[Libosinfo] [osinfo-db 1/2] install-script, suse: Add install-scripts for SLES 12+
Christophe Fergeau
cfergeau at redhat.com
Tue May 2 11:48:47 UTC 2017
On Sun, Apr 23, 2017 at 12:41:30AM +0200, Fabiano Fidêncio wrote:
> The install-scripts added support SLES 12, SLES 12 SP1 and SLES 12 SP2.
>
> Those scripts were completely based on the openSUSE ones and tested
> against the "free for download" ISOs provided by SUSE, that you can find
> in: https://www.suse.com/download-linux/
>
> Signed-off-by: Fabiano Fidêncio <fabiano at fidencio.org>
> ---
> .../suse.com/suse-autoyast-desktop.xml.in | 287 +++++++++++++++++++++
> .../suse.com/suse-autoyast-jeos.xml.in | 201 +++++++++++++++
> data/os/suse.com/sles-12.1.xml.in | 7 +-
> data/os/suse.com/sles-12.2.xml.in | 13 +-
> data/os/suse.com/sles-12.xml.in | 7 +-
> 5 files changed, 509 insertions(+), 6 deletions(-)
> create mode 100644 data/install-script/suse.com/suse-autoyast-desktop.xml.in
> create mode 100644 data/install-script/suse.com/suse-autoyast-jeos.xml.in
>
> diff --git a/data/install-script/suse.com/suse-autoyast-desktop.xml.in b/data/install-script/suse.com/suse-autoyast-desktop.xml.in
> new file mode 100644
> index 0000000..acb38c1
> --- /dev/null
> +++ b/data/install-script/suse.com/suse-autoyast-desktop.xml.in
> @@ -0,0 +1,287 @@
> +<libosinfo version="0.0.1">
> +<!-- Licensed under the GNU General Public License version 2 or later.
> + See http://www.gnu.org/licenses/ for a copy of the license text -->
> +
> + <!-- DESKTOP PROFILE -->
> + <install-script id='http://suse.com/suse/autoyast/desktop'>
> + <profile>desktop</profile>
> + <expected-filename>autoinst.xml</expected-filename>
> + <config>
> + <!-- Localization options -->
> + <param name="l10n-keyboard" policy="optional" value-map="http://x.org/x11-keyboard"/>
> + <param name="l10n-language" policy="optional"/>
> + <param name="l10n-timezone" policy="optional"/>
> +
> + <!-- Network options -->
> + <param name="hostname" policy="optional"/>
> + <param name="domain" policy="optional"/>
> +
> + <!-- Account options -->
> + <param name="admin-password" policy="optional"/>
> + <param name="user-fullname" policy="optional"/>
> + <param name="user-login" policy="required"/>
> + <param name="user-password" policy="optional"/>
> + <param name="avatar-location" policy="optional"/>
> + <param name="avatar-disk" policy="optional"/>
> + </config>
> + <injection-method>disk</injection-method>
> +
> + <template>
> + <xsl:stylesheet
> + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
> + version="1.0">
> +
> + <xsl:output method="xml" indent="yes" omit-xml-declaration="yes"/>
> +
> + <xsl:template name="l10n-language">
> + <xsl:choose>
> + <xsl:when test="config/l10n-language != '' and config/l10n-language != 'C'">
> + <xsl:value-of select="config/l10n-language"/>
> + </xsl:when>
> + <xsl:otherwise>
> + <xsl:text>en_US</xsl:text>
> + </xsl:otherwise>
> + </xsl:choose>
> + </xsl:template>
> +
> + <xsl:template name="l10n-keyboard">
> + <xsl:choose>
> + <xsl:when test="config/l10n-keyboard != '' and config/l10n-keyboard != 'C'">
> + <xsl:value-of select="config/l10n-keyboard"/>
> + </xsl:when>
> + <xsl:otherwise>
> + <xsl:text>us</xsl:text>
> + </xsl:otherwise>
> + </xsl:choose>
> + </xsl:template>
> +
> + <xsl:template match="/command-line">
> + <xsl:text>autoyast=device://sda/</xsl:text>
I guess vda is not valid there?
> + <xsl:value-of select="script/expected-filename"/>
> + </xsl:template>
> +
> + <xsl:template match="/install-script-config">
> + <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
> + <bootloader>
> + <device_map config:type="list">
> + <device_map_entry>
> + <firmware>hd0</firmware>
> + <linux>/dev/vda</linux>
> + </device_map_entry>
> + </device_map>
> + <global>
> + <activate>true</activate>
> + <append>resume=/dev/vda1 splash=silent quiet showopts</append>
> + <boot_boot>false</boot_boot>
> + <boot_extended>false</boot_extended>
> + <boot_mbr>false</boot_mbr>
> + <boot_root>true</boot_root>
> + <default>0</default>
> + <distributor/>
> + <failsafe_disabled>true</failsafe_disabled>
> + <generic_mbr>true</generic_mbr>
> + <gfxmode>auto</gfxmode>
> + <os_prober>true</os_prober>
> + <terminal>gfxterm</terminal>
> + <timeout config:type="integer">8</timeout>
> + <vgamode/>
> + </global>
> + <loader_type>grub2</loader_type>
> + </bootloader>
> + <firewall>
> + <enable_firewall config:type="boolean">false</enable_firewall>
> + <start_firewall config:type="boolean">false</start_firewall>
> + </firewall>
Any particular reason to disable firewall?
> + <general>
> + <ask-list config:type="list"/>
> + <mode>
> + <confirm config:type="boolean">false</confirm>
> + <final_reboot config:type="boolean">true</final_reboot>
> + </mode>
> + <proposals config:type="list"/>
> + <signature-handling>
> + <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum>
> + <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key>
> + <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key>
> + <accept_unsigned_file config:type="boolean">true</accept_unsigned_file>
> + <accept_verification_failed config:type="boolean">false</accept_verification_failed>
> + <import_gpg_key config:type="boolean">true</import_gpg_key>
> + </signature-handling>
This seems fairly unsecure too, is this required?
> + <storage>
> + <partition_alignment config:type="symbol">align_optimal</partition_alignment>
> + <start_multipath config:type="boolean">false</start_multipath>
> + </storage>
> + </general>
> + <keyboard>
> + <keyboard_values>
> + <delay/>
> + <discaps config:type="boolean">false</discaps>
> + <numlock>bios</numlock>
> + <rate/>
> + </keyboard_values>
> + <keymap><xsl:call-template name="l10n-keyboard"/></keymap>
> + </keyboard>
> + <language><xsl:call-template name="l10n-language"/></language>
> + <networking>
> + <managed config:type="boolean">false</managed>
> + <interfaces config:type="list">
> + <interface>
> + <bootproto>dhcp</bootproto>
> + <device>eth0</device>
> + <startmode>auto</startmode>
> + <usercontrol>no</usercontrol>
> + </interface>
> + </interfaces>
> + </networking>
> + <partitioning config:type="list">
> + <drive>
> + <device>/dev/vda</device>
> + <type config:type="symbol">CT_DISK</type>
> + <use>all</use>
> + </drive>
> + </partitioning>
> + <report>
> + <errors>
> + <log config:type="boolean">true</log>
> + <show config:type="boolean">true</show>
> + <timeout config:type="integer">0</timeout>
> + </errors>
> + <messages>
> + <log config:type="boolean">true</log>
> + <show config:type="boolean">true</show>
> + <timeout config:type="integer">10</timeout>
> + </messages>
> + <warnings>
> + <log config:type="boolean">true</log>
> + <show config:type="boolean">true</show>
> + <timeout config:type="integer">10</timeout>
> + </warnings>
> + <yesno_messages>
> + <log config:type="boolean">true</log>
> + <show config:type="boolean">true</show>
> + <timeout config:type="integer">10</timeout>
> + </yesno_messages>
> + </report>
> + <scripts>
> + <chroot-scripts config:type="list">
> + <script>
> + <chrooted config:type="boolean">true</chrooted>
> + <source>
> +
> +if test -z '<xsl:value-of select="config/user-password"/>'; then
> +pam-config -a --unix-nullok
> +pam-config -a --nullok
Shouldn't this be conditional on the SUSE version as done below?
> +
> +<xsl:if test="os/version = 12">
> +useradd <xsl:value-of select="config/user-login"/> -m -G users
> +passwd -d <xsl:value-of select="config/user-login"/>
> +</xsl:if>
Does this mean we are not setting a password on older suse?
> +
> +#Enable passwordless login for users that are part of the nopasswdlogin group
> +sed -i '4 i auth sufficient pam_succeed_if.so user ingroup nopasswdlogin' /etc/pam.d/gdm-password
> +fi
> +
> +if test -n '<xsl:value-of select="config/avatar-location"/>'; then
> +# Set user avatar
> +mkdir /mnt/unattended-media
> +mount <xsl:value-of select='config/avatar-disk'/> /mnt/unattended-media
> +cp /mnt/unattended-media<xsl:value-of select="config/avatar-location"/> /var/lib/AccountsService/icons/<xsl:value-of select="config/user-login"/>
> +umount /mnt/unattended-media
> +
> +echo "
> +[User]
> +Language=<xsl:value-of select="config/l10n-language"/>.UTF-8
> +XSession=gnome
> +Icon=/var/lib/AccountsService/icons/<xsl:value-of select="config/user-login"/>
> +" >> /var/lib/AccountsService/users/<xsl:value-of select="config/user-login"/>
> +fi
> + </source>
> + </script>
> + </chroot-scripts>
> + </scripts>
> + <services-manager>
> + <default_target>graphical</default_target>
> + </services-manager>
> + <software>
> + <packages config:type="list">
> + <package>autoyast2-installation</package>
> + <package>gdm</package>
> + </packages>
> + <patterns config:type="list">
> + <pattern>Minimal</pattern>
> + <pattern>apparmor</pattern>
> + <pattern>base</pattern>
> + <pattern>gnome-basic</pattern>
> + <pattern>printing</pattern>
> + <xsl:if test="os/version > 12">
> + <pattern>smt</pattern>
> + </xsl:if>
> + <pattern>x11</pattern>
> + </patterns>
> + </software>
> + <sysconfig config:type="list">
> + <sysconfig_entry>
> + <sysconfig_key>DISPLAYMANAGER</sysconfig_key>
> + <sysconfig_path>/etc/sysconfig/displaymanager</sysconfig_path>
> + <sysconfig_value>gdm</sysconfig_value>
> + </sysconfig_entry>
> + <sysconfig_entry>
> + <sysconfig_key>DEFAULT_WM</sysconfig_key>
> + <sysconfig_path>/etc/sysconfig/windowmanager</sysconfig_path>
> + <sysconfig_value>gnome</sysconfig_value>
> + </sysconfig_entry>
> + </sysconfig>
> + <timezone>
> + <hwclock>UTC</hwclock>
> + <timezone><xsl:value-of select="config/l10n-timezone"/></timezone>
> + </timezone>
> + <user_defaults>
> + <expire/>
> + <group>100</group>
> + <groups/>
> + <home>/home</home>
> + <inactive>-1</inactive>
> + <no_groups config:type="boolean">true</no_groups>
> + <shell>/bin/bash</shell>
> + <skel>/etc/skel</skel>
> + <umask>022</umask>
> + </user_defaults>
Same question, a bit below you check for suse version before allowing
empty passwords, should the condition be here too?
> + <xsl:if test="config/user-password = ''">
> + <groups config:type="list">
> + <group>
> + <group_password>x</group_password>
> + <groupname>nopasswdlogin</groupname>
> + <userlist><xsl:value-of select="config/user-login"/></userlist>
> + </group>
> + </groups>
> + </xsl:if>
> + <users config:type="list">
> + <user>
> + <encrypted config:type="boolean">false</encrypted>
> + <fullname>root</fullname>
> + <gid>0</gid>
> + <home>/root</home>
> + <shell>/bin/bash</shell>
> + <uid>0</uid>
> + <user_password><xsl:value-of select="config/admin-password"/></user_password>
> + <username>root</username>
> + </user>
> + <!--
> + While SLES 12 doesn't allow creating a user without a password,
> + it's okay to do so on the newer versions
> + -->
> + <xsl:if test="config/user-password != '' or os/version > 12">
> + <user>
> + <encrypted config:type="boolean">false</encrypted>
> + <fullname><xsl:value-of select="config/user-fullname"/></fullname>
> + <user_password><xsl:value-of select="config/user-password"/></user_password>
> + <username><xsl:value-of select="config/user-login"/></username>
> + </user>
> + </xsl:if>
So we don't set a user password on older suse?
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libosinfo/attachments/20170502/7562429b/attachment.sig>
More information about the Libosinfo
mailing list