Home
Phabricator
Search
Log In
Paste
P223
Masterwork From Distant Lands
Active
Public
Actions
Authored by
davidedmundson
on May 25 2018, 1:55 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Award Token
Flag For Later
Tags
None
Subscribers
None
#! /bin/sh
set
-e
. /usr/share/debconf/confmodule
if
[
"
$1
"
]
;
then
export
LANG
=
C
# avoid locale errors from perl
ROOT
=
"
$1
"
chroot
=
chroot
log
=
'log-output -t user-setup'
else
ROOT
=
chroot
=
log
=
fi
. /usr/lib/user-setup/functions.sh
# Set a password, via chpasswd.
# Use a heredoc rather than echo, to avoid the password
# showing in the process table. (However, this is normally
# only called when first installing the system, when root has no
# password at all, so that should be an unnecessary precaution).
#
# Pass in four arguments: the user, the password, 'true' if the
# password has been pre-crypted (by preseeding), and a 'true' if
# the home directory is encrypted
setpassword
()
{
local
USER PASSWD PAM_SET_PWD
USER
=
"
$1
"
PASSWD
=
"
$2
"
local
VERSION
=
$(
$c
hroot $ROOT dpkg-query -W -f
'${Version}\n'
passwd
)
PAM_SET_PWD
=
false
if
$c
hroot $ROOT dpkg --compare-versions
"
$
VERSION"
ge
"1:4.1.4-1"
;
then
# support for versions with PAM support (Squeeze)
PAM_SET_PWD
=
true
if
[
"
$3
"
=
true
]
;
then
$c
hroot $ROOT usermod --password
=
$PASSWD $USER
else
$c
hroot $ROOT chpasswd
<<EOF
$USER:$PASSWD
EOF
fi
else
# compatibility support for versions without PAM support (Lenny)
local
OPTS
if
[
"
$3
"
=
true
]
;
then
OPTS
=
-e
else
OPTS
=
-m
fi
$c
hroot $ROOT chpasswd $OPTS
<<EOF
$USER:$PASSWD
EOF
fi
# If the password was set using PAM, pam_ecryptfs will handle the initial
# passphrase wrapping. Otherwise, we need this hack...
if
[
"
$4
"
=
true
]
&&
[
"
$
PAM_SET_PWD"
=
false
]
;
then
local
UNWRAPPED_PASSPHRASE_FILE WRAPPED_PASSPHRASE_FILE MOUNT_PASSPHRASE
UNWRAPPED_PASSPHRASE_FILE
=
/dev/shm/.ecryptfs-$USER
if
[
-e
"
$
UNWRAPPED_PASSPHRASE_FILE"
]
;
then
WRAPPED_PASSPHRASE_FILE
=
/home/$USER/.ecryptfs/wrapped-passphrase
MOUNT_PASSPHRASE
=
$(
$c
hroot $ROOT cat $UNWRAPPED_PASSPHRASE_FILE
)
$c
hroot $ROOT ecryptfs-wrap-passphrase $WRAPPED_PASSPHRASE_FILE -
<<EOF
$MOUNT_PASSPHRASE
$PASSWD
EOF
$c
hroot $ROOT rm -f $UNWRAPPED_PASSPHRASE_FILE
$c
hroot $ROOT chown $USER:$USER $WRAPPED_PASSPHRASE_FILE
else
echo
"
$
UNWRAPPED_PASSPHRASE_FILE does not exist, but should!"
>
&
2
db_input critical user-setup/encrypt-home-failed
||
true
db_go
||
true
fi
fi
}
# Enable/disable shadow passwords.
db_get passwd/shadow
if
[
"
$
RET"
=
true
]
;
then
$log
$c
hroot $ROOT shadowconfig on
else
$log
$c
hroot $ROOT shadowconfig off
fi
if
! root_password
;
then
# Was the root password preseeded encrypted?
if
db_get passwd/root-password-crypted
&&
[
"
$
RET"
]
;
then
# The root password was preseeded encrypted.
ROOT_PW
=
"
$
RET"
PRECRYPTED
=
true
else
db_get passwd/root-password
ROOT_PW
=
"
$
RET"
PRECRYPTED
=
false
fi
# Clear the root password from the database, and set the password.
db_set passwd/root-password-crypted
''
db_set passwd/root-password
''
db_set passwd/root-password-again
''
if
[
"
$
ROOT_PW"
]
;
then
setpassword root
"
$
ROOT_PW"
"
$
PRECRYPTED"
fi
ROOT_PW
=
else
# Just in case, clear any preseeded root password from the database
# anyway.
db_set passwd/root-password-crypted
''
db_set passwd/root-password
''
db_set passwd/root-password-again
''
fi
db_get passwd/make-user
if
[
"
$
RET"
=
true
]
&&
! is_system_user
;
then
if
db_get passwd/user-password-crypted
&&
[
"
$
RET"
]
;
then
USER_PW
=
"
$
RET"
USER_PW_CRYPTED
=
true
else
db_get passwd/user-password
USER_PW
=
"
$
RET"
USER_PW_CRYPTED
=
false
fi
if
db_get passwd/user-uid
&&
[
"
$
RET"
]
;
then
if
[
-x $ROOT/usr/sbin/adduser
]
;
then
UIDOPT
=
"--uid
$
RET"
else
UIDOPT
=
"-u
$
RET"
fi
else
UIDOPT
=
fi
ENCRYPT_HOME
=
"false"
ENCRYPT_HOME_OPT
=
if
[
"
$
OVERRIDE_ALREADY_ENCRYPTED_SWAP"
]
;
then
ENCRYPT_HOME
=
"true"
ENCRYPT_HOME_OPT
=
"--encrypt-home"
elif
db_get user-setup/encrypt-home
&&
[
"
$
RET"
=
true
]
;
then
ENCRYPT_HOME
=
"true"
ENCRYPT_HOME_OPT
=
"--encrypt-home"
if
type
anna-install >/dev/null 2>
&
1
&&
[
-d /lib/debian-installer
]
;
then
ANNA_QUIET
=
1
DEBIAN_FRONTEND
=
none $log anna-install crypto-modules
||
true
depmod -a >/dev/null 2>
&
1
||
true
fi
for
module in aes cbc ecb
;
do
modprobe -q
"
$
module"
||
true
done
apt-install ecryptfs-utils 2>/dev/null
apt-install cryptsetup 2>/dev/null
umountproc
=
false
umountsys
=
false
umountdev
=
false
if
[
! -e $ROOT/proc/cmdline
]
;
then
$log
$c
hroot $ROOT mount -t proc proc /proc
umountproc
=
:
fi
if
[
! -e $ROOT/sys/block
]
;
then
# We need /sys for devtmpfs to create block devices.
$log
$c
hroot $ROOT mount -t sysfs sysfs /sys
umountsys
=
:
fi
if
[
"
$(
stat -c %d
"
$
ROOT/dev"
)
"
-eq
"
$(
stat -c %d
"
$
ROOT/"
)
"
]
;
then
mount --bind /dev $ROOT/dev
umountdev
=
:
else
$log
$c
hroot $ROOT udevadm settle
fi
if
! $log
$c
hroot $ROOT ecryptfs-setup-swap -f -n
;
then
echo
"ecryptfs-setup-swap failed."
>
&
2
db_input critical user-setup/encrypt-home-failed
||
true
db_go
||
true
ENCRYPT_HOME
=
"false"
ENCRYPT_HOME_OPT
=
fi
if
$umountproc
;
then
$log
$c
hroot $ROOT umount /proc
fi
if
$umountsys
;
then
$log
$c
hroot $ROOT umount /sys
fi
if
$umountdev
;
then
umount $ROOT/dev
fi
fi
# Add the user to the database, using adduser in noninteractive
# mode.
db_get passwd/username
USER
=
"
$
RET"
db_get passwd/user-fullname
HOME_EXISTED
=
if
[
-d
"
$
ROOT/home/
$
USER"
]
;
then
HOME_EXISTED
=
1
# user-setup-ask shouldn't have allowed this, but for safety:
ENCRYPT_HOME
=
"false"
ENCRYPT_HOME_OPT
=
fi
umountsys
=
false
if
[
-n
"
$E
NCRYPT_HOME_OPT"
]
;
then
if
[
! -e $ROOT/sys/kernel
]
;
then
$log
$c
hroot $ROOT mount -t sysfs sysfs /sys
umountsys
=
:
fi
mkdir -p $ROOT/dev/shm
$log
$c
hroot $ROOT mount -t tmpfs tmpfs /dev/shm
fi
if
[
-x $ROOT/usr/sbin/adduser
]
;
then
$log
$c
hroot $ROOT adduser --disabled-password --gecos
"
$
RET"
$UIDOPT
$E
NCRYPT_HOME_OPT
"
$
USER"
>/dev/null
||
true
else
$log
$c
hroot $ROOT useradd -c
"
$
RET"
-m
"
$
USER"
$UIDOPT >/dev/null
||
true
fi
# Clear the user password from the database.
db_set passwd/user-password-crypted
''
db_set passwd/user-password
''
db_set passwd/user-password-again
''
setpassword
"
$
USER"
"
$
USER_PW"
"
$
USER_PW_CRYPTED"
"
$E
NCRYPT_HOME"
if
[
-n
"
$E
NCRYPT_HOME_OPT"
]
;
then
if
$umountsys
;
then
$log
$c
hroot $ROOT umount /sys
fi
$log
$c
hroot $ROOT umount /dev/shm
fi
if
[
"
$
HOME_EXISTED"
]
;
then
# The user's home directory already existed before we called
# adduser. This often means that a mount point under
# /home/$USER was selected in (and thus created by) partman,
# and the home directory may have ended up owned by root.
$log
$c
hroot $ROOT chown
"
$
USER:
$
USER"
"/home/
$
USER"
>/dev/null
||
true
fi
if
[
-n
"
$
USER"
]
;
then
for
group in lpadmin sambashare
;
do
$log
$c
hroot $ROOT addgroup --system $group >/dev/null 2>
&
1
||
true
done
if
type
archdetect >/dev/null 2>
&
1
;
then
SUBARCH
=
"
$(
archdetect
)
"
case
$SUBARCH in
powerpc/ps3
|
powerpc/cell
)
$log
$c
hroot $ROOT addgroup --system spu >/dev/null 2>
&
1
||
true
;;
esac
fi
db_get passwd/user-default-groups
for
group in $RET
;
do
$log
$c
hroot $ROOT adduser
"
$
USER"
$group >/dev/null 2>
&
1
||
true
done
# Configure desktop auto-login if instructed by preseeding
db_get passwd/auto-login
if
[
"
$
RET"
=
true
]
;
then
db_get passwd/auto-login-backup
BACKUP
=
"
${
RET
:+.
$
RET
}
"
if
[
-d
"
$
ROOT/etc/gdm3"
]
;
then
# Configure GDM autologin
GDMCustomFile
=
$ROOT/etc/gdm3/custom.conf
if
[
-e
"
$
GDMCustomFile"
]
&&
[
"
$BAC
KUP"
]
;
then
cp
"
$
GDMCustomFile"
"
${
GDMCustomFile
}
$BAC
KUP"
fi
AutologinParameters
=
"AutomaticLoginEnable=true\n\
AutomaticLogin=
$
USER\n"
# Prevent from updating if parameters already present (persistent usb key)
if
!
`
grep -qs
"AutomaticLogin=
$
USER"
$GDMCustomFile
`
;
then
if
[
-e
"
$
GDMCustomFile"
]
;
then
sed -i
'/\(Automatic\)Login/d'
$GDMCustomFile
fi
if
!
`
grep -qs
'\[daemon\]'
$GDMCustomFile
`
;
then
echo
'[daemon]'
>> $GDMCustomFile
fi
sed -i
"s/\[daemon\]/\[daemon\]\n
$A
utologinParameters/"
$GDMCustomFile
fi
fi
if
$c
hroot $ROOT
[
-f /etc/kde4/kdm/kdmrc
]
;
then
# Configure KDM autologin
$log
$c
hroot $ROOT sed -i
$BAC
KUP -r
\
-e
"s/^#?AutoLoginEnable=.*\$/AutoLoginEnable=true/"
\
-e
"s/^#?AutoLoginUser=.*\$/AutoLoginUser=
$
USER/"
\
-e
"s/^#?AutoReLogin=.*\$/AutoReLogin=true/"
\
/etc/kde4/kdm/kdmrc
fi
if
$c
hroot $ROOT
[
-f /etc/lxdm/lxdm.conf
]
;
then
# Configure LXDM autologin with LXDE session
$log
$c
hroot $ROOT sed -i
$BAC
KUP -r
\
-e
"s/^# autologin=dgod/autologin=
$
USER/"
\
-e
"s/^# session/session/"
\
/etc/lxdm/lxdm.conf
fi
if
$c
hroot $ROOT
[
-f /etc/xdg/lubuntu/lxdm/lxdm.conf
]
;
then
# Configure LXDM autologin with Lubuntu session
$log
$c
hroot $ROOT sed -i
$BAC
KUP -r
\
-e
"s/^# autologin=dgod/autologin=
$
USER/"
\
-e
"s/^# session/session/"
\
-e
"s/startlxde/startlubuntu/"
\
/etc/xdg/lubuntu/lxdm/lxdm.conf
fi
if
$c
hroot $ROOT
[
-f /usr/bin/sddm
]
;
then
# Configure SDDM autologin with an appropiate session
$log
$c
hroot $ROOT /bin/sh -c
"cat > /etc/sddm.conf"
<< EOF
[Autologin]
User=$USER
Session=PLACEHOLDER
EOF
if
$c
hroot $ROOT
[
-f /usr/share/xsessions/plasma.desktop
]
;
then
sed -i
's/PLACEHOLDER/plasma.desktop/'
$ROOT/etc/sddm.conf
elif
$c
hroot $ROOT
[
-f /usr/share/xsessions/Lubuntu.desktop
]
;
then
sed -i
's/PLACEHOLDER/Lubuntu.desktop/'
$ROOT/etc/sddm.conf
elif
$c
hroot $ROOT
[
-f /usr/share/xsessions/lxqt.desktop
]
;
then
sed -i
's/PLACEHOLDER/lxqt.desktop/'
$ROOT/etc/sddm.conf
else
#fallback if some other DE/WM is used
SDDMSESSION
=
$(
ls /usr/share/xsessions
|
head -1
)
sed -i
"s/PLACEHOLDER/
$
SDDMSESSION/"
$ROOT/etc/sddm.conf
fi
fi
if
$c
hroot $ROOT
[
-d /etc/lightdm
]
;
then
# Configure LightDM autologin
LightDMCustomFile
=
$ROOT/etc/lightdm/lightdm.conf
AutologinParameters
=
"autologin-guest=false\n\
autologin-user=
$
USER\n\
autologin-user-timeout=0"
if
! grep -qs
'^autologin-user'
$LightDMCustomFile
;
then
if
! grep -qs
'^\[Seat:\*\]'
$LightDMCustomFile
;
then
echo
'[Seat:*]'
>> $LightDMCustomFile
fi
sed -i
"s/\[Seat:\*\]/\[Seat:\*\]\n
$A
utologinParameters/"
$LightDMCustomFile
#oem config scenario
else
sed -i
"s/^\(\(str *\)\?autologin-user\)=.*
$
/\1=
$
USER/g;"
$ROOT/etc/lightdm/lightdm.conf
fi
fi
fi
fi
db_get passwd/root-login
if
[
"
$
RET"
=
false
]
&&
[
-n
"
$
USER"
]
;
then
# Ensure sudo is installed, and set up the user to be able
# to use it.
if
[
! -e $ROOT/etc/sudoers
]
;
then
# try to work in d-i and out; it's better to
# use apt-install in d-i
apt-install sudo 2>/dev/null
||
$log
$c
hroot $ROOT apt-get -q -y install sudo
||
true
fi
if
[
-e $ROOT/etc/sudoers
]
;
then
# Test if we can add the user to the sudo group
# (possible if sudo >= 1.7.2-2 is installed on the target system)
# If we can, do it this way, otherwise add the user to sudoers
# See #597239
if
! $log
$c
hroot $ROOT adduser
"
$
USER"
sudo >/dev/null 2>
&
1
;
then
echo
"
$
USER ALL=(ALL) ALL"
>> $ROOT/etc/sudoers
fi
else
# sudo failed to install, system won't be usable
exit
1
fi
# Configure gksu to use sudo, via an alternative, if it's
# installed and the alternative is registered.
if
$c
hroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>
&
1
;
then
$log
$c
hroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
$log
$c
hroot $ROOT update-gconf-defaults
||
true
fi
# Configure aptitude to use sudo.
echo
'Aptitude::Get-Root-Command "sudo:/usr/bin/sudo";'
> $ROOT/etc/apt/apt.conf.d/00aptitude
else
# Configure gksu to use su, via an alternative, if it's
# installed and the alternative is registered.
if
$c
hroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>
&
1
;
then
$log
$c
hroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-su
$log
$c
hroot $ROOT update-gconf-defaults
||
true
fi
fi
if
[
-z
"
$
OVERRIDE_ALREADY_ENCRYPTED_SWAP"
]
&&
\
[
-n
"
$E
NCRYPT_HOME_OPT"
]
&&
[
-e $ROOT/etc/crypttab
]
;
then
# Zero out all encrypted swap partitions. It is assumed that
# passwords are not used beyond this point in the install.
# cryptswap0 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
# Ideally we would set up a new progress bar here, but we're
# inside finish-install's and cdebconf doesn't support nested
# progress bars.
db_progress INFO user-setup/progress/wipe-swap
while
read
name device
source
options
;
do
if
echo
"
$
options"
|
grep -q
"swap"
;
then
if
swapoff
$de
vice
;
then
if
[
! -b
$de
vice
]
;
then
ONE_MEG
=
$((
1024
*
1024
))
size
=
$(($(
stat -c %s
${
device
}
)
/
${
ONE_MEG
}
))
dd
if
=
/dev/zero
of
=
$de
vice
bs
=
${
ONE_MEG
}
count
=
$size 2>/dev/null
||
true
else
dd
if
=
/dev/zero
of
=
$de
vice
bs
=
16M 2>/dev/null
||
true
fi
fi
fi
done
< $ROOT/etc/crypttab
fi
else
# Just in case, clear any preseeded user password from the database
# anyway.
db_set passwd/user-password-crypted
''
db_set passwd/user-password
''
db_set passwd/user-password-again
''
fi
exit
0
davidedmundson
edited the content of this paste.
(Show Details)
May 25 2018, 1:55 PM
davidedmundson
changed the title of this paste from untitled to
Masterwork From Distant Lands
.
davidedmundson
updated the paste's language from
autodetect
to
autodetect
.
Log In to Comment