diff --git a/ublinux/os-config b/ublinux/os-config index 71fe288..d0b48db 100644 --- a/ublinux/os-config +++ b/ublinux/os-config @@ -188,7 +188,8 @@ ZONE=Etc/UTC SYSCONF=/etc/ublinux #/rc.preinit.d/21-ntp -NTPSERVERS_DEFAULT="ntp1.vniiftri.ru ntp2.vniiftri.ru ntp3.vniiftri.ru ntp4.vniiftri.ru ntp21.vniiftri.ru ru.pool.ntp.org" +NTPSERVERS_DEFAULT="0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org" +NTPSERVERS_RU="ntp1.vniiftri.ru ntp2.vniiftri.ru ntp3.vniiftri.ru ntp4.vniiftri.ru ntp21.vniiftri.ru ru.pool.ntp.org" NTPSERVERS_FALLBACK="0.ru.pool.ntp.org 1.ru.pool.ntp.org 2.ru.pool.ntp.org 3.ru.pool.ntp.org" NTP_SYSTEMSERVICE="systemd-timesyncd.service" diff --git a/ublinux/rc.local.d/41-x11vnc b/ublinux/rc.local.d/41-x11vnc index 8eaa590..3e7a2d2 100755 --- a/ublinux/rc.local.d/41-x11vnc +++ b/ublinux/rc.local.d/41-x11vnc @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash ENABLED=yes [[ ${ENABLED} == yes ]] || exit 0 @@ -21,17 +21,16 @@ debug_mode "$0" "$@" chmod 600 /root/.vnc/.passwd ## Show obscured password #/usr/bin/x11vnc -showrfbauth /root/.vnc/passwd - OPTION_PASSWD="-rfbauth /root/.vnc/.passwd" fi - if [[ -z ${X11VNC[disable]} && -z ${X11VNC[nodisplay]} && ${X11VNC[display]} != "disable" && ${X11VNC[display]} != "no" ]]; then - if systemctl --quiet is-enabled lightdm.service &>/dev/null || systemctl --quiet is-enabled lightdm-plymouth.service &>/dev/null; then - for ID_DISPLAY in /var/run/lightdm/root/:*; do - FILE_X11VNC_SERVICE="/usr/lib/systemd/system/x11vnc-ublinux:${ID_DISPLAY##*:}.service" - OPTION_DISPLAY="-display WAIT:${ID_DISPLAY##*:} -auth /var/run/lightdm/root/:${ID_DISPLAY##*:}" - OPTION_LOG="-o /var/log/x11vnc-ublinux:${ID_DISPLAY##*:}.log" - OPTION_PORT="-autoport 590${ID_DISPLAY##*:}" - mkdir -p "${FILE_X11VNC_SERVICE%/*}" - cat << EOF > "${FILE_X11VNC_SERVICE}" + [[ -f /root/.vnc/.passwd ]] && OPTION_RFBAUTH_PASSWD="-rfbauth /root/.vnc/.passwd" + if systemctl --quiet is-enabled lightdm.service &>/dev/null || systemctl --quiet is-enabled lightdm-plymouth.service &>/dev/null; then + for ID_DISPLAY in /var/run/lightdm/root/:*; do + FILE_X11VNC_SERVICE="/usr/lib/systemd/system/x11vnc-ublinux:${ID_DISPLAY##*:}.service" + OPTION_DISPLAY="-display WAIT:${ID_DISPLAY##*:} -auth /var/run/lightdm/root/:${ID_DISPLAY##*:}" + OPTION_LOG="-o /var/log/x11vnc-ublinux:${ID_DISPLAY##*:}.log" + OPTION_PORT="-autoport 590${ID_DISPLAY##*:}" + mkdir -p "${FILE_X11VNC_SERVICE%/*}" + cat << EOF > "${FILE_X11VNC_SERVICE}" [Unit] Description=VNC Server for X11:${ID_DISPLAY##*:} Requires=graphical.target @@ -40,7 +39,7 @@ After=graphical.target [Service] #ExecStartPre=/bin/sh -c 'while ! pgrep -U "root" Xorg; do sleep 2; done' ExecStart= -ExecStart=/usr/bin/x11vnc ${OPTION_GLOBAL} ${OPTION_PORT} ${OPTION_DISPLAY} ${OPTION_PASSWD} ${OPTION_LOG} ${X11VNC[options]} +ExecStart=/usr/bin/x11vnc ${OPTION_GLOBAL} ${OPTION_PORT} ${OPTION_DISPLAY} ${OPTION_RFBAUTH_PASSWD} ${OPTION_LOG} ${X11VNC[options]} Restart=always RestartSec=5 SuccessExitStatus=2 @@ -48,18 +47,17 @@ SuccessExitStatus=2 [Install] WantedBy=graphical.target EOF - systemctl --quiet is-enabled ${FILE_X11VNC_SERVICE##*/} &>/dev/null && systemctl daemon-reload &>/dev/null - [[ -f ${FILE_X11VNC_SERVICE} ]] && systemctl --quiet enable ${FILE_X11VNC_SERVICE##*/} &>/dev/null && systemctl --quiet restart ${FILE_X11VNC_SERVICE##*/} &>/dev/null - done - elif systemctl --quiet is-enabled gdm.service &>/dev/null || systemctl --quiet is-enabled gdm-plymouth.service &>/dev/null; then - true - elif systemctl --quiet is-enabled lxdm.service &>/dev/null || systemctl --quiet is-enabled lxdm-plymouth.service &>/dev/null; then - true - elif systemctl --quiet is-enabled sddm.service &>/dev/null || systemctl --quiet is-enabled sddm-plymouth.service &>/dev/null; then - true - elif systemctl --quiet is-enabled slim.service &>/dev/null || systemctl --quiet is-enabled slim-plymouth.service &>/dev/null; then - true - fi + systemctl --quiet is-enabled ${FILE_X11VNC_SERVICE##*/} &>/dev/null && systemctl daemon-reload &>/dev/null + [[ -f ${FILE_X11VNC_SERVICE} ]] && systemctl --quiet enable ${FILE_X11VNC_SERVICE##*/} &>/dev/null && systemctl --quiet restart ${FILE_X11VNC_SERVICE##*/} &>/dev/null + done + elif systemctl --quiet is-enabled gdm.service &>/dev/null || systemctl --quiet is-enabled gdm-plymouth.service &>/dev/null; then + true + elif systemctl --quiet is-enabled lxdm.service &>/dev/null || systemctl --quiet is-enabled lxdm-plymouth.service &>/dev/null; then + true + elif systemctl --quiet is-enabled sddm.service &>/dev/null || systemctl --quiet is-enabled sddm-plymouth.service &>/dev/null; then + true + elif systemctl --quiet is-enabled slim.service &>/dev/null || systemctl --quiet is-enabled slim-plymouth.service &>/dev/null; then + true fi ## Создаём сервисы пользовательские for X11VNC_NEW in "${!X11VNC[@]}"; do diff --git a/ublinux/rc.post.d/09-automount b/ublinux/rc.post.d/09-automount index d0918d9..0686398 100755 --- a/ublinux/rc.post.d/09-automount +++ b/ublinux/rc.post.d/09-automount @@ -1,46 +1,55 @@ -#!/bin/bash +#!/usr/bin/env bash ENABLED=yes [[ ${ENABLED} == "yes" ]] || exit 0 DEBUGMODE=no -#SMBOPTSDEF="vers=3,nolock,users,noauto" +PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin + +unset ROOTFS; [[ -d /usr/lib/ublinux ]] || ROOTFS=. +SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 +SOURCE=${ROOTFS}/usr/lib/ublinux/os-config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 +debug_mode "$0" "$@" +SYSCONF="${ROOTFS}/${SYSCONF}" +SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null +SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null +SOURCE=${SYSCONF}/server; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null +SOURCE=${SYSCONF}/network; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null + +#SMBOPTSDEF="vers=3,nolock,users,noauto" # Everybody will have full read/write access # OPTSDEF="noperm" OPTSDEF="" -. /usr/lib/ublinux/functions -. /usr/lib/ublinux/os-config -debug_mode "$0" "$@" - -SOURCE=${SYSCONF}/config; [ -f ${SOURCE} ] && . ${SOURCE} 2>/dev/null - +exec_mount_direct(){ if [[ -n "${AUTOMOUNT_SHARE[@]}" ]]; then - for SHARE in "${!AUTOMOUNT_SHARE[@]}"; do - MOUNT_MODE=$(cut -d: -f1 <<< ${AUTOMOUNT_SHARE[${SHARE}]}) + #typeset -p AUTOMOUNT_SHARE + for SELECT_SHARE in ${!AUTOMOUNT_SHARE[@]}; do + #while IFS=' ' read -r -d $'\n' SELECT_SHARE; do + IFS=: read -r MOUNT_MODE SOURCE_MOUNT GROUP MOD OPTS NULL <<< "${AUTOMOUNT_SHARE[${SELECT_SHARE}]}" if [[ ${MOUNT_MODE} == "direct" ]]; then - PATH_MOUNT_FROM="$(cut -d: -f2 <<< ${AUTOMOUNT_SHARE[${SHARE}]})" - [[ -d ${SHARE} ]] && umount -qRlf "${SHARE}" || mkdir -p "${SHARE}" - GROUP="$(cut -d: -f3 <<< ${AUTOMOUNT_SHARE[${SHARE}]})" - [[ -n ${GROUP} ]] && chown -f root:${GROUP} ${SHARE} - MOD="$(cut -d: -f4 <<< ${AUTOMOUNT_SHARE[${SHARE}]})" - [[ -n ${MOD} ]] && chmod -f ${MOD} "${SHARE}" - OPTS="$(cut -d: -f5 <<< ${AUTOMOUNT_SHARE[${SHARE}]})" + [[ -d ${SELECT_SHARE} ]] && umount -qRlf "${SELECT_SHARE}" || mkdir -p "${SELECT_SHARE}" + [[ -n ${GROUP} ]] && chown -f root:${GROUP} "${SELECT_SHARE}" + [[ -n ${MOD} ]] && chmod -f ${MOD} "${SELECT_SHARE}" [[ -z ${OPTS} ]] && OPTS="${OPTSDEF}" [[ -n ${OPTS} ]] && OPTS=" -o ${OPTS}" - mount ${PATH_MOUNT_FROM} ${SHARE} ${OPTS} + mount "${SOURCE_MOUNT}" "${SELECT_SHARE}" ${OPTS} elif [[ ${MOUNT_MODE} == "virtiofs" ]]; then - PATH_MOUNT_TAG="$(cut -d: -f2 <<< ${AUTOMOUNT_SHARE[${SHARE}]})" - [[ -d ${SHARE} ]] && umount -qRlf "${SHARE}" || mkdir -p "${SHARE}" - GROUP="$(cut -d: -f3 <<< ${AUTOMOUNT_SHARE[${SHARE}]})" - [[ -n ${GROUP} ]] && chown -f root:${GROUP} ${SHARE} - MOD="$(cut -d: -f4 <<< ${AUTOMOUNT_SHARE[${SHARE}]})" - [[ -n ${MOD} ]] && chmod -f ${MOD} "${SHARE}" - OPTS="$(cut -d: -f5 <<< ${AUTOMOUNT_SHARE[${SHARE}]})" + [[ -d ${SELECT_SHARE} ]] && umount -qRlf "${SELECT_SHARE}" || mkdir -p "${SELECT_SHARE}" + [[ -n ${GROUP} ]] && chown -f root:${GROUP} "${SELECT_SHARE}" + [[ -n ${MOD} ]] && chmod -f ${MOD} "${SELECT_SHARE}" [[ -z ${OPTS} ]] && OPTS="${OPTSDEF}" [[ -n ${OPTS} ]] && OPTS=" -o ${OPTS}" - mount -t virtiofs ${PATH_MOUNT_TAG} ${SHARE} ${OPTS} - fi + mount -t virtiofs "${SOURCE_MOUNT}" "${SELECT_SHARE}" ${OPTS} + fi + #done <<< ${!AUTOMOUNT_SHARE[@]} done fi +} + +################ +##### MAIN ##### +################ + + exec_mount_direct $@ diff --git a/ublinux/rc.post.d/10-brand-backgrounds b/ublinux/rc.post.d/10-brand-backgrounds index 74c7780..2b39611 100755 --- a/ublinux/rc.post.d/10-brand-backgrounds +++ b/ublinux/rc.post.d/10-brand-backgrounds @@ -297,25 +297,25 @@ insert_background_icon(){ # Вычисление соотношения сторон экрана ratio=$(bc <<< "scale=2;${width}/${hight}") - if [ $(bc -l <<< "${ratio}==1.33") -eq 1 ]; then + if [[ "$(bc -l <<< "${ratio}==1.33")" == 1 ]]; then fname_ratio="4:3" - elif [ $(bc -l <<< "${ratio}==1.25") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==1.25")" == 1 ]]; then fname_ratio="5:4" - elif [ $(bc -l <<< "${ratio}==1.77") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==1.77")" == 1 ]]; then fname_ratio="16:9" - elif [ $(bc -l <<< "${ratio}==1.6") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==1.6")" == 1 ]]; then fname_ratio="16:10" - elif [ $(bc -l <<< "${ratio}==2.38") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==2.38")" == 1 ]]; then fname_ratio="21:9" - elif [ $(bc -l <<< "${ratio}==2.37") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==2.37")" == 1 ]]; then fname_ratio="21:9" - elif [ $(bc -l <<< "${ratio}==2.40") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==2.40")" == 1 ]]; then fname_ratio="12:5" - elif [ $(bc -l <<< "${ratio}==1.89") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==1.89")" == 1 ]]; then fname_ratio="256:135" - elif [ $(bc -l <<< "${ratio}==2.89") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==2.89")" == 1 ]]; then fname_ratio="1024:429" - elif [ $(bc -l <<< "${ratio}==1.85") -eq 1 ]; then + elif [[ "$(bc -l <<< "${ratio}==1.85")" == 1 ]]; then fname_ratio="999:540" else fname_ratio="unknown" diff --git a/ublinux/rc.preinit.d/21-ntp b/ublinux/rc.preinit.d/21-ntp index ef1dbfb..1175374 100755 --- a/ublinux/rc.preinit.d/21-ntp +++ b/ublinux/rc.preinit.d/21-ntp @@ -45,7 +45,7 @@ exec_ntp_servers_set(){ # Вызывая из NetworkManager скрипта, переменна ${NTPSERVERS} перезаписана на сервера NTP из DHCP [[ -n $1 ]] && local NTPSERVERS="$1" fi - if [[ ${NTPSERVERS,,} == "stop" ]]; then + if [[ ${NTPSERVERS,,} == @(stop|no|disable) ]]; then exec_ntp_servers_stop elif [[ ${NTPSERVERS,,} == "dhcp" ]]; then # Активная systemd и выбран сервис NTP_SYSTEMSERVICE=systemd-timesyncd.service @@ -54,6 +54,7 @@ exec_ntp_servers_set(){ fi elif [[ -n ${NTPSERVERS} ]]; then [[ ${NTPSERVERS,,} == "default" ]] && NTPSERVERS=${NTPSERVERS_DEFAULT} + [[ ${NTPSERVERS,,} == "ntp-ru" ]] && NTPSERVERS=${NTPSERVERS_RU} # Активная systemd и выбран сервис NTP_SYSTEMSERVICE=systemd-timesyncd.service if [[ -n ${ISSYSTEMD} && ${NTP_SYSTEMSERVICE} == "systemd-timesyncd.service" && -f ${ROOTFS}/usr/lib/systemd/system/systemd-timesyncd.service ]]; then NTPSERVERS=$(tr ',;' ' ' <<< ${NTPSERVERS}) diff --git