Re: [osinfo-db 1/2] install-script, suse: Add install-scripts for SLES 12+

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Apr 23, 2017 at 12:41:30AM +0200, Fabiano Fidêncio wrote:
> The install-scripts added support SLES 12, SLES 12 SP1 and SLES 12 SP2.
> 
> Those scripts were completely based on the openSUSE ones and tested
> against the "free for download" ISOs provided by SUSE, that you can find
> in: https://www.suse.com/download-linux/
> 
> Signed-off-by: Fabiano Fidêncio <fabiano@xxxxxxxxxxxx>
> ---
>  .../suse.com/suse-autoyast-desktop.xml.in          | 287 +++++++++++++++++++++
>  .../suse.com/suse-autoyast-jeos.xml.in             | 201 +++++++++++++++
>  data/os/suse.com/sles-12.1.xml.in                  |   7 +-
>  data/os/suse.com/sles-12.2.xml.in                  |  13 +-
>  data/os/suse.com/sles-12.xml.in                    |   7 +-
>  5 files changed, 509 insertions(+), 6 deletions(-)
>  create mode 100644 data/install-script/suse.com/suse-autoyast-desktop.xml.in
>  create mode 100644 data/install-script/suse.com/suse-autoyast-jeos.xml.in
> 
> diff --git a/data/install-script/suse.com/suse-autoyast-desktop.xml.in b/data/install-script/suse.com/suse-autoyast-desktop.xml.in
> new file mode 100644
> index 0000000..acb38c1
> --- /dev/null
> +++ b/data/install-script/suse.com/suse-autoyast-desktop.xml.in
> @@ -0,0 +1,287 @@
> +<libosinfo version="0.0.1">
> +<!-- Licensed under the GNU General Public License version 2 or later.
> +     See http://www.gnu.org/licenses/ for a copy of the license text -->
> +
> +  <!-- DESKTOP PROFILE -->
> +  <install-script id='http://suse.com/suse/autoyast/desktop'>
> +    <profile>desktop</profile>
> +    <expected-filename>autoinst.xml</expected-filename>
> +    <config>
> +      <!-- Localization options -->
> +      <param name="l10n-keyboard" policy="optional" value-map="http://x.org/x11-keyboard"/>
> +      <param name="l10n-language" policy="optional"/>
> +      <param name="l10n-timezone" policy="optional"/>
> +
> +      <!-- Network options -->
> +      <param name="hostname" policy="optional"/>
> +      <param name="domain" policy="optional"/>
> +
> +      <!-- Account options -->
> +      <param name="admin-password" policy="optional"/>
> +      <param name="user-fullname" policy="optional"/>
> +      <param name="user-login" policy="required"/>
> +      <param name="user-password" policy="optional"/>
> +      <param name="avatar-location" policy="optional"/>
> +      <param name="avatar-disk" policy="optional"/>
> +    </config>
> +    <injection-method>disk</injection-method>
> +
> +    <template>
> +      <xsl:stylesheet
> +        xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
> +        version="1.0">
> +
> +        <xsl:output method="xml" indent="yes" omit-xml-declaration="yes"/>
> +
> +        <xsl:template name="l10n-language">
> +          <xsl:choose>
> +            <xsl:when test="config/l10n-language != '' and config/l10n-language != 'C'">
> +              <xsl:value-of select="config/l10n-language"/>
> +            </xsl:when>
> +            <xsl:otherwise>
> +              <xsl:text>en_US</xsl:text>
> +            </xsl:otherwise>
> +          </xsl:choose>
> +        </xsl:template>
> +
> +        <xsl:template name="l10n-keyboard">
> +          <xsl:choose>
> +            <xsl:when test="config/l10n-keyboard != '' and config/l10n-keyboard != 'C'">
> +              <xsl:value-of select="config/l10n-keyboard"/>
> +            </xsl:when>
> +            <xsl:otherwise>
> +              <xsl:text>us</xsl:text>
> +            </xsl:otherwise>
> +          </xsl:choose>
> +        </xsl:template>
> +
> +        <xsl:template match="/command-line">
> +            <xsl:text>autoyast=device://sda/</xsl:text>

I guess vda is not valid there?

