@ -1,4 +1,5 @@
#!/bin/bash
#!/bin/sh
# shellcheck shell=dash
set -euo pipefail
@ -11,20 +12,34 @@ command_exists() {
command -v " $1 " > /dev/null 2>& 1
}
late_command =
run_later( ) {
[ -z " $late_command " ] && late_command = 'true'
late_command = " $late_command ; $1 "
in_target =
late_command( ) {
local cmd
for arg in " $@ " ; do
cmd = " $cmd $arg "
done
if [ -n " $cmd " ] ; then
[ -z " $in_target " ] && in_target = 'true'
in_target = " $in_target ; $cmd "
fi
}
in_target_backup( ) {
late_command " if [ ! -e \" $1 .backup\" ]; then cp \" $1 \" \" $1 .backup\"; fi "
}
backup( ) {
run_later " if [ ! -e \" $1 .backup\" ]; then cp \" $1 \" \" $1 .backup\"; fi "
sshd_conf( ) {
[ -z ${ backed_sshd +1 } ] && in_target_backup /etc/ssh/sshd_config
backed_sshd =
late_command sed -Ei \" " s/^#? $1 .+/ $1 $2 / " \" /etc/ssh/sshd_config
}
prompt_password( ) {
if [ -z " $password " ] ; then
read -rs -p 'Password: ' password
fi
stty -echo
echo -n " Choose a password for the new user $username : " > /dev/tty
read -r password < /dev/tty
stty echo
echo > /dev/tty
}
ip =
@ -32,9 +47,7 @@ netmask=
gateway =
dns = '8.8.8.8 8.8.4.4'
hostname =
installer_ssh = false
installer_password =
authorized_keys_url =
network_console = false
suite = buster
mirror_protocol = http
mirror_host = deb.debian.org
@ -43,8 +56,8 @@ security_repository=http://security.debian.org/debian-security
skip_account_setup = false
username = debian
password =
sudo_password = false
cleartext _password= false
authorized_keys_url =
sudo_with _password= false
timezone = UTC
ntp = 0.debian.pool.ntp.org
skip_partitioning = false
@ -69,26 +82,18 @@ dry_run=false
while [ $# -gt 0 ] ; do
case $1 in
--preset)
case " $2 " in
china)
dns = '223.5.5.5 223.6.6.6'
--cdn| --aws)
mirror_protocol = https
mirror_host = mirrors.aliyun.com
ntp = ntp.aliyun.com
[ " $1 " = '--aws' ] && mirror_host = cdn-aws.deb.debian.org
security_repository = mirror
; ;
cloud )
dns = '1.1.1.1 1.0.0.1 '
--china )
dns = '223.5.5.5 223.6.6.6 '
mirror_protocol = https
mirror_host = deb.debian.org
mirror_host = mirrors.aliyun.com
ntp = ntp.aliyun.com
security_repository = mirror
; ;
*)
err " No such preset $2 "
esac
shift
; ;
--ip)
ip = $2
shift
@ -109,15 +114,8 @@ while [ $# -gt 0 ]; do
hostname = $2
shift
; ;
--installer-password)
installer_ssh = true
installer_password = $2
shift
; ;
--authorized-keys-url)
installer_ssh = true
authorized_keys_url = $2
shift
--network-console)
network_console = true
; ;
--suite)
suite = $2
@ -142,7 +140,7 @@ while [ $# -gt 0 ]; do
--skip-account-setup)
skip_account_setup = true
; ;
--username)
--user| --user)
username = $2
shift
; ;
@ -150,8 +148,12 @@ while [ $# -gt 0 ]; do
password = $2
shift
; ;
--sudo-password)
sudo_password = true
--authorized-keys-url)
authorized_keys_url = $2
shift
; ;
--sudo-with-password)
sudo_with_password = true
; ;
--timezone)
timezone = $2
@ -287,30 +289,21 @@ fi
echo 'd-i hw-detect/load_firmware boolean true' | $save_preseed
if [ " $installer_ssh " = true ] ; then
$save_preseed << 'EOF'
while [ -z " $password " ] ; do
prompt_password
done
if [ " $network_console " = true ] ; then
$save_preseed << EOF
# Network console
d-i anna/choose_modules string network-console
d-i preseed/early_command string anna-install network-console
d-i network-console/password password $password
d-i network-console/password-again password $password
EOF
if [ -n " $authorized_keys_url " ] ; then
backup /etc/ssh/sshd_config
run_later 'sed -Ei "s/^#?PasswordAuthentication .+/PasswordAuthentication no/" /etc/ssh/sshd_config'
$save_preseed << EOF
d-i network-console/password-disabled boolean true
d-i network-console/authorized_keys_url string $authorized_keys_url
EOF
elif [ -n " $installer_password " ] ; then
$save_preseed << EOF
d-i network-console/password-disabled boolean false
d-i network-console/password password $installer_password
d-i network-console/password-again password $installer_password
EOF
fi
[ -n " $authorized_keys_url " ] && echo " d-i network-console/authorized_keys_url string $authorized_keys_url " | $save_preseed
echo 'd-i network-console/start select Continue' | $save_preseed
fi
@ -328,24 +321,15 @@ d-i mirror/udeb/suite string $suite
EOF
if [ " $skip_account_setup " != true ] ; then
password_hash =
if command_exists mkpasswd; then
if [ -z " $password " ] ; then
password = " $( mkpasswd -m sha-512) "
else
password = " $( mkpasswd -m sha-512 " $password " ) "
fi
password_hash = $( mkpasswd -m sha-512 " $password " )
elif command_exists busybox && busybox mkpasswd --help >/dev/null 2>& 1; then
prompt_password
password = " $( busybox mkpasswd -m sha512 " $password " ) "
password_hash = $( busybox mkpasswd -m sha512 " $password " )
elif command_exists python3; then
if [ -z " $password " ] ; then
password = " $( python3 -c 'import crypt, getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))' ) "
else
password = " $( python3 -c " import crypt; print(crypt.crypt(' $password ', crypt.mksalt(crypt.METHOD_SHA512))) " ) "
fi
else
cleartext_password = true
prompt_password
password_hash = $( python3 -c 'import crypt, sys; print(crypt.crypt(sys.argv[1], crypt.mksalt(crypt.METHOD_SHA512)))' " $password " )
elif command_exists python; then
password_hash = $( python -c 'import crypt, sys; print(crypt.crypt(sys.argv[1], crypt.mksalt(crypt.METHOD_SHA512)))' " $password " 2> /dev/null) || password_hash =
fi
$save_preseed << 'EOF'
@ -353,13 +337,15 @@ if [ "$skip_account_setup" != true ]; then
# Account setup
EOF
if [ -n " $authorized_keys_url " ] ; then
sshd_conf PasswordAuthentication no
fi
if [ " $username " = root ] ; then
if [ -z " $authorized_keys_url " ] ; then
backup /etc/ssh/sshd_config
run_later 'sed -Ei "s/^#?PermitRootLogin .+/PermitRootLogin yes/" /etc/ssh/sshd_config'
sshd_conf PermitRootLogin yes
else
run_later " mkdir -m 0700 -p ~root/.ssh && busybox wget -O - \" $authorized_keys_url \" >> ~root/.ssh/authorized_keys "
late_command " mkdir -m 0700 -p ~root/.ssh && busybox wget -O - \" $authorized_keys_url \" >> ~root/.ssh/authorized_keys "
fi
$save_preseed << 'EOF'
@ -367,24 +353,23 @@ d-i passwd/root-login boolean true
d-i passwd/make-user boolean false
EOF
if [ " $cleartext_ password " = true ] ; then
if [ -z " $password_hash " ] ; then
$save_preseed << EOF
d-i passwd/root-password password $password
d-i passwd/root-password-again password $password
EOF
else
echo " d-i passwd/root-password-crypted password $password " | $save_preseed
echo " d-i passwd/root-password-crypted password $password_hash " | $save_preseed
fi
else
backup /etc/ssh/sshd_config
run_later 'sed -Ei "s/^#?PermitRootLogin .+/PermitRootLogin no/" /etc/ssh/sshd_config'
sshd_conf PermitRootLogin no
if [ -n " $authorized_keys_url " ] ; then
run_later " sudo -u $username mkdir -m 0700 -p ~ $username /.ssh && busybox wget -O - \" $authorized_keys_url \" | sudo -u $username tee -a ~ $username /.ssh/authorized_keys "
late_command " sudo -u $username mkdir -m 0700 -p ~ $username /.ssh && busybox wget -O - \" $authorized_keys_url \" | sudo -u $username tee -a ~ $username /.ssh/authorized_keys "
fi
if [ " $sudo_password " = false ] ; then
run_later " echo \" $username ALL=(ALL:ALL) NOPASSWD:ALL\" > \"/etc/sudoers.d/90-user- $username \" "
if [ " $sudo_with_ password " = false ] ; then
late_command " echo \" $username ALL=(ALL:ALL) NOPASSWD:ALL\" > \"/etc/sudoers.d/90-user- $username \" "
fi
$save_preseed << EOF
@ -394,13 +379,13 @@ d-i passwd/user-fullname string
d-i passwd/username string $username
EOF
if [ " $cleartext_ password " = true ] ; then
if [ -z " $password_hash " ] ; then
$save_preseed << EOF
d-i passwd/user-password password $password
d-i passwd/user-password-again password $password
EOF
else
echo " d-i passwd/user-password-crypted password $password " | $save_preseed
echo " d-i passwd/user-password-crypted password $password_hash " | $save_preseed
fi
fi
fi
@ -524,9 +509,9 @@ EOF
[ " $hold " != true ] && echo 'd-i finish-install/reboot_in_progress note' | $save_preseed
[ " $bbr " = true ] && run_later '{ echo "net.core.default_qdisc=fq"; echo "net.ipv4.tcp_congestion_control=bbr"; } > /etc/sysctl.d/bbr.conf'
[ " $bbr " = true ] && late_command '{ echo "net.core.default_qdisc=fq"; echo "net.ipv4.tcp_congestion_control=bbr"; } > /etc/sysctl.d/bbr.conf'
[ -n " $late_command " ] && echo " d-i preseed/late_command string in-target bash -c ' $late_command ' " | $save_preseed
[ -n " $in_target " ] && echo " d-i preseed/late_command string in-target dash -c ' $in_target ' " | $save_preseed
[ " $power_off " = true ] && echo 'd-i debian-installer/exit/poweroff boolean true' | $save_preseed
@ -534,7 +519,7 @@ save_grub_cfg='cat'
if [ " $dry_run " != true ] ; then
if [ -z " $architecture " ] ; then
architecture = amd64
command_exists dpkg && architecture = " $( dpkg --print-architecture) "
command_exists dpkg && architecture = $( dpkg --print-architecture)
fi
base_url = " $mirror_protocol :// $mirror_host $mirror_directory /dists/ $suite /main/installer- $architecture /current/images/netboot/debian-installer/ $architecture "
@ -572,7 +557,7 @@ EOF
grub_cfg = /boot/grub/grub.cfg
update-grub
elif command_exists grub2-mkconfig; then
tmp = " $( mktemp) "
tmp = $( mktemp)
grep -vF zz_debi /etc/default/grub > " $tmp "
cat " $tmp " > /etc/default/grub
rm " $tmp "
@ -590,7 +575,7 @@ fi
installer_directory = " $boot_directory $installer "
# shellcheck disable=SC2034
mem = " $( grep ^MemTotal: /proc/meminfo | { read -r x y z; echo " $y " ; } ) "
mem = $( grep ^MemTotal: /proc/meminfo | { read -r x y z; echo " $y " ; } )
[ $(( mem / 1024 )) -lt 483 ] && kernel_params = " $kernel_params lowmem/low= "
$save_grub_cfg 1>& 2 << EOF
Bohan Yang
5 years ago
committed by
GitHub