a/ublinux/rc.preinit.d/31-network-proxy-system b/ublinux/rc.preinit.d/31-network-proxy-system index 1d830ae..9fcffbc 100755 --- a/ublinux/rc.preinit.d/31-network-proxy-system +++ b/ublinux/rc.preinit.d/31-network-proxy-system @@ -18,6 +18,7 @@ debug_mode "$0" "$@" SYSCONF="${ROOTFS}/${SYSCONF}" SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null +SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null SOURCE=${SYSCONF}/network; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null ## Установка системных прокси для HTTP,HTTPS,FTP,SOCKS,RSYNC и адреса исключений EXCLUDE @@ -29,13 +30,13 @@ SOURCE=${SYSCONF}/network; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null exec_proxy_system(){ FILE_SH_PROXY=${ROOTFS}/etc/profile.d/proxy_ubconfig.sh FILE_CSH_PROXY=${ROOTFS}/etc/profile.d/proxy_ubconfig.csh - if [[ ${PROXY_SYSTEM[0],,} == @(n|no|none|disable) ]]; then + if [[ -z ${PROXY_SYSTEM[@]} || ${PROXY_SYSTEM[0],,} == @(n|no|none|disable) ]]; then rm -f ${FILE_SH_PROXY} 2>/dev/null rm -f ${FILE_CSH_PROXY} 2>/dev/null elif [[ -n ${PROXY_SYSTEM[@]} ]]; then true > ${FILE_SH_PROXY} true > ${FILE_CSH_PROXY} - chmod 755 ${FILE_SH_PROXY} ${FILE_CSH_PROXY} + chmod 644 ${FILE_SH_PROXY} ${FILE_CSH_PROXY} for PROTOCOL in http https ftp socks rsync all exclude; do if [[ ${PROXY_SYSTEM[${PROTOCOL}],,} == @(n|no|none|disable) ]]; then [[ ${PROTOCOL,,} == "exclude" ]] && PROTOCOL_PREFIX="no" || PROTOCOL_PREFIX="${PROTOCOL,,}" diff --git a/ublinux/rc.preinit.d/52-desktop b/ublinux/rc.preinit.d/52-desktop index 1392c66..522e5d4 100755 --- a/ublinux/rc.preinit.d/52-desktop +++ b/ublinux/rc.preinit.d/52-desktop @@ -15,12 +15,12 @@ SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2> SOURCE=${ROOTFS}/usr/lib/ublinux/os-config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 debug_mode "$0" "$@" -[ -f etc/inittab ] && sed -i 's/id:.:initdefault:/id:5:initdefault:/' etc/inittab - -SYSCONF="${ROOTFS}/${SYSCONF}" +SYSCONF="${ROOTFS}${SYSCONF}" SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null +SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null SOURCE=${SYSCONF}/desktop; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null +[[ -f ${ROOTFS}/etc/inittab ]] && sed -i 's/id:.:initdefault:/id:5:initdefault:/' ${ROOTFS}/etc/inittab switch3don(){ echo "COMPOSITING_SERVER_START=no" >${SYSCONF}/compositing-server @@ -156,10 +156,6 @@ done [[ -z "${DISPLAYMANAGER}" && -z "${DESKTOP}" ]] && disabledmde -# Autodetect FirstStart -# Если пароли по умолчанию ublinux, то FirstStart - grep -q "^root:${DEFAULTROOTPASSWD}:" etc/shadow && grep -q "^$(cat etc/passwd | grep ".*:x:${ADMUID}:" | cut -d: -f1):${DEFAULTPASSWD}:" etc/shadow && touch ${SYSCONF}/firststart || rm -f ${SYSCONF}/firststart - # Set default user to Display Manager if [[ "${DISPLAYMANAGER}" == "lightdm" && ${DISPLAYMANAGER_DEFAULTUSER} ]]; then sed -i /DISPLAYMANAGER_DEFAULTUSER=/d ${SYSCONF}/desktop diff --git a/ublinux/rc.preinit.d/53-language b/ublinux/rc.preinit.d/53-language index 1a9eb7d..29c9245 100755 --- a/ublinux/rc.preinit.d/53-language +++ b/ublinux/rc.preinit.d/53-language @@ -11,32 +11,35 @@ DEBUGMODE=no PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin -. usr/lib/ublinux/functions -. usr/lib/ublinux/os-config +[[ -d /usr/lib/ublinux ]] && { unset ROOTFS; unset CMD_CHROOT; } || { ROOTFS="/sysroot"; CMD_CHROOT="chroot ${ROOTFS}"; } +SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 +SOURCE=${ROOTFS}/usr/lib/ublinux/os-config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 debug_mode "$0" "$@" -echo $SYSCONF | grep -q ^/ && SYSCONF=.$SYSCONF -SOURCE=${SYSCONF}/keyboard; [ -f "${SOURCE}" ] && . ${SOURCE} 2>/dev/null -SOURCE=${SYSCONF}/locale; [ -f "${SOURCE}" ] && . ${SOURCE} 2>/dev/null +SYSCONF="${ROOTFS}${SYSCONF}" +SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null +SOURCE=${SYSCONF}/keyboard; [ -f ${SOURCE} ] && . ${SOURCE} 2>/dev/null +SOURCE=${SYSCONF}/locale; [ -f ${SOURCE} ] && . ${SOURCE} 2>/dev/null + NEWLANG=$(cmdline_value lang) [[ -z ${NEWLANG} ]] || { LOCALE+=",${NEWLANG}" && LANG="${NEWLANG}"; } for I_LOCALE in ${LOCALE//,/ }; do - sed -i "s/^#${I_LOCALE} /${I_LOCALE} /g" etc/locale.gen + sed -i "s/^#${I_LOCALE} /${I_LOCALE} /g" ${ROOTFS}/etc/locale.gen done -chroot . env LANG=${LANG} locale > etc/locale.conf +${CMD_CHROOT} env LANG=${LANG} locale > ${ROOTFS}/etc/locale.conf [[ -n ${FORCE_LOCARCHIVE} ]] && FORCEGEN=1 -[[ ! -f usr/lib/locale/locale-archive ]] && FORCEGEN=1 +[[ ! -f ${ROOTFS}/usr/lib/locale/locale-archive ]] && FORCEGEN=1 #[[ "$(echo -e ${LOCALE//,/\\n} | sort -fu)" != "$(chroot . localedef --list-archive | sort -fu)" ]] && FORCEGEN=1 [[ -n ${FORCEGEN} ]] && chroot . locale-gen &>/dev/null #; unset LANG; source /etc/profile.d/locale.sh" # Если имеются языкозависимые файлы, то копируем в корень -[[ -d usr/share/ublinux/langs/${LANG} ]] && cp -pfr usr/share/ublinux/langs/${LANG}/* ./ +[[ -d ${ROOTFS}/usr/share/ublinux/langs/${LANG} ]] && cp -pfr ${ROOTFS}/usr/share/ublinux/langs/${LANG}/* ./ -echo FONT=${CONSOLE_FONT} > etc/vconsole.conf -echo KEYMAP=${KEYBOARD} >> etc/vconsole.conf -[[ -z ${KEYMAP_TOGGLE} ]] || echo KEYMAP_TOGGLE="${KEYMAP_TOGGLE}" >> etc/vconsole.conf +echo FONT=${CONSOLE_FONT} > ${ROOTFS}/etc/vconsole.conf +echo KEYMAP=${KEYBOARD} >> ${ROOTFS}/etc/vconsole.conf +[[ -z ${KEYMAP_TOGGLE} ]] || echo KEYMAP_TOGGLE="${KEYMAP_TOGGLE}" >> ${ROOTFS}/etc/vconsole.conf diff --git a/ublinux/rc.preinit.d/80-server-containers-storage b/ublinux/rc.preinit.d/80-server-containers-storage index 9e5d9c8..5fb90f8 100755 --- a/ublinux/rc.preinit.d/80-server-containers-storage +++ b/ublinux/rc.preinit.d/80-server-containers-storage @@ -22,29 +22,27 @@ SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null SOURCE=${SYSCONF}/server; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null exec_storage_containers_path(){ - FILE_STORAGE_CONTAINERS_CONF="${ROOTFS}/etc/containers/storage.conf" + STORAGE_CONTAINERS_NAME="storage.containers" + STORAGE_CONTAINERS_PATH_DEFAULT="/memory/layer-base/1/${STORAGE_CONTAINERS_NAME}" STORAGE_CONTAINERS_PATH_SYSTEM="/var/lib/containers/storage" - STORAGE_CONTAINERS_PATH_DEFAULT="/memory/layer-base/1/storage.containers" + FILE_STORAGE_CONTAINERS_CONF="/etc/containers/storage.conf" if [[ -n ${STORAGE_CONTAINERS_PATH} ]]; then if [[ ${STORAGE_CONTAINERS_PATH,,} == @(y|yes|enable) ]]; then + [[ -d ${STORAGE_CONTAINERS_PATH_DEFAULT} ]] || install -dm0755 ${STORAGE_CONTAINERS_PATH_DEFAULT} STORAGE_CONTAINERS_PATH=${STORAGE_CONTAINERS_PATH_DEFAULT} - elif [[ ${STORAGE_CONTAINERS_PATH,,} == @(bind) ]]; then - STORAGE_CONTAINERS_PATH=${STORAGE_CONTAINERS_PATH_SYSTEM} - [[ -d ${ROOTFS}/${STORAGE_CONTAINERS_PATH_DEFAULT} ]] || install -dm0700 ${ROOTFS}/${STORAGE_CONTAINERS_PATH_DEFAULT} - mount -o bind ${ROOTFS}/${STORAGE_CONTAINERS_PATH_DEFAULT} ${ROOTFS}/${STORAGE_CONTAINERS_PATH_SYSTEM} + elif [[ ${STORAGE_CONTAINERS_PATH} =~ ^/memory/|^/mnt/(livemedia|livedata)/ ]]; then + [[ -d ${STORAGE_CONTAINERS_PATH} ]] || install -dm0755 ${STORAGE_CONTAINERS_PATH} fi - [[ -d ${ROOTFS}/${STORAGE_CONTAINERS_PATH} ]] || install -dm0700 ${ROOTFS}/${STORAGE_CONTAINERS_PATH} - if [[ -d ${ROOTFS}/${STORAGE_CONTAINERS_PATH} ]] && ! grep -qi "^\s*graphroot = \"${STORAGE_CONTAINERS_PATH}\"" ${FILE_STORAGE_CONTAINERS_CONF}; then - if grep -qi "^\s*graphroot" ${FILE_STORAGE_CONTAINERS_CONF}; then - sed -r "s:^\s*(graphroot).*:\1 = \"${STORAGE_CONTAINERS_PATH}\":g" -i ${FILE_STORAGE_CONTAINERS_CONF} - elif grep -qi "^\s*#graphroot" ${FILE_STORAGE_CONTAINERS_CONF}; then - sed "/^\s*#graphroot\s*/agraphroot = \"${STORAGE_CONTAINERS_PATH}\"" -i ${FILE_STORAGE_CONTAINERS_CONF} + if ! grep -qi "^\s*graphroot = \"${STORAGE_CONTAINERS_PATH}\"" ${ROOTFS}/${FILE_STORAGE_CONTAINERS_CONF}; then + if grep -qi "^\s*graphroot" ${ROOTFS}/${FILE_STORAGE_CONTAINERS_CONF}; then + sed -r "s:^\s*(graphroot).*:\1 = \"${STORAGE_CONTAINERS_PATH}\":g" -i ${ROOTFS}/${FILE_STORAGE_CONTAINERS_CONF} + elif grep -qi "^\s*#graphroot" ${ROOTFS}/${FILE_STORAGE_CONTAINERS_CONF}; then + sed "/^\s*#graphroot\s*/agraphroot = \"${STORAGE_CONTAINERS_PATH}\"" -i ${ROOTFS}/${FILE_STORAGE_CONTAINERS_CONF} else - sed "/^\s*\[storage\]\s*/agraphroot = \"${STORAGE_CONTAINERS_PATH}\"" -i ${FILE_STORAGE_CONTAINERS_CONF} + sed "/^\s*\[storage\]\s*/agraphroot = \"${STORAGE_CONTAINERS_PATH}\"" -i ${ROOTFS}/${FILE_STORAGE_CONTAINERS_CONF} fi fi - fi } diff --git a/ublinux/rc.preinit.d/81-server-qemu-storage b/ublinux/rc.preinit.d/81-server-libvirt-storage similarity index 57% rename from ublinux/rc.preinit.d/81-server-qemu-storage rename to ublinux/rc.preinit.d/81-server-libvirt-storage index 05bf312..1b8af8a 100755 --- a/ublinux/rc.preinit.d/81-server-qemu-storage +++ b/ublinux/rc.preinit.d/81-server-libvirt-storage @@ -21,27 +21,26 @@ SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null SOURCE=${SYSCONF}/server; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null -exec_storage_qemu_path(){ - STORAGE_QEMU_POOL_NAME="storage.qemu" - STORAGE_QEMU_PATH_DEFAULT="/memory/layer-base/1/storage.qemu" - if [[ -n ${STORAGE_QEMU_PATH} ]]; then - if [[ ${STORAGE_QEMU_PATH,,} == @(y|yes|enable) ]]; then - STORAGE_QEMU_PATH=${STORAGE_QEMU_PATH_DEFAULT} +exec_storage_libvirt_path(){ + STORAGE_LIBVIRT_POOL_NAME="storage.libvirt" + STORAGE_LIBVIRT_PATH_DEFAULT="/memory/layer-base/1/${STORAGE_LIBVIRT_POOL_NAME}" + if [[ -n ${STORAGE_LIBVIRT_PATH} ]]; then + if [[ ${STORAGE_LIBVIRT_PATH,,} == @(y|yes|enable) ]]; then + STORAGE_LIBVIRT_PATH=${STORAGE_LIBVIRT_PATH_DEFAULT} + [[ -d ${STORAGE_LIBVIRT_PATH} ]] || install -dm0755 ${STORAGE_LIBVIRT_PATH} + elif [[ ${STORAGE_LIBVIRT_PATH} =~ ^/memory/|^/mnt/(livemedia|livedata)/ ]]; then + [[ -d ${STORAGE_LIBVIRT_PATH} ]] || install -dm0755 ${STORAGE_LIBVIRT_PATH} fi - [[ -d ${ROOTFS}/etc/libvirt/storage/autostart ]] || install -dm0755 ${ROOTFS}/etc/libvirt/storage/autostart - [[ -d ${ROOTFS}/${STORAGE_QEMU_PATH} ]] || install -dm0755 ${ROOTFS}/${STORAGE_QEMU_PATH} - if [[ -d ${ROOTFS}/${STORAGE_QEMU_PATH} ]]; then - ln -sf /etc/libvirt/storage/${STORAGE_QEMU_POOL_NAME}.xml ${ROOTFS}/etc/libvirt/storage/autostart/${STORAGE_QEMU_POOL_NAME}.xml - cat < "${ROOTFS}/etc/libvirt/storage/${STORAGE_QEMU_POOL_NAME}.xml" + cat < "${ROOTFS}/etc/libvirt/storage/${STORAGE_LIBVIRT_POOL_NAME}.xml" - ${STORAGE_QEMU_POOL_NAME} + ${STORAGE_LIBVIRT_POOL_NAME} 22e1f043-1fcb-4017-8afd-d44ebea9c8e4 0 0 @@ -49,17 +48,17 @@ or other application using the libvirt API. - ${STORAGE_QEMU_PATH} + ${STORAGE_LIBVIRT_PATH} EOF - fi - fi + [[ -d ${ROOTFS}/etc/libvirt/storage/autostart ]] || install -dm0755 ${ROOTFS}/etc/libvirt/storage/autostart + ln -sf /etc/libvirt/storage/${STORAGE_LIBVIRT_POOL_NAME}.xml ${ROOTFS}/etc/libvirt/storage/autostart/${STORAGE_LIBVIRT_POOL_NAME}.xml } ################ ##### MAIN ##### ################ - exec_storage_qemu_path $@ + exec_storage_libvirt_path $@ diff --git a/ublinux/rc.preinit/01-inifile b/ublinux/rc.preinit/01-inifile index db92ba4..8c216d9 100755 --- a/ublinux/rc.preinit/01-inifile +++ b/ublinux/rc.preinit/01-inifile @@ -11,55 +11,60 @@ DEBUGMODE=no PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin -INIGZFILE=$(find /memory -maxdepth 1 -iname "*.ini.gz") -. usr/lib/ublinux/functions -. usr/lib/ublinux/os-config +unset ROOTFS; [[ -d /usr/lib/ublinux ]] || ROOTFS=. +SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 +SOURCE=${ROOTFS}/usr/lib/ublinux/os-config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 debug_mode "$0" "$@" -[ -f $INIGZFILE ] || INIGZFILE=$(find /tmp -maxdepth 1 -iname "*.ini.gz") -[ -f $INIGZFILE ] || echo "Config file '*.ini.gz' not found!" -grep -q ^/ <<< "${SYSCONF}" && SYSCONF=.${SYSCONF} +SYSCONF="${ROOTFS}${SYSCONF}" + + INIGZFILE=$(find /memory -maxdepth 1 -iname "*.ini.gz") + [[ -f ${INIGZFILE} ]] || INIGZFILE=$(find /tmp -maxdepth 1 -iname "*.ini.gz") + [[ -f ${INIGZFILE} ]] || echo "Config file '*.ini.gz' not found!" [[ -d ${SYSCONF} ]] || mkdir -p "${SYSCONF}" - rm -rdf ${SYSCONF}/{..?*,.[!.]*,*} 2>/dev/null + rm -rf ${SYSCONF}/{..?*,.[!.]*,*} 2>/dev/null -# ublinux.ini processing - FNAME="${SYSCONF}/config" - FMOD= - touch ${FNAME} - zcat $INIGZFILE | egrep '^DEFAULTPASSWD|^DEFAULTROOTPASSWD|^NEEDEDUSERS|^USERADD' > /tmp/.credential +## Парсим файл ublinux.ini.gz и создаём конфигурацию системы в ${SYSCONF} + FILE_CONFIG="${SYSCONF}/config" + touch ${FILE_CONFIG} + zcat ${INIGZFILE} | grep -E '^DEFAULTPASSWD|^DEFAULTROOTPASSWD|^NEEDEDUSERS|^USERADD' > /tmp/.ublinux_accounts_credential while read LINE; do - if grep -q "^\[.*\][[:space:]]*" <<< ${LINE}; then - FNAME=$(echo "${LINE}" | tr '[]' '|' | cut -d'|' -f2 | sed s-^/--) - FMOD=$(echo "${LINE}" | tr '[]' '|' | cut -d'|' -f3 | tr -d ' ') - PATH_FNAME=$(dirname "${FNAME}") - [[ ${PATH_FNAME} == "." ]] && FNAME="${SYSCONF}/${FNAME}" - if [ -n "${FMOD}" ]; then - mkdir -p "${PATH_FNAME}" - [ -e "${FNAME}" ] || touch "${FNAME}" - chmod "${FMOD}" "${FNAME}" + if [[ ${LINE} =~ ^\[.*\] ]]; then + FILE_CONFIG=$(tr '[]' '|' <<< "${LINE}" | cut -d'|' -f2) + FILE_CONFIG_MOD=$(tr '[]' '|' <<< "${LINE}" | cut -d'|' -f3 | tr -d ' ') + PATH_FILE_CONFIG=${FILE_CONFIG%/*} + # Если указан файл без пути, то добавить путь по умолчанию ${SYSCONF} + [[ ${PATH_FILE_CONFIG} =~ "/" ]] && FILE_CONFIG="${ROOTFS}${FILE_CONFIG}" || FILE_CONFIG="${SYSCONF}/${FILE_CONFIG}" + if [[ -n ${FILE_CONFIG_MOD} ]]; then + mkdir -p "${PATH_FILE_CONFIG}" + [[ -e ${FILE_CONFIG} ]] || touch "${FILE_CONFIG}" + chmod "${FILE_CONFIG_MOD}" "${FILE_CONFIG}" fi - elif grep -q "^-" <<< "${LINE}"; then - LINE_NEW=$(echo "${LINE}" | sed 's/^-//') - sed -i /^"${LINE_NEW}"$/d "${FNAME}" - elif grep -q "^|" <<< "${LINE}"; then - echo "${LINE}" | sed 's/^|//' >> "${FNAME}" - elif grep -q "^+" <<< "${LINE}"; then - LINE_NEW=$(echo "${LINE}" | sed 's/^+//') - grep -q "${LINE_NEW}" "${FNAME}" || echo "${LINE_NEW}" >> "${FNAME}" + elif [[ ${LINE} =~ ^\- ]]; then + LINE_NEW=$(sed 's/^-//' <<< "${LINE}") + ESC_LINE_NEW=$(sed 's/[^a-zA-Z0-9,._@%-]/\\&/g' <<< "${LINE_NEW}") + sed -E "/^${ESC_LINE_NEW}$/d" -i "${FILE_CONFIG}" + elif [[ ${LINE} =~ ^\| ]]; then + sed 's/^|//' <<< "${LINE}" >> "${FILE_CONFIG}" + elif [[ ${LINE} =~ ^\+ ]]; then + LINE_NEW=$(sed 's/^+//' <<< "${LINE}") + ESC_LINE_NEW=$(sed 's/[^a-zA-Z0-9,._@%-]/\\&/g' <<< "${LINE_NEW}") + grep -Eq "${ESC_LINE_NEW}" "${FILE_CONFIG}" || echo "${LINE_NEW}" >> "${FILE_CONFIG}" else - LINE_NEW=$(cut -d= -f1 <<< "${LINE}") - [ "${LINE_NEW}" = "" ] && continue - if ! grep -q "^[[:space:]]*${LINE_NEW}=" "${FNAME}" 2>/dev/null; then - grep -q "^${LINE}$" "${FNAME}" 2>/dev/null || echo "${LINE}" >> "${FNAME}" - else - sed -i 's|'"^[[:space:]]*${LINE_NEW}=.*$"'|'"${LINE}"'|' "${FNAME}" - fi + NAME_VAR=$(cut -d= -f1 <<< "${LINE}") + [[ -z ${NAME_VAR} ]] && continue + ESC_NAME_VAR=$(sed 's/[^a-zA-Z0-9,._@%-]/\\&/g' <<< "${NAME_VAR}") + [[ -f ${FILE_CONFIG} ]] \ + && grep -Eq "^\s*${ESC_NAME_VAR}=" "${FILE_CONFIG}" 2>/dev/null \ + && sed -E "/^\s*${ESC_NAME_VAR}=/d" -i "${FILE_CONFIG}" + echo "${LINE}" >> "${FILE_CONFIG}" fi - done < <(zcat $INIGZFILE | egrep -v '^DEFAULTPASSWD|^DEFAULTROOTPASSWD|^NEEDEDUSERS|^USERADD|^\s*#|^\s*$') -# Mark associative array - for FILE_CONFIG in ${SYSCONF}/*; do - DECLARE_A=$(cat "${FILE_CONFIG}" | egrep "^[A-z0-9_]*\[.*\]=.*" | sed -E "s/\[.*//" | uniq | tr "\n" " ") - [[ -z ${DECLARE_A} ]] || sed -E -i "1i declare -A ${DECLARE_A}" -i "${FILE_CONFIG}" - done - \ No newline at end of file + done < <(zcat ${INIGZFILE} | grep -Ev '^DEFAULTPASSWD|^DEFAULTROOTPASSWD|^NEEDEDUSERS|^USERADD|^\s*#|^\s*$') + +## Декларируем ассоциативный массив, если присутствуют соответствующие переменные + while read FILE_CONFIG; do + grep -q "^declare -A" "${FILE_CONFIG}" 2>/dev/null && sed "/^declare -A/d" -i "${FILE_CONFIG}" + DECLARE_A=$(grep -E "^[A-z0-9_]*\[.*\]=.*" "${FILE_CONFIG}" | sed -E "s/\[.*//" | sort -u | tr "\n" " ") + [[ -z ${DECLARE_A} ]] || sed "1i declare -A ${DECLARE_A}" -i "${FILE_CONFIG}" + done < <(find ${SYSCONF} -type f -print) diff --git a/ublinux/rc.preinit/10-accounts b/ublinux/rc.preinit/10-accounts index 8a7abdf..dc64f1c 100755 --- a/ublinux/rc.preinit/10-accounts +++ b/ublinux/rc.preinit/10-accounts @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Initial script for Live operating system # This script are launching before starting init from linux-live script. @@ -7,73 +7,170 @@ ENABLED=yes [[ ${ENABLED} == "yes" ]] || exit 0 +DEBUGMODE=no PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin -DEBUGMODE=no -. usr/lib/ublinux/functions -. usr/lib/ublinux/os-config + +[[ -d /usr/lib/ublinux ]] && { unset ROOTFS; unset CMD_CHROOT; } || { ROOTFS='.'; CMD_CHROOT='chroot . '; } +SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 +SOURCE=${ROOTFS}/usr/lib/ublinux/os-config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0 debug_mode "$0" "$@" -echo $SYSCONF | grep -q ^/ && SYSCONF=.