lesderid
/
digitalocean-debian-to-arch
mirror of https://github.com/lesderid/digitalocean-debian-to-arch
1
0
Fork 0
Code Issues 17 Releases Wiki Activity

better dosync password management

This commit is contained in:
Gavin Li 2015-06-16 21:50:40 -07:00
parent b3aa89d3be
commit e2b32f85dc
1 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
install.sh
View File

@ -334,9 +334,6 @@ stage1_install() {
log "Setting up DOROOT ..." log "Setting up DOROOT ..."
mkdir -p /d2a/work/doroot/etc/network mkdir -p /d2a/work/doroot/etc/network
touch /d2a/work/doroot/etc/network/interfaces touch /d2a/work/doroot/etc/network/interfaces
awk -F: '$1 == "root" || $1 == "nobody"' /etc/shadow \
> /d2a/work/doroot/etc/shadow
chmod 0600 /d2a/work/doroot/etc/shadow
log "Downloading bootstrap tarball ..." log "Downloading bootstrap tarball ..."
set -- $(wget -qO- ${archlinux_mirror}/iso/latest/sha1sums.txt | set -- $(wget -qO- ${archlinux_mirror}/iso/latest/sha1sums.txt |
@ -378,7 +375,9 @@ stage1_install() {
${arch_packages[@]} ${arch_packages[@]}
log "Configuring base system ..." log "Configuring base system ..."
cp /etc/ssh/ssh_host_* /d2a/work/archroot/etc/ssh cp /etc/ssh/ssh_host_* /d2a/work/archroot/etc/ssh/
local encrypted_password=$(awk -F: '$1 == "root" { print $2 }' /etc/shadow)
chroot /d2a/work/archroot usermod -p "${encrypted_password}" root
chroot /d2a/work/archroot systemctl enable systemd-networkd.service chroot /d2a/work/archroot systemctl enable systemd-networkd.service
chroot /d2a/work/archroot systemctl enable sshd.service chroot /d2a/work/archroot systemctl enable sshd.service
package_digitalocean_synchronize /d2a/work/archroot/dosync.pkg.tar package_digitalocean_synchronize /d2a/work/archroot/dosync.pkg.tar
@ -813,14 +812,27 @@ netmask_to_prefix() {
update_shadow_if_changed() { update_shadow_if_changed() {
local etcdir=$1/etc local etcdir=$1/etc
cmp ${etcdir}/shadow ${etcdir}/shadow.synced && return 0 if [ -e ${etcdir}/shadow ]; then
# change password # change password if file was touched
local password=$(awk -F: '$1 == "root" { print $2 }' ${etcdir}/shadow) local shadow_line=$(awk -F: '$1 == "root" {print; exit}' ${etcdir}/shadow)
usermod -p "${password}" root local shadow_array
[ ${#password} -gt 1 ] && chage -d 0 root IFS=':' read -a shadow_array <<< "${shadow_line}"
# sync password synced file if [ ${#shadow_array[@]} -ge 3 ]; then
rm -f ${etcdir}/shadow.synced local encrypted_password=${shadow_array[1]}
cp ${etcdir}/shadow ${etcdir}/shadow.synced local last_changed=${shadow_array[2]}
if [ "${last_changed}" != "1" ]; then
usermod -p "${encrypted_password}" root
if [ ${#encrypted_password} -gt 1 ]; then
chage -d 0 root
fi
fi
fi
fi
cat > ${etcdir}/shadow <<-EOF
root:*:1::::::
nobody:*:1::::::
EOF
chmod 0600 ${etcdir}/shadow
} }
process_interface() { process_interface() {