From nobody Tue Sep 16 20:50:55 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cRDZS1r4Jz6835W;
	Tue, 16 Sep 2025 20:50:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cRDZS0TX8z3Vcn;
	Tue, 16 Sep 2025 20:50:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1758055856;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=G9fIwXjPI4X4j53hGWeruqRk4r/r7ViDPFl1Jf3GEdE=;
	b=VkS/gR/YBxSrMbMTHR8w1j/B1AlMOOPWVIvbYDJa0l4r1BLITEeN2f3G6r91MedIYn0+9i
	Wo/AoV7kxbbyc2jsCetYPrkzTX0NWuBpgM2H3HkGVkFhfgc2jDKyDofDRoPd18a91zp5/4
	PemmrVpPHU1do7Z3VZNtDzJwqD84X7pzu9SAUi82Q0kRFaCqE2b8FBkm8xwpfZOQck2+xP
	EDiYG2rEu2MeXPp046gJJv9ZGY7sHKPbz+r9bpU7xV128jFNjiqyQIz24Nm8J7r0AsuvGx
	mSKCA/R9MobtsiF2CA+mEPHIUAwZspzj4xsfFp4zQj9dEor4qFBdO16heotKqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1758055856;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=G9fIwXjPI4X4j53hGWeruqRk4r/r7ViDPFl1Jf3GEdE=;
	b=EP8CUH2+GXEfu6xN+mvRwBYXvo/irYF6fq4khA502R7z1DcLgJofS4ziBGfcI4f1n/xBie
	M2kWtvMpejCVbKvEV5gGEUDDlERibLDA5ExX2MeRYTIdwpNHsLvzSKiX7pXR2WUxOUwVaR
	upncLN0Fo7pWb8bnuau1BlrJTJLKsrJt5S91RKQByJ1Wy9Gb/QZnkop393Ez/tudbb5JpR
	v8NzD6dbpP3MdwTa2LlalXTq2FeUTEiW/49CZD9q10jC6c2AfHWH+UMZ/9bK/bFmDh014F
	cYVYP2x7fSNAYB/ekx7jCeBOLdCmiEjIn+OCJPFo4Z7CN4CWYIVHrKuMvdI1Nw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758055856; a=rsa-sha256; cv=none;
	b=Vzsjq+CARDVQs0D91Q9JkGRA+3tYgvCtbrxB+VVWWB+sTT+FKHV4l9IcaVryd46Y+hhaar
	n3mJBnY4FdQAP3hXI0dC7WZCt+xrs109748NlFMwpiiOs7gHJ8uz1XR4ACMLBkCVRF32vP
	Kd2nl6b1qy9lFbd/R6+/QUnSejeqnMlIDa6n07yb8ydw6AOm4u8MYEFb1ULGM5SIuW2Ta7
	Y9oIOHC16ElZ8Nu5lFe6aYUAQSZXkQ9/w0uv3HoIqFNQ2YZTPCsA62jXDhJgelCbBWJzmp
	5q3BsrZTZGNhnz42ClFPVBG0Z3br7gcbnkgX/u0dm5Ccci9yBBa54P/SW9uLog==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cRDZR6s80zwmQ;
	Tue, 16 Sep 2025 20:50:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58GKotjL046420;
	Tue, 16 Sep 2025 20:50:55 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58GKotof046417;
	Tue, 16 Sep 2025 20:50:55 GMT
	(envelope-from git)
Date: Tue, 16 Sep 2025 20:50:55 GMT
Message-Id: <202509162050.58GKotof046417@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 135cb071e068 - main - release: Prepare Vagrant cloudware
  images for building as non-root
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 135cb071e0683ea947c308a2de404d1185558ea6
Auto-Submitted: auto-generated

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=135cb071e0683ea947c308a2de404d1185558ea6

commit 135cb071e0683ea947c308a2de404d1185558ea6
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-09-16 16:54:25 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-09-16 20:50:33 +0000

    release: Prepare Vagrant cloudware images for building as non-root
    
    Add metalog entries for various files.  This is a bit incomplete as
    pw(8) doesn't yet have support for emitting metalog entries, which we
    need since it's used here to create an interactive user.
    
    Reviewed by:    emaste
    MFC after:      3 days
    Sponsored by:   The FreeBSD Foundation
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D52456
---
 release/tools/vagrant.conf | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/release/tools/vagrant.conf b/release/tools/vagrant.conf
index 506174d0ea16..7ab0e1238693 100644
--- a/release/tools/vagrant.conf
+++ b/release/tools/vagrant.conf
@@ -47,19 +47,22 @@ vagrant_common () {
 		-c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh'
 
 	# Change root's password to vagrant
-	echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} \
-		usermod root -h 0
+	echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} usermod root -h 0
 
 	# Configure sudo to allow the vagrant user
 	echo 'vagrant ALL=(ALL:ALL) NOPASSWD: ALL' >> ${DESTDIR}/usr/local/etc/sudoers
 
 	# Configure the vagrant ssh keys
 	mkdir ${DESTDIR}/home/vagrant/.ssh
-	chmod 700 ${DESTDIR}/home/vagrant/.ssh
+
 	echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys
 	echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys
-	chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
 	chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys
+	metalog_add_data ./home/vagrant/.ssh/authorized_keys 0600
+
+	chmod 700 ${DESTDIR}/home/vagrant/.ssh
+	chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
+	echo "./home/vagrant/.ssh type=dir uid=1001 gid=1001 mode=0700" >> METALOG
 
 	# Reboot quickly, Don't wait at the panic screen
 	echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf
@@ -68,6 +71,7 @@ vagrant_common () {
 
 	# The console is not interactive, so we might as well boot quickly.
 	echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
+	metalog_add_data ./boot/loader.conf
 
 	# The first time the VM boots, the installed "first boot" scripts
 	# should be allowed to run: