mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-19 14:31:48 +01:00
6a277d6e8c
- pkg(8) cannot be removed before subsequent reinvocations - The PKG_CACHEDIR cannot be cleaned after the repo*.sqlite has been removed - pkg(8) cannot be removed as a precursor to any of the other steps involved here MFC after: 3 days X-MFC-With: r285722 X-MFC-Before: 10.2-{BETA3,RC1} (whichever happens next) Sponsored by: The FreeBSD Foundation
76 lines
3.2 KiB
Bash
76 lines
3.2 KiB
Bash
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# Packages to install into the image we're creating. This is a deliberately
|
|
# minimalist set, providing only the packages necessary to bootstrap.
|
|
export VM_EXTRA_PACKAGES="firstboot-freebsd-update firstboot-pkgs"
|
|
|
|
# Set to a list of third-party software to enable in rc.conf(5).
|
|
export VM_RC_LIST="firstboot_freebsd_update firstboot_pkgs"
|
|
|
|
vagrant_common () {
|
|
# The firstboot_pkgs rc.d script will download the repository
|
|
# catalogue and install or update pkg when the instance first
|
|
# launches, so these files would just be replaced anyway; removing
|
|
# them from the image allows it to boot faster.
|
|
env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} clean -y -a
|
|
env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} delete -f -y pkg
|
|
rm ${DESTDIR}/var/db/pkg/repo-*.sqlite
|
|
|
|
# Vagrant instances use DHCP to get their network configuration.
|
|
echo 'ifconfig_DEFAULT="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf
|
|
|
|
# Enable sshd by default
|
|
echo 'sshd_enable="YES"' >> ${DESTDIR}/etc/rc.conf
|
|
# Disable DNS lookups by default to make SSH connect quickly
|
|
echo 'UseDNS no' >> ${DESTDIR}/etc/ssh/sshd_config
|
|
|
|
# Disable sendmail
|
|
echo 'sendmail_enable="NO"' >> ${DESTDIR}/etc/rc.conf
|
|
echo 'sendmail_submit_enable="NO"' >> ${DESTDIR}/etc/rc.conf
|
|
echo 'sendmail_outbound_enable="NO"' >> ${DESTDIR}/etc/rc.conf
|
|
echo 'sendmail_msp_queue_enable="NO"' >> ${DESTDIR}/etc/rc.conf
|
|
|
|
# Create the vagrant user with a password of vagrant
|
|
/usr/sbin/pw -R ${DESTDIR} \
|
|
groupadd vagrant -g 1001
|
|
chroot ${DESTDIR} mkdir -p /home/vagrant
|
|
/usr/sbin/pw -R ${DESTDIR} \
|
|
useradd vagrant \
|
|
-m -M 0755 -w yes -n vagrant -u 1001 -g 1001 -G 0 \
|
|
-c 'Vagrant User' -d '/home/vagrant' -s '/bin/csh'
|
|
|
|
# Change root's password to vagrant
|
|
echo 'vagrant' | /usr/sbin/pw -R ${DESTDIR} \
|
|
usermod root -h 0
|
|
|
|
# Configure sudo to allow the vagrant user
|
|
echo 'vagrant ALL=(ALL) NOPASSWD: ALL' >> ${DESTDIR}/usr/local/etc/sudoers
|
|
|
|
# Configure the vagrant ssh key
|
|
mkdir ${DESTDIR}/home/vagrant/.ssh
|
|
chmod 700 ${DESTDIR}/home/vagrant/.ssh
|
|
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys
|
|
chown -R 1001 ${DESTDIR}/home/vagrant/.ssh
|
|
chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys
|
|
|
|
# Reboot quickly, Don't wait at the panic screen
|
|
echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf
|
|
echo 'debug.debugger_on_panic=0' >> ${DESTDIR}/etc/sysctl.conf
|
|
echo 'kern.panic_reboot_wait_time=0' >> ${DESTDIR}/etc/sysctl.conf
|
|
|
|
# The console is not interactive, so we might as well boot quickly.
|
|
echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
|
|
|
|
# The first time the VM boots, the installed "first boot" scripts
|
|
# should be allowed to run:
|
|
# * growfs (expand the filesystem to fill the provided disk)
|
|
# * firstboot_freebsd_update (install critical updates)
|
|
# * firstboot_pkgs (install packages)
|
|
touch ${DESTDIR}/firstboot
|
|
|
|
return 0
|
|
}
|