admin data

nothub · Oct 26, 2023 · 4898fb4 · 4898fb4
1 parent deda141
commit 4898fb4
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -8,8 +8,7 @@ Run `build.sh` to generate the hands-free iso image.
 
 ## Password
 
-The password declared by `passwd/user-password-crypted` will be discarded!
-The user is prompted for a new password on first login.
+A new admin password will be generated when executing `build.sh`.
 
 ## Debug in VM
 

diff --git a/build.sh b/build.sh
@@ -4,6 +4,10 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+# TODO: flags
+admin_user="hub"
+admin_pass="$(pwgen -ns 32 1)"
+
 debian_signing_key="DA87E80D6294BE9B"
 iso_url="https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso"
 
@@ -37,6 +41,16 @@ xorriso \
 sed -i "s#default vesamenu.c32#default auto#" "${workdir}/isolinux.cfg"
 sed -i "s#auto=true#auto=true file=/cdrom/preseed.cfg#" "${workdir}/adtxt.cfg"
 
+# admin user name
+sed -i "s#admin=.*#admin=\"${admin_user}\"#" "installer/late.sh"
+
+# admin password
+salt="$(pwgen -ns 16 1)"
+hash="$(mkpasswd -m sha-512 -S "${salt}" "${admin_pass}")"
+echo "user: hub"
+echo "pass: ${admin_pass}"
+sed -i "s#d-i passwd/user-password-crypted password.*#d-i passwd/user-password-crypted password ${hash}#" "installer/preseed.cfg"
+
 # repack iso
 rm -f "${iso_file//.iso/-auto.iso}"
 xorriso -indev "${iso_file}" \

diff --git a/installer/late.sh b/installer/late.sh
@@ -3,12 +3,7 @@
 set -eu
 
 prefix="/target"
-admin="hub"
-
-# expire user password (password must be set interactively on next login)
-# TODO: implement this feature in a way that does not require `passwd` in the installer runtime
-#passwd --delete "${admin}"
-#passwd --expire "${admin}"
+admin="@USERNAME@"
 
 # custom configs
 cp -a "/cdrom/configs/motd"        "${prefix}/etc/motd"

diff --git a/installer/preseed.cfg b/installer/preseed.cfg
@@ -24,8 +24,8 @@ d-i mirror/udeb/suite string stable
 d-i passwd/root-login boolean false
 d-i passwd/user-fullname string
 d-i passwd/username string hub
-# The password will be discarded, the user is prompted for a new password on first login.
-d-i passwd/user-password-crypted password $6$1658938483$A2obfwtyr53bxg4Q4HR6yLgirThMNoH52nwG0S8l.Ke9geF6rq2gKXvQKjyVlYMpH02d2oq/MBb9CbsxtfEgJ1
+#This password hash will be replaced when executing build.sh
+d-i passwd/user-password-crypted password @PASSHASH@
 d-i user-setup/encrypt-home boolean false
 
 ### Time