image.in, stage2: reworked TCB fixup hook

The issue at hand is that: /etc/tcb/USER/shadow gets USER:auth ownership (OK); /etc/tcb/USER/shadow- backup file is root:root (broken); /etc/tcb/USER/shadow.lock file is also root:root (broken). This is observed for all pseudousers created by package installation process within working chroots as well as for users created by deflogin feature; the problem is that e.g. echo USER:PASS | chpasswd will break. Looks like the cuplrit might be fakeroot/faked.

image.in, stage2: reworked TCB fixup hook
5427f3af · Michael Shigorin · e02d0cf9 · e02d0cf9 · 5427f3af · 5427f3af
Commit 5427f3af authored Nov 16, 2015 by Michael Shigorin
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 8 deletions

09-tcb-fix image.in/image-scripts.d/09-tcb-fix +0 -8

99-tcb-fix image.in/image-scripts.d/99-tcb-fix +5 -0

99-tcb-fix sub.in/stage2/image-scripts.d/99-tcb-fix +5 -0

No files found.
--- a/image.in/image-scripts.d/09-tcb-fix
+++ b/image.in/image-scripts.d/09-tcb-fix
-#!/bin/sh -e
-# /etc/tcb/<user>/shadow* permissions can be wrong
-# if an account was created from installed package
-
-cd /etc/tcb
-for u in *; do
-	chown "$u":auth "$u"/shadow*
-done
--- a/image.in/image-scripts.d/99-tcb-fix
+++ b/image.in/image-scripts.d/99-tcb-fix
+#!/bin/sh -e
+# drop intermediate files not needed in the image
+# which receive broken permissions in fakeroot environment
+
+rm -f /etc/tcb/*/shadow{-,.lock}
--- a/sub.in/stage2/image-scripts.d/99-tcb-fix
+++ b/sub.in/stage2/image-scripts.d/99-tcb-fix
+#!/bin/sh -e
+# drop intermediate files not needed in the image
+# which receive broken permissions in fakeroot environment
+
+rm -f /etc/tcb/*/shadow{-,.lock}