From 627740906020fbf209ce9608c0aa7b0e251f5379 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 30 Jun 2008 14:03:11 -0700 Subject: Handle multiple slashes in passwd mkpasswd can generate passwd with multiple slashes that need to be escaped. --- scripts/install-system | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install-system b/scripts/install-system index 71233ccb..defca8fb 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -553,7 +553,7 @@ change_password() { local user=$1 local pwd read pwd - local epwd=$(mkpasswd -H md5 $pwd | sed 's:/:\\/':) + local epwd=$(mkpasswd -H md5 $pwd | sed 's:/:\\/:g') sed -i \ -e "/ user $user {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$epwd\"/" \ -- cgit v1.2.3 From c0aa9cfa7e3d57e0b0554033dd5f099584e7fdda Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 30 Jun 2008 15:46:18 -0700 Subject: Make standalone password reset work Address the problems in bugs 3398 and 3399 as well as some left over stuff from VC 3.0. --- scripts/standalone_root_pw_reset | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 0dc65fd2..7b04a9ba 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -24,7 +24,7 @@ CF=/opt/vyatta/etc/config/config.boot echo "Standalone root password recovery tool." - +echo # # Check to see if we are running in standalone mode. We'll # know that we are if our pid is 1. @@ -38,12 +38,8 @@ fi # OK, now we know we are running in standalone mode. Talk to the # user. # -echo "Do you wish to reset the reset the root password to its" -echo -n "factory setting value of \"vyatta\"? (Yes/No) [No]: " - -# -# Parse the user's response -# +echo "Do you wish to reset the root password" +echo -n "to the original default value (vyatta)? (Yes/No) [No]: " read response response=${response:0:1} @@ -55,26 +51,38 @@ if [ "$response" != "y" -a "$response" != "Y" ]; then /sbin/reboot -f fi + echo "Starting process to reset the root password..." echo "Re-mounting root filesystem read/write..." mount -o remount,rw / -echo "Mounting the config filesystem..." -mount /opt/vyatta/etc/config/ +# Leftover from V3.0 +if grep -q /opt/vyatta/etc/config /etc/fstab +then + echo "Mounting the config filesystem..." + mount /opt/vyatta/etc/config/ +fi echo "Saving backup copy of config.boot..." cp $CF ${CF}.before_pwrecovery echo "Reseting the root password..." -sed -i -e "/^.* user root {/,/^.* }/s/encrypted-password: .*$/encrypted-password: \"\$1\$\$Ht7gBYnxI1xCdO\/JOnodh.\"/" $CF + +# change system first +newpwd=$(mkpasswd -H md5 vyatta) +usermod --password "$newpwd" root + +# escape / in encrypted passwd +pw=$(echo $newpwd | sed 's:/:\\/:g') +sed -i \ + -e "/^.* user root {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$pw\"/" \ + $CF echo "Root password has been reset." -echo "Logging the activity..." echo "`date`: Root password reset to factory value" >> /var/log/messages - -echo -n "Machine will reboot in 5 seconds..." sync -sleep 5 -echo + +echo "System will reboot in 10 seconds..." +sleep 10 /sbin/reboot -f -- cgit v1.2.3 From 5c108ca0a31657763cd657eb22253013e04fef5a Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 30 Jun 2008 15:54:04 -0700 Subject: Use logger to write system log Use the logger program to get the proper logging format and message priorities (rather than blindly echoing to /var/log/messages) --- scripts/standalone_root_pw_reset | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 7b04a9ba..b76de6e9 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -79,8 +79,7 @@ sed -i \ -e "/^.* user root {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$pw\"/" \ $CF -echo "Root password has been reset." -echo "`date`: Root password reset to factory value" >> /var/log/messages +logger -s -p auth.notice "Root password reset to factory value" sync echo "System will reboot in 10 seconds..." -- cgit v1.2.3 From f4ad511f3f2c946568e84adfd75b087e4180ad05 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 30 Jun 2008 16:37:53 -0700 Subject: Change syslogging of authorization related commands For sucessful sudo, just log it at info level. Capture any security failures/changes into /var/log/auth.log but skip normal CLI commands Turn off the builtin sync after each write to /var/log/messages by putting - before file name; the sync causes a disk write each time and therefore can be a performance hit during boot. --- debian/vyatta-cfg-system.postinst.in | 7 +++++++ sysconf/syslog.conf | 16 ++++++++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 0852319e..8e8b6015 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -57,6 +57,13 @@ EOF echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers fi + # Reduce logging level of good commands + if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then + echo "\nDefaults syslog_goodpri=info" >>/etc/sudoers + fi + + fi + # keep env vars if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers diff --git a/sysconf/syslog.conf b/sysconf/syslog.conf index 4281cfd6..f732affc 100644 --- a/sysconf/syslog.conf +++ b/sysconf/syslog.conf @@ -1,2 +1,14 @@ -*.warning /var/log/messages -local7.* /var/log/messages +# Standard logfiles by facility +auth.*;,authpriv.notice /var/log/auth.log + +# Some other (unused) standard entries +#cron.* /var/log/cron.log +#kern.* -/var/log/kern.log +#lpr.* -/var/log/lpr.log +#mail.* -/var/log/mail.log +#user.* -/var/log/user.log + +# Catch-all log file used by CLI +*.warning;local7.*;\ + auth,authpriv.none;\ + cron,daemon.none; -/var/log/messages -- cgit v1.2.3 From fcc66216f9bb362643a3193a76a5762c09b540d4 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 1 Jul 2008 10:04:12 -0700 Subject: get rid of extra fi from last commit mismatch --- debian/vyatta-cfg-system.postinst.in | 2 -- 1 file changed, 2 deletions(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 8e8b6015..25dbe94f 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -62,8 +62,6 @@ EOF echo "\nDefaults syslog_goodpri=info" >>/etc/sudoers fi - fi - # keep env vars if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers -- cgit v1.2.3 From f60022244e13f22d401d07f8d0212f56c836cd6d Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 1 Jul 2008 14:34:35 -0700 Subject: Can't use logger in standalone logger depends on syslogd which isn't running in standalone mode. So just format message directly to messages and auth.log --- scripts/standalone_root_pw_reset | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index b76de6e9..b173f22d 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -79,7 +79,9 @@ sed -i \ -e "/^.* user root {/,/}/s/encrypted-password:.*\$/encrypted-password: \"$pw\"/" \ $CF -logger -s -p auth.notice "Root password reset to factory value" +echo $(date "+%b%e %T") $(hostname) "Root password reset to factory value" \ + | tee -a /var/log/auth.log >>/var/log/messages + sync echo "System will reboot in 10 seconds..." -- cgit v1.2.3 From b9ce1592c0689d3358c9f507c037c0af9a763436 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 1 Jul 2008 16:27:42 -0700 Subject: Missing -e causes sudoers problem Missing -e on echo causes unparsable sudoers --- debian/vyatta-cfg-system.postinst.