From 921401a0b19a3b753383bf0ac8684b870c31e620 Mon Sep 17 00:00:00 2001 From: Jakub Filo Date: Sat, 2 Nov 2019 18:49:13 +0000 Subject: [PATCH] Adding my FAI config space into git repo --- class/DEBIAN.var | 13 ++ debconf/DEBIAN | 8 + hooks/mountdisks.DEFAULT | 11 ++ hooks/savelog.LAST.sh | 216 ++++++++++++++++++++++++++ hooks/setup.DEFAULT.sh | 10 ++ package_config/DEBIAN | 34 ++++ package_config/DEBIAN.gpg | Bin 0 -> 2824 bytes package_config/LVM_LUKS_RAID | 5 + scripts/DEBIAN/10-rootpw | 8 + scripts/DEBIAN/20-capabilities | 22 +++ scripts/DEBIAN/30-interface | 118 ++++++++++++++ scripts/DEBIAN/40-misc | 39 +++++ scripts/GRUB_EFI_CRYPTO/10-setup | 74 +++++++++ scripts/SETUP_USER/10-setup-user | 20 +++ scripts/SETUP_USER/20-setup-sudo | 3 + scripts/SETUP_USER/30-authorized_keys | 4 + 16 files changed, 585 insertions(+) create mode 100644 class/DEBIAN.var create mode 100644 debconf/DEBIAN create mode 100755 hooks/mountdisks.DEFAULT create mode 100755 hooks/savelog.LAST.sh create mode 100755 hooks/setup.DEFAULT.sh create mode 100644 package_config/DEBIAN create mode 100644 package_config/DEBIAN.gpg create mode 100644 package_config/LVM_LUKS_RAID create mode 100755 scripts/DEBIAN/10-rootpw create mode 100755 scripts/DEBIAN/20-capabilities create mode 100755 scripts/DEBIAN/30-interface create mode 100755 scripts/DEBIAN/40-misc create mode 100755 scripts/GRUB_EFI_CRYPTO/10-setup create mode 100755 scripts/SETUP_USER/10-setup-user create mode 100755 scripts/SETUP_USER/20-setup-sudo create mode 100755 scripts/SETUP_USER/30-authorized_keys diff --git a/class/DEBIAN.var b/class/DEBIAN.var new file mode 100644 index 0000000..ee5d9c1 --- /dev/null +++ b/class/DEBIAN.var @@ -0,0 +1,13 @@ +release=buster +apt_cdn=http://deb.debian.org +security_cdn=http://security.debian.org + +CONSOLEFONT= +KEYMAP=us-latin1 + +# if you have enough RAM (>2GB) you may want to enable this line. It +# also puts /var/cache into a ramdisk. +#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache" + +# if you want to use the faiserver as APT proxy +#APTPROXY=http://faiserver:3142 diff --git a/debconf/DEBIAN b/debconf/DEBIAN new file mode 100644 index 0000000..4423e02 --- /dev/null +++ b/debconf/DEBIAN @@ -0,0 +1,8 @@ +locales locales/default_environment_locale select en_US.UTF-8 +locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8 +keyboard-configuration keyboard-configuration/modelcode string pc105 +keyboard-configuration keyboard-configuration/xkb-keymap select us +keyboard-configuration keyboard-configuration/variant select USA +keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC +keyboard-configuration keyboard-configuration/layoutcode string us +keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp diff --git a/hooks/mountdisks.DEFAULT b/hooks/mountdisks.DEFAULT new file mode 100755 index 0000000..4a22ec6 --- /dev/null +++ b/hooks/mountdisks.DEFAULT @@ -0,0 +1,11 @@ +#! /bin/bash + +# stop resync of soft raid +# why though? +# FAI SUCKS +if [ $do_init_tasks -eq 1 ]; then + if grep -q active /proc/mdstat 2>/dev/null; then + echo "frozen" | tee /sys/block/md*/md/sync_action >/dev/null + fi +fi +exit 0 diff --git a/hooks/savelog.LAST.sh b/hooks/savelog.LAST.sh new file mode 100755 index 0000000..0e7124a --- /dev/null +++ b/hooks/savelog.LAST.sh @@ -0,0 +1,216 @@ +#! /bin/bash + +# parse all log files for error messages +# print errors and warnings found to error.log +# WARNING: This will only work with english error messages! + +errfile=$LOGDIR/error.log + +# Define grep patterns. Do not start or end with an empty line! +globalerrorpatterns="error +fail +warn + bad +bad +no space +syntax +Couldn't stat +Cannot access + conflict +is bigger than the limit +did not exist +non existent +not found +couldn't +can't +E: Sorry, broken packages +^E: +operator expected +ambiguous redirect +No previous regular expression +No such +Device or resource busy +unknown option +[a-z]\+\.log:E: +No candidate version found +segfault +Couldn't find any package whose name or description matched +cannot create +The following packages have unmet dependencies" + +globalignorepatterns="[a-z]\+\.log:# +Error: Driver 'pcspkr' is already registered, aborting +: bytes packets errors dropped +:+ error=0 +:+ trap error= +task_error_func= +STOP_ON_ERROR= +courier-webadmin +plugins-bad +Enabling conf localized-error-pages +ibwebadmin +kernel-patch-badram +kolab-webadmin +kolabadmin +gstreamer.\+-plugins-really-bad +liberrors.so +liberrors-samba +libsamba-errors +gsambad +libad +libtest-nowarnings-perl +libtest-warn-perl +libclass-errorhandler-perl +zope-ploneerrorreporting +libroxen-errormessage +liberror-perl +libgpg-error-dev +libgpg-error0 +Opts:.\+errors=remount +[RT]X packets: +WARNING: unexpected IO-APIC +warned about = ( ) +daemon.warn +kern.warn +rw,errors= +Expect some cache +no error +failmsg +RPC call returned error 101 +deverror.out +(floppy), sector 0 +mount version older than kernel +Can't locate module +Warning only .\+MB will be used. +hostname: Host name lookup failure +I can't tell the difference. +warning, not much extra random data, consider using the -rand option +confC._FILE +Warning: 3 database(s) sources +were not found, (but were created) +removing exim +The home dir you specified already exists. +No Rule for /usr/lib/ispell/default.hash. +/usr/sbin/update-fonts-.\+: warning: absolute path +hostname: Unknown server error +EXT2-fs warning: checktime reached +RPC: sendmsg returned error 101 +can't print them to stdout. Define these classes +warning: downgrading +suppress emacs errors +echo Error: +Can't open dependencies file +documents in /usr/doc are no longer supported +if you have both a SCSI and an IDE CD-ROM +Warning: /proc/ide/hd?/settings interface is obsolete, and will be removed soon +Monitoring disabled +Error: only one processor found. +Error Recovery Strategy: +sector 0 does not have an +syslogin_perform_logout: logout() returned an error +grub is not in an XFS filesystem. +grub-install: line 374: +grub-probe: error: Cannot open \`/boot/grub/device.map' +is harmless +not updating .