Verified Commit eb0c127b authored by Santiago Torres-Arias's avatar Santiago Torres-Arias Committed by hashworks
Browse files

Makefile: use sysusers directly

Instead of using the libalpm systemd-syusers hook, use sysusers
directly. The --root parameter allows us to avoid using the host's
namespace and populate using the conf files in the target's build
parent c0e73cd9
......@@ -22,7 +22,6 @@ FROM scratch AS root
COPY --from=verify /rootfs/ /
RUN ldconfig
RUN /usr/share/libalpm/scripts/systemd-hook sysusers
CMD ["/usr/bin/bash"]
......@@ -23,6 +23,9 @@ fakechroot -- fakeroot -- chroot $(BUILDDIR) update-ca-trust
ln -fs /usr/lib/os-release $(BUILDDIR)/etc/os-release
# add system users
fakechroot -- fakeroot -- chroot $(BUILDDIR) /usr/bin/systemd-sysusers --root "/"
# remove passwordless login for root (see CVE-2019-5021 for reference)
sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment