From 9f08bf99c6cb80de512a572e6f92accb4aa30169 Mon Sep 17 00:00:00 2001 From: krikchaip Date: Tue, 23 May 2023 09:33:49 +0000 Subject: [PATCH 1/6] alpine defaultZsh fix --- src/common-utils/devcontainer-feature.json | 2 +- src/common-utils/main.sh | 4 ++++ test/common-utils/alpine-base-zsh-default.sh | 13 +++++++++++++ test/common-utils/scenarios.json | 13 +++++++++++-- 4 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 test/common-utils/alpine-base-zsh-default.sh diff --git a/src/common-utils/devcontainer-feature.json b/src/common-utils/devcontainer-feature.json index aadc1bc27..a924aa77a 100644 --- a/src/common-utils/devcontainer-feature.json +++ b/src/common-utils/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "common-utils", - "version": "2.0.10", + "version": "2.0.11", "name": "Common Utilities", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/common-utils", "description": "Installs a set of common command line utilities, Oh My Zsh!, and sets up a non-root user.", diff --git a/src/common-utils/main.sh b/src/common-utils/main.sh index 144478ee1..d7c40aeb1 100644 --- a/src/common-utils/main.sh +++ b/src/common-utils/main.sh @@ -437,6 +437,10 @@ if [ "${INSTALL_ZSH}" = "true" ]; then fi if [ "${CONFIGURE_ZSH_AS_DEFAULT_SHELL}" == "true" ]; then + # Fixing chsh always asking for a password on alpine linux + # ref: https://askubuntu.com/questions/812420/chsh-always-asking-a-password-and-get-pam-authentication-failure. + echo "auth sufficient pam_shells.so" > /etc/pam.d/chsh + chsh --shell /bin/zsh ${USERNAME} fi diff --git a/test/common-utils/alpine-base-zsh-default.sh b/test/common-utils/alpine-base-zsh-default.sh new file mode 100644 index 000000000..9fc00a267 --- /dev/null +++ b/test/common-utils/alpine-base-zsh-default.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +# Optional: Import test library +source dev-container-features-test-lib + +# Definition specific tests +check "alpine default shell zsh" \ + bash -c "getent passwd $(whoami) | awk -F : '{ print $7 }' | grep '/bin/zsh'" + +# Report result +reportResults diff --git a/test/common-utils/scenarios.json b/test/common-utils/scenarios.json index 21cb9408a..9800242e9 100644 --- a/test/common-utils/scenarios.json +++ b/test/common-utils/scenarios.json @@ -143,6 +143,7 @@ "build": { "dockerfile": "Dockerfile" }, + "remoteUser": "vscode", "features": { "common-utils": { "username": "vscode", @@ -151,7 +152,15 @@ "upgradePackages": true, "installZsh": true } - }, - "remoteUser": "vscode" + } + }, + "alpine-base-zsh-default": { + "image": "mcr.microsoft.com/devcontainers/base:alpine", + "remoteUser": "vscode", + "features": { + "common-utils": { + "configureZshAsDefaultShell": true + } + } } } From 98743df481ed8474c0618def677f11511ba2d66c Mon Sep 17 00:00:00 2001 From: krikchaip Date: Mon, 19 Jun 2023 12:28:10 +0000 Subject: [PATCH 2/6] common-utils: replace pam.d/chsh permission with `sufficient` --- src/common-utils/main.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/common-utils/main.sh b/src/common-utils/main.sh index d7c40aeb1..a67189994 100644 --- a/src/common-utils/main.sh +++ b/src/common-utils/main.sh @@ -439,7 +439,11 @@ if [ "${INSTALL_ZSH}" = "true" ]; then if [ "${CONFIGURE_ZSH_AS_DEFAULT_SHELL}" == "true" ]; then # Fixing chsh always asking for a password on alpine linux # ref: https://askubuntu.com/questions/812420/chsh-always-asking-a-password-and-get-pam-authentication-failure. - echo "auth sufficient pam_shells.so" > /etc/pam.d/chsh + if [ -f "/etc/pam.d/chsh" ] && grep -Eq "^auth(.*)pam_rootok\.so$" /etc/pam.d/chsh; then + awk '/^auth(.*)pam_rootok\.so$/ { $2 = "sufficient" } { print }' /etc/pam.d/chsh > /tmp/chsh.tmp && mv /tmp/chsh.tmp /etc/pam.d/chsh + else + echo "auth sufficient pam_rootok.so" > /etc/pam.d/chsh + fi chsh --shell /bin/zsh ${USERNAME} fi From 45e0991cf9f1b62f59c365e86a4481eb81c3e84a Mon Sep 17 00:00:00 2001 From: krikchaip Date: Sat, 24 Jun 2023 19:37:45 +0000 Subject: [PATCH 3/6] common-utils: revert match auth sufficient --- src/common-utils/main.