udisks2 \
|
||||
efivar \
|
||||
efibootmgr \
|
||||
iw \
|
||||
sudo \
|
||||
"
|
||||
|
29
meta-citadel/recipes-support/libidn2/libidn2_2.0.5.bb
Normal file
29
meta-citadel/recipes-support/libidn2/libidn2_2.0.5.bb
Normal file
@ -0,0 +1,29 @@
|
||||
SUMMARY = "Internationalized Domain Name support library"
|
||||
DESCRIPTION = "Implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names (IDN) working group."
|
||||
HOMEPAGE = "http://www.gnu.org/software/libidn/"
|
||||
SECTION = "libs"
|
||||
LICENSE = "(GPLv2+ | LGPLv3) & GPLv3+"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=ab90e75ef97cc6318ce4f2fbda62fe4d \
|
||||
file://COPYING.LESSERv3;md5=e6a600fd5e1d9cbde2d983680233ad02 \
|
||||
file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
|
||||
file://src/idn2.c;endline=16;md5=0283aec28e049f5bcaaeee52aa865874 \
|
||||
file://lib/idn2.h.in;endline=27;md5=c2cd28d3f87260f157f022eabb83714f"
|
||||
|
||||
SRC_URI = "${GNU_MIRROR}/libidn/${BPN}-${PV}.tar.gz"
|
||||
|
||||
SRC_URI[md5sum] = "eaf9a5b9d03b0cce3760f34b3124eb36"
|
||||
SRC_URI[sha256sum] = "53f69170886f1fa6fa5b332439c7a77a7d22626a82ef17e2c1224858bb4ca2b8"
|
||||
|
||||
DEPENDS = "virtual/libiconv libunistring"
|
||||
|
||||
inherit pkgconfig autotools gettext texinfo gtk-doc lib_package
|
||||
|
||||
EXTRA_OECONF += "--disable-rpath \
|
||||
--with-libunistring-prefix=${STAGING_EXECPREFIXDIR} \
|
||||
"
|
||||
|
||||
LICENSE_${PN} = "(GPLv2+ | LGPLv3)"
|
||||
LICENSE_${PN}-bin = "GPLv3+"
|
||||
|
||||
BBCLASSEXTEND = "native nativesdk"
|
||||
|
@ -0,0 +1,24 @@
|
||||
SUMMARY = "PAM pwdfile library"
|
||||
SECTION = "libs"
|
||||
|
||||
LICENSE = "BSD"
|
||||
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
|
||||
|
||||
SRC_URI = "https://github.com/tiwe-de/libpam-pwdfile/archive/v${PV}.tar.gz"
|
||||
SRC_URI[md5sum] = "1546a57bfe50800175f7cbc88ade4a15"
|
||||
SRC_URI[sha256sum] = "5b8db1397cff9cadfd1bb96f53c134b787ab0e6a0fbedb71040541d340313ba2"
|
||||
|
||||
S = "${WORKDIR}/libpam-pwdfile-${PV}"
|
||||
|
||||
DEPENDS = "libpam libxcrypt"
|
||||
inherit lib_package pkgconfig
|
||||
|
||||
FILES_${PN} += "${libdir}/security/pam_pwdfile.so"
|
||||
|
||||
do_compile_class() {
|
||||
oe_runmake CC_FOR_BUILD="${BUILD_CC}" PAM_LIB_DIR=${libdir}/security
|
||||
}
|
||||
|
||||
do_install() {
|
||||
oe_runmake install DESTDIR=${D} PAM_LIB_DIR=${libdir}/security
|
||||
}
|
19
meta-citadel/recipes-support/mkpasswd/mkpasswd_5.4.2.bb
Normal file
19
meta-citadel/recipes-support/mkpasswd/mkpasswd_5.4.2.bb
Normal file
@ -0,0 +1,19 @@
|
||||
LICENSE = "GPLv2"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
|
||||
|
||||
SRC_URI = "http://ftp.debian.org/debian/pool/main/w/whois/whois_${PV}.tar.xz"
|
||||
SRC_URI[md5sum] = "8bbf1105702b9a03445211f45bd53efe"
|
||||
SRC_URI[sha256sum] = "eee33a3b3a56912fbf115a7dd24ed60314e2707a3ad6aa604ca2752c1ed01f57"
|
||||
S = "${WORKDIR}/whois-${PV}"
|
||||
|
||||
DEPENDS = "libxcrypt libidn2"
|
||||
RDEPENDS_${PN} = "libxcrypt libidn2"
|
||||
inherit pkgconfig gettext
|
||||
|
||||
do_compile() {
|
||||
oe_runmake CC_FOR_BUILD="${BUILD_CC}" BASEDIR=${D}
|
||||
}
|
||||
|
||||
do_install() {
|
||||
oe_runmake install-mkpasswd DESTDIR=${D} BASEDIR=${D}
|
||||
}
|
20
meta-citadel/recipes-support/pam/files/pam.d/common-auth
Normal file
20
meta-citadel/recipes-support/pam/files/pam.d/common-auth
Normal file
@ -0,0 +1,20 @@
|
||||
#
|
||||
# /etc/pam.d/common-auth - authentication settings common to all services
|
||||
#
|
||||
# This file is included from other service-specific PAM config files,
|
||||
# and should contain a list of the authentication modules that define
|
||||
# the central authentication scheme for use on the system
|
||||
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
|
||||
# traditional Unix authentication mechanisms.
|
||||
|
||||
# here are the per-package modules (the "Primary" block)
|
||||
# citadel pwdfile support
|
||||
auth [success=2 authinfo_unavail=reset new_authtok_reqd=ok ignore=ignore default=bad] pam_pwdfile.so pwdfile=/storage/citadel-state/passwd
|
||||
auth [success=1 default=ignore] pam_unix.so nullok_secure
|
||||
# here's the fallback if no module succeeds
|
||||
auth requisite pam_deny.so
|
||||
# prime the stack with a positive return value if there isn't one already;
|
||||
# this avoids us returning an error just because nothing sets a success code
|
||||
# since the modules above will each just jump around
|
||||
auth required pam_permit.so
|
||||
# and here are more per-package modules (the "Additional" block)
|
3
meta-citadel/recipes-support/pam/libpam_%.bbappend
Normal file
3
meta-citadel/recipes-support/pam/libpam_%.bbappend
Normal file
@ -0,0 +1,3 @@
|
||||
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
|
||||
|
||||
SRC_URI += "file://pam.d/common-auth"
|
Loading…
Reference in New Issue
Block a user