From 2b80fa93d0d8bfe3ec190b1d6dbc3f9e92cf5044 Mon Sep 17 00:00:00 2001
From: Chris Co <chrco@microsoft.com>
Date: Tue, 29 Sep 2020 18:07:51 +0000
Subject: [PATCH 1/4] installutils: Remove password expiry for root user

---
 .../tools/imagegen/installutils/installutils.go  | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go
index eac6af18b67..5e52ea7bccf 100644
--- a/toolkit/tools/imagegen/installutils/installutils.go
+++ b/toolkit/tools/imagegen/installutils/installutils.go
@@ -787,13 +787,18 @@ func addGroups(installChroot *safechroot.Chroot, groups []configuration.Group) (
 }
 
 func addUsers(installChroot *safechroot.Chroot, users []configuration.User) (err error) {
+	const (
+		squashErrors = false
+	)
+	var isRoot bool
+
 	for _, user := range users {
 		logger.Log.Infof("Adding user (%s)", user.Name)
 		ReportActionf("Adding user: %s", user.Name)
 
 		var homeDir string
 
-		homeDir, err = createUserWithPassword(installChroot, user)
+		homeDir, isRoot, err = createUserWithPassword(installChroot, user)
 		if err != nil {
 			return
 		}
@@ -814,10 +819,16 @@ func addUsers(installChroot *safechroot.Chroot, users []configuration.User) (err
 		}
 	}
 
+	// If no root entry was specified in the config file, never expire the root password
+	if !isRoot {
+		err = installChroot.UnsafeRun(func() error {
+			return shell.ExecuteLive(squashErrors, "chage", "-M", "-1", "root")
+		})
+	}
 	return
 }
 
-func createUserWithPassword(installChroot *safechroot.Chroot, user configuration.User) (homeDir string, err error) {
+func createUserWithPassword(installChroot *safechroot.Chroot, user configuration.User) (homeDir string, isRoot bool, err error) {
 	const (
 		squashErrors        = false
 		rootHomeDir         = "/root"
@@ -869,6 +880,7 @@ func createUserWithPassword(installChroot *safechroot.Chroot, user configuration
 
 		// Update shadow file
 		err = updateUserPassword(installChroot.RootDir(), user.Name, hashedPassword)
+		isRoot = true
 	} else {
 		homeDir = filepath.Join(userHomeDirPrefix, user.Name)
 

From 94c5eeb5dcd1e6e91c4c56a4208471e06fbbf842 Mon Sep 17 00:00:00 2001
From: Chris Co <chrco@microsoft.com>
Date: Tue, 29 Sep 2020 18:45:46 +0000
Subject: [PATCH 2/4] Handle multiple users correctly

---
 toolkit/tools/imagegen/installutils/installutils.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go
index 5e52ea7bccf..9728b77ea45 100644
--- a/toolkit/tools/imagegen/installutils/installutils.go
+++ b/toolkit/tools/imagegen/installutils/installutils.go
@@ -791,6 +791,7 @@ func addUsers(installChroot *safechroot.Chroot, users []configuration.User) (err
 		squashErrors = false
 	)
 	var isRoot bool
+	var rootUserAdded bool
 
 	for _, user := range users {
 		logger.Log.Infof("Adding user (%s)", user.Name)
@@ -802,6 +803,9 @@ func addUsers(installChroot *safechroot.Chroot, users []configuration.User) (err
 		if err != nil {
 			return
 		}
+		if isRoot {
+			rootUserAdded = true
+		}
 
 		err = configureUserGroupMembership(installChroot, user)
 		if err != nil {
@@ -820,7 +824,7 @@ func addUsers(installChroot *safechroot.Chroot, users []configuration.User) (err
 	}
 
 	// If no root entry was specified in the config file, never expire the root password
-	if !isRoot {
+	if !rootUserAdded {
 		err = installChroot.UnsafeRun(func() error {
 			return shell.ExecuteLive(squashErrors, "chage", "-M", "-1", "root")
 		})

From da6c19d5e1a221d373dad0192c02eacd5527ed5c Mon Sep 17 00:00:00 2001
From: Chris Co <chrco@microsoft.com>
Date: Tue, 29 Sep 2020 19:02:05 +0000
Subject: [PATCH 3/4] Clean up style

---
 toolkit/tools/imagegen/installutils/installutils.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go
index 9728b77ea45..27cbc4088c8 100644
--- a/toolkit/tools/imagegen/installutils/installutils.go
+++ b/toolkit/tools/imagegen/installutils/installutils.go
@@ -790,14 +790,17 @@ func addUsers(installChroot *safechroot.Chroot, users []configuration.User) (err
 	const (
 		squashErrors = false
 	)
-	var isRoot bool
-	var rootUserAdded bool
+
+	rootUserAdded := false
 
 	for _, user := range users {
 		logger.Log.Infof("Adding user (%s)", user.Name)
 		ReportActionf("Adding user: %s", user.Name)
 
-		var homeDir string
+		var (
+			homeDir string
+			isRoot  bool
+		)
 
 		homeDir, isRoot, err = createUserWithPassword(installChroot, user)
 		if err != nil {

From 817825e86f4ef93fed0af79b31905c62f2216618 Mon Sep 17 00:00:00 2001
From: Chris Co <chrco@microsoft.com>
Date: Mon, 5 Oct 2020 17:49:16 +0000
Subject: [PATCH 4/4] Add debug log

---
 toolkit/tools/imagegen/installutils/installutils.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go
index 27cbc4088c8..db26344346e 100644
--- a/toolkit/tools/imagegen/installutils/installutils.go
+++ b/toolkit/tools/imagegen/installutils/installutils.go
@@ -828,6 +828,7 @@ func addUsers(installChroot *safechroot.Chroot, users []configuration.User) (err
 
 	// If no root entry was specified in the config file, never expire the root password
 	if !rootUserAdded {
+		logger.Log.Debugf("No root user entry found in config file. Setting root password to never expire.")
 		err = installChroot.UnsafeRun(func() error {
 			return shell.ExecuteLive(squashErrors, "chage", "-M", "-1", "root")
 		})