From 573efaddb358b9ff7418ad2580556dd5f604e3f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Deckert?= <joergd@bitquell.de>
Date: Sat, 15 Jul 2023 16:53:53 +0200
Subject: [PATCH] default appliance: add p7zip, create /etc/sudoers.d

---
 appliances/default/Makefile | 13 +++++++------
 appliances/default/world    |  1 +
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/appliances/default/Makefile b/appliances/default/Makefile
index 35e002d..bb1b0fb 100644
--- a/appliances/default/Makefile
+++ b/appliances/default/Makefile
@@ -16,12 +16,12 @@ $(HARDENED):
 	RUN $(EMERGE) $(USEPKG) --emptytree @world
 	RUN $(EMERGE) --depclean --with-bdeps=n
 	RUN bash -c 'yes YES | etc-update --automode -9'
-##ifneq ($(EXTERNAL_KERNEL),YES)
-##	if ! grep -q "$(shell /usr/bin/gcc --version | grep gcc)" "$(shell cat $(KERNEL_PATH))/.config"; then \
-##		RUN $(EMERGE) $(USEPKG) --onlydeps --oneshot --noreplace sys-kernel/$(KERNEL_PKG); \
-##		RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) clean oldconfig modules_prepare; \
-##	fi
-##endif
+ifneq ($(EXTERNAL_KERNEL),YES)
+	if ! grep -q "$(shell /usr/bin/gcc --version | grep gcc)" "$(shell cat $(KERNEL_PATH))/.config"; then \
+		RUN $(EMERGE) $(USEPKG) --onlydeps --oneshot --noreplace sys-kernel/$(KERNEL_PKG); \
+		RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) clean oldconfig $(KERNEL_MODULES_PREPARE); \
+	fi
+endif
 	touch $(HARDENED)
 
 $(timesyncd_conf): default/timesyncd.conf
@@ -44,6 +44,7 @@ $(PAM_SSH_AGENT_AUTH):
 	sed -i 's/# %wheel ALL=(ALL:ALL) NOPASSWD: ALL/%wheel ALL=(ALL:ALL) NOPASSWD: ALL/' $(CHROOT)/etc/sudoers
 	sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth    substack                system-auth#' $(CHROOT)/etc/pam.d/sudo
 	sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth    substack                system-auth#' $(CHROOT)/etc/pam.d/sudo-i
+	mkdir -p $(CHROOT)/etc/sudoers.d
 	echo "Defaults   env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock
 	touch $(PAM_SSH_AGENT_AUTH)
 
diff --git a/appliances/default/world b/appliances/default/world
index cbc18da..a273447 100644
--- a/appliances/default/world
+++ b/appliances/default/world
@@ -1,5 +1,6 @@
 app-admin/logrotate
 app-admin/sudo
+app-arch/p7zip
 app-emulation/open-vm-tools
 app-emulation/qemu-guest-agent
 app-misc/mc