On Sun, Apr 23, 2017 at 12:41:30AM +0200, Fabiano Fidêncio wrote: > The install-scripts added support SLES 12, SLES 12 SP1 and SLES 12 SP2. > > Those scripts were completely based on the openSUSE ones and tested > against the "free for download" ISOs provided by SUSE, that you can find > in: https://www.suse.com/download-linux/ > > Signed-off-by: Fabiano Fidêncio <fabiano@xxxxxxxxxxxx> > --- > .../suse.com/suse-autoyast-desktop.xml.in | 287 +++++++++++++++++++++ > .../suse.com/suse-autoyast-jeos.xml.in | 201 +++++++++++++++ > data/os/suse.com/sles-12.1.xml.in | 7 +- > data/os/suse.com/sles-12.2.xml.in | 13 +- > data/os/suse.com/sles-12.xml.in | 7 +- > 5 files changed, 509 insertions(+), 6 deletions(-) > create mode 100644 data/install-script/suse.com/suse-autoyast-desktop.xml.in > create mode 100644 data/install-script/suse.com/suse-autoyast-jeos.xml.in > > diff --git a/data/install-script/suse.com/suse-autoyast-desktop.xml.in b/data/install-script/suse.com/suse-autoyast-desktop.xml.in > new file mode 100644 > index 0000000..acb38c1 > --- /dev/null > +++ b/data/install-script/suse.com/suse-autoyast-desktop.xml.in > @@ -0,0 +1,287 @@ > +<libosinfo version="0.0.1"> > +<!-- Licensed under the GNU General Public License version 2 or later. > + See http://www.gnu.org/licenses/ for a copy of the license text --> > + > + <!-- DESKTOP PROFILE --> > + <install-script id='http://suse.com/suse/autoyast/desktop'> > + <profile>desktop</profile> > + <expected-filename>autoinst.xml</expected-filename> > + <config> > + <!-- Localization options --> > + <param name="l10n-keyboard" policy="optional" value-map="http://x.org/x11-keyboard"/> > + <param name="l10n-language" policy="optional"/> > + <param name="l10n-timezone" policy="optional"/> > + > + <!-- Network options --> > + <param name="hostname" policy="optional"/> > + <param name="domain" policy="optional"/> > + > + <!-- Account options --> > + <param name="admin-password" policy="optional"/> > + <param name="user-fullname" policy="optional"/> > + <param name="user-login" policy="required"/> > + <param name="user-password" policy="optional"/> > + <param name="avatar-location" policy="optional"/> > + <param name="avatar-disk" policy="optional"/> > + </config> > + <injection-method>disk</injection-method> > + > + <template> > + <xsl:stylesheet > + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"; > + version="1.0"> > + > + <xsl:output method="xml" indent="yes" omit-xml-declaration="yes"/> > + > + <xsl:template name="l10n-language"> > + <xsl:choose> > + <xsl:when test="config/l10n-language != '' and config/l10n-language != 'C'"> > + <xsl:value-of select="config/l10n-language"/> > + </xsl:when> > + <xsl:otherwise> > + <xsl:text>en_US</xsl:text> > + </xsl:otherwise> > + </xsl:choose> > + </xsl:template> > + > + <xsl:template name="l10n-keyboard"> > + <xsl:choose> > + <xsl:when test="config/l10n-keyboard != '' and config/l10n-keyboard != 'C'"> > + <xsl:value-of select="config/l10n-keyboard"/> > + </xsl:when> > + <xsl:otherwise> > + <xsl:text>us</xsl:text> > + </xsl:otherwise> > + </xsl:choose> > + </xsl:template> > + > + <xsl:template match="/command-line"> > + <xsl:text>autoyast=device://sda/</xsl:text> I guess vda is not valid there? > + <xsl:value-of select="script/expected-filename"/> > + </xsl:template> > + > + <xsl:template match="/install-script-config"> > + <profile xmlns="http://www.suse.com/1.0/yast2ns"; xmlns:config="http://www.suse.com/1.0/configns";> > + <bootloader> > + <device_map config:type="list"> > + <device_map_entry> > + <firmware>hd0</firmware> > + <linux>/dev/vda</linux> > + </device_map_entry> > + </device_map> > + <global> > + <activate>true</activate> > + <append>resume=/dev/vda1 