mirror of
https://github.com/bin456789/reinstall.git
synced 2025-01-18 20:39:14 +08:00
core: 支持修改密码
This commit is contained in:
parent
0a6b5ba41c
commit
34d6c0a2c1
4
.github/workflows/run_reinstall.yml
vendored
4
.github/workflows/run_reinstall.yml
vendored
@ -13,9 +13,9 @@ jobs:
|
||||
os: [ubuntu-latest, windows-latest]
|
||||
include:
|
||||
- os: ubuntu-latest
|
||||
command: sudo bash reinstall.sh --debug
|
||||
command: sudo bash reinstall.sh --debug --password 123@@@
|
||||
- os: windows-latest
|
||||
command: ./reinstall.bat --debug
|
||||
command: ./reinstall.bat --debug --password 123@@@
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- run: |
|
||||
|
40
README.en.md
40
README.en.md
@ -125,11 +125,12 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
|
||||
- Does not include a boot partition (except for Fedora), nor a swap partition, maximizing disk space utilization.
|
||||
- On virtual machines, the appropriate official slimmed-down kernel will be automatically installed.
|
||||
- To install Red Hat, you need to provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>.
|
||||
- Username `root`, password `123@@@`. It may take a few minutes for the password to take effect on the first boot.
|
||||
- Username `root`, Default password `123@@@`. It may take a few minutes for the password to take effect on the first boot.
|
||||
- After reinstalling, if you need to change SSH port or switch to key-based login, be sure to modify the files inside `/etc/ssh/sshd_config.d/`.
|
||||
- Optional parameters:
|
||||
- `--ssh-port PORT` to change the SSH port
|
||||
- `--hold 2` to prevent entering the system after installation. You can connect via SSH to modify system content, with the system mounted at `/os` (this feature is not supported on Debian/Kali).
|
||||
- `--password PASSWORD` Set password
|
||||
- `--ssh-port PORT` Change SSH port
|
||||
- `--hold 2` Prevent entering the system after installation. You can connect via SSH to modify system content, with the system mounted at `/os` (this feature is not supported on Debian/Kali).
|
||||
|
||||
```bash
|
||||
bash reinstall.sh centos 9
|
||||
@ -161,21 +162,27 @@ bash reinstall.sh centos 9
|
||||
|
||||
<summary>Experimental Features</summary>
|
||||
|
||||
The following features are experimental and may not support modifying the SSH port or other options.
|
||||
|
||||
Install Debian using a cloud image, suitable for machines with slower CPUs
|
||||
|
||||
```bash
|
||||
bash reinstall.sh debian --ci
|
||||
```
|
||||
|
||||
Install CentOS, Alma, Rocky, Fedora using ISO, only supports machines with more than 2G of memory and dynamic IP
|
||||
Install CentOS, Alma, Rocky, Fedora using ISO, only supports machines with more than 2G of memory and dynamic IP.
|
||||
|
||||
Password `123@@@`, SSH Port `22`
|
||||
|
||||
Password and SSH port options are not supported.
|
||||
|
||||
```bash
|
||||
bash reinstall.sh centos --installer
|
||||
```
|
||||
|
||||
Install Ubuntu using ISO, only supports machines with more than 1G of memory and dynamic IP
|
||||
Install Ubuntu using ISO, only supports machines with more than 1G of memory and dynamic IP.
|
||||
|
||||
Password `123@@@`, SSH Port `22`
|
||||
|
||||
Password and SSH port options are not supported.
|
||||
|
||||
```bash
|
||||
bash reinstall.sh ubuntu --installer
|
||||
@ -189,9 +196,9 @@ bash reinstall.sh ubuntu --installer
|
||||
- When deploy a Windows image, the system disk will be expanded, and machines with static IPs will have their IPs configured. However, it may take a few minutes after the first boot for the configuration to take effect.
|
||||
- When deploy a Linux image, the script will not modify any contents of the image.
|
||||
- Optional parameters:
|
||||
- `--rdp-port PORT` to change the RDP port (Windows only).
|
||||
- `--allow-ping` to allow ping responses (Windows only).
|
||||
- `--hold 2` to prevent entering the system after DD completion. You can connect via SSH to modify system content, with the system mounted at `/os`.
|
||||
- `--rdp-port PORT` Change RDP port (Windows only).
|
||||
- `--allow-ping` Allow ping responses (Windows only).
|
||||
- `--hold 2` Prevent entering the system after DD completion. You can connect via SSH to modify system content, with the system mounted at `/os`.
|
||||
|
||||
```bash
|
||||
bash reinstall.sh dd --img https://example.com/xxx.xz
|
||||
@ -204,8 +211,10 @@ bash reinstall.sh dd --img https://example.com/xxx.xz
|
||||
### Feature 3: Reboot to <img width="16" height="16" src="https://www.alpinelinux.org/alpine-logo.ico" /> Alpine Rescue System (Live OS)
|
||||
|
||||
- You can use SSH to manually perform DD operations, modify partitions, and manually install Alpine, Arch, Gentoo, and other systems.
