git: 02dfca245808 - main - release: Complete NO_ROOTification of Vagrant builds
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 04 Oct 2025 12:43:50 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=02dfca2458081587d8224c5ebf8bde99fa360f94
commit 02dfca2458081587d8224c5ebf8bde99fa360f94
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-09-19 21:01:52 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-10-04 12:43:14 +0000
release: Complete NO_ROOTification of Vagrant builds
- Don't clean pkg files, they won't be recorded in the manifest anyway.
- Use pw's new metalog mode to create the vagrant user. Note that we do
not need to manually create the home directory, pw will do it, so just
remove that.
- Write metalog entries for the vagrant user's ssh key dir and
authorized keys file
Note, this depends on an updated pw being installed on the host.
Reviewed by: emaste
MFC after: 1 day
Sponsored by: Klara, Inc.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52631
---
release/tools/vagrant.conf | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/release/tools/vagrant.conf b/release/tools/vagrant.conf
index 7ab0e1238693..5b0f38b740a6 100644
--- a/release/tools/vagrant.conf
+++ b/release/tools/vagrant.conf
@@ -14,14 +14,16 @@ export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} shells/bash \
export VM_RC_LIST="firstboot_freebsd_update firstboot_pkgs growfs"
vagrant_common () {
- # The firstboot_pkgs rc.d script will download the repository
- # catalogue and install or update pkg when the instance first
- # launches, so these files would just be replaced anyway; removing
- # them from the image allows it to boot faster.
- env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} clean -y -a
- env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} delete -f -y pkg
- rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports
- rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods
+ if [ -z "${NO_ROOT}" ]; then
+ # The firstboot_pkgs rc.d script will download the repository
+ # catalogue and install or update pkg when the instance first
+ # launches, so these files would just be replaced anyway;
+ # removing them from the image allows it to boot faster.
+ pkg -c ${DESTDIR} clean -y -a
+ pkg -c ${DESTDIR} delete -f -y pkg
+ rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports
+ rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods
+ fi
# Vagrant instances use DHCP to get their network configuration.
echo 'ifconfig_DEFAULT="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf
@@ -40,8 +42,7 @@ vagrant_common () {
# Create the vagrant user with a password of vagrant
/usr/sbin/pw -R ${DESTDIR} \
groupadd vagrant -g 1001
- chroot ${DESTDIR} mkdir -p /home/vagrant
- /usr/sbin/pw -R ${DESTDIR} \
+ /usr/sbin/pw -R ${DESTDIR} -M ${DESTDIR}/METALOG \
useradd vagrant \
-m -M 0755 -w yes -n vagrant -u 1001 -g 1001 -G 0 \
-c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh'
@@ -58,11 +59,11 @@ vagrant_common () {
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys
chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys
- metalog_add_data ./home/vagrant/.ssh/authorized_keys 0600
chmod 700 ${DESTDIR}/home/vagrant/.ssh
chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
- echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> METALOG
+ echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> ${DESTDIR}/METALOG
+ echo "./home/vagrant/.ssh/authorized_keys type=file uid=1001 gid=1001 mode=0600" >> ${DESTDIR}/METALOG
# Reboot quickly, Don't wait at the panic screen
echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf