fix deletion of root password againmain

Unless passwd is installed, shadow is not enabled. That is, shadow being
enabled is not a boolean. It can be enabled per user and systemd enables
it for its own users, so shadow exists, but may not contain the root
user. Thus the password deletion logic need a bit more fancyness for
covering systems that lack the passwd package.

2 files changed, 21 insertions, 4 deletions

diff --git a/bin/debvm-create b/bin/debvm-create
index 9ab2472..0d89ad4 100755
--- a/bin/debvm-create
+++ b/bin/debvm-create
@@ -356,10 +356,7 @@ set -- \
 	"$@"
 
 # allow password-less root login
-# In future, we should use passwd --prefix "$1" --delete root here, but the
-# --prefix option was added in trixie and the --root option uses chroot() and
-# attempts to load shared libraries from a potentially foreign chroot.
-set -- '--customize-hook=sed -i -e "s/^root:[*]:/root::/" "$1/etc/shadow"' "$@"
+set -- "--customize-hook=$SHARE_DIR/customize-delete-rootpw.sh" "$@"
 
 if test "$INITSYSTEM" = systemd && ! check_skip systemdnetwork; then
 	# dhcp on all network interfaces, and add a dns resolver
diff --git a/share/customize-delete-rootpw.sh b/share/customize-delete-rootpw.sh
new file mode 100755
index 0000000..6a8a346
--- /dev/null
+++ b/share/customize-delete-rootpw.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Copyright 2025 Helmut Grohne <helmut@subdivi.de>
+# SPDX-License-Identifier: MIT
+#
+# This is a mmdebstrap customize hook that deletes the password for the root
+# account effectively enabling login without being asked for a password.
+
+set -eu
+
+TARGET=$1
+
+# In future, we should use passwd --prefix "$1" --delete root here, but the
+# --prefix option was added in trixie and the --root option uses chroot() and
+# attempts to load shared libraries from a potentially foreign chroot.
+
+PWFILE=passwd
+if grep -q '^root:x:' "$TARGET/etc/passwd"; then
+	PWFILE=shadow
+fi
+sed -i -e "s/^root:[^:]*:/root::/" "$TARGET/etc/$PWFILE"