|
||||
- Username `root`, password `123@@@`
|
||||
- Username `root`, Default password `123@@@`
|
||||
- If the disk content is not modified, rebooting again will return to the original system.
|
||||
- Optional parameters:
|
||||
- `--password PASSWORD` Set password
|
||||
|
||||
```bash
|
||||
bash reinstall.sh alpine --hold=1
|
||||
@ -224,13 +233,14 @@ bash reinstall.sh netboot.xyz
|
||||
|
||||
### Feature 5: Install <img width="16" height="16" src="https://blogs.windows.com/wp-content/uploads/prod/2022/09/cropped-Windows11IconTransparent512-32x32.png" /> Windows ISO
|
||||
|
||||
- Username `administrator`, password `123@@@`
|
||||
- Username `administrator`, Default password `123@@@`
|
||||
- If remote login fails, try using the username `.\administrator`.
|
||||
- The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot.
|
||||
- Optional parameters:
|
||||
- `--rdp-port PORT` to change the RDP port
|
||||
- `--allow-ping` to allow ping responses
|
||||
- `--hold 2` to allow SSH connections for modifying the hard disk content before rebooting into the official Windows installation program, with the hard disk mounted at `/os`.
|
||||
- `--password PASSWORD` Set Password
|
||||
- `--rdp-port PORT` Change RDP port
|
||||
- `--allow-ping` Allow ping responses
|
||||
- `--hold 2` Allow SSH connections for modifying the hard disk content before rebooting into the official Windows installation program, with the hard disk mounted at `/os`.
|
||||
|
||||
![Windows Installation](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
|
||||
|
||||
|
20
README.md
20
README.md
@ -125,9 +125,10 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
|
||||
- 不含 boot 分区(Fedora 例外),不含 swap 分区,最大化利用磁盘空间
|
||||
- 在虚拟机上,会自动安装合适的官方精简内核
|
||||
- 安装 Red Hat 需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接
|
||||
- 用户名 `root` 密码 `123@@@`,可能首次开机几分钟后密码才生效
|
||||
- 用户名 `root` 默认密码 `123@@@`,密码可能首次开机几分钟后才生效
|
||||
- 重装后如需修改 SSH 端口 / 改成密钥登录,还要注意修改 `/etc/ssh/sshd_config.d/` 里面的文件
|
||||
- 可选参数
|
||||
- `--password PASSWORD` 设置密码
|
||||
- `--ssh-port PORT` 修改 SSH 端口
|
||||
- `--hold 2` 安装结束后不进入系统。可连接 SSH 修改系统内容,系统挂载在 `/os` (此功能不支持 Debian / Kali)
|
||||
|
||||
@ -161,8 +162,6 @@ bash reinstall.sh centos 9
|
||||
|
||||
<summary>实验性功能</summary>
|
||||
|
||||
以下功能为实验性质,可能不支持修改 ssh 端口等其它选项
|
||||
|
||||
用云镜像安装 Debian,适合于 CPU 较慢的机器
|
||||
|
||||
```bash
|
||||
@ -171,12 +170,20 @@ bash reinstall.sh debian --ci
|
||||
|
||||
用 ISO 安装 CentOS, Alma, Rocky, Fedora ,仅支持内存大于 2G 且为动态 IP 的机器
|
||||
|
||||
密码 `123@@@`,SSH 端口 `22`
|
||||
|
||||
不支持设置密码、SSH 端口等选项
|
||||
|
||||
```bash
|
||||
bash reinstall.sh centos --installer
|
||||
```
|
||||
|
||||
用 ISO 安装 Ubuntu ,仅支持内存大于 1G 且为动态 IP 的机器
|
||||
|
||||
密码 `123@@@`,SSH 端口 `22`
|
||||
|
||||
不支持设置密码、SSH 端口等选项
|
||||
|
||||
```bash
|
||||
bash reinstall.sh ubuntu --installer
|
||||
```
|
||||
@ -204,8 +211,10 @@ bash reinstall.sh dd --img https://example.com/xxx.xz
|
||||
### 功能 3: 重启到 <img width="16" height="16" src="https://www.alpinelinux.org/alpine-logo.ico" /> Alpine 救援系统 (Live OS)
|
||||
|
||||
- 可用 ssh 连接,进行手动 DD、修改分区、手动安装 Alpine / Arch / Gentoo 等操作
|
||||
- 用户名 `root` 密码 `123@@@`
|
||||
- 用户名 `root` 默认密码 `123@@@`
|
||||
- 如果没有修改硬盘内容,再次重启将回到原系统
|
||||
- 可选参数
|
||||
- `--password PASSWORD` 设置密码
|
||||
|
||||
```bash
|
||||
bash reinstall.sh alpine --hold=1
|
||||
@ -224,10 +233,11 @@ bash reinstall.sh netboot.xyz
|
||||
|
||||
### 功能 5: 安装 <img width="16" height="16" src="https://blogs.windows.com/wp-content/uploads/prod/2022/09/cropped-Windows11IconTransparent512-32x32.png" /> Windows ISO
|
