[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lmi-commits] [lmi] master a75ef22 04/12: Extract blocks into sub-script
|
From: |
Greg Chicares |
|
Subject: |
[lmi-commits] [lmi] master a75ef22 04/12: Extract blocks into sub-scripts #24 |
|
Date: |
Thu, 11 Jun 2020 20:58:32 -0400 (EDT) |
branch: master
commit a75ef222fd8175212d68978beaf6e7c997d7f703
Author: Gregory W. Chicares <gchicares@sbcglobal.net>
Commit: Gregory W. Chicares <gchicares@sbcglobal.net>
Extract blocks into sub-scripts #24
---
lmi_setup_00.sh | 2 ++
lmi_setup_05c.sh | 49 ++----------------------------------
lmi_setup_21.sh | 32 +----------------------
lmi_setup_21.sh => lmi_setup_24.sh | 44 +-------------------------------
lmi_setup_05c.sh => lmi_setup_24c.sh | 31 +----------------------
5 files changed, 7 insertions(+), 151 deletions(-)
diff --git a/lmi_setup_00.sh b/lmi_setup_00.sh
index 55210a5..cba9bd5 100755
--- a/lmi_setup_00.sh
+++ b/lmi_setup_00.sh
@@ -85,6 +85,8 @@ wget -N -nv "${GIT_URL_BASE}"/lmi_setup_13.sh
wget -N -nv "${GIT_URL_BASE}"/lmi_setup_13c.sh
wget -N -nv "${GIT_URL_BASE}"/lmi_setup_20.sh
wget -N -nv "${GIT_URL_BASE}"/lmi_setup_21.sh
+wget -N -nv "${GIT_URL_BASE}"/lmi_setup_24.sh
+wget -N -nv "${GIT_URL_BASE}"/lmi_setup_24c.sh
wget -N -nv "${GIT_URL_BASE}"/lmi_setup_25.sh
wget -N -nv "${GIT_URL_BASE}"/lmi_setup_29.sh
wget -N -nv "${GIT_URL_BASE}"/lmi_setup_30.sh
diff --git a/lmi_setup_05c.sh b/lmi_setup_05c.sh
index 87ba85c..3030b26 100755
--- a/lmi_setup_05c.sh
+++ b/lmi_setup_05c.sh
@@ -57,54 +57,9 @@ sed -i /etc/yum.conf -e's/keepcache=0/keepcache=1/'
yum --assumeyes install ncurses-term less sudo vim zsh
-# Add a normal user, and a corresponding group.
-#
-# This minimal centos chroot lacks openssl, so hardcode a password.
-
-groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
-useradd \
- --gid="${NORMAL_GROUP_GID}" \
- --uid="${NORMAL_USER_UID}" \
- --create-home \
- --shell=/bin/zsh \
- --password="\$1\$\$AYD8bMyx6ho3BnmO3jjb60" \
- "${NORMAL_USER}"
-
-# Where debian has a 'sudo' group, redhat has a 'wheel' group.
-# The difference seems to be nominal; neither is GID 0.
-usermod -aG wheel "${NORMAL_USER}"
-# Nevertheless, after exiting the chroot and reentering as 'greg':
-# $groups greg
-# greg : lmi wheel
-# $sudo visudo
-# sudo: no tty present and no askpass program specified
-# $sudo -S visudo
-# greg is not in the sudoers file. This incident will be reported.
-# $visudo
-# greg is not in the sudoers file.
