fix deletion of root password againmain

Unless passwd is installed, shadow is not enabled. That is, shadow being
enabled is not a boolean. It can be enabled per user and systemd enables
it for its own users, so shadow exists, but may not contain the root
user. Thus the password deletion logic need a bit more fancyness for
covering systems that lack the passwd package.

1 files changed, 20 insertions, 0 deletions

diff --git a/share/customize-delete-rootpw.sh b/share/customize-delete-rootpw.sh
new file mode 100755
index 0000000..6a8a346
--- /dev/null
+++ b/share/customize-delete-rootpw.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Copyright 2025 Helmut Grohne <helmut@subdivi.de>
+# SPDX-License-Identifier: MIT
+#
+# This is a mmdebstrap customize hook that deletes the password for the root
+# account effectively enabling login without being asked for a password.
+
+set -eu
+
+TARGET=$1
+
+# In future, we should use passwd --prefix "$1" --delete root here, but the
+# --prefix option was added in trixie and the --root option uses chroot() and
+# attempts to load shared libraries from a potentially foreign chroot.
+
+PWFILE=passwd
+if grep -q '^root:x:' "$TARGET/etc/passwd"; then
+	PWFILE=shadow
+fi
+sed -i -e "s/^root:[^:]*:/root::/" "$TARGET/etc/$PWFILE"