||||
|
||||
- 用户名 `administrator` 密码 `123@@@`
|
||||
- 用户名 `administrator` 默认密码 `123@@@`
|
||||
- 如果远程登录失败,尝试使用用户名 `.\administrator`
|
||||
- 静态机器会自动配置好 IP,可能首次开机几分钟后才生效
|
||||
- 可选参数
|
||||
- `--password PASSWORD` 设置密码
|
||||
- `--rdp-port PORT` 更改 RDP 端口
|
||||
- `--allow-ping` 允许被 Ping
|
||||
- `--hold 2` 在重启进入 Windows 官方安装程序前,可连接 SSH 修改硬盘内容,硬盘挂载在 `/os`
|
||||
|
@ -8,13 +8,13 @@ users:
|
||||
lock_passwd: false
|
||||
chpasswd:
|
||||
expire: false
|
||||
# 20.04 arm 需要
|
||||
# <= cloud-init 22.2.x 需要
|
||||
list: |
|
||||
root:@PASSWORD@
|
||||
users:
|
||||
- name: root
|
||||
password: "@PASSWORD@"
|
||||
type: text
|
||||
type: hash
|
||||
runcmd:
|
||||
# opensuse tumbleweed 镜像有 /etc/ssh/sshd_config.d/ 文件夹,没有 /etc/ssh/sshd_config,有/usr/etc/ssh/sshd_config
|
||||
# opensuse tumbleweed cloud-init 直接创建并写入 /etc/ssh/sshd_config,造成默认配置丢失
|
||||
@ -28,6 +28,7 @@ runcmd:
|
||||
# daemon-reload 会刷新 /run/systemd/generator/ssh.socket.d/addresses.conf
|
||||
- systemctl daemon-reload
|
||||
- for s in ssh.socket ssh.service sshd.socket sshd.service; do systemctl is-enabled $s && systemctl restart $s && break; done
|
||||
# 删除有密码的行
|
||||
- sed -i -e '/^[[:space:]]*password:/d' -e '/[[:space:]]*root:/d' /etc/cloud/cloud.cfg.d/99_fallback.cfg
|
||||
- touch /etc/cloud/cloud-init.disabled
|
||||
# ubuntu 镜像运行 echo -e '\nDone' ,-e 会被显示出来
|
||||
|
@ -25,8 +25,9 @@ d-i mirror/country string manual
|
||||
|
||||
# B.4.5. 帐号设置
|
||||
d-i passwd/make-user boolean false
|
||||
d-i passwd/root-password password 123@@@
|
||||
d-i passwd/root-password-again password 123@@@
|
||||
# 单纯为了跳过设置,实际上是在 partman/early_command 里设置密码,preseed/early_command 无法设置密码
|
||||
d-i passwd/root-password password ''
|
||||
d-i passwd/root-password-again password ''
|
||||
# kali 需要下面这行,否则会提示输入用户名
|
||||
d-i passwd/root-login boolean true
|
||||
|
||||
@ -155,6 +156,8 @@ d-i partman/early_command string true; \
|
||||
[ -d /sys/firmware/efi ] && debconf-set partman-auto/expert_recipe "$(debconf-get partman-auto/expert_recipe_efi)"; \
|
||||
[ -d /sys/firmware/efi ] || debconf-set partman-auto/expert_recipe "$(debconf-get partman-auto/expert_recipe_bios)"; \
|
||||
|
||||
debconf-set passwd/root-password-crypted "$(cat /configs/password-linux-sha512)"; \
|
||||
|
||||
true >/bin/os-prober
|
||||
|
||||
# kali ssh 默认关闭
|
||||
|
@ -41,6 +41,7 @@ rem 检查是否国内
|
||||
if not exist %tmp%\geoip (
|
||||
rem 部分地区 www.cloudflare.com 被墙
|
||||
call :download http://dash.cloudflare.com/cdn-cgi/trace %tmp%\geoip
|
||||
if errorlevel 1 goto :download_failed
|
||||
)
|
||||
findstr /c:"loc=CN" %tmp%\geoip >nul
|
||||
if not errorlevel 1 (
|
||||
@ -61,9 +62,9 @@ if not errorlevel 1 (
|
||||
)
|
||||
|
||||
rem pkgs 改动了才重新运行 Cygwin 安装程序
|
||||
set pkgs="curl,cpio,p7zip,bind-utils,ipcalc,dos2unix,binutils,jq"
|
||||
set tags=%tmp%\cygwin-installed-!pkgs!
|
||||
if not exist !tags! (
|
||||
set pkgs=curl,cpio,p7zip,bind-utils,ipcalc,dos2unix,binutils,jq,xz,gzip,zstd,openssl,libiconv
|
||||
set tags=%tmp%\cygwin-installed-%pkgs%
|
||||
if not exist "%tags%" (
|
||||
rem win10 arm 支持运行 x86 软件
|
||||
rem win11 arm 支持运行 x86 和 x86_64 软件
|
||||
rem wmic os get osarchitecture 显示中文
|
||||
@ -102,6 +103,7 @@ if not exist !tags! (
|
||||
|
||||
rem 下载 Cygwin
|
||||
call :download http://www.cygwin.com/setup-!CygwinArch!.exe %tmp%\setup-cygwin.exe
|
||||
if errorlevel 1 goto :download_failed
|
||||
|
||||
rem 安装 Cygwin
|
||||
set site=!mirror!!dir!
|
||||
@ -111,13 +113,14 @@ if not exist !tags! (
|
||||
--site !site! ^
|
||||
--root %SystemDrive%\cygwin ^
|
||||
--local-package-dir %tmp%\cygwin-local-package-dir ^
|
||||
--packages !pkgs! ^
|
||||
&& type nul >!tags!
|
||||
--packages %pkgs% ^
|
||||
&& type nul >"%tags%"
|
||||
)
|
||||
|
||||
rem 下载 reinstall.sh
|
||||
if not exist reinstall.sh (
|
||||
call :download %confhome%/reinstall.sh %~dp0reinstall.sh
|
||||
if errorlevel 1 goto :download_failed
|
||||
)
|
||||
|
||||
rem 为每个参数添加引号,使参数正确传递到 bash
|
||||
@ -147,8 +150,13 @@ rem https://learn.microsoft.com/en-us/windows/win32/bits/http-requirements-for-b
|
||||
rem certutil 会被 windows Defender 报毒
|
||||
rem windows server 2019 要用第二条 certutil 命令
|
||||
echo Download: %~1 %~2
|
||||
certutil -urlcache -f -split %~1 %~2
|
||||
if not exist %~2 (
|
||||
certutil -urlcache -split %~1 %~2
|
||||
)
|
||||
del /q "%~2" 2>nul
|
||||
if exist "%~2" (echo Cannot delete %~2 & exit /b 1)
|
||||
if not exist "%~2" certutil -urlcache -f -split "%~1" "%~2" >nul
|
||||
if not exist "%~2" certutil -urlcache -split "%~1" "%~2" >nul
|
||||
if not exist "%~2" exit /b 1
|
||||
exit /b
|
||||
|
||||
:download_failed
|
||||
echo Download failed.
|
||||
exit /b 1
|
||||
|
150
reinstall.sh
150
reinstall.sh
@ -8,7 +8,8 @@ confhome_cn=https://jihulab.com/bin456789/reinstall/-/raw/main
|
||||
# confhome_cn=https://mirror.ghproxy.com/https://raw.githubusercontent.com/bin456789/reinstall/main
|
||||
|
||||
# 用于判断 reinstall.sh 和 trans.sh 是否兼容
|
||||
SCRIPT_VERSION=4BACD833-A585-23BA-6CBB-9AA4E08E0001
|
||||
SCRIPT_VERSION=4BACD833-A585-23BA-6CBB-9AA4E08E0002
|
||||
DEFAULT_PASSWORD=123@@@
|
||||
|
||||
# https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html
|
||||
export LC_ALL=C
|
||||
@ -1562,6 +1563,12 @@ install_pkg() {
|
||||
yum | dnf | zypper) pkg="bind-utils" ;;
|
||||
esac
|
||||
;;
|
||||
iconv)
|
||||
case "$pkg_mgr" in
|
||||
apk) pkg="musl-utils" ;;
|
||||
*) error_and_exit "Which GNU/Linux do not have iconv built-in?" ;;
|
||||
esac
|
||||
;;
|
||||
*) pkg=$cmd ;;
|
||||
esac
|
||||
}
|
||||
@ -1814,6 +1821,92 @@ del_empty_lines() {
|
||||
sed '/^[[:space:]]*$/d'
|
||||
}
|
||||
|
||||
prompt_password() {
|
||||
while true; do
|
||||
IFS= read -r -p "Password [$DEFAULT_PASSWORD]: " password
|
||||
IFS= read -r -p "Retype password [$DEFAULT_PASSWORD]: " password_confirm
|
||||
password=${password:-$DEFAULT_PASSWORD}
|
||||
password_confirm=${password_confirm:-$DEFAULT_PASSWORD}
|
||||
if [ -z "$password" ]; then
|
||||
error "Passwords is empty. Try again."
|
||||
elif [ "$password" != "$password_confirm" ]; then
|
||||
error "Passwords don't match. Try again."
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
save_password() {
|
||||
dir=$1
|
||||
|
||||
# mkpasswd 有三个
|
||||
# expect 里的 mkpasswd 是用来生成随机密码的
|
||||
# whois 里的 mkpasswd 才是我们想要的,可能不支持 yescrypt,alpine 的 mkpasswd 是独立的包
|
||||
# busybox 里的 mkpasswd 也是我们想要的,但多数不支持 yescrypt
|
||||
|
||||
# alpine 这两个包有冲突
|
||||
# apk add expect mkpasswd
|
||||
|
||||
# 明文密码
|
||||
# 假如用户运行 alpine live 直接打包硬盘镜像,则会暴露明文密码,因为 netboot initrd 在里面
|
||||
# 通过 --password 传入密码,history 有记录,也会暴露明文密码
|
||||
# /reinstall.log 也会暴露明文密码
|
||||
if false; then
|
||||
echo "$password" >>"$dir/password-plaintext"
|
||||
fi
|
||||
|
||||
# sha512
|
||||
# 以下系统均支持 sha512 密码,但是生成密码需要不同的工具
|
||||
# 兼容性 openssl mkpasswd busybox python
|
||||
# centos 7 × 只有expect的 需要编译 √
|
||||
# centos 8 √ 只有expect的
|
||||
# debian 9 × √
|
||||
# ubuntu 16 × √
|
||||
# alpine √ 可能系统装了expect √
|
||||
# cygwin √
|
||||
# others √
|
||||
|
||||
# alpine
|
||||
if is_have_cmd busybox && busybox mkpasswd --help 2>&1 | grep -wq sha512; then
|
||||
crypted=$(printf '%s' "$password" | busybox mkpasswd -m sha512)
|
||||
# centos 7
|
||||
elif is_have_cmd python2; then
|
||||
crypted=$(python2 -c "import crypt; print(crypt.crypt('$password', crypt.mksalt(crypt.METHOD_SHA512)))")
|
||||
# others
|
||||
elif install_pkg openssl && openssl passwd --help 2>&1 | grep -wq '\-6'; then
|
||||
crypted=$(printf '%s' "$password" | openssl passwd -6 -stdin)
|
||||
# debian 9 / ubuntu 16
|
||||
elif is_have_cmd apt-get && install_pkg whois && mkpasswd -m help | grep -wq sha-512; then
|
||||
crypted=$(printf '%s' "$password" | mkpasswd -m sha-512 --stdin)
|
||||
else
|
||||
error_and_exit "Could not generate sha512 password."
|
||||
fi
|
||||
echo "$crypted" >"$dir/password-linux-sha512"
|
||||
|
||||
# yescrypt
|
||||
# 旧系统不支持,先不管
|
||||
if false; then
|
||||
if mkpasswd -m help | grep -wq yescrypt; then
|
||||
crypted=$(printf '%s' "$password" | mkpasswd -m yescrypt --stdin)
|
||||
echo "$crypted" >"$dir/password-linux-yescrypt"
|
||||
fi
|
||||
fi
|
||||
|
||||
# windows
|
||||
if [ "$distro" = windows ] || [ "$distro" = dd ]; then
|
||||
install_pkg iconv
|
||||
|
||||
# 要分两行写,因为 echo "$(xxx)" 返回值始终为 0,出错也不会中断脚本
|
||||
# grep . 为了保证脚本没有出错
|
||||
base64=$(printf '%s' "${password}Password" | iconv -f UTF-8 -t UTF-16LE | base64 -w 0 | grep .)
|
||||
echo "$base64" >"$dir/password-windows-user-base64"
|
||||
|
||||
base64=$(printf '%s' "${password}AdministratorPassword" | iconv -f UTF-8 -t UTF-16LE | base64 -w 0 | grep .)
|
||||
echo "$base64" >"$dir/password-windows-administrator-base64"
|
||||
fi
|
||||
}
|
||||
|
||||
# 记录主硬盘
|
||||
find_main_disk() {
|
||||
if [ -n "$main_disk" ]; then
|
||||
@ -2359,7 +2452,7 @@ build_extra_cmdline() {
|
||||
# https://answers.launchpad.net/ubuntu/+question/249456
|
||||
# https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads
|
||||
for key in confhome hold force force_old_windows_setup cloud_image main_disk \
|
||||
ssh_port rdp_port web_port allow_ping password; do
|
||||
ssh_port rdp_port web_port allow_ping; do
|
||||
value=${!key}
|
||||
if [ -n "$value" ]; then
|
||||
is_need_quote "$value" &&
|
||||
@ -2728,13 +2821,17 @@ EOF
|
||||
# 5. debian 11/12 initrd 无法识别 < <
|
||||
# 6. debian 11 initrd 无法识别 set -E
|
||||
# 7. debian 11 initrd 无法识别 trap ERR
|
||||
# 8. debian 9 initrd 无法识别 ${string//find/replace}
|
||||
# 删除或注释,可能会导致空方法而报错,因此改为替换成'\n: #'
|
||||
replace='\n: #'
|
||||
sed -Ei "s/> >/$replace/" $initrd_dir/trans.sh
|
||||
sed -Ei "s/< </$replace/" $initrd_dir/trans.sh
|
||||
sed -Ei "s/(^[[:space:]]*set[[:space:]].*)E/\1/" $initrd_dir/trans.sh
|
||||
sed -Ei "s/^[[:space:]]*apk[[:space:]]/$replace/" $initrd_dir/trans.sh
|
||||
sed -Ei "s/^[[:space:]]*trap[[:space:]]/$replace/" $initrd_dir/trans.sh
|
||||
sed -Ei \
|
||||
-e "s/> >/$replace/" \
|
||||
-e "s/< </$replace/" \
|
||||
-e "s/^[[:space:]]*apk[[:space:]]/$replace/" \
|
||||
-e "s/^[[:space:]]*trap[[:space:]]/$replace/" \
|
||||
-e "s/\\$\{.*\/\/.*\/.*\}/$replace/" \
|
||||
-e "/^[[:space:]]*set[[:space:]]/s/E//" \
|
||||
$initrd_dir/trans.sh
|
||||
}
|
||||
|
||||
get_disk_drivers() {
|
||||
@ -2915,11 +3012,15 @@ EOF
|
||||
# ssl_client: SSL_connect
|
||||
# wget: bad header line: <20>
|
||||
insert_into_file init before '^exec (/bin/busybox )?switch_root' <<EOF
|
||||
# trans
|
||||
# echo "wget --no-check-certificate -O- $confhome/trans.sh | /bin/ash" >\$sysroot/etc/local.d/trans.start
|
||||
# wget --no-check-certificate -O \$sysroot/etc/local.d/trans.start $confhome/trans.sh
|
||||
cp /trans.sh \$sysroot/etc/local.d/trans.start
|
||||
chmod a+x \$sysroot/etc/local.d/trans.start
|
||||
ln -s /etc/init.d/local \$sysroot/etc/runlevels/default/
|
||||
|
||||
# 配置文件夹
|
||||
cp -r /configs \$sysroot/configs
|
||||
EOF
|
||||
|
||||
# 判断云镜像 debain 能否用云内核
|
||||
@ -2958,14 +3059,19 @@ mod_initrd() {
|
||||
$(is_in_windows && echo --nonmatching 'dev/console' --nonmatching 'dev/null')
|
||||
|
||||
curl -Lo $initrd_dir/trans.sh $confhome/trans.sh
|
||||
if ! grep -i "$SCRIPT_VERSION" $initrd_dir/trans.sh; then
|
||||
if ! grep -iq "$SCRIPT_VERSION" $initrd_dir/trans.sh; then
|
||||
error_and_exit "
|
||||
This script is outdated, please download reinstall.sh again.
|
||||
脚本有更新,请重新下载 reinstall.sh"
|
||||
fi
|
||||
|
||||
curl -Lo $initrd_dir/alpine-network.sh $confhome/alpine-network.sh
|
||||
chmod a+x $initrd_dir/trans.sh $initrd_dir/alpine-network.sh
|
||||
|
||||
# 保存配置
|
||||
mkdir -p $initrd_dir/configs
|
||||
save_password $initrd_dir/configs
|
||||
|
||||
if is_distro_like_debian $nextos_distro; then
|
||||
mod_initrd_debian_kali
|
||||
else
|
||||
@ -3071,13 +3177,13 @@ fi
|
||||
|
||||
long_opts=
|
||||
for o in ci installer debug minimal allow-ping \
|
||||
hold: \
|
||||
sleep: \
|
||||
hold: sleep: \
|
||||
iso: \
|
||||
image-name: \
|
||||
boot-wim: \
|
||||
img: \
|
||||
lang: \
|
||||
passwd: password: \
|
||||
ssh-port: \
|
||||
rdp-port: \
|
||||
web-port: \
|
||||
@ -3091,7 +3197,7 @@ done
|
||||
|
||||
# 整理参数
|
||||
if ! opts=$(getopt -n $0 -o "" --long "$long_opts" -- "$@"); then
|
||||
usage_and_exit
|
||||
exit
|
||||
fi
|
||||
|
||||
eval set -- "$opts"
|
||||
@ -3138,6 +3244,11 @@ while true; do
|
||||
force=$2
|
||||
shift 2
|
||||
;;
|
||||
--passwd | --password)
|
||||
[ -n "$2" ] || error_and_exit "Need value for $1"
|
||||
password=$2
|
||||
shift 2
|
||||
;;
|
||||
--ssh-port)
|
||||
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
|
||||
ssh_port=$2
|
||||
@ -3202,6 +3313,21 @@ if is_secure_boot_enabled; then
|
||||
error_and_exit "Please disable secure boot first."
|
||||
fi
|
||||
|
||||
# 密码
|
||||
if ! is_netboot_xyz && [ -z "$password" ]; then
|
||||
if is_use_dd; then
|
||||
warn "
|
||||
This password is only used for SSH access to view logs during the DD process.
|
||||
Password of the image will NOT modify.