$SYSCONF -SOURCE=${SYSCONF}/config; [ -f ${SOURCE} ] && . ${SOURCE} 2>/dev/null +SYSCONF="${ROOTFS}${SYSCONF}" +SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null +SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null + + FILE_PASSWD="${ROOTFS}/etc/passwd" + FILE_SHADOW="${ROOTFS}/etc/shadow" + FILE_GROUP="${ROOTFS}/etc/group" + FILE_GSHADOW="${ROOTFS}/etc/gshadow" + FILE_ACCOUNTS_CREDENTIAL="/tmp/.ublinux_accounts_credential" + + # /etc/shadow file format + # user:$6$.n.:17736:0:99999:7::: + # [--] [----] [---] - [---] ---- + # | | | | | |||+-----------> 9. Неиспользованный + # | | | | | ||+------------> 8. Срок годности + # | | | | | |+-------------> 7. Период бездействия + # | | | | | +--------------> 6. Период предупреждения + # | | | | +------------------> 5. Максимальный возраст пароля + # | | | +----------------------> 4. Минимальный возраст пароля + # | | +--------------------------> 3. Последнее изменение пароля + # | +---------------------------------> 2. Зашифрованный пароль + # +----------------------------------------> 1. Имя пользователя + # Если поле пароля содержит первый символ звездочку (*), то пользователь не сможет войти по паролю, но сможет другим способом (например по ключу через ssh) + # Если поле пароля содержит первый символ восклицательный знак (!), то пользователь вообще не сможет войти, даже по ключу + # Алгоритмы хеширования пароля: + # $1$ - MD5 + # $2a$ - Blowfish + # $2y$ - Eksblowfish + # $5$ - SHA-256 + # $6$ - SHA-512 + # $y$ - yescrypt +set_passwd(){ + USER_NAME="${1}" + USER_PASS="${2}" + [[ -n ${USER_NAME} ]] || return 1 + [[ -n ${USER_PASS} ]] || USER_PASS="x" + ESC_USER_PASS=$(sed 's/[^a-zA-Z0-9,._@%-]/\\&/g' <<< "${USER_PASS}") + EPOCH_DAY=$(( $(date +%s)/(60*60*24) )) # (60*60*24)=18400 second on day + USER_FROM_SHADOW=$(grep "^${USER_NAME}:" "${FILE_SHADOW}") + if [[ -z ${USER_FROM_SHADOW} ]]; then + echo "${USER_NAME}:${USER_PASS}:${EPOCH_DAY}:0:99999:7:::" >> "${FILE_SHADOW}" + elif [[ ! ${USER_FROM_SHADOW} =~ ^"${USER_NAME}:${USER_PASS}:" ]]; then + sed -E "s/^${USER_NAME}:[^:]+:[0-9]+:/${USER_NAME}:${ESC_USER_PASS}:${EPOCH_DAY}:/" -i "${FILE_SHADOW}" + sed -E "s/${USER_NAME}:[!]*:/${USER_NAME}:\!\*:/" -i "${FILE_SHADOW}" + #sed /^${USER_NAME}:/d -i "${FILE_SHADOW}" + #echo "${USER_NAME}:${USER_PASS}:${EPOCH_DAY}:0:99999:7:::" >> "${FILE_SHADOW}" + fi + } + +copy_skel_home(){ + local SELECT_USERNAME="${1}" + [[ -n ${SELECT_USERNAME} ]] || return 1 + cp -af ${ROOTFS}/etc/skel ${ROOTFS}/home/"${SELECT_USERNAME}" + #rsync -rlpt --ignore-existing etc/skel/ home/"${SELECT_USERNAME}" + ${CMD_CHROOT} ${ROOTFS}/usr/bin/chown -R "${SELECT_USERNAME}":"${SELECT_USERNAME}" ${ROOTFS}/home/"${SELECT_USERNAME}" + ${CMD_CHROOT} ${ROOTFS}/usr/bin/chmod -fR u+rw,g-rwx,o-rwx ${ROOTFS}/home/"${SELECT_USERNAME}"/ + ${CMD_CHROOT} ${ROOTFS}/usr/bin/chmod -f 700 ${ROOTFS}/home/"${SELECT_USERNAME}" +} + +exec_get_users(){ + if [[ -f ${FILE_ACCOUNTS_CREDENTIAL} ]]; then + DEFAULTPASSWD=$(grep "DEFAULTPASSWD=" "${FILE_ACCOUNTS_CREDENTIAL}" | tail -1 | tr -d "\'\""); DEFAULTPASSWD=${DEFAULTPASSWD#*=} + DEFAULTROOTPASSWD=$(grep "DEFAULTROOTPASSWD=" "${FILE_ACCOUNTS_CREDENTIAL}" | tail -1 | tr -d "\'\""); DEFAULTROOTPASSWD=${DEFAULTROOTPASSWD#*=} + NEEDEDUSERS=$(grep "NEEDEDUSERS=" "${FILE_ACCOUNTS_CREDENTIAL}" | tail -1 | tr -d "\'\""); NEEDEDUSERS=${NEEDEDUSERS#*=} + rm -f "${FILE_ACCOUNTS_CREDENTIAL}" + fi + [[ -z ${NEEDEDUSERS} ]] && NEEDEDUSERS="${DEFAULTUSER}:${ADMUID}:${DEFAULTPASSWD}:Администратор" + [[ -z $(cmdline_value users) ]] || NEEDEDUSERS=$(cmdline_value users) + [[ ${NOSECUREROOTPASSWD} == ${DEFAULTROOTPASSWD} ]] && ADDADM=yes +} -#$1 - username -#$2 - passwd -function set_passwd() { - sed -i /^$1:/d etc/shadow - echo "$1:$2:18652:0:99999:7:::" >> etc/shadow - sed -i s/$1:[!]*:/$1:x:/ etc/passwd -# if [ -d etc/tcb/$1 ] ;then -# sed -i /^$1:/d etc/tcb/$1/shadow -# echo "$1:$2:18652:0:99999:7:::" >> etc/tcb/$1/shadow -# fi +exec_add_groups(){ + # Создаём группы из ${DEFAULTGROUP},${ADMGROUPS},${USERGROUPS} c ID из /usr/share/ublinux-sysusers/*.sysusers + while read SELECT_GROUP; do + FINDGROUP=$(grep -i "g\s*${SELECT_GROUP}\s*[[:digit:]]\s*" ${ROOTFS}/usr/share/ublinux-sysusers/*.sysusers 2>/dev/null | xargs) + IFS=" " read -r NULL FINDGROUP_NAME FINDGROUP_ID NULL <<< "${FINDGROUP}" + if [[ -n ${FINDGROUP} ]]; then + if grep -q "^${SELECT_GROUP}:.*:${FINDGROUP_ID}:" ${FILE_GROUP} 2>/dev/null; then + # Группа найдена, имя и id совпадают, пропускаем добавление + continue + elif grep -q "^${SELECT_GROUP}:" ${FILE_GROUP} 2>/dev/null; then + # Группа найдена, имя и id несовпадают, удаляем группу + echo "WARNING: the group '${SELECT_GROUP}' has an id different from the template /usr/share/ublinux-sysusers/*.sysusers and the id will be changed to '${SELECT_GROUP}:${FINDGROUP_ID}'" + ${CMD_CHROOT} ${ROOTFS}/usr/bin/groupdel -f ${SELECT_GROUP} + fi + fi + [[ ${FINDGROUP_ID} == "" ]] || [[ ${FINDGROUP_ID} == "-" ]] || FINDGROUP_ID="-g ${FINDGROUP_ID}" + ${CMD_CHROOT} ${ROOTFS}/usr/bin/groupadd -f ${FINDGROUP_ID} ${SELECT_GROUP} + done < <(tr ",;" "\n" <<< "${DEFAULTGROUP},${ADMGROUPS},${USERGROUPS}") } -for ITEM_USERGROUP in $(echo "${DEFAULTGROUP},${ADMGROUPS},${USERGROUPS}" | tr ",;" " " ); do - FINDGROUP=$(grep -i "g\s*${ITEM_USERGROUP}\s*[[:digit:]]\s*" usr/share/ublinux-sysusers/*.sysusers | cut -d ":" -f2 | xargs) - if [[ -n ${FINDGROUP} ]]; then - FINDGROUP_NAMEGROUP=$(echo ${FINDGROUP} | cut -d' ' -f2) - FINDGROUP_IDGROUP=$(echo ${FINDGROUP} | cut -d " " -f3) - chroot . usr/bin/groupadd -f -g ${FINDGROUP_IDGROUP} ${FINDGROUP_NAMEGROUP} +exec_neededusers(){ + while read SELECT_USER; do + IFS=: read -r SELECT_USERNAME SELECT_UID SELECT_PASS SELECT_GECOS NULL <<< "${SELECT_USER}" + [[ ${SELECT_PASS} == "x" ]] && SELECT_PASS="${DEFAULTPASSWD}" + ADDGROUPS="${USERGROUPS}" + [[ ${SELECT_UID} == ${ADMUID} && ${ADDADM} == "yes" ]] && ADDGROUPS="${USERGROUPS},${ADMGROUPS}" + # Создаём пользователя + if ! grep -q ^"${SELECT_USERNAME}": ${FILE_PASSWD} 2>/dev/null; then + [[ -n ${SELECT_UID} ]] && ARG_SELECT_UID="-u ${SELECT_UID}" || unset ARG_SELECT_UID + [[ -n ${DEFAULTGROUP} ]] && ARG_DEFAULTGROUP="-G ${DEFAULTGROUP}" || unset ARG_DEFAULTGROUP + if [[ -x ${ROOTFS}/usr/bin/useradd ]]; then + [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="-c ${SELECT_GECOS}" || unset ARG_SELECT_GECOS + ${CMD_CHROOT} ${ROOTFS}/usr/bin/useradd -M ${ARG_DEFAULTGROUP} ${ARG_SELECT_UID} ${ARG_SELECT_GECOS} ${SELECT_USERNAME} #>/dev/null 2>&1 + elif [[ -x ${ROOTFS}/usr/bin/adduser ]]; then + [[ -n ${SELECT_GECOS} ]] && ARG_SELECT_GECOS="-g ${SELECT_GECOS}" || unset ARG_SELECT_GECOS + ${CMD_CHROOT} ${ROOTFS}/usr/bin/adduser -D -H "${ARG_DEFAULTGROUP}" "${ARG_SELECT_UID}" "${ARG_SELECT_GECOS}" "${SELECT_USERNAME}" >/dev/null 2>&1 + fi + fi + # Добавляем пользователя в группу + USER_GROUPS="${ADDGROUPS//;/,}" + ${CMD_CHROOT} ${ROOTFS}/usr/bin/usermod -a -G ${USER_GROUPS%*,} ${SELECT_USERNAME} #>/dev/null 2>&1 + # Задаём пароль пользователю + set_passwd "${SELECT_USERNAME}" "${SELECT_PASS}" + # Создаём домашний каталог + if [[ ! -d ${ROOTFS}/home/"${SELECT_USERNAME}" ]]; then + copy_skel_home "${SELECT_USERNAME}" + elif [[ ${UPDATEHOME,,} == @(yes|y|enable) ]]; then + copy_skel_home "${SELECT_USERNAME}" + fi + done < <(tr ",;" "\n" <<< "${NEEDEDUSERS}") +} + +exec_set_root_pass(){ + if [[ -n ${DEFAULTROOTPASSWD} && ! ${DEFAULTROOTPASSWD} =~ @(no|none|disable) ]]; then + set_passwd root "${DEFAULTROOTPASSWD}" fi -done +} -[ -f /tmp/.credential ] && . /tmp/.credential && rm -f /tmp/.credential -[ -z "$NEEDEDUSERS" ] && NEEDEDUSERS="$DEFAULTUSER:$ADMUID:$DEFAULTPASSWD:Администратор" -[ -z "$(cmdline_value users)" ] || NEEDEDUSERS=$(cmdline_value users) -[ "$NOSECUREROOTPASSWD" = "$DEFAULTROOTPASSWD" ] && ADDADM=yes +exec_firststart(){ + # Autodetect firstboot + # Если пароли по умолчанию, то firstboot + grep -q "^root:${DEFAULTROOTPASSWD}:" ${ROOTFS}/etc/shadow \ + && grep -q "^$(cat ${ROOTFS}/etc/passwd | grep ".*:x:${ADMUID}:" | cut -d: -f1):${DEFAULTPASSWD}:" ${ROOTFS}/etc/shadow && touch ${SYSCONF}/firststart \ + || rm -f ${SYSCONF}/firststart +} +exec_verify_passwd(){ + if [[ -x ${ROOTFS}/usr/bin/pwck ]]; then + #yes | ${ROOTFS}/usr/bin/pwck --root ${PWD} > /dev/null + ${ROOTFS}/usr/bin/pwck -s --root ${PWD} + fi + if [[ -x ${ROOTFS}/usr/bin/grpck ]]; then + #yes | ${ROOTFS}/usr/bin/grpck --root ${PWD} > /dev/null + ${ROOTFS}/usr/bin/grpck -s --root ${PWD} + fi +} -for a in $(echo $NEEDEDUSERS | tr ",;" " " ) ;do - NEEDEDUSER="$(echo $a | awk -F: '{ print $1 }')" - NEEDEDUID="$(echo $a | awk -F: '{ print $2 }')" - NEEDEDPASS="$(echo $a | awk -F: '{ print $3 }')" - NEEDEDCOMMENT="$(echo $a | awk -F: '{ print $4 }')" - [ "${NEEDEDPASS}" = "x" ] && NEEDEDPASS="${DEFAULTPASSWD}" - ADDGROUPS="${USERGROUPS}" - [ "$NEEDEDUID" = "$ADMUID" -a "$ADDADM" = "yes" ] && ADDGROUPS="${USERGROUPS}","${ADMGROUPS}" - # create user - if ! grep -q ^"${NEEDEDUSER}": etc/passwd ;then - chroot . usr/sbin/useradd -M -G "${DEFAULTGROUP}" -u "${NEEDEDUID}" -c "${NEEDEDCOMMENT}" "${NEEDEDUSER}" >/dev/null 2>&1 || chroot . usr/sbin/adduser -D -H -G "${DEFAULTGROUP}" -u "${NEEDEDUID}" -g "${NEEDEDCOMMENT}" "${NEEDEDUSER}" >/dev/null 2>&1 - fi - # add to groups - for b in $(echo "${ADDGROUPS}" | tr ",;" " " ) ;do - chroot . usr/sbin/usermod -a -G $b "${NEEDEDUSER}" >/dev/null 2>&1 - done - # set password - [ "${NEEDEDPASS}" = "" ] || set_passwd "${NEEDEDUSER}" "${NEEDEDPASS}" - # create home - if [ ! -d home/"${NEEDEDUSER}" ] ;then - cp -a etc/skel home/"${NEEDEDUSER}" - chroot . bin/chown -R "${NEEDEDUSER}":"${NEEDEDUSER}" home/"${NEEDEDUSER}" - chroot . chmod -fR u+rw,g-rwx,o-rwx home/"${NEEDEDUSER}"/ - chroot . chmod -f 700 home/"${NEEDEDUSER}" - elif [ "${UPDATEHOME}" = "yes" ] ;then - cp -afT etc/skel home/"${NEEDEDUSER}" - #rsync -rlpt --ignore-existing etc/skel/ home/"${NEEDEDUSER}" - chroot . bin/chown -R "${NEEDEDUSER}":"${NEEDEDUSER}" home/"${NEEDEDUSER}" - chroot . chmod -fR u+rw,g-rwx,o-rwx home/"${NEEDEDUSER}"/ - chroot . chmod -f 700 home/"${NEEDEDUSER}" - fi -done -set_passwd root "${DEFAULTROOTPASSWD}" +################ +##### MAIN ##### +################ + + exec_get_users + exec_add_groups + exec_neededusers $@ + exec_set_root_pass + exec_firststart + exec_verify_passwd diff --git a/ublinux/templates/ublinux-data.ini b/ublinux/templates/ublinux-data.ini index f45b722..eaf752e 100644 --- a/ublinux/templates/ublinux-data.ini +++ b/ublinux/templates/ublinux-data.ini @@ -37,9 +37,9 @@ VERSION= #CMDLINE="noload=/12,/92 findswap" ## Default user password is 'ublinux' -## Что-бы получить хэш "openssl passwd -6 -salt ubsalt password" +## Что-бы получить хэш "openssl passwd -6 password" ## Хэш пароля для пользователя по умолчанию (стандартно ublinux) -## Если пароль стандартный, то будет подсказка + FIRSTSTART=yes > /etc/DESKTOP (Первый запуск для настройки системы) +## Если пароль стандартный, то будет подсказка на фоне рабочего стола + /etc/ublinux/firstboot (Первый запуск для настройки системы) DEFAULTPASSWD='$6$E7stRhRS8fCKk7UU$Qoqw62AUaUa5uLIc2KC7WV3MUThhrR8kjXtCODmnKCzKe2zHu1/wmsiWBHZEIk/IQnk/aELQYbUK93OUtrwg60' ## Default root password is 'ublinux' @@ -130,11 +130,11 @@ MACHINEID=hardware ## Пароль кодировать в base64: echo 'password' | base64 ## AUTOMOUNT_SHARE[mountpoint]='cifs:share:username:password_base64:domain:opt' ## AUTOMOUNT_SHARE[/mnt/cifs:share]='cifs://192.168.103.55/share:user:password_base64:domain:noperm,vers=1.0' -## AUTOMOUNT_SHARE[/mnt/sdb1]='direct:/dev/sdb1:wheel:775:noacl' -## AUTOMOUNT_SHARE[/mnt/sdb1]='virtiofs:mytag:wheel:775:' +## AUTOMOUNT_SHARE[/media/sdb1]='direct:/dev/sdb1:wheel:775:noacl' +## AUTOMOUNT_SHARE[/media/mytag]='virtiofs:mytag:wheel:775:' ## AUTOMOUNT_SHARE[/mnt/sshfs/user-1@192.168.1.1]='sshfs:superadmin@192.168.1.1:/home/user-1:password_base64:' #AUTOMOUNT_SHARE[/mnt/share2]='cifs://192.168.103.55/share2:share:password_base64:domain:noperm,vers=1.0' -#AUTOMOUNT_SHARE[/mnt/sda4]='direct:/dev/sda4:wheel:775:noacl' +#AUTOMOUNT_SHARE[/media/sda4]='direct:/dev/sda4:wheel:775:noacl' #AUTOMOUNT_SHARE[/mnt/sshfs/user-1@192.168.1.1]='sshfs:superadmin@192.168.1.1:/home/user-1:password_base64:' #AUTOMOUNT_SHARE[/mnt/nfs/user-1@192.168.1.1]='nfs:192.168.1.1:/home/user-1' @@ -259,11 +259,14 @@ GRUB_BOOT_SILENT="splash" ## Задать путь хранилища контейнеров containers/podman/docker ## STORAGE_CONTAINERS_PATH=<путь>|y|yes|enable ## <путь> # Путь до каталога хранилища контейнеров -## y|yes|enable # Задаст путь /memory/layer-base/1/storage.containers -## Создать хранилище образов для QEMU -## STORAGE_QEMU_PATH=<путь>|y|yes|enable +## y|yes|enable # Установит путь /memory/layer-base/1/storage.containers +#STORAGE_CONTAINERS_PATH=yes + +## Создать хранилище образов для libvirt как движок контроллера виртуализации openvz,kvm,qemu,virtualbox,xen и другие +## STORAGE_LIBVIRT_PATH=<путь>|y|yes|enable ## <путь> # Путь до каталога хранилища пула образов -## y|yes|enable # Задаст путь /memory/layer-base/1/storage.qemu +## y|yes|enable # Установит путь /memory/layer-base/1/storage.libvirt +#STORAGE_LIBVIRT_PATH=yes ################################################################################ ## Настройка сохранений @@ -289,6 +292,7 @@ GRUB_BOOT_SILENT="splash" #SAVE_MODULE_INCLUDE="/etc/pacman.d/gnupg,/etc/NetworkManager/system-connections" #SAVE_MODULE_EXCLUDE="/etc/ublinux" + ################################################################################ ## Настройка сети [/etc/ublinux/network] @@ -378,12 +382,13 @@ GRUB_BOOT_SILENT="splash" IPV6=no ## Серверы времени -## NTPSERVERS=dhcp|default|stop|$VALUE +## NTPSERVERS=dhcp|default|ntp-ru|stop|disable| ## =dhcp # Выбрать сервер времени предложенный DHCP -## =default # Выбрать сервера времени по умолчанию: ntp1.vniiftri.ru ntp2.vniiftri.ru ntp3.vniiftri.ru ntp4.vniiftri.ru ntp21.vniiftri.ru ru.pool.ntp.org -## =stop # Отключить NTP синхронизацию принудительно -## =ntp1.vniiftri.ru,ru.pool.ntp.org # VALUE=Перечень серверов, через ',' или ';' -## не задано # Никаких действий не предпринимается +## =default # Выбрать сервера времени по умолчанию: 0, 1, 2 и 3.pool.ntp.org указывают на случайно выбранные из пула сервера. Выбираются заново каждый час +## =ntp-ru # Выбрать сервера времени: ntp1.vniiftri.ru ntp2.vniiftri.ru ntp3.vniiftri.ru ntp4.vniiftri.ru ntp21.vniiftri.ru ru.pool.ntp.org +## =stop|no|disable # Отключить NTP синхронизацию принудительно +## = # Список серверов, через ',' или ';', например =ntp1.vniiftri.ru,ru.pool.ntp.org +## не задано # Не настраивать автоматически NTPSERVERS=dhcp ## Добавить порядок поиска DNS: avahi и winbind (default no) @@ -392,9 +397,9 @@ NSSWITCHWINBIND=yes ## Установка системных прокси для HTTP,HTTPS,FTP,SOCKS,RSYNC и адреса исключений EXCLUDE ## Для применения требуется перелогиниться -## PROXY_SYSTEM[%PROTOCOL%]=%SERVER% -## %PROTOCOL%=%null%|http|https|ftp|socks|rsync|all|auto|exclude -## %null% # Глобально, используется только с %SERVER%=no|n|disable +## PROXY_SYSTEM[]= +## =|http|https|ftp|socks|rsync|all|auto|exclude +## # Если пусто, то применить глобально, используется только с SERVER=no|n|disable ## http # Прокси для протокола HTTP ## https # Прокси для протокола HTTPS ## ftp # Прокси для протокола FTP @@ -404,13 +409,13 @@ NSSWITCHWINBIND=yes ## auto # Только для Gnome, адрес сервера автоматической настройки прокси-сервера (PAC), https://wiki.gentoo.org/wiki/ProxyAutoConfig ## exclude # Адреса, имена dns, сети исключений, доступ к которым осуществляется напрямую, например: localhost,127.0.0.1,::1,192.168.1.1,192.168.2.0/24 ## # Внимание, подстановочные символы (звёздочка) и CIDR нотации не поддерживаются! -## %SERVER%=no|n|none|disable|%ADDRESS% -## %ADDRESS% # Прокси сервер, https://user:password@proxy_server:port , https://proxy_server:port +## =no|n|none|disable|
+##
# Прокси сервер, https://user:password@proxy_server:port , https://proxy_server:port ## # Если Ваш пароль содержит спец. символы, Вы должны заменить их на ASCII коды. Например символ собаки @, должен быть заменен на «%40» ## # Если указан %PROTOCOL%=auto, то указывается путь до файла конфигурации http://my.proxy.org/foo.pac ## no|n|none|disable # Отключить ранее настроенный системный прокси ## PROXY_SYSTEM=disable -## PROXY_SYSTEM[https]=https://user:password@192.168.1.1:443 +## PROXY_SYSTEM[https]=http://user:password@192.168.1.1:443 ## PROXY_SYSTEM[http]=http://127.0.0.1:8118 ## PROXY_SYSTEM[https]=https://127.0.0.1:8118 ## PROXY_SYSTEM[ftp]=ftp://127.0.0.1:8118