T7278: Fix python3-cracklib database creation on update

[oniko94]

Change summary

Explicitly omit directory in /var/cache created by cracklib in the exclusion list for mksquashfs and add a script that creates this directory and required files in the chroot environment during build.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

https://vyos.dev/T7278

Related PR(s)

Blocks: vyos/vyos-1x#4413

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[jestabro]

Updating from an older image, namely one preceding the original addition of password strength check, this fix does not work to avoid the problem of T7278 --- I have no idea why yet, but we will hold off on merging until sorted out ...

Original image version: 1.5-rolling-202502242009
Update to current with this PR

I would suggest grabbing on older rolling release, say
https://github.com/vyos/vyos-nightly-build/releases/download/1.5-rolling-202502220006/vyos-1.5-rolling-202502220006-generic-amd64.iso
and checking to rule out (my) user error, and investigate root cause.

[oniko94]

@jestabro After a deeper investitgation and some tinkering while following your advice to test image update against an older release I have pinpointed the issue - the issue was, basically, in the build sequence - the script I've added executed as expected, BUT for no gain, because we generate the image squashfs after running all of the hooks - and it reads directly from the data/live-build-config/rootfs/excludes file, where we explicitly had a wildcard for any directory in /var/cache. Now, I have googled around and found these solutions:

• https://github.com/Othernet-Project/squashfs-tools/blob/master/README#L136
• https://unix.stackexchange.com/questions/459284/mksquashfs-how-to-include-full-absolute-directory-paths-inside-the-squashfs-ima

and decided to change the excludes file accordingly. The effect of my change to that file is basically telling mksquashfs to exclude all files and directories in /var/cache except cracklib and its contents. Building a new image and testing an update against an older rolling release now worked as expected, and there were no redundant files copied to /var/cache except the cracklib directory and all of the required files. I have also tested creating a user in configuration mode, which worked as expected as well.

[dmbaturin]

I have nothing against the PR, just a few minor suggestions.

[oniko94]

@dmbaturin thanks for the review! I've updated the PR according to the suggestions

[dmbaturin]

@dmbaturin thanks for the review! I've updated the PR according to the suggestions

There was also a suggestion to fix the grammar of the log message and move it inside the conditional. Since it will only be shown if the cracklib database doesn't already exist, it can be just "Creating cracklib database in ...", without the "if it does not exist" part.

[oniko94]

@dmbaturin thanks for the review! I've updated the PR according to the suggestions

There was also a suggestion to fix the grammar of the log message and move it inside the conditional. Since it will only be shown if the cracklib database doesn't already exist, it can be just "Creating cracklib database in ...", without the "if it does not exist" part.

My bad, missed it somehow; fixed right now