hanxianzhai/reinstall
1
0
Fork 0
mirror of https://github.com/bin456789/reinstall.git synced 2026-05-21 05:27:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hanxianzhai:0156afbbe7d6bad9e6f30ed62809cc18dc2eb132
Branches Tags
hanxianzhai:main
...
compare: hanxianzhai:main
Branches Tags
hanxianzhai:main

11 Commits
0156afbbe7 ... main

Author SHA1 Message Date
bin456789
87301108df windows: 更准确地识别镜像系统版本 2026-05-20 21:25:30 +08:00
bin456789
8d099f167f core: 修复原系统为 bios + nixos 重启后未能进入安装环境 2026-05-20 21:15:43 +08:00
Yinhao Huang
37af3fcd5f nixos: 配置安装时 substituters (#619) 2026-05-20 21:05:39 +08:00
bin456789
9e71f131db opensuse: 删除 leap 15.6 和 wicked 2026-05-11 20:20:33 +08:00
bin456789
e03ac1cdb3 core: 必要时才修改 ssh 配置 2026-05-11 20:18:44 +08:00
bin456789
65c3085416 windows: 使用 ProductType 判断 Windows Client/Server 2026-05-09 22:04:24 +08:00
bin456789
139c342b7e windows: 支持使用非 administrator 账号 2026-05-05 22:55:00 +08:00
bin456789
107c56ac59 windows: 修复无法从法语版 win7 wmic 取出主硬盘 id 2026-05-05 22:35:47 +08:00
bin456789
2f36c30a7d gentoo: 修复安装 dracut 时报错 2026-05-05 22:35:47 +08:00
bin456789
7712a0baae windows: 国内机下载驱动出错后使用 daocloud 镜像 2026-05-04 02:57:08 +08:00
bin456789
c5c77b2ecc core: efibootmgr 报错时显示执行的命令和结果 2026-05-03 23:08:03 +08:00
9 changed files with 476 additions and 306 deletions
Expand all files Collapse all files

2
.github/workflows/run_reinstall.yml vendored
View File

@ -37,7 +37,7 @@ jobs:
${{ matrix.command }} netboot.xyz
${{ matrix.command }} dd --img=https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-SelfInstall.raw.xz
${{ matrix.command }} windows --image-name='Windows Server blah' --iso https://aka.ms/HCIReleaseImage
${{ matrix.command }} windows --image-name='Windows Server blah' --iso https://aka.ms/HCIReleaseImage --username administrator
${{ matrix.command }} reset

10
README.en.md
View File

@ -58,7 +58,7 @@ The system requirements for the target system are as follows:
| <img width="16" height="16" src="https://www.centos.org/assets/icons/favicon.svg" /> CentOS Stream | 9, 10 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://fedoraproject.org/favicon.ico" /> Fedora | 43, 44 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://www.openeuler.org/favicon.ico" /> openEuler | 20.03 LTS - 24.03 LTS | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://static.opensuse.org/favicon.ico" /> openSUSE | Leap 15.6, 16.0, Tumbleweed (Rolling) | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://static.opensuse.org/favicon.ico" /> openSUSE | Leap 16.0, Tumbleweed (Rolling) | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://nixos.org/favicon.svg" /> NixOS | 25.11 | 512 MB | 5 GB |
| <img width="16" height="16" src="https://archlinux.org/static/favicon.png" /> Arch | Rolling | 512 MB | 5 GB |
| <img width="16" height="16" src="https://www.gentoo.org/assets/img/logo/gentoo-g.png" /> Gentoo | Rolling | 512 MB | 5 GB |
@ -165,9 +165,9 @@ bash reinstall.sh anolis 7|8|23
nixos 25.11
fedora 43|44
debian 9|10|11|12|13
opensuse 16.0|tumbleweed
openeuler 20.03|22.03|24.03
alpine 3.20|3.21|3.22|3.23
opensuse 15.6|16.0|tumbleweed
ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal]
kali
arch
@ -327,8 +327,9 @@ bash reinstall.sh netboot.xyz
>
> If the script was run by mistake, you can run `bash reinstall.sh reset` before rebooting to cancel the reinstallation operation.
- Username `administrator`. The script prompts for a password. If left blank, a random one is generated.
- If remote login fails, try using the username `.\administrator`.
- The script prompts for a username. If left blank, will use `administrator`.
- The script prompts for a password. If left blank, will use a random one.
- If remote login fails, try adding `.\` before the username, for example, `.\administrator`.
- The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot.
- Supports ISO images in any language.
- Automatically bypassing Windows 11 hardware requirements.
@ -446,6 +447,7 @@ bash reinstall.sh windows \
#### Optional Parameters
- `--username USERNAME` Set Username (for Windows only)
- `--password PASSWORD` Set Password
- `--allow-ping` Configure Windows Firewall to Allow Ping Responses
- `--rdp-port PORT` Change RDP port

10
README.md
View File

@ -58,7 +58,7 @@
| <img width="16" height="16" src="https://www.centos.org/assets/icons/favicon.svg" /> CentOS Stream | 9, 10 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://fedoraproject.org/favicon.ico" /> Fedora | 43, 44 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://www.openeuler.org/favicon.ico" /> openEuler | 20.03 LTS - 24.03 LTS | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://static.opensuse.org/favicon.ico" /> openSUSE | Leap 15.6, 16.0, Tumbleweed (滚动) | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://static.opensuse.org/favicon.ico" /> openSUSE | Leap 16.0, Tumbleweed (滚动) | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://nixos.org/favicon.svg" /> NixOS | 25.11 | 512 MB | 5 GB |
| <img width="16" height="16" src="https://archlinux.org/static/favicon.png" /> Arch | 滚动 | 512 MB | 5 GB |
| <img width="16" height="16" src="https://www.gentoo.org/assets/img/logo/gentoo-g.png" /> Gentoo | 滚动 | 512 MB | 5 GB |
@ -165,9 +165,9 @@ bash reinstall.sh anolis 7|8|23
nixos 25.11
fedora 43|44
debian 9|10|11|12|13
opensuse 16.0|tumbleweed
openeuler 20.03|22.03|24.03
alpine 3.20|3.21|3.22|3.23
opensuse 15.6|16.0|tumbleweed
ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal]
kali
arch
@ -327,8 +327,9 @@ bash reinstall.sh netboot.xyz
>
> 如果不小心运行了脚本,可以在重启前运行 `bash reinstall.sh reset` 取消重装
-户名为 `administrator`,脚本会提示输入密码,不输入则使用随机密码
- 如果远程登录失败,可以尝试使用用户名 `.\administrator`
- 脚本会提示输入用户名,不输入则使`administrator`
- 脚本会提示输入密码,不输入则使用随机密码
- 如果远程登录失败,请尝试在用户名前添加 `.\`,例如 `.\administrator`
- 静态机器会自动配置好 IP可能首次开机几分钟后才生效
- 支持任意语言的 ISO
- 自动绕过 Windows 11 硬件限制
@ -446,6 +447,7 @@ bash reinstall.sh windows \
#### 可选参数
- `--username USERNAME` 设置用户名(仅限 Windows
- `--password PASSWORD` 设置密码
- `--allow-ping` 设置 Windows 防火墙允许被 Ping
- `--rdp-port PORT` 更改 RDP 端口

