[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, squeeze, updated. 0.6-33-gc1f3f34

Andreas B. Mundt andi at debian.org
Mon Oct 29 12:16:28 UTC 2012


The following commit has been merged in the squeeze branch:
commit f76da0d87cb7823d5db8cf68487eebd2677a9237
Author: Andreas B. Mundt <andi at debian.org>
Date:   Sun Oct 28 16:51:56 2012 +0100

    Prompt for the root password if it is empty (default).
    
    This is especially useful when distributing CD images for the
    mainserver.  The root password for clients still has to be modified
    manually in the faiserver's config space.
    
    Do not use $ROOTPW when it is empty.  So there is no need to expose
    the password hash by keeping it in the config space for softupdates.

diff --git a/fai/config/class/SERVER_A.var b/fai/config/class/SERVER_A.var
index 21714df..9208b73 100644
--- a/fai/config/class/SERVER_A.var
+++ b/fai/config/class/SERVER_A.var
@@ -16,7 +16,9 @@ USERNAME=""
 
 # Use: 'mkpasswd -Hsha-256 <PASSWORD>' to create the password hash
 # pw is "fai":
-ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+#ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+# If $ROOTPW is empty, you will be prompted during installation:
+ROOTPW=''
 
 ## All sensible data will end up here (see below):
 DATADIR=/root/installation/
diff --git a/fai/config/files/etc/fai/NFSROOT/FAISERVER b/fai/config/files/etc/fai/NFSROOT/FAISERVER
index 6be52eb..71685d9 100644
--- a/fai/config/files/etc/fai/NFSROOT/FAISERVER
+++ b/fai/config/files/etc/fai/NFSROOT/FAISERVER
@@ -12,6 +12,9 @@ iproute udev subversion liblinux-lvm-perl
 # needed for the simple examples
 cfengine2 libapt-pkg-perl
 
+# we need mkpasswd:
+whois
+
 # you should not edit the lines below
 # architecture dependend list of packages that are installed
 
diff --git a/fai/config/hooks/install.DEFAULT.source b/fai/config/hooks/install.DEFAULT.source
new file mode 100755
index 0000000..8352430
--- /dev/null
+++ b/fai/config/hooks/install.DEFAULT.source
@@ -0,0 +1,27 @@
+#! /bin/bash
+#
+#  Prompt for the root password if $ROOTPW is empty.
+#
+
+if [ -n "$ROOTPW" ] ; then
+    echo "Root password is set."
+else
+    cat <<EOF
+================================================================================
+
+There is no root password available.
+
+EOF
+    while [ -z "$ROOTPW" ] ; do
+        read -serp "   Please enter your root password: " inp1
+        echo
+        read -serp "   Please enter your root password again: " inp2
+        echo
+        if [ "$inp1" == "$inp2" ] ; then
+            ROOTPW=`mkpasswd -Hsha-256 "$inp1"`
+            echo "Password for root set."
+        else
+            echo -e "\nPasswords do not match, please try again.\n"
+        fi
+    done
+fi
diff --git a/fai/config/scripts/DEMO/10-misc b/fai/config/scripts/DEMO/10-misc
index ac9fb19..e47aca8 100755
--- a/fai/config/scripts/DEMO/10-misc
+++ b/fai/config/scripts/DEMO/10-misc
@@ -10,7 +10,7 @@ ifclass XORG && {
 }
 
 # add a demo user account
-if ! $ROOTCMD getent passwd demo ; then
+if [ -n "$ROOTPW" ] && ! $ROOTCMD getent passwd demo ; then
     $ROOTCMD adduser --disabled-login --gecos "fai demo user" demo
 #    echo "demo:$ROOTPW" | $ROOTCMD chpasswd --encrypted
     $ROOTCMD usermod -p "$ROOTPW" demo
diff --git a/fai/config/scripts/FAIBASE/10-misc b/fai/config/scripts/FAIBASE/10-misc
index 6434512..7c2031f 100755
--- a/fai/config/scripts/FAIBASE/10-misc
+++ b/fai/config/scripts/FAIBASE/10-misc
@@ -22,7 +22,9 @@ fcopy -iM /etc/hosts /etc/motd
 
 # set root password
 #echo "root:$ROOTPW" | $ROOTCMD chpasswd --encrypted
-$ROOTCMD usermod -p "$ROOTPW" root
+if [ -n "$ROOTPW" ] ; then
+    $ROOTCMD usermod -p "$ROOTPW" root
+fi
 # make /root accessible only by root
 chmod 0700 $target/root
 chown root:root $target/root
diff --git a/fai/config/scripts/SERVER_A/10-misc b/fai/config/scripts/SERVER_A/10-misc
index 77f5251..d82019e 100755
--- a/fai/config/scripts/SERVER_A/10-misc
+++ b/fai/config/scripts/SERVER_A/10-misc
@@ -5,7 +5,7 @@ set -e
 ## Add a local user account.
 ## You need to define USERNAME in class/SERVER_A.var to enable:
 
-if [ ! -z $USERNAME ] && ! $ROOTCMD getent passwd $USERNAME ; then
+if [ -n "$ROOTPW" ] && [ ! -z $USERNAME ] && ! $ROOTCMD getent passwd $USERNAME ; then
     $ROOTCMD adduser --disabled-login \
 	--gecos "local system administrator" $USERNAME
     $ROOTCMD usermod --password "$ROOTPW" $USERNAME

-- 
Debian-LAN development and packaging



More information about the debian-lan-devel mailing list