git: 96cd2eb699f7 - stable/15 - release: Prepare Vagrant cloudware images for building as non-root

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Tue, 30 Sep 2025 15:23:37 UTC
The branch stable/15 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=96cd2eb699f70e729d81eb65baa5189b9134926d

commit 96cd2eb699f70e729d81eb65baa5189b9134926d
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-09-16 16:54:25 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-09-30 09:43:08 +0000

    release: Prepare Vagrant cloudware images for building as non-root
    
    Add metalog entries for various files.  This is a bit incomplete as
    pw(8) doesn't yet have support for emitting metalog entries, which we
    need since it's used here to create an interactive user.
    
    Reviewed by:    emaste
    MFC after:      3 days
    Sponsored by:   The FreeBSD Foundation
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D52456
    
    (cherry picked from commit 135cb071e0683ea947c308a2de404d1185558ea6)
---
 release/tools/vagrant.conf | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/release/tools/vagrant.conf b/release/tools/vagrant.conf
index 506174d0ea16..7ab0e1238693 100644
--- a/release/tools/vagrant.conf
+++ b/release/tools/vagrant.conf
@@ -47,19 +47,22 @@ vagrant_common () {
 		-c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh'
 
 	# Change root's password to vagrant
-	echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} \
-		usermod root -h 0
+	echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} usermod root -h 0
 
 	# Configure sudo to allow the vagrant user
 	echo 'vagrant ALL=(ALL:ALL) NOPASSWD: ALL' >> ${DESTDIR}/usr/local/etc/sudoers
 
 	# Configure the vagrant ssh keys
 	mkdir ${DESTDIR}/home/vagrant/.ssh
-	chmod 700 ${DESTDIR}/home/vagrant/.ssh
+
 	echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys
 	echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys
-	chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
 	chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys
+	metalog_add_data ./home/vagrant/.ssh/authorized_keys 0600
+
+	chmod 700 ${DESTDIR}/home/vagrant/.ssh
+	chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
+	echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> METALOG
 
 	# Reboot quickly, Don't wait at the panic screen
 	echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf
@@ -68,6 +71,7 @@ vagrant_common () {
 
 	# The console is not interactive, so we might as well boot quickly.
 	echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
+	metalog_add_data ./boot/loader.conf
 
 	# The first time the VM boots, the installed "first boot" scripts
 	# should be allowed to run: