core: 支持修改密码
This commit is contained in:
parent
0a6b5ba41c
commit
34d6c0a2c1
4
.github/workflows/run_reinstall.yml
vendored
4
.github/workflows/run_reinstall.yml
vendored
@ -13,9 +13,9 @@ jobs:
|
|||||||
os: [ubuntu-latest, windows-latest]
|
os: [ubuntu-latest, windows-latest]
|
||||||
include:
|
include:
|
||||||
- os: ubuntu-latest
|
- os: ubuntu-latest
|
||||||
command: sudo bash reinstall.sh --debug
|
command: sudo bash reinstall.sh --debug --password 123@@@
|
||||||
- os: windows-latest
|
- os: windows-latest
|
||||||
command: ./reinstall.bat --debug
|
command: ./reinstall.bat --debug --password 123@@@
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- run: |
|
- run: |
|
||||||
|
40
README.en.md
40
README.en.md
@ -125,11 +125,12 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
|
|||||||
- Does not include a boot partition (except for Fedora), nor a swap partition, maximizing disk space utilization.
|
- Does not include a boot partition (except for Fedora), nor a swap partition, maximizing disk space utilization.
|
||||||
- On virtual machines, the appropriate official slimmed-down kernel will be automatically installed.
|
- On virtual machines, the appropriate official slimmed-down kernel will be automatically installed.
|
||||||
- To install Red Hat, you need to provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>.
|
- To install Red Hat, you need to provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>.
|
||||||
- Username `root`, password `123@@@`. It may take a few minutes for the password to take effect on the first boot.
|
- Username `root`, Default password `123@@@`. It may take a few minutes for the password to take effect on the first boot.
|
||||||
- After reinstalling, if you need to change SSH port or switch to key-based login, be sure to modify the files inside `/etc/ssh/sshd_config.d/`.
|
- After reinstalling, if you need to change SSH port or switch to key-based login, be sure to modify the files inside `/etc/ssh/sshd_config.d/`.
|
||||||
- Optional parameters:
|
- Optional parameters:
|
||||||
- `--ssh-port PORT` to change the SSH port
|
- `--password PASSWORD` Set password
|
||||||
- `--hold 2` to prevent entering the system after installation. You can connect via SSH to modify system content, with the system mounted at `/os` (this feature is not supported on Debian/Kali).
|
- `--ssh-port PORT` Change SSH port
|
||||||
|
- `--hold 2` Prevent entering the system after installation. You can connect via SSH to modify system content, with the system mounted at `/os` (this feature is not supported on Debian/Kali).
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh centos 9
|
bash reinstall.sh centos 9
|
||||||
@ -161,21 +162,27 @@ bash reinstall.sh centos 9
|
|||||||
|
|
||||||
<summary>Experimental Features</summary>
|
<summary>Experimental Features</summary>
|
||||||
|
|
||||||
The following features are experimental and may not support modifying the SSH port or other options.
|
|
||||||
|
|
||||||
Install Debian using a cloud image, suitable for machines with slower CPUs
|
Install Debian using a cloud image, suitable for machines with slower CPUs
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh debian --ci
|
bash reinstall.sh debian --ci
|
||||||
```
|
```
|
||||||
|
|
||||||
Install CentOS, Alma, Rocky, Fedora using ISO, only supports machines with more than 2G of memory and dynamic IP
|
Install CentOS, Alma, Rocky, Fedora using ISO, only supports machines with more than 2G of memory and dynamic IP.
|
||||||
|
|
||||||
|
Password `123@@@`, SSH Port `22`
|
||||||
|
|
||||||
|
Password and SSH port options are not supported.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh centos --installer
|
bash reinstall.sh centos --installer
|
||||||
```
|
```
|
||||||
|
|
||||||
Install Ubuntu using ISO, only supports machines with more than 1G of memory and dynamic IP
|
Install Ubuntu using ISO, only supports machines with more than 1G of memory and dynamic IP.
|
||||||
|
|
||||||
|
Password `123@@@`, SSH Port `22`
|
||||||
|
|
||||||
|
Password and SSH port options are not supported.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh ubuntu --installer
|
bash reinstall.sh ubuntu --installer
|
||||||
@ -189,9 +196,9 @@ bash reinstall.sh ubuntu --installer
|
|||||||
- When deploy a Windows image, the system disk will be expanded, and machines with static IPs will have their IPs configured. However, it may take a few minutes after the first boot for the configuration to take effect.
|
- When deploy a Windows image, the system disk will be expanded, and machines with static IPs will have their IPs configured. However, it may take a few minutes after the first boot for the configuration to take effect.
|
||||||
- When deploy a Linux image, the script will not modify any contents of the image.
|
- When deploy a Linux image, the script will not modify any contents of the image.
|
||||||
- Optional parameters:
|
- Optional parameters:
|
||||||
- `--rdp-port PORT` to change the RDP port (Windows only).
|
- `--rdp-port PORT` Change RDP port (Windows only).
|
||||||
- `--allow-ping` to allow ping responses (Windows only).
|
- `--allow-ping` Allow ping responses (Windows only).
|
||||||
- `--hold 2` to prevent entering the system after DD completion. You can connect via SSH to modify system content, with the system mounted at `/os`.
|
- `--hold 2` Prevent entering the system after DD completion. You can connect via SSH to modify system content, with the system mounted at `/os`.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh dd --img https://example.com/xxx.xz
|
bash reinstall.sh dd --img https://example.com/xxx.xz
|
||||||
@ -204,8 +211,10 @@ bash reinstall.sh dd --img https://example.com/xxx.xz
|
|||||||
### Feature 3: Reboot to <img width="16" height="16" src="https://www.alpinelinux.org/alpine-logo.ico" /> Alpine Rescue System (Live OS)
|
### Feature 3: Reboot to <img width="16" height="16" src="https://www.alpinelinux.org/alpine-logo.ico" /> Alpine Rescue System (Live OS)
|
||||||
|
|
||||||
- You can use SSH to manually perform DD operations, modify partitions, and manually install Alpine, Arch, Gentoo, and other systems.
|
- You can use SSH to manually perform DD operations, modify partitions, and manually install Alpine, Arch, Gentoo, and other systems.
|
||||||
- Username `root`, password `123@@@`
|
- Username `root`, Default password `123@@@`
|
||||||
- If the disk content is not modified, rebooting again will return to the original system.
|
- If the disk content is not modified, rebooting again will return to the original system.