-# $newgrp wheel
-# $sudo visudo
-# sudo: no tty present and no askpass program specified
-# even though the default /etc/sudoers contains:
-# %wheel<Tab>ALL=(ALL)<Tab>ALL
-# Enabling the 'wheel' group with no password and disabling
-# 'requiretty', as shown below, didn't suffice...so explicitly add
-# the normal user:
-{
- printf '# Customizations:\n'
- printf '\n'
- printf '# Disable "requiretty" if necessary--see:\n'
- printf '# https://bugzilla.redhat.com/show_bug.cgi?id=1020147\n'
- printf '# Defaults !requiretty\n'
- printf '\n'
- printf '%%wheel\tALL=(ALL)\tNOPASSWD: ALL\n'
- printf -- '%s\tALL=(ALL)\tNOPASSWD: ALL\n' "${NORMAL_USER}"
-} >/etc/sudoers.d/"${NORMAL_USER}"
-chmod 0440 /etc/sudoers.d/"${NORMAL_USER}"
-visudo -cs
-
chsh -s /bin/zsh root
-chsh -s /bin/zsh "${NORMAL_USER}"
+
+./lmi_setup_24c.sh
stamp=$(date -u +'%Y%m%dT%H%M%SZ')
echo "$stamp $0: Reconfigured centos chroot." | tee /dev/tty
diff --git a/lmi_setup_21.sh b/lmi_setup_21.sh
index 90593e3..83edd75 100755
--- a/lmi_setup_21.sh
+++ b/lmi_setup_21.sh
@@ -29,37 +29,7 @@ set -evx
assert_su
assert_chrooted
-# Add a normal user, and a corresponding group.
-#
-# No attempt is made to set a real password, because that can't be
-# done securely in a script. A better password can be set later,
-# interactively, if desired. Forcing the dummy password to expire
-# immediately, thus (e.g.):
-# chage -d 0 "${NORMAL_USER}"
-# may seem like a good idea, but invoking schroot with that userid
-# doesn't prompt for a password change.
-#
-# Hardcode the salt so that repeated openssl invocations yield
-# identical results, to avoid gratuitous regressions when comparing
-# successive logs.
-
-groupadd --gid="${NORMAL_GROUP_GID}" "${NORMAL_GROUP}"
-useradd \
- --gid="${NORMAL_GROUP_GID}" \
- --uid="${NORMAL_USER_UID}" \
- --create-home \
- --shell=/bin/zsh \
- --password="$(openssl passwd -1 --salt '' expired)" \
- "${NORMAL_USER}"
-
-usermod -aG sudo "${NORMAL_USER}" || echo "Oops."
-
-# Add an 'lmi' group, which may be useful in a multi-user chroot.
-getent group 1001 || groupadd --gid=1001 lmi || echo "Oops."
-usermod -aG lmi "${NORMAL_USER}" || echo "Oops."
-
-chsh -s /bin/zsh "${NORMAL_USER}"
-
+./lmi_setup_24.sh
./lmi_setup_25.sh
./lmi_setup_29.sh
diff --git a/lmi_setup_21.sh b/lmi_setup_24.sh
similarity index 58%
copy from lmi_setup_21.sh
copy to lmi_setup_24.sh
index 90593e3..0f50f1c 100755
--- a/lmi_setup_21.sh
+++ b/lmi_setup_24.sh
@@ -60,47 +60,5 @@ usermod -aG lmi "${NORMAL_USER}" || echo "Oops."
chsh -s /bin/zsh "${NORMAL_USER}"
-./lmi_setup_25.sh
-./lmi_setup_29.sh
-
-# Repair /usr/share/libtool/.../ltmain.sh as indicated here:
-# https://lists.gnu.org/archive/html/libtool-patches/2011-06/msg00001.html
-# Do this as root because root owns the file to be patched.
-
-cat >~/ltmain.sh.patch <<EOF
---- /usr/share/libtool/build-aux/ltmain.sh.orig 2016-08-20 12:34:31.000000000
+0000
-+++ /usr/share/libtool/build-aux/ltmain.sh 2017-08-10 13:10:28.466155965 +0000
-@@ -5555,7 +5555,7 @@
- /* declarations of non-ANSI functions */
- #if defined __MINGW32__
- # ifdef __STRICT_ANSI__
--int _putenv (const char *);
-+_CRTIMP int _putenv (const char *);
- # endif
- #elif defined __CYGWIN__
- # ifdef __STRICT_ANSI__
-EOF
-
-patch --dry-run --strip=0 --directory=/ <~/ltmain.sh.patch \
- && patch --strip=0 --directory=/ <~/ltmain.sh.patch
-
-# Enable stable and security upgrades--see:
-# https://www.debian.org/releases/stretch/amd64/apds03.html.en#idm4504
-# for a 'stretch' example, and these messages:
-# https://lists.nongnu.org/archive/html/lmi/2019-09/msg00046.html
-# https://lists.nongnu.org/archive/html/lmi/2019-09/msg00047.html
-# for the '-security' line and for the reason why https is not used.