44
cloud-init-fix-onlink.sh
View File

@ -170,47 +170,6 @@ GatewayOnLink=yes
fi
}
fix_wicked_conf() {
# https://github.com/openSUSE/wicked/wiki/FAQ#q-why-wicked-does-not-set-my-default-static-route
# 修改前
# default 1.1.1.1 - -
# default 2602::1 - -
# 修改后
# 1.1.1.1 - -
# 2602::1 - -
# default 1.1.1.1 - -
# default 2602::1 - -
if ! confs=$(ls "$os_dir/etc/sysconfig/network/ifroute-"* 2>/dev/null); then
return
fi
for conf in $confs; do
# 判断 bug 是否已经修复
if grep -v 'default' "$conf" | grep -q '-'; then
return
fi
# 获取网关
gateways=$(awk '$1=="default" {print $2}' "$conf")
if [ -z "$gateways" ]; then
return
fi
# 创建新条目
for gateway in $gateways; do
echo "$gateway - -"
done | insert_into_file "$conf" head
done
# 重新应用配置
if systemctl -q is-enabled wicked; then
systemctl restart wicked
fi
}
# ubuntu 18.04 cloud-init 版本 23.1.2,因此不用处理
# debian 10/11 云镜像原本用 ifupdown + resolvconf脚本改成用 netplan + networkd/resolved
@ -224,6 +183,3 @@ fix_netplan_conf
# 只需对云镜像处理
# 因为普通安装用的是 alpine 的 cloud-init版本够新不用处理
fix_networkd_conf
# opensuse 15.5: ifcfg + netconfig (dns) + wicked
fix_wicked_conf

4
fix-eth-name.service
View File

@ -9,10 +9,6 @@ Before=network.service
Before=networking.service
Before=systemd-networkd.service
Before=NetworkManager.service
Before=wickedd-auto4.service
Before=wickedd-dhcp4.service
Before=wickedd-dhcp6.service
Before=wickedd.service
Before=network.target

99
reinstall.sh
View File

@ -86,9 +86,9 @@ Usage: $reinstall_____ anolis 7|8|23
nixos 25.11
fedora 43|44
debian 9|10|11|12|13
opensuse 16.0|tumbleweed
openeuler 20.03|22.03|24.03
alpine 3.20|3.21|3.22|3.23
opensuse 15.6|16.0|tumbleweed
ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal]
kali
arch
@ -1479,13 +1479,11 @@ Continue?
# leap
dir=distribution/leap/$releasever/appliances
case "$releasever" in
15.6) file=openSUSE-Leap-$releasever-Minimal-VM.$basearch-Cloud.qcow2 ;;
16.0) file=Leap-$releasever-Minimal-VM.$basearch-Cloud.qcow2 ;;
# 16.0) file=Leap-$releasever-Minimal-VM.$basearch-kvm$(if [ "$basearch" = x86_64 ]; then echo '-and-xen'; fi).qcow2 ;;
esac
# https://src.opensuse.org/openSUSE/Leap-Images/src/branch/leap-16.0/kiwi-templates-Minimal/Minimal.kiwi
# https://build.opensuse.org/projects/Virtualization:Appliances:Images:openSUSE-Leap-15.6/packages/kiwi-templates-Minimal/files/Minimal.kiwi
# https://build.opensuse.org/projects/Virtualization:Appliances:Images:openSUSE-Tumbleweed/packages/kiwi-templates-Minimal/files/Minimal.kiwi
# 有专门的kvm镜像openSUSE-Leap-15.5-Minimal-VM.x86_64-kvm-and-xen.qcow2里面没有cloud-init
# file=openSUSE-Leap-15.5-Minimal-VM.x86_64-kvm-and-xen.qcow2
@ -1913,7 +1911,7 @@ verify_os_name() {
'fedora 43|44' \
'nixos 25.11' \
'debian 9|10|11|12|13' \
'opensuse 15.6|16.0|tumbleweed' \
'opensuse 16.0|tumbleweed' \
'alpine 3.20|3.21|3.22|3.23' \
'openeuler 20.03|22.03|24.03' \
'ubuntu 18.04|20.04|22.04|24.04|26.04' \
@ -2342,6 +2340,59 @@ trim() {
sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'
}
assert_username_valid() {
if ! msg=$(is_username_valid); then
error_and_exit "$msg"
fi
}
is_username_valid() {
# https://learn.microsoft.com/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-useraccounts-localaccounts-localaccount-name
# 不能为 none [ ] / \ : | < > + = ; , ? * % @
# 账号为空,则使用 Administrator
if [ -z "$username" ]; then
echo "Username: Will use the built-in Administrator account in ISO language."
return 0
fi
if [ "$(to_lower <<<"$username")" = none ]; then
echo "Username: Do not use the name \"NONE\", this is a restricted username."
return 1
fi
if grep -q '[][/\:|<>+=;,?*%@]' <<<"$username"; then
echo "Username: Do not use any of the following characters: / \ [ ] : | < > + = ; , ? * % @"
return 1
fi
# 如果输入以下用户名则忽略,并使用系统内置的 Administrator 账号
# 防止系统有两个不同语言的 Administrator 账号而造成困扰
for builtin_username in \
administrator \
administrador \
administrateur \
administratör \
администратор \
järjestelmänvalvoja \
rendszergazda; do
if [ "$(to_lower <<<"$username")" = "$builtin_username" ]; then
echo "Username: Will use the built-in Administrator account in ISO language."
unset username
return 0
fi
done
}
prompt_username() {
info "prompt username"
warn false "Leave blank to use Administrator"
warn false "不填写则使用 Administrator"
IFS= read -r -p "Username: " username
username="$(printf "%s" "$username" | trim)"
assert_username_valid
}
prompt_password() {
info "prompt password"
warn false "Leave blank to use a random password."
@ -2881,18 +2932,20 @@ add_efi_entry_in_linux() {
dev_part=$(findmnt -T "$dist_dir" -no SOURCE | grep '^/dev/')
fi
if ! {
res=$(efibootmgr --create-only \
--disk "/dev/$(get_disk_by_part $dev_part)" \
--part "$(get_part_num_by_part $dev_part)" \
--label "$(get_entry_name)" \
--loader "\\EFI\\reinstall\\$basename") &&
id=$(echo "$res" | grep_efi_entry | tail -1 | grep_efi_index | grep .) &&
efibootmgr --bootnext "$id"
}; then
set -- efibootmgr --create-only \
--disk "/dev/$(get_disk_by_part $dev_part)" \
--part "$(get_part_num_by_part $dev_part)" \
--label "$(get_entry_name)" \
--loader "\\EFI\\reinstall\\$basename"
if ! res=$("$@"); then
echo "Command: $*"
echo "$res"
error_and_exit "Could not add efi entry."
fi
id=$(echo "$res" | grep_efi_entry | tail -1 | grep_efi_index | grep .)
efibootmgr --bootnext "$id"
}
get_grub_efi_filename() {
@ -3116,7 +3169,7 @@ build_extra_cmdline() {
# https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads
for key in confhome hold force_boot_mode force_cn force_old_windows_setup cloud_image main_disk \
elts deb_mirror \
ssh_port rdp_port web_port allow_ping; do
username ssh_port rdp_port web_port allow_ping; do
value=${!key}
if [ -n "$value" ]; then
is_need_quote "$value" &&
@ -4141,7 +4194,7 @@ recreate_grub_or_extlinux_cfg() {
/nix/var/nix/profiles/system/bin/switch-to-configuration boot
# 手动启用 41_custom
nixos_grub_home="$(dirname "$(readlink -f "$(get_cmd_path grub-mkconfig)")")/.."
$nixos_grub_home/etc/grub.d/41_custom >>$target_cfg
$nixos_grub_home/etc/grub.d/41_custom >>"$(dirname "$target_cfg")/grub.cfg"
elif is_have_cmd update-grub; then
update-grub
else
@ -4310,6 +4363,7 @@ for o in ci installer debug minimal allow-ping force-cn help \
img: \
cloud-data: \
lang: \
user: username: \
passwd: password: \
ssh-port: \
ssh-key: public-key: \
@ -4444,6 +4498,14 @@ while true; do
force_boot_mode=$2
shift 2
;;
--user | --username)
if ! [ "$distro" = windows ]; then
error_and_exit "$1 is only supported for installing Windows."
fi
username="$(printf "%s" "$2" | trim)"
assert_username_valid
shift 2
;;
--passwd | --password)
[ -n "$2" ] || error_and_exit "Need value for $1"
password=$2
@ -4619,6 +4681,11 @@ done
# 检查必须的参数
verify_os_args
# 用户名
if [ "$distro" = windows ] && [ -z "$username" ]; then
prompt_username
fi
# 密码
if ! is_netboot_xyz && [ -z "$ssh_keys" ] && [ -z "$password" ]; then
if is_use_dd; then
@ -4898,7 +4965,7 @@ info 'info'
echo "$distro $releasever"
case "$distro" in
windows) username=administrator ;;
windows) username=${username:-administrator} ;;
netboot.xyz) username= ;;
dd | *) username=root ;;
esac

