From nobody Mon Jun 23 07:44:13 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bQg7x3vBTz5ywk4;
	Mon, 23 Jun 2025 07:44:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bQg7x2PKgz4C96;
	Mon, 23 Jun 2025 07:44:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1750664653;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=x9mGwy8r4N9TBs/OQcGpvZGtv7V6EIq1dXjL9oHjd/Q=;
	b=CWiuFRi90i+2HdRghIbvFydyDZ9t8FYxMHxVgzt8EvdohmlJ7pwYDRWUVSQiVhFlfyOAtb
	H95JY33XZLcap56vrUcxgX3R2iQju+jLaW/hu3bwbZ4WR71v0+Ez7K9SNGCYIbNFTpUiY+
	xtDz288chRbjcHvDWD4p0zCZkns/uih2TfBN8BB4vmFhuW6zrUYVhYfNotmORh5NO1dplp
	aryoFuP9oWMxR4kkatD58VAuCXFLdoQjd6nfXNO9AqEtuVhsR+7zKtRrapFNo3kUt+rRFB
	TdF+GqzAzGWBJueYd24663LZBJu9UoNozq49fXB10OgbmteXXgeV7MXh9Z8ltg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1750664653;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=x9mGwy8r4N9TBs/OQcGpvZGtv7V6EIq1dXjL9oHjd/Q=;
	b=YFSzfcV61jV4GGBCsWO6hTRbClNwZullBCQrYkRM6GzqbHuIYvYNiyh1Vsm2AeVh+shynC
	CVb9/FSKojbzhmTwelbLGv9RmYR8y6G9a4QEuY/jMh0NIIAaWfPFosB9owxC5SfXXO30Ik
	r02rvlwuV3CnONT9VMOxKjI92OIUiA7usJ++f3rzeJtnGfpARR8eFBmsctFYK2RGrgwYYx
	7arzbBz49v56F4PuPL48w6odxKvHMunJAv4WYT64ySOUZq7aE2Hndvhyx6HMhrHWiXXEDD
	lkfoYsy6C9JdihB34b/N400AE+xkixhpYSaQqtxxxKgFeyjKrxNlZiBHLD2cEA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750664653; a=rsa-sha256; cv=none;
	b=sTr4cWasVX27w9mUEZWwlLSy9zNtEW26/hmBvRmFz9J3M+oMMOQv92U2rO93Or0wlrBFKy
	PQeI4kdpd7qb5Yb9oLAxyxDPiLoX+3eQOGjm/f+uTXWJyCtzDitKgtAM0zdx5sYU4QfjZK
	nl7R/pZtsYk5mFx4OM/oLYlrLhANbOOgLsD47vQpk05I2vo9SKEb4FKOPJQulaV/ZHlUv1
	5hOoFqPyrVmfGF0VqBwjTEgN2WC9f2kfqPey+2yNbKuOp5My7YGavyS4ZnX/p3ZSY9qLAb
	RuKA7o8QXfKso5vVxVt55Ri2CeMPNlrdmUXft5RfhBfFRNBC8cjG8VEXaZt0dQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bQg7x20KyztDH;
	Mon, 23 Jun 2025 07:44:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55N7iDiZ067286;
	Mon, 23 Jun 2025 07:44:13 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55N7iDWf067283;
	Mon, 23 Jun 2025 07:44:13 GMT
	(envelope-from git)
Date: Mon, 23 Jun 2025 07:44:13 GMT
Message-Id: <202506230744.55N7iDWf067283@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Baptiste Daroussin <bapt@FreeBSD.org>
Subject: git: b5bf10d30b40 - stable/14 - nuageinit: fix using
  user_data as a script
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: bapt
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: b5bf10d30b40c44797bcbf9a213357f480e40f36
Auto-Submitted: auto-generated

The branch stable/14 has been updated by bapt:

URL: https://cgit.FreeBSD.org/src/commit/?id=b5bf10d30b40c44797bcbf9a213357f480e40f36

commit b5bf10d30b40c44797bcbf9a213357f480e40f36
Author:     Baptiste Daroussin <bapt@FreeBSD.org>
AuthorDate: 2025-06-10 07:09:47 +0000
Commit:     Baptiste Daroussin <bapt@FreeBSD.org>
CommitDate: 2025-06-23 07:43:12 +0000

    nuageinit: fix using user_data as a script
    
    In official cloudinit, when a user_data file starts with '#!' it
    should be execute late in the boot process. To respect this nuageinit
    now copy the user_data script into a /var/cache/nuageinit/user_data if
    found and a new "firsboot" rcscript anchored to the 'local' rc script is
    responsible to execute it if found.
    
    Note by doing this, we fix another issue we had with nuageinit, if the
    cloudinit provider provides the user_data scriptout with the executable
    permission, previous implementation was not working, like apparently
    what Digital Ocean is doing.
    
    PR:             287183
    Reported by:    olgeni@
    
    (cherry picked from commit 09545628f0cd58406a47f302fb8584a5292d4b1a)
---
 libexec/nuageinit/nuageinit                | 15 ++++++++++-----
 libexec/nuageinit/tests/nuageinit.sh       | 30 ++++++++++++++++++++++++++++--
 libexec/rc/rc.d/Makefile                   |  3 ++-
 libexec/rc/rc.d/nuageinit_user_data_script | 25 +++++++++++++++++++++++++
 4 files changed, 65 insertions(+), 8 deletions(-)

