From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id D4EC11560D; Tue, 09 Dec 2025 08:56:54 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 462DA15552; Tue, 09 Dec 2025 08:56:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fout-a5-smtp.messagingengine.com (fout-a5-smtp.messagingengine.com [103.168.172.148]) by atuin.qyliss.net (Postfix) with ESMTPS id 4B33B15548 for ; Tue, 09 Dec 2025 08:56:47 +0000 (UTC) Received: from phl-compute-01.internal (phl-compute-01.internal [10.202.2.41]) by mailfout.phl.internal (Postfix) with ESMTP id 3B7A1EC062A for ; Tue, 9 Dec 2025 03:56:44 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-01.internal (MEProxy); Tue, 09 Dec 2025 03:56:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1765270604; x= 1765357004; bh=+KQ/3CXCC6qBOoiVMq4wZ8ZKN5uAPdEon4Kidb4C6sc=; b=D NujJVFGdi4VNAwCWZS0YD0ooPbQNrF3tMezOPiymKAgjmMD1FcPIqb/WXwdVmi3X vKy32TG5Hzj031E6oZqgk+x9TxGSsvTuWn4l54RhJXHsh84g2ajME/DUA4O65v5F wT0UBtRem9iebnZLDluyAKAWbbn5PtADNMzNu6rf1HyfD53dst2dsEmP72LhYToW NfTeZIhOCGgPPJEbZs3mX3ARELUcFAR9YX7PFre0kSVhlCoKx/d7lhik/t2Ce+Nd 4hmyG/Kw3JC/0VHCOEwWnAzRrIY+NnnaShCOxUU1mU+Rol1myNdXBX/QaeuHz4h0 aYQg6SmFY1JuLArlGFnZA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1765270604; x=1765357004; bh=+KQ/3CXCC6qBOoiVMq4wZ8ZKN5uA PdEon4Kidb4C6sc=; b=BL5oDN+xqw/9qViCxE0CLfj98pqbizdJxXvsOiMFlXw1 47uUACf8Q3MFeqddxUPySt8FM1PJWixYBxFJBVsMlYAxhejwB8vVYvygcJlRM6ZR bA69vTHPCkxafWxEj7CFkOtKVwZJkp9yKSPcc/zo/EZvtDWtNyGG1UQwLg3lxxTJ juyKHhRPTRTrT3grEY8+ZcE1+JPEoiLAXWkalSJB2H1tqsVZlGnzS/RnQwda2Rl6 TX7sLAAuk/2op9SbZlrnBFON6xX7USqRmHmsOqkTee6k00LEMTvhnS2tfMc8dJf1 sXj9inM9TYh80jAtRaj0ULRDPtXzDFdWP+w6NvW/pg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdduledufecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecunecujfgurhephffvufffkffojghfggfgsedtkeertdertd dtnecuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdrihhsqeen ucggtffrrghtthgvrhhnpefgfedukedvleeileeludefveehgeelgfegvddujedvtdffue euveffheeljeekvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhl fhhrohhmpehhihesrghlhihsshgrrdhishdpnhgspghrtghpthhtohepuddpmhhouggvpe hsmhhtphhouhhtpdhrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdhoshdrohhr gh X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Tue, 9 Dec 2025 03:56:43 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id 7A9DB5EFA730; Tue, 09 Dec 2025 09:56:32 +0100 (CET) From: Alyssa Ross To: devel@spectrum-os.org Subject: [PATCH 2/5] host/rootfs: install shadow Date: Tue, 9 Dec 2025 09:56:25 +0100 Message-ID: <20251209085628.603316-2-hi@alyssa.is> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251209085628.603316-1-hi@alyssa.is> References: <20251209085628.603316-1-hi@alyssa.is> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: N65ZJ5CMMDYTTLUJHHT7NPLHDZC3TNH4 X-Message-ID-Hash: N65ZJ5CMMDYTTLUJHHT7NPLHDZC3TNH4 X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Busybox's adduser is hardcoded to operate on /etc/passwd and create /etc/passwd+ as a temporary file, which won't work for us with read-only /. Shadow's useradd supports specifying a prefix, so it will be able to operate on /run/etc/passwd and create sibling temporary files. This will let us create new users at runtime. Signed-off-by: Alyssa Ross --- host/rootfs/busybox-config | 3 +++ host/rootfs/default.nix | 11 ++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/host/rootfs/busybox-config b/host/rootfs/busybox-config index f2fd5fc..1868773 100644 --- a/host/rootfs/busybox-config +++ b/host/rootfs/busybox-config @@ -11,6 +11,7 @@ CONFIG_CHATTR n CONFIG_CHCPU n CONFIG_CHMEM n CONFIG_CHOOM n +CONFIG_CHPASSWD n CONFIG_CHRT n CONFIG_COLCRT n CONFIG_COLRM n @@ -57,6 +58,7 @@ CONFIG_LDATTACH n CONFIG_LINUX32 n CONFIG_LINUX64 n CONFIG_LOGGER n +CONFIG_LOGIN n CONFIG_LOOK n CONFIG_LOSETUP n CONFIG_LSATTR n @@ -88,6 +90,7 @@ CONFIG_NAMEI n CONFIG_NOLOGIN n CONFIG_NSENTER n CONFIG_PARTX n +CONFIG_PASSWD n CONFIG_PIPESZ n CONFIG_PIVOT_ROOT n CONFIG_POWEROFF n diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix index abdd8b2..d86d8cc 100644 --- a/host/rootfs/default.nix +++ b/host/rootfs/default.nix @@ -13,7 +13,7 @@ pkgsMusl.callPackage ( , btrfs-progs, bubblewrap, busybox, cloud-hypervisor, cosmic-files , crosvm, cryptsetup, dejavu_fonts, dbus, execline, foot, fuse3 , iproute2, inotify-tools, jq, kmod, mdevd, mesa, mount-flatpak, s6 -, s6-linux-init, socat, systemd, util-linuxMinimal, virtiofsd +, s6-linux-init, shadow, socat, systemd, util-linuxMinimal, virtiofsd , westonLite, xdg-desktop-portal, xdg-desktop-portal-gtk , xdg-desktop-portal-spectrum-host }: @@ -27,8 +27,8 @@ let packages = [ btrfs-progs bubblewrap cloud-hypervisor cosmic-files crosvm cryptsetup dbus execline fuse3 inotify-tools iproute2 jq kmod mdevd mount-flatpak s6 - s6-linux-init s6-rc socat spectrum-host-tools spectrum-router - util-linuxMinimal virtiofsd xdg-desktop-portal-spectrum-host + s6-linux-init s6-rc shadow socat spectrum-host-tools spectrum-router + virtiofsd xdg-desktop-portal-spectrum-host (foot.override { allowPgo = false; }) @@ -36,6 +36,11 @@ let # Use a separate file as it is a bit too big. extraConfig = builtins.readFile ./busybox-config; }) + + (util-linuxMinimal.overrideAttrs ({ configureFlags ? [], ... }: { + # Conflicts with shadow. + configureFlags = configureFlags ++ [ "--disable-nologin" ]; + })) ]; nixosAllHardware = nixos ({ modulesPath, ... }: { -- 2.51.0