manifest: add Users and Groups to OSTreeDeployment
Support creating users and groups during deployment of the commit to a live image.
This commit is contained in:
Achilleas Koutsou
Tom Gundersen
parent
40c91d7285
commit
5bc66f0665
1 changed files with 36 additions and 12 deletions
|
|
@ -9,6 +9,7 @@ import (
|
|||
"github.com/osbuild/osbuild-composer/internal/osbuild"
|
||||
"github.com/osbuild/osbuild-composer/internal/ostree"
|
||||
"github.com/osbuild/osbuild-composer/internal/platform"
|
||||
"github.com/osbuild/osbuild-composer/internal/users"
|
||||
)
|
||||
|
||||
// OSTreeDeployment represents the filesystem tree of a target image based
|
||||
|
|
@ -30,6 +31,9 @@ type OSTreeDeployment struct {
|
|||
Keyboard string
|
||||
Locale string
|
||||
|
||||
Users []users.User
|
||||
Groups []users.Group
|
||||
|
||||
platform platform.Platform
|
||||
|
||||
PartitionTable *disk.PartitionTable
|
||||
|
|
@ -157,16 +161,39 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline {
|
|||
fstabStage.MountOSTree(p.osName, p.osTreeRef, 0)
|
||||
pipeline.AddStage(fstabStage)
|
||||
|
||||
userOptions := &osbuild.UsersStageOptions{
|
||||
Users: map[string]osbuild.UsersStageOptionsUser{
|
||||
"root": {
|
||||
Password: common.StringToPtr("!locked"), // this is treated as crypted and locks/disables the password
|
||||
},
|
||||
},
|
||||
if len(p.Users) > 0 {
|
||||
usersStage, err := osbuild.GenUsersStage(p.Users, false)
|
||||
if err != nil {
|
||||
panic("password encryption failed")
|
||||
}
|
||||
pipeline.AddStage(usersStage)
|
||||
}
|
||||
|
||||
if len(p.Groups) > 0 {
|
||||
pipeline.AddStage(osbuild.GenGroupsStage(p.Groups))
|
||||
}
|
||||
|
||||
// if no root password is set, lock the root account
|
||||
hasRoot := false
|
||||
for _, user := range p.Users {
|
||||
if user.Name == "root" {
|
||||
hasRoot = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !hasRoot {
|
||||
userOptions := &osbuild.UsersStageOptions{
|
||||
Users: map[string]osbuild.UsersStageOptionsUser{
|
||||
"root": {
|
||||
Password: common.StringToPtr("!locked"), // this is treated as crypted and locks/disables the password
|
||||
},
|
||||
},
|
||||
}
|
||||
rootLockStage := osbuild.NewUsersStage(userOptions)
|
||||
rootLockStage.MountOSTree(p.osName, p.osTreeRef, 0)
|
||||
pipeline.AddStage(rootLockStage)
|
||||
}
|
||||
userStage := osbuild.NewUsersStage(userOptions)
|
||||
userStage.MountOSTree(p.osName, p.osTreeRef, 0)
|
||||
pipeline.AddStage(userStage)
|
||||
|
||||
if p.Keyboard != "" {
|
||||
options := &osbuild.KeymapStageOptions{
|
||||
|
|
@ -186,9 +213,6 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline {
|
|||
pipeline.AddStage(localeStage)
|
||||
}
|
||||
|
||||
// TODO: Add users?
|
||||
// NOTE: Users can be embedded in a commit, but we should also support adding them at deploy time.
|
||||
|
||||
grubOptions := osbuild.NewGrub2StageOptionsUnified(p.PartitionTable,
|
||||
"",
|
||||
p.platform.GetUEFIVendor() != "",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue