[Merge] ~xnox/livecd-rootfs:preinstalled into livecd-rootfs:ubuntu/master

[Robert C Jennings]

Review: Needs Fixing

NACK on the hard-coded user with password as designed, the CI no-cloud metadata with this is added as a side-effect and it's going to cause a security issue.

Diff comments:

> diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
> index a619299..c73d0fe 100755
> --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
> +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
> @@ -119,14 +144,38 @@ install_grub() {
>          arm64)
>              chroot mountpoint apt-get -qqy install --no-install-recommends shim-signed grub-efi-arm64-signed
>              efi_target=arm64-efi
> +            if [ "${SUBARCH:-}" = "generic" ]; then
> +                # Server preinstalled image
> +                # Setup cidata sample data & nocloud fallback
> +                # Allows login on first boot with or without metadata
> +                cidata_dev="/dev/mapper${loop_device///dev/}p14"
> +                setup_cidata "${cidata_dev}"
> +                setup_cinocloud mountpoint

I don't like that setting SUBARCH=generic has the side-effect of adding an ubuntu users with a hard-coded password of 'ubuntu'.  That's a recipe for disaster.  There needs to be an safe & explicit way this gets enabled.

> +            fi
>              ;;
>          armhf)
>              chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm grub-efi-arm-bin
>              efi_target=arm-efi
> +            if [ "${SUBARCH:-}" = "generic" ]; then
> +                # Server preinstalled image
> +                # Setup cidata sample data & nocloud fallback
> +                # Allows login on first boot with or without metadata
> +                cidata_dev="/dev/mapper${loop_device///dev/}p14"
> +                setup_cidata "${cidata_dev}"
> +                setup_cinocloud mountpoint
> +            fi
>              ;;
>          amd64)
>              chroot mountpoint apt-get install -qqy grub-pc shim-signed
>              efi_target=x86_64-efi
> +            if [ "${SUBARCH:-}" = "generic" ]; then
> +                # Server preinstalled image
> +                # Setup cidata sample data & nocloud fallback
> +                # Allows login on first boot with or without metadata
> +                cidata_dev="/dev/mapper${loop_device///dev/}p13"
> +                setup_cidata "${cidata_dev}"
> +                setup_cinocloud mountpoint
> +            fi
>              ;;
>          riscv64)
>              # TODO grub-efi-riscv64 does not exist yet on riscv64


-- 
https://code.launchpad.net/~xnox/livecd-rootfs/+git/livecd-rootfs/+merge/401222
Your team Ubuntu Core Development Team is requested to review the proposed merge of ~xnox/livecd-rootfs:preinstalled into livecd-rootfs:ubuntu/master.