image: unset password reset date to ensure reprodicibility (#3466)

* image: unset password reset date
This commit is contained in:
Markus Rudy 2024-11-04 14:53:35 +01:00 committed by GitHub
parent 54058eed2a
commit 960499a937
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 0 deletions

View File

@ -30,6 +30,7 @@ copy_to_directory(
mkosi_image(
name = "base_" + kernel_variant,
srcs = [
"mkosi.finalize",
"mkosi.postinst",
"mkosi.prepare",
] + glob([

14
image/base/mkosi.finalize Executable file
View File

@ -0,0 +1,14 @@
#!/usr/bin/env bash
set -euxo pipefail
# For some reason yet unknown, SourceDateEpoch is not applied correctly to the
# users added by systemd-sysusers. This has only been observed in our mkosi
# flake so far, not in an upstream mkosi configuration.
# TODO(burgerdev): wait for a couple of Nix package upgrades and try again?
# Strategy: unset the "last password change" date without leaving a trace in
# /etc/shadow-.
tmp=$(mktemp)
cp -a "${BUILDROOT}/etc/shadow-" "${tmp}"
mkosi-chroot chage -d "" etcd
cp -a "${tmp}" "${BUILDROOT}/etc/shadow-"