sudo without password

nothub · Dec 16, 2023 · fdd5c24 · fdd5c24
1 parent 3200088
commit fdd5c24
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -61,6 +61,7 @@ echo "ssh-ed25519 AAAA... bar" >> configs/authorized_keys
 -s <sign_key>    ISO pgp sign key
 -o <out_file>    ISO output file
 -x               Power off after install
+-z               Sudo without password
 -v               Enable verbose mode
 -h               Display this help message
 ```

diff --git a/build.sh b/build.sh
@@ -5,7 +5,7 @@ set -o nounset
 set -o pipefail
 
 usage() {
-    echo "Usage: $0 [-u username] [-p password] [-n hostname] [-d domain] [-a package] [-i iso_url] [-s sign_key] [-o path] [-x] [-v] [-h]"
+    echo "Usage: $0 [-u username] [-p password] [-n hostname] [-d domain] [-a package] [-i iso_url] [-s sign_key] [-o path] [-x] [-z] [-v] [-h]"
     echo "Options:"
     echo "  -u <username>    Admin username"
     echo "  -p <password>    Admin password"
@@ -16,6 +16,7 @@ usage() {
     echo "  -s <sign_key>    ISO pgp sign key"
     echo "  -o <out_file>    ISO output file"
     echo "  -x               Power off after install"
+    echo "  -z               Sudo without password"
     echo "  -v               Enable verbose mode"
     echo "  -h               Display this help message"
 }
@@ -30,8 +31,9 @@ sign_key="DA87E80D6294BE9B"
 out_file="debian-12.4.0-amd64-auto.iso"
 apt_pkgs=()
 poweroff=""
+sudonopw=""
 
-while getopts u:p:n:d:a:i:s:o:xvh opt; do
+while getopts u:p:n:d:a:i:s:o:xzvh opt; do
     case $opt in
     u) username="$OPTARG" ;;
     p) password="$OPTARG" ; password_mask="true" ;;
@@ -42,6 +44,7 @@ while getopts u:p:n:d:a:i:s:o:xvh opt; do
     s) sign_key="$OPTARG" ;;
     o) out_file="$OPTARG" ;;
     x) poweroff="true" ;;
+    z) sudonopw="true" ;;
     v) set -o xtrace ;;
     h) usage ; exit 0 ;;
     *) usage ; exit 1 ;;
@@ -104,12 +107,19 @@ replace_token "@DOMAIN@"   "${domain}"
 replace_token "@PACKAGES@" "${apt_pkgs[*]}"
 
 # add poweroff option
-if test -n "${poweroff}"; then
+if test "${poweroff}" = "true"; then
     replace_token "@POWEROFF@" "true"
 else
     replace_token "@POWEROFF@" "false"
 fi
 
+# add sudo no-password option
+if test "${sudonopw}" = "true"; then
+    replace_token "@SUDONOPW@" "true"
+else
+    replace_token "@SUDONOPW@" "false"
+fi
+
 # clear existing output iso file
 if test -f "${out_file}"; then
     rm -f "${out_file}"

diff --git a/installer/late.sh b/installer/late.sh
@@ -6,6 +6,7 @@ prefix="/target"
 admin="@USERNAME@"
 hostname="@HOSTNAME@"
 domain="@DOMAIN@"
+sudonopw="@SUDONOPW@"
 
 if test "${hostname}" == "undefined"; then
     # generate hostname from mac addresses
@@ -30,6 +31,11 @@ cp -a "/cdrom/configs/issue"       "${prefix}/etc/issue"
 cp -a "/cdrom/configs/motd"        "${prefix}/etc/motd"
 cp -a "/cdrom/configs/sshd_config" "${prefix}/etc/ssh/sshd_config"
 
+# allow sudo without password
+if test "${sudonopw}" = "true"; then
+    echo "${admin} ALL=(ALL) NOPASSWD: ALL" > "${prefix}/etc/sudoers.d/${admin}"
+fi
+
 # authorize ssh keys for root user
 mkdir -p  "${prefix}/root/.ssh"
 chmod 700 "${prefix}/root/.ssh"