Initial commit

2022-07-15 11:59:26 +02:00 · 2022-07-15 11:59:26 +02:00 · 295a111cec
commit 295a111cec
89 changed files with 2897 additions and 0 deletions
--- a/config/scripts/CONTESTANT/10-config
+++ b/config/scripts/CONTESTANT/10-config
@ -0,0 +1,30 @@
+#! /bin/bash
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+cp -RT $FAI/simplefiles/CONTESTANT $target
+
+$ROOTCMD dconf update
+
+# Enable firewall
+$ROOTCMD systemctl enable nftables.service
+
+# Disable Bluetooth
+$ROOTCMD systemctl disable bluetooth.service
+
+# Disable sleep
+$ROOTCMD systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
+
+sed -i 's|"homepage": ".*"|"homepage": "https://finals.soi.ch/"|' $target/etc/chromium/master_preferences
+
+# Disable panels in gnome-control-center
+DISABLE_DESKTOP="$ROOTCMD dpkg-statoverride --force-statoverride-add --update --add root root 640"
+$DISABLE_DESKTOP /usr/share/applications/gnome-bluetooth-panel.desktop
+$DISABLE_DESKTOP /usr/share/applications/gnome-online-accounts-panel.desktop
+$DISABLE_DESKTOP /usr/share/applications/gnome-sharing-panel.desktop
+
+# Auto login
+sed -i 's/#  AutomaticLoginEnable = true/AutomaticLoginEnable = true/g' $target/etc/gdm3/daemon.conf
+sed -i 's/#  AutomaticLogin = user1/AutomaticLogin = contestant/g' $target/etc/gdm3/daemon.conf
+
+exit $error
--- a/config/scripts/DEBIAN/10-rootpw
+++ b/config/scripts/DEBIAN/10-rootpw
@ -0,0 +1,12 @@
+#! /bin/bash
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+# set root password
+if [ -n "$ROOTPW" ]; then
+    $ROOTCMD chpasswd --encrypted <<< "root:${ROOTPW}"
+else
+    $ROOTCMD usermod -L root
+fi
+
+exit $error
--- a/config/scripts/DEBIAN/20-capabilities
+++ b/config/scripts/DEBIAN/20-capabilities
@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# Capabilities get lost when creating the fai base.tar.xz image.
+# Restore them here.
+#
+
+set -e
+
+if [ ! -x $target/sbin/setcap ] ; then
+    exit 0
+fi
+
+for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do
+    if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then
+        if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then
+            echo "Setcap worked! $FILE is not suid!"
+        fi
+    fi
+done
+if [ -x $target/usr/bin/systemd-detect-virt ] ; then
+    $ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt
+fi
--- a/config/scripts/DEBIAN/30-interface
+++ b/config/scripts/DEBIAN/30-interface
@ -0,0 +1,118 @@
+#! /bin/bash
+
+netplan_yaml() {
+    # network configuration using ubuntu's netplan.io
+    local IFNAME="$1"
+    local METHOD="$2"
+    echo     "Generating netplan configuration for $IFNAME ($METHOD)" >&2
+    echo     "# generated by FAI"
+    echo     "network:"
+    echo     "  version: 2"
+    echo     "  renderer: $RENDERER"
+    case "$RENDERER" in
+      networkd)
+        echo     "  ethernets:"
+        echo     "    $IFNAME:"
+        case "$METHOD" in
+          dhcp)
+            echo "      dhcp4: true"
+            ;;
+          static)
+            echo "      addresses: [$CIDR]"
+            echo "      gateway4: $GATEWAYS_1"
+            echo "      nameservers:"
+            echo "        search: [$DOMAIN]"
+            echo "        addresses: [${DNSSRVS// /, }]"
+            ;;
+        esac
+    esac
+}
+
+iface_stanza() {
+    # classic network configuration using /etc/network/interfaces
+    local IFNAME="$1"
+    local METHOD="$2"
+    echo "Generating interface configuration for $IFNAME ($METHOD)" >&2
+    echo "# generated by FAI"
+    echo "auto $IFNAME"
+    echo "iface $IFNAME inet $METHOD"
+    case "$METHOD" in
+      static)
+        echo "    address $CIDR"
+        echo "    gateway $GATEWAYS"
+        ;;
+    esac
+}
+
+newnicnames() {
+
+    # determine predictable network names only for stretch and above
+    local name
+
+    [ $do_init_tasks -eq 0 ] && return
+    [ -z "$NIC1" ] && return
+
+    fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
+    for field in $fields; do
+	name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
+	if [[ $name ]]; then
+	    NIC1=$name
+	    return
+	fi
+    done
+
+    # try to get altname net dev
+    name=$(ip link show $NIC1 | awk '/altname / { print $2 }')
+    if [[ $name ]]; then
+	NIC1=$name
+	return
+    else
+	echo "$0: error: could not find systemd predictable network name. Using $NIC1."
+    fi
+}
+
+if [ -z "$NIC1" ]; then
+    echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces."
+fi
+CIDR=$(ip --br ad sh $NIC1|awk '{print $3}')
+newnicnames
+
+case "$FAI_ACTION" in
+  install|dirinstall)
+    ifclass DHCPC && METHOD=dhcp || METHOD=static
+    ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd
+
+    if [ -d $target/etc/netplan ]; then
+        # Ubuntu >= 17.10 with netplan.io
+        if [ -n "$NIC1" ]; then
+            netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml
+        fi
+    elif [ -d $target/etc/network/interfaces.d ]; then
+        # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04)
+        iface_stanza lo loopback > $target/etc/network/interfaces.d/lo
+
+        if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then
+            iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1
+        fi
+    else
+        (
+            iface_stanza lo loopback
+            iface_stanza $NIC1 $METHOD
+        ) > $target/etc/network/interfaces
+    fi
+
+    if ! ifclass DHCPC ; then
+        [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks
+        if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then
+            cp -p /etc/resolv.conf $target/etc
+        fi
+    fi
+    ;;
+esac
+
+# here fcopy is mostly used, when installing a client for running in a
+# different subnet than during the installation
+fcopy -iM /etc/resolv.conf
+fcopy -iM /etc/network/interfaces /etc/networks
+
+exit $error
--- a/config/scripts/DEBIAN/40-misc
+++ b/config/scripts/DEBIAN/40-misc
@ -0,0 +1,51 @@
+#! /bin/bash
+
+# (c) Thomas Lange, 2001-2016, lange@debian.org
+# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+# a list of modules which are loaded at boot time
+for module in $MODULESLIST; do
+    ainsl -a /etc/modules "^$module$"
+done
+
+fcopy -Mv /etc/hostname || echo $HOSTNAME > $target/etc/hostname
+ainsl -a /etc/mailname ${HOSTNAME}
+if [ ! -e $target/etc/adjtime ]; then
+    printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
+fi
+if [ "$UTC" = "yes" ]; then
+    sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
+else
+    sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
+fi
+
+# enable linuxlogo
+if [ -f $target/etc/inittab ]; then
+    sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab
+elif [ -f $target/lib/systemd/system/getty@.service ]; then
+    sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
+fi
+
+# make sure a machine-id exists
+if [ ! -f $target/etc/machine-id ]; then
+    > $target/etc/machine-id
+fi
+# recreate machine-id if the file is empty
+if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)"  = X0 -a -f $target/bin/systemd-machine-id-setup ]; then
+    $ROOTCMD systemd-machine-id-setup
+fi
+
+ln -fs /proc/mounts $target/etc/mtab
+
+rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
+
+if [ -d /etc/fai ]; then
+    if ! fcopy -Mv /etc/fai/fai.conf; then
+	ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC"
+    fi
+fi
+fcopy -iv /etc/rc.local
+
+exit $error
--- a/config/scripts/FAIBASE/10-misc
+++ b/config/scripts/FAIBASE/10-misc
@ -0,0 +1,38 @@
+#! /bin/bash
+
+# (c) Thomas Lange, 2001-2012, lange@debian.org
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+echo $TIMEZONE    > $target/etc/timezone
+if [ -L $target/etc/localtime ]; then
+    ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
+else
+    cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
+fi
+
+if [ -f $target/etc/hosts.orig ]; then
+    mv $target/etc/hosts.orig $target/etc/hosts
+fi
+if [ -n "$IPADDR" ]; then
+    # ifclass DHCPC ||
+    ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME"
+else
+    ifclass DHCPC && ainsl -s /etc/hosts "127.0.0.1 $HOSTNAME"
+fi
+fcopy -iM /etc/hosts /etc/motd
+
+# make /root accessible only by root
+chmod -c 0700 $target/root
+chown -c root:root $target/root
+# copy default dotfiles for root account
+fcopy -ir /root
+
+# use tmpfs for /tmp if not defined in disk_config
+if ! grep -Pq '\s/tmp\s' $target/etc/fstab; then
+    ainsl /etc/fstab "tmpfs     /tmp tmpfs     nodev,nosuid,size=50%,mode=1777   0    0"
+fi
+chmod -c 1777 ${target}/tmp
+chown -c 0:0  ${target}/tmp
+
+exit $error
--- a/config/scripts/FAIBASE/20-removable_media
+++ b/config/scripts/FAIBASE/20-removable_media
@ -0,0 +1,25 @@
+#! /bin/bash
+
+# (c) Thomas Lange, 2006,2009, lange@debian.org
+# create entries for removable media in fstab and directories in /media
+
+cdromlist() {
+    [ -f /proc/sys/dev/cdrom/info ] || return
+    devs=$(grep 'drive name:' /proc/sys/dev/cdrom/info | cut -d ":" -f 2)
+    for d in $devs; do
+        echo $d
+    done
+}
+
+fstabline () {
+    line=$(printf "%-15s %-15s %-7s %-15s %-7s %s\n" "$1" "$2" "$3" "$4" "$5" "$6")
+    ainsl /etc/fstab "$line"
+}
+
+i=0
+for cdrom in $(cdromlist | tac); do
+    [ $i -eq 0 ] && ln -sfn cdrom0 $target/media/cdrom
+    mkdir -p $target/media/cdrom$i
+    fstabline /dev/$cdrom /media/cdrom$i udf,iso9660 ro,user,noauto 0 0
+    i=$((i + 1))
+done
--- a/config/scripts/GRUB_EFI/10-setup
+++ b/config/scripts/GRUB_EFI/10-setup
@ -0,0 +1,68 @@
+#! /bin/bash
+# support for GRUB version 2
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+# This script assumes that the disk has a GPT partition table and
+# that the extended system partition (ESP) is mounted on /boot/efi.
+# When building a disk image, we don't change the NVRAM to point at
+# the boot image we made available, because the disk image is likely
+# not installed on the current system.  As a result, we force
+# installation into the removable media paths as well as the standard
+# debian path.
+
+set -a
+
+# do not set up grub during dirinstall
+if [ "$FAI_ACTION" = "dirinstall" ] ; then
+    exit 0
+fi
+# during softupdate use this file
+[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh
+
+if [ -z "$BOOT_DEVICE" ]; then
+    exit 189
+fi
+
+# disable os-prober because of #802717
+ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true'
+
+# skip the rest, if not an initial installation
+if [ $FAI_ACTION != "install" ]; then
+    $ROOTCMD update-grub
+    exit $error
+fi
+
+GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE)
+
+# handle /boot in lvm-on-md
+_bdev=$(readlink -f $BOOT_DEVICE)
+if [ "${_bdev%%-*}" = "/dev/dm" ]; then
+  BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' )
+fi
+
+# Check if RAID is used for the boot device
+if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
+    raiddev=${BOOT_DEVICE#/dev/}
+    # install grub on all members of RAID
+    for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat); do
+	echo Install grub on /dev/$device
+	$ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device"
+    done
+
+elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
+    # do not update vmram when using a loop device
+    $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE
+    if [ $? -eq 0 ]; then
+        echo "Grub installed on hostdisk $BOOT_DEVICE"
+    fi
+
+else
+    $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT"
+    if [ $? -eq 0 ]; then
+        echo "Grub installed on $BOOT_DEVICE = $GROOT"
+    fi
+fi
+$ROOTCMD update-grub
+
+exit $error
--- a/config/scripts/GRUB_PC/10-setup
+++ b/config/scripts/GRUB_PC/10-setup
@ -0,0 +1,84 @@
+#! /bin/bash
+# support for GRUB version 2
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+set -a
+
+# do not set up grub during dirinstall
+if [ "$FAI_ACTION" = "dirinstall" ] ; then
+    exit 0
+fi
+# during softupdate use this file
+[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh
+
+if [ -z "$BOOT_DEVICE" ]; then
+    exit 189
+fi
+
+# disable os-prober because of #802717
+ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true'
+
+# skip the rest, if not an initial installation
+if [ $FAI_ACTION != "install" ]; then
+    $ROOTCMD update-grub
+    exit $error
+fi
+
+get_stable_devname() {
+
+    local _DEV="$1"
+    local i
+    declare -a _RES
+
+    # prefer SCSI over ATA over WWN over path
+    # do not use by-path
+
+    for i in $($ROOTCMD udevadm info -r --query=symlink "$_DEV"); do
+        if [[ "$i" =~ /by-id/scsi ]]; then
+            _RES[10]="$i"
+        elif [[ "$i" =~ /by-id/ata ]]; then
+            _RES[20]="$i"
+        elif [[ "$i" =~ /by-id/wwn ]]; then
+            _RES[99]="$i"
+        fi
+    done
+
+    echo "${_RES[@]::1}"
+}
+
+# handle /boot in lvm-on-md
+_bdev=$(readlink -f $BOOT_DEVICE)
+if [ "${_bdev%%-*}" = "/dev/dm" ]; then
+  BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' )
+fi
+
+# Check if RAID is used for the boot device
+if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
+    raiddev=${BOOT_DEVICE#/dev/}
+    # install grub on all members of RAID
+    for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; s/(nvme.+?)p/$1/g; print }' /proc/mdstat); do
+	pdevice=$(get_stable_devname /dev/$device)
+	if [ -z "$pdevice" ]; then
+	    # if we cannot find a persistent name (for e.g. in a VM) use old name
+	    pdevice="/dev/$device"
+	fi
+	mbrdevices+="$pdevice, "
+	echo Installing grub on /dev/$device = $pdevice
+	$ROOTCMD grub-install --no-floppy "/dev/$device"
+    done
+    # remove last ,
+    mbrdevices=${mbrdevices%, }
+else
+    mbrdevices=$(get_stable_devname $BOOT_DEVICE)
+    if [ -z "$mbrdevices" ]; then
+	# if we cannot find a persistent name (for e.g. in a VM) use old name
+	mbrdevices=$BOOT_DEVICE
+    fi
+    echo "Installing grub on $BOOT_DEVICE = $mbrdevices"
+    $ROOTCMD grub-install --no-floppy "$mbrdevices"
+fi
+
+echo "grub-pc grub-pc/install_devices multiselect $mbrdevices" | $ROOTCMD debconf-set-selections
+$ROOTCMD dpkg-reconfigure grub-pc
+exit $error
--- a/config/scripts/LAST/50-misc
+++ b/config/scripts/LAST/50-misc
@ -0,0 +1,103 @@
+#! /bin/bash
+
+# copyright Thomas Lange 2001-2016, lange@debian.org
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then
+  :
+else
+  # check if mdadm has been forgotten
+  if grep -q active /proc/mdstat 2>/dev/null; then
+    if [ ! -d $target/etc/mdadm ]; then
+	echo ERROR: Found Software RAID, but the mdadm package was not installed
+	error=1
+    fi
+  fi
+
+  usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
+  if [ $usedm -ne 0 ]; then
+    if [ ! -d $target/etc/lvm ]; then
+	echo ERROR: Found lvm devices, but the lvm2 package was not installed
+	error=1
+    fi
+  fi
+fi
+
+# remove backup files from cfengine, but only if cfengine is installed
+if [ -x /usr/sbin/cfagent ] || [ -x $target/usr/sbin/cfagent ] ; then
+    dirs="root etc var"
+    for path in $dirs; do
+        find $target/$path -maxdepth 20 -name \*.cfedited -o -name \*.cfsaved | xargs -r rm
+    done
+fi
+
+[ "$FAI_DEBMIRROR" ] &&
+  ainsl /etc/fstab "#$FAI_DEBMIRROR $MNTPOINT nfs ro 0 0"
+
+# set bios clock
+if [ $do_init_tasks -eq 1 ] ; then
+    case "$UTC" in
+       no|"") hwopt="--localtime" ;;
+       yes)   hwopt="--utc"       ;;
+    esac
+    hwclock $hwopt --systohc || true
+fi
+
+# Make sure everything is configured properly
+if ifclass DEBIAN ; then
+        $ROOTCMD apt-get -f install -y
+fi
+
+if [ $FAI_ACTION = "install" ]; then
+    lskernels=$(echo $target/boot/vmlinu*)
+    if [ ! -f ${lskernels%% *} ]; then
+	echo "ERROR: No kernel was installed. Have a look at shell.log" >&2
+	error=1
+    fi
+fi
+
+# copy sources.list
+fcopy -iSM /etc/apt/sources.list
+
+
+setrel() {
+
+    # if release is not set, try to determine it
+
+    if [ -n "$release" ]; then
+	return
+    fi
+    if [ ! -f $target/etc/os-release ]; then
+	return
+    fi
+
+    dists="jessie stretch buster bullseye bookworm trixie focal bionic xenial trusty"
+    for d in $dists; do
+	if grep -iq $d $target/etc/os-release; then
+	    release=$d
+	    break
+	fi
+    done
+}
+
+# if installation was done from CD, replace useless sources.list
+setrel
+if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then
+    grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat <<EOF > $target/etc/apt/sources.list
+deb $apt_cdn/debian $release main contrib non-free
+deb $security_cdn/debian-security ${secsuite} main contrib non-free
+#deb [trusted=yes] http://fai-project.org/download $release koeln
+EOF
+    # if the package fai-server was installed, enable the project's repository
+    if dpkg-query --admindir=$target/var/lib/dpkg -W fai-server >/dev/null 2>&1; then
+	sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list
+    fi
+fi
+
+# for ARM architecture, we may need the kernel and initrd to boot or flash the device
+if ifclass ARM64; then
+    cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR
+fi
+
+exit $error
--- a/config/scripts/PARTICIPANT/10-config
+++ b/config/scripts/PARTICIPANT/10-config
@ -0,0 +1,56 @@
+#! /bin/bash
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+cp -RT $FAI/simplefiles/PARTICIPANT $target
+
+$ROOTCMD dconf update
+
+# Uncomment this to reinstall extensions
+# (disabled by default to speed up softupdate):
+# rm -rf $target/etc/skel/.vscode
+
+# VS Code extensions
+if [ ! -d $target/etc/skel/.vscode ]; then
+    # To avoid running VS Code as root, run it as nobody instead.
+    mkdir $target/etc/skel/.vscode
+    chown nobody:nogroup $target/etc/skel/.vscode
+    shopt -s nullglob
+    for ext in $FAI/downloads/*.vsix; do
+        # We can't access the config space inside ROOTCMD, so we copy the file to the target.
+        cp "$ext" $target/tmp/ext.vsix
+        $ROOTCMD runuser -u nobody -- code --user-data-dir=/tmp/vsc.tmp \
+            --extensions-dir=/etc/skel/.vscode/extensions \
+            --install-extension=/tmp/ext.vsix
+    done
+    chown -R root:root $target/etc/skel/.vscode
+    rm -rf $target/tmp/vsc.tmp $target/tmp/ext.vsix
+fi
+
+# Install soi header
+tar --overwrite -xf $FAI/downloads/soi-header.tar.gz -C $target/usr/local/include --strip-components=2 soi-header/include/
+
+# Install codeblocks template
+$target/bin/unzip -o $FAI/downloads/soi_template_codeblocks_ubuntu_RzdvSho.zip -d $target/usr/share/codeblocks/templates/wizard/
+if ! grep -q '_T("soi")' $target/usr/share/codeblocks/templates/wizard/config.script ; then
+    sed -i 's|// project wizards|RegisterWizard(wizProject,     _T("soi"),      _T("A SOI task"),   _T("Console"));|' $target/usr/share/codeblocks/templates/wizard/config.script
+fi
+
+# add super user account
+if [ -n "$SUPER_USER_NAME" ]; then
+if ! $ROOTCMD getent passwd $SUPER_USER_NAME ; then
+	$ROOTCMD adduser --disabled-login --gecos "$SUPER_USER_DISPLAYNAME" $SUPER_USER_NAME
+	$ROOTCMD usermod -p "$SUPER_USER_PW" $SUPER_USER_NAME
+	$ROOTCMD adduser $SUPER_USER_NAME sudo
+fi
+fi
+
+# add participant account
+if [ -n "$PARTICIPANT_USER_NAME" ]; then
+if ! $ROOTCMD getent passwd $PARTICIPANT_USER_NAME ; then
+	$ROOTCMD adduser --disabled-login --gecos "$PARTICIPANT_USER_NAME" $PARTICIPANT_USER_NAME
+	$ROOTCMD usermod -p "$PARTICIPANT_USER_PW" $PARTICIPANT_USER_NAME
+fi
+fi
+
+exit $error
--- a/config/scripts/TRAINING/10-config
+++ b/config/scripts/TRAINING/10-config
@ -0,0 +1,8 @@
+#! /bin/bash
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+# Remove APT proxy
+rm -f $target/etc/apt/apt.conf.d/02proxy
+
+exit $error