From 8db3827dd81f44d65961d212ece9ab3ad006a5b7 Mon Sep 17 00:00:00 2001
From: Dennis ten Hoove <dennistenhoove@protonmail.com>
Date: Thu, 26 Oct 2023 18:10:48 +0000
Subject: [PATCH] Implement libnss-extrausers

---
 arkdep-build                                  | 27 ++++++++++++++++++-
 .../arkanelinux/overlay/etc/nsswitch.conf     | 19 +++++++++++++
 arkdep-build.d/arkanelinux/package.list       |  1 +
 3 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 arkdep-build.d/arkanelinux/overlay/etc/nsswitch.conf

diff --git a/arkdep-build b/arkdep-build
index b6c4105..5bd6a43 100755
--- a/arkdep-build
+++ b/arkdep-build
@@ -150,7 +150,7 @@ if [[ $type == 'archlinux' ]]; then
 		btrfs subvolume delete $workdir/var/lib/machines
 
 	# Make /usr/local symlink in var
-	printf "\e[1;34m-->\e[0m\e[1m Creating moving dirs to var and creating symlinks\e[0m\n"
+	printf "\e[1;34m-->\e[0m\e[1m Moving dirs to var and creating symlinks\e[0m\n"
 	mv $workdir/usr/local $workdir/var/usrlocal || cleanup_and_quit 'Failed to move usr/local to var/usrlocal'
 	ln -sv var/usrlocal $workdir/usr/local || cleanup_and_quit 'Failed to create usrlocal symlink'
 
@@ -174,6 +174,31 @@ if [[ $type == 'archlinux' ]]; then
 	mv $workdir/mnt $workdir/var/mnt || cleanup_and_quit 'Failed to move mnt to var/mnt'
 	ln -sv var/mnt $workdir/mnt || cleanup_and_quit 'Failed to create mnt symlink'
 
+	printf "\e[1;34m-->\e[0m\e[1m Moving passwd, shadow and group files to lib\e[0m\n"
+
+	# Create second passwd, group and shadow file in usr/lib and configure
+	for file in passwd group shadow; do
+		grep -v "^root:" $workdir/etc/$file > $workdir/usr/lib/$file
+	done
+
+	# Remove all users except for root, is typically overwritten by user overlay but
+	# may be used during os installation as a template
+	for file in passwd group shadow; do
+		grep "^root:" $workdir/etc/$file > $workdir/etc/$file-tmp
+		mv $workdir/etc/$file-tmp $workdir/etc/$file
+	done
+
+	# Ensure passwd/group/shadow permissions are set properly
+	chmod 600 $workdir/etc/shadow
+	chmod 644 $workdir/etc/{passwd,group}
+
+	#
+	# nss-switch.conf is added using the overlay
+	#
+
+	# Remove passwd/group/shadow backup files
+	rm $workdir/etc/{passwd-,shadow-,group-}
+
 	# Make subvolume read-only
 	printf "\e[1;34m-->\e[0m\e[1m Adding read-only property to subvolumes\e[0m\n"
 	btrfs property set -ts $workdir ro true || cleanup_and_quit 'Failed to set root to read-only'
diff --git a/arkdep-build.d/arkanelinux/overlay/etc/nsswitch.conf b/arkdep-build.d/arkanelinux/overlay/etc/nsswitch.conf
new file mode 100644
index 0000000..20fd7d0
--- /dev/null
+++ b/arkdep-build.d/arkanelinux/overlay/etc/nsswitch.conf
@@ -0,0 +1,19 @@
+# Name Service Switch configuration file.
+# See nsswitch.conf(5) for details.
+
+passwd: files systemd extrausers
+group: files [SUCCESS=merge] systemd extrausers
+shadow: files systemd extrausers
+gshadow: files systemd
+
+publickey: files
+
+hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
+networks: files
+
+protocols: files
+services: files
+ethers: files
+rpc: files
+
+netgroup: files
diff --git a/arkdep-build.d/arkanelinux/package.list b/arkdep-build.d/arkanelinux/package.list
index 2a42770..c417916 100644
--- a/arkdep-build.d/arkanelinux/package.list
+++ b/arkdep-build.d/arkanelinux/package.list
@@ -48,6 +48,7 @@ gst-plugin-pipewire
 gst-plugins-base
 gst-plugins-good
 ibus-typing-booster
+libnss-extrausers
 libva-mesa-driver
 loupe
 man-db