|
||||||
|
- Optional parameters:
|
||||||
|
- `--password PASSWORD` Set password
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh alpine --hold=1
|
bash reinstall.sh alpine --hold=1
|
||||||
@ -224,13 +233,14 @@ bash reinstall.sh netboot.xyz
|
|||||||
|
|
||||||
### Feature 5: Install <img width="16" height="16" src="https://blogs.windows.com/wp-content/uploads/prod/2022/09/cropped-Windows11IconTransparent512-32x32.png" /> Windows ISO
|
### Feature 5: Install <img width="16" height="16" src="https://blogs.windows.com/wp-content/uploads/prod/2022/09/cropped-Windows11IconTransparent512-32x32.png" /> Windows ISO
|
||||||
|
|
||||||
- Username `administrator`, password `123@@@`
|
- Username `administrator`, Default password `123@@@`
|
||||||
- If remote login fails, try using the username `.\administrator`.
|
- If remote login fails, try using the username `.\administrator`.
|
||||||
- The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot.
|
- The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot.
|
||||||
- Optional parameters:
|
- Optional parameters:
|
||||||
- `--rdp-port PORT` to change the RDP port
|
- `--password PASSWORD` Set Password
|
||||||
- `--allow-ping` to allow ping responses
|
- `--rdp-port PORT` Change RDP port
|
||||||
- `--hold 2` to allow SSH connections for modifying the hard disk content before rebooting into the official Windows installation program, with the hard disk mounted at `/os`.
|
- `--allow-ping` Allow ping responses
|
||||||
|
- `--hold 2` Allow SSH connections for modifying the hard disk content before rebooting into the official Windows installation program, with the hard disk mounted at `/os`.
|
||||||
|
|
||||||
![Windows Installation](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
|
![Windows Installation](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
|
||||||
|
|
||||||
|
20
README.md
20
README.md
@ -125,9 +125,10 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
|
|||||||
- 不含 boot 分区(Fedora 例外),不含 swap 分区,最大化利用磁盘空间
|
- 不含 boot 分区(Fedora 例外),不含 swap 分区,最大化利用磁盘空间
|
||||||
- 在虚拟机上,会自动安装合适的官方精简内核
|
- 在虚拟机上,会自动安装合适的官方精简内核
|
||||||
- 安装 Red Hat 需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接
|
- 安装 Red Hat 需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接
|
||||||
- 用户名 `root` 密码 `123@@@`,可能首次开机几分钟后密码才生效
|
- 用户名 `root` 默认密码 `123@@@`,密码可能首次开机几分钟后才生效
|
||||||
- 重装后如需修改 SSH 端口 / 改成密钥登录,还要注意修改 `/etc/ssh/sshd_config.d/` 里面的文件
|
- 重装后如需修改 SSH 端口 / 改成密钥登录,还要注意修改 `/etc/ssh/sshd_config.d/` 里面的文件
|
||||||
- 可选参数
|
- 可选参数
|
||||||
|
- `--password PASSWORD` 设置密码
|
||||||
- `--ssh-port PORT` 修改 SSH 端口
|
- `--ssh-port PORT` 修改 SSH 端口
|
||||||
- `--hold 2` 安装结束后不进入系统。可连接 SSH 修改系统内容,系统挂载在 `/os` (此功能不支持 Debian / Kali)
|
- `--hold 2` 安装结束后不进入系统。可连接 SSH 修改系统内容,系统挂载在 `/os` (此功能不支持 Debian / Kali)
|
||||||
|
|
||||||
@ -161,8 +162,6 @@ bash reinstall.sh centos 9
|
|||||||
|
|
||||||
<summary>实验性功能</summary>
|
<summary>实验性功能</summary>
|
||||||
|
|
||||||
以下功能为实验性质,可能不支持修改 ssh 端口等其它选项
|
|
||||||
|
|
||||||
用云镜像安装 Debian,适合于 CPU 较慢的机器
|
用云镜像安装 Debian,适合于 CPU 较慢的机器
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -171,12 +170,20 @@ bash reinstall.sh debian --ci
|
|||||||
|
|
||||||
用 ISO 安装 CentOS, Alma, Rocky, Fedora ,仅支持内存大于 2G 且为动态 IP 的机器
|
用 ISO 安装 CentOS, Alma, Rocky, Fedora ,仅支持内存大于 2G 且为动态 IP 的机器
|
||||||
|
|
||||||
|
密码 `123@@@`,SSH 端口 `22`
|
||||||
|
|
||||||
|
不支持设置密码、SSH 端口等选项
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh centos --installer
|
bash reinstall.sh centos --installer
|
||||||
```
|
```
|
||||||
|
|
||||||
用 ISO 安装 Ubuntu ,仅支持内存大于 1G 且为动态 IP 的机器
|
用 ISO 安装 Ubuntu ,仅支持内存大于 1G 且为动态 IP 的机器
|
||||||
|
|
||||||
|
密码 `123@@@`,SSH 端口 `22`
|
||||||
|
|
||||||
|
不支持设置密码、SSH 端口等选项
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh ubuntu --installer
|
bash reinstall.sh ubuntu --installer
|
||||||
```
|
```
|
||||||
@ -204,8 +211,10 @@ bash reinstall.sh dd --img https://example.com/xxx.xz
|
|||||||
### 功能 3: 重启到 <img width="16" height="16" src="https://www.alpinelinux.org/alpine-logo.ico" /> Alpine 救援系统 (Live OS)
|
### 功能 3: 重启到 <img width="16" height="16" src="https://www.alpinelinux.org/alpine-logo.ico" /> Alpine 救援系统 (Live OS)
|
||||||
|
|
||||||
- 可用 ssh 连接,进行手动 DD、修改分区、手动安装 Alpine / Arch / Gentoo 等操作
|
- 可用 ssh 连接,进行手动 DD、修改分区、手动安装 Alpine / Arch / Gentoo 等操作
|
||||||
- 用户名 `root` 密码 `123@@@`
|
- 用户名 `root` 默认密码 `123@@@`
|
||||||
- 如果没有修改硬盘内容,再次重启将回到原系统
|
- 如果没有修改硬盘内容,再次重启将回到原系统
|
||||||
|
- 可选参数
|
||||||
|
- `--password PASSWORD` 设置密码
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash reinstall.sh alpine --hold=1
|
bash reinstall.sh alpine --hold=1
|
||||||
@ -224,10 +233,11 @@ bash reinstall.sh netboot.xyz
|
|||||||
|
|
||||||
### 功能 5: 安装 <img width="16" height="16" src="https://blogs.windows.com/wp-content/uploads/prod/2022/09/cropped-Windows11IconTransparent512-32x32.png" /> Windows ISO
|
### 功能 5: 安装 <img width="16" height="16" src="https://blogs.windows.com/wp-content/uploads/prod/2022/09/cropped-Windows11IconTransparent512-32x32.png" /> Windows ISO
|
||||||
|
|
||||||
- 用户名 `administrator` 密码 `123@@@`
|
- 用户名 `administrator` 默认密码 `123@@@`
|
||||||
- 如果远程登录失败,尝试使用用户名 `.\administrator`
|
- 如果远程登录失败,尝试使用用户名 `.\administrator`
|
||||||
- 静态机器会自动配置好 IP,可能首次开机几分钟后才生效
|
- 静态机器会自动配置好 IP,可能首次开机几分钟后才生效
|
||||||
- 可选参数
|
- 可选参数
|
||||||
|
- `--password PASSWORD` 设置密码
|
||||||
- `--rdp-port PORT` 更改 RDP 端口
|
- `--rdp-port PORT` 更改 RDP 端口
|
||||||
- `--allow-ping` 允许被 Ping
|
- `--allow-ping` 允许被 Ping
|
||||||
- `--hold 2` 在重启进入 Windows 官方安装程序前,可连接 SSH 修改硬盘内容,硬盘挂载在 `/os`
|
- `--hold 2` 在重启进入 Windows 官方安装程序前,可连接 SSH 修改硬盘内容,硬盘挂载在 `/os`
|
||||||
|
@ -8,13 +8,13 @@ users:
|
|||||||
lock_passwd: false
|
lock_passwd: false
|
||||||
chpasswd:
|
chpasswd:
|
||||||
expire: false
|
expire: false
|
||||||
# 20.04 arm 需要
|
# <= cloud-init 22.2.x 需要
|
||||||
list: |
|
list: |
|
||||||
root:@PASSWORD@
|
root:@PASSWORD@
|
||||||
users:
|
users:
|
||||||
- name: root
|
- name: root
|
||||||
password: "@PASSWORD@"
|
password: "@PASSWORD@"
|
||||||
type: text
|
type: hash
|
||||||
runcmd:
|
runcmd:
|
||||||
# opensuse tumbleweed 镜像有 /etc/ssh/sshd_config.d/ 文件夹,没有 /etc/ssh/sshd_config,有/usr/etc/ssh/sshd_config
|
# opensuse tumbleweed 镜像有 /etc/ssh/sshd_config.d/ 文件夹,没有 /etc/ssh/sshd_config,有/usr/etc/ssh/sshd_config
|
||||||
# opensuse tumbleweed cloud-init 直接创建并写入 /etc/ssh/sshd_config,造成默认配置丢失
|
# opensuse tumbleweed cloud-init 直接创建并写入 /etc/ssh/sshd_config,造成默认配置丢失
|
||||||
@ -28,6 +28,7 @@ runcmd:
|
|||||||
# daemon-reload 会刷新 /run/systemd/generator/ssh.socket.d/addresses.conf
|
# daemon-reload 会刷新 /run/systemd/generator/ssh.socket.d/addresses.conf
|
||||||
- systemctl daemon-reload
|
- systemctl daemon-reload
|
||||||
- for s in ssh.socket ssh.service sshd.socket sshd.service; do systemctl is-enabled $s && systemctl restart $s && break; done
|
- for s in ssh.socket ssh.service sshd.socket sshd.service; do systemctl is-enabled $s && systemctl restart $s && break; done
|
||||||
|
# 删除有密码的行
|
||||||
- sed -i -e '/^[[:space:]]*password:/d' -e '/[[:space:]]*root:/d' /etc/cloud/cloud.cfg.d/99_fallback.cfg
|
- sed -i -e '/^[[:space:]]*password:/d' -e '/[[:space:]]*root:/d' /etc/cloud/cloud.cfg.d/99_fallback.cfg
|
||||||
- touch /etc/cloud/cloud-init.disabled
|
- touch /etc/cloud/cloud-init.disabled
|
||||||
# ubuntu 镜像运行 echo -e '\nDone' ,-e 会被显示出来
|
# ubuntu 镜像运行 echo -e '\nDone' ,-e 会被显示出来
|
||||||
|
@ -25,8 +25,9 @@ d-i mirror/country string manual
|
|||||||
|
|
||||||
# B.4.5. 帐号设置
|
# B.4.5. 帐号设置
|
||||||
d-i passwd/make-user boolean false
|
d-i passwd/make-user boolean false
|
||||||
d-i passwd/root-password password 123@@@
|
# 单纯为了跳过设置,实际上是在 partman/early_command 里设置密码,preseed/early_command 无法设置密码
|
||||||
d-i passwd/root-password-again password 123@@@
|
d-i passwd/root-password password ''
|
||||||
|
d-i passwd/root-password-again password ''
|
||||||
# kali 需要下面这行,否则会提示输入用户名
|
# kali 需要下面这行,否则会提示输入用户名
|
||||||
d-i passwd/root-login boolean true
|
d-i passwd/root-login boolean true
|
||||||
|
|
||||||
@ -155,6 +156,8 @@ d-i partman/early_command string true; \
|
|||||||
[ -d /sys/firmware/efi ] && debconf-set partman-auto/expert_recipe "$(debconf-get partman-auto/expert_recipe_efi)"; \
|
[ -d /sys/firmware/efi ] && debconf-set partman-auto/expert_recipe "$(debconf-get partman-auto/expert_recipe_efi)"; \
|
||||||
[ -d /sys/firmware/efi ] || debconf-set partman-auto/expert_recipe "$(debconf-get partman-auto/expert_recipe_bios)"; \
|
[ -d /sys/firmware/efi ] || debconf-set partman-auto/expert_recipe "$(debconf-get partman-auto/expert_recipe_bios)"; \
|
||||||
|
|
||||||
|
debconf-set passwd/root-password-crypted "$(cat /configs/password-linux-sha512)"; \
|
||||||
|
|
||||||
true >/bin/os-prober
|
true >/bin/os-prober
|
||||||
|
|
||||||
# kali ssh 默认关闭
|
# kali ssh 默认关闭
|
||||||
|
@ -41,6 +41,7 @@ rem 检查是否国内
|
|||||||
if not exist %tmp%\geoip (
|
if not exist %tmp%\geoip (
|
||||||
rem 部分地区 www.cloudflare.com 被墙
|
rem 部分地区 www.cloudflare.com 被墙
|
||||||
call :download http://dash.cloudflare.com/cdn-cgi/trace %tmp%\geoip
|
call :download http://dash.cloudflare.com/cdn-cgi/trace %tmp%\geoip
|
||||||
|
if errorlevel 1 goto :download_failed
|
||||||
)
|
)
|
||||||
findstr /c:"loc=CN" %tmp%\geoip >nul
|
findstr /c:"loc=CN" %tmp%\geoip >nul
|
||||||
if not errorlevel 1 (
|
if not errorlevel 1 (
|
||||||
@ -61,9 +62,9 @@ if not errorlevel 1 (
|
|||||||
)
|
)
|
||||||
|
|
||||||
rem pkgs 改动了才重新运行 Cygwin 安装程序
|
rem pkgs 改动了才重新运行 Cygwin 安装程序
|
||||||
set pkgs="curl,cpio,p7zip,bind-utils,ipcalc,dos2unix,binutils,jq"
|
set pkgs=curl,cpio,p7zip,bind-utils,ipcalc,dos2unix,binutils,jq,xz,gzip,zstd,openssl,libiconv
|
||||||
set tags=%tmp%\cygwin-installed-!pkgs!
