mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-03-15 03:26:45 -04:00
image: unset password reset date to ensure reprodicibility (#3466)
* image: unset password reset date
This commit is contained in:
parent
54058eed2a
commit
960499a937
@ -30,6 +30,7 @@ copy_to_directory(
|
||||
mkosi_image(
|
||||
name = "base_" + kernel_variant,
|
||||
srcs = [
|
||||
"mkosi.finalize",
|
||||
"mkosi.postinst",
|
||||
"mkosi.prepare",
|
||||
] + glob([
|
||||
|
14
image/base/mkosi.finalize
Executable file
14
image/base/mkosi.finalize
Executable file
@ -0,0 +1,14 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euxo pipefail
|
||||
|
||||
# For some reason yet unknown, SourceDateEpoch is not applied correctly to the
|
||||
# users added by systemd-sysusers. This has only been observed in our mkosi
|
||||
# flake so far, not in an upstream mkosi configuration.
|
||||
# TODO(burgerdev): wait for a couple of Nix package upgrades and try again?
|
||||
|
||||
# Strategy: unset the "last password change" date without leaving a trace in
|
||||
# /etc/shadow-.
|
||||
tmp=$(mktemp)
|
||||
cp -a "${BUILDROOT}/etc/shadow-" "${tmp}"
|
||||
mkosi-chroot chage -d "" etcd
|
||||
cp -a "${tmp}" "${BUILDROOT}/etc/shadow-"
|
Loading…
x
Reference in New Issue
Block a user