|
||||
|
||||
密码仅用于 DD 过程中通过 SSH 查看日志。
|
||||
镜像的密码将不会被修改。
|
||||
"
|
||||
|
||||
fi
|
||||
prompt_password
|
||||
fi
|
||||
|
||||
# 必备组件
|
||||
install_pkg curl grep
|
||||
|
||||
@ -3635,7 +3761,7 @@ if ! { is_netboot_xyz || is_use_dd; }; then
|
||||
username="root"
|
||||
fi
|
||||
echo "Username: $username"
|
||||
echo "Password: 123@@@"
|
||||
echo "Password: $password"
|
||||
fi
|
||||
|
||||
if is_netboot_xyz; then
|
||||
|
105
trans.sh
105
trans.sh
@ -1,6 +1,6 @@
|
||||
#!/bin/ash
|
||||
# shellcheck shell=dash
|
||||
# shellcheck disable=SC2086,SC3047,SC3036,SC3010,SC3001
|
||||
# shellcheck disable=SC2086,SC3047,SC3036,SC3010,SC3001,SC3060
|
||||
# alpine 默认使用 busybox ash
|
||||
|
||||
# 出错后停止运行,将进入到登录界面,防止失联
|
||||
@ -8,10 +8,7 @@ set -eE
|
||||
|
||||
# 用于判断 reinstall.sh 和 trans.sh 是否兼容
|
||||
# shellcheck disable=SC2034
|
||||
SCRIPT_VERSION=4BACD833-A585-23BA-6CBB-9AA4E08E0001
|
||||
|
||||
# debian 安装版、ubuntu 安装版、el/ol 安装版不使用该密码
|
||||
PASSWORD=123@@@
|
||||
SCRIPT_VERSION=4BACD833-A585-23BA-6CBB-9AA4E08E0002
|
||||
|
||||
TRUE=0
|
||||
FALSE=1
|
||||
@ -432,6 +429,27 @@ is_dmi_contains() {
|
||||
echo "$_dmi" | grep -Eiwq "$1"
|
||||
}
|
||||
|
||||
get_config() {
|
||||
cat "/configs/$1"
|
||||
}
|
||||
|
||||
get_password_linux_sha512() {
|
||||
get_config password-linux-sha512
|
||||
}
|
||||
|
||||
get_password_windows_administrator_base64() {
|
||||
get_config password-windows-administrator-base64
|
||||
}
|
||||
|
||||
# debian 安装版、ubuntu 安装版、el/ol 安装版不使用该密码
|
||||
get_password_plaintext() {
|
||||
get_config password-plaintext
|
||||
}
|
||||
|
||||
is_password_plaintext() {
|
||||
get_password_plaintext >/dev/null 2>&1
|
||||
}
|
||||
|
||||
show_netconf() {
|
||||
grep -r . /dev/netconf/
|
||||
}
|
||||
@ -1399,8 +1417,8 @@ EOF
|
||||
nixos-install --root /os --no-root-passwd -j $threads
|
||||
|
||||
# 设置密码
|
||||
echo "root:$PASSWORD" | nixos-enter --root /os -- \
|
||||
/run/current-system/sw/bin/chpasswd
|
||||
echo "root:$(get_password_linux_sha512)" | nixos-enter --root /os -- \
|
||||
/run/current-system/sw/bin/chpasswd -e
|
||||
|
||||
# 设置 channel
|
||||
if is_in_china; then
|
||||
@ -2158,7 +2176,9 @@ download_cloud_init_config() {
|
||||
sed -i '1!{/^[[:space:]]*#/d}' $ci_file
|
||||
|
||||
# 修改密码
|
||||
sed -i "s/@PASSWORD@/$PASSWORD/" $ci_file
|
||||
# 不能用 sed 替换,因为含有特殊字符
|
||||
content=$(cat $ci_file)
|
||||
echo "${content//@PASSWORD@/$(get_password_linux_sha512)}" >$ci_file
|
||||
|
||||
# 修改 ssh 端口
|
||||
if is_need_change_ssh_port; then
|
||||
@ -2467,9 +2487,9 @@ EOF
|
||||
cp_resolv_conf $os_dir
|
||||
|
||||
# 在这里修改密码,而不是用cloud-init,因为我们的默认密码太弱
|
||||
sed -i 's/enforce=everyone/enforce=none/' $os_dir/etc/security/passwdqc.conf
|
||||
echo "root:$PASSWORD" | chroot $os_dir chpasswd
|
||||
sed -i 's/enforce=none/enforce=everyone/' $os_dir/etc/security/passwdqc.conf
|
||||
is_password_plaintext && sed -i 's/enforce=everyone/enforce=none/' $os_dir/etc/security/passwdqc.conf
|
||||
echo "root:$(get_password_linux_sha512)" | chroot $os_dir chpasswd -e
|
||||
is_password_plaintext && sed -i 's/enforce=none/enforce=everyone/' $os_dir/etc/security/passwdqc.conf
|
||||
|
||||
# 下载仓库,选择 profile
|
||||
chroot $os_dir emerge-webrsync
|
||||
@ -2628,39 +2648,45 @@ change_root_password() {
|
||||
|
||||
info 'change root password'
|
||||
|
||||
pam_d=$os_dir/etc/pam.d
|
||||
if is_password_plaintext; then
|
||||
pam_d=$os_dir/etc/pam.d
|
||||
|
||||
[ -f $pam_d/chpasswd ] && has_pamd_chpasswd=true || has_pamd_chpasswd=false
|
||||
[ -f $pam_d/chpasswd ] && has_pamd_chpasswd=true || has_pamd_chpasswd=false
|
||||
|
||||
if $has_pamd_chpasswd; then
|
||||