|
set tags=%tmp%\cygwin-installed-%pkgs%
|
||||||
if not exist !tags! (
|
if not exist "%tags%" (
|
||||||
rem win10 arm 支持运行 x86 软件
|
rem win10 arm 支持运行 x86 软件
|
||||||
rem win11 arm 支持运行 x86 和 x86_64 软件
|
rem win11 arm 支持运行 x86 和 x86_64 软件
|
||||||
rem wmic os get osarchitecture 显示中文
|
rem wmic os get osarchitecture 显示中文
|
||||||
@ -102,6 +103,7 @@ if not exist !tags! (
|
|||||||
|
|
||||||
rem 下载 Cygwin
|
rem 下载 Cygwin
|
||||||
call :download http://www.cygwin.com/setup-!CygwinArch!.exe %tmp%\setup-cygwin.exe
|
call :download http://www.cygwin.com/setup-!CygwinArch!.exe %tmp%\setup-cygwin.exe
|
||||||
|
if errorlevel 1 goto :download_failed
|
||||||
|
|
||||||
rem 安装 Cygwin
|
rem 安装 Cygwin
|
||||||
set site=!mirror!!dir!
|
set site=!mirror!!dir!
|
||||||
@ -111,13 +113,14 @@ if not exist !tags! (
|
|||||||
--site !site! ^
|
--site !site! ^
|
||||||
--root %SystemDrive%\cygwin ^
|
--root %SystemDrive%\cygwin ^
|
||||||
--local-package-dir %tmp%\cygwin-local-package-dir ^
|
--local-package-dir %tmp%\cygwin-local-package-dir ^
|
||||||
--packages !pkgs! ^
|
--packages %pkgs% ^
|
||||||
&& type nul >!tags!
|
&& type nul >"%tags%"
|
||||||
)
|
)
|
||||||
|
|
||||||
rem 下载 reinstall.sh
|
rem 下载 reinstall.sh
|
||||||
if not exist reinstall.sh (
|
if not exist reinstall.sh (
|
||||||
call :download %confhome%/reinstall.sh %~dp0reinstall.sh
|
call :download %confhome%/reinstall.sh %~dp0reinstall.sh
|
||||||
|
if errorlevel 1 goto :download_failed
|
||||||
)
|
)
|
||||||
|
|
||||||
rem 为每个参数添加引号,使参数正确传递到 bash
|
rem 为每个参数添加引号,使参数正确传递到 bash
|
||||||
@ -147,8 +150,13 @@ rem https://learn.microsoft.com/en-us/windows/win32/bits/http-requirements-for-b
|
|||||||
rem certutil 会被 windows Defender 报毒
|
rem certutil 会被 windows Defender 报毒
|
||||||
rem windows server 2019 要用第二条 certutil 命令
|
rem windows server 2019 要用第二条 certutil 命令
|
||||||
echo Download: %~1 %~2
|
echo Download: %~1 %~2
|
||||||
certutil -urlcache -f -split %~1 %~2
|
del /q "%~2" 2>nul
|
||||||
if not exist %~2 (
|
if exist "%~2" (echo Cannot delete %~2 & exit /b 1)
|
||||||
certutil -urlcache -split %~1 %~2
|
if not exist "%~2" certutil -urlcache -f -split "%~1" "%~2" >nul
|
||||||
)
|
if not exist "%~2" certutil -urlcache -split "%~1" "%~2" >nul
|
||||||
|
if not exist "%~2" exit /b 1
|
||||||
exit /b
|
exit /b
|
||||||
|
|
||||||
|
:download_failed
|
||||||
|
echo Download failed.
|
||||||
|
exit /b 1
|
||||||
|
150
reinstall.sh
150
reinstall.sh
@ -8,7 +8,8 @@ confhome_cn=https://jihulab.com/bin456789/reinstall/-/raw/main
|
|||||||
# confhome_cn=https://mirror.ghproxy.com/https://raw.githubusercontent.com/bin456789/reinstall/main
|
# confhome_cn=https://mirror.ghproxy.com/https://raw.githubusercontent.com/bin456789/reinstall/main
|
||||||
|
|
||||||
# 用于判断 reinstall.sh 和 trans.sh 是否兼容
|
# 用于判断 reinstall.sh 和 trans.sh 是否兼容
|
||||||
SCRIPT_VERSION=4BACD833-A585-23BA-6CBB-9AA4E08E0001
|
SCRIPT_VERSION=4BACD833-A585-23BA-6CBB-9AA4E08E0002
|
||||||
|
DEFAULT_PASSWORD=123@@@
|
||||||
|
|
||||||
# https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html
|
# https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html
|
||||||
export LC_ALL=C
|
export LC_ALL=C
|
||||||
@ -1562,6 +1563,12 @@ install_pkg() {
|
|||||||
yum | dnf | zypper) pkg="bind-utils" ;;
|
yum | dnf | zypper) pkg="bind-utils" ;;
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
|
iconv)
|
||||||
|
case "$pkg_mgr" in
|
||||||
|
apk) pkg="musl-utils" ;;
|
||||||
|
*) error_and_exit "Which GNU/Linux do not have iconv built-in?" ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
*) pkg=$cmd ;;
|
*) pkg=$cmd ;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
@ -1814,6 +1821,92 @@ del_empty_lines() {
|
|||||||
sed '/^[[:space:]]*$/d'
|
sed '/^[[:space:]]*$/d'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
prompt_password() {
|
||||||
|
while true; do
|
||||||
|
IFS= read -r -p "Password [$DEFAULT_PASSWORD]: " password
|
||||||
|
IFS= read -r -p "Retype password [$DEFAULT_PASSWORD]: " password_confirm
|
||||||
|
password=${password:-$DEFAULT_PASSWORD}
|
||||||
|
password_confirm=${password_confirm:-$DEFAULT_PASSWORD}
|
||||||
|
if [ -z "$password" ]; then
|
||||||
|
error "Passwords is empty. Try again."
|
||||||
|
elif [ "$password" != "$password_confirm" ]; then
|
||||||
|
error "Passwords don't match. Try again."
|
||||||
|
else
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
save_password() {
|
||||||
|
dir=$1
|
||||||
|
|
||||||
|
# mkpasswd 有三个
|
||||||
|
# expect 里的 mkpasswd 是用来生成随机密码的
|
||||||
|
# whois 里的 mkpasswd 才是我们想要的,可能不支持 yescrypt,alpine 的 mkpasswd 是独立的包
|
||||||
|
# busybox 里的 mkpasswd 也是我们想要的,但多数不支持 yescrypt
|
||||||
|
|
||||||
|
# alpine 这两个包有冲突
|
||||||
|
# apk add expect mkpasswd
|
||||||
|
|
||||||
|
# 明文密码
|
||||||
|
# 假如用户运行 alpine live 直接打包硬盘镜像,则会暴露明文密码,因为 netboot initrd 在里面
|
||||||
|
# 通过 --password 传入密码,history 有记录,也会暴露明文密码
|
||||||
|
# /reinstall.log 也会暴露明文密码
|
||||||
|
if false; then
|
||||||
|
echo "$password" >>"$dir/password-plaintext"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# sha512
|
||||||
|
# 以下系统均支持 sha512 密码,但是生成密码需要不同的工具
|
||||||
|
# 兼容性 openssl mkpasswd busybox python
|
||||||
|
# centos 7 × 只有expect的 需要编译 √
|
||||||
|
# centos 8 √ 只有expect的
|
||||||
|
# debian 9 × √
|
||||||
|
# ubuntu 16 × √
|
||||||
|
# alpine √ 可能系统装了expect √
|
||||||
|
# cygwin √
|
||||||
|
# others √
|
||||||
|
|
||||||
|
# alpine
|
||||||
|
if is_have_cmd busybox && busybox mkpasswd --help 2>&1 | grep -wq sha512; then
|
||||||
|
crypted=$(printf '%s' "$password" | busybox mkpasswd -m sha512)
|
||||||
|
# centos 7
|
||||||
|
elif is_have_cmd python2; then
|
||||||
|
crypted=$(python2 -c "import crypt; print(crypt.crypt('$password', crypt.mksalt(crypt.METHOD_SHA512)))")
|
||||||
|
# others
|
||||||
|
elif install_pkg openssl && openssl passwd --help 2>&1 | grep -wq '\-6'; then
|
||||||
|
crypted=$(printf '%s' "$password" | openssl passwd -6 -stdin)
|
||||||
|
# debian 9 / ubuntu 16
|
||||||
|
elif is_have_cmd apt-get && install_pkg whois && mkpasswd -m help | grep -wq sha-512; then
|
||||||
|
crypted=$(printf '%s' "$password" | mkpasswd -m sha-512 --stdin)
|
||||||
|
else
|
||||||
|
error_and_exit "Could not generate sha512 password."
|
||||||
|
fi
|
||||||
|
echo "$crypted" >"$dir/password-linux-sha512"
|
||||||
|
|
||||||
|
# yescrypt
|
||||||
|
# 旧系统不支持,先不管
|
||||||
|
if false; then
|
||||||
|
if mkpasswd -m help | grep -wq yescrypt; then
|
||||||
|
crypted=$(printf '%s' "$password" | mkpasswd -m yescrypt --stdin)
|
||||||
|
echo "$crypted" >"$dir/password-linux-yescrypt"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# windows
|
||||||
|
if [ "$distro" = windows ] || [ "$distro" = dd ]; then
|
||||||
|
install_pkg iconv
|
||||||
|
|
||||||
|
# 要分两行写,因为 echo "$(xxx)" 返回值始终为 0,出错也不会中断脚本
|
||||||
|
# grep . 为了保证脚本没有出错
|
||||||
|
base64=$(printf '%s' "${password}Password" | iconv -f UTF-8 -t UTF-16LE | base64 -w 0 | grep .)
|
||||||
|
echo "$base64" >"$dir/password-windows-user-base64"
|
||||||
|
|
||||||
|
base64=$(printf '%s' "${password}AdministratorPassword" | iconv -f UTF-8 -t UTF-16LE | base64 -w 0 | grep .)
|
||||||
|
echo "$base64" >"$dir/password-windows-administrator-base64"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# 记录主硬盘
|
# 记录主硬盘
|
||||||
find_main_disk() {
|
find_main_disk() {
|
||||||
if [ -n "$main_disk" ]; then
|
if [ -n "$main_disk" ]; then
|
||||||
@ -2359,7 +2452,7 @@ build_extra_cmdline() {
|
|||||||
# https://answers.launchpad.net/ubuntu/+question/249456
|
# https://answers.launchpad.net/ubuntu/+question/249456
|
||||||
# https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads
|
# https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads
|
||||||
for key in confhome hold force force_old_windows_setup cloud_image main_disk \
|
for key in confhome hold force force_old_windows_setup cloud_image main_disk \
|
||||||
ssh_port rdp_port web_port allow_ping password; do
|
ssh_port rdp_port web_port allow_ping; do
|
||||||
value=${!key}
|
value=${!key}
|
||||||
if [ -n "$value" ]; then
|
if [ -n "$value" ]; then
|
||||||
is_need_quote "$value" &&
|
is_need_quote "$value" &&
|
||||||
@ -2728,13 +2821,17 @@ EOF
|
|||||||
# 5. debian 11/12 initrd 无法识别 < <
|
# 5. debian 11/12 initrd 无法识别 < <
|
||||||
# 6. debian 11 initrd 无法识别 set -E
|
# 6. debian 11 initrd 无法识别 set -E
|
||||||
# 7. debian 11 initrd 无法识别 trap ERR
|
# 7. debian 11 initrd 无法识别 trap ERR
|
||||||
|
# 8. debian 9 initrd 无法识别 ${string//find/replace}
|
||||||
# 删除或注释,可能会导致空方法而报错,因此改为替换成'\n: #'
|
# 删除或注释,可能会导致空方法而报错,因此改为替换成'\n: #'
|
||||||
replace='\n: #'
|
replace='\n: #'
|
||||||
sed -Ei "s/> >/$replace/" $initrd_dir/trans.sh
|
sed -Ei \
|
||||||
sed -Ei "s/< </$replace/" $initrd_dir/trans.sh
|
-e "s/> >/$replace/" \
|
||||||
sed -Ei "s/(^[[:space:]]*set[[:space:]].*)E/\1/" $initrd_dir/trans.sh
|
-e "s/< </$replace/" \
|
||||||
sed -Ei "s/^[[:space:]]*apk[[:space:]]/$replace/" $initrd_dir/trans.sh
|
-e "s/^[[:space:]]*apk[[:space:]]/$replace/" \
|
||||||
sed -Ei "s/^[[:space:]]*trap[[:space:]]/$replace/" $initrd_dir/trans.sh
|
-e "s/^[[:space:]]*trap[[:space:]]/$replace/" \
|
||||||
|
-e "s/\\$\{.*\/\/.*\/.*\}/$replace/" \
|
||||||
|
-e "/^[[:space:]]*set[[:space:]]/s/E//" \
|
||||||
|
$initrd_dir/trans.sh
|
||||||
}
|
}
|
||||||
|
|
||||||
get_disk_drivers() {
|
get_disk_drivers() {
|
||||||
@ -2915,11 +3012,15 @@ EOF
|
|||||||
# ssl_client: SSL_connect
|
# ssl_client: SSL_connect
|
||||||
# wget: bad header line: <20>
|
# wget: bad header line: <20>
|
||||||
insert_into_file init before '^exec (/bin/busybox )?switch_root' <<EOF
|
insert_into_file init before '^exec (/bin/busybox )?switch_root' <<EOF
|
||||||
|
# trans
|
||||||
# echo "wget --no-check-certificate -O- $confhome/trans.sh | /bin/ash" >\$sysroot/etc/local.d/trans.start
|
# echo "wget --no-check-certificate -O- $confhome/trans.sh | /bin/ash" >\$sysroot/etc/local.d/trans.start
|
||||||
# wget --no-check-certificate -O \$sysroot/etc/local.d/trans.start $confhome/trans.sh
|
# wget --no-check-certificate -O \$sysroot/etc/local.d/trans.start $confhome/trans.sh
|
||||||
cp /trans.sh \$sysroot/etc/local.d/trans.start
|
cp /trans.sh \$sysroot/etc/local.d/trans.start
|
||||||
chmod a+x \$sysroot/etc/local.d/trans.start
|
chmod a+x \$sysroot/etc/local.d/trans.start
|
||||||
ln -s /etc/init.d/local \$sysroot/etc/runlevels/default/
|
ln -s /etc/init.d/local \$sysroot/etc/runlevels/default/
|
||||||
|
|
||||||
|
# 配置文件夹
|
||||||
|
cp -r /configs \$sysroot/configs
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# 判断云镜像 debain 能否用云内核
|
# 判断云镜像 debain 能否用云内核
|
||||||
@ -2958,14 +3059,19 @@ mod_initrd() {
|
|||||||
$(is_in_windows && echo --nonmatching 'dev/console' --nonmatching 'dev/null')
|
$(is_in_windows && echo --nonmatching 'dev/console' --nonmatching 'dev/null')
|
||||||
|
|
||||||
curl -Lo $initrd_dir/trans.sh $confhome/trans.sh
|
curl -Lo $initrd_dir/trans.sh $confhome/trans.sh
|
||||||
if ! grep -i "$SCRIPT_VERSION" $initrd_dir/trans.sh; then
|
if ! grep -iq "$SCRIPT_VERSION" $initrd_dir/trans.sh; then
|
||||||
error_and_exit "
|
error_and_exit "
|
||||||
This script is outdated, please download reinstall.sh again.
|
This script is outdated, please download reinstall.sh again.
|
||||||
脚本有更新,请重新下载 reinstall.sh"
|
脚本有更新,请重新下载 reinstall.sh"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
curl -Lo $initrd_dir/alpine-network.sh $confhome/alpine-network.sh
|
curl -Lo $initrd_dir/alpine-network.sh $confhome/alpine-network.sh
|
||||||
chmod a+x $initrd_dir/trans.sh $initrd_dir/alpine-network.sh
|
chmod a+x $initrd_dir/trans.sh $initrd_dir/alpine-network.sh
|
||||||
|
|
||||||
|
# 保存配置
|
||||||
|
mkdir -p $initrd_dir/configs
|
||||||
|
save_password $initrd_dir/configs
|
||||||
|
|
||||||
if is_distro_like_debian $nextos_distro; then
|
if is_distro_like_debian $nextos_distro; then
|
||||||
mod_initrd_debian_kali
|
mod_initrd_debian_kali
|
||||||
else
|
else
|
||||||
@ -3071,13 +3177,13 @@ fi
|
|||||||
|
|
||||||
long_opts=
|
long_opts=
|
||||||
for o in ci installer debug minimal allow-ping \
|
for o in ci installer debug minimal allow-ping \
|
||||||
hold: \
|
hold: sleep: \
|
||||||
sleep: \
|
|
||||||
iso: \
|
iso: \
|
||||||
image-name: \
|
image-name: \
|
||||||
boot-wim: \
|
boot-wim: \
|
||||||
img: \
|
img: \
|
||||||
lang: \
|
lang: \
|
||||||
|
passwd: password: \
|
||||||
ssh-port: \
|
ssh-port: \
|
||||||
rdp-port: \
|
rdp-port: \
|
||||||
web-port: \
|
web-port: \
|
||||||
@ -3091,7 +3197,7 @@ done
|
|||||||
|
|
||||||
# 整理参数
|
# 整理参数
|
||||||
if ! opts=$(getopt -n $0 -o "" --long "$long_opts" -- "$@"); then
|
if ! opts=$(getopt -n $0 -o "" --long "$long_opts" -- "$@"); then
|
||||||
usage_and_exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
eval set -- "$opts"
|
eval set -- "$opts"
|
||||||
@ -3138,6 +3244,11 @@ while true; do
|
|||||||
force=$2
|
force=$2
|
||||||
shift 2
|
shift 2
|
||||||
;;
|
;;
|
||||||
|
--passwd | --password)
|
||||||
|
[ -n "$2" ] || error_and_exit "Need value for $1"
|
||||||
|
password=$2
|
||||||
|
shift 2
|
||||||
|
;;
|
||||||
--ssh-port)
|
--ssh-port)
|
||||||
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
|
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
|
||||||
ssh_port=$2
|
ssh_port=$2
|
||||||
@ -3202,6 +3313,21 @@ if is_secure_boot_enabled; then
|
|||||||
error_and_exit "Please disable secure boot first."
|
error_and_exit "Please disable secure boot first."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# 密码
|
||||||
|
if ! is_netboot_xyz && [ -z "$password" ]; then
|
||||||
|
if is_use_dd; then
|
||||||
|
warn "
|
||||||
|
This password is only used for SSH access to view logs during the DD process.
|
||||||
|
Password of the image will NOT modify.
|
||||||
|
|
||||||
|
密码仅用于 DD 过程中通过 SSH 查看日志。
|
||||||
|
镜像的密码将不会被修改。
|
||||||
|
"
|
||||||
|
|
||||||
|
fi
|
||||||
|
prompt_password
|
||||||
|
fi
|
||||||
|
|
||||||
# 必备组件
|
# 必备组件
|
||||||
install_pkg curl grep
|
install_pkg curl grep
|
||||||
|
|
||||||
@ -3635,7 +3761,7 @@ if ! { is_netboot_xyz || is_use_dd; }; then
|
|||||||
username="root"
|
username="root"
|
||||||
fi
|
fi
|
||||||
echo "Username: $username"
|
echo "Username: $username"
|
||||||
echo "Password: 123@@@"
|
echo "Password: $password"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if is_netboot_xyz; then
|
if is_netboot_xyz; then
|
||||||
|
105
trans.sh
105
trans.sh
@ -1,6 +1,6 @@
|
|||||||
#!/bin/ash
|
#!/bin/ash
|
||||||
# shellcheck shell=dash
|
# shellcheck shell=dash
|
||||||
# shellcheck disable=SC2086,SC3047,SC3036,SC3010,SC3001
|
# shellcheck disable=SC2086,SC3047,SC3036,SC3010,SC3001,SC3060
|
||||||
# alpine 默认使用 busybox ash
|
# alpine 默认使用 busybox ash
|
||||||
|
|
||||||
# 出错后停止运行,将进入到登录界面,防止失联
|
# 出错后停止运行,将进入到登录界面,防止失联
|
||||||
@ -8,10 +8,7 @@ set -eE
|
|||||||
|
|
||||||
# 用于判断 reinstall.sh 和 trans.sh 是否兼容
|
# 用于判断 reinstall.sh 和 trans.sh 是否兼容
|
||||||
# shellcheck disable=SC2034
|
# shellcheck disable=SC2034
|
||||||
SCRIPT_VERSION=4BACD833-A585-23BA-6CBB-9AA4E08E0001
|
SCRIPT_VERSION=4BACD833-A585-23BA-6CBB-9AA4E08E0002
|
||||||
|
|
||||||
# debian 安装版、ubuntu 安装版、el/ol 安装版不使用该密码
|
|
||||||
PASSWORD=123@@@
|
|
||||||
|
|
||||||
TRUE=0
|
TRUE=0
|
||||||
FALSE=1
|
FALSE=1
|
||||||
@ -432,6 +429,27 @@ is_dmi_contains() {
|
|||||||
echo "$_dmi" | grep -Eiwq "$1"
|
echo "$_dmi" | grep -Eiwq "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_config() {
|
||||||
|
cat "/configs/$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_password_linux_sha512() {
|
||||||
|
get_config password-linux-sha512
|
||||||
|
}
|
||||||
|
|
||||||
|
get_password_windows_administrator_base64() {
|
||||||
|
get_config password-windows-administrator-base64
|
||||||
|
}
|
||||||
|
|
||||||
|
# debian 安装版、ubuntu 安装版、el/ol 安装版不使用该密码
|
||||||
|
get_password_plaintext() {
|
||||||
|
get_config password-plaintext
|
||||||
|
}
|
||||||
|
|
||||||
|
is_password_plaintext() {
|
||||||
|
get_password_plaintext >/dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
show_netconf() {
|
show_netconf() {
|
||||||
grep -r . /dev/netconf/
|
grep -r . /dev/netconf/
|
||||||
}
|
}
|
||||||
@ -1399,8 +1417,8 @@ EOF
|
|||||||
nixos-install --root /os --no-root-passwd -j $threads
|
nixos-install --root /os --no-root-passwd -j $threads
|
||||||
|
|
||||||
# 设置密码
|
# 设置密码
|
||||||
echo "root:$PASSWORD" | nixos-enter --root /os -- \
|
echo "root:$(get_password_linux_sha512)" | nixos-enter --root /os -- \
|
||||||
/run/current-system/sw/bin/chpasswd
|
/run/current-system/sw/bin/chpasswd -e
|
||||||
|
|
||||||
# 设置 channel
|
# 设置 channel
|
||||||
if is_in_china; then
|
if is_in_china; then
|
||||||
@ -2158,7 +2176,9 @@ download_cloud_init_config() {
|
|||||||
sed -i '1!{/^[[:space:]]*#/d}' $ci_file
|
sed -i '1!{/^[[:space:]]*#/d}' $ci_file
|
||||||
|
|
||||||
# 修改密码
|
# 修改密码
|
||||||
sed -i "s/@PASSWORD@/$PASSWORD/" $ci_file
|
# 不能用 sed 替换,因为含有特殊字符
|
||||||
|
content=$(cat $ci_file)
|
||||||
|
echo "${content//@PASSWORD@/$(get_password_linux_sha512)}" >$ci_file
|
||||||
|
|
||||||
# 修改 ssh 端口
|
# 修改 ssh 端口
|
||||||
if is_need_change_ssh_port; then
|
if is_need_change_ssh_port; then
|
||||||
@ -2467,9 +2487,9 @@ EOF
|
|||||||
cp_resolv_conf $os_dir
|
cp_resolv_conf $os_dir
|
||||||
|
|
||||||
# 在这里修改密码,而不是用cloud-init,因为我们的默认密码太弱
|
# 在这里修改密码,而不是用cloud-init,因为我们的默认密码太弱
|
||||||
sed -i 's/enforce=everyone/enforce=none/' $os_dir/etc/security/passwdqc.conf
|
is_password_plaintext && sed -i 's/enforce=everyone/enforce=none/' $os_dir/etc/security/passwdqc.conf
|
||||||
echo "root:$PASSWORD" | chroot $os_dir chpasswd
|
echo "root:$(get_password_linux_sha512)" | chroot $os_dir chpasswd -e
|
||||||
sed -i 's/enforce=none/enforce=everyone/' $os_dir/etc/security/passwdqc.conf
|
is_password_plaintext && sed -i 's/enforce=none/enforce=everyone/' $os_dir/etc/security/passwdqc.conf
|
||||||
|
|
||||||
# 下载仓库,选择 profile
|
# 下载仓库,选择 profile
|
||||||
chroot $os_dir emerge-webrsync
|
chroot $os_dir emerge-webrsync
|
||||||
@ -2628,39 +2648,45 @@ change_root_password() {
|
|||||||
|
|
||||||
info 'change root password'
|
