Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-24 06:54:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

image: unset password reset date to ensure reprodicibility (#3466)

Browse source 
* image: unset password reset date
This commit is contained in:
Markus Rudy 2024-11-04 14:53:35 +01:00 committed by GitHub
parent 54058eed2a
commit 960499a937
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
image/base/BUILD.bazel
View file

@ -30,6 +30,7 @@ copy_to_directory(
mkosi_image( mkosi_image(
name = "base_" + kernel_variant, name = "base_" + kernel_variant,
srcs = [ srcs = [
"mkosi.finalize",
"mkosi.postinst", "mkosi.postinst",
"mkosi.prepare", "mkosi.prepare",
] + glob([ ] + glob([

14
image/base/mkosi.finalize Executable file
View file

@ -0,0 +1,14 @@
#!/usr/bin/env bash
set -euxo pipefail
# For some reason yet unknown, SourceDateEpoch is not applied correctly to the
# users added by systemd-sysusers. This has only been observed in our mkosi
# flake so far, not in an upstream mkosi configuration.
# TODO(burgerdev): wait for a couple of Nix package upgrades and try again?
# Strategy: unset the "last password change" date without leaving a trace in
# /etc/shadow-.
tmp=$(mktemp)
cp -a "${BUILDROOT}/etc/shadow-" "${tmp}"
mkosi-chroot chage -d "" etcd
cp -a "${tmp}" "${BUILDROOT}/etc/shadow-"