livecd-rootfs

Merge lp:~tribaal/livecd-rootfs/xenial-proposed-vagrant-user-changes into lp:~ubuntu-core-dev/livecd-rootfs/xenial-proposed

  1. xenial-proposed-vagrant-user-changes
  2. Merge into xenial-proposed
Proposed by Chris Glass
Status: Merged
Merged at revision: 1450
Proposed branch: lp:~tribaal/livecd-rootfs/xenial-proposed-vagrant-user-changes
Merge into: lp:~ubuntu-core-dev/livecd-rootfs/xenial-proposed
Diff against target: 80 lines (+30/-11)
2 files modified
debian/changelog (+7/-0)
live-build/ubuntu-cpc/hooks/042-vagrant.binary (+23/-11)
To merge this branch: bzr merge lp:~tribaal/livecd-rootfs/xenial-proposed-vagrant-user-changes
Reviewer Review Type Date Requested Status
Łukasz Zemczak non-cpc Approve
David Britton (community) Approve
Philip Roche (community) Approve
Review via email: mp+334921@code.launchpad.net

Description of the change

This branch is a backport to Xenial of the changes already in Artful/Bionic with regard to the default user layout of our produced vagrant box.

The equivalent trunk (at the time) commit is https://bazaar.launchpad.net/~ubuntu-core-dev/livecd-rootfs/trunk/revision/1504

Some more information (including the SRU template) can be found in the linked bug.

To post a comment you must log in.
Revision history for this message
Philip Roche (philroche) wrote :

Changes LGTM.

review: Approve
Revision history for this message
David Britton (dpb) wrote :

Inline comment about dropping the ubuntu user.

review: Needs Information
Revision history for this message
Chris Glass (tribaal) wrote :

Answered inline - the ubuntu user is not being dropped.

Revision history for this message
David Britton (dpb) :
review: Approve
lp:~tribaal/livecd-rootfs/xenial-proposed-vagrant-user-changes updated
1451. By Chris Glass

debian/changelog should target UNRELEASED until actually released.

1452. By Chris Glass

Made changelog entry more explicit.

Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Dreadful. +1

review: Approve (non-cpc)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2017-12-06 10:34:36 +0000
3+++ debian/changelog 2017-12-13 16:55:38 +0000
4@@ -1,3 +1,10 @@
5+livecd-rootfs (2.408.26) UNRELEASED; urgency=medium
6+
7+ * Added a "vagrant" user to the vagrant image in addition to the "ubuntu"
8+ user, in accordance with the vagrant community's expectations (LP: #1569237)
9+
10+ -- Christopher Glass (Ubuntu) <tribaal@ubuntu.com> Thu, 07 Dec 2017 14:00:59 +0100
11+
12 livecd-rootfs (2.408.25) xenial; urgency=medium
13
14 * Sort and list dependencies nicely
15
16=== modified file 'live-build/ubuntu-cpc/hooks/042-vagrant.binary'
17--- live-build/ubuntu-cpc/hooks/042-vagrant.binary 2017-12-05 21:40:35 +0000
18+++ live-build/ubuntu-cpc/hooks/042-vagrant.binary 2017-12-13 16:55:38 +0000
19@@ -58,6 +58,29 @@
20 # avoid pulling into a cloud image.
21 chroot ${mount_d} apt-get install --no-install-recommends -y virtualbox-guest-utils
22 chroot ${mount_d} apt-get clean
23+
24+# Create and setup users inside the image.
25+# Vagrant users expect a "vagrant" user with a "vagrant" username.
26+# See https://www.vagrantup.com/docs/boxes/base.html
27+# Note: We decided NOT to allow root login with a default password.
28+chroot ${mount_d} adduser vagrant
29+echo "vagrant:vagrant" | chroot ${mount_d} chpasswd
30+
31+# The vagrant user should have passwordless sudo.
32+cat << EOF > ${mount_d}/etc/sudoers.d/vagrant
33+vagrant ALL=(ALL) NOPASSWD:ALL
34+EOF
35+
36+# Add the insecure vagrant pubkey to the vagrant user, as is expected by the
37+# vagrant ecosystem (https://www.vagrantup.com/docs/boxes/base.html)
38+chroot ${mount_d} chmod 0440 /etc/sudoers.d/vagrant
39+chroot ${mount_d} mkdir -p /home/vagrant/.ssh
40+cat << EOF > ${mount_d}/home/vagrant/.ssh/authorized_keys
41+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
42+EOF
43+chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh
44+chroot ${mount_d} chmod 700 /home/vagrant/.ssh
45+
46 umount_disk_image "$mount_d"
47 rmdir "$mount_d"
48
49@@ -71,12 +94,6 @@
50 vmdk_f="${box_d}/${prefix}.vmdk"
51 create_vmdk ${derivative_img} ${vmdk_f}
52
53-# Vagrant needs a base user. We either inject the well-known SSH key
54-# or use password authentication. Both are ugly. So we'll use a password
55-# and make it random. This obviously is insecure...but at least its
56-# better than the alternatives.
57-ubuntu_user_pass=$(openssl rand -hex 12)
58-
59 ####################################
60 # Create the ConfigDrive
61 # This is a cloud-init piece that instructs cloud-init to configure
62@@ -89,9 +106,6 @@
63 # except via local host.
64 cat > ${seed_d}/user-data <<END
65 #cloud-config
66-password: ${ubuntu_user_pass}
67-chpasswd: { expire: False }
68-ssh_pwauth: True
69 manage_etc_hosts: localhost
70 END
71
72@@ -132,8 +146,6 @@
73
74 Vagrant.configure("2") do |config|
75 config.vm.base_mac = "${macaddr}"
76- config.ssh.username = "ubuntu"
77- config.ssh.password = "${ubuntu_user_pass}"
78
79 config.vm.provider "virtualbox" do |vb|
80 vb.customize [ "modifyvm", :id, "--uart1", "0x3F8", "4" ]

Subscribers

People subscribed via source and target branches