[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. 0.6-52-g84c6598
Andreas B. Mundt
andi at debian.org
Mon Oct 29 12:16:26 UTC 2012
The following commit has been merged in the master branch:
commit 1a28dbbb03de5cef1c646dbe03cb54fbe4b0ceb6
Author: Andreas B. Mundt <andi at debian.org>
Date: Sun Oct 28 17:08:24 2012 +0100
Prompt for the root password if it is empty (default).
This is especially useful when distributing CD images for the
mainserver. The root password for clients still has to be modified
manually in the faiserver's config space.
Do not use $ROOTPW when it is empty. So there is no need to expose
the password hash by keeping it in the config space for softupdates.
diff --git a/fai/config/class/SERVER_A.var b/fai/config/class/SERVER_A.var
index 34bbbd5..2354eb4 100644
--- a/fai/config/class/SERVER_A.var
+++ b/fai/config/class/SERVER_A.var
@@ -16,7 +16,9 @@ USERNAME=""
# Use: 'mkpasswd -Hsha-256 <PASSWORD>' to create the password hash
# pw is "fai":
-ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+#ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+# If $ROOTPW is empty, you will be prompted during installation:
+ROOTPW=''
## All sensible data will end up here (see below):
DATADIR=/root/installation/
diff --git a/fai/config/files/etc/fai/NFSROOT/FAISERVER b/fai/config/files/etc/fai/NFSROOT/FAISERVER
index a2daf0f..5a66462 100644
--- a/fai/config/files/etc/fai/NFSROOT/FAISERVER
+++ b/fai/config/files/etc/fai/NFSROOT/FAISERVER
@@ -13,6 +13,8 @@ cupt
grub-pc
cfengine2
+# we need mkpasswd:
+whois
# some network cards needs firmware
firmware-bnx2 firmware-bnx2x firmware-realtek
diff --git a/fai/config/hooks/install.DEFAULT.source b/fai/config/hooks/install.DEFAULT.source
new file mode 100755
index 0000000..8352430
--- /dev/null
+++ b/fai/config/hooks/install.DEFAULT.source
@@ -0,0 +1,27 @@
+#! /bin/bash
+#
+# Prompt for the root password if $ROOTPW is empty.
+#
+
+if [ -n "$ROOTPW" ] ; then
+ echo "Root password is set."
+else
+ cat <<EOF
+================================================================================
+
+There is no root password available.
+
+EOF
+ while [ -z "$ROOTPW" ] ; do
+ read -serp " Please enter your root password: " inp1
+ echo
+ read -serp " Please enter your root password again: " inp2
+ echo
+ if [ "$inp1" == "$inp2" ] ; then
+ ROOTPW=`mkpasswd -Hsha-256 "$inp1"`
+ echo "Password for root set."
+ else
+ echo -e "\nPasswords do not match, please try again.\n"
+ fi
+ done
+fi
diff --git a/fai/config/scripts/DEBIAN/10-rootpw b/fai/config/scripts/DEBIAN/10-rootpw
index 730a3b1..184fe79 100755
--- a/fai/config/scripts/DEBIAN/10-rootpw
+++ b/fai/config/scripts/DEBIAN/10-rootpw
@@ -3,7 +3,9 @@
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
# set root password
-$ROOTCMD usermod -p $ROOTPW root
-exit $error
+if [ -n "$ROOTPW" ] ; then
+ $ROOTCMD usermod -p "$ROOTPW" root
+fi
+exit $error
diff --git a/fai/config/scripts/DEMO/10-misc b/fai/config/scripts/DEMO/10-misc
index 46cfa9f..1f4f7a8 100755
--- a/fai/config/scripts/DEMO/10-misc
+++ b/fai/config/scripts/DEMO/10-misc
@@ -7,7 +7,7 @@ ifclass XORG && {
}
# add a demo user account
-if ! $ROOTCMD getent passwd demo ; then
+if [ -n "$ROOTPW" ] && ! $ROOTCMD getent passwd demo ; then
$ROOTCMD adduser --disabled-login --gecos "fai demo user" demo
$ROOTCMD usermod -p "$ROOTPW" demo
fi
diff --git a/fai/config/scripts/SERVER_A/10-misc b/fai/config/scripts/SERVER_A/10-misc
index b67d3b7..b9d2fdf 100755
--- a/fai/config/scripts/SERVER_A/10-misc
+++ b/fai/config/scripts/SERVER_A/10-misc
@@ -5,7 +5,7 @@ set -e
## Add a local user account.
## You need to define USERNAME in class/SERVER_A.var to enable:
-if [ ! -z $USERNAME ] && ! $ROOTCMD getent passwd $USERNAME ; then
+if [ -n "$ROOTPW" ] && [ ! -z $USERNAME ] && ! $ROOTCMD getent passwd $USERNAME ; then
$ROOTCMD adduser --disabled-login \
--gecos "local system administrator" $USERNAME
$ROOTCMD usermod --password "$ROOTPW" $USERNAME
--
Debian-LAN development and packaging
More information about the debian-lan-devel
mailing list