cp $pam_d/chpasswd $pam_d/chpasswd.orig
|
||||
if $has_pamd_chpasswd; then
|
||||
cp $pam_d/chpasswd $pam_d/chpasswd.orig
|
||||
|
||||
# cat /etc/pam.d/chpasswd
|
||||
# @include common-password
|
||||
# cat /etc/pam.d/chpasswd
|
||||
# @include common-password
|
||||
|
||||
# cat /etc/pam.d/chpasswd
|
||||
# #%PAM-1.0
|
||||
# auth include system-auth
|
||||
# account include system-auth
|
||||
# password substack system-auth
|
||||
# -password optional pam_gnome_keyring.so use_authtok
|
||||
# password substack postlogin
|
||||
# cat /etc/pam.d/chpasswd
|
||||
# #%PAM-1.0
|
||||
# auth include system-auth
|
||||
# account include system-auth
|
||||
# password substack system-auth
|
||||
# -password optional pam_gnome_keyring.so use_authtok
|
||||
# password substack postlogin
|
||||
|
||||
# 通过 /etc/pam.d/chpasswd 找到 /etc/pam.d/system-auth 或者 /etc/pam.d/system-auth
|
||||
# 再找到有 password 和 pam_unix.so 的行,并删除 use_authtok,写入 /etc/pam.d/chpasswd
|
||||
files=$(grep -E '^(password|@include)' $pam_d/chpasswd | awk '{print $NF}' | sort -u)
|
||||
for file in $files; do
|
||||
if [ -f "$pam_d/$file" ] && line=$(grep ^password "$pam_d/$file" | grep -F pam_unix.so); then
|
||||
echo "$line" | sed 's/use_authtok//' >$pam_d/chpasswd
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
# 通过 /etc/pam.d/chpasswd 找到 /etc/pam.d/system-auth 或者 /etc/pam.d/system-auth
|
||||
# 再找到有 password 和 pam_unix.so 的行,并删除 use_authtok,写入 /etc/pam.d/chpasswd
|
||||
files=$(grep -E '^(password|@include)' $pam_d/chpasswd | awk '{print $NF}' | sort -u)
|
||||
for file in $files; do
|
||||
if [ -f "$pam_d/$file" ] && line=$(grep ^password "$pam_d/$file" | grep -F pam_unix.so); then
|
||||
echo "$line" | sed 's/use_authtok//' >$pam_d/chpasswd
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
echo "root:$PASSWORD" | chroot $os_dir chpasswd
|
||||
# 分两行写,不然遇到错误不会终止
|
||||
plaintext=$(get_password_plaintext)
|
||||
echo "root:$plaintext" | chroot $os_dir chpasswd
|
||||
|
||||
if $has_pamd_chpasswd; then
|
||||
mv $pam_d/chpasswd.orig $pam_d/chpasswd
|
||||
if $has_pamd_chpasswd; then
|
||||
mv $pam_d/chpasswd.orig $pam_d/chpasswd
|
||||
fi
|
||||
else
|
||||
get_password_linux_sha512 | chroot $os_dir chpasswd -e
|
||||
fi
|
||||
}
|
||||
|
||||
@ -4136,11 +4162,12 @@ install_windows() {
|
||||
download $confhome/windows.xml /tmp/autounattend.xml
|
||||
locale=$(get_selected_image_prop 'Default Language')
|
||||
use_default_rdp_port=$(is_need_change_rdp_port && echo false || echo true)
|
||||
password_base64=$(get_password_windows_administrator_base64)
|
||||
sed -i \
|
||||
-e "s|%arch%|$arch|" \
|
||||
-e "s|%image_name%|$image_name|" \
|
||||
-e "s|%locale%|$locale|" \
|
||||
-e "s|%password%|$PASSWORD|" \
|
||||
-e "s|%administrator_password%|$password_base64|" \
|
||||
-e "s|%use_default_rdp_port%|$use_default_rdp_port|" \
|
||||
/tmp/autounattend.xml
|
||||
|
||||
@ -4597,7 +4624,7 @@ mount / -o remount,size=100%
|
||||
hwclock -s || true
|
||||
|
||||
# 设置密码,安装并打开 ssh
|
||||
echo "root:$PASSWORD" | chpasswd
|
||||
echo "root:$(get_password_linux_sha512)" | chpasswd -e
|
||||
apk add openssh
|
||||
if is_need_change_ssh_port; then
|
||||
change_ssh_port / $ssh_port
|
||||
|
@ -137,8 +137,8 @@
|
||||
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="%arch%" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<UserAccounts>
|
||||
<AdministratorPassword>
|
||||
<Value>%password%</Value>
|
||||
<PlainText>true</PlainText>
|
||||
<Value>%administrator_password%</Value>
|
||||
<PlainText>false</PlainText>
|
||||
</AdministratorPassword>
|
||||
</UserAccounts>
|
||||
<OOBE>
|
||||
|
Loading…
x
Reference in New Issue
Block a user