Merge branch 'feature/add_passwd_hash' into 'main'

Add passwd_hash See merge request alpine/cloud/tiny-cloud!136
update changelog for v3.2.3
2025-12-14 19:02:45 +03:00 · 2025-12-07 16:02:26 +00:00 · 2025-12-07 07:58:47 -08:00 · 2025-12-04 19:47:54 +00:00 · 2025-11-30 19:56:46 +00:00 · 2025-11-30 18:46:42 +00:00
8 changed files with 102 additions and 11 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -8,11 +8,12 @@ test-default:
    - docker-alpine
    - x86_64

-test-dash:
-  extends: test-default
-  before_script:
-    - apk add dash
-    - ln -sf /usr/bin/dash /bin/sh
+# disabled - 0.13.1 has globbing bug
+#test-dash:
+#  extends: test-default
+#  before_script:
+#    - apk add dash
+#    - ln -sf /usr/bin/dash /bin/sh

 test-oksh:
  extends: test-default
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,9 @@
 # CHANGELOG

+## 2025:12-07 - Tiny Cloud v3.2.3
+
+* Correctly identify empty `user-data` content instead of flagging it as "unknown".
+
 ## 2025-06-11 - Tiny Cloud v3.2.2

 * Fix `Makefile` to dynamically generate the list of clouds, allowing the new
--- a/TODO.md
+++ b/TODO.md
@ -18,6 +18,10 @@

 * Support additional features of `#cloud-config` as needed

+* Support for multipart `user-data` payload?
+
+* Support for `#network-config`?
+
 * Support LVM partitioning and non-`ext[234]` filesystems?

 * Support other cloud providers...
--- a/lib/tiny-cloud/init
+++ b/lib/tiny-cloud/init
@ -178,9 +178,11 @@ init__create_default_user() {
 		echo '%wheel ALL=(ALL) NOPASSWD: ALL' > "$ETC/sudoers.d/wheel"
 	fi
 	if [ -d "$ETC/doas.d" ]; then
-		echo 'permit nopass :wheel' > "$TARGET/etc/doas.d/wheel.conf"
+		echo 'permit nopass :wheel' > "$ETC/doas.d/wheel.conf"
+		#echo 'permit nopass :wheel' > "$TARGET/etc/doas.d/wheel.conf"
 	elif [ -f "$ETC/doas.conf" ]; then
-		add_once "$TARGET/etc/doas.conf" "permit nopass :wheel"
+		add_once "$ETC/doas.conf" "permit nopass :wheel"
+		#add_once "$TARGET/etc/doas.conf" "permit nopass :wheel"
 	fi
 }

@ -294,6 +296,9 @@ userdata_type() {
 	if [ ! -f "$TINY_CLOUD_VAR/user-data" ]; then
 		echo missing
 		return
+	elif [ ! -s "$TINY_CLOUD_VAR/user-data" ]; then
+		echo empty
+		return
 	fi
 	header=$(head -n1 "$TINY_CLOUD_VAR/user-data" | sed -e 's/[[:space:]].*//g')
 	case "$header" in
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@ -244,7 +244,7 @@ in_list() {
 init__userdata_users() {
 	local i users="$(get_userdata users)"
 	for i in $users; do
-		local name="" gecos="" homedir="" shell="" primary_group="" groups=""
+		local name="" gecos="" homedir="" shell="" primary_group="" groups="" passwd="" hashed_passwd=""
 		local system=false no_create_home=false lock_passwd=true
 		local keys="$(get_userdata users/$i)"
 		if [ "$i" = 1 ] && [ "$keys" = "default" ]; then
@ -273,6 +273,10 @@ init__userdata_users() {
 		if in_list no_create_home $keys; then
 			no_create_home="$(get_userdata users/$i/no_create_home)"
 		fi
+		if in_list passwd $keys; then
+			passwd="$(get_userdata users/$i/passwd)"
+			echo "${user}:${passwd}" | $MOCK chpasswd -e
+		fi

 		if getent passwd "$user" >/dev/null; then
 			log -i -t "$phase" info "$ACTION: user $user already exists"
@ -286,12 +290,17 @@ init__userdata_users() {
 			$MOCK adduser -D ${gecos:+-g "$gecos"} ${homedir:+-h "$homedir"} ${shell:+-s "$shell"} ${primary_group:+-G "$primary_group"} ${system:+-S} ${no_create_home:+-H} "$name"
 		fi

+		if in_list hashed_passwd $keys; then
+			hashed_passwd="$(get_userdata users/$i/hashed_passwd)"
+			echo "${name}:${hashed_passwd}" | $MOCK chpasswd -e
+		fi
+
 		if in_list lock_passwd $keys; then
 			lock_passwd="$(get_userdata users/$i/lock_passwd)"
 		fi

-		if [ "$lock_passwd" != "false" ]; then
-			echo "$name:*" | $MOCK chpasswd -e
+		if [ "$lock_passwd" != "false" ] && [ -z "$hashed_passwd" ]; then
+			echo "${name}:*" | $MOCK chpasswd -e
 		fi

 		if in_list ssh_authorized_keys $keys; then
--- a/lib/tiny-cloud/user-data/empty
+++ b/lib/tiny-cloud/user-data/empty
@ -0,0 +1,9 @@
+# Empty UserData Functions
+# vim:set filetype=sh:
+# shellcheck shell=sh
+
+init__empty_userdata() {
+	log -i -t "$phase" notice "$ACTION: empty user-data found"
+}
+
+INIT_ACTIONS_MAIN="empty_userdata ${INIT_ACTIONS_MAIN}"
--- a/tests/init.test
+++ b/tests/init.test
@ -197,6 +197,11 @@ userdata_type_body() {
 			-o match:"missing" \
 			sh -c ". \"$lib\"; userdata_type"

+		touch var/lib/cloud/user-data
+		CLOUD="$c" atf_check \
+			-o match:"empty" \
+			sh -c ". \"$lib\"; userdata_type"
+
 		echo "#tiny-cloud-config" > var/lib/cloud/user-data
 		CLOUD="$c" atf_check \
 			-o match:"tiny-cloud-config" \
--- a/tests/tiny-cloud-alpine.test
+++ b/tests/tiny-cloud-alpine.test
@ -30,8 +30,11 @@ init_tests \
 	userdata_users_system \
 	userdata_users_no_create_home \
 	userdata_users_groups \
+	userdata_users_passwd \
+	userdata_users_hashed_passwd \
 	userdata_users_lock_passwd \
 	userdata_users_doas \
+	userdata_users_doas_with_default \
 	userdata_users_ssh_authorized_keys \
 	userdata_ssh_authorized_keys \
 	userdata_groups \
@ -384,6 +387,38 @@ userdata_users_groups_body() {
 		tiny-cloud main
 }

+userdata_users_passwd_body() {
+	# first specified user will replace default user
+	fake_userdata_nocloud <<-EOF
+		#alpine-config
+		users:
+		  - none
+		  - name: foo
+		    passwd: $6$foosalt$QuhZ.r54aqCAn7mTnU4jBh9LPyuVQCa8.H0dZWCMYHVaNzsPX/heqKqI3EtnB6j.YLuaENmnlEHTiwu.iVVcG1
+	EOF
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-e match:"userdata_users: done" \
+		-o match:"chpasswd -e" \
+		tiny-cloud main
+}
+
+userdata_users_hashed_passwd_body() {
+	# first specified user will replace default user
+	fake_userdata_nocloud <<-EOF
+		#alpine-config
+		users:
+		  - none
+		  - name: foo
+		    hashed_passwd: $6$foosalt$QuhZ.r54aqCAn7mTnU4jBh9LPyuVQCa8.H0dZWCMYHVaNzsPX/heqKqI3EtnB6j.YLuaENmnlEHTiwu.iVVcG1
+	EOF
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-e match:"userdata_users: done" \
+		-o match:"chpasswd -e" \
+		tiny-cloud main
+}
+
 userdata_users_lock_passwd_body() {
 	# first specified user will replace default user
 	fake_userdata_nocloud <<-EOF
@ -420,6 +455,26 @@ userdata_users_doas_body() {
 		|| atf_fail "etc/doas.d/foo.conf is not as expected"
 }

+userdata_users_doas_with_default_body() {
+	# first specified user keeps the default user
+	fake_userdata_nocloud <<-EOF
+		#cloud-config
+		users:
+		  - default
+		  - name: foo
+		    doas: ["permit nopass foo"]
+	EOF
+	mkdir -p etc/doas.d
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-e match:"userdata_users: done" \
+		-o ignore \
+		tiny-cloud main
+	find .
+	grep "permit nopass foo" etc/doas.d/foo.conf \
+		|| atf_fail "etc/doas.d/foo.conf is not as expected"
+}
+
 userdata_users_ssh_authorized_keys_body() {
 	fake_bin getent <<-EOF
 		#!/bin/sh
@ -923,4 +978,3 @@ userdata_autoinstall_lvm_body() {
 		-o match:"reboot" \
 		tiny-cloud final
 }
-
Author	SHA1	Message	Date
Aleksandr Berkuta	26c5b21362	Merge branch 'feature/add_passwd_hash' into 'main' Add passwd_hash See merge request alpine/cloud/tiny-cloud!136	2025-12-07 16:02:26 +00:00
Jake Buchholz Göktürk	c2810d16ea	update changelog for v3.2.3	2025-12-07 07:58:47 -08:00
Jake Buchholz Göktürk	f91de06fee	Extra test for cloud-config doas when adding extra users to default.	2025-12-04 19:47:54 +00:00
Jake Buchholz Göktürk	3e44e41603	properly detect empty userdata	2025-11-30 19:56:46 +00:00
Aleksandr Berkuta	2ee4edc6e5	Add tests for passwd and hashed_passwd user-data parameters	2025-11-30 18:46:42 +00:00
Aleksandr Berkuta	36eef1bb14	Add passwd parameter to user-data	2025-11-30 18:46:42 +00:00
Aleksandr Berkuta	e243abc2ab	Undo auto-formatted space deletions	2025-11-30 18:46:42 +00:00
Aleksandr Berkuta	f84f2c090c	fix: separate lock_passwd and hashed_passwd	2025-11-30 18:46:42 +00:00
Aleksandr Berkuta	5aece92a41	Add passwd_hash Without password hash '$user:*' to `chpasswd -e` will result to inability for user to login, or change password. So I've add parameter passwd_hash for the user. Password hash could be generated via command `openssl passwd -5 your_password`.	2025-11-30 18:46:42 +00:00