From 4898fb4945796f7d93a7920054c61ca3f8c64f28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20H=C3=BCbner?= Date: Thu, 26 Oct 2023 04:52:01 +0200 Subject: [PATCH] admin data --- README.md | 3 +-- build.sh | 14 ++++++++++++++ installer/late.sh | 7 +------ installer/preseed.cfg | 4 ++-- 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index d6d848f..07db517 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,7 @@ Run `build.sh` to generate the hands-free iso image. ## Password -The password declared by `passwd/user-password-crypted` will be discarded! -The user is prompted for a new password on first login. +A new admin password will be generated when executing `build.sh`. ## Debug in VM diff --git a/build.sh b/build.sh index fe756bb..ff33204 100755 --- a/build.sh +++ b/build.sh @@ -4,6 +4,10 @@ set -o errexit set -o nounset set -o pipefail +# TODO: flags +admin_user="hub" +admin_pass="$(pwgen -ns 32 1)" + debian_signing_key="DA87E80D6294BE9B" iso_url="https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso" @@ -37,6 +41,16 @@ xorriso \ sed -i "s#default vesamenu.c32#default auto#" "${workdir}/isolinux.cfg" sed -i "s#auto=true#auto=true file=/cdrom/preseed.cfg#" "${workdir}/adtxt.cfg" +# admin user name +sed -i "s#admin=.*#admin=\"${admin_user}\"#" "installer/late.sh" + +# admin password +salt="$(pwgen -ns 16 1)" +hash="$(mkpasswd -m sha-512 -S "${salt}" "${admin_pass}")" +echo "user: hub" +echo "pass: ${admin_pass}" +sed -i "s#d-i passwd/user-password-crypted password.*#d-i passwd/user-password-crypted password ${hash}#" "installer/preseed.cfg" + # repack iso rm -f "${iso_file//.iso/-auto.iso}" xorriso -indev "${iso_file}" \ diff --git a/installer/late.sh b/installer/late.sh index 06ac64a..e06527a 100755 --- a/installer/late.sh +++ b/installer/late.sh @@ -3,12 +3,7 @@ set -eu prefix="/target" -admin="hub" - -# expire user password (password must be set interactively on next login) -# TODO: implement this feature in a way that does not require `passwd` in the installer runtime -#passwd --delete "${admin}" -#passwd --expire "${admin}" +admin="@USERNAME@" # custom configs cp -a "/cdrom/configs/motd" "${prefix}/etc/motd" diff --git a/installer/preseed.cfg b/installer/preseed.cfg index 534c84c..6dde204 100644 --- a/installer/preseed.cfg +++ b/installer/preseed.cfg @@ -24,8 +24,8 @@ d-i mirror/udeb/suite string stable d-i passwd/root-login boolean false d-i passwd/user-fullname string d-i passwd/username string hub -# The password will be discarded, the user is prompted for a new password on first login. -d-i passwd/user-password-crypted password $6$1658938483$A2obfwtyr53bxg4Q4HR6yLgirThMNoH52nwG0S8l.Ke9geF6rq2gKXvQKjyVlYMpH02d2oq/MBb9CbsxtfEgJ1 +#This password hash will be replaced when executing build.sh +d-i passwd/user-password-crypted password @PASSHASH@ d-i user-setup/encrypt-home boolean false ### Time