nuageinit: validate set-name to prevent shell injection in variable names
Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation that set-name
only matches [a-zA-Z0-9]+; invalid values are rejected with a
warning and the rename is skipped entirely.
(cherry picked from commit 13fb6dbc738f4ba30e78a8fb21efa1382c520d33)
nuageinit: use single-quote shell escaping for hostname in rc.conf.d
The hostname value was written inside double quotes in
/etc/rc.conf.d/hostname. POSIX shell performs command substitution
inside double quotes, so a hostname containing $() or backticks would
be executed when the file is sourced (e.g., by rc(8)).
Switch to using the existing shell_escape() helper, which wraps values
in single quotes. In POSIX shell, single-quoted strings are completely
literal — no expansion or substitution of any kind is performed.
While the hostname is already validated to contain only
[a-zA-Z0-9.-], this change provides defense-in-depth so the output
format is safe regardless of future validation changes.
Reported by: Yazdan Soltani <yazdan.soltani at gmail.com>
(cherry picked from commit da3890fdccfa7d540ea746182248299b81f95345)
nuageinit: implement phone_home support
Posts instance data (hostname, instance_id, public keys) to a URL
using fetch(1). Supports:
- url: target URL
- post: list of data items to send, or 'all'
- tries: number of retry attempts (default 1)
(cherry picked from commit 58653bf4d0fb8ccd5de146d671ec101a1df0ede0)
nuageinit: implement MIME multipart user-data support
Add support for MIME multipart/mixed user-data, allowing a single
user-data blob to contain multiple parts with different content types.
(cherry picked from commit be711ade6f66506fb2cae9fd33b142ce910f0346)
nuageinit: implement ntp support
Add support for the 'ntp' cloud-config key which configures NTP
by writing /etc/ntp.conf with server and pool entries.
(cherry picked from commit 6d27d52ccd35d1980e99bc2fc4dae602334d28af)
nuageinit: implement ca_certs support
Add support for the 'ca_certs' cloud-config key which manages
CA certificates by writing them to /etc/ssl/certs/ and running
certctl rehash.
(cherry picked from commit b56f029add4825b21b2957f19ccfbb219a3f96cb)
nuageinit: implement ssh_authkey_fingerprints support
Add support for the 'ssh_authkey_fingerprints' cloud-config key
which logs SSH host key fingerprints to the console via ssh-keygen.
(cherry picked from commit d7984912385cc5a191547dc6c2d73acba25e2239)
pw: fix const qualification in unquote()
The unquote() function took a const char * parameter but modified the
string in-place (removing quote characters). Change the parameter to
char * and update callers that passed const char * to cast explicitly.
(cherry picked from commit 5f9c8f142d1702f5810618e02534054d28d22fa5)
nuageinit: implement mounts support
Add support for the 'mounts' cloud-config key which configures
mount points by appending entries to /etc/fstab and creating
the corresponding directories.
(cherry picked from commit 797dad91ff468a9bd6cd5d4f720eb4bbac1f454a)
nuageinit: implement resolv_conf support
Add support for the 'resolv_conf' cloud-config key which writes
directly to /etc/resolv.conf.
(cherry picked from commit 4662263c246fd9c31cf0f03089845140114445bc)
nuageinit: implement bootcmd support
Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.
- nuageinit: bootcmd() function follows the same pattern as runcmd(),
writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
It is the first entry in the pre_network_calls table.
- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
after /usr/libexec/nuageinit completes, before unmounting the config
drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.
(cherry picked from commit b9be7608cd13888a32815bfb2263e20855706969)
pw: fix uninitialized name pointer in pw_group_del
The 'name' variable could be left uninitialized if neither the
positional argument nor -n is supplied, leading to undefined
behavior when passed to getgroup().
(cherry picked from commit 13f4a37b536b60d559c766b3ec4f2d5d25279ea3)
nuageinit: implement manage_etc_hosts support
Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc_hosts: true).
create a revolve_hostname helper to avoid code duplucation.
(cherry picked from commit ba58e8ad726318ed59b6cc5934435dbddbe23dac)
nuageinit: complete SSH support with ssh_deletekeys and disable_root
Add missing SSH cloud-config options from cloud-init spec:
- ssh_deletekeys: remove existing SSH host keys on first boot so
new ones are generated automatically by sshd(8).
Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
with a directory existence guard via lfs.attributes().
- disable_root: set PermitRootLogin to 'no' (or a custom value via
disable_root_opts) in /etc/ssh/sshd_config.
- disable_root_opts: optional string or array to override the
PermitRootLogin value used when disable_root is true. Only the
first array element is used.
(cherry picked from commit 22c1f5d0ec215e36dd4448b9128b856b5441d21c)
nuageinit: fix TOCTOU in addsshkey, adddoas, addsudo
Replace check-then-create patterns with direct creation:
- addsshkey: check what exists before creation, use mkdir_p() for
.ssh directory, handle errors with warnmsg() instead of assert().
Apply chmod/chown only on newly created files/directories.
- adddoas: same pattern for doas.conf and the etc directory.
- addsudo: same pattern for the sudoers file and sudoers.d directory.
All three functions now use warnmsg() for error handling instead of
returning nil,err or using assert().
(cherry picked from commit cf5722ed60cf271e516927684c90464debb37496)
nuageinit: fix update_sshd_config crash when file does not exist
Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.
Also replace the fragile simultaneous r+ + temp file approach with
a cleaner read-then-write pattern: read all lines into memory, modify
as needed, then write to a temp file and rename. All assert() calls
replaced with proper error handling via warnmsg().
Add test case for missing file creation.
(cherry picked from commit 0ba9b7b7f815b57f1c121b0f78eaee02d2cdd414)