> +            <xsl:value-of select="script/expected-filename"/>
> +        </xsl:template>
> +
> +        <xsl:template match="/install-script-config">
> +          <profile xmlns="http://www.suse.com/1.0/yast2ns"; xmlns:config="http://www.suse.com/1.0/configns";>
> +            <bootloader>
> +              <device_map config:type="list">
> +                <device_map_entry>
> +                  <firmware>hd0</firmware>
> +                  <linux>/dev/vda</linux>
> +                </device_map_entry>
> +              </device_map>
> +              <global>
> +                <activate>true</activate>
> +                <append>resume=/dev/vda1 splash=silent quiet showopts</append>
> +                <boot_boot>false</boot_boot>
> +                <boot_extended>false</boot_extended>
> +                <boot_mbr>false</boot_mbr>
> +                <boot_root>true</boot_root>
> +                <default>0</default>
> +                <distributor/>
> +                <failsafe_disabled>true</failsafe_disabled>
> +                <generic_mbr>true</generic_mbr>
> +                <gfxmode>auto</gfxmode>
> +                <os_prober>true</os_prober>
> +                <terminal>gfxterm</terminal>
> +                <timeout config:type="integer">8</timeout>
> +                <vgamode/>
> +              </global>
> +              <loader_type>grub2</loader_type>
> +            </bootloader>
> +            <firewall>
> +              <enable_firewall config:type="boolean">false</enable_firewall>
> +              <start_firewall config:type="boolean">false</start_firewall>
> +            </firewall>

Any particular reason to disable firewall?

> +            <general>
> +              <ask-list config:type="list"/>
> +              <mode>
> +                <confirm config:type="boolean">false</confirm>
> +                <final_reboot config:type="boolean">true</final_reboot>
> +              </mode>
> +              <proposals config:type="list"/>
> +              <signature-handling>
> +                <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum>
> +                <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key>
> +                <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key>
> +                <accept_unsigned_file config:type="boolean">true</accept_unsigned_file>
> +                <accept_verification_failed config:type="boolean">false</accept_verification_failed>
> +                <import_gpg_key config:type="boolean">true</import_gpg_key>
> +              </signature-handling>

This seems fairly unsecure too, is this required?


> +              <storage>
> +                <partition_alignment config:type="symbol">align_optimal</partition_alignment>
> +                <start_multipath config:type="boolean">false</start_multipath>
> +              </storage>
> +            </general>
> +            <keyboard>
> +              <keyboard_values>
> +                <delay/>
> +                <discaps config:type="boolean">false</discaps>
> +                <numlock>bios</numlock>
> +                <rate/>
> +              </keyboard_values>
> +              <keymap><xsl:call-template name="l10n-keyboard"/></keymap>
> +            </keyboard>
> +            <language><xsl:call-template name="l10n-language"/></language>
> +          <networking>
> +            <managed config:type="boolean">false</managed>
> +            <interfaces  config:type="list">
> +              <interface>
> +                <bootproto>dhcp</bootproto>
> +                  <device>eth0</device>
> +                  <startmode>auto</startmode>
> +                  <usercontrol>no</usercontrol>
> +                </interface>
> +            </interfaces>
> +          </networking>
> +          <partitioning config:type="list">
> +            <drive>
> +              <device>/dev/vda</device>
> +              <type config:type="symbol">CT_DISK</type>
> +              <use>all</use>
> +            </drive>
> +          </partitioning>
> +            <report>
> +              <errors>
> +                <log config:type="boolean">true</log>
> +                <show config:type="boolean">true</show>
> +                <timeout config:type="integer">0</timeout>
> +              </errors>
> +              <messages>
> +                <log config:type="boolean">true</log>
> +                <show config:type="boolean">true</show>
> +                <timeout config:type="integer">10</timeout>
> +              </messages>
> +              <warnings>
> +                <log config:type="boolean">true</log>
> +                <show config:type="boolean">true</show>
> +                <timeout config:type="integer">10</timeout>
> +              </warnings>
> +              <yesno_messages>
> +                <log config:type="boolean">true</log>
> +                <show config:type="boolean">true</show>
> +                <timeout config:type="integer">10</timeout>
> +              </yesno_messages>
> +            </report>
> +            <scripts>
> +              <chroot-scripts config:type="list">
> +                <script>
> +                  <chrooted config:type="boolean">true</chrooted>
> +                  <source>
> +
> +if test -z '<xsl:value-of select="config/user-password"/>'; then
> +pam-config -a --unix-nullok
> +pam-config -a --nullok

Shouldn't this be conditional on the SUSE version as done below?

> +
> +<xsl:if test="os/version = 12">
> +useradd <xsl:value-of select="config/user-login"/> -m -G users
> +passwd -d <xsl:value-of select="config/user-login"/>
> +</xsl:if>

Does this mean we are not setting a password on older suse?