-
-cat >/etc/apt/sources.list <<EOF
-deb http://deb.debian.org/debian/ ${CODENAME} main
-deb http://deb.debian.org/debian/ ${CODENAME}-updates main
-deb http://security.debian.org/ ${CODENAME}-security main
-EOF
-
-# Apply any available upgrades:
-
-apt-get --assume-yes update
-apt-get --assume-yes dist-upgrade
-
stamp=$(date -u +'%Y%m%dT%H%M%SZ')
-echo "$stamp $0: Updated debian chroot." | tee /dev/tty
+echo "$stamp $0: Configured user '${NORMAL_USER}'." | tee /dev/tty
diff --git a/lmi_setup_05c.sh b/lmi_setup_24c.sh
similarity index 74%
copy from lmi_setup_05c.sh
copy to lmi_setup_24c.sh
index 87ba85c..b033e1f 100755
--- a/lmi_setup_05c.sh
+++ b/lmi_setup_24c.sh
@@ -29,34 +29,6 @@ set -evx
assert_su
assert_not_chrooted
-# A _normal_ file /dev/null seems to be created automatically:
-# -rw-r--r-- 1 root root 0 Oct 1 15:44 /dev/null
-# so it needs to be removed to create the pseudo-device.
-
-[ -c /dev/null ] || ( rm --force /dev/null; mknod /dev/null c 1 3)
-chmod 666 /dev/null
-
-# /dev/tty likewise:
-
-[ -c /dev/tty ] || ( rm --force /dev/tty ; mknod /dev/tty c 5 0)
-chmod 666 /dev/tty
-chown root:tty /dev/tty
-
-[ -c /dev/ptmx ] || mknod /dev/ptmx c 5 2
-chmod 666 /dev/ptmx
-[ -d /dev/pts ] || mkdir /dev/pts
-
-mountpoint /dev/pts || mount -t devpts -o rw,nosuid,noexec,relatime,mode=600
devpts /dev/pts
-mountpoint /proc || mount -t proc -o rw,nosuid,nodev,noexec,relatime proc
/proc
-
-findmnt /var/cache/yum
-findmnt /proc
-findmnt /dev/pts
-
-sed -i /etc/yum.conf -e's/keepcache=0/keepcache=1/'
-
-yum --assumeyes install ncurses-term less sudo vim zsh
-
# Add a normal user, and a corresponding group.
#
# This minimal centos chroot lacks openssl, so hardcode a password.
@@ -103,8 +75,7 @@ usermod -aG wheel "${NORMAL_USER}"
chmod 0440 /etc/sudoers.d/"${NORMAL_USER}"
visudo -cs
-chsh -s /bin/zsh root
chsh -s /bin/zsh "${NORMAL_USER}"
stamp=$(date -u +'%Y%m%dT%H%M%SZ')
-echo "$stamp $0: Reconfigured centos chroot." | tee /dev/tty
+echo "$stamp $0: Configured user '${NORMAL_USER}'." | tee /dev/tty
- [lmi-commits] [lmi] master updated (df723ac -> 0331fca), Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 14ff0cb 01/12: Add a note about branching, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master c7016ba 05/12: Add all groups before adding any user, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 6e50a5d 02/12: Create a root-owned file in root's $HOME, not someone else's, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 6a0b050 06/12: Refactor to make multi-user configuration easier, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master a75ef22 04/12: Extract blocks into sub-scripts #24,
Greg Chicares <=
- [lmi-commits] [lmi] master 8bf7f0e 03/12: Extract block into sub-script #29, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 0331fca 12/12: Configure 'wine' for each user, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 4dcd8ee 08/12: Restrict permissions to 644 for home-directory files, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 9ef51ab 09/12: Configure all users, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master 0d823ab 11/12: Merge 'lmi_setup_41.sh' into 'lmi_setup_40.sh', Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master bd371a2 10/12: Move git configuration, Greg Chicares, 2020/06/11
- [lmi-commits] [lmi] master ad3d008 07/12: Simplify vim and zsh configuration, Greg Chicares, 2020/06/11