diff options
| author | Sven Gothel <[email protected]> | 2021-02-04 02:59:57 +0100 |
|---|---|---|
| committer | Sven Gothel <[email protected]> | 2021-02-04 02:59:57 +0100 |
| commit | 6740c3582adaf3c382f639efa5e6ec155bed9acb (patch) | |
| tree | 617ab8d37be2918168a4f3cdc4183ab2304193fc | |
| parent | 8b14bb6af34d02124c4304645d0bcda60ad3e906 (diff) | |
| parent | a453bbb9cd398d6b0570cc7542a4a9ad61a366b4 (diff) | |
Merge branch 'master' into zfs-linux-2.0.2
| -rw-r--r-- | etc/ssh/sshd_config | 124 | ||||
| -rw-r--r-- | scripts/apt-preferences.d-local-pin-init | 4 | ||||
| -rw-r--r-- | scripts/deblive01.sh | 3 | ||||
| -rw-r--r-- | scripts/deblive02.sh | 6 | ||||
| -rw-r--r-- | scripts/deblive03-isolinux-boot.txt | 4 | ||||
| -rw-r--r-- | scripts/deblive03.sh | 11 | ||||
| -rw-r--r-- | scripts/deblive04-iso.sh | 2 | ||||
| -rw-r--r-- | scripts/debootstrap01.sh | 6 | ||||
| -rw-r--r-- | scripts/debootstrap02.sh | 18 | ||||
| -rw-r--r-- | scripts/debootstrap03.sh | 4 | ||||
| -rw-r--r-- | scripts/settings00.sh | 3 | ||||
| -rw-r--r-- | scripts/settings00.sh-test02 | 32 | ||||
| -rw-r--r-- | scripts/zfs-2.0.2-1-install-debian10.sh | 31 |
13 files changed, 187 insertions, 61 deletions
diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config new file mode 100644 index 0000000..6885451 --- /dev/null +++ b/etc/ssh/sshd_config @@ -0,0 +1,124 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin prohibit-password +StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +PasswordAuthentication no +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/scripts/apt-preferences.d-local-pin-init b/scripts/apt-preferences.d-local-pin-init index 13982b2..d964b02 100644 --- a/scripts/apt-preferences.d-local-pin-init +++ b/scripts/apt-preferences.d-local-pin-init @@ -1,8 +1,8 @@ -Package: zfs-zed zfs-initramfs zfsutils-linux zfs-dkms libzfs2linux libzpool2linux libuutil1linux libnvpair1linux spl spl-dkms +Package: zfs-zed zfsutils-linux libzfs2linux libzpool2linux libuutil1linux libnvpair1linux spl spl-dkms Pin: version * Pin-Priority: -1 -Package: libzfs2-devel zfs-initramfs zfs zfs-dkms libzfs2 libzpool2 libuutil1 libnvpair1 spl spl-dkms zfs-dracut zfs-test +Package: libzfs2-devel zfs-initramfs zfs zfs-dkms libzfs2 libzfs4 libzpool2 libzpool4 libuutil1 libuutil3 libnvpair1 libnvpair3 zfs-dracut zfs-test Pin: version * Pin-Priority: -1 diff --git a/scripts/deblive01.sh b/scripts/deblive01.sh index df72acd..2508a3b 100644 --- a/scripts/deblive01.sh +++ b/scripts/deblive01.sh @@ -37,9 +37,6 @@ if [ -e ../../debian/packages ] ; then cp -a ../../debian/packages $LIVECHROOT/root/debian/ fi -mkdir -p $LIVECHROOT/root/.ssh -cp -a /home/$MYUSERNAME/.ssh/authorized_keys $LIVECHROOT/root/.ssh/ - echo RUN: chroot $LIVECHROOT /bin/bash --login echo then: cd /root/debian-zfs-live/scripts echo to continue the process with deblive02.sh etc diff --git a/scripts/deblive02.sh b/scripts/deblive02.sh index e48ec41..548d5be 100644 --- a/scripts/deblive02.sh +++ b/scripts/deblive02.sh @@ -2,8 +2,6 @@ . ./settings00.sh -chown -R root:root /root/.ssh - apt-get install --yes \ live-boot \ debian-installer-launcher \ @@ -16,9 +14,5 @@ apt-get clean update-initramfs -u -k all -echo PASSWD FOR USER $MYUSERNAME -useradd -m $MYUSERNAME -passwd $MYUSERNAME - echo "YOU MAY POPULATE FS WITH SOME ADDITIONAL DATA NOW, then exit" echo then you may continue the process with deblive03.sh diff --git a/scripts/deblive03-isolinux-boot.txt b/scripts/deblive03-isolinux-boot.txt index abf1c0e..0506fb4 100644 --- a/scripts/deblive03-isolinux-boot.txt +++ b/scripts/deblive03-isolinux-boot.txt @@ -1,5 +1,5 @@ -1 - Debian10 ZFS Live Graphical -2 - Debian10 ZFS Live Console +1 - Debian11 ZFS Live Graphical +2 - Debian11 ZFS Live Console 3 - HDT low-level hardware info 4 - memtest86+ diff --git a/scripts/deblive03.sh b/scripts/deblive03.sh index 60ce49c..95df72f 100644 --- a/scripts/deblive03.sh +++ b/scripts/deblive03.sh @@ -2,12 +2,9 @@ . ./settings00.sh -mkdir -p $LIVECHROOT/home/$MYUSERNAME -cp -a /home/$MYUSERNAME/.ssh $LIVECHROOT/home/$MYUSERNAME/ -cp -a /home/$MYUSERNAME/.gnupg $LIVECHROOT/home/$MYUSERNAME/ - -/usr/sbin/chroot $LIVECHROOT /bin/chown -R $MYUSERNAME:$MYUSERNAME /home/$MYUSERNAME/.ssh -/usr/sbin/chroot $LIVECHROOT /bin/chown -R $MYUSERNAME:$MYUSERNAME /home/$MYUSERNAME/.gnupg +# Update ownership if populated with data +/usr/sbin/chroot $LIVECHROOT /bin/chown -R root:root /root +/usr/sbin/chroot $LIVECHROOT /bin/chown -R $MYUSERNAME:$MYUSERNAME /home/$LOCALUSERNAME #umount -R $LIVECHROOT/dev #umount -R $LIVECHROOT/proc @@ -19,7 +16,7 @@ mkdir -p $LIVEROOT/image/live # mksquashfs default compression is gzip, enhance small size: -comp xz (cd $LIVEROOT && \ - mksquashfs chroot image/live/filesystem.squashfs -e boot + mksquashfs chroot image/live/filesystem.squashfs -comp xz -e boot ) (cd $LIVEROOT && \ diff --git a/scripts/deblive04-iso.sh b/scripts/deblive04-iso.sh index 84da2df..3a2e37c 100644 --- a/scripts/deblive04-iso.sh +++ b/scripts/deblive04-iso.sh @@ -47,7 +47,7 @@ rm -f $LIVEIMAGE # $LIVEROOT/image xorriso \ - -volid "DEBIAN10_ZFSLIVE" \ + -volid "DEBIAN11_ZFSLIVE" \ -as mkisofs -r -J -joliet-long -l -cache-inodes \ -isohybrid-mbr $LIVECHROOT/usr/lib/ISOLINUX/isohdpfx.bin \ -partition_offset 16 \ diff --git a/scripts/debootstrap01.sh b/scripts/debootstrap01.sh index ce1b402..fd01277 100644 --- a/scripts/debootstrap01.sh +++ b/scripts/debootstrap01.sh @@ -71,7 +71,11 @@ if [ -e ../../debian/packages ] ; then fi mkdir -p $STRAPROOT/root/.ssh -cp -a /home/$MYUSERNAME/.ssh/authorized_keys $STRAPROOT/root/.ssh/ +cp -a /home/$IMPORTUSERNAME/.ssh/authorized_keys $STRAPROOT/root/.ssh/ +cp -a /home/$IMPORTUSERNAME/.vimrc $STRAPROOT/root/ +cp -a /home/$IMPORTUSERNAME/.exrc $STRAPROOT/root/ + +cp -a /home/$IMPORTUSERNAME $STRAPROOT/home/$LOCALUSERNAME echo RUN: chroot $STRAPROOT /bin/bash --login echo then: cd /root/debian-zfs-live/scripts diff --git a/scripts/debootstrap02.sh b/scripts/debootstrap02.sh index 5539d31..513b8de 100644 --- a/scripts/debootstrap02.sh +++ b/scripts/debootstrap02.sh @@ -2,8 +2,6 @@ . ./settings00.sh -chown -R root:root /root/.ssh - ln -s /proc/self/mounts /etc/mtab apt-get update @@ -56,19 +54,27 @@ apt-get install --yes \ # Replace Debian ZFS packages and replace with vanilla latest release . ./zfs-bullseye-remove.sh -. ./zfs-0.8.4-11-install-debian11.sh +. ./zfs-2.0.2-1-install-debian11.sh cat apt-preferences.d-local-pin-init >> /etc/apt/preferences.d/local-pin-init apt-get update apt-get clean +# fix sshd key file attributes +chmod go-rwx /etc/ssh/ssh_host_*_key +mv /etc/ssh/sshd_config /etc/ssh/sshd_config.orig +cp ../etc/ssh/sshd_config /etc/ssh/sshd_config +chown root:root /etc/ssh/sshd_config + update-initramfs -u -k all echo PASSWD FOR USER ROOT passwd root +chown -R root:root /root -echo PASSWD FOR USER TEST -useradd -m test -passwd test +echo PASSWD FOR USER $LOCALUSERNAME +useradd --shell /bin/bash -m $LOCALUSERNAME +passwd $LOCALUSERNAME +chown -R $LOCALUSERNAME:$LOCALUSERNAME /home/$LOCALUSERNAME echo "YOU MAY POPULATE FS WITH SOME ADDITIONAL DATA NOW, then exit" echo then you may continue the process with debootstrap03.sh diff --git a/scripts/debootstrap03.sh b/scripts/debootstrap03.sh index 988b1f4..689580c 100644 --- a/scripts/debootstrap03.sh +++ b/scripts/debootstrap03.sh @@ -2,6 +2,10 @@ . ./settings00.sh +# Update ownership if populated with data +/usr/sbin/chroot $STRAPROOT /bin/chown -R root:root /root +/usr/sbin/chroot $STRAPROOT /bin/chown -R $MYUSERNAME:$MYUSERNAME /home/$LOCALUSERNAME + #umount -R $STRAPROOT/dev #umount -R $STRAPROOT/proc #umount -R $STRAPROOT/sys diff --git a/scripts/settings00.sh b/scripts/settings00.sh index 6085c1b..298f6e4 100644 --- a/scripts/settings00.sh +++ b/scripts/settings00.sh @@ -13,7 +13,8 @@ STRAPBALL_PLAIN=`readlink -f ../debian11-zfs-debootstrap.tar` STRAPBALL=`readlink -f ../debian11-zfs-debootstrap.tar.xz` MYHOSTNAME="debian-zfs" -MYUSERNAME="test01" +IMPORTUSERNAME="test01" +LOCALUSERNAME="test01" # # For Debian ZFS Live Installation diff --git a/scripts/settings00.sh-test02 b/scripts/settings00.sh-test02 deleted file mode 100644 index 3ff797c..0000000 --- a/scripts/settings00.sh-test02 +++ /dev/null @@ -1,32 +0,0 @@ -#! /bin/sh - -# -# For Debian debootstrap tar ball -# -STRAPROOT=/data/debian9/debootstrap -ZFSDEBDIR=`readlink -f ../zfs-linux-0.7.3-debian9-amd64` - -# -# For All -# -STRAPBALL=`readlink -f ../debian9-zfs-debootstrap.tar.bz2` - -MYHOSTNAME="test02" -MYUSERNAME="sven" - -# -# For Debian ZFS Live Installation -# -KVERSION="4.9.0-4-amd64" -LIVEROOT=/data/debian9/live_boot -LIVECHROOT=$LIVEROOT/chroot - -# -# For ZFS System Installation -# -POOL=test02 -DISK1=ata-VBOX_HARDDISK_VB0534c422-330be595 -DISK2=ata-VBOX_HARDDISK_VB9f812506-27aeef4e -DISK3=ata-VBOX_HARDDISK_VBb4e81953-01afbdc6 -MYSWAPSIZE=2G - diff --git a/scripts/zfs-2.0.2-1-install-debian10.sh b/scripts/zfs-2.0.2-1-install-debian10.sh new file mode 100644 index 0000000..567644d --- /dev/null +++ b/scripts/zfs-2.0.2-1-install-debian10.sh @@ -0,0 +1,31 @@ +#! /bin/sh + +ZFSDEBDIR=`readlink -f ../zfs-linux-2.0.2-1-debian10-amd64` + +#skipped: +# libzfs4-devel_2.0.2-1_amd64.deb +# python3-pyzfs_2.0.2-1_amd64.deb +# zfs-dracut_2.0.2-1_amd64.deb +# zfs-test_2.0.2-1_amd64.deb +# zfs-2.0.2.tar.gz + +#apt-get install libnvpair1 libuutil1 libzpool2 libzfs2 +dpkg -i $ZFSDEBDIR/libuutil3_2.0.2-1_amd64.deb +dpkg -i $ZFSDEBDIR/libnvpair3_2.0.2-1_amd64.deb +dpkg -i $ZFSDEBDIR/libzpool4_2.0.2-1_amd64.deb +dpkg -i $ZFSDEBDIR/libzfs4_2.0.2-1_amd64.deb +#apt-get install zfs-dkms zfs zfs-initramfs +dpkg -i $ZFSDEBDIR/zfs-dkms_2.0.2-1_amd64.deb +dpkg -i $ZFSDEBDIR/zfs_2.0.2-1_amd64.deb +dpkg -i $ZFSDEBDIR/zfs-initramfs_2.0.2-1_amd64.deb + +apt-mark manual zfs-initramfs zfs zfs-dkms libzfs2 libzfs4 libzpool2 libzpool4 libuutil1 libuutil3 libnvpair1 libnvpair3 dkms + +# FIX /etc/default/zfs +# ZFS_INITRD_ADDITIONAL_DATASETS="$POOL/users $POOL/users/root $POOL/backup $POOL/data $POOL/services $POOL/projects" +# and run: update-initramfs -u -k all + +##apt-get install grub-common grub-pc grub-pc-bin grub2-common +# systemctl enable zfs-import-cache.service zfs-mount.service zfs-zed.service zfs-import.target zfs-volumes.target zfs.target +# systemctl start zfs-import-cache.service zfs-mount.service zfs-zed.service zfs-import.target zfs-volumes.target zfs.target + |