> +
> +#Enable passwordless login for users that are part of the nopasswdlogin group
> +sed -i '4 i auth sufficient pam_succeed_if.so user ingroup nopasswdlogin' /etc/pam.d/gdm-password
> +fi
> +
> +if test -n '<xsl:value-of select="config/avatar-location"/>'; then
> +# Set user avatar
> +mkdir /mnt/unattended-media
> +mount <xsl:value-of select='config/avatar-disk'/> /mnt/unattended-media
> +cp /mnt/unattended-media<xsl:value-of select="config/avatar-location"/> /var/lib/AccountsService/icons/<xsl:value-of select="config/user-login"/>
> +umount /mnt/unattended-media
> +
> +echo "
> +[User]
> +Language=<xsl:value-of select="config/l10n-language"/>.UTF-8
> +XSession=gnome
> +Icon=/var/lib/AccountsService/icons/<xsl:value-of select="config/user-login"/>
> +" >> /var/lib/AccountsService/users/<xsl:value-of select="config/user-login"/>
> +fi
> +                  </source>
> +                </script>
> +              </chroot-scripts>
> +            </scripts>
> +            <services-manager>
> +              <default_target>graphical</default_target>
> +            </services-manager>
> +            <software>
> +              <packages config:type="list">
> +                <package>autoyast2-installation</package>
> +                <package>gdm</package>
> +              </packages>
> +              <patterns config:type="list">
> +                <pattern>Minimal</pattern>
> +                <pattern>apparmor</pattern>
> +                <pattern>base</pattern>
> +                <pattern>gnome-basic</pattern>
> +                <pattern>printing</pattern>
> +                <xsl:if test="os/version &gt; 12">
> +                  <pattern>smt</pattern>
> +                </xsl:if>
> +                <pattern>x11</pattern>
> +              </patterns>
> +            </software>
> +            <sysconfig config:type="list">
> +              <sysconfig_entry>
> +                <sysconfig_key>DISPLAYMANAGER</sysconfig_key>
> +                <sysconfig_path>/etc/sysconfig/displaymanager</sysconfig_path>
> +                <sysconfig_value>gdm</sysconfig_value>
> +              </sysconfig_entry>
> +              <sysconfig_entry>
> +                <sysconfig_key>DEFAULT_WM</sysconfig_key>
> +                <sysconfig_path>/etc/sysconfig/windowmanager</sysconfig_path>
> +                <sysconfig_value>gnome</sysconfig_value>
> +              </sysconfig_entry>
> +            </sysconfig>
> +            <timezone>
> +              <hwclock>UTC</hwclock>
> +              <timezone><xsl:value-of select="config/l10n-timezone"/></timezone>
> +            </timezone>
> +            <user_defaults>
> +              <expire/>
> +              <group>100</group>
> +              <groups/>
> +              <home>/home</home>
> +              <inactive>-1</inactive>
> +              <no_groups config:type="boolean">true</no_groups>
> +              <shell>/bin/bash</shell>
> +              <skel>/etc/skel</skel>
> +              <umask>022</umask>
> +            </user_defaults>

Same question, a bit below you check for suse version before allowing
empty passwords, should the condition be here too?

> +            <xsl:if test="config/user-password = ''">
> +              <groups config:type="list">
> +                <group>
> +                  <group_password>x</group_password>
> +                  <groupname>nopasswdlogin</groupname>
> +                  <userlist><xsl:value-of select="config/user-login"/></userlist>
> +                </group>
> +              </groups>
> +            </xsl:if>
> +            <users config:type="list">
> +              <user>
> +                <encrypted config:type="boolean">false</encrypted>
> +                <fullname>root</fullname>
> +                <gid>0</gid>
> +                <home>/root</home>
> +                <shell>/bin/bash</shell>
> +                <uid>0</uid>
> +                <user_password><xsl:value-of select="config/admin-password"/></user_password>
> +                <username>root</username>
> +              </user>
> +              <!--
> +                While SLES 12 doesn't allow creating a user without a password,
> +                it's okay to do so on the newer versions
> +                -->
> +              <xsl:if test="config/user-password != '' or os/version &gt; 12">
> +                <user>
> +                  <encrypted config:type="boolean">false</encrypted>
> +                  <fullname><xsl:value-of select="config/user-fullname"/></fullname>
> +                  <user_password><xsl:value-of select="config/user-password"/></user_password>
> +                  <username><xsl:value-of select="config/user-login"/></username>
> +                </user>
> +              </xsl:if>

So we don't set a user password on older suse?

Christophe

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux