Busybox's adduser is hardcoded to operate on /etc/passwd and create /etc/passwd+ as a temporary file, which won't work for us with read-only /. Shadow's useradd supports specifying a prefix, so it will be able to operate on /run/etc/passwd and create sibling temporary files. This will let us create new users at runtime. Signed-off-by: Alyssa Ross <hi@alyssa.is> Message-ID: <20251209085628.603316-2-hi@alyssa.is> --- v2: no change v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251209085628.603316-... host/rootfs/busybox-config | 3 +++ host/rootfs/default.nix | 11 ++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/host/rootfs/busybox-config b/host/rootfs/busybox-config index f2fd5fca..18687738 100644 --- a/host/rootfs/busybox-config +++ b/host/rootfs/busybox-config @@ -11,6 +11,7 @@ CONFIG_CHATTR n CONFIG_CHCPU n CONFIG_CHMEM n CONFIG_CHOOM n +CONFIG_CHPASSWD n CONFIG_CHRT n CONFIG_COLCRT n CONFIG_COLRM n @@ -57,6 +58,7 @@ CONFIG_LDATTACH n CONFIG_LINUX32 n CONFIG_LINUX64 n CONFIG_LOGGER n +CONFIG_LOGIN n CONFIG_LOOK n CONFIG_LOSETUP n CONFIG_LSATTR n @@ -88,6 +90,7 @@ CONFIG_NAMEI n CONFIG_NOLOGIN n CONFIG_NSENTER n CONFIG_PARTX n +CONFIG_PASSWD n CONFIG_PIPESZ n CONFIG_PIVOT_ROOT n CONFIG_POWEROFF n diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix index abdd8b28..d86d8cc8 100644 --- a/host/rootfs/default.nix +++ b/host/rootfs/default.nix @@ -13,7 +13,7 @@ pkgsMusl.callPackage ( , btrfs-progs, bubblewrap, busybox, cloud-hypervisor, cosmic-files , crosvm, cryptsetup, dejavu_fonts, dbus, execline, foot, fuse3 , iproute2, inotify-tools, jq, kmod, mdevd, mesa, mount-flatpak, s6 -, s6-linux-init, socat, systemd, util-linuxMinimal, virtiofsd +, s6-linux-init, shadow, socat, systemd, util-linuxMinimal, virtiofsd , westonLite, xdg-desktop-portal, xdg-desktop-portal-gtk , xdg-desktop-portal-spectrum-host }: @@ -27,8 +27,8 @@ let packages = [ btrfs-progs bubblewrap cloud-hypervisor cosmic-files crosvm cryptsetup dbus execline fuse3 inotify-tools iproute2 jq kmod mdevd mount-flatpak s6 - s6-linux-init s6-rc socat spectrum-host-tools spectrum-router - util-linuxMinimal virtiofsd xdg-desktop-portal-spectrum-host + s6-linux-init s6-rc shadow socat spectrum-host-tools spectrum-router + virtiofsd xdg-desktop-portal-spectrum-host (foot.override { allowPgo = false; }) @@ -36,6 +36,11 @@ let # Use a separate file as it is a bit too big. extraConfig = builtins.readFile ./busybox-config; }) + + (util-linuxMinimal.overrideAttrs ({ configureFlags ? [], ... }: { + # Conflicts with shadow. + configureFlags = configureFlags ++ [ "--disable-nologin" ]; + })) ]; nixosAllHardware = nixos ({ modulesPath, ... }: { -- 2.51.0