From 6689537563b5115f0fbd9088fe8ff8c91e5c6b14 Mon Sep 17 00:00:00 2001
From: nl6720 <nl6720@gmail.com>
Date: Fri, 17 Jul 2020 09:04:29 +0300
Subject: Set root user's shell and password with custom /etc/passwd and
 /etc/shadow

Correct shadow file permissions from build.sh.
---
 configs/baseline/airootfs/etc/shadow               |  1 +
 configs/baseline/build.sh                          | 11 +++++++++++
 configs/releng/airootfs/etc/passwd                 |  1 +
 configs/releng/airootfs/etc/shadow                 |  1 +
 configs/releng/airootfs/root/customize_airootfs.sh |  3 ---
 configs/releng/build.sh                            |  3 ++-
 6 files changed, 16 insertions(+), 4 deletions(-)
 create mode 100644 configs/baseline/airootfs/etc/shadow
 create mode 100644 configs/releng/airootfs/etc/passwd
 create mode 100644 configs/releng/airootfs/etc/shadow

diff --git a/configs/baseline/airootfs/etc/shadow b/configs/baseline/airootfs/etc/shadow
new file mode 100644
index 0000000..7edfd69
--- /dev/null
+++ b/configs/baseline/airootfs/etc/shadow
@@ -0,0 +1 @@
+root::14871::::::
diff --git a/configs/baseline/build.sh b/configs/baseline/build.sh
index b86c7c8..d283408 100755
--- a/configs/baseline/build.sh
+++ b/configs/baseline/build.sh
@@ -38,6 +38,16 @@ make_setup_mkinitcpio() {
         -r 'mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img' run
 }
 
+# Prepare working directory and copy custom airootfs files (airootfs)
+make_custom_airootfs() {
+    local _airootfs="${work_dir}/airootfs"
+
+    if [[ -d "${script_path}/airootfs" ]]; then
+        cp -af --no-preserve=ownership -- "${script_path}/airootfs/." "${_airootfs}"
+        [[ -e "${_airootfs}/etc/shadow" ]] && chmod -f 0400 -- "${_airootfs}/etc/shadow"
+    fi
+}
+
 # Prepare ${install_dir}/boot/
 make_boot() {
     mkdir -p "${work_dir}/iso/${install_dir}/boot/${arch}"
@@ -80,6 +90,7 @@ make_iso() {
 
 run_once make_basefs
 run_once make_setup_mkinitcpio
+run_once make_custom_airootfs
 run_once make_boot
 run_once make_syslinux
 run_once make_isolinux
diff --git a/configs/releng/airootfs/etc/passwd b/configs/releng/airootfs/etc/passwd
new file mode 100644
index 0000000..2807d5d
--- /dev/null
+++ b/configs/releng/airootfs/etc/passwd
@@ -0,0 +1 @@
+root:x:0:0:root:/root:/usr/bin/zsh
diff --git a/configs/releng/airootfs/etc/shadow b/configs/releng/airootfs/etc/shadow
new file mode 100644
index 0000000..7edfd69
--- /dev/null
+++ b/configs/releng/airootfs/etc/shadow
@@ -0,0 +1 @@
+root::14871::::::
diff --git a/configs/releng/airootfs/root/customize_airootfs.sh b/configs/releng/airootfs/root/customize_airootfs.sh
index bd9a799..5c98fd6 100755
--- a/configs/releng/airootfs/root/customize_airootfs.sh
+++ b/configs/releng/airootfs/root/customize_airootfs.sh
@@ -5,10 +5,7 @@ set -e -u
 sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
 locale-gen
 
-usermod -s /usr/bin/zsh root
 cp -aT /etc/skel/ /root/
-# unset the root password
-passwd -d root
 
 sed -i 's/#\(PermitRootLogin \).\+/\1yes/' /etc/ssh/sshd_config
 sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist
diff --git a/configs/releng/build.sh b/configs/releng/build.sh
index 7e8321e..327a193 100755
--- a/configs/releng/build.sh
+++ b/configs/releng/build.sh
@@ -125,7 +125,8 @@ make_customize_airootfs() {
     fi
     rm "${work_dir}/x86_64/airootfs/root/customize_airootfs.sh"
 
-    chmod -f 750 "${work_dir}/x86_64/airootfs/root"
+    [[ -e "${work_dir}/x86_64/airootfs/etc/shadow" ]] && chmod -f 0400 -- "${work_dir}/x86_64/airootfs/etc/shadow"
+    [[ -e "${work_dir}/x86_64/airootfs/root" ]] && chmod -f 0750 -- "${work_dir}/x86_64/airootfs/root"
 }
 
 # Prepare kernel/initramfs ${install_dir}/boot/
-- 
cgit v1.2.3-54-g00ecf