\+ font directory data. +register_serial(): autoconfig failed +Fontconfig error: Cannot load default config file +asking for cache data failed +However, I can not read the target: +Warning: The partition table looks like it was made +task_error=0 +task_local_error=0 +^info: Trying to set +warning: /usr/lib/X11/fonts +can't read /etc/udev/rules.d/z25_persistent-net.rules +/cow': No such file or directory +Dummy start-stop-daemon called +X: bytes packets errors +ACPI Error +ACPI Warning +AE_NOT_FOUND +conflicts with ACPI region +cannot stat \`/etc/modprobe.d/\*.conf' +cdrom: open failed. +libgpg-error +process \`kudzu' used the deprecated sysctl system call +PM: Resume from disk failed +JBD: barrier-based sync failed +aufs: module is from the staging directory, the quality is unknown +warning: linuxlogo stop runlevel arguments (none) do not match +insserv: warning: script .\+ missing LSB tags and overrides +live-premount.\+ If this fails +cannot read table of mounted file systems +error: no alternatives for +ERST: Error Record Serialization Table (ERST) support is initialized +ERST: Table is not found +HEST: Table not found +failed to stat /dev/pts +Failed to connect to socket /var/run/dbus/system_bus_socket +fail to add MMCONFIG information +can't initialize iptables table +can't initialize ip6tables table +Authentication warning overridden +41-warning.sh +PCCT header not found +Download is performed unsandboxed as root as file +update-alternatives: warning: skip creation of +loop: module verification failed: signature +Warning: apt-key output should not be parsed +WARNING: Failed to connect to lvmetad. Falling back to device scanning +Warning: The home dir /var/lib/usbmux you specified +diff: /var/lib/apparmor/profiles/.apparmor.md5sums: No such file or directory +error reporting disabled +Enabling Firmware First mode for corrected errors +errors: 0 + 0 errors +Memory Error Correction: +Memory Controller 0 - Channel . Error +IIO RAS/Control Status/Global Errors +__stack_chk_fail +grub.cfg.new: Directory nonexistent +can't derive routing for PCI INT A +failed to load isci/isci_firmware.bin +Direct firmware load for isci/isci_firmware.bin failed with error +Loading user firmware failed, using default values +stunnel4 you specified can't be accessed: No such file or directory +install-docs --verbose --check file_name' may give more details about the above errors +cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory +update-rc.d: warning: start and stop actions are no longer supported" + +# add pattern on some conditions +if [ -n $FAI_ALLOW_UNSIGNED ] ; then + globalignorepatterns="$globalignorepatterns +WARNING: untrusted versions +WARNING: The following packages cannot be authenticated +Ignoring these trust violations" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Here you can define your own patterns. Put one pattern in a line, +# do not create empty lines. +myerrorpatterns="X_X-X_XX" +myignorepatterns="X_X-X_XX" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# The main routine +errorpatterns="$globalerrorpatterns +$myerrorpatterns" +ignorepatterns="$globalignorepatterns +$myignorepatterns" + +cd $LOGDIR || exit 3 +if [ -s $errfile ]; then + echo "Errorfile already exists. Aborting." >&2 + exit +fi + +grep -i "$errorpatterns" *.log | grep -vi "$ignorepatterns" > $errfile +if [ X$verbose = X1 ]; then + egrep -v '^software.log:' $errfile > $LOGDIR/tempfile + mv $LOGDIR/tempfile $errfile +fi + +if [ -s $errfile ]; then + echo "ERRORS found in log files. See $errfile" >&2 +else + echo "Congratulations! No errors found in log files." +fi diff --git a/hooks/setup.DEFAULT.sh b/hooks/setup.DEFAULT.sh new file mode 100755 index 0000000..4440ff9 --- /dev/null +++ b/hooks/setup.DEFAULT.sh @@ -0,0 +1,10 @@ +#! /bin/bash + +# use short hostname instead of FQDN +# otherwise it gets fucked up +# FAI doesn't start +# FAI SUCKS +export HOSTNAME=${HOSTNAME%%.*} +if [ $do_init_tasks -eq 1 ]; then + echo $HOSTNAME > /proc/sys/kernel/hostname +fi diff --git a/package_config/DEBIAN b/package_config/DEBIAN new file mode 100644 index 0000000..57229b4 --- /dev/null +++ b/package_config/DEBIAN @@ -0,0 +1,34 @@ +PACKAGES install-norec +# only installs bare minimum needed for ansible to work +openssh-client +openssh-server +time +procinfo +locales +console-setup +kbd +sudo +python + +PACKAGES install I386 +linux-image-686-pae +memtest86+ + +PACKAGES install CHROOT +linux-image-686-pae- +linux-image-amd64- + +PACKAGES install AMD64 +linux-image-amd64 +memtest86+ + +PACKAGES install ARM64 +grub-efi-arm64 +linux-image-arm64 + +PACKAGES install GRUB_PC +grub-pc + +PACKAGES install GRUB_EFI_CRYPTO +grub-efi + diff --git a/package_config/DEBIAN.gpg b/package_config/DEBIAN.gpg new file mode 100644 index 0000000000000000000000000000000000000000..0d5b7a903f651c65861986617e62a2be8cb53e70 GIT binary patch literal 2824 zcmZwIc{~%0AHeZ#HaByR#+EZ=gybPPbCaAsbEL@(!z4VeQpg!036CR`D`!O1+%ek7 zEobigEN0GMPyhU$*X#HD>-+!r`+j{t=^!?+Ikm?X$N{KXEpB?uCJRT^qFCf^NgQAA z{vgp-!@c^`BJz!LK!vo2?TDyjP>iNq1`8L8OALfCh=};eCl>%k2+s3SDY(JcqTpuJ zo_uP<%p~UFfH}B0Y8MmkLU~A&73WZU;ikDyiwvLddm7os5V(VQNo#3rpk5(WG@jfx zff+coslnGS;#APS9;LRowE}-I-QzOIILS^i^#Y5&WW7StV{fWz$gt8QZz5l=fHZnT-bf7_y>Hz98%io@F7Y`FMZkyDe$W7mn?^>UwF1dX!_pgEdYrx9ho zu9^Z;R%k+cRDRLM`s!fucIZo#XTDEuBwG}Q=Ausk#?#gBf%7%be;1K6vEStz5IZwd z^A}-^`a?K|D*!%xqb2aG{zcxTv$AZa2>L?__MCGy-jd6@u9!;$-l{Cani??t$0+o( zg6DRqzrVfiESuV#+jNn*d*o6lUn=Iv*@6=i>I7+qk(_Pg?q7Z-<&>*g^mUc}oGUkG92yo$NK!3|UR`1a0l*$MMBT4Yh@CcXr#N)?-zT~N zn)3G{nxP&0^KwJs30My=S!b+z3`iBs4FmziKyW$`0tkXVg0L_#GSESInVA?_AbcP? zAOHd~r+(D{2>=1iOdJ;vzMV1{Q|1K&IRG(lZ{`X*Fn>Ij^4V;x^oFFpk2Tf|PVQio zwKq%FpE)hyz{s8Tv85}*PFg0mF*<~; zIr<7=>u(#@4Ke5>;#e=QBZSwz-^sgscm=X3iBp!*apyU!cNdJQB5Sca>=`b?t7ib~ zqY4JkM@*I=^w(X(e*Dl!gslv(odcXDwVia66y$CH&UXr!4iwS$F2k(TqeX^{8&`FuRn8)siElDXn|DO@g;*yIcp3eeVDtfS$Cw z6jWeFhPTJMEFaoMWCU33yl%aG3L0;Y+)JXDvstBo&dJA*y*vj& zy|vgL%>wr2vt?FbCXJv-gVoqcv2{6;^qW|eqsRXF1Bn@aVWb{Ny6ng-y3U`tGkFB= zdP7frymG+PT*}c8^L#eN6Jj?=R$97B$qjoHE?tt@%az2e`-YgNx{jMLQO|{o8mge8 zJ+$B?%@>MlTsXQm$(Vq^KtfB6+7Z z1$p+lpB1ho>LD^O)I{d?rkV&SaS4_}vT7|9zu$tF8WraFK8(j04}x%C4*e_=?&?_n z#EpZ>mLt}($@SAkjBg^%(pVrs{G{FKlQG5Q?}9K0`%m_1CDOLpjxr4&Gqg+mQ(Lyr z)SBgl`;^xrSH^O%Ud5DQ@0)h7zG_ACtcHI7pciYkX}VIGe_TOwNIHXKBKoohGqj`j z7@75%BipY&rbhBm9+NvgG-eck5CY{*)ncEUeK>r>q1Rx=eAkcIbMq9)+D9?VWKeqL z2@oE|pSo{uUSOBcz9ThWJs%`l!FkW;K|fDwr&fbF?tW&0N+Y)J1vX##kM*oXYgP$% z2df{@p3{Fxl%(p~1%Z=mm5MX=?+2qZ4hR%_QrUMe5IP2B9t*2;QX zykntrEgzo-ym-F~(ux4zpM5Y{i|xr z+^hZ0UN$2RO)mZ3LS}8DsX1ZSm$a;H`IbP2raGd_BcHanpXQ~NBA>`d?iBHgg2h){l6-mFzd;2Yj!jZyX zC$J!=e?9L0j6pUeKw#MXKQL-iAt(ASu*bYmF( zfi`c>uOoyeh2>{qL%8mAu;;FCh-yaDt@{r|EM?+F*lgJ*qI*~YHQr@UOB$5mrY8jg z(Ba7;Y;Ln`&uzdA(@^GApFy# zwjp3cY3B!j@T-^It+92}jGEedJ70?7Q9pe`l{`2{c3QnAnoY%x<*u~0ej#vIMY*DN z76dc~2Nc_E|JV2QvUayRGDu41JC3dfsBQUVBKB@e9iPb_cn3`MV1}LGksyy9ZCe69LgeiL;-QQJ<0U^QszdFVA zJ4R>_ob}%y196)J5Rt5h{V>01b=BX#%P#2M1D#8U?8}1g8hg!~OC{?Gm_njV?;tWy zie3WKg!CqB-UwGP$^otQ^mqrYvFhogVEn}=>Xta7{T-VHn6^fe@py$>oceJ(%jK`{ z^By-WzX%`P51LRYqPKQVxQOU0$GqY-An5i(PeZj2I^(RMO3p#6!ntHB-cCPLzeyx} zE|t&pfbIb(tI{OZ%`v9Io5g_Zh*vmL|o-3lPJ7 zb3rZv2QOKPUzi1*5bF42(xq3bDaIY!LSvKRxX&>Wel3B6C$0XEm{Vd;CXDA6J;A7jRhMbz-c9q40=~ zR~!7jtyISLZ2gP{{}WmbhbL`oFzG;g%2m9&H({_Y<}&3NF71e&Zsb4hu#(gr2rI3_ zUc9I-~2{wNf(!!|e#9%H0#V9p6P{U_9 zS;Lm)F2m7`K@NU-7N@=0`$error?$?:$error))' ERR # save maximum error code + +$ROOTCMD usermod -L root + +exit $error + diff --git a/scripts/DEBIAN/20-capabilities b/scripts/DEBIAN/20-capabilities new file mode 100755 index 0000000..ea650fa --- /dev/null +++ b/scripts/DEBIAN/20-capabilities @@ -0,0 +1,22 @@ +#!/bin/bash +# +# Capabilities get lost when creating the fai base.tar.xz image. +# Restore them here. +# + +set -e + +if [ ! -x $target/sbin/setcap ] ; then + exit 0 +fi + +for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do + if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then + if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then + echo "Setcap worked! $FILE is not suid!" + fi + fi +done +if [ -x $target/usr/bin/systemd-detect-virt ] ; then + $ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt +fi diff --git a/scripts/DEBIAN/30-interface b/scripts/DEBIAN/30-interface new file mode 100755 index 0000000..34c98e8 --- /dev/null +++ b/scripts/DEBIAN/30-interface @@ -0,0 +1,118 @@ +#! /bin/bash + +netplan_yaml() { + # network configuration using ubuntu's netplan.io + local IFNAME="$1" + local METHOD="$2" + echo "Generating netplan configuration for $IFNAME ($METHOD)" >&2 + echo "# generated by FAI" + echo "network:" + echo " version: 2" + echo " renderer: $RENDERER" + case "$RENDERER" in + networkd) + echo " ethernets:" + echo " $IFNAME:" + case "$METHOD" in + dhcp) + echo " dhcp4: true" + ;; + static) + echo " addresses: [$CIDR]" + echo " gateway4: $GATEWAYS_1" + echo " nameservers:" + echo " search: [$DOMAIN]" + echo " addresses: [${DNSSRVS// /, }]" + ;; + esac + esac +} + +iface_stanza() { + # classic network configuration using /etc/network/interfaces + local IFNAME="$1" + local METHOD="$2" + echo "Generating interface configuration for $IFNAME ($METHOD)" >&2 + echo "# generated by FAI" + echo "auto $IFNAME" + echo "iface $IFNAME inet $METHOD" + case "$METHOD" in + static) + echo " address $IPADDR" + echo " netmask $NETMASK" + echo " broadcast $BROADCAST" + echo " gateway $GATEWAYS" + ;; + esac +} + +newnicnames() { + + # determine predictable network names only for stretch and above + + [ $do_init_tasks -eq 0 ] && return + [ -z "$NIC1" ] && return + ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev) + if dpkg --compare-versions $ver lt 220-7; then + return + fi + + + fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" + for field in $fields; do + name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") + if [[ $name ]]; then + NIC1=$name + break + fi + done + if [[ ! $name ]]; then + echo "$0: error: could not find systemd predictable network name. Using $NIC1." + fi +} + +if [ -z "$NIC1" ]; then + echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces." +fi +CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}') +newnicnames + +case "$FAI_ACTION" in + install|dirinstall) + ifclass DHCPC && METHOD=dhcp || METHOD=static + ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd + + if [ -d $target/etc/netplan ]; then + # Ubuntu >= 17.10 with netplan.io + if [ -n "$NIC1" ]; then + netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml + fi + elif [ -d $target/etc/network/interfaces.d ]; then + # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04) + iface_stanza lo loopback > $target/etc/network/interfaces.d/lo + + if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then + iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1 + fi + else + ( + iface_stanza lo loopback + iface_stanza $NIC1 $METHOD + ) > $target/etc/network/interfaces + fi + + if ! ifclass DHCPC ; then + [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks + if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then + cp -p /etc/resolv.conf $target/etc + fi + fi + ;; +esac + +# here fcopy is mostly used, when installing a client for running in a +# different subnet than during the installation +fcopy -iM /etc/resolv.conf +fcopy -iM /etc/network/interfaces /etc/networks + +exit $error diff --git a/scripts/DEBIAN/40-misc b/scripts/DEBIAN/40-misc new file mode 100755 index 0000000..1571058 --- /dev/null +++ b/scripts/DEBIAN/40-misc @@ -0,0 +1,39 @@ +#! /bin/bash + +# (c) Thomas Lange, 2001-2016, lange@debian.org +# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +echo $TIMEZONE > $target/etc/timezone +if [ -L $target/etc/localtime ]; then + ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +else + cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +fi + +hostname -s > $target/etc/hostname + +if [ ! -e $target/etc/adjtime ]; then + printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime +fi +if [ "$UTC" = "yes" ]; then + sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime +else + sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime +fi + +# make sure a machine-id exists +if [ ! -f $target/etc/machine-id ]; then + > $target/etc/machine-id +fi +# recreate machine-id if the file is empty +if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)" = X0 -a -f /bin/systemd-machine-id-setup ]; then + $ROOTCMD systemd-machine-id-setup +fi + +ln -fs /proc/mounts $target/etc/mtab + +rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io + +exit $error diff --git a/scripts/GRUB_EFI_CRYPTO/10-setup b/scripts/GRUB_EFI_CRYPTO/10-setup new file mode 100755 index 0000000..75a0eed --- /dev/null +++ b/scripts/GRUB_EFI_CRYPTO/10-setup @@ -0,0 +1,74 @@ +#! /bin/bash +# support for GRUB version 2 + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# This script assumes that the disk has a GPT partition table and +# that the extended system partition (ESP) is mounted on /boot/efi. +# When building a disk image, we don't change the NVRAM to point at +# the boot image we made