diff --git a/libexec/nuageinit/nuageinit b/libexec/nuageinit/nuageinit
index dda3ae482859..f2f15f0d36f0 100755
--- a/libexec/nuageinit/nuageinit
+++ b/libexec/nuageinit/nuageinit
@@ -396,9 +396,14 @@ if line == "#cloud-config" then
 	if obj.package_upgrade then
 		nuage.upgrade_packages()
 	end
-else
-	local res, err = os.execute(path .. "/" .. ud)
-	if not res then
-		nuage.err("error executing user-data script: " .. err)
-	end
+elseif line:sub(1, 2) == "#!" then
+	-- delay for execution at rc.local time --
+	f = io.open(path .. "/" .. ud)
+	local content = f:read("*a")
+	f:close()
+	nuage.mkdir_p(root .. "/var/cache/nuageinit")
+	f = assert(io.open(root .. "/var/cache/nuageinit/user_data", "w"))
+	f:write(content)
+	f:close()
+	sys_stat.chmod(root .. "/var/cache/nuageinit/user_data", 493)
 end
diff --git a/libexec/nuageinit/tests/nuageinit.sh b/libexec/nuageinit/tests/nuageinit.sh
index 5fc811f1dcb5..be8b186d933b 100644
--- a/libexec/nuageinit/tests/nuageinit.sh
+++ b/libexec/nuageinit/tests/nuageinit.sh
@@ -27,6 +27,7 @@ atf_test_case config2_userdata_runcmd
 atf_test_case config2_userdata_packages
 atf_test_case config2_userdata_update_packages
 atf_test_case config2_userdata_upgrade_packages
+atf_test_case config2_userdata_shebang
 
 setup_test_adduser()
 {
@@ -73,7 +74,8 @@ nocloud_userdata_script_body()
 	printf "instance-id: iid-local01\n" > "${PWD}"/media/nuageinit/meta-data
 	printf "#!/bin/sh\necho yeah\n" > "${PWD}"/media/nuageinit/user-data
 	chmod 755 "${PWD}"/media/nuageinit/user-data
-	atf_check -s exit:0 -o inline:"yeah\n" /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud
+	atf_check -s exit:0 /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud
+	atf_check -o inline:"#!/bin/sh\necho yeah\n" cat var/cache/nuageinit/user_data
 }
 
 nocloud_user_data_script_body()
@@ -82,7 +84,8 @@ nocloud_user_data_script_body()
 	printf "instance-id: iid-local01\n" > "${PWD}"/media/nuageinit/meta-data
 	printf "#!/bin/sh\necho yeah\n" > "${PWD}"/media/nuageinit/user_data
 	chmod 755 "${PWD}"/media/nuageinit/user_data
-	atf_check -s exit:0 -o inline:"yeah\n" /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud
+	atf_check -s exit:0 /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud
+	atf_check -o inline:"#!/bin/sh\necho yeah\n" cat var/cache/nuageinit/user_data
 }
 
 nocloud_userdata_cloudconfig_users_head()
@@ -810,6 +813,28 @@ EOF
 	atf_check -o inline:"pkg upgrade -y\n" /usr/libexec/nuageinit "${PWD}"/media/nuageinit config-2
 }
 
+config2_userdata_shebang_body()
+{
+	mkdir -p media/nuageinit
+	setup_test_adduser
+	printf "{}" > media/nuageinit/meta_data.json
+	cat > media/nuageinit/user_data <<EOF
+#!/we/dont/care
+anything
+EOF
+	atf_check -o empty /usr/libexec/nuageinit "${PWD}"/media/nuageinit config-2
+	test -f var/cache/nuageinit/user_data || atf_fail "File not created"
+	test -x var/cache/nuageinit/user_data || atf_fail "Missing execution permission"
+	atf_check -o inline:"#!/we/dont/care\nanything\n" cat var/cache/nuageinit/user_data
+	cat > media/nuageinit/user_data <<EOF
+/we/dont/care
+EOF
+	rm var/cache/nuageinit/user_data
+	if [ -f var/cache/nuageinit/user_data ]; then
+		atf_fail "File should not have been created"
+	fi
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case args
@@ -833,4 +858,5 @@ atf_init_test_cases()
 	atf_add_test_case config2_userdata_packages
 	atf_add_test_case config2_userdata_update_packages
 	atf_add_test_case config2_userdata_upgrade_packages
+	atf_add_test_case config2_userdata_shebang
 }
diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile
index e218ecf516d1..23a3426e5d0a 100644
--- a/libexec/rc/rc.d/Makefile
+++ b/libexec/rc/rc.d/Makefile
@@ -316,7 +316,8 @@ SMRCDPACKAGE=	sendmail
 
 .if ${MK_NUAGEINIT} != "no"
 CONFGROUPS+=	NIUAGEINIT
-NIUAGEINIT=		nuageinit
+NIUAGEINIT=		nuageinit \
+			nuageinit_user_data_script
 NIUAGEINITPACKAGE=	nuageinit
 .endif
 
diff --git a/libexec/rc/rc.d/nuageinit_user_data_script b/libexec/rc/rc.d/nuageinit_user_data_script
new file mode 100755
index 000000000000..94d5d008a7fc
--- /dev/null
+++ b/libexec/rc/rc.d/nuageinit_user_data_script
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+
+# PROVIDE: nuageinit_user_data_script
+# REQUIRE: local
+# KEYWORD: firstboot
+
+. /etc/rc.subr
+
+name="nuageinit_user_data_script"
+desc="Execute user data script provided by cloudinit"
+start_cmd="execute_user_data_script"
+stop_cmd=":"
+rcvar="nuageinit_enable"
+
+execute_user_data_script()
+{
+	test -x /var/cache/nuageinit/user_data || return
+	echo "Executing user_data script" | tee -a /var/log/nuageinnit.log
+	/var/cache/nuageinit/user_data 2>&1 | tee -a /var/log/nuageinit.log
+}
+
+# Share the same config as nuageinit
+load_rc_config nuageinit
+run_rc_command "$1"