1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
TEMPLATE_ROOT=network-console
KEY_FILE=/etc/ssh/ssh_host_ed25519_key
ARCHDETECT="$(archdetect)"
if [ ! -f $KEY_FILE ]; then
db_progress START 0 1 $TEMPLATE_ROOT/key
ssh-keygen -t ed25519 -N '' -f $KEY_FILE -q
db_progress STOP
fi
db_get $TEMPLATE_ROOT/password
INST_PWD="$RET"
db_get $TEMPLATE_ROOT/authorized_keys_url
AUTHORIZED_KEYS_URL="$RET"
AUTHORIZED_KEYS_DIRECTORY="/.ssh"
AUTHORIZED_KEYS_FILE="$AUTHORIZED_KEYS_DIRECTORY/authorized_keys"
if [ -n "$AUTHORIZED_KEYS_URL" ]; then
if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then
[ -d "$AUTHORIZED_KEYS_DIRECTORY" ] || \
mkdir "$AUTHORIZED_KEYS_DIRECTORY"
chmod 0700 "$AUTHORIZED_KEYS_DIRECTORY"
if ! wget -q "$AUTHORIZED_KEYS_URL" -O "$AUTHORIZED_KEYS_FILE"; then
db_subst $TEMPLATE_ROOT/authorized_keys_fetch_failure \
LOCATION "$AUTHORIZED_KEYS_URL"
db_input critical $TEMPLATE_ROOT/authorized_keys_fetch_failure \
|| true
db_go
exit 1
fi
chmod 0644 "$AUTHORIZED_KEYS_FILE" || true
fi
fi
while [ ! -f "$AUTHORIZED_KEYS_FILE" ] && [ -z "$PASSWORD" ]; do
db_input critical $TEMPLATE_ROOT/password || true
COMPARE_PW=''
db_input high $TEMPLATE_ROOT/password-again && COMPARE_PW=1 || true
db_go
db_get $TEMPLATE_ROOT/password
INST_PW="$RET"
if [ -z "$INST_PW" ]; then
db_input critical $TEMPLATE_ROOT/password-empty
continue
fi
db_get $TEMPLATE_ROOT/password-again
if [ "$COMPARE_PW" ] && [ "$INST_PW" != "$RET" ]; then
db_input critical $TEMPLATE_ROOT/password-mismatch
continue
fi
PASSWORD=$INST_PW
db_set $TEMPLATE_ROOT/password ""
db_set $TEMPLATE_ROOT/password-again ""
db_fset $TEMPLATE_ROOT/password seen false
db_fset $TEMPLATE_ROOT/password-again seen false
done
echo "installer:$(gen-crypt "$PASSWORD"):1:0:99999:7:::" >> /etc/shadow
grep -qs ^nogroup: /etc/group || echo "nogroup:*:65534:" >> /etc/group
grep -qs ^sshd: /etc/passwd || \
echo "sshd:*:100:65534::/run/sshd:/bin/false" >> /etc/passwd
mkdir -p /run/sshd
chmod 0755 /run/sshd
KEY_FINGERPRINT=$(ssh-keygen -l -f $KEY_FILE | cut -f2 -d ' ')
/usr/sbin/sshd
# Queue installation of ssh to make sure we can log in after reboot
apt-install openssh-server || true
case "$(udpkg --print-os)" in
linux)
IPADDRS=$(ip addr | grep '^[[:space:]]*inet6\? ' | grep -v -e "127\.0\." -e "::1" | \
sed 's/.*inet6\? \([a-f0-9.:]*\).*/\1/')
;;
kfreebsd)
IPADDRS=$(ifconfig| grep '^[[:space:]]*inet6\? ' | grep -v -e "127\.0\." -e "::1" | \
sed 's/.*inet6\? \([a-f0-9.:]*\).*/\1/')
;;
hurd)
IPADDRS=$(fsysopts /servers/socket/2 | sed 's/ /\n/g' | sed -n 's/--address6\?=\([a-f0-9.:]*\).*/\1/p')
;;
*)
IPADDRS="TODO"
;;
esac
IPADDR=$(echo $IPADDRS | sed 's/ .*//')
db_subst $TEMPLATE_ROOT/start ip $IPADDR
db_subst $TEMPLATE_ROOT/start ips $IPADDRS
db_subst $TEMPLATE_ROOT/start fingerprint $KEY_FINGERPRINT
case "$ARCHDETECT" in
arm*/kirkwood)
# QNAP devices
if type qcommand >/dev/null 2>&1; then
qcommand statusled greenon
qcommand buzzer short
fi
# LaCie Network Space v2 (and parents) and d2 Network v2
for led_dev in ns_v2 d2net_v2; do
if [ -e /sys/class/leds/$led_dev:blue:sata/brightness ]; then
echo 0 > /sys/class/leds/$led_dev:blue:sata/brightness
fi
if [ -e /sys/class/leds/$led_dev:red:fail/brightness ]; then
echo 255 > /sys/class/leds/$led_dev:red:fail/brightness
fi
done
# LaCie 2Big Network v2
if [ -e /sys/class/leds/net2big-v2:red:power/brightness ]; then
echo 255 > /sys/class/leds/net2big-v2:red:power/brightness
fi
# LaCie 5Big Network v2
if [ -e /sys/class/leds/net5big-v2:red:power/brightness ]; then
echo 255 > /sys/class/leds/net5big-v2:red:power/brightness
fi
# Buffalo Linkstation LS-CHLv2/LS-XHL
if [ -e /sys/class/leds/lsxl:blue:power/trigger ]; then
echo none > /sys/class/leds/lsxl:blue:power/trigger
fi
if [ -e /sys/class/leds/lsxl:red:alarm/brightness ]; then
echo 255 > /sys/class/leds/lsxl:red:alarm/brightness
fi
;;
arm*/orion5x)
# Buffalo devices
if type micro_evtd.command >/dev/null 2>&1; then
micro_evtd.command init
fi
# QNAP devices
if type qcommand >/dev/null 2>&1; then
qcommand statusled greenon
qcommand buzzer short
fi
# HP mv2120
if [ -e /sys/class/leds/mv2120:blue:health/trigger ]; then
echo none > /sys/class/leds/mv2120:blue:health/trigger
fi
if [ -e /sys/class/leds/mv2120:blue:health ]; then
echo 1 > /sys/class/leds/mv2120:blue:health/brightness
fi
;;
armhf/generic)
# Seagate Personal Cloud (Cumulus)
if [ -e /sys/devices/platform/gpio-leds/leds/cumulus:red:sata0/brightness ]; then
echo 0 > /sys/devices/platform/gpio-leds/leds/cumulus:red:sata0/brightness
fi
# Seagate NAS (Dart)
if [ -e /sys/devices/platform/gpio-leds/leds/dart:red:power/brightness ]; then
echo 0 > /sys/devices/platform/gpio-leds/leds/dart:red:power/brightness
fi
;;
esac
db_input critical $TEMPLATE_ROOT/start || true
db_go
|