available, because the disk image is likely +# not installed on the current system. As a result, we force +# installation into the removable media paths as well as the standard +# debian path. + +set -a + +# do not set up grub during dirinstall +if [ "$FAI_ACTION" = "dirinstall" ] ; then + exit 0 +fi +# during softupdate use this file +[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh + +if [ -z "$BOOT_DEVICE" ]; then + exit 189 +fi + +# disable os-prober because of #788062 +echo "GRUB_DISABLE_OS_PROBER" >> /etc/default/grub + +# enable cryptodisk +echo "GRUB_ENABLE_CRYPTODISK=y" >> $target/etc/default/grub.d/crypto.cfg + +# skip the rest, if not an initial installation +if [ $FAI_ACTION != "install" ]; then + $ROOTCMD update-grub + exit $error +fi + +GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) + +# handle /boot in lvm-on-md +_bdev=$(readlink -f $BOOT_DEVICE) +if [ "${_bdev%%-*}" = "/dev/dm" ]; then + BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) +fi + +# override this, it doesn't work correctly for lvm on luks on raid +BOOT_DEVICE="/dev/md0" + +# Check if RAID is used for the boot device +if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then + raiddev=${BOOT_DEVICE#/dev/} + # install grub on all members of RAID + for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do + echo Install grub on /dev/$device + $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device" + done + +elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then + # do not update vmram when using a loop device + $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE + if [ $? -eq 0 ]; then + echo "Grub installed on hostdisk $BOOT_DEVICE" + fi + +else + $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT" + if [ $? -eq 0 ]; then + echo "Grub installed on $BOOT_DEVICE = $GROOT" + fi +fi +$ROOTCMD update-grub + +exit $error diff --git a/scripts/SETUP_USER/10-setup-user b/scripts/SETUP_USER/10-setup-user new file mode 100755 index 0000000..325be65 --- /dev/null +++ b/scripts/SETUP_USER/10-setup-user @@ -0,0 +1,20 @@ +#! /bin/bash + +# (c) Thomas Lange, 2001-2017, lange@debian.org + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +echo "SETUP USER: $username"; + +# add additional user account +if [ -n "$username" ]; then + if ! $ROOTCMD getent passwd $username ; then + $ROOTCMD adduser --disabled-login --gecos "$username user" $username + $ROOTCMD usermod -p "$USERPW" $username + userdir=$($ROOTCMD getent passwd "$username" | cut -d: -f6 ) + + for g in $groups; do + $ROOTCMD adduser $username $g + done + fi +fi diff --git a/scripts/SETUP_USER/20-setup-sudo b/scripts/SETUP_USER/20-setup-sudo new file mode 100755 index 0000000..087483a --- /dev/null +++ b/scripts/SETUP_USER/20-setup-sudo @@ -0,0 +1,3 @@ +#!/bin/sh +echo "$username ALL=(ALL:ALL) NOPASSWD: ALL" >> /target/etc/sudoers.d/user_nopasswd + diff --git a/scripts/SETUP_USER/30-authorized_keys b/scripts/SETUP_USER/30-authorized_keys new file mode 100755 index 0000000..4376bee --- /dev/null +++ b/scripts/SETUP_USER/30-authorized_keys @@ -0,0 +1,4 @@ +#!/bin/sh +mkdir $target/home/$username/.ssh; +echo "$SSHKEY" > $target/home/$username/.ssh/authorized_keys; +