From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 17 Jul 2024 10:40:14 +0000 (+0200)
Subject: Add unprivileged user to default image
X-Git-Tag: v24~30^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96d38ed12fd059ecc003f495dc4fc8a066c41988;p=thirdparty%2Fmkosi.git

Add unprivileged user to default image

Makes testing as an unprivileged user easier. We also install sudo
and polkit in the default image to make auth work.
---

diff --git a/mkosi.conf b/mkosi.conf
index e977078b4..0bae2df22 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -20,6 +20,7 @@ Packages=
         less
         nano
         strace
+        sudo
         systemd
         tmux
         udev
diff --git a/mkosi.conf.d/20-arch.conf b/mkosi.conf.d/20-arch.conf
index 8be11b199..60f92e49b 100644
--- a/mkosi.conf.d/20-arch.conf
+++ b/mkosi.conf.d/20-arch.conf
@@ -15,6 +15,7 @@ Packages=
         linux
         openssh
         perf
+        polkit
         python
         qemu-user-static
         shim
diff --git a/mkosi.conf.d/20-opensuse/mkosi.conf b/mkosi.conf.d/20-opensuse/mkosi.conf
index 578871308..d16bf3541 100644
--- a/mkosi.conf.d/20-opensuse/mkosi.conf
+++ b/mkosi.conf.d/20-opensuse/mkosi.conf
@@ -23,8 +23,10 @@ Packages=
         openssh-server
         patterns-base-minimal_base
         perf
+        polkit
         python3
         qemu-linux-user
         shim
         strace
+        sudo-policy-wheel-auth-self
         systemd-boot
diff --git a/mkosi.conf.d/30-centos-fedora/mkosi.conf b/mkosi.conf.d/30-centos-fedora/mkosi.conf
index 635a38b56..18c1d6747 100644
--- a/mkosi.conf.d/30-centos-fedora/mkosi.conf
+++ b/mkosi.conf.d/30-centos-fedora/mkosi.conf
@@ -15,6 +15,7 @@ Packages=
         openssh-clients
         openssh-server
         perf
+        polkit
         python3
         strace
         systemd-resolved
diff --git a/mkosi.conf.d/30-debian-ubuntu/mkosi.conf b/mkosi.conf.d/30-debian-ubuntu/mkosi.conf
index 365739aae..7f91220ee 100644
--- a/mkosi.conf.d/30-debian-ubuntu/mkosi.conf
+++ b/mkosi.conf.d/30-debian-ubuntu/mkosi.conf
@@ -16,6 +16,7 @@ Packages=
         libtss2-tcti-device0
         openssh-client
         openssh-server
+        polkitd
         python3
         qemu-user-static
         shim-signed
diff --git a/mkosi.postinst b/mkosi.postinst
new file mode 100755
index 000000000..2d62c471b
--- /dev/null
+++ b/mkosi.postinst
@@ -0,0 +1,18 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$DISTRIBUTION" =~ ubuntu|debian ]]; then
+    SUDO_GROUP=sudo
+else
+    SUDO_GROUP=wheel
+fi
+
+mkosi-chroot \
+    useradd \
+    --user-group \
+    --create-home \
+    --password "$(openssl passwd -1 mkosi)" \
+    --groups "$SUDO_GROUP",systemd-journal \
+    --shell /bin/bash \
+    mkosi