From 58b3d9e688aa89466c1327c21c1a51832943a7d5 Mon Sep 17 00:00:00 2001 From: gbaconni Date: Thu, 4 Nov 2021 09:36:13 +0100 Subject: [PATCH] 2021-11-04 09:36:13 --- Makefile | 18 ++++++++----- preseed.cfg | 77 ++++++++++++++++++++++++++++------------------------- 2 files changed, 52 insertions(+), 43 deletions(-) diff --git a/Makefile b/Makefile index 7d84e0e..450a322 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ # By: gbaconni@student.42lausanne.ch +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2021/11/02 17:47:57 by gbaconni #+# #+# # -# Updated: 2021/11/03 23:37:37 by gbaconni ### lausanne.ch # +# Updated: 2021/11/04 08:46:53 by gbaconni ### lausanne.ch # # # # **************************************************************************** # @@ -28,8 +28,10 @@ brew: debian: @test -f debian-$(DVER)-amd64-netinst.iso || curl -sLO https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-$(DVER)-amd64-netinst.iso - @grep -q 42url debian-$(DVER)-amd64-netinst.iso || sed -i'.orig' -e 's|auto=true priority=critical vga=788|auto url=https://42url.com/6eMNuv2Y|g' debian-$(DVER)-amd64-netinst.iso @test -f debian-$(DVER)-arm64-netinst.iso || curl -sLO https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-$(DVER)-arm64-netinst.iso + +auto: + @grep -q 42url debian-$(DVER)-amd64-netinst.iso || sed -i'.orig' -e 's|auto=true priority=critical vga=788|auto url=https://42url.com/6eMNuv2Y|g' debian-$(DVER)-amd64-netinst.iso @grep -q 42url debian-$(DVER)-arm64-netinst.iso || sed -i'.orig' -e 's|auto=true priority=critical --- quiet|auto url=https://42url.com/6eMNuv2Y |g' debian-$(DVER)-arm64-netinst.iso @rm -f debian-$(DVER)-amd64-netinst.iso.orig debian-$(DVER)-arm64-netinst.iso.orig @@ -43,8 +45,7 @@ uefi: @test -f edk2-x86_64-code.fd || cp /opt/homebrew/Cellar/qemu/*/share/qemu/edk2-x86_64-code.fd edk2-x86_64-code.fd @test -f edk2-i386-vars.fd || cp /opt/homebrew/Cellar/qemu/*/share/qemu/edk2-i386-vars.fd edk2-i386-vars.fd -#amd64: clean sda debian uefi -amd64: sda uefi +amd64: sda debian uefi @qemu-system-x86_64 \ -name debian \ -cpu qemu64-v1 \ @@ -70,7 +71,7 @@ amd64: sda uefi -monitor stdio \ -rtc base=localtime,clock=host -test: clean debian amd64 +debug: @qemu-system-x86_64 \ -name debian \ -cpu qemu64-v1 \ @@ -92,8 +93,9 @@ test: clean debian amd64 -monitor stdio \ -rtc base=localtime,clock=host -#arm64: clean sda debian uefi -arm64: sda uefi +test: auto amd64 debug + +arm64: sda debian uefi @qemu-system-aarch64 \ -name debian \ -accel hvf \ @@ -127,6 +129,8 @@ fclean: clean @rm -f debian-$(DVER)-amd64-netinst.iso @rm -f debian-$(DVER)-arm64-netinst.iso +re: clean test + ps: @ps ax | grep qemu | sed 's/ -/ \\\n-/g; s/^[^\/]*//;' diff --git a/preseed.cfg b/preseed.cfg index a3df5b9..4e76ab6 100644 --- a/preseed.cfg +++ b/preseed.cfg @@ -199,60 +199,67 @@ d-i partman-auto/choose_recipe select boot-crypto d-i partman-auto-lvm/new_vg_name string LVMGroup d-i partman-auto/expert_recipe string \ boot-crypto :: \ - 512 10 512 ext2 \ + 525 42 525 ext2 \ $primary{ } $bootable{ } \ $defaultignore{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext2 } \ mountpoint{ /boot } \ . \ - 10240 20 10240 ext4 \ + 10737 42 10737 ext4 \ $lvmok{ } \ lv_name{ root } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ - 2356 30 -1 linux-swap \ + 2470 42 2470 linux-swap \ $lvmok{ } \ lv_name{ swap } \ method{ swap } format{ } \ . \ - 5120 40 5120 ext4 \ + 5369 42 5369 ext4 \ $lvmok{ } \ lv_name{ home } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /home } \ . \ - 3072 50 3072 ext4 \ + 3221 42 3221 ext4 \ $lvmok{ } \ lv_name{ var } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var } \ . \ - 3072 60 3072 ext4 \ + 3221 42 3221 ext4 \ $lvmok{ } \ lv_name{ srv } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /srv } \ . \ - 3072 70 3072 ext4 \ + 3221 42 3221 ext4 \ $lvmok{ } \ lv_name{ tmp } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /tmp } \ . \ - 4096 80 4096 ext4 \ + 4295 42 4295 ext4 \ $lvmok{ } \ lv_name{ var-log } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log } \ . \ + 1 1 -1 ext4 \ + $lvmok{ } \ + lv_name{ opt } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /opt } \ + . \ # Or provide a recipe of your own... # If you have a way to get a recipe file into the d-i environment, you can @@ -525,32 +532,30 @@ d-i debian-installer/exit/poweroff boolean true # packages and run commands in the target system. #d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh d-i preseed/late_command string \ -echo '#!/bin/sh -e' > /target/etc/rc.local; \ -echo '' >> /target/etc/rc.local; \ -echo 'exit 0' >> /target/etc/rc.local; \ -chmod +x /target/etc/rc.local; \ -cp /target/etc/rc.local /target/etc/rc.local.orig; \ -echo '#!/bin/sh' > /target/etc/rc.local; \ -echo '/usr/sbin/ufw enable' >> /target/etc/rc.local; \ -echo '/usr/sbin/ufw allow ssh' >> /target/etc/rc.local; \ -echo '/usr/sbin/ufw allow proto tcp from any to any port 4242 >> /target/etc/rc.local; \ -echo 'mv -f /etc/rc.local /etc/rc.local.baco' >> /target/etc/rc.local; \ -echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /target/etc/rc.local; \ -echo 'test -x /etc/rc.local && /etc/rc.local' >> /target/etc/rc.local; \ -echo 'exit 0' >> /target/etc/rc.local; \ -echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"\n' | sed 's/^/Defaults\t/' > /target/etc/sudoers.d/sudo; \ -chmod 0440 /target/etc/sudoers.d/sudo; \ -in-target /usr/bin/systemctl enable rc-local.service >>/tmp/.42 2>&1; \ -in-target /usr/bin/update-alternatives --set editor /usr/bin/vim.basic >>/tmp/.42 2>&1; \ -in-target /usr/bin/ln -snf /usr/bin/vim.basic /etc/alternatives/editor >>/tmp/.42 2>&1; \ -in-target /usr/bin/sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config >>/tmp/.42 2>&1; \ -in-target /usr/sbin/groupadd -f -r sudo >>/tmp/.42 2>&1; \ -in-target /usr/sbin/groupadd -f user42 >>/tmp/.42 2>&1; \ -in-target /usr/sbin/usermod -a -G sudo,user42 gbaconni >>/tmp/.42 2>&1; \ -in-target /usr/bin/chage -M 30 -m 2 -W 7 gbaconni >>/tmp/.42 2>&1; \ -in-target /usr/bin/sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs >>/tmp/.42 2>&1; \ -in-target /usr/bin/sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf >>/tmp/.42 2>&1; \ -in-target /usr/bin/install -D -d /var/log/sudo >>/tmp/.42 2>&1; \ -in-target /usr/bin/apt-get clean >>/tmp/.42 2>&1; \ -in-target echo "That's All Folks!" >>/tmp/.42 2>&1 + in-target update-alternatives --set editor /usr/bin/vim.basic; \ + in-target ln -snf /usr/bin/vim.basic /etc/alternatives/editor; \ + in-target sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config; \ + in-target groupadd -f -r sudo; \ + in-target groupadd -f user42; \ + in-target usermod -a -G sudo,user42 gbaconni; \ + in-target chage -M 30 -m 2 -W 7 gbaconni; \ + in-target sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs; \ + in-target sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf; \ + in-target install -D -d /var/log/sudo; \ + in-target systemctl enable rc-local.service; \ + echo '#!/bin/sh -e' > /target/etc/rc.local; \ + echo '' >> /target/etc/rc.local; \ + echo 'exit 0' >> /target/etc/rc.local; \ + chmod +x /target/etc/rc.local; \ + cp /target/etc/rc.local /target/etc/rc.local.orig; \ + echo '#!/bin/sh' > /target/etc/rc.local; \ + echo '/usr/sbin/ufw enable' >> /target/etc/rc.local; \ + echo '/usr/sbin/ufw allow ssh' >> /target/etc/rc.local; \ + echo '/usr/sbin/ufw allow proto tcp from any to any port 4242 >> /target/etc/rc.local; \ + echo 'mv -f /etc/rc.local /etc/rc.local.baco' >> /target/etc/rc.local; \ + echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /target/etc/rc.local; \ + echo 'test -x /etc/rc.local && /etc/rc.local' >> /target/etc/rc.local; \ + echo 'exit 0' >> /target/etc/rc.local; \ + echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' | sed 's/^/Defaults\t/' > /target/etc/sudoers.d/sudo; \ + chmod 0440 /target/etc/sudoers.d/sudo