521
trans.sh
View File

@ -174,8 +174,9 @@ is_magnet_link() {
}
download() {
url=$1
path=$2
local url=$1
local path=$2
local can_use_cn_mirror=${3:-false}
# 有ipv4地址无ipv4网关的情况下aria2可能会用ipv4下载而不是ipv6
# axel 在 lightsail 上会占用大量cpu
@ -214,12 +215,19 @@ download() {
# -o 设置 http 下载文件名
# -O 设置 bt 首个文件的文件名
aria2c "$url" \
set -- \
-d "$(dirname "$path")" \
-o "$(basename "$path")" \
-O "1=$(basename "$path")" \
-U curl/7.54.1
if ! aria2c "$url" "$@" &&
! { $can_use_cn_mirror && is_in_china && is_any_ipv4_has_internet &&
url_cn=https://files.m.daocloud.io/$(echo "$url" | sed -Ei 's,^https?://,,') &&
aria2c "$url_cn" "$@"; }; then
error_and_exit "Failed to download $url"
fi
# opensuse 官方镜像支持 metalink
# aira2 无法重命名用 metalink 下载的文件
# 需用以下方法重命名
@ -576,6 +584,10 @@ get_password_windows_administrator_base64() {
get_config password-windows-administrator-base64
}
get_password_windows_user_base64() {
get_config password-windows-user-base64
}
get_password_plaintext() {
get_config password-plaintext
}
@ -1670,6 +1682,21 @@ install_nixos() {
export USER=root
export HOME=/root
configure_nix_substituters() {
if ! is_in_china; then
return
fi
nix_conf=/etc/nix/nix.conf
mkdir -p "$(dirname "$nix_conf")"
if [ -f "$nix_conf" ]; then
sed -i '/^[[:space:]]*substituters[[:space:]]*=/d' "$nix_conf"
fi
echo "substituters = $mirror/store" >>"$nix_conf"
}
case "$nix_from" in
alpine)
apk add nix
@ -1678,9 +1705,7 @@ install_nixos() {
# https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/nix/APKBUILD#L125
sed -i '/max-jobs/d' /etc/nix/nix.conf
echo "max-jobs = $threads" >>/etc/nix/nix.conf
if is_in_china; then
echo "substituters = $mirror/store" >>/etc/nix/nix.conf
fi
configure_nix_substituters
rc-service -q nix-daemon restart
# 添加 nix-env 安装的软件到 PATH
PATH="/root/.nix-profile/bin:$PATH"
@ -1731,6 +1756,7 @@ install_nixos() {
apk del xz
# shellcheck source=/dev/null
. /root/.nix-profile/etc/profile.d/nix.sh
configure_nix_substituters
;;
esac
@ -1771,6 +1797,7 @@ install_nixos() {
if is_need_set_ssh_keys; then
nix_ssh_keys_or_PermitRootLogin="
services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [
$(del_comment_lines </configs/ssh_keys | del_empty_lines | quote_line | add_space 2)
];
@ -2017,10 +2044,10 @@ basic_init() {
# 公钥/密码
if is_need_set_ssh_keys; then
set_ssh_keys_and_del_password $os_dir
change_ssh_conf_for_root_key_login $os_dir
else
change_root_password $os_dir
allow_root_password_login $os_dir
allow_password_login $os_dir
change_ssh_conf_for_root_password_login $os_dir
fi
# 下载 fix-eth-name.service
@ -2236,10 +2263,8 @@ EOF
rm -rf $os_dir/var/db/repos/gentoo
chroot $os_dir emerge --sync
if [ "$(uname -m)" = x86_64 ]; then
# https://packages.gentoo.org/packages/sys-block/io-scheduler-udev-rules
chroot $os_dir emerge sys-block/io-scheduler-udev-rules
fi
# https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Tools#Filesystem_tools
chroot $os_dir emerge sys-block/io-scheduler-udev-rules
if is_efi; then
chroot $os_dir emerge sys-fs/dosfstools
@ -2251,10 +2276,18 @@ EOF
fi
# 安装 grub + 内核
# TODO: 先判断是否有 binpkg有的话不修改 GRUB_PLATFORMS
is_efi && grub_platforms="efi-64" || grub_platforms="pc"
echo GRUB_PLATFORMS=\"$grub_platforms\" >>$os_dir/etc/portage/make.conf
echo "sys-kernel/installkernel dracut grub" >$os_dir/etc/portage/package.use/installkernel
# 要设置 root=UUID=xxxx否则 dracut 会报错
# 要注意 root=UUID=xxxx 头尾有空格
# https://wiki.gentoo.org/wiki/Installkernel#Install_chroot_check
# https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Kernel#Chroot_detection
uuid=$(chroot $os_dir findmnt -rno UUID /)
mkdir -p $os_dir/etc/dracut.conf.d
echo "kernel_cmdline=\" root=UUID=$uuid \"" >$os_dir/etc/dracut.conf.d/00-installkernel.conf
chroot $os_dir emerge sys-kernel/gentoo-kernel-bin
}
@ -3734,61 +3767,11 @@ EOF
# 禁用 selinux
disable_selinux $os_dir
# opensuse leap 15.6 用 wicked
# opensuse leap 16.0 / tumbleweed 用 NetworkManager
if chroot $os_dir rpm -qi wicked; then
# sysconfig ifcfg
create_cloud_init_network_config $os_dir/net.cfg
chroot $os_dir cloud-init devel net-convert \
-p /net.cfg -k yaml -d out -D opensuse -O sysconfig
# 删除
# Created by cloud-init on instance boot automatically, do not edit.
#
sed -i '/^#/d' "$os_dir/out/etc/sysconfig/network/ifcfg-eth"*
for ethx in $(get_eths); do
# 1. 修复甲骨文云重启后 ipv6 丢失
# https://github.com/openSUSE/wicked/issues/1058
# 还要注意 wicked dhcpv6 获取到的 ipv6 是 /64其他 DHCPv6 程序获取到的是 /128
echo DHCLIENT6_USE_LAST_LEASE=no >>$os_dir/out/etc/sysconfig/network/ifcfg-$ethx
# 2. 修复 onlink 网关
for prefix in '' 'default '; do
if is_staticv4; then
get_netconf_to ipv4_gateway
echo "${prefix}${ipv4_gateway} - -" >>$os_dir/out/etc/sysconfig/network/ifroute-$ethx
fi
if is_staticv6; then
get_netconf_to ipv6_gateway
echo "${prefix}${ipv6_gateway} - -" >>$os_dir/out/etc/sysconfig/network/ifroute-$ethx
fi
done
done
# 复制配置
for file in \
"$os_dir/out/etc/sysconfig/network/ifcfg-eth"* \
"$os_dir/out/etc/sysconfig/network/ifroute-eth"*; do
# 动态 ip 没有 ifroute-eth*
if [ -f $file ]; then
cp $file $os_dir/etc/sysconfig/network/
fi
done
# 清理
rm -rf $os_dir/net.cfg $os_dir/out
else
# 如果使用 cloud-init 则需要 touch NetworkManager.conf
# 更新到 cloud-init 24.1 后删除
# touch $os_dir/etc/NetworkManager/NetworkManager.conf
# 可以直接用 alpine 的 cloud-init 生成 Network Manager 配置
create_cloud_init_network_config /net.cfg
create_network_manager_config /net.cfg "$os_dir"
rm /net.cfg
fi
# 可以直接用 alpine 的 cloud-init 生成 Network Manager 配置
create_cloud_init_network_config /net.cfg
create_network_manager_config /net.cfg "$os_dir"
rm /net.cfg
# 选择新内核
# 只有 leap 有 kernel-azure
@ -3868,6 +3851,7 @@ EOF
is_password_plaintext && sed -i 's/enforce=none/enforce=everyone/' $os_dir/etc/security/passwdqc.conf
# 下载仓库,选择 profile
# https://github.com/gentoo/gentoo/blob/master/profiles/profiles.desc
chroot $os_dir emerge-webrsync
profile=$(chroot $os_dir eselect profile list | grep stable | grep systemd |
awk '{print length($2), $2}' | sort -n | head -1 | awk '{print $2}')
@ -4063,30 +4047,50 @@ set_ssh_keys_and_del_password() {
chroot $os_dir passwd -d root
}
# 除了 alpine 都会用到
change_ssh_conf() {
os_dir=$1
key=$2
value=$3
sub_conf=$4
change_ssh_conf_if_different() {
local os_dir=$1
local key=$2
local value=$3
local sub_conf=$4
if [ -z "$sub_conf" ]; then
sub_conf=$(echo "01-$key.conf" | to_lower)
fi
if line="^$key .*" && grep -Exq "$line" $os_dir/etc/ssh/sshd_config 2>/dev/null; then
# 如果 sshd_config 存在此 key非注释状态则替换
# 有些发行版自带了某些配置,例如
# ubuntu:
# cat /etc/ssh/sshd_config.d/60-cloudimg-settings.conf | grep -i PasswordAuthentication
# PasswordAuthentication no
# gentoo:
# cat /etc/ssh/sshd_config.d/9999999gentoo-pam.conf | grep -i PasswordAuthentication
# PasswordAuthentication no
# 0. 如果已经有这个配置,则不修改,避免不必要的改动
if chroot "$os_dir" sshd -G | grep -Fxiq "$key $value"; then
return
fi
if line="^$key .*" && grep -Exiq "$line" $os_dir/etc/ssh/sshd_config 2>/dev/null; then
# 1. 如果 sshd_config 存在此 key非注释状态则替换
sed -Ei "s/$line/$key $value/" $os_dir/etc/ssh/sshd_config
elif include_line='^Include.*/etc/ssh/sshd_config.d' &&
elif include_line='^Include .*/etc/ssh/sshd_config.d' &&
# 2. 如果 sshd_config 设置了读取 sshd_config.d
# 则写入到 sshd_config.d/01-xxx.conf
# arch 没有 /etc/ssh/sshd_config.d/ 文件夹
# opensuse tumbleweed 没有 /etc/ssh/sshd_config
# 有 /etc/ssh/sshd_config.d/ 文件夹
# 有 /usr/etc/ssh/sshd_config
{ grep -q "$include_line" $os_dir/etc/ssh/sshd_config ||
grep -q "$include_line" $os_dir/usr/etc/ssh/sshd_config; } 2>/dev/null; then
{ grep -iq "$include_line" $os_dir/etc/ssh/sshd_config ||
grep -iq "$include_line" $os_dir/usr/etc/ssh/sshd_config; } 2>/dev/null; then
mkdir -p $os_dir/etc/ssh/sshd_config.d/
echo "$key $value" >"$os_dir/etc/ssh/sshd_config.d/$sub_conf"
else
# 如果 sshd_config 存在此 key (无论是否已注释),则替换,包括删除注释
# 否则追加
# 3. 写入 sshd_config
# 如果 sshd_config 存在此 key (无论是否已注释),则替换,包括删除注释
# 否则追加
line="^[# ]*$key .*"
if grep -Exq "$line" $os_dir/etc/ssh/sshd_config; then
if grep -Exiq "$line" $os_dir/etc/ssh/sshd_config; then
sed -Ei "s/$line/$key $value/" $os_dir/etc/ssh/sshd_config
else
echo "$key $value" >>$os_dir/etc/ssh/sshd_config
@ -4094,32 +4098,40 @@ change_ssh_conf() {
fi
}
allow_password_login() {
os_dir=$1
change_ssh_conf "$os_dir" PasswordAuthentication yes 01-PasswordAuthentication.conf
change_ssh_conf_for_root_key_login() {
local os_dir=$1
# 目前脚本只用 root ,不需要设置这个
# change_ssh_conf_if_different "$os_dir" PasswordAuthentication no
# 这个也不需要设置,默认就是 prohibit-password
# change_ssh_conf_if_different "$os_dir" PermitRootLogin prohibit-password
}
allow_root_password_login() {
os_dir=$1
change_ssh_conf_for_root_password_login() {
local os_dir=$1
# opensuse 16/tumbleweed 安装 openssh-server-config-rootlogin
# 会生成 /usr/etc/ssh/sshd_config.d/50-permit-root-login.conf
# 但是如果用户删除了此文件,包有更新的话,可能会重新创建这个文件?
# 因此先不用这个方法
if false && [ -f $os_dir/etc/os-release ] &&
grep -iq opensuse $os_dir/etc/os-release &&
! grep -iq 15.6 $os_dir/etc/os-release; then
if false &&
[ -f $os_dir/etc/os-release ] &&
grep -iq opensuse $os_dir/etc/os-release; then
chroot $os_dir zypper install -y openssh-server-config-rootlogin
else
change_ssh_conf "$os_dir" PermitRootLogin yes 01-permitrootlogin.conf
fi
# PasswordAuthentication 默认是 yes
# 但某些发行版会在 sshd_config.d 里设置 PasswordAuthentication no
change_ssh_conf_if_different "$os_dir" PasswordAuthentication yes
change_ssh_conf_if_different "$os_dir" PermitRootLogin yes
}
change_ssh_port() {
os_dir=$1
ssh_port=$2
local os_dir=$1
local ssh_port=$2
change_ssh_conf "$os_dir" Port "$ssh_port" 01-change-ssh-port.conf
change_ssh_conf_if_different "$os_dir" Port "$ssh_port"
}
change_root_password() {
@ -4576,7 +4588,11 @@ install_fnos() {
# ssh root 登录,测试用
if false; then
allow_root_password_login $os_dir
if is_need_set_ssh_keys; then
change_ssh_conf_for_root_key_login $os_dir
else
change_ssh_conf_for_root_password_login $os_dir
fi
chroot $os_dir systemctl enable ssh
fi
@ -5016,11 +5032,15 @@ EOF
fi
# 自带的 60-cloudimg-settings.conf 禁止了 PasswordAuthentication
file=$os_dir/etc/ssh/sshd_config.d/60-cloudimg-settings.conf
if [ -f $file ]; then
sed -i '/^PasswordAuthentication/d' $file
if [ -z "$(cat $file)" ]; then
rm -f $file
# 可删除可不删除,因为现在会先读取有效 sshd 配置再修改 sshd 配置
# 如果要删除 60-cloudimg-settings.conf 则要在 change_ssh_conf_if_different 之前删除
if false; then
file=$os_dir/etc/ssh/sshd_config.d/60-cloudimg-settings.conf
if [ -f $file ]; then
sed -i '/^PasswordAuthentication/d' $file
if [ -z "$(cat $file)" ]; then
rm -f $file
fi
fi
fi
@ -5661,49 +5681,58 @@ get_aws_repo() {
fi
}
get_client_name_by_build_ver() {
build_ver=$1
if [ "$build_ver" -ge 22000 ]; then
echo 11
elif [ "$build_ver" -ge 10240 ]; then
echo 10
elif [ "$build_ver" -ge 9600 ]; then
echo 8.1
elif [ "$build_ver" -ge 9200 ]; then
echo 8
elif [ "$build_ver" -ge 7600 ]; then
echo 7
elif [ "$build_ver" -ge 6000 ]; then
echo vista
else
error_and_exit "Unknown Build Version: $build_ver"
fi
}
# 将 AC/SAC 版本号 转换为 LTSC 版本号
# 用于查找驱动
get_server_name_by_build_ver() {
build_ver=$1
get_windows_name_by_version() {
local nt_ver=$1
local build_ver=$2
local windows_type=$3
if [ "$build_ver" -ge 26100 ]; then
echo 2025
elif [ "$build_ver" -ge 20348 ]; then
echo 2022
elif [ "$build_ver" -ge 17763 ]; then
echo 2019
elif [ "$build_ver" -ge 14393 ]; then
echo 2016
elif [ "$build_ver" -ge 9600 ]; then
echo 2012 r2
elif [ "$build_ver" -ge 9200 ]; then
echo 2012
elif [ "$build_ver" -ge 7600 ]; then
echo 2008 r2
elif [ "$build_ver" -ge 6001 ]; then
echo 2008
local windows_name
windows_name=$(
case "$windows_type" in
client)
case "$nt_ver" in
10.0)
if [ "$build_ver" -ge 22000 ]; then
echo 11
else
echo 10
fi
;;
6.3) echo 8.1 ;;
6.2) echo 8 ;;
6.1) echo 7 ;;
6.0) echo vista ;;
esac
;;
server)
case "$nt_ver" in
10.0)
if [ "$build_ver" -ge 26100 ]; then
echo 2025
elif [ "$build_ver" -ge 20348 ]; then
echo 2022
elif [ "$build_ver" -ge 17763 ]; then
echo 2019
else
echo 2016
fi
;;
6.3) echo '2012 r2' ;;
6.2) echo '2012' ;;
6.1) echo '2008 r2' ;;
6.0) echo '2008' ;;
esac
;;
esac
)
if [ -n "$windows_name" ]; then
echo "$windows_name"
else
error_and_exit "Unknown Build Version: $build_ver"
error_and_exit "Unknown Windows Version: $nt_ver $build_ver $windows_type"
fi
}
@ -5791,24 +5820,25 @@ get_windows_type_from_windows_drive() {
local os_dir=$1
apk add hivex
software_hive=$(find_file_ignore_case $os_dir/Windows/System32/config/SOFTWARE)
system_hive=$(find_file_ignore_case $os_dir/Windows/System32/config/SYSTEM)
installation_type=$(hivexget $software_hive '\Microsoft\Windows NT\CurrentVersion' InstallationType 2>/dev/null || true)
product_type=$(hivexget $system_hive '\ControlSet001\Control\ProductOptions' ProductType 2>/dev/null || true)
product_type=$(hivexget $system_hive '\ControlSet001\Control\ProductOptions' ProductType)
apk del hivex
# 根据 win11 multi-session 的情况
# InstallationType 比 ProductType 准确
# ProductType InstallationType 都是用来区分客户端和服务器系统
# 就驱动而言,用的是 ProductType
# https://learn.microsoft.com/windows-hardware/drivers/install/inf-manufacturer-section
# NTamd64.10.0 # 不限制 ProductType
# NTamd64.10.0.1 # 只接受 ProductType 为 1 的系统
# Vista wim 和注册表都没有 InstallationType
case "$installation_type" in
Client | Embedded) echo client ;;
Server | 'Server Core') echo server ;;
*) case "$product_type" in
WinNT) echo client ;;
ServerNT) echo server ;;
*) error_and_exit "Unknown Windows Type" ;;
esac ;;
# 实测也是用 ProductType
# 在 win11 右键 e1d.inf 安装驱动后,在任务管理器强制为任意网卡选择驱动,列表里面:
# win11 enterprise 有 i218-V/i-219V有 i218-LM/i219-LM
# win11 multi-session 没有 i218-V/i-219V有 i218-LM/i219-LM
case "$product_type" in
WinNT) echo client ;;
LanmanNT | ServerNT) echo server ;;
*) error_and_exit "Unexpected Product Type: $product_type" ;;
esac
}
@ -5838,6 +5868,21 @@ get_intel_download_url() {
grep -Eio -m1 "https://.+/$file_regex" | grep .
}
apk_add_hivex_perl() {
# TODO: alpine 3.24 发布后删除
# hivex-perl 要从 edge/community 仓库下载
local alpine_mirror
alpine_mirror=$(grep '^http.*/main$' /etc/apk/repositories | sed 's,/[^/]*/main$,,' | head -1)
apk add --repository "$alpine_mirror/edge/community" \
--force-non-repository \
--virtual edge \
hivex-perl
}
apk_del_hivex_perl() {
apk del edge
}
install_windows() {
get_wim_prop() {
wim=$1
@ -5923,14 +5968,14 @@ install_windows() {
if [ "$image_count" = 1 ]; then
# 只有一个版本就用那个版本
image_name=$all_image_names
image_index=1
iso_image_index=1
else
while true; do
# 匹配成功
# 改成正确的大小写
if matched_image_name=$(printf '%s\n' "$all_image_names" | grep -Fix "$image_name"); then
image_name=$matched_image_name
image_index=$(wiminfo "$iso_install_wim" "$image_name" | grep 'Index:' | awk '{print $NF}')
iso_image_index=$(wiminfo "$iso_install_wim" "$image_name" | grep 'Index:' | awk '{print $NF}')
break
fi
@ -5951,54 +5996,35 @@ install_windows() {
fi
get_selected_image_prop() {
get_image_prop "$iso_install_wim" "$image_index" "$1"
get_image_prop "$iso_install_wim" "$iso_image_index" "$1"
}
# 多会话的信息来自注册表,因为没有官方 iso
# Installation Type:
# https://github.com/search?q=InstallationType+Client+Embedded+Server+Core&type=code
# - Client (普通 windows)
# - Server (windows server 带桌面体验)
# - Server Core (windows server 不带桌面体验)
# - Embedded (WES7 / Thin PC)
# - Client (windows 10/11 enterprise 多会话)
# Product Type:
# Windows Server 作为域服务器时ProductType 会变成 LanmanNT ?
# https://cloud.tencent.com/developer/article/2465206
# https://learn.microsoft.com/en-us/azure/virtual-desktop/windows-multisession-faq#why-does-my-application-report-windows-enterprise-multi-session-as-a-server-operating-system
# - WinNT (普通 windows)
# - ServerNT (windows server 带桌面体验)
# - ServerNT (windows server 不带桌面体验)
# - WinNT (WES7 / Thin PC)
# - ServerNT (windows 10/11 enterprise 多会话)
# https://github.com/search?q=InstallationType+Client+Embedded+Server+Core&type=code
# https://learn.microsoft.com/azure/virtual-desktop/windows-multisession-faq#why-does-my-application-report-windows-enterprise-multi-session-as-a-server-operating-system
# Product Suite:
# https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/exinit/productsuite.htm
# - Terminal Server (普通 windows)
# - Enterprise (windows server 2025 带桌面体验)
# - Enterprise (windows server 2025 不带桌面体验)
# - Terminal Server (windows server 2012 R2 评估板 带桌面体验,注册表也是这个值)
# - Terminal Server (windows server 2022 R2 评估板 不带桌面体验,注册表也是这个值)
# - Terminal Server (WES7 / Thin PC)
# - ? (windows 10/11 enterprise 多会话)
# 信息是从注册表获取,因为某些 install.wim 可能缺少属性
# Azure 上能使用 Windows 10/11 Enterprise 多会话
# HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductType
# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductSuite
# 用内核版本号筛选驱动
# 使得可以安装 Hyper-V Server / Azure Stack HCI 等 Windows Server 变种
# 7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x64FRE_en-us.iso wim 没有 Installation Type
# Vista wim 和 注册表 都没有 InstallationType
if false; then
nt_ver=$(get_selected_image_prop "Major Version").$(get_selected_image_prop "Minor Version")
build_ver=$(get_selected_image_prop "Build")
installation_type=$(get_selected_image_prop "Installation Type")
fi
# 系统 InstallationType ProductType ProductSuite
# Windows Client (普通 Windows) Client WinNT Terminal Server
# Windows 10/11 Enterprise 多会话 Client ServerNT Terminal Server
# Windows Server 2012 R2 桌面体验 Server ServerNT Terminal Server 和 DataCenter (两行)
# Windows Server 2012 R2 不带桌面体验 Server Core ServerNT Terminal Server 和 DataCenter (两行)
# Windows Server 2025 桌面体验 Server ServerNT Enterprise
# Windows Server 2025 不带桌面体验 Server Core ServerNT Enterprise
# WES7 / Thin PC Embedded WinNT Terminal Server
mount_iso_install_wim_to() {
local dir=$1
mkdir -p "$dir"
# shellcheck disable=SC2046
wimmount "$iso_install_wim" "$image_index" "$dir" \
wimmount "$iso_install_wim" "$iso_image_index" "$dir" \
$($is_swm && echo "--ref=$(dirname "$iso_install_wim")/$swm_ref")
}
@ -6013,13 +6039,9 @@ install_windows() {
get_windows_version_from_windows_drive /wim
# 检测 client/server并转换成标准版 windows 名称
# 用于将 Hyper-V Server / Azure Stack HCI / Windows Server AC 的版本号转换成对应的 LTSC 版本号,用于查找驱动
windows_type=$(get_windows_type_from_windows_drive /wim)
product_ver=$(
case "$windows_type" in
client) get_client_name_by_build_ver "$build_ver" ;;
server) get_server_name_by_build_ver "$build_ver" ;;
esac
)
product_ver=$(get_windows_name_by_version "$nt_ver" "$build_ver" "$windows_type")
# 检测 sac 和 nvme
{
@ -6178,21 +6200,24 @@ install_windows() {
)
fi
# $iso_image_index 是原 iso 里面的镜像 wim 编号
# $image_index 是复制到 installer 后的镜像 wim 编号
# 如果是 swm要先合并成 wim 才能编辑
if $is_swm; then
install_wim=$(echo "$install_wim" | sed 's/\.swm$/.wim/i')
# 防止不格盘二次运行时报错:文件已存在
rm -f "$install_wim"
wimexport --ref="$(dirname "$iso_install_wim")/$swm_ref" "$iso_install_wim" "$image_index" "$install_wim"
# 只导出了要安装的镜像,因此 image_index 为 1
wimexport --ref="$(dirname "$iso_install_wim")/$swm_ref" "$iso_install_wim" "$iso_image_index" "$install_wim"
# 只导出了要安装的镜像,因此 image_index 为 1
image_index=1
elif false; then
# 优化 install.wim
# 优点: 可以节省 200M~600M 空间,用来创建虚拟内存
# (意义不大,因为已经删除了 boot.wim 用来创建虚拟内存vista 除外)
# 缺点: 如果 install.wim 只有一个镜像,则只能缩小 10M+
time wimexport --threads "$(get_build_threads 512)" "$iso_install_wim" "$image_index" "$install_wim"
# 只导出了要安装的镜像,因此 image_index 为 1
time wimexport --threads "$(get_build_threads 512)" "$iso_install_wim" "$iso_image_index" "$install_wim"
# 只导出了要安装的镜像,因此 image_index 为 1
image_index=1
info "install.wim size"
echo "Original: $(get_filesize_mb "$iso_install_wim")"
@ -6200,14 +6225,25 @@ install_windows() {
echo
else
cp "$iso_install_wim" "$install_wim"
image_index="$iso_image_index"
fi
# win11 要求 1GHz 2核1核超线程也行
# 用注册表无法绕过
# 判断条件是 install.wim 元信息里的 Installation Type而不是 install.wim 注册表里面的
# 7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x64FRE_en-us.iso wim 没有 Installation Type
# Vista wim 和 注册表 都没有 InstallationType
installation_type_from_install_wim_metadata=$(get_selected_image_prop "Installation Type" 2>/dev/null || true)
# 安装时无法用注册表绕过
# https://github.com/pbatard/rufus/issues/1990
# https://learn.microsoft.com/windows/iot/iot-enterprise/Hardware/System_Requirements
# win11 旧版本安装程序24h2之前无法用 setup.exe /product server 跳过 cpu 核数限制因此在xml里解除限制
if [ "$product_ver" = "11" ] && [ "$(nproc)" -le 1 ]; then
# windows 11 multi-session 用注册表的信息识别成 server 2022 用于匹配驱动,"$product_ver" 是 2022 而不是 11
# 因此这里判断的条件不是 [ "$product_ver" = "11" ]
if [ "$build_ver" -ge 22000 ] &&
[ "$(echo "$installation_type_from_install_wim_metadata" | to_lower)" = "client" ] &&
[ "$(nproc)" -le 1 ]; then
wiminfo "$install_wim" "$image_index" --image-property WINDOWS/INSTALLATIONTYPE=Server
fi
@ -6411,7 +6447,7 @@ install_windows() {
)
# 注意 intel 禁止了 aria2 下载
download "$url" $drv/intel.zip
download "$url" $drv/intel.zip true
# inf 可能是 UTF-16 LE因此用 rg 搜索
# 用 busybox unzip 解压 win10 驱动时,路径和文件名会粘在一起
@ -6724,14 +6760,29 @@ EOF
# %RHELScsi.DeviceDesc% = rhelscsi_inst, PCI\VEN_1AF4&DEV_1004&SUBSYS_00081AF4&REV_00
# %RHELScsi.DeviceDesc% = rhelscsi_inst, PCI\VEN_1AF4&DEV_1048&SUBSYS_11001AF4&REV_01
local baseurl=https://fedorapeople.org/groups/virt/virtio-win/direct-downloads
case "$nt_ver" in
