nuageinit: validate set-name to prevent shell injection in variable names

Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation th

nuageinit: validate set-name to prevent shell injection in variable names

Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation that set-name
only matches [a-zA-Z0-9]+; invalid values are rejected with a
warning and the rename is skipped entirely.

show more ...

nuageinit: fix shell injection in power_state_change delay and add test

nuageinit: fix shell command injection in multiple rc.conf.d writes

nuageinit: use single-quote shell escaping for hostname in rc.conf.d

The hostname value was written inside double quotes in
/etc/rc.conf.d/hostname. POSIX shell performs command substitution
inside

nuageinit: use single-quote shell escaping for hostname in rc.conf.d

The hostname value was written inside double quotes in
/etc/rc.conf.d/hostname. POSIX shell performs command substitution
inside double quotes, so a hostname containing $() or backticks would
be executed when the file is sourced (e.g., by rc(8)).

Switch to using the existing shell_escape() helper, which wraps values
in single quotes. In POSIX shell, single-quoted strings are completely
literal — no expansion or substitution of any kind is performed.

While the hostname is already validated to contain only
[a-zA-Z0-9.-], this change provides defense-in-depth so the output
format is safe regardless of future validation changes.

Reported by: Yazdan Soltani <yazdan.soltani@gmail.com>

show more ...

nuageinit: Create parent directories in write_files

Currently, 'write_files' does not create parent directories, and
'runcmd' cannot be used here, since those scripts run after the files
have been w

nuageinit: Create parent directories in write_files

Currently, 'write_files' does not create parent directories, and
'runcmd' cannot be used here, since those scripts run after the files
have been written. The only workaround is to create the files in an
existing directory, such as '/root' or '/tmp', and then move those
files using 'runcmd', but this is cumbersome when there are many files,
even if they are small.

With this change, nuageinit now creates the parent directories for each
file using the path field, which mimics the same behavior as in
cloud-init.

Permissions and ownership can also be configured using 'runcmd'.

Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D57395

show more ...

nuageinit: install certs in /usr/share/certs/trusted

Suggested by: kevans

nuageinit: update documentation for phone_home and final_message

nuageinit: expose decode_base64 to fix tests

nuageinit: implement phone_home support

Posts instance data (hostname, instance_id, public keys) to a URL
using fetch(1). Supports:
- url: target URL
- post: list of data items to send, or 'all'
- t

nuageinit: implement phone_home support

Posts instance data (hostname, instance_id, public keys) to a URL
using fetch(1). Supports:
- url: target URL
- post: list of data items to send, or 'all'
- tries: number of retry attempts (default 1)

show more ...

nuageinit: implement final_message support

nuage.lua: add encode_base64 helper

nuageinit: implement power_state_change and locale support

nuageinit: implement MIME multipart user-data support

Add support for MIME multipart/mixed user-data, allowing a single
user-data blob to contain multiple parts with different content types.

nuageinit: implement ca_certs support

Add support for the 'ca_certs' cloud-config key which manages
CA certificates by writing them to /etc/ssl/certs/ and running
certctl rehash.

nuageinit: implement ntp support

Add support for the 'ntp' cloud-config key which configures NTP
by writing /etc/ntp.conf with server and pool entries.

nuageinit: implement ssh_authkey_fingerprints support

Add support for the 'ssh_authkey_fingerprints' cloud-config key
which logs SSH host key fingerprints to the console via ssh-keygen.

nuageinit: implement keyboard support

nuageinit: implement resolv_conf support

Add support for the 'resolv_conf' cloud-config key which writes
directly to /etc/resolv.conf.

nuageinit: implement mounts support

Add support for the 'mounts' cloud-config key which configures
mount points by appending entries to /etc/fstab and creating
the corresponding directories.

nuageinit: add tests for bootcmd, ssh_deletekeys, disable_root, manage_etc_hosts

nuageinit: implement manage_etc_hosts support

Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc

nuageinit: implement manage_etc_hosts support

Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc_hosts: true).

create a revolve_hostname helper to avoid code duplucation.

show more ...

nuageinit: implement bootcmd support

Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the net

nuageinit: implement bootcmd support

Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.

- nuageinit: bootcmd() function follows the same pattern as runcmd(),
writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
It is the first entry in the pre_network_calls table.

- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
after /usr/libexec/nuageinit completes, before unmounting the config
drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.

show more ...

nuageinit: complete SSH support with ssh_deletekeys and disable_root

Add missing SSH cloud-config options from cloud-init spec:

- ssh_deletekeys: remove existing SSH host keys on first boot so
ne

nuageinit: complete SSH support with ssh_deletekeys and disable_root

Add missing SSH cloud-config options from cloud-init spec:

- ssh_deletekeys: remove existing SSH host keys on first boot so
new ones are generated automatically by sshd(8).
Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
with a directory existence guard via lfs.attributes().

- disable_root: set PermitRootLogin to 'no' (or a custom value via
disable_root_opts) in /etc/ssh/sshd_config.

- disable_root_opts: optional string or array to override the
PermitRootLogin value used when disable_root is true. Only the
first array element is used.

show more ...

nuageinit: refactor goto abuse in chpasswd()

Replace goto next/list pattern with proper elseif/else control
structure. The goto-based flow was fragile and hard to follow;
the elseif chain makes the

nuageinit: refactor goto abuse in chpasswd()

Replace goto next/list pattern with proper elseif/else control
structure. The goto-based flow was fragile and hard to follow;
the elseif chain makes the validation logic explicit and linear.

show more ...

nuageinit: fix update_sshd_config crash when file does not exist

Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.

nuageinit: fix update_sshd_config crash when file does not exist

Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.

Also replace the fragile simultaneous r+ + temp file approach with
a cleaner read-then-write pattern: read all lines into memory, modify
as needed, then write to a temp file and rename. All assert() calls
replaced with proper error handling via warnmsg().

Add test case for missing file creation.

show more ...