build_library: Add a hack for shadow group ownership

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
2026-05-05 04:06:33 +02:00 · 2025-11-28 15:34:32 +01:00 · 2025-11-28 15:34:32 +01:00 · 257a3c6eab
commit 257a3c6eab
parent 0c21b66778
1 changed files with 11 additions and 0 deletions
--- a/build_library/build_image_util.sh
+++ b/build_library/build_image_util.sh
@ -728,6 +728,17 @@ EOF
    sudo setfiles -Dv -r "${root_fs_dir}" "${root_fs_dir}"/etc/selinux/mcs/contexts/files/file_contexts "${root_fs_dir}"/etc
  fi

+  # Temporary hack: set group ownership of /etc/{g,}shadow to the
+  # shadow group, that way unix_chkpwd, chage and expiry can act on
+  # those files.
+  #
+  # This permissions setting should likely be done in some ebuild, but
+  # currently files in /usr/share/baselayout are installed by the
+  # baselayout package, we don't want to add more deps to it.
+  sudo chgrp \
+      --reference="${root_fs_dir}/usr/bin/chage" \
+      "${root_fs_dir}"/{etc,usr/share/baselayout}/{g,}shadow
+
  # Backup the /etc contents to /usr/share/flatcar/etc to serve as
  # source for creating missing files. Make sure that the preexisting
  # /usr/share/flatcar/etc does not have any meaningful (non-empty)