6.0 | 6.1) $support_sha256 &&
dir=archive-virtio/virtio-win-0.1.187-1 ||
dir=archive-virtio/virtio-win-0.1.173-9 ;; # vista|w7|2k8|2k8R2
6.2 | 6.3) dir=archive-virtio/virtio-win-0.1.215-2 ;; # w8|w8.1|2k12|2k12R2
*) dir=stable-virtio ;;
*)
# 先获取最新版本号,再下载
# 用 stable-virtio 的话国内镜像下载的可能是缓存的旧版
dir=$(wget --spider -S "$baseurl/stable-virtio" 2>&1 >/dev/null |
grep -E '^ Location: ' | grep -Ewo -m1 'archive-virtio/virtio-win-.+$')
# dir=stable-virtio
;;
esac
# 如果 dir 包含数字,则是从具体版本号文件夹下载,文件不会更新,可以使用国内镜像
if [[ "$dir" =~ [0-9] ]]; then
local can_use_cn_mirror=true
else
local can_use_cn_mirror=false
fi
# vista|w7|2k8|2k8R2|arm64 要从 iso 获取驱动
if [ "$nt_ver" = 6.0 ] || [ "$nt_ver" = 6.1 ] || [ "$arch_wim" = arm64 ]; then
virtio_source=iso
@ -6739,10 +6790,8 @@ EOF
virtio_source=msi
fi
baseurl=https://fedorapeople.org/groups/virt/virtio-win/direct-downloads
if [ "$virtio_source" = iso ]; then
download $baseurl/$dir/virtio-win.iso $drv/virtio.iso
download $baseurl/$dir/virtio-win.iso $drv/virtio.iso $can_use_cn_mirror
mkdir -p $drv/virtio
mount -o ro $drv/virtio.iso $drv/virtio
@ -6755,13 +6804,13 @@ EOF
fi
else
apk add 7zip file
download $baseurl/$dir/virtio-win-gt-$arch_xdd.msi $drv/virtio.msi
download $baseurl/$dir/virtio-win-gt-$arch_xdd.msi $drv/virtio.msi $can_use_cn_mirror
match="FILE_*_${virtio_sys}_${arch}*"
7z x $drv/virtio.msi -o$drv/virtio -i!$match -y -bb1
# 为没有后缀名的文件添加后缀名
(
cd $drv/virtio
# 为没有后缀名的文件添加后缀名
echo "Recognizing file extension..."
for file in *"${virtio_sys}_${arch}"; do
recognized=false
@ -6808,7 +6857,7 @@ EOF
# https://mirrors.tencent.com/install/cts/windows/Drivers.zip
apk add 7zip
download https://mirrors.tencent.com/install/windows/virtio_64_1.0.9.exe $drv/virtio.exe
download https://mirrors.tencent.com/install/windows/virtio_64_1.0.9.exe $drv/virtio.exe true
exclude='$*' # 排除 $PLUGINSDIR
override=u # A(u)to rename all
7z x $drv/virtio.exe -o$drv/qcloud/ -ao$override -x!$exclude
@ -7020,13 +7069,7 @@ EOF
to_system_hive="$(find_file_ignore_case /wim/Windows/System32/config/SYSTEM)"
to_software_hive="$(find_file_ignore_case /wim/Windows/System32/config/SOFTWARE)"
# TODO: alpine 3.24 发布后删除
# hivex-perl 要从 edge/community 仓库下载
alpine_mirror=$(grep '^http.*/main$' /etc/apk/repositories | sed 's,/[^/]*/main$,,' | head -1)
apk add --repository "$alpine_mirror/edge/community" \
--force-non-repository \
--virtual edge \
hivex-perl
apk_add_hivex_perl
# 获取当前生效的 wvpci.inf 文件
# 得到 wvpci.inf_amd64_86afbe8940682d27 这样的文件名
@ -7078,7 +7121,7 @@ EOF
EOF
hivexregedit --merge "$to_system_hive" "$reg"
apk del edge
apk_del_hivex_perl
else
error_and_exit "vpci driver not found."
fi
@ -7118,7 +7161,7 @@ EOF
url=$(get_intel_download_url "$id" "SetupRST\.exe")
# 注意 intel 禁止了 aria2 下载
download $url $drv/SetupRST.exe
download $url $drv/SetupRST.exe true
apk add 7zip
7z x $drv/SetupRST.exe -o$drv/SetupRST -i!.text
7z x $drv/SetupRST/.text -o$drv/vmd
@ -7147,20 +7190,44 @@ EOF
}
# 修改应答文件
apk add xmlstarlet
download $confhome/windows.xml /tmp/autounattend.xml
locale=$(get_selected_image_prop 'Default Language')
use_default_rdp_port=$(is_need_change_rdp_port && echo false || echo true)
password_base64=$(get_password_windows_administrator_base64)
# 7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x64FRE_en-us.iso Image Name 为空
# 将 xml Image Name 的值设为空可以正常安装
sed -i \
-e "s|%arch%|$arch|" \
-e "s|%image_name%|$image_name|" \
-e "s|%locale%|$locale|" \
-e "s|%administrator_password%|$password_base64|" \
-e "s|%use_default_rdp_port%|$use_default_rdp_port|" \
/tmp/autounattend.xml
# 账号密码
if [ -n "$username" ]; then
# 普通账号
password_base64=$(get_password_windows_user_base64)
xmlstarlet ed -L -N x="urn:schemas-microsoft-com:unattend" \
-d "//x:AdministratorPassword" \
/tmp/autounattend.xml
sed -i \
-e "s|%enable_administrator%|0|" \
-e "s|%user_username%|$username|" \
-e "s|%user_password%|$password_base64|" \
/tmp/autounattend.xml
else
# Administrator
password_base64=$(get_password_windows_administrator_base64)
xmlstarlet ed -L -N x="urn:schemas-microsoft-com:unattend" \
-d "//x:LocalAccounts" \
/tmp/autounattend.xml
sed -i \
-e "s|%enable_administrator%|1|" \
-e "s|%administrator_password%|$password_base64|" \
/tmp/autounattend.xml
fi
# 修改应答文件,分区配置
if is_efi; then
sed -i "s|%installto_partitionid%|3|" /tmp/autounattend.xml
@ -7247,12 +7314,12 @@ EOF
wim_windows_xml=$(get_path_in_correct_case /wim/windows.xml)
wim_setup_exe=$(get_path_in_correct_case /wim/setup.exe)
apk add xmlstarlet
xmlstarlet ed -d '//comment()' /tmp/autounattend.xml >$wim_autounattend_xml
unix2dos $wim_autounattend_xml
info "autounattend.xml"
# 查看最终文件,并屏蔽密码
xmlstarlet ed -d '//*[name()="AdministratorPassword" or name()="Password"]' $wim_autounattend_xml | cat -n
apk del xmlstarlet
# 避免无参数运行 setup.exe 时自动安装
@ -7752,7 +7819,7 @@ mount / -o remount,size=100%
sync_time || true
# 安装 ssh 并更改端口
apk add openssh
apk add openssh-server
if is_need_change_ssh_port; then
change_ssh_port / $ssh_port
fi
@ -7760,6 +7827,8 @@ fi
# 设置密码,添加开机启动 + 开启 ssh 服务
if is_need_set_ssh_keys; then
set_ssh_keys_and_del_password /
# 目前脚本只用 root不需要设置这个
# change_ssh_conf_if_different / PasswordAuthentication no
printf '\n' | setup-sshd
else
change_root_password /

75
windows-setup.bat
View File

@ -63,7 +63,7 @@ for /f "tokens=2" %%a in ('echo list vol ^| diskpart ^| find " installer "') do
rem 及时退出
if "%VolIndex%"=="" (
echo "Error: Cannot find installer partition." >&2
echo Error: Cannot find installer partition. >&2
exit /b 1
)
@ -80,11 +80,54 @@ rem wmic pagefile
rem 获取主硬盘 id
rem vista pe 没有 wmic因此用 diskpart
(echo select vol %VolIndex% & echo list disk) | diskpart | find "* Disk " > X:\disk.txt
for /f "tokens=3" %%a in (X:\disk.txt) do (
set "DiskIndex=%%a"
rem 法语版 win7 diskpart 始终输出法语,即使设置了 chcp 437因此不能用这个方法
rem (echo select vol %VolIndex% & echo list disk) | diskpart | find "* Disk " > X:\disk.txt
rem for /f "tokens=3" %%a in (X:\disk.txt) do (
rem set "DiskIndex=%%a"
rem )
rem PE 下没有 findstr因此不能从 wmic 的输出直接选出开头为 * 的行,要用复杂的方法取出磁盘编号
rem 输出 diskpart 结果到文件
(echo select vol %VolIndex% & echo list disk) | diskpart | find "* " > X:\disk.txt
type X:\disk.txt
rem 逐行读取文件
setlocal enabledelayedexpansion
for /f "delims=" %%a in (X:\disk.txt) do (
set "line=%%a"
rem 寻找 * 开头的行
call :is_x_starts_with_char_y "!line!" "*" && (
rem 注意在 for %%b in (!safe_line!) do 中 * 会展开成文件列表,因此要先删除 *
rem 下面用的方法是用 * 作为分割符,获取 * 后面的第一列
rem for /f 会自动忽略行首的分隔符
for /f "tokens=1 delims=*" %%i in ("!line!") do (
set "safe_line=%%i"
)
rem 遍历每一列,找到是数字的那一列,就是磁盘编号
for %%b in (!safe_line!) do (
call :is_number "%%b" && (
set "DiskIndex=%%b"
goto :found_main_disk
)
)
rem 普通 for 是把“一段话”里的“每个词”排成队,让一个变量(%%b轮流去当这些词
rem for /f 是把“一段话”拆成“几个零件”存在不同的变量里(%%i, %%j...
)
)
:not_found_main_disk
echo Error: Cannot find main disk. >&2
exit /b 1
:found_main_disk
del X:\disk.txt
endlocal & set "DiskIndex=%DiskIndex%"
rem 判断 efi 还是 bios
rem 或者用 https://learn.microsoft.com/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode
@ -142,7 +185,8 @@ rem 重新分区/格式化
)) > X:\diskpart.txt
rem 使用 diskpart /s ,出错不会执行剩下的 diskpart 命令
rem 使用 diskpart /s ,出错不会执行剩下的 diskpart 命令
rem 但是返回值始终是 0
diskpart /s X:\diskpart.txt
del X:\diskpart.txt
@ -252,6 +296,27 @@ echo on
%setup% %ResizeRecoveryPartition% %EMS% %Unattended%
exit /b
:is_number
rem 尝试转换字符串为数字,如果转换失败则说明不是数字
rem 如果转换失败num 是 0
rem 这不影响参数是 0 时的判断
set /a "num=%~1" >nul 2>nul
if "%num%"=="%~1" (
exit /b 0
)
exit /b 1
:is_x_starts_with_char_y
set "tempStr=%~1"
if "%tempStr:~0,1%"=="%~2" (
exit /b 0
)
exit /b 1
:sleep
rem 没有加载网卡驱动,无法用 ping 来等待
rem 没有 timeout 命令

17
windows.xml
View File

@ -86,7 +86,7 @@
<Order>4</Order>
<Path>powercfg /setactive SCHEME_MIN</Path>
</RunSynchronousCommand>
<!-- 启用 administrator 账户 -->
<!-- 按需启用 administrator 账户 -->
<RunSynchronousCommand wcm:action="add">
<Order>5</Order>
<!-- vista 没有自带 powershell -->
@ -94,7 +94,8 @@
<!-- win7 此时无法用 wmic useraccount -->
<!-- <Path>wmic useraccount where "sid like '%-500'" set Disabled=false</Path> -->
<!-- https://learn.microsoft.com/archive/technet-wiki/13813.localized-names-for-administrator-account-in-windows -->
<Path>cmd /c "for %a in (Administrator Administrador Administrateur Administratör Администратор Järjestelmänvalvoja Rendszergazda) do (net user %a /active:yes &amp;&amp; exit)"</Path>
<!-- %enable_administrator% 会被 trans.sh 替换成 1 或 0 -->
<Path>cmd /c "if "%enable_administrator%"=="1" for %a in (Administrator Administrador Administrateur Administratör Администратор Järjestelmänvalvoja Rendszergazda) do (net user %a /active:yes &amp;&amp; exit)"</Path>
</RunSynchronousCommand>
<!-- 禁用保留空间 -->
<RunSynchronousCommand wcm:action="add">
@ -152,6 +153,18 @@
<Value>%administrator_password%</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Name>%user_username%</Name>
<Password>
<Value>%user_password%</Value>
<PlainText>false</PlainText>
</Password>
<!-- 需要填英文的 Administrators任何语言都是 -->
<!-- https://learn.microsoft.com/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-useraccounts-localaccounts-localaccount-group -->
<Group>Administrators</Group>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<OOBE>
<HideEULAPage>true</HideEULAPage>