Compare commits
No commits in common. "7768d84c5632309c402d824beda428dc1d49eb2c" and "474785f2d7a315cdf06fda1df36b8a39102f932b" have entirely different histories.
7768d84c56
...
474785f2d7
|
|
@ -165,9 +165,6 @@ def main():
|
|||
# so we need to copy them somewhere else and restore them after the install.
|
||||
for listpath in pathlib.Path('config/archives').glob('*.list.chroot'):
|
||||
run(["cp", str(listpath), f"config/includes.chroot/usr/local/share/target-sources/{listpath.name.removesuffix('.chroot')}"])
|
||||
# Insert distribution into source configs.
|
||||
for sourcepath in pathlib.Path('config/includes.chroot/usr/local/share/target-sources').glob('*'):
|
||||
edit_file(sourcepath, lambda s: s.replace("@DISTRIBUTION@", DISTRIBUTION))
|
||||
elif args.variant == "contestant":
|
||||
# Insert root password into hook script.
|
||||
edit_file("config/hooks/live/2010-contestant.hook.chroot",
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
# When power button is pressed, show power off dialog.
|
||||
# The default action is suspend, but laptops can be suspended by closing the
|
||||
# lid, so it's more useful if the power button does power off.
|
||||
[org/gnome/settings-daemon/plugins/power]
|
||||
power-button-action = 'interactive'
|
||||
|
|
@ -5,6 +5,3 @@ set -eu
|
|||
# Install the noauth PAM profile.
|
||||
groupadd noauth
|
||||
pam-auth-update --enable noauth
|
||||
|
||||
# Enable user reset at boot triggered by a kernel parameter.
|
||||
systemctl enable reset-user.service
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
# When power button is pressed, show power off dialog.
|
||||
# The default action is suspend, but laptops can be suspended by closing the
|
||||
# lid, so it's more useful if the power button does power off.
|
||||
[org/gnome/settings-daemon/plugins/power]
|
||||
power-button-action = 'interactive'
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
. "$pkgdatadir/grub-mkconfig_lib"
|
||||
|
||||
list=
|
||||
for i in /boot/vmlinuz-* ; do
|
||||
if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
|
||||
done
|
||||
linux="$(version_find_latest $list)"
|
||||
basename="$(basename $linux)"
|
||||
rel_dirname="$(make_system_path_relative_to_its_root /boot)"
|
||||
version="$(echo $basename | sed -e "s,^[^0-9]*-,,g")"
|
||||
|
||||
prepare_boot="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab | grub_add_tab)"
|
||||
LINUX_ROOT_DEVICE="UUID=${GRUB_DEVICE_UUID}"
|
||||
|
||||
linux_entry ()
|
||||
{
|
||||
title="$1"
|
||||
args="$2"
|
||||
|
||||
echo " menuentry '$(echo "$title" | grub_quote)' {"
|
||||
echo " load_video"
|
||||
echo " insmod gzio"
|
||||
echo "$prepare_boot"
|
||||
echo " echo '$(echo "Loading Linux ${version} ..." | grub_quote)'"
|
||||
echo " linux ${rel_dirname}/${basename} root=${LINUX_ROOT_DEVICE} ro ${args}"
|
||||
echo " echo 'Loading initial ramdisk ...'"
|
||||
echo " initrd ${rel_dirname}/initrd.img-${version}"
|
||||
echo " }"
|
||||
}
|
||||
|
||||
echo "submenu 'Reset SOI user...' {"
|
||||
echo " menuentry 'Cancel' {"
|
||||
echo " configfile \$prefix/grub.cfg"
|
||||
echo " }"
|
||||
linux_entry "Reset SOI user (THIS DELETES USER DATA)" "reset-user"
|
||||
linux_entry "Reset SOI user (THIS DELETES USER DATA) and power off" "reset-user reset-user-poweroff"
|
||||
echo "}"
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
[Unit]
|
||||
Description=Reset user at boot by setting a kernel parameter.