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common-utils/main.sh b/src/common-utils/main.sh index a67189994..ec3ed7894 100644 --- a/src/common-utils/main.sh +++ b/src/common-utils/main.sh @@ -439,7 +439,7 @@ if [ "${INSTALL_ZSH}" = "true" ]; then if [ "${CONFIGURE_ZSH_AS_DEFAULT_SHELL}" == "true" ]; then # Fixing chsh always asking for a password on alpine linux # ref: https://askubuntu.com/questions/812420/chsh-always-asking-a-password-and-get-pam-authentication-failure. - if [ -f "/etc/pam.d/chsh" ] && grep -Eq "^auth(.*)pam_rootok\.so$" /etc/pam.d/chsh; then + if [ -f "/etc/pam.d/chsh" ] && grep -vEq "^auth[[:blank:]]+sufficient[[:blank:]]+pam_rootok\.so$"; then awk '/^auth(.*)pam_rootok\.so$/ { $2 = "sufficient" } { print }' /etc/pam.d/chsh > /tmp/chsh.tmp && mv /tmp/chsh.tmp /etc/pam.d/chsh else echo "auth sufficient pam_rootok.so" > /etc/pam.d/chsh From 0ae570c72222c749911dda57af6962b8bca86187 Mon Sep 17 00:00:00 2001 From: krikchaip Date: Thu, 29 Jun 2023 09:58:16 +0000 Subject: [PATCH 4/6] common-utils: append auth string instead of replacing a whole file --- src/common-utils/main.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common-utils/main.sh b/src/common-utils/main.sh index ec3ed7894..45d975be9 100644 --- a/src/common-utils/main.sh +++ b/src/common-utils/main.sh @@ -442,7 +442,7 @@ if [ "${INSTALL_ZSH}" = "true" ]; then if [ -f "/etc/pam.d/chsh" ] && grep -vEq "^auth[[:blank:]]+sufficient[[:blank:]]+pam_rootok\.so$"; then awk '/^auth(.*)pam_rootok\.so$/ { $2 = "sufficient" } { print }' /etc/pam.d/chsh > /tmp/chsh.tmp && mv /tmp/chsh.tmp /etc/pam.d/chsh else - echo "auth sufficient pam_rootok.so" > /etc/pam.d/chsh + echo "auth sufficient pam_rootok.so" >> /etc/pam.d/chsh fi chsh --shell /bin/zsh ${USERNAME} From 21fa2404a3128f4a18529f2501ae9768fc050f08 Mon Sep 17 00:00:00 2001 From: krikchaip Date: Sun, 2 Jul 2023 17:17:51 +0000 Subject: [PATCH 5/6] fix grep 2nd param --- src/common-utils/main.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common-utils/main.sh b/src/common-utils/main.sh index 45d975be9..b128ee8d5 100644 --- a/src/common-utils/main.sh +++ b/src/common-utils/main.sh @@ -439,7 +439,7 @@ if [ "${INSTALL_ZSH}" = "true" ]; then if [ "${CONFIGURE_ZSH_AS_DEFAULT_SHELL}" == "true" ]; then # Fixing chsh always asking for a password on alpine linux # ref: https://askubuntu.com/questions/812420/chsh-always-asking-a-password-and-get-pam-authentication-failure. - if [ -f "/etc/pam.d/chsh" ] && grep -vEq "^auth[[:blank:]]+sufficient[[:blank:]]+pam_rootok\.so$"; then + if [ -f "/etc/pam.d/chsh" ] && grep -vEq "^auth[[:blank:]]+sufficient[[:blank:]]+pam_rootok\.so$" /etc/pam.d/chsh; then awk '/^auth(.*)pam_rootok\.so$/ { $2 = "sufficient" } { print }' /etc/pam.d/chsh > /tmp/chsh.tmp && mv /tmp/chsh.tmp /etc/pam.d/chsh else echo "auth sufficient pam_rootok.so" >> /etc/pam.d/chsh From e4b82582eea4b8bb8ab4ee8429aa9216bdc2ad8f Mon Sep 17 00:00:00 2001 From: krikchaip Date: Sun, 30 Jul 2023 14:51:11 +0000 Subject: [PATCH 6/6] fix: line checking condition --- src/common-utils/main.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/common-utils/main.sh b/src/common-utils/main.sh index b128ee8d5..6d5ac0719 100644 --- a/src/common-utils/main.sh +++ b/src/common-utils/main.sh @@ -439,10 +439,10 @@ if [ "${INSTALL_ZSH}" = "true" ]; then if [ "${CONFIGURE_ZSH_AS_DEFAULT_SHELL}" == "true" ]; then # Fixing chsh always asking for a password on alpine linux # ref: https://askubuntu.com/questions/812420/chsh-always-asking-a-password-and-get-pam-authentication-failure. - if [ -f "/etc/pam.d/chsh" ] && grep -vEq "^auth[[:blank:]]+sufficient[[:blank:]]+pam_rootok\.so$" /etc/pam.d/chsh; then - awk '/^auth(.*)pam_rootok\.so$/ { $2 = "sufficient" } { print }' /etc/pam.d/chsh > /tmp/chsh.tmp && mv /tmp/chsh.tmp /etc/pam.d/chsh - else + if [ ! -f "/etc/pam.d/chsh" ] || ! grep -Eq '^auth(.*)pam_rootok\.so$' /etc/pam.d/chsh; then echo "auth sufficient pam_rootok.so" >> /etc/pam.d/chsh + elif [[ -n "$(awk '/^auth(.*)pam_rootok\.so$/ && !/^auth[[:blank:]]+sufficient[[:blank:]]+pam_rootok\.so$/' /etc/pam.d/chsh)" ]]; then + awk '/^auth(.*)pam_rootok\.so$/ { $2 = "sufficient" } { print }' /etc/pam.d/chsh > /tmp/chsh.tmp && mv /tmp/chsh.tmp /etc/pam.d/chsh fi chsh --shell /bin/zsh ${USERNAME}