Make /etc/shadow writable

In order for users to be able to log in locally or via SSH without an
authorized key, they will need to have passwords set in `/etc/shadow`.
We do not really want to make all of `/etc` writable, so we will store
the actual `shadow` file on the persistent data volume, in a separate
Btrfs subvolume, and then bind-mount it at `/etc/shadow`.

While this makes `/etc/shadow` mutable, it does not actually let the
`passwd` program modify it.  This is because `passwd` creates lock files
and backup files in `/etc`.  We will ultimately need a wrapper to
"trick" `passwd` into modifying `/etc/shadow`, without making the whole
`/etc` directory mutable.

overlay/usr/libexec/init-storage

@@ -28,6 +28,8 @@ format_dev() {
     mount "${dev}" "${tmpdir}" || exit
     btrfs subvolume create "${tmpdir}"/var || exit
     chcon -t var_t "${tmpdir}"/var || exit
+    btrfs subvolume create "${tmpdir}"/etc || exit
+    chcon -t etc_t "${tmpdir}"/etc || exit
     umount "${dev}" || exit
 }
 
@@ -37,6 +39,18 @@ has_fs() {
     [ -n "${fstype}" ]
 }
 
+setup_etc() {
+    dev="$1"
+
+    echo 'Initializing writable paths in /etc'
+    mount -o subvol=etc "${dev}" "${tmpdir}" || exit
+    if [ ! -f "${tmpdir}"/shadow ]; then
+        cp -ca /etc/shadow "${tmpdir}"/shadow || exit
+    fi
+    mount -o bind "${tmpdir}"/shadow /etc/shadow || exit
+    umount "${tmpdir}"
+}
+
 datapart=$(findfs PARTLABEL=dch-data)
 if [ -b "${datapart}" ]; then
     printf 'Found data partition: %s\n' "${datapart}"
@@ -53,4 +67,5 @@ if ! has_fs "${datapart}"; then
     format_dev "${datapart}"
 fi
 
+setup_etc "${datapart}"
 copy_var "${datapart}"