Don't change "os-version" to "OS version". It's intended to be the
same as the virt-builder man page, which consistently calls this the
"os-version" string.
This partially reverts commit ee0e56f43e.
This allows you to select both locked accounts and disabled
passwords. The two are subtly different concepts.
A locked account [cf. passwd -l] puts "!!" at the beginning of the
shadow password field. Locking is reversible, because the "!!" can
be removed, restoring the original password. Therefore "locked"
acts as a flag in front of an existing selector.
A disabled account has "*" in the password field. Therefore it has no
password.
Note that an account may be both locked and disabled, although this is
probably not useful. The shadow password field will contain "!!*".
It now appears in the respective man pages as:
--root-password selector
or:
--password selector
This avoids confusion from people who think these command line options
take the password directly.
Char.code (input_char chan) mod nr_chars has modulo bias because
the original interval is not a multiple of the destination interval,
i.e. 256 mod nr_chars != 0.
One way to fix this is to keep generating random numbers until they fall outside
the interval where modulo bias occurs, that is accept only c=[256 % nr_chars, 256).
That interval maps back to [0, nr_chars), and has a length of
(256 - 256 % nr_chars), which is a multiple of nr_chars.
RWMJ:
- Modify the code so it goes into a utility library.
- Use the same code across virt-builder and virt-sysprep.
OCaml's buffered 'in_channel' has a 64k buffer, so using it to read a
few bytes from /dev/urandom removes a lot of the system's entropy (for
example /proc/sys/kernel/random/entropy_avail goes from ~3000 to 128).
This patch was originally by Edwin Török for builder.ml. I
generalized it because there are two other places where we did
over-sized reads from /dev/urandom.
RWMJ:
- Renamed the script from sl.sh -> scientificlinux.sh
- The output file is called scientificlinux-$version
- I fixed some whitespace issues so it's now similar to the CentOS script.
index-parser-c.c depends on index-parse.h being created first.
However without an explicit dependency, this is not done (and implicit
deps don't work because automake doesn't sufficiently understand OCaml
programs).
This fixes commit a4800e2d4f.
Instead of calling out to the pxzcat program, use an internal
implementation. This requires liblzma to be available at build time.
If it's not available, fall back to using regular xzcat.
It is intended that eventually this code will go away when regular
xzcat / unxz is able to use threads.
This is for backwards compatibility with virt-builder 1.24.0 which
could not parse a key that contains square brackets and numbers.
This updates commit 4b73e0be29.
Users can now specify multiple source paths, eg:
virt-builder --source http://example.com/foo \
--source http://example.com/bar
to get templates from multiple places.
There is still only one built-in path, but we can add more later.
We don't need to sign individual templates, provided the signed index
file contains the cryptographically secure checksums of the templates.
Since the index file cannot be interfered with and the checksums
cannot be spoofed, this is sufficient to ensure the integrity of the
templates.
Note the template signatures are now deprecated and will be removed in
libguestfs 1.26. To avoid any backwards compatibility issues, I will
backport the relevant changes to the stable-1.24 branch.
Thanks Dennis Gilmore for pointing out that we could do this.
