default appliance: add p7zip, create /etc/sudoers.d
This commit is contained in:
Jörg Deckert
parent
804560ea06
commit
573efaddb3
|
|
@ -16,12 +16,12 @@ $(HARDENED):
|
||||||
RUN $(EMERGE) $(USEPKG) --emptytree @world
|
RUN $(EMERGE) $(USEPKG) --emptytree @world
|
||||||
RUN $(EMERGE) --depclean --with-bdeps=n
|
RUN $(EMERGE) --depclean --with-bdeps=n
|
||||||
RUN bash -c 'yes YES | etc-update --automode -9'
|
RUN bash -c 'yes YES | etc-update --automode -9'
|
||||||
##ifneq ($(EXTERNAL_KERNEL),YES)
|
ifneq ($(EXTERNAL_KERNEL),YES)
|
||||||
## if ! grep -q "$(shell /usr/bin/gcc --version | grep gcc)" "$(shell cat $(KERNEL_PATH))/.config"; then \
|
if ! grep -q "$(shell /usr/bin/gcc --version | grep gcc)" "$(shell cat $(KERNEL_PATH))/.config"; then \
|
||||||
## RUN $(EMERGE) $(USEPKG) --onlydeps --oneshot --noreplace sys-kernel/$(KERNEL_PKG); \
|
RUN $(EMERGE) $(USEPKG) --onlydeps --oneshot --noreplace sys-kernel/$(KERNEL_PKG); \
|
||||||
## RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) clean oldconfig modules_prepare; \
|
RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) clean oldconfig $(KERNEL_MODULES_PREPARE); \
|
||||||
## fi
|
fi
|
||||||
##endif
|
endif
|
||||||
touch $(HARDENED)
|
touch $(HARDENED)
|
||||||
|
|
||||||
$(timesyncd_conf): default/timesyncd.conf
|
$(timesyncd_conf): default/timesyncd.conf
|
||||||
|
|
@ -44,6 +44,7 @@ $(PAM_SSH_AGENT_AUTH):
|
||||||
sed -i 's/# %wheel ALL=(ALL:ALL) NOPASSWD: ALL/%wheel ALL=(ALL:ALL) NOPASSWD: ALL/' $(CHROOT)/etc/sudoers
|
sed -i 's/# %wheel ALL=(ALL:ALL) NOPASSWD: ALL/%wheel ALL=(ALL:ALL) NOPASSWD: ALL/' $(CHROOT)/etc/sudoers
|
||||||
sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth substack system-auth#' $(CHROOT)/etc/pam.d/sudo
|
sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth substack system-auth#' $(CHROOT)/etc/pam.d/sudo
|
||||||
sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth substack system-auth#' $(CHROOT)/etc/pam.d/sudo-i
|
sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth substack system-auth#' $(CHROOT)/etc/pam.d/sudo-i
|
||||||
|
mkdir -p $(CHROOT)/etc/sudoers.d
|
||||||
echo "Defaults env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock
|
echo "Defaults env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock
|
||||||
touch $(PAM_SSH_AGENT_AUTH)
|
touch $(PAM_SSH_AGENT_AUTH)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
app-admin/logrotate
|
app-admin/logrotate
|
||||||
app-admin/sudo
|
app-admin/sudo
|
||||||
|
app-arch/p7zip
|
||||||
app-emulation/open-vm-tools
|
app-emulation/open-vm-tools
|
||||||
app-emulation/qemu-guest-agent
|
app-emulation/qemu-guest-agent
|
||||||
app-misc/mc
|
app-misc/mc
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue