hanxianzhai/reinstall
1
0
Fork 0
mirror of https://github.com/bin456789/reinstall.git synced 2026-05-21 05:27:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hanxianzhai:047b82aaa0d3adac41151b5aba00bb4b0efc5c01
Branches Tags
hanxianzhai:main
..
compare: hanxianzhai:main
Branches Tags
hanxianzhai:main

12 Commits
047b82aaa0 ... main

Author SHA1 Message Date
bin456789
87301108df windows: 更准确地识别镜像系统版本 2026-05-20 21:25:30 +08:00
bin456789
8d099f167f core: 修复原系统为 bios + nixos 重启后未能进入安装环境 2026-05-20 21:15:43 +08:00
Yinhao Huang
37af3fcd5f nixos: 配置安装时 substituters (#619) 2026-05-20 21:05:39 +08:00
bin456789
9e71f131db opensuse: 删除 leap 15.6 和 wicked 2026-05-11 20:20:33 +08:00
bin456789
e03ac1cdb3 core: 必要时才修改 ssh 配置 2026-05-11 20:18:44 +08:00
bin456789
65c3085416 windows: 使用 ProductType 判断 Windows Client/Server 2026-05-09 22:04:24 +08:00
bin456789
139c342b7e windows: 支持使用非 administrator 账号 2026-05-05 22:55:00 +08:00
bin456789
107c56ac59 windows: 修复无法从法语版 win7 wmic 取出主硬盘 id 2026-05-05 22:35:47 +08:00
bin456789
2f36c30a7d gentoo: 修复安装 dracut 时报错 2026-05-05 22:35:47 +08:00
bin456789
7712a0baae windows: 国内机下载驱动出错后使用 daocloud 镜像 2026-05-04 02:57:08 +08:00
bin456789
c5c77b2ecc core: efibootmgr 报错时显示执行的命令和结果 2026-05-03 23:08:03 +08:00
bin456789
0156afbbe7 fedora: 安装时使用 mount -a 挂载分区和子卷 
fedora: 添加 44
 2026-04-30 22:08:15 +08:00
9 changed files with 498 additions and 323 deletions
Expand all files Collapse all files

2
.github/workflows/run_reinstall.yml vendored
View File

@ -37,7 +37,7 @@ jobs:
${{ matrix.command }} netboot.xyz ${{ matrix.command }} netboot.xyz
${{ matrix.command }} dd --img=https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-SelfInstall.raw.xz ${{ matrix.command }} dd --img=https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-SelfInstall.raw.xz
${{ matrix.command }} windows --image-name='Windows Server blah' --iso https://aka.ms/HCIReleaseImage ${{ matrix.command }} windows --image-name='Windows Server blah' --iso https://aka.ms/HCIReleaseImage --username administrator
${{ matrix.command }} reset ${{ matrix.command }} reset

20
README.en.md
View File

@ -56,9 +56,9 @@ The system requirements for the target system are as follows:
| <img width="16" height="16" src="https://www.redhat.com/favicon.ico" /> RHEL &nbsp;<img width="16" height="16" src="https://almalinux.org/fav/favicon.ico" /> AlmaLinux &nbsp;<img width="16" height="16" src="https://rockylinux.org/favicon.png" /> Rocky &nbsp;<img width="16" height="16" src="https://www.oracle.com/asset/web/favicons/favicon-32.png" /> Oracle | 8, 9, 10 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://www.redhat.com/favicon.ico" /> RHEL &nbsp;<img width="16" height="16" src="https://almalinux.org/fav/favicon.ico" /> AlmaLinux &nbsp;<img width="16" height="16" src="https://rockylinux.org/favicon.png" /> Rocky &nbsp;<img width="16" height="16" src="https://www.oracle.com/asset/web/favicons/favicon-32.png" /> Oracle | 8, 9, 10 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://opencloudos.org/qq.ico" /> OpenCloudOS | 8, 9, Stream 23 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://opencloudos.org/qq.ico" /> OpenCloudOS | 8, 9, Stream 23 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://www.centos.org/assets/icons/favicon.svg" /> CentOS Stream | 9, 10 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://www.centos.org/assets/icons/favicon.svg" /> CentOS Stream | 9, 10 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://fedoraproject.org/favicon.ico" /> Fedora | 42, 43 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://fedoraproject.org/favicon.ico" /> Fedora | 43, 44 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://www.openeuler.org/favicon.ico" /> openEuler | 20.03 LTS - 24.03 LTS, 25.09 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://www.openeuler.org/favicon.ico" /> openEuler | 20.03 LTS - 24.03 LTS | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://static.opensuse.org/favicon.ico" /> openSUSE | Leap 15.6, 16.0, Tumbleweed (Rolling) | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://static.opensuse.org/favicon.ico" /> openSUSE | Leap 16.0, Tumbleweed (Rolling) | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://nixos.org/favicon.svg" /> NixOS | 25.11 | 512 MB | 5 GB | | <img width="16" height="16" src="https://nixos.org/favicon.svg" /> NixOS | 25.11 | 512 MB | 5 GB |
| <img width="16" height="16" src="https://archlinux.org/static/favicon.png" /> Arch | Rolling | 512 MB | 5 GB | | <img width="16" height="16" src="https://archlinux.org/static/favicon.png" /> Arch | Rolling | 512 MB | 5 GB |
| <img width="16" height="16" src="https://www.gentoo.org/assets/img/logo/gentoo-g.png" /> Gentoo | Rolling | 512 MB | 5 GB | | <img width="16" height="16" src="https://www.gentoo.org/assets/img/logo/gentoo-g.png" /> Gentoo | Rolling | 512 MB | 5 GB |
@ -149,7 +149,7 @@ certutil -urlcache -f -split https://cnb.cool/bin456789/reinstall/-/git/raw/main
- Username `root`. The script prompts for a password. If left blank, a random one is generated. - Username `root`. The script prompts for a password. If left blank, a random one is generated.
- When installing the latest version, the version number does not need to be specified. - When installing the latest version, the version number does not need to be specified.
- Maximizes disk space usage: no boot partition (except for Fedora) and no swap partition. - Maximizes disk space utilization: no boot or swap partitions.
- Automatically selects different optimized kernels based on machine type, such as `Cloud` or `HWE` kernels. - Automatically selects different optimized kernels based on machine type, such as `Cloud` or `HWE` kernels.
- When installing Red Hat, you must provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>. You can also install `qcow2` of other RHEL-based OS, such as `Alibaba Cloud Linux` and `TencentOS Server`. - When installing Red Hat, you must provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>. You can also install `qcow2` of other RHEL-based OS, such as `Alibaba Cloud Linux` and `TencentOS Server`.
- After reinstallation, if you need to change the SSH port or switch to key-based login, make sure to also modify the files inside `/etc/ssh/sshd_config.d/`. - After reinstallation, if you need to change the SSH port or switch to key-based login, make sure to also modify the files inside `/etc/ssh/sshd_config.d/`.
@ -163,11 +163,11 @@ bash reinstall.sh anolis 7|8|23
centos 9|10 centos 9|10
fnos 1 fnos 1
nixos 25.11 nixos 25.11
fedora 42|43 fedora 43|44
debian 9|10|11|12|13 debian 9|10|11|12|13
opensuse 16.0|tumbleweed
openeuler 20.03|22.03|24.03
alpine 3.20|3.21|3.22|3.23 alpine 3.20|3.21|3.22|3.23
opensuse 15.6|16.0|tumbleweed
openeuler 20.03|22.03|24.03|25.09
ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal] ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal]
kali kali
arch arch
@ -327,8 +327,9 @@ bash reinstall.sh netboot.xyz
> >
> If the script was run by mistake, you can run `bash reinstall.sh reset` before rebooting to cancel the reinstallation operation. > If the script was run by mistake, you can run `bash reinstall.sh reset` before rebooting to cancel the reinstallation operation.
- Username `administrator`. The script prompts for a password. If left blank, a random one is generated. - The script prompts for a username. If left blank, will use `administrator`.
- If remote login fails, try using the username `.\administrator`. - The script prompts for a password. If left blank, will use a random one.
- If remote login fails, try adding `.\` before the username, for example, `.\administrator`.
- The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot. - The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot.
- Supports ISO images in any language. - Supports ISO images in any language.
- Automatically bypassing Windows 11 hardware requirements. - Automatically bypassing Windows 11 hardware requirements.
@ -446,6 +447,7 @@ bash reinstall.sh windows \
#### Optional Parameters #### Optional Parameters
- `--username USERNAME` Set Username (for Windows only)
- `--password PASSWORD` Set Password - `--password PASSWORD` Set Password
- `--allow-ping` Configure Windows Firewall to Allow Ping Responses - `--allow-ping` Configure Windows Firewall to Allow Ping Responses
- `--rdp-port PORT` Change RDP port - `--rdp-port PORT` Change RDP port

20
README.md
View File

@ -56,9 +56,9 @@
| <img width="16" height="16" src="https://www.redhat.com/favicon.ico" /> RHEL &nbsp;<img width="16" height="16" src="https://almalinux.org/fav/favicon.ico" /> AlmaLinux &nbsp;<img width="16" height="16" src="https://rockylinux.org/favicon.png" /> Rocky &nbsp;<img width="16" height="16" src="https://www.oracle.com/asset/web/favicons/favicon-32.png" /> Oracle | 8, 9, 10 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://www.redhat.com/favicon.ico" /> RHEL &nbsp;<img width="16" height="16" src="https://almalinux.org/fav/favicon.ico" /> AlmaLinux &nbsp;<img width="16" height="16" src="https://rockylinux.org/favicon.png" /> Rocky &nbsp;<img width="16" height="16" src="https://www.oracle.com/asset/web/favicons/favicon-32.png" /> Oracle | 8, 9, 10 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://opencloudos.org/qq.ico" /> OpenCloudOS | 8, 9, Stream 23 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://opencloudos.org/qq.ico" /> OpenCloudOS | 8, 9, Stream 23 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://www.centos.org/assets/icons/favicon.svg" /> CentOS Stream | 9, 10 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://www.centos.org/assets/icons/favicon.svg" /> CentOS Stream | 9, 10 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://fedoraproject.org/favicon.ico" /> Fedora | 42, 43 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://fedoraproject.org/favicon.ico" /> Fedora | 43, 44 | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://www.openeuler.org/favicon.ico" /> openEuler | 20.03 LTS - 24.03 LTS, 25.09 | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://www.openeuler.org/favicon.ico" /> openEuler | 20.03 LTS - 24.03 LTS | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://static.opensuse.org/favicon.ico" /> openSUSE | Leap 15.6, 16.0, Tumbleweed (滚动) | 512 MB \* | 5 GB | | <img width="16" height="16" src="https://static.opensuse.org/favicon.ico" /> openSUSE | Leap 16.0, Tumbleweed (滚动) | 512 MB \* | 5 GB |
| <img width="16" height="16" src="https://nixos.org/favicon.svg" /> NixOS | 25.11 | 512 MB | 5 GB | | <img width="16" height="16" src="https://nixos.org/favicon.svg" /> NixOS | 25.11 | 512 MB | 5 GB |
| <img width="16" height="16" src="https://archlinux.org/static/favicon.png" /> Arch | 滚动 | 512 MB | 5 GB | | <img width="16" height="16" src="https://archlinux.org/static/favicon.png" /> Arch | 滚动 | 512 MB | 5 GB |
| <img width="16" height="16" src="https://www.gentoo.org/assets/img/logo/gentoo-g.png" /> Gentoo | 滚动 | 512 MB | 5 GB | | <img width="16" height="16" src="https://www.gentoo.org/assets/img/logo/gentoo-g.png" /> Gentoo | 滚动 | 512 MB | 5 GB |
@ -149,7 +149,7 @@ certutil -urlcache -f -split https://cnb.cool/bin456789/reinstall/-/git/raw/main
- 用户名为 `root`,脚本会提示输入密码,不输入则使用随机密码 - 用户名为 `root`,脚本会提示输入密码,不输入则使用随机密码
- 安装最新版可不输入版本号 - 安装最新版可不输入版本号
- 最大化利用磁盘空间:不含 boot 分区Fedora 例外),不含 swap 分区 - 最大化利用磁盘空间:不含 boot swap 分区
- 自动根据机器类型选择不同的优化内核,例如 `Cloud``HWE` 内核 - 自动根据机器类型选择不同的优化内核,例如 `Cloud``HWE` 内核
- 安装 Red Hat 时需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接,也可以安装其它类 RHEL 系统的 `qcow2`,例如 `Alibaba Cloud Linux``TencentOS Server` - 安装 Red Hat 时需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接,也可以安装其它类 RHEL 系统的 `qcow2`,例如 `Alibaba Cloud Linux``TencentOS Server`
- 重装后如需修改 SSH 端口或者改成密钥登录,注意还要修改 `/etc/ssh/sshd_config.d/` 里面的文件 - 重装后如需修改 SSH 端口或者改成密钥登录,注意还要修改 `/etc/ssh/sshd_config.d/` 里面的文件
@ -163,11 +163,11 @@ bash reinstall.sh anolis 7|8|23
centos 9|10 centos 9|10
fnos 1 fnos 1
nixos 25.11 nixos 25.11
fedora 42|43 fedora 43|44
debian 9|10|11|12|13 debian 9|10|11|12|13
opensuse 16.0|tumbleweed
openeuler 20.03|22.03|24.03
alpine 3.20|3.21|3.22|3.23 alpine 3.20|3.21|3.22|3.23
opensuse 15.6|16.0|tumbleweed
openeuler 20.03|22.03|24.03|25.09
ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal] ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal]
kali kali
arch arch
@ -327,8 +327,9 @@ bash reinstall.sh netboot.xyz
> >
> 如果不小心运行了脚本,可以在重启前运行 `bash reinstall.sh reset` 取消重装 > 如果不小心运行了脚本,可以在重启前运行 `bash reinstall.sh reset` 取消重装
-户名为 `administrator`,脚本会提示输入密码,不输入则使用随机密码 - 脚本会提示输入用户名,不输入则使`administrator`
- 如果远程登录失败,可以尝试使用用户名 `.\administrator` - 脚本会提示输入密码,不输入则使用随机密码
- 如果远程登录失败,请尝试在用户名前添加 `.\`,例如 `.\administrator`
- 静态机器会自动配置好 IP可能首次开机几分钟后才生效 - 静态机器会自动配置好 IP可能首次开机几分钟后才生效
- 支持任意语言的 ISO - 支持任意语言的 ISO
- 自动绕过 Windows 11 硬件限制 - 自动绕过 Windows 11 硬件限制
@ -446,6 +447,7 @@ bash reinstall.sh windows \
#### 可选参数 #### 可选参数
- `--username USERNAME` 设置用户名(仅限 Windows
- `--password PASSWORD` 设置密码 - `--password PASSWORD` 设置密码
- `--allow-ping` 设置 Windows 防火墙允许被 Ping - `--allow-ping` 设置 Windows 防火墙允许被 Ping
- `--rdp-port PORT` 更改 RDP 端口 - `--rdp-port PORT` 更改 RDP 端口

44
cloud-init-fix-onlink.sh
View File

@ -170,47 +170,6 @@ GatewayOnLink=yes
fi fi
} }
fix_wicked_conf() {
# https://github.com/openSUSE/wicked/wiki/FAQ#q-why-wicked-does-not-set-my-default-static-route
# 修改前
# default 1.1.1.1 - -
# default 2602::1 - -
# 修改后
# 1.1.1.1 - -
# 2602::1 - -
# default 1.1.1.1 - -
# default 2602::1 - -
if ! confs=$(ls "$os_dir/etc/sysconfig/network/ifroute-"* 2>/dev/null); then
return
fi
for conf in $confs; do
# 判断 bug 是否已经修复
if grep -v 'default' "$conf" | grep -q '-'; then
return
fi
# 获取网关
gateways=$(awk '$1=="default" {print $2}' "$conf")
if [ -z "$gateways" ]; then
return
fi
# 创建新条目
for gateway in $gateways; do
echo "$gateway - -"
done | insert_into_file "$conf" head
done
# 重新应用配置
if systemctl -q is-enabled wicked; then
systemctl restart wicked
fi
}
# ubuntu 18.04 cloud-init 版本 23.1.2,因此不用处理 # ubuntu 18.04 cloud-init 版本 23.1.2,因此不用处理
# debian 10/11 云镜像原本用 ifupdown + resolvconf脚本改成用 netplan + networkd/resolved # debian 10/11 云镜像原本用 ifupdown + resolvconf脚本改成用 netplan + networkd/resolved
@ -224,6 +183,3 @@ fix_netplan_conf
# 只需对云镜像处理 # 只需对云镜像处理
# 因为普通安装用的是 alpine 的 cloud-init版本够新不用处理 # 因为普通安装用的是 alpine 的 cloud-init版本够新不用处理
fix_networkd_conf fix_networkd_conf
# opensuse 15.5: ifcfg + netconfig (dns) + wicked
fix_wicked_conf

4
fix-eth-name.service
View File

@ -9,10 +9,6 @@ Before=network.service
Before=networking.service Before=networking.service
Before=systemd-networkd.service Before=systemd-networkd.service
Before=NetworkManager.service Before=NetworkManager.service
Before=wickedd-auto4.service
Before=wickedd-dhcp4.service
Before=wickedd-dhcp6.service
Before=wickedd.service
Before=network.target Before=network.target

107
reinstall.sh
View File

@ -84,11 +84,11 @@ Usage: $reinstall_____ anolis 7|8|23
centos 9|10 centos 9|10
fnos 1 fnos 1
nixos 25.11 nixos 25.11
fedora 42|43 fedora 43|44
debian 9|10|11|12|13 debian 9|10|11|12|13
opensuse 16.0|tumbleweed
openeuler 20.03|22.03|24.03
alpine 3.20|3.21|3.22|3.23 alpine 3.20|3.21|3.22|3.23
opensuse 15.6|16.0|tumbleweed
openeuler 20.03|22.03|24.03|25.09
ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal] ubuntu 18.04|20.04|22.04|24.04|26.04 [--minimal]
kali kali
arch arch
@ -1479,13 +1479,11 @@ Continue?
# leap # leap
dir=distribution/leap/$releasever/appliances dir=distribution/leap/$releasever/appliances
case "$releasever" in case "$releasever" in
15.6) file=openSUSE-Leap-$releasever-Minimal-VM.$basearch-Cloud.qcow2 ;;
16.0) file=Leap-$releasever-Minimal-VM.$basearch-Cloud.qcow2 ;; 16.0) file=Leap-$releasever-Minimal-VM.$basearch-Cloud.qcow2 ;;
# 16.0) file=Leap-$releasever-Minimal-VM.$basearch-kvm$(if [ "$basearch" = x86_64 ]; then echo '-and-xen'; fi).qcow2 ;; # 16.0) file=Leap-$releasever-Minimal-VM.$basearch-kvm$(if [ "$basearch" = x86_64 ]; then echo '-and-xen'; fi).qcow2 ;;
esac esac
# https://src.opensuse.org/openSUSE/Leap-Images/src/branch/leap-16.0/kiwi-templates-Minimal/Minimal.kiwi # https://src.opensuse.org/openSUSE/Leap-Images/src/branch/leap-16.0/kiwi-templates-Minimal/Minimal.kiwi
# https://build.opensuse.org/projects/Virtualization:Appliances:Images:openSUSE-Leap-15.6/packages/kiwi-templates-Minimal/files/Minimal.kiwi
# https://build.opensuse.org/projects/Virtualization:Appliances:Images:openSUSE-Tumbleweed/packages/kiwi-templates-Minimal/files/Minimal.kiwi # https://build.opensuse.org/projects/Virtualization:Appliances:Images:openSUSE-Tumbleweed/packages/kiwi-templates-Minimal/files/Minimal.kiwi
# 有专门的kvm镜像openSUSE-Leap-15.5-Minimal-VM.x86_64-kvm-and-xen.qcow2里面没有cloud-init # 有专门的kvm镜像openSUSE-Leap-15.5-Minimal-VM.x86_64-kvm-and-xen.qcow2里面没有cloud-init
# file=openSUSE-Leap-15.5-Minimal-VM.x86_64-kvm-and-xen.qcow2 # file=openSUSE-Leap-15.5-Minimal-VM.x86_64-kvm-and-xen.qcow2
@ -1910,12 +1908,12 @@ verify_os_name() {
'rocky 8|9|10' \ 'rocky 8|9|10' \
'oracle 8|9|10' \ 'oracle 8|9|10' \
'fnos 1' \ 'fnos 1' \
'fedora 42|43' \ 'fedora 43|44' \
'nixos 25.11' \ 'nixos 25.11' \
'debian 9|10|11|12|13' \ 'debian 9|10|11|12|13' \
'opensuse 15.6|16.0|tumbleweed' \ 'opensuse 16.0|tumbleweed' \
'alpine 3.20|3.21|3.22|3.23' \ 'alpine 3.20|3.21|3.22|3.23' \
'openeuler 20.03|22.03|24.03|25.09' \ 'openeuler 20.03|22.03|24.03' \
'ubuntu 18.04|20.04|22.04|24.04|26.04' \ 'ubuntu 18.04|20.04|22.04|24.04|26.04' \
'redhat' \ 'redhat' \
'kali' \ 'kali' \
@ -2342,6 +2340,59 @@ trim() {
sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'
} }
assert_username_valid() {
if ! msg=$(is_username_valid); then
error_and_exit "$msg"
fi
}
is_username_valid() {
# https://learn.microsoft.com/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-useraccounts-localaccounts-localaccount-name
# 不能为 none [ ] / \ : | < > + = ; , ? * % @
# 账号为空,则使用 Administrator
if [ -z "$username" ]; then
echo "Username: Will use the built-in Administrator account in ISO language."
return 0
fi
if [ "$(to_lower <<<"$username")" = none ]; then
echo "Username: Do not use the name \"NONE\", this is a restricted username."
return 1
fi
if grep -q '[][/\:|<>+=;,?*%@]' <<<"$username"; then
echo "Username: Do not use any of the following characters: / \ [ ] : | < > + = ; , ? * % @"
return 1
fi
# 如果输入以下用户名则忽略,并使用系统内置的 Administrator 账号
# 防止系统有两个不同语言的 Administrator 账号而造成困扰
for builtin_username in \
administrator \
administrador \
administrateur \
administratör \
администратор \
järjestelmänvalvoja \
rendszergazda; do
if [ "$(to_lower <<<"$username")" = "$builtin_username" ]; then
echo "Username: Will use the built-in Administrator account in ISO language."
unset username
return 0
fi
done
}
prompt_username() {
info "prompt username"
warn false "Leave blank to use Administrator"
warn false "不填写则使用 Administrator"
IFS= read -r -p "Username: " username
username="$(printf "%s" "$username" | trim)"
assert_username_valid
}
prompt_password() { prompt_password() {
info "prompt password" info "prompt password"
warn false "Leave blank to use a random password." warn false "Leave blank to use a random password."
@ -2881,18 +2932,20 @@ add_efi_entry_in_linux() {
dev_part=$(findmnt -T "$dist_dir" -no SOURCE | grep '^/dev/') dev_part=$(findmnt -T "$dist_dir" -no SOURCE | grep '^/dev/')
fi fi
if ! { set -- efibootmgr --create-only \
res=$(efibootmgr --create-only \ --disk "/dev/$(get_disk_by_part $dev_part)" \
--disk "/dev/$(get_disk_by_part $dev_part)" \ --part "$(get_part_num_by_part $dev_part)" \
--part "$(get_part_num_by_part $dev_part)" \ --label "$(get_entry_name)" \
--label "$(get_entry_name)" \ --loader "\\EFI\\reinstall\\$basename"
--loader "\\EFI\\reinstall\\$basename") &&
id=$(echo "$res" | grep_efi_entry | tail -1 | grep_efi_index | grep .) && if ! res=$("$@"); then
efibootmgr --bootnext "$id" echo "Command: $*"
}; then
echo "$res" echo "$res"
error_and_exit "Could not add efi entry." error_and_exit "Could not add efi entry."
fi fi
id=$(echo "$res" | grep_efi_entry | tail -1 | grep_efi_index | grep .)
efibootmgr --bootnext "$id"
} }
get_grub_efi_filename() { get_grub_efi_filename() {
@ -3116,7 +3169,7 @@ build_extra_cmdline() {
# https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads # https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads
for key in confhome hold force_boot_mode force_cn force_old_windows_setup cloud_image main_disk \ for key in confhome hold force_boot_mode force_cn force_old_windows_setup cloud_image main_disk \
elts deb_mirror \ elts deb_mirror \
ssh_port rdp_port web_port allow_ping; do username ssh_port rdp_port web_port allow_ping; do
value=${!key} value=${!key}
if [ -n "$value" ]; then if [ -n "$value" ]; then
is_need_quote "$value" && is_need_quote "$value" &&
@ -4141,7 +4194,7 @@ recreate_grub_or_extlinux_cfg() {
/nix/var/nix/profiles/system/bin/switch-to-configuration boot /nix/var/nix/profiles/system/bin/switch-to-configuration boot
# 手动启用 41_custom # 手动启用 41_custom
nixos_grub_home="$(dirname "$(readlink -f "$(get_cmd_path grub-mkconfig)")")/.." nixos_grub_home="$(dirname "$(readlink -f "$(get_cmd_path grub-mkconfig)")")/.."
$nixos_grub_home/etc/grub.d/41_custom >>$target_cfg $nixos_grub_home/etc/grub.d/41_custom >>"$(dirname "$target_cfg")/grub.cfg"
elif is_have_cmd update-grub; then elif is_have_cmd update-grub; then
update-grub update-grub
else else
@ -4310,6 +4363,7 @@ for o in ci installer debug minimal allow-ping force-cn help \
img: \ img: \
cloud-data: \ cloud-data: \
lang: \ lang: \
user: username: \
passwd: password: \ passwd: password: \
ssh-port: \ ssh-port: \
ssh-key: public-key: \ ssh-key: public-key: \
@ -4444,6 +4498,14 @@ while true; do
force_boot_mode=$2 force_boot_mode=$2
shift 2 shift 2
;; ;;
--user | --username)
if ! [ "$distro" = windows ]; then
error_and_exit "$1 is only supported for installing Windows."
fi
username="$(printf "%s" "$2" | trim)"
assert_username_valid
shift 2
;;
--passwd | --password) --passwd | --password)
[ -n "$2" ] || error_and_exit "Need value for $1" [ -n "$2" ] || error_and_exit "Need value for $1"
password=$2 password=$2
@ -4619,6 +4681,11 @@ done
# 检查必须的参数 # 检查必须的参数
verify_os_args verify_os_args
# 用户名
if [ "$distro" = windows ] && [ -z "$username" ]; then
prompt_username
fi
# 密码 # 密码
if ! is_netboot_xyz && [ -z "$ssh_keys" ] && [ -z "$password" ]; then if ! is_netboot_xyz && [ -z "$ssh_keys" ] && [ -z "$password" ]; then
if is_use_dd; then if is_use_dd; then
@ -4898,7 +4965,7 @@ info 'info'
echo "$distro $releasever" echo "$distro $releasever"
case "$distro" in case "$distro" in
windows) username=administrator ;; windows) username=${username:-administrator} ;;
netboot.xyz) username= ;; netboot.xyz) username= ;;
dd | *) username=root ;; dd | *) username=root ;;
esac esac

532
trans.sh
View File

@ -174,8 +174,9 @@ is_magnet_link() {
} }
download() { download() {
url=$1 local url=$1
path=$2 local path=$2
local can_use_cn_mirror=${3:-false}
# 有ipv4地址无ipv4网关的情况下aria2可能会用ipv4下载而不是ipv6 # 有ipv4地址无ipv4网关的情况下aria2可能会用ipv4下载而不是ipv6
# axel 在 lightsail 上会占用大量cpu # axel 在 lightsail 上会占用大量cpu
@ -214,12 +215,19 @@ download() {
# -o 设置 http 下载文件名 # -o 设置 http 下载文件名
# -O 设置 bt 首个文件的文件名 # -O 设置 bt 首个文件的文件名
aria2c "$url" \ set -- \
-d "$(dirname "$path")" \ -d "$(dirname "$path")" \
-o "$(basename "$path")" \ -o "$(basename "$path")" \
-O "1=$(basename "$path")" \ -O "1=$(basename "$path")" \
-U curl/7.54.1 -U curl/7.54.1
if ! aria2c "$url" "$@" &&
! { $can_use_cn_mirror && is_in_china && is_any_ipv4_has_internet &&
url_cn=https://files.m.daocloud.io/$(echo "$url" | sed -Ei 's,^https?://,,') &&
aria2c "$url_cn" "$@"; }; then
error_and_exit "Failed to download $url"
fi
# opensuse 官方镜像支持 metalink # opensuse 官方镜像支持 metalink
# aira2 无法重命名用 metalink 下载的文件 # aira2 无法重命名用 metalink 下载的文件
# 需用以下方法重命名 # 需用以下方法重命名
@ -576,6 +584,10 @@ get_password_windows_administrator_base64() {
get_config password-windows-administrator-base64 get_config password-windows-administrator-base64
} }
get_password_windows_user_base64() {
get_config password-windows-user-base64
}
get_password_plaintext() { get_password_plaintext() {
get_config password-plaintext get_config password-plaintext
} }
@ -1670,6 +1682,21 @@ install_nixos() {
export USER=root export USER=root
export HOME=/root export HOME=/root
configure_nix_substituters() {
if ! is_in_china; then
return
fi
nix_conf=/etc/nix/nix.conf
mkdir -p "$(dirname "$nix_conf")"
if [ -f "$nix_conf" ]; then
sed -i '/^[[:space:]]*substituters[[:space:]]*=/d' "$nix_conf"
fi
echo "substituters = $mirror/store" >>"$nix_conf"
}
case "$nix_from" in case "$nix_from" in
alpine) alpine)
apk add nix apk add nix
@ -1678,9 +1705,7 @@ install_nixos() {
# https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/nix/APKBUILD#L125 # https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/nix/APKBUILD#L125
sed -i '/max-jobs/d' /etc/nix/nix.conf sed -i '/max-jobs/d' /etc/nix/nix.conf
echo "max-jobs = $threads" >>/etc/nix/nix.conf echo "max-jobs = $threads" >>/etc/nix/nix.conf
if is_in_china; then configure_nix_substituters
echo "substituters = $mirror/store" >>/etc/nix/nix.conf
fi
rc-service -q nix-daemon restart rc-service -q nix-daemon restart
# 添加 nix-env 安装的软件到 PATH # 添加 nix-env 安装的软件到 PATH
PATH="/root/.nix-profile/bin:$PATH" PATH="/root/.nix-profile/bin:$PATH"
@ -1731,6 +1756,7 @@ install_nixos() {
apk del xz apk del xz
# shellcheck source=/dev/null # shellcheck source=/dev/null
. /root/.nix-profile/etc/profile.d/nix.sh . /root/.nix-profile/etc/profile.d/nix.sh
configure_nix_substituters
;; ;;
esac esac
@ -1771,6 +1797,7 @@ install_nixos() {
if is_need_set_ssh_keys; then if is_need_set_ssh_keys; then
nix_ssh_keys_or_PermitRootLogin=" nix_ssh_keys_or_PermitRootLogin="
services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
$(del_comment_lines </configs/ssh_keys | del_empty_lines | quote_line | add_space 2) $(del_comment_lines </configs/ssh_keys | del_empty_lines | quote_line | add_space 2)
]; ];
@ -2017,10 +2044,10 @@ basic_init() {
# 公钥/密码 # 公钥/密码
if is_need_set_ssh_keys; then if is_need_set_ssh_keys; then
set_ssh_keys_and_del_password $os_dir set_ssh_keys_and_del_password $os_dir
change_ssh_conf_for_root_key_login $os_dir
else else
change_root_password $os_dir change_root_password $os_dir
allow_root_password_login $os_dir change_ssh_conf_for_root_password_login $os_dir
allow_password_login $os_dir
fi fi
# 下载 fix-eth-name.service # 下载 fix-eth-name.service
@ -2236,10 +2263,8 @@ EOF
rm -rf $os_dir/var/db/repos/gentoo rm -rf $os_dir/var/db/repos/gentoo
chroot $os_dir emerge --sync chroot $os_dir emerge --sync
if [ "$(uname -m)" = x86_64 ]; then # https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Tools#Filesystem_tools
# https://packages.gentoo.org/packages/sys-block/io-scheduler-udev-rules chroot $os_dir emerge sys-block/io-scheduler-udev-rules
chroot $os_dir emerge sys-block/io-scheduler-udev-rules
fi
if is_efi; then if is_efi; then
chroot $os_dir emerge sys-fs/dosfstools chroot $os_dir emerge sys-fs/dosfstools
@ -2251,10 +2276,18 @@ EOF
fi fi
# 安装 grub + 内核 # 安装 grub + 内核
# TODO: 先判断是否有 binpkg有的话不修改 GRUB_PLATFORMS
is_efi && grub_platforms="efi-64" || grub_platforms="pc" is_efi && grub_platforms="efi-64" || grub_platforms="pc"
echo GRUB_PLATFORMS=\"$grub_platforms\" >>$os_dir/etc/portage/make.conf echo GRUB_PLATFORMS=\"$grub_platforms\" >>$os_dir/etc/portage/make.conf
echo "sys-kernel/installkernel dracut grub" >$os_dir/etc/portage/package.use/installkernel echo "sys-kernel/installkernel dracut grub" >$os_dir/etc/portage/package.use/installkernel
# 要设置 root=UUID=xxxx否则 dracut 会报错
# 要注意 root=UUID=xxxx 头尾有空格
# https://wiki.gentoo.org/wiki/Installkernel#Install_chroot_check
# https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Kernel#Chroot_detection
uuid=$(chroot $os_dir findmnt -rno UUID /)
mkdir -p $os_dir/etc/dracut.conf.d
echo "kernel_cmdline=\" root=UUID=$uuid \"" >$os_dir/etc/dracut.conf.d/00-installkernel.conf
chroot $os_dir emerge sys-kernel/gentoo-kernel-bin chroot $os_dir emerge sys-kernel/gentoo-kernel-bin
} }
@ -3481,8 +3514,9 @@ modify_linux() {
find_and_mount() { find_and_mount() {
mount_point=$1 mount_point=$1
mount_dev=$(awk "\$2==\"$mount_point\" {print \$1}" $os_dir/etc/fstab) mount_dev=$(awk "\$2==\"$mount_point\" {print \$1}" $os_dir/etc/fstab)
mount_opts=$(awk "\$2==\"$mount_point\" {print \$4}" $os_dir/etc/fstab)
if [ -n "$mount_dev" ]; then if [ -n "$mount_dev" ]; then
mount $mount_dev $os_dir$mount_point mount -o "$mount_opts" "$mount_dev" "$os_dir$mount_point"
fi fi
} }
@ -3510,9 +3544,13 @@ EOF
# 防止删除 cloud-init / 安装 firmware 时不够内存 # 防止删除 cloud-init / 安装 firmware 时不够内存
create_swap_if_ram_less_than 2048 $os_dir/swapfile create_swap_if_ram_less_than 2048 $os_dir/swapfile
find_and_mount /boot
find_and_mount /boot/efi
mount_pseudo_fs $os_dir mount_pseudo_fs $os_dir
# find_and_mount /boot
# find_and_mount /boot/efi
# fedora 的 fstab 还有 /home /var因此用 mount -a
chroot $os_dir mount -a
cp_resolv_conf $os_dir cp_resolv_conf $os_dir
# 可以直接用 alpine 的 cloud-init 生成 Network Manager 配置 # 可以直接用 alpine 的 cloud-init 生成 Network Manager 配置
@ -3729,61 +3767,11 @@ EOF
# 禁用 selinux # 禁用 selinux
disable_selinux $os_dir disable_selinux $os_dir
# opensuse leap 15.6 用 wicked
# opensuse leap 16.0 / tumbleweed 用 NetworkManager # opensuse leap 16.0 / tumbleweed 用 NetworkManager
if chroot $os_dir rpm -qi wicked; then # 可以直接用 alpine 的 cloud-init 生成 Network Manager 配置
# sysconfig ifcfg create_cloud_init_network_config /net.cfg
create_cloud_init_network_config $os_dir/net.cfg create_network_manager_config /net.cfg "$os_dir"
chroot $os_dir cloud-init devel net-convert \ rm /net.cfg
-p /net.cfg -k yaml -d out -D opensuse -O sysconfig
# 删除
# Created by cloud-init on instance boot automatically, do not edit.
#
sed -i '/^#/d' "$os_dir/out/etc/sysconfig/network/ifcfg-eth"*
for ethx in $(get_eths); do
# 1. 修复甲骨文云重启后 ipv6 丢失
# https://github.com/openSUSE/wicked/issues/1058
# 还要注意 wicked dhcpv6 获取到的 ipv6 是 /64其他 DHCPv6 程序获取到的是 /128
echo DHCLIENT6_USE_LAST_LEASE=no >>$os_dir/out/etc/sysconfig/network/ifcfg-$ethx
# 2. 修复 onlink 网关
for prefix in '' 'default '; do
if is_staticv4; then
get_netconf_to ipv4_gateway
echo "${prefix}${ipv4_gateway} - -" >>$os_dir/out/etc/sysconfig/network/ifroute-$ethx
fi
if is_staticv6; then
get_netconf_to ipv6_gateway
echo "${prefix}${ipv6_gateway} - -" >>$os_dir/out/etc/sysconfig/network/ifroute-$ethx
fi
done
done
# 复制配置
for file in \
"$os_dir/out/etc/sysconfig/network/ifcfg-eth"* \
"$os_dir/out/etc/sysconfig/network/ifroute-eth"*; do
# 动态 ip 没有 ifroute-eth*
if [ -f $file ]; then
cp $file $os_dir/etc/sysconfig/network/
fi
done
# 清理
rm -rf $os_dir/net.cfg $os_dir/out
else
# 如果使用 cloud-init 则需要 touch NetworkManager.conf
# 更新到 cloud-init 24.1 后删除
# touch $os_dir/etc/NetworkManager/NetworkManager.conf
# 可以直接用 alpine 的 cloud-init 生成 Network Manager 配置
create_cloud_init_network_config /net.cfg
create_network_manager_config /net.cfg "$os_dir"
rm /net.cfg
fi
# 选择新内核 # 选择新内核
# 只有 leap 有 kernel-azure # 只有 leap 有 kernel-azure
@ -3863,6 +3851,7 @@ EOF
is_password_plaintext && sed -i 's/enforce=none/enforce=everyone/' $os_dir/etc/security/passwdqc.conf is_password_plaintext && sed -i 's/enforce=none/enforce=everyone/' $os_dir/etc/security/passwdqc.conf
# 下载仓库,选择 profile # 下载仓库,选择 profile
# https://github.com/gentoo/gentoo/blob/master/profiles/profiles.desc
chroot $os_dir emerge-webrsync chroot $os_dir emerge-webrsync
profile=$(chroot $os_dir eselect profile list | grep stable | grep systemd | profile=$(chroot $os_dir eselect profile list | grep stable | grep systemd |
awk '{print length($2), $2}' | sort -n | head -1 | awk '{print $2}') awk '{print length($2), $2}' | sort -n | head -1 | awk '{print $2}')
@ -4058,30 +4047,50 @@ set_ssh_keys_and_del_password() {
chroot $os_dir passwd -d root chroot $os_dir passwd -d root
} }
# 除了 alpine 都会用到 change_ssh_conf_if_different() {
change_ssh_conf() { local os_dir=$1
os_dir=$1 local key=$2
key=$2 local value=$3
value=$3 local sub_conf=$4
sub_conf=$4 if [ -z "$sub_conf" ]; then
sub_conf=$(echo "01-$key.conf" | to_lower)
fi
if line="^$key .*" && grep -Exq "$line" $os_dir/etc/ssh/sshd_config 2>/dev/null; then # 有些发行版自带了某些配置,例如
# 如果 sshd_config 存在此 key非注释状态则替换 # ubuntu:
# cat /etc/ssh/sshd_config.d/60-cloudimg-settings.conf | grep -i PasswordAuthentication
# PasswordAuthentication no
# gentoo:
# cat /etc/ssh/sshd_config.d/9999999gentoo-pam.conf | grep -i PasswordAuthentication
# PasswordAuthentication no
# 0. 如果已经有这个配置,则不修改,避免不必要的改动
if chroot "$os_dir" sshd -G | grep -Fxiq "$key $value"; then
return
fi
if line="^$key .*" && grep -Exiq "$line" $os_dir/etc/ssh/sshd_config 2>/dev/null; then
# 1. 如果 sshd_config 存在此 key非注释状态则替换
sed -Ei "s/$line/$key $value/" $os_dir/etc/ssh/sshd_config sed -Ei "s/$line/$key $value/" $os_dir/etc/ssh/sshd_config
elif include_line='^Include.*/etc/ssh/sshd_config.d' && elif include_line='^Include .*/etc/ssh/sshd_config.d' &&
# 2. 如果 sshd_config 设置了读取 sshd_config.d
# 则写入到 sshd_config.d/01-xxx.conf
# arch 没有 /etc/ssh/sshd_config.d/ 文件夹 # arch 没有 /etc/ssh/sshd_config.d/ 文件夹
# opensuse tumbleweed 没有 /etc/ssh/sshd_config # opensuse tumbleweed 没有 /etc/ssh/sshd_config
# 有 /etc/ssh/sshd_config.d/ 文件夹 # 有 /etc/ssh/sshd_config.d/ 文件夹
# 有 /usr/etc/ssh/sshd_config # 有 /usr/etc/ssh/sshd_config
{ grep -q "$include_line" $os_dir/etc/ssh/sshd_config || { grep -iq "$include_line" $os_dir/etc/ssh/sshd_config ||
grep -q "$include_line" $os_dir/usr/etc/ssh/sshd_config; } 2>/dev/null; then grep -iq "$include_line" $os_dir/usr/etc/ssh/sshd_config; } 2>/dev/null; then
mkdir -p $os_dir/etc/ssh/sshd_config.d/ mkdir -p $os_dir/etc/ssh/sshd_config.d/
echo "$key $value" >"$os_dir/etc/ssh/sshd_config.d/$sub_conf" echo "$key $value" >"$os_dir/etc/ssh/sshd_config.d/$sub_conf"
else else
# 如果 sshd_config 存在此 key (无论是否已注释),则替换,包括删除注释 # 3. 写入 sshd_config
# 否则追加 # 如果 sshd_config 存在此 key (无论是否已注释),则替换,包括删除注释
# 否则追加
line="^[# ]*$key .*" line="^[# ]*$key .*"
if grep -Exq "$line" $os_dir/etc/ssh/sshd_config; then if grep -Exiq "$line" $os_dir/etc/ssh/sshd_config; then
sed -Ei "s/$line/$key $value/" $os_dir/etc/ssh/sshd_config sed -Ei "s/$line/$key $value/" $os_dir/etc/ssh/sshd_config
else else
echo "$key $value" >>$os_dir/etc/ssh/sshd_config echo "$key $value" >>$os_dir/etc/ssh/sshd_config
@ -4089,32 +4098,40 @@ change_ssh_conf() {
fi fi
} }
allow_password_login() { change_ssh_conf_for_root_key_login() {
os_dir=$1 local os_dir=$1
change_ssh_conf "$os_dir" PasswordAuthentication yes 01-PasswordAuthentication.conf
# 目前脚本只用 root ,不需要设置这个
# change_ssh_conf_if_different "$os_dir" PasswordAuthentication no
# 这个也不需要设置,默认就是 prohibit-password
# change_ssh_conf_if_different "$os_dir" PermitRootLogin prohibit-password
} }
allow_root_password_login() { change_ssh_conf_for_root_password_login() {
os_dir=$1 local os_dir=$1
# opensuse 16/tumbleweed 安装 openssh-server-config-rootlogin # opensuse 16/tumbleweed 安装 openssh-server-config-rootlogin
# 会生成 /usr/etc/ssh/sshd_config.d/50-permit-root-login.conf # 会生成 /usr/etc/ssh/sshd_config.d/50-permit-root-login.conf
# 但是如果用户删除了此文件,包有更新的话,可能会重新创建这个文件? # 但是如果用户删除了此文件,包有更新的话,可能会重新创建这个文件?
# 因此先不用这个方法 # 因此先不用这个方法
if false && [ -f $os_dir/etc/os-release ] && if false &&
grep -iq opensuse $os_dir/etc/os-release && [ -f $os_dir/etc/os-release ] &&
! grep -iq 15.6 $os_dir/etc/os-release; then grep -iq opensuse $os_dir/etc/os-release; then
chroot $os_dir zypper install -y openssh-server-config-rootlogin chroot $os_dir zypper install -y openssh-server-config-rootlogin
else
change_ssh_conf "$os_dir" PermitRootLogin yes 01-permitrootlogin.conf
fi fi
# PasswordAuthentication 默认是 yes
# 但某些发行版会在 sshd_config.d 里设置 PasswordAuthentication no
change_ssh_conf_if_different "$os_dir" PasswordAuthentication yes
change_ssh_conf_if_different "$os_dir" PermitRootLogin yes
} }
change_ssh_port() { change_ssh_port() {
os_dir=$1 local os_dir=$1
ssh_port=$2 local ssh_port=$2
change_ssh_conf "$os_dir" Port "$ssh_port" 01-change-ssh-port.conf change_ssh_conf_if_different "$os_dir" Port "$ssh_port"
} }
change_root_password() { change_root_password() {
@ -4571,7 +4588,11 @@ install_fnos() {
# ssh root 登录,测试用 # ssh root 登录,测试用
if false; then if false; then
allow_root_password_login $os_dir if is_need_set_ssh_keys; then
change_ssh_conf_for_root_key_login $os_dir
else
change_ssh_conf_for_root_password_login $os_dir
fi
chroot $os_dir systemctl enable ssh chroot $os_dir systemctl enable ssh
fi fi
@ -5011,11 +5032,15 @@ EOF
fi fi
# 自带的 60-cloudimg-settings.conf 禁止了 PasswordAuthentication # 自带的 60-cloudimg-settings.conf 禁止了 PasswordAuthentication
file=$os_dir/etc/ssh/sshd_config.d/60-cloudimg-settings.conf # 可删除可不删除,因为现在会先读取有效 sshd 配置再修改 sshd 配置
if [ -f $file ]; then # 如果要删除 60-cloudimg-settings.conf 则要在 change_ssh_conf_if_different 之前删除
sed -i '/^PasswordAuthentication/d' $file if false; then
if [ -z "$(cat $file)" ]; then file=$os_dir/etc/ssh/sshd_config.d/60-cloudimg-settings.conf
rm -f $file if [ -f $file ]; then
sed -i '/^PasswordAuthentication/d' $file
if [ -z "$(cat $file)" ]; then
rm -f $file
fi
fi fi
fi fi
@ -5656,49 +5681,58 @@ get_aws_repo() {
fi fi
} }
get_client_name_by_build_ver() {
build_ver=$1
if [ "$build_ver" -ge 22000 ]; then
echo 11
elif [ "$build_ver" -ge 10240 ]; then
echo 10
elif [ "$build_ver" -ge 9600 ]; then
echo 8.1
elif [ "$build_ver" -ge 9200 ]; then
echo 8
elif [ "$build_ver" -ge 7600 ]; then
echo 7
elif [ "$build_ver" -ge 6000 ]; then
echo vista
else
error_and_exit "Unknown Build Version: $build_ver"
fi
}
# 将 AC/SAC 版本号 转换为 LTSC 版本号 # 将 AC/SAC 版本号 转换为 LTSC 版本号
# 用于查找驱动 # 用于查找驱动
get_server_name_by_build_ver() { get_windows_name_by_version() {
build_ver=$1 local nt_ver=$1
local build_ver=$2
local windows_type=$3
if [ "$build_ver" -ge 26100 ]; then local windows_name
echo 2025 windows_name=$(
elif [ "$build_ver" -ge 20348 ]; then case "$windows_type" in
echo 2022 client)
elif [ "$build_ver" -ge 17763 ]; then case "$nt_ver" in
echo 2019 10.0)
elif [ "$build_ver" -ge 14393 ]; then if [ "$build_ver" -ge 22000 ]; then
echo 2016 echo 11
elif [ "$build_ver" -ge 9600 ]; then else
echo 2012 r2 echo 10
elif [ "$build_ver" -ge 9200 ]; then fi
echo 2012 ;;
elif [ "$build_ver" -ge 7600 ]; then 6.3) echo 8.1 ;;
echo 2008 r2 6.2) echo 8 ;;
elif [ "$build_ver" -ge 6001 ]; then 6.1) echo 7 ;;
echo 2008 6.0) echo vista ;;
esac
;;
server)
case "$nt_ver" in
10.0)
if [ "$build_ver" -ge 26100 ]; then
echo 2025
elif [ "$build_ver" -ge 20348 ]; then
echo 2022
elif [ "$build_ver" -ge 17763 ]; then
echo 2019
else
echo 2016
fi
;;
6.3) echo '2012 r2' ;;
6.2) echo '2012' ;;
6.1) echo '2008 r2' ;;
6.0) echo '2008' ;;
esac
;;
esac
)
if [ -n "$windows_name" ]; then
echo "$windows_name"
else else
error_and_exit "Unknown Build Version: $build_ver" error_and_exit "Unknown Windows Version: $nt_ver $build_ver $windows_type"
fi fi
} }
@ -5786,24 +5820,25 @@ get_windows_type_from_windows_drive() {
local os_dir=$1 local os_dir=$1
apk add hivex apk add hivex
software_hive=$(find_file_ignore_case $os_dir/Windows/System32/config/SOFTWARE)
system_hive=$(find_file_ignore_case $os_dir/Windows/System32/config/SYSTEM) system_hive=$(find_file_ignore_case $os_dir/Windows/System32/config/SYSTEM)
installation_type=$(hivexget $software_hive '\Microsoft\Windows NT\CurrentVersion' InstallationType 2>/dev/null || true) product_type=$(hivexget $system_hive '\ControlSet001\Control\ProductOptions' ProductType)
product_type=$(hivexget $system_hive '\ControlSet001\Control\ProductOptions' ProductType 2>/dev/null || true)
apk del hivex apk del hivex
# 根据 win11 multi-session 的情况 # ProductType InstallationType 都是用来区分客户端和服务器系统
# InstallationType 比 ProductType 准确 # 就驱动而言,用的是 ProductType
# https://learn.microsoft.com/windows-hardware/drivers/install/inf-manufacturer-section
# NTamd64.10.0 # 不限制 ProductType
# NTamd64.10.0.1 # 只接受 ProductType 为 1 的系统
# Vista wim 和注册表都没有 InstallationType # 实测也是用 ProductType
case "$installation_type" in # 在 win11 右键 e1d.inf 安装驱动后,在任务管理器强制为任意网卡选择驱动,列表里面:
Client | Embedded) echo client ;; # win11 enterprise 有 i218-V/i-219V有 i218-LM/i219-LM
Server | 'Server Core') echo server ;; # win11 multi-session 没有 i218-V/i-219V有 i218-LM/i219-LM
*) case "$product_type" in
WinNT) echo client ;; case "$product_type" in
ServerNT) echo server ;; WinNT) echo client ;;
*) error_and_exit "Unknown Windows Type" ;; LanmanNT | ServerNT) echo server ;;
esac ;; *) error_and_exit "Unexpected Product Type: $product_type" ;;
esac esac
} }
@ -5833,6 +5868,21 @@ get_intel_download_url() {
grep -Eio -m1 "https://.+/$file_regex" | grep . grep -Eio -m1 "https://.+/$file_regex" | grep .
} }
apk_add_hivex_perl() {
# TODO: alpine 3.24 发布后删除
# hivex-perl 要从 edge/community 仓库下载
local alpine_mirror
alpine_mirror=$(grep '^http.*/main$' /etc/apk/repositories | sed 's,/[^/]*/main$,,' | head -1)
apk add --repository "$alpine_mirror/edge/community" \
--force-non-repository \
--virtual edge \
hivex-perl
}
apk_del_hivex_perl() {
apk del edge
}
install_windows() { install_windows() {
get_wim_prop() { get_wim_prop() {
wim=$1 wim=$1
@ -5918,14 +5968,14 @@ install_windows() {
if [ "$image_count" = 1 ]; then if [ "$image_count" = 1 ]; then
# 只有一个版本就用那个版本 # 只有一个版本就用那个版本
image_name=$all_image_names image_name=$all_image_names
image_index=1 iso_image_index=1
else else
while true; do while true; do
# 匹配成功 # 匹配成功
# 改成正确的大小写 # 改成正确的大小写
if matched_image_name=$(printf '%s\n' "$all_image_names" | grep -Fix "$image_name"); then if matched_image_name=$(printf '%s\n' "$all_image_names" | grep -Fix "$image_name"); then
image_name=$matched_image_name image_name=$matched_image_name
image_index=$(wiminfo "$iso_install_wim" "$image_name" | grep 'Index:' | awk '{print $NF}') iso_image_index=$(wiminfo "$iso_install_wim" "$image_name" | grep 'Index:' | awk '{print $NF}')
break break
fi fi
@ -5946,54 +5996,35 @@ install_windows() {
fi fi
get_selected_image_prop() { get_selected_image_prop() {
get_image_prop "$iso_install_wim" "$image_index" "$1" get_image_prop "$iso_install_wim" "$iso_image_index" "$1"
} }
# 多会话的信息来自注册表,因为没有官方 iso # Windows Server 作为域服务器时ProductType 会变成 LanmanNT ?
# Installation Type:
# https://github.com/search?q=InstallationType+Client+Embedded+Server+Core&type=code
# - Client (普通 windows)
# - Server (windows server 带桌面体验)
# - Server Core (windows server 不带桌面体验)
# - Embedded (WES7 / Thin PC)
# - Client (windows 10/11 enterprise 多会话)
# Product Type:
# https://cloud.tencent.com/developer/article/2465206 # https://cloud.tencent.com/developer/article/2465206
# https://learn.microsoft.com/en-us/azure/virtual-desktop/windows-multisession-faq#why-does-my-application-report-windows-enterprise-multi-session-as-a-server-operating-system # https://github.com/search?q=InstallationType+Client+Embedded+Server+Core&type=code
# - WinNT (普通 windows) # https://learn.microsoft.com/azure/virtual-desktop/windows-multisession-faq#why-does-my-application-report-windows-enterprise-multi-session-as-a-server-operating-system
# - ServerNT (windows server 带桌面体验)
# - ServerNT (windows server 不带桌面体验)
# - WinNT (WES7 / Thin PC)
# - ServerNT (windows 10/11 enterprise 多会话)
# Product Suite: # 信息是从注册表获取,因为某些 install.wim 可能缺少属性
# https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/exinit/productsuite.htm # Azure 上能使用 Windows 10/11 Enterprise 多会话
# - Terminal Server (普通 windows) # HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
# - Enterprise (windows server 2025 带桌面体验) # HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductType
# - Enterprise (windows server 2025 不带桌面体验) # HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductSuite
# - Terminal Server (windows server 2012 R2 评估板 带桌面体验,注册表也是这个值)
# - Terminal Server (windows server 2022 R2 评估板 不带桌面体验,注册表也是这个值)
# - Terminal Server (WES7 / Thin PC)
# - ? (windows 10/11 enterprise 多会话)
# 用内核版本号筛选驱动 # 系统 InstallationType ProductType ProductSuite
# 使得可以安装 Hyper-V Server / Azure Stack HCI 等 Windows Server 变种 # Windows Client (普通 Windows) Client WinNT Terminal Server
# 7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x64FRE_en-us.iso wim 没有 Installation Type # Windows 10/11 Enterprise 多会话 Client ServerNT Terminal Server
# Vista wim 和 注册表 都没有 InstallationType # Windows Server 2012 R2 桌面体验 Server ServerNT Terminal Server 和 DataCenter (两行)
if false; then # Windows Server 2012 R2 不带桌面体验 Server Core ServerNT Terminal Server 和 DataCenter (两行)
nt_ver=$(get_selected_image_prop "Major Version").$(get_selected_image_prop "Minor Version") # Windows Server 2025 桌面体验 Server ServerNT Enterprise
build_ver=$(get_selected_image_prop "Build") # Windows Server 2025 不带桌面体验 Server Core ServerNT Enterprise
installation_type=$(get_selected_image_prop "Installation Type") # WES7 / Thin PC Embedded WinNT Terminal Server
fi
mount_iso_install_wim_to() { mount_iso_install_wim_to() {
local dir=$1 local dir=$1
mkdir -p "$dir" mkdir -p "$dir"
# shellcheck disable=SC2046 # shellcheck disable=SC2046
wimmount "$iso_install_wim" "$image_index" "$dir" \ wimmount "$iso_install_wim" "$iso_image_index" "$dir" \
$($is_swm && echo "--ref=$(dirname "$iso_install_wim")/$swm_ref") $($is_swm && echo "--ref=$(dirname "$iso_install_wim")/$swm_ref")
} }
@ -6008,13 +6039,9 @@ install_windows() {
get_windows_version_from_windows_drive /wim get_windows_version_from_windows_drive /wim
# 检测 client/server并转换成标准版 windows 名称 # 检测 client/server并转换成标准版 windows 名称
# 用于将 Hyper-V Server / Azure Stack HCI / Windows Server AC 的版本号转换成对应的 LTSC 版本号,用于查找驱动
windows_type=$(get_windows_type_from_windows_drive /wim) windows_type=$(get_windows_type_from_windows_drive /wim)
product_ver=$( product_ver=$(get_windows_name_by_version "$nt_ver" "$build_ver" "$windows_type")
case "$windows_type" in
client) get_client_name_by_build_ver "$build_ver" ;;
server) get_server_name_by_build_ver "$build_ver" ;;
esac
)
# 检测 sac 和 nvme # 检测 sac 和 nvme
{ {
@ -6173,21 +6200,24 @@ install_windows() {
) )
fi fi
# $iso_image_index 是原 iso 里面的镜像 wim 编号
# $image_index 是复制到 installer 后的镜像 wim 编号
# 如果是 swm要先合并成 wim 才能编辑 # 如果是 swm要先合并成 wim 才能编辑
if $is_swm; then if $is_swm; then
install_wim=$(echo "$install_wim" | sed 's/\.swm$/.wim/i') install_wim=$(echo "$install_wim" | sed 's/\.swm$/.wim/i')
# 防止不格盘二次运行时报错:文件已存在 # 防止不格盘二次运行时报错:文件已存在
rm -f "$install_wim" rm -f "$install_wim"
wimexport --ref="$(dirname "$iso_install_wim")/$swm_ref" "$iso_install_wim" "$image_index" "$install_wim" wimexport --ref="$(dirname "$iso_install_wim")/$swm_ref" "$iso_install_wim" "$iso_image_index" "$install_wim"
# 只导出了要安装的镜像,因此 image_index 为 1 # 只导出了要安装的镜像,因此 image_index 为 1
image_index=1 image_index=1
elif false; then elif false; then
# 优化 install.wim # 优化 install.wim
# 优点: 可以节省 200M~600M 空间,用来创建虚拟内存 # 优点: 可以节省 200M~600M 空间,用来创建虚拟内存
# (意义不大,因为已经删除了 boot.wim 用来创建虚拟内存vista 除外) # (意义不大,因为已经删除了 boot.wim 用来创建虚拟内存vista 除外)
# 缺点: 如果 install.wim 只有一个镜像,则只能缩小 10M+ # 缺点: 如果 install.wim 只有一个镜像,则只能缩小 10M+
time wimexport --threads "$(get_build_threads 512)" "$iso_install_wim" "$image_index" "$install_wim" time wimexport --threads "$(get_build_threads 512)" "$iso_install_wim" "$iso_image_index" "$install_wim"
# 只导出了要安装的镜像,因此 image_index 为 1 # 只导出了要安装的镜像,因此 image_index 为 1
image_index=1 image_index=1
info "install.wim size" info "install.wim size"
echo "Original: $(get_filesize_mb "$iso_install_wim")" echo "Original: $(get_filesize_mb "$iso_install_wim")"
@ -6195,14 +6225,25 @@ install_windows() {
echo echo
else else
cp "$iso_install_wim" "$install_wim" cp "$iso_install_wim" "$install_wim"
image_index="$iso_image_index"
fi fi
# win11 要求 1GHz 2核1核超线程也行 # win11 要求 1GHz 2核1核超线程也行
# 用注册表无法绕过 # 判断条件是 install.wim 元信息里的 Installation Type而不是 install.wim 注册表里面的
# 7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x64FRE_en-us.iso wim 没有 Installation Type
# Vista wim 和 注册表 都没有 InstallationType
installation_type_from_install_wim_metadata=$(get_selected_image_prop "Installation Type" 2>/dev/null || true)
# 安装时无法用注册表绕过
# https://github.com/pbatard/rufus/issues/1990 # https://github.com/pbatard/rufus/issues/1990
# https://learn.microsoft.com/windows/iot/iot-enterprise/Hardware/System_Requirements # https://learn.microsoft.com/windows/iot/iot-enterprise/Hardware/System_Requirements
# win11 旧版本安装程序24h2之前无法用 setup.exe /product server 跳过 cpu 核数限制因此在xml里解除限制 # win11 旧版本安装程序24h2之前无法用 setup.exe /product server 跳过 cpu 核数限制因此在xml里解除限制
if [ "$product_ver" = "11" ] && [ "$(nproc)" -le 1 ]; then
# windows 11 multi-session 用注册表的信息识别成 server 2022 用于匹配驱动,"$product_ver" 是 2022 而不是 11
# 因此这里判断的条件不是 [ "$product_ver" = "11" ]
if [ "$build_ver" -ge 22000 ] &&
[ "$(echo "$installation_type_from_install_wim_metadata" | to_lower)" = "client" ] &&
[ "$(nproc)" -le 1 ]; then
wiminfo "$install_wim" "$image_index" --image-property WINDOWS/INSTALLATIONTYPE=Server wiminfo "$install_wim" "$image_index" --image-property WINDOWS/INSTALLATIONTYPE=Server
fi fi
@ -6406,7 +6447,7 @@ install_windows() {
) )
# 注意 intel 禁止了 aria2 下载 # 注意 intel 禁止了 aria2 下载
download "$url" $drv/intel.zip download "$url" $drv/intel.zip true
# inf 可能是 UTF-16 LE因此用 rg 搜索 # inf 可能是 UTF-16 LE因此用 rg 搜索
# 用 busybox unzip 解压 win10 驱动时,路径和文件名会粘在一起 # 用 busybox unzip 解压 win10 驱动时,路径和文件名会粘在一起
@ -6719,14 +6760,29 @@ EOF
# %RHELScsi.DeviceDesc% = rhelscsi_inst, PCI\VEN_1AF4&DEV_1004&SUBSYS_00081AF4&REV_00 # %RHELScsi.DeviceDesc% = rhelscsi_inst, PCI\VEN_1AF4&DEV_1004&SUBSYS_00081AF4&REV_00
# %RHELScsi.DeviceDesc% = rhelscsi_inst, PCI\VEN_1AF4&DEV_1048&SUBSYS_11001AF4&REV_01 # %RHELScsi.DeviceDesc% = rhelscsi_inst, PCI\VEN_1AF4&DEV_1048&SUBSYS_11001AF4&REV_01
local baseurl=https://fedorapeople.org/groups/virt/virtio-win/direct-downloads
case "$nt_ver" in case "$nt_ver" in
6.0 | 6.1) $support_sha256 && 6.0 | 6.1) $support_sha256 &&
dir=archive-virtio/virtio-win-0.1.187-1 || dir=archive-virtio/virtio-win-0.1.187-1 ||
dir=archive-virtio/virtio-win-0.1.173-9 ;; # vista|w7|2k8|2k8R2 dir=archive-virtio/virtio-win-0.1.173-9 ;; # vista|w7|2k8|2k8R2
6.2 | 6.3) dir=archive-virtio/virtio-win-0.1.215-2 ;; # w8|w8.1|2k12|2k12R2 6.2 | 6.3) dir=archive-virtio/virtio-win-0.1.215-2 ;; # w8|w8.1|2k12|2k12R2
*) dir=stable-virtio ;; *)
# 先获取最新版本号,再下载
# 用 stable-virtio 的话国内镜像下载的可能是缓存的旧版
dir=$(wget --spider -S "$baseurl/stable-virtio" 2>&1 >/dev/null |
grep -E '^ Location: ' | grep -Ewo -m1 'archive-virtio/virtio-win-.+$')
# dir=stable-virtio
;;
esac esac
# 如果 dir 包含数字,则是从具体版本号文件夹下载,文件不会更新,可以使用国内镜像
if [[ "$dir" =~ [0-9] ]]; then
local can_use_cn_mirror=true
else
local can_use_cn_mirror=false
fi
# vista|w7|2k8|2k8R2|arm64 要从 iso 获取驱动 # vista|w7|2k8|2k8R2|arm64 要从 iso 获取驱动
if [ "$nt_ver" = 6.0 ] || [ "$nt_ver" = 6.1 ] || [ "$arch_wim" = arm64 ]; then if [ "$nt_ver" = 6.0 ] || [ "$nt_ver" = 6.1 ] || [ "$arch_wim" = arm64 ]; then
virtio_source=iso virtio_source=iso
@ -6734,10 +6790,8 @@ EOF
virtio_source=msi virtio_source=msi
fi fi
baseurl=https://fedorapeople.org/groups/virt/virtio-win/direct-downloads
if [ "$virtio_source" = iso ]; then if [ "$virtio_source" = iso ]; then
download $baseurl/$dir/virtio-win.iso $drv/virtio.iso download $baseurl/$dir/virtio-win.iso $drv/virtio.iso $can_use_cn_mirror
mkdir -p $drv/virtio mkdir -p $drv/virtio
mount -o ro $drv/virtio.iso $drv/virtio mount -o ro $drv/virtio.iso $drv/virtio
@ -6750,13 +6804,13 @@ EOF
fi fi
else else
apk add 7zip file apk add 7zip file
download $baseurl/$dir/virtio-win-gt-$arch_xdd.msi $drv/virtio.msi download $baseurl/$dir/virtio-win-gt-$arch_xdd.msi $drv/virtio.msi $can_use_cn_mirror
match="FILE_*_${virtio_sys}_${arch}*" match="FILE_*_${virtio_sys}_${arch}*"
7z x $drv/virtio.msi -o$drv/virtio -i!$match -y -bb1 7z x $drv/virtio.msi -o$drv/virtio -i!$match -y -bb1
# 为没有后缀名的文件添加后缀名
( (
cd $drv/virtio cd $drv/virtio
# 为没有后缀名的文件添加后缀名
echo "Recognizing file extension..." echo "Recognizing file extension..."
for file in *"${virtio_sys}_${arch}"; do for file in *"${virtio_sys}_${arch}"; do
recognized=false recognized=false
@ -6803,7 +6857,7 @@ EOF
# https://mirrors.tencent.com/install/cts/windows/Drivers.zip # https://mirrors.tencent.com/install/cts/windows/Drivers.zip
apk add 7zip apk add 7zip
download https://mirrors.tencent.com/install/windows/virtio_64_1.0.9.exe $drv/virtio.exe download https://mirrors.tencent.com/install/windows/virtio_64_1.0.9.exe $drv/virtio.exe true
exclude='$*' # 排除 $PLUGINSDIR exclude='$*' # 排除 $PLUGINSDIR
override=u # A(u)to rename all override=u # A(u)to rename all
7z x $drv/virtio.exe -o$drv/qcloud/ -ao$override -x!$exclude 7z x $drv/virtio.exe -o$drv/qcloud/ -ao$override -x!$exclude
@ -7015,13 +7069,7 @@ EOF
to_system_hive="$(find_file_ignore_case /wim/Windows/System32/config/SYSTEM)" to_system_hive="$(find_file_ignore_case /wim/Windows/System32/config/SYSTEM)"
to_software_hive="$(find_file_ignore_case /wim/Windows/System32/config/SOFTWARE)" to_software_hive="$(find_file_ignore_case /wim/Windows/System32/config/SOFTWARE)"
# TODO: alpine 3.24 发布后删除 apk_add_hivex_perl
# hivex-perl 要从 edge/community 仓库下载
alpine_mirror=$(grep '^http.*/main$' /etc/apk/repositories | sed 's,/[^/]*/main$,,' | head -1)
apk add --repository "$alpine_mirror/edge/community" \
--force-non-repository \
--virtual edge \
hivex-perl
# 获取当前生效的 wvpci.inf 文件 # 获取当前生效的 wvpci.inf 文件
# 得到 wvpci.inf_amd64_86afbe8940682d27 这样的文件名 # 得到 wvpci.inf_amd64_86afbe8940682d27 这样的文件名
@ -7073,7 +7121,7 @@ EOF
EOF EOF
hivexregedit --merge "$to_system_hive" "$reg" hivexregedit --merge "$to_system_hive" "$reg"
apk del edge apk_del_hivex_perl
else else
error_and_exit "vpci driver not found." error_and_exit "vpci driver not found."
fi fi
@ -7113,7 +7161,7 @@ EOF
url=$(get_intel_download_url "$id" "SetupRST\.exe") url=$(get_intel_download_url "$id" "SetupRST\.exe")
# 注意 intel 禁止了 aria2 下载 # 注意 intel 禁止了 aria2 下载
download $url $drv/SetupRST.exe download $url $drv/SetupRST.exe true
apk add 7zip apk add 7zip
7z x $drv/SetupRST.exe -o$drv/SetupRST -i!.text 7z x $drv/SetupRST.exe -o$drv/SetupRST -i!.text
7z x $drv/SetupRST/.text -o$drv/vmd 7z x $drv/SetupRST/.text -o$drv/vmd
@ -7142,20 +7190,44 @@ EOF
} }
# 修改应答文件 # 修改应答文件
apk add xmlstarlet
download $confhome/windows.xml /tmp/autounattend.xml download $confhome/windows.xml /tmp/autounattend.xml
locale=$(get_selected_image_prop 'Default Language') locale=$(get_selected_image_prop 'Default Language')
use_default_rdp_port=$(is_need_change_rdp_port && echo false || echo true) use_default_rdp_port=$(is_need_change_rdp_port && echo false || echo true)
password_base64=$(get_password_windows_administrator_base64)
# 7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x64FRE_en-us.iso Image Name 为空 # 7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x64FRE_en-us.iso Image Name 为空
# 将 xml Image Name 的值设为空可以正常安装 # 将 xml Image Name 的值设为空可以正常安装
sed -i \ sed -i \
-e "s|%arch%|$arch|" \ -e "s|%arch%|$arch|" \
-e "s|%image_name%|$image_name|" \ -e "s|%image_name%|$image_name|" \
-e "s|%locale%|$locale|" \ -e "s|%locale%|$locale|" \
-e "s|%administrator_password%|$password_base64|" \
-e "s|%use_default_rdp_port%|$use_default_rdp_port|" \ -e "s|%use_default_rdp_port%|$use_default_rdp_port|" \
/tmp/autounattend.xml /tmp/autounattend.xml
# 账号密码
if [ -n "$username" ]; then
# 普通账号
password_base64=$(get_password_windows_user_base64)
xmlstarlet ed -L -N x="urn:schemas-microsoft-com:unattend" \
-d "//x:AdministratorPassword" \
/tmp/autounattend.xml
sed -i \
-e "s|%enable_administrator%|0|" \
-e "s|%user_username%|$username|" \
-e "s|%user_password%|$password_base64|" \
/tmp/autounattend.xml
else
# Administrator
password_base64=$(get_password_windows_administrator_base64)
xmlstarlet ed -L -N x="urn:schemas-microsoft-com:unattend" \
-d "//x:LocalAccounts" \
/tmp/autounattend.xml
sed -i \
-e "s|%enable_administrator%|1|" \
-e "s|%administrator_password%|$password_base64|" \
/tmp/autounattend.xml
fi
# 修改应答文件,分区配置 # 修改应答文件,分区配置
if is_efi; then if is_efi; then
sed -i "s|%installto_partitionid%|3|" /tmp/autounattend.xml sed -i "s|%installto_partitionid%|3|" /tmp/autounattend.xml
@ -7242,12 +7314,12 @@ EOF
wim_windows_xml=$(get_path_in_correct_case /wim/windows.xml) wim_windows_xml=$(get_path_in_correct_case /wim/windows.xml)
wim_setup_exe=$(get_path_in_correct_case /wim/setup.exe) wim_setup_exe=$(get_path_in_correct_case /wim/setup.exe)
apk add xmlstarlet
xmlstarlet ed -d '//comment()' /tmp/autounattend.xml >$wim_autounattend_xml xmlstarlet ed -d '//comment()' /tmp/autounattend.xml >$wim_autounattend_xml
unix2dos $wim_autounattend_xml unix2dos $wim_autounattend_xml
info "autounattend.xml" info "autounattend.xml"
# 查看最终文件,并屏蔽密码 # 查看最终文件,并屏蔽密码
xmlstarlet ed -d '//*[name()="AdministratorPassword" or name()="Password"]' $wim_autounattend_xml | cat -n xmlstarlet ