mklive: force-add vmklive dracut module and generate a polkit rules file to bypass auth.

dracut/adduser.sh

@@ -26,3 +26,19 @@ rm -f "${NEWROOT}/etc/systemd/system/getty.target.wants/getty@tty1.service"
 sed -e "s|/sbin/agetty --noclear|& -a ${USERNAME}|g" \
     "${NEWROOT}/usr/lib/systemd/system/getty@.service" > \
     "${NEWROOT}/etc/systemd/system/getty.target.wants/getty@tty1.service"
+
+if [ -d ${NEWROOT}/etc/polkit-1 ]; then
+    # If polkit is installed allow users in the wheel group to run anything.
+    cat > ${NEWROOT}/etc/polkit-1/rules.d/void-live.rules <<_EOF
+polkit.addAdminRule(function(action, subject) {
+    return ["unix-group:wheel"];
+});
+
+polkit.addRule(function(action, subject) {
+    if (subject.isInGroup("wheel")) {
+        return polkit.Result.YES;
+    }
+});
+_EOF
+    chown polkitd:polkitd ${NEWROOT}/etc/polkit-1/rules.d/10-void-live.rules
+fi

mklive.sh.in

@@ -145,9 +145,8 @@ generate_initramfs() {
     $XBPS_INSTALL_CMD -r $ROOTFS/kernel_temp -y \
         base-system void-mklive >>$LOGFILE 2>&1
 
-    chroot $ROOTFS/kernel_temp /usr/bin/dracut --${COMPRESSTYPE} \
+    systemd-nspawn -D $ROOTFS/kernel_temp /usr/bin/dracut --${COMPRESSTYPE} \
-        --add "vmklive" --omit "btrfs caps dash resume" \
+        --force-add "vmklive" "/boot/initrd.lz" $KERNELVERSION >>$LOGFILE 2>&1
-        --force "/boot/initrd.lz" $KERNELVERSION >>$LOGFILE 2>&1
 
     mv $ROOTFS/kernel_temp/boot/initrd.lz $BOOT_DIR
 }