|
||||
Before=basic.target
|
||||
After=local-fs.target systemd-tmpfiles-setup.service
|
||||
DefaultDependencies=no
|
||||
ConditionKernelCommandLine=reset-user
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/local/bin/reset-user
|
||||
|
||||
[Install]
|
||||
WantedBy=basic.target
|
||||
|
|
@ -2,63 +2,16 @@
|
|||
|
||||
set -eu
|
||||
|
||||
# We preseed grub-installer/update-nvram to disable creation of
|
||||
# EFI boot entries by grub and instead do it ourselves here.
|
||||
#
|
||||
# The main reason why we do this is that with the grub-created boot entry,
|
||||
# Dell Latitude 7480 laptops no longer boot Debian from internal disk after
|
||||
# having booted from USB stick. This apparently happens because, when a bootable
|
||||
# USB stick is inserted, the firmware can no longer find the debian EFI file
|
||||
# (it's probably looking at the wrong EFI partition, the one on the USB stick),
|
||||
# and then enters boot option recovery, which finds the BOOTx64.EFI on the USB
|
||||
# stick, and then creates a boot entry for that and sets the bootorder to just
|
||||
# that new entry. After that, the debian boot entry is no longer in the
|
||||
# bootorder, so booting fails after removing the USB stick.
|
||||
# Additionally, it is convenient if laptops boot from USB stick automatically,
|
||||
# without needing to enter the boot menu.
|
||||
#
|
||||
# To solve these problems, we create a boot entry for USB sticks, which is tried
|
||||
# first, and one for Debian on the internal disk.
|
||||
# We create path-only boot entries, which apparently work more reliably than
|
||||
# entries which also specify the disk.
|
||||
# We use hardcoded entry numbers to avoid needing to find available numbers and
|
||||
# clean up old entries.
|
||||
|
||||
# Try mounting efivarfs
|
||||
mountvirtfs () {
|
||||
fstype="$1"
|
||||
path="$2"
|
||||
mkdir -p "$path"
|
||||
if mount -t "$fstype" "$fstype" "$path"; then
|
||||
trap "umount $path" HUP INT QUIT KILL PIPE TERM EXIT
|
||||
fi
|
||||
}
|
||||
mountvirtfs efivarfs /sys/firmware/efi/efivars
|
||||
|
||||
# Check if EFI boot is available
|
||||
if efibootmgr --quiet; then
|
||||
efibootmgr --delete-bootorder || true
|
||||
efibootmgr --bootnum 0150 --delete-bootnum || true
|
||||
efibootmgr --bootnum 0151 --delete-bootnum || true
|
||||
|
||||
# efibootmgr --create-only --bootnum 0150 --label "Removable media" --file-dev-path --loader '\EFI\BOOT\BOOTx64.EFI'
|
||||
# efibootmgr --create-only --bootnum 0151 --label "Debian" --file-dev-path --loader '\EFI\debian\shimx64.efi'
|
||||
|
||||
# The version of efibootmgr in bookworm does not support the --file-dev-path
|
||||
# argument, so here are commands that directly write to efivarfs.
|
||||
# When upgrading from bookworm to trixie, remove the commands below and
|
||||
# uncomment the commands above.
|
||||
echo "BwAAAAEAAAA0AFIAZQBtAG8AdgBhAGIAbABlACAAbQBlAGQAaQBhAAAABAQwAFwARQBGAEkAXABCAE8ATwBUAFwAQgBPAE8AVAB4ADYANAAuAEUARgBJAAAAf/8EAA==" | \
|
||||
base64 --decode - > /sys/firmware/efi/efivars/Boot0150-8be4df61-93ca-11d2-aa0d-00e098032b8c
|
||||
echo "BwAAAAEAAAA4AEQAZQBiAGkAYQBuAAAABAQ0AFwARQBGAEkAXABkAGUAYgBpAGEAbgBcAHMAaABpAG0AeAA2ADQALgBlAGYAaQAAAH//BAA=" | \
|
||||
base64 --decode - > /sys/firmware/efi/efivars/Boot0151-8be4df61-93ca-11d2-aa0d-00e098032b8c
|
||||
|
||||
efibootmgr --bootorder 0150,0151
|
||||
fi
|
||||
|
||||
# Set up apt lists.
|
||||
cp -rT /usr/local/share/target-sources /etc/apt/sources.list.d
|
||||
rm /etc/apt/sources.list
|
||||
|
||||
USERNAME=soi
|
||||
USER_FULLNAME="SOI"
|
||||
# Password: soi
|
||||
USER_PASSWORD='$y$j9T$h5VhMd4KkdmbxdZD1gO0N/$1hvwZgO8pQw13Xd6jaNXbtkbqVOC4W/ia/KXOcCGYvB'
|
||||
|
||||
# Create user.
|
||||
/usr/local/bin/reset-user
|
||||
adduser --disabled-password --gecos "$USER_FULLNAME" "$USERNAME"
|
||||
usermod -p "$USER_PASSWORD" "$USERNAME"
|
||||
adduser "$USERNAME" noauth
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
USERNAME=soi
|
||||
USER_FULLNAME="SOI"
|
||||
# Password: soi
|
||||
USER_PASSWORD='$y$j9T$h5VhMd4KkdmbxdZD1gO0N/$1hvwZgO8pQw13Xd6jaNXbtkbqVOC4W/ia/KXOcCGYvB'
|
||||
|
||||
# Delete user.
|
||||
userdel --remove "$USERNAME" || true
|
||||
|
||||
# Create user.
|
||||
adduser --disabled-password --gecos "$USER_FULLNAME" "$USERNAME"
|
||||
usermod -p "$USER_PASSWORD" "$USERNAME"
|
||||
adduser "$USERNAME" noauth
|
||||
|
||||
# If the corresponding boot menu item was selected, immediately power off.
|
||||
if grep --quiet --word-regexp reset-user-poweroff /proc/cmdline; then
|
||||
systemctl start poweroff.target --job-mode=replace-irreversibly --no-block
|
||||
fi
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
Types: deb deb-src
|
||||
URIs: http://deb.debian.org/debian
|
||||
Suites: @DISTRIBUTION@ @DISTRIBUTION@-updates
|
||||
Suites: bookworm bookworm-updates
|
||||
Components: main contrib non-free non-free-firmware
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
|
||||
Types: deb deb-src
|
||||
URIs: http://deb.debian.org/debian-security
|
||||
Suites: @DISTRIBUTION@-security
|
||||
Suites: bookworm-security
|
||||
Components: main contrib non-free non-free-firmware
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
|
|
|
|||
|
|
@ -24,6 +24,5 @@ d-i partman/choose_partition select finish
|
|||
d-i apt-setup/use_mirror boolean false
|
||||
|
||||
d-i grub-installer/only_debian boolean true
|
||||
d-i grub-installer/update-nvram boolean false
|
||||
|
||||
d-i preseed/late_command string in-target /usr/local/bin/install-config
|
||||
|
|
|
|||
|
|
@ -3,9 +3,6 @@ sudo
|
|||
# Make Secure Boot work
|
||||
grub-efi-amd64-signed
|
||||
|
||||
# Tool for setting EFI boot variables during install
|
||||
efibootmgr
|
||||
|
||||
# Firmware updates through gnome-software
|
||||
fwupd fwupd-signed
|
||||
|
||||
|
|
@ -17,6 +14,3 @@ gnome-boxes qemu-system-x86 qemu-utils libvirt-daemon-system
|
|||
|
||||
# Run virtual machines with VirtualBox
|
||||
virtualbox-qt
|
||||
|
||||
# Utilities
|
||||
netcat-openbsd
|
||||
|
|
|
|||
|
|
@ -107,7 +107,6 @@ Here is a list of features.
|
|||
- login without password for `noauth` group
|
||||
- create an admin user with sudo rights and password
|
||||
- create a participant user without password
|
||||
- add a boot menu item for resetting participant user data
|
||||
- install packages for firmware updates and power manager
|
||||
- install Gnome Boxes and VirtualBox for running virtual machines
|
||||
- `contestant`
|
||||
|
|
|
|||
Loading…
Reference in New Issue