info 'change root password'
|
||||||
|
|
||||||
pam_d=$os_dir/etc/pam.d
|
if is_password_plaintext; then
|
||||||
|
pam_d=$os_dir/etc/pam.d
|
||||||
|
|
||||||
[ -f $pam_d/chpasswd ] && has_pamd_chpasswd=true || has_pamd_chpasswd=false
|
[ -f $pam_d/chpasswd ] && has_pamd_chpasswd=true || has_pamd_chpasswd=false
|
||||||
|
|
||||||
if $has_pamd_chpasswd; then
|
if $has_pamd_chpasswd; then
|
||||||
cp $pam_d/chpasswd $pam_d/chpasswd.orig
|
cp $pam_d/chpasswd $pam_d/chpasswd.orig
|
||||||
|
|
||||||
# cat /etc/pam.d/chpasswd
|
# cat /etc/pam.d/chpasswd
|
||||||
# @include common-password
|
# @include common-password
|
||||||
|
|
||||||
# cat /etc/pam.d/chpasswd
|
# cat /etc/pam.d/chpasswd
|
||||||
# #%PAM-1.0
|
# #%PAM-1.0
|
||||||
# auth include system-auth
|
# auth include system-auth
|
||||||
# account include system-auth
|
# account include system-auth
|
||||||
# password substack system-auth
|
# password substack system-auth
|
||||||
# -password optional pam_gnome_keyring.so use_authtok
|
# -password optional pam_gnome_keyring.so use_authtok
|
||||||
# password substack postlogin
|
# password substack postlogin
|
||||||
|
|
||||||
# 通过 /etc/pam.d/chpasswd 找到 /etc/pam.d/system-auth 或者 /etc/pam.d/system-auth
|
# 通过 /etc/pam.d/chpasswd 找到 /etc/pam.d/system-auth 或者 /etc/pam.d/system-auth
|
||||||
# 再找到有 password 和 pam_unix.so 的行,并删除 use_authtok,写入 /etc/pam.d/chpasswd
|
# 再找到有 password 和 pam_unix.so 的行,并删除 use_authtok,写入 /etc/pam.d/chpasswd
|
||||||
files=$(grep -E '^(password|@include)' $pam_d/chpasswd | awk '{print $NF}' | sort -u)
|
files=$(grep -E '^(password|@include)' $pam_d/chpasswd | awk '{print $NF}' | sort -u)
|
||||||
for file in $files; do
|
for file in $files; do
|
||||||
if [ -f "$pam_d/$file" ] && line=$(grep ^password "$pam_d/$file" | grep -F pam_unix.so); then
|
if [ -f "$pam_d/$file" ] && line=$(grep ^password "$pam_d/$file" | grep -F pam_unix.so); then
|
||||||
echo "$line" | sed 's/use_authtok//' >$pam_d/chpasswd
|
echo "$line" | sed 's/use_authtok//' >$pam_d/chpasswd
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "root:$PASSWORD" | chroot $os_dir chpasswd
|
# 分两行写,不然遇到错误不会终止
|
||||||
|
plaintext=$(get_password_plaintext)
|
||||||
|
echo "root:$plaintext" | chroot $os_dir chpasswd
|
||||||
|
|
||||||
if $has_pamd_chpasswd; then
|
if $has_pamd_chpasswd; then
|
||||||
mv $pam_d/chpasswd.orig $pam_d/chpasswd
|
mv $pam_d/chpasswd.orig $pam_d/chpasswd
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
get_password_linux_sha512 | chroot $os_dir chpasswd -e
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4136,11 +4162,12 @@ install_windows() {
|
|||||||
download $confhome/windows.xml /tmp/autounattend.xml
|
download $confhome/windows.xml /tmp/autounattend.xml
|
||||||
locale=$(get_selected_image_prop 'Default Language')
|
locale=$(get_selected_image_prop 'Default Language')
|
||||||
use_default_rdp_port=$(is_need_change_rdp_port && echo false || echo true)
|
use_default_rdp_port=$(is_need_change_rdp_port && echo false || echo true)
|
||||||
|
password_base64=$(get_password_windows_administrator_base64)
|
||||||
sed -i \
|
sed -i \
|
||||||
-e "s|%arch%|$arch|" \
|
-e "s|%arch%|$arch|" \
|
||||||
-e "s|%image_name%|$image_name|" \
|
-e "s|%image_name%|$image_name|" \
|
||||||
-e "s|%locale%|$locale|" \
|
-e "s|%locale%|$locale|" \
|
||||||
-e "s|%password%|$PASSWORD|" \
|
-e "s|%administrator_password%|$password_base64|" \
|
||||||
-e "s|%use_default_rdp_port%|$use_default_rdp_port|" \
|
-e "s|%use_default_rdp_port%|$use_default_rdp_port|" \
|
||||||
/tmp/autounattend.xml
|
/tmp/autounattend.xml
|
||||||
|
|
||||||
@ -4597,7 +4624,7 @@ mount / -o remount,size=100%
|
|||||||
hwclock -s || true
|
hwclock -s || true
|
||||||
|
|
||||||
# 设置密码,安装并打开 ssh
|
# 设置密码,安装并打开 ssh
|
||||||
echo "root:$PASSWORD" | chpasswd
|
echo "root:$(get_password_linux_sha512)" | chpasswd -e
|
||||||
apk add openssh
|
apk add openssh
|
||||||
if is_need_change_ssh_port; then
|
if is_need_change_ssh_port; then
|
||||||
change_ssh_port / $ssh_port
|
change_ssh_port / $ssh_port
|
||||||
|
@ -137,8 +137,8 @@
|
|||||||
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="%arch%" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="%arch%" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
<UserAccounts>
|
<UserAccounts>
|
||||||
<AdministratorPassword>
|
<AdministratorPassword>
|
||||||
<Value>%password%</Value>
|
<Value>%administrator_password%</Value>
|
||||||
<PlainText>true</PlainText>
|
<PlainText>false</PlainText>
|
||||||
</AdministratorPassword>
|
</AdministratorPassword>
|
||||||
</UserAccounts>
|
</UserAccounts>
|
||||||
<OOBE>
|
<OOBE>
|
||||||
|
Loading…
Reference in New Issue
Block a user