splash=silent quiet showopts</append> > + <boot_boot>false</boot_boot> > + <boot_extended>false</boot_extended> > + <boot_mbr>false</boot_mbr> > + <boot_root>true</boot_root> > + <default>0</default> > + <distributor/> > + <failsafe_disabled>true</failsafe_disabled> > + <generic_mbr>true</generic_mbr> > + <gfxmode>auto</gfxmode> > + <os_prober>true</os_prober> > + <terminal>gfxterm</terminal> > + <timeout config:type="integer">8</timeout> > + <vgamode/> > + </global> > + <loader_type>grub2</loader_type> > + </bootloader> > + <firewall> > + <enable_firewall config:type="boolean">false</enable_firewall> > + <start_firewall config:type="boolean">false</start_firewall> > + </firewall> Any particular reason to disable firewall? > + <general> > + <ask-list config:type="list"/> > + <mode> > + <confirm config:type="boolean">false</confirm> > + <final_reboot config:type="boolean">true</final_reboot> > + </mode> > + <proposals config:type="list"/> > + <signature-handling> > + <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum> > + <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key> > + <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key> > + <accept_unsigned_file config:type="boolean">true</accept_unsigned_file> > + <accept_verification_failed config:type="boolean">false</accept_verification_failed> > + <import_gpg_key config:type="boolean">true</import_gpg_key> > + </signature-handling> This seems fairly unsecure too, is this required? > + <storage> > + <partition_alignment config:type="symbol">align_optimal</partition_alignment> > + <start_multipath config:type="boolean">false</start_multipath> > + </storage> > + </general> > + <keyboard> > + <keyboard_values> > + <delay/> > + <discaps config:type="boolean">false</discaps> > + <numlock>bios</numlock> > + <rate/> > + </keyboard_values> > + <keymap><xsl:call-template name="l10n-keyboard"/></keymap> > + </keyboard> > + <language><xsl:call-template name="l10n-language"/></language> > + <networking> > + <managed config:type="boolean">false</managed> > + <interfaces config:type="list"> > + <interface> > + <bootproto>dhcp</bootproto> > + <device>eth0</device> > + <startmode>auto</startmode> > + <usercontrol>no</usercontrol> > + </interface> > + </interfaces> > + </networking> > + <partitioning config:type="list"> > + <drive> > + <device>/dev/vda</device> > + <type config:type="symbol">CT_DISK</type> > + <use>all</use> > + </drive> > + </partitioning> > + <report> > + <errors> > + <log config:type="boolean">true</log> > + <show config:type="boolean">true</show> > + <timeout config:type="integer">0</timeout> > + </errors> > + <messages> > + <log config:type="boolean">true</log> > + <show config:type="boolean">true</show> > + <timeout config:type="integer">10</timeout> > + </messages> > + <warnings> > + <log config:type="boolean">true</log> > + <show config:type="boolean">true</show> > + <timeout config:type="integer">10</timeout> > + </warnings> > + <yesno_messages> > + <log config:type="boolean">true</log> > + <show config:type="boolean">true</show> > + <timeout config:type="integer">10</timeout> > + </yesno_messages> > + </report> > + <scripts> > + <chroot-scripts config:type="list"> > + <script> > + <chrooted config:type="boolean">true</chrooted> > + <source> > + > +if test -z '<xsl:value-of select="config/user-password"/>'; then > +pam-config -a --unix-nullok > +pam-config -a --nullok Shouldn't this be conditional on the SUSE version as done below? > + > +<xsl:if test="os/version = 12"> > +useradd <xsl:value-of select="config/user-login"/> -m -G users > +passwd -d <xsl:value-of select="config/user-login"/> > +</xsl:if> Does this mean we are not setting a password on older suse? > + > +#Enable passwordless login for users that are part of the nopasswdlogin group > +sed -i '4 i auth sufficient pam_succeed_if.so user ingroup nopasswdlogin' /etc/pam.d/gdm-password > +fi > + > +if test -n '<xsl:value-of select="config/avatar-location"/>'; then > +# Set user avatar > +mkdir /mnt/unattended-media > +mount <xsl:value-of select='config/avatar-disk'/> /mnt/unattended-media > +cp /mnt/unattended-media<xsl:value-of select="config/avatar-location"/> /var/lib/AccountsService/icons/<xsl:value-of select="config/user-login"/> > +umount /mnt/unattended-media > + > +echo " > +[User] > +Language=<xsl:value-of select="config/l10n-language"/>.UTF-8 > +XSession=gnome > +Icon=/var/lib/AccountsService/icons/<xsl:value-of select="config/user-login"/> > +" >> /var/lib/AccountsService/users/<xsl:value-of select="config/user-login"/> > +fi > + </source> > + </script> > + </chroot-scripts> > + </scripts> > + <services-manager> > + <default_target>graphical</default_target> > + </services-manager> > + <software> > + <packages config:type="list"> > + <package>autoyast2-installation</package> > + <package>gdm</package> > + </packages> > + <patterns config:type="list"> > + <pattern>Minimal</pattern> > + <pattern>apparmor</pattern> > + <pattern>base</pattern> > + <pattern>gnome-basic</pattern> > + <pattern>printing</pattern> > + <xsl:if test="os/version > 12"> > + <pattern>smt</pattern> > + </xsl:if> > + <pattern>x11</pattern> > + </patterns> > + </software> > + <sysconfig config:type="list"> > + <sysconfig_entry> > + <sysconfig_key>DISPLAYMANAGER</sysconfig_key> > + <sysconfig_path>/etc/sysconfig/displaymanager</sysconfig_path> > + <sysconfig_value>gdm</sysconfig_value> > + </sysconfig_entry> > + <sysconfig_entry> > + <sysconfig_key>DEFAULT_WM</sysconfig_key> > + <sysconfig_path>/etc/sysconfig/windowmanager</sysconfig_path> > + <sysconfig_value>gnome</sysconfig_value> > + </sysconfig_entry> > + </sysconfig> > + <timezone> > + <hwclock>UTC</hwclock> > + <timezone><xsl:value-of select="config/l10n-timezone"/></timezone> > + </timezone> > + <user_defaults> > + <expire/> > + <group>100</group> > + <groups/> > + <home>/home</home> > + <inactive>-1</inactive> > + <no_groups config:type="boolean">true</no_groups> > + <shell>/bin/bash</shell> > + <skel>/etc/skel</skel> > + <umask>022</umask> > + </user_defaults> Same question, a bit below you check for suse version before allowing empty passwords, should the condition be here too? > + <xsl:if test="config/user-password = ''"> > + <groups config:type="list"> > + <group> > + <group_password>x</group_password> > + <groupname>nopasswdlogin</groupname> > + <userlist><xsl:value-of select="config/user-login"/></userlist> > + </group> > + </groups> > + </xsl:if> > + <users config:type="list"> > + <user> > + <encrypted config:type="boolean">false</encrypted> > + <fullname>root</fullname> > + <gid>0</gid> > + <home>/root</home> > + <shell>/bin/bash</shell> > + <uid>0</uid> > + <user_password><xsl:value-of select="config/admin-password"/></user_password> > + <username>root</username> > + </user> > + <!-- > + While SLES 12 doesn't allow creating a user without a password, > + it's okay to do so on the newer versions > + --> > + <xsl:if test="config/user-password != '' or os/version > 12"> > + <user> > + <encrypted config:type="boolean">false</encrypted> > + <fullname><xsl:value-of select="config/user-fullname"/></fullname> > + <user_password><xsl:value-of select="config/user-password"/></user_password> > + <username><xsl:value-of select="config/user-login"/></username> > + </user> > + </xsl:if> So we don't set a user password on older suse? Christophe
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo