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 25dbe94f..d6497529 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -59,7 +59,7 @@ EOF # Reduce logging level of good commands if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then - echo "\nDefaults syslog_goodpri=info" >>/etc/sudoers + echo -e "\nDefaults syslog_goodpri=info" >>/etc/sudoers fi # keep env vars -- cgit v1.2.3 From 18f09e5fe87492ef53168e1d6a29b516c47ce7ab Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Thu, 3 Jul 2008 14:22:14 -0700 Subject: Bugfix: 1592 Fix the boot command syntax for password recovery on serial console. --- scripts/install-system | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install-system b/scripts/install-system index defca8fb..a77fc446 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -716,7 +716,7 @@ install_grub () { echo echo -e "menuentry \"Root password reset to factory (Serial console)\" {" - echo -e "\tkernel /boot/vmlinuz $GRUB_ROOT $GRUB_OPTIONS $SERIAL_CONSOLE init=$PWRESET" + echo -e "\tlinux /boot/vmlinuz $GRUB_ROOT $GRUB_OPTIONS $SERIAL_CONSOLE init=$PWRESET" echo -e "\tinitrd /boot/initrd.img" echo -e "}" ) >"$rootfsdir/boot/grub/grub.cfg" -- cgit v1.2.3 From 1fb175a266e45828a5588e2f44660c2a70057bf0 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 3 Jul 2008 15:47:41 -0700 Subject: Fix problem if install-system run twice If install-system is run twice and the first pass copied the old configuration file; then the second time the leftover file from previous attempt needs to be cleaned up. Otherwise, the old configuration file will be copied even if the user doesn't want it! --- scripts/install-system | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/install-system b/scripts/install-system index a77fc446..5a9c0309 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -309,6 +309,9 @@ rename_old_config() { check_config_partition() { lpart=$1 + # Cleanup from possible partial last run + rm -fr /mnt/config + # Look to see if this is a config partition mkdir -p /mnt/tmp output=$(mount /dev/$lpart /mnt/tmp 2>&1) -- cgit v1.2.3 From afcffd6f2208aa241b346c501d749e3edc5d7dd1 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Thu, 3 Jul 2008 19:18:06 -0700 Subject: fix for bug 3417: use UUID in grub config file --- scripts/install-system | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/scripts/install-system b/scripts/install-system index 5a9c0309..b5eefe62 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -479,7 +479,15 @@ install_root_filesystem () { output=$(umount /mnt/squashfs) # create the fstab - echo -e "/dev/$ROOT_PARTITION\t/\text3\tdefaults\t0 1" >> $rootfsdir/etc/fstab + local rootdev="/dev/$ROOT_PARTITION"; + uuid=$(dumpe2fs -h $rootdev 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') + if [ -z "$uuid" ] + then + echo "Unable to read filesystem UUID. Exiting." + exit 1 + else + echo -e "UUID=$uuid\t/\text3\tdefaults\t0 1" >> $rootfsdir/etc/fstab + fi #setup the hostname file cp /etc/hostname $rootfsdir/etc/ @@ -632,9 +640,10 @@ install_grub () { # This allows device to move around and grub will still find it local rootdev="/dev/$ROOT_PARTITION"; uuid=$(dumpe2fs -h $rootdev 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') - if [ -z $uuid ] + if [ -z "$uuid" ] then - GRUB_ROOT="root=$rootdev ro" + echo "Unable to read filesystem UUID. Exiting." + exit 1 else GRUB_ROOT="root=UUID=$uuid ro" fi -- cgit v1.2.3 From 28b7618bf24ea745d5d7e5a287de1aa728111d08 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 4 Jul 2008 13:06:19 -0700 Subject: Modify upgrade procedure for /etc/sudoers 0) make backup of file 1) remove old glendale entries 2) put all vyatta entries in one block 3) remove vyatta entries on package removal --- debian/vyatta-cfg-system.postinst.in | 45 ++++++++++++++++++------------------ debian/vyatta-cfg-system.postrm | 3 +++ 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index d6497529..735b28e7 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -23,16 +23,27 @@ esac ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules if [ "$sysconfdir" != "/etc" ]; then - # for "admin" level (FIXME) + cp -p /etc/sudoers /etc/sudoers.bak + + # for "admin" level sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers fi - # Allow operator to do a limited number of commands without password - if ! grep -q '^%operator ALL=NOPASSWD:' /etc/sudoers; then - cat <<"EOF" >>/etc/sudoers -### BEGIN VYATTA OPERATOR COMMANDS + # cleanup any old entries + ed - /etc/sudoers <>/etc/sudoers +### BEGIN VYATTA +Defaults syslog_goodpri=info +Defaults env_keep+=VYATTA_* + Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ /sbin/iptables -L -vn,\ /sbin/iptables -L * -vn,\ @@ -46,26 +57,14 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff +Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump %operator ALL=NOPASSWD: /sbin/reboot, DATE, IPTABLES, ETHTOOLP, IPFLUSH, \ - PPPOE_CMDS, /usr/bin/tshark, /usr/sbin/wanpipemon -### END VYATTA OPERATOR COMMANDS + PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon +EOF + cat <>/etc/sudoers +%users ALL=NOPASSWD: ${bindir}/sudo-users/ +### END VYATTA EOF - fi - - # for "users" level (FIXME) - if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then - echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers - fi - - # Reduce logging level of good commands - if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then - echo -e "\nDefaults syslog_goodpri=info" >>/etc/sudoers - fi - - # keep env vars - if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then - echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers - fi fi # update crontab for logrotate diff --git a/debian/vyatta-cfg-system.postrm b/debian/vyatta-cfg-system.postrm index d668f55d..46ec1aaa 100644 --- a/debian/vyatta-cfg-system.postrm +++ b/debian/vyatta-cfg-system.postrm @@ -2,6 +2,9 @@ if [ "$1" = "purge" ]; then rm -f /etc/udev/rules.d/*vyatta-net.rules + + sed -i '/### BEGIN VYATTA/,/### END VYATTA/d' /etc/sudoers + fi # Local Variables: -- cgit v1.2.3 From 471387b1db7f6e9952ae0d709840560cb0d0bc6d Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 4 Jul 2008 13:06:19 -0700 Subject: Modify upgrade procedure for /etc/sudoers Bugfix 3429 0) make backup of file 1) remove old glendale entries 2) put all vyatta entries in one block 3) remove vyatta entries on package removal --- debian/vyatta-cfg-system.postinst.in | 45 ++++++++++++++++++------------------ debian/vyatta-cfg-system.postrm | 3 +++ 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index d6497529..735b28e7 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -23,16 +23,27 @@ esac ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules if [ "$sysconfdir" != "/etc" ]; then - # for "admin" level (FIXME) + cp -p /etc/sudoers /etc/sudoers.bak + + # for "admin" level sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers fi - # Allow operator to do a limited number of commands without password - if ! grep -q '^%operator ALL=NOPASSWD:' /etc/sudoers; then - cat <<"EOF" >>/etc/sudoers -### BEGIN VYATTA OPERATOR COMMANDS + # cleanup any old entries + ed - /etc/sudoers <>/etc/sudoers +### BEGIN VYATTA +Defaults syslog_goodpri=info +Defaults env_keep+=VYATTA_* + Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ /sbin/iptables -L -vn,\ /sbin/iptables -L * -vn,\ @@ -46,26 +57,14 @@ Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ Cmnd_Alias ETHTOOLP = /usr/sbin/ethtool -p * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff +Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump %operator ALL=NOPASSWD: /sbin/reboot, DATE, IPTABLES, ETHTOOLP, IPFLUSH, \ - PPPOE_CMDS, /usr/bin/tshark, /usr/sbin/wanpipemon -### END VYATTA OPERATOR COMMANDS + PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon +EOF + cat <>/etc/sudoers +%users ALL=NOPASSWD: ${bindir}/sudo-users/ +### END VYATTA EOF - fi - - # for "users" level (FIXME) - if ! grep -q "^%users ALL=NOPASSWD: ${bindir}/sudo-users/" /etc/sudoers; then - echo -e "\n%users ALL=NOPASSWD: ${bindir}/sudo-users/" >> /etc/sudoers - fi - - # Reduce logging level of good commands - if ! grep -q "^Defaults syslog_goodpri" /etc/sudoers; then - echo -e "\nDefaults syslog_goodpri=info" >>/etc/sudoers - fi - - # keep env vars - if ! grep -q 'env_keep+=VYATTA_*' /etc/sudoers ; then - echo "Defaults env_keep+=VYATTA_*" >> /etc/sudoers - fi fi # update crontab for logrotate diff --git a/debian/vyatta-cfg-system.postrm b/debian/vyatta-cfg-system.postrm index d668f55d..46ec1aaa 100644 --- a/debian/vyatta-cfg-system.postrm +++ b/debian/vyatta-cfg-system.postrm @@ -2,6 +2,9 @@ if [ "$1" = "purge" ]; then rm -f /etc/udev/rules.d/*vyatta-net.rules + + sed -i '/### BEGIN VYATTA/,/### END VYATTA/d' /etc/sudoers + fi # Local Variables: -- cgit v1.2.3 From 95d9651eb951d10572503d783aea0e02d44e98d5 Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Mon, 7 Jul 2008 14:05:31 -0700 Subject: fix for bug 3095 --- scripts/install-system | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/install-system b/scripts/install-system index b5eefe62..a7a0b066 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -528,16 +528,19 @@ copy_config () { if [ -z "$config" ]; then config="$fdconfdir/config.boot" else - config="$config\n$fdconfdir/config.boot" + config="$config $fdconfdir/config.boot" fi fi if [ -n "$config" ]; then echo "I found the following configuration files" - echo -e "$config" - default=$(echo -e $config| head -1) + for file in $config + do + echo $file + done + + default=$(echo -e $config | awk '{ print $1 }') - resp='' while [ -z "$configfile" ] do echo -n "Which one should I copy to $INSTALL_DRIVE? [$default]: " -- cgit v1.2.3 From aa42717ba0a6ee114b79fd8a62c00c974072c024 Mon Sep 17 00:00:00 2001 From: rbalocca Date: Mon, 7 Jul 2008 14:43:15 -0700 Subject: Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=2807 --- templates/system/package/repository/node.def | 15 +++++++++++---- .../system/package/repository/node.tag/password/node.def | 8 ++++++++ templates/system/package/repository/node.tag/url/node.def | 4 ++-- .../system/package/repository/node.tag/username/node.def | 8 ++++++++ 4 files changed, 29 insertions(+), 6 deletions(-) create mode 100644 templates/system/package/repository/node.tag/password/node.def create mode 100644 templates/system/package/repository/node.tag/username/node.def diff --git a/templates/system/package/repository/node.def b/templates/system/package/repository/node.def index 8d753918..9c7697f8 100644 --- a/templates/system/package/repository/node.def +++ b/templates/system/package/repository/node.def @@ -2,15 +2,22 @@ tag: type: txt -help: Set name of a debian archive +help: Set the name of a debian archive commit:expression: $VAR(./url/) != ""; "Must configure the repository URL" commit:expression: $VAR(./distribution/) != ""; "Must configure the repository distribution" commit:expression: $VAR(./components/) != ""; "Must configure the repository components" -update: sudo sh -c "touch /etc/apt/sources.list && \ -sed -i '\\!# $VAR(@) #!d' /etc/apt/sources.list && \ -echo \"deb $VAR(url/@)/ $VAR(distribution/@) $VAR(components/@) # $VAR(@) #\" >> /etc/apt/sources.list" +update: sudo bash -c "set -x; touch /etc/apt/sources.list && \ + sed -i '\\!# $VAR(@) #!d' /etc/apt/sources.list && \ + echo \"deb $VAR(url/@) $VAR(distribution/@) $VAR(components/@) # $VAR(@) #\" >> /tmp/$$-sources.list && \ + if [ $VAR(password/@) ] || [ $VAR(username/@) ]; \ + then \ + sed -i "s!://.*@!://!" /tmp/$$-sources.list; \ + sed -i "s!://!://$VAR(username/@):$VAR(password/@)@!" /tmp/$$-sources.list; \ + fi && \ + cat /tmp/$$-sources.list>>/etc/apt/sources.list ; \ + rm -f /tmp/$$-sources.list" delete: sudo sh -c "touch /etc/apt/sources.list && \ sed -i '\\!# $VAR(@) #!d' /etc/apt/sources.list" diff --git a/templates/system/package/repository/node.tag/password/node.def b/templates/system/package/repository/node.tag/password/node.def new file mode 100644 index 00000000..34ccff27 --- /dev/null +++ b/templates/system/package/repository/node.tag/password/node.def @@ -0,0 +1,8 @@ +type: txt + +help: Repository password + +default: "" + +# need to prohibit '!' in url (sed delimiter) +syntax:expression: pattern $VAR(@) "^[^!]*$" ; "Do not use '!' in url" diff --git a/templates/system/package/repository/node.tag/url/node.def b/templates/system/package/repository/node.tag/url/node.def index 9cb3a472..07021671 100644 --- a/templates/system/package/repository/node.tag/url/node.def +++ b/templates/system/package/repository/node.tag/url/node.def @@ -1,4 +1,4 @@ type: txt -help: Set repository URL +help: Repository URL # need to prohibit '!' in url (sed delimiter) -syntax:expression: pattern $VAR(@) "^[^!]+$" ; "Do not use '!' in url" +syntax:expression: pattern $VAR(@) "^[^!]+$" ; "URL must not be null and must not contain '!'" diff --git a/templates/system/package/repository/node.tag/username/node.def b/templates/system/package/repository/node.tag/username/node.def new file mode 100644 index 00000000..d22dd7cb --- /dev/null +++ b/templates/system/package/repository/node.tag/username/node.def @@ -0,0 +1,8 @@ +type: txt + +help: Repository username + +default: "" + +# need to prohibit '!' in url (sed delimiter) +syntax:expression: pattern $VAR(@) "^[^!]*$" ; "Do not use '!' in url" -- cgit v1.2.3 From 7899738d1262d760c86d1d79fcbeceb493d3c1b8 Mon Sep 17 00:00:00 2001 From: rbalocca Date: Mon, 7 Jul 2008 15:04:06 -0700 Subject: Remove debugging --- templates/system/package/repository/node.def | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/system/package/repository/node.def b/templates/system/package/repository/node.def index 9c7697f8..b2f0349f 100644 --- a/templates/system/package/repository/node.def +++ b/templates/system/package/repository/node.def @@ -8,7 +8,7 @@ commit:expression: $VAR(./url/) != ""; "Must configure the repository URL" commit:expression: $VAR(./distribution/) != ""; "Must configure the repository distribution" commit:expression: $VAR(./components/) != ""; "Must configure the repository components" -update: sudo bash -c "set -x; touch /etc/apt/sources.list && \ +update: sudo bash -c "touch /etc/apt/sources.list && \ sed -i '\\!# $VAR(@) #!d' /etc/apt/sources.list && \ echo \"deb $VAR(url/@) $VAR(distribution/@) $VAR(components/@) # $VAR(@) #\" >> /tmp/$$-sources.list && \ if [ $VAR(password/@) ] || [ $VAR(username/@) ]; \ -- cgit v1.2.3 From f7798694b590a0fee79790cc482d688e095cec5b Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 7 Jul 2008 17:07:25 -0700 Subject: Don't add ide=nodma twice Since the drive sizing can be called twice, don't add duplicate entry to GRUB OPTIONS --- scripts/install-system | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install-system b/scripts/install-system index a7a0b066..d6ea9b74 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -229,7 +229,7 @@ select_drive () { # Assume no dma if the disk is smaller than 10G (such as a CF drive) size=$(get_drive_size $INSTALL_DRIVE) - if [ $size -lt 11000 ] + if [[ $size -lt 11000 && ! $GRUB_OPTIONS =~ 'ide=nodma' ]] then GRUB_OPTIONS="$GRUB_OPTIONS ide=nodma" fi -- cgit v1.2.3 From 4e213e1a8148d755bb3921cae3caee847901b54e Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 7 Jul 2008 17:12:44 -0700 Subject: purge any old entries from sudoers Make sure to cleanup any leftover vyatta entries --- debian/vyatta-cfg-system.postinst.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 735b28e7..b21437a5 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -31,8 +31,9 @@ if [ "$sysconfdir" != "/etc" ]; then echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers fi - # cleanup any old entries + # cleanup any old entries from previous versions ed - /etc/sudoers <