nuageinit: validate set-name to prevent shell injection in variable names
Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation that set-name
only matches [a-zA-Z0-9]+; invalid values are rejected with a
warning and the rename is skipped entirely.
(cherry picked from commit 13fb6dbc738f4ba30e78a8fb21efa1382c520d33)
nuageinit: use single-quote shell escaping for hostname in rc.conf.d
The hostname value was written inside double quotes in
/etc/rc.conf.d/hostname. POSIX shell performs command substitution
inside double quotes, so a hostname containing $() or backticks would
be executed when the file is sourced (e.g., by rc(8)).
Switch to using the existing shell_escape() helper, which wraps values
in single quotes. In POSIX shell, single-quoted strings are completely
literal — no expansion or substitution of any kind is performed.
While the hostname is already validated to contain only
[a-zA-Z0-9.-], this change provides defense-in-depth so the output
format is safe regardless of future validation changes.
Reported by: Yazdan Soltani <yazdan.soltani at gmail.com>
(cherry picked from commit da3890fdccfa7d540ea746182248299b81f95345)
[InstCombine] Create new instructions instead of in-place operand replacement (#115988)
Fixes https://github.com/llvm/llvm-project/issues/115890.
Currently it doesn't affect final codegen. But we may suffer from this
problem when we utilize these attributes for further optimization (e.g.,
https://github.com/llvm/llvm-project/pull/111284). This test case is
reduced from a csmith-generated C program. And I believe this problem
also exists in real-world programs.
nuageinit: implement phone_home support
Posts instance data (hostname, instance_id, public keys) to a URL
using fetch(1). Supports:
- url: target URL
- post: list of data items to send, or 'all'
- tries: number of retry attempts (default 1)
(cherry picked from commit 58653bf4d0fb8ccd5de146d671ec101a1df0ede0)
nuageinit: implement MIME multipart user-data support
Add support for MIME multipart/mixed user-data, allowing a single
user-data blob to contain multiple parts with different content types.
(cherry picked from commit be711ade6f66506fb2cae9fd33b142ce910f0346)
nuageinit: implement ntp support
Add support for the 'ntp' cloud-config key which configures NTP
by writing /etc/ntp.conf with server and pool entries.
(cherry picked from commit 6d27d52ccd35d1980e99bc2fc4dae602334d28af)
nuageinit: implement ca_certs support
Add support for the 'ca_certs' cloud-config key which manages
CA certificates by writing them to /etc/ssl/certs/ and running
certctl rehash.
(cherry picked from commit b56f029add4825b21b2957f19ccfbb219a3f96cb)
nuageinit: implement ssh_authkey_fingerprints support
Add support for the 'ssh_authkey_fingerprints' cloud-config key
which logs SSH host key fingerprints to the console via ssh-keygen.
(cherry picked from commit d7984912385cc5a191547dc6c2d73acba25e2239)
pw: fix const qualification in unquote()
The unquote() function took a const char * parameter but modified the
string in-place (removing quote characters). Change the parameter to
char * and update callers that passed const char * to cast explicitly.
(cherry picked from commit 5f9c8f142d1702f5810618e02534054d28d22fa5)
nuageinit: implement mounts support
Add support for the 'mounts' cloud-config key which configures
mount points by appending entries to /etc/fstab and creating
the corresponding directories.
(cherry picked from commit 797dad91ff468a9bd6cd5d4f720eb4bbac1f454a)
nuageinit: implement resolv_conf support
Add support for the 'resolv_conf' cloud-config key which writes
directly to /etc/resolv.conf.
(cherry picked from commit 4662263c246fd9c31cf0f03089845140114445bc)
nuageinit: implement bootcmd support
Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.
- nuageinit: bootcmd() function follows the same pattern as runcmd(),
writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
It is the first entry in the pre_network_calls table.
- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
after /usr/libexec/nuageinit completes, before unmounting the config
drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.
(cherry picked from commit b9be7608cd13888a32815bfb2263e20855706969)
pw: fix uninitialized name pointer in pw_group_del
The 'name' variable could be left uninitialized if neither the
positional argument nor -n is supplied, leading to undefined
behavior when passed to getgroup().
(cherry picked from commit 13f4a37b536b60d559c766b3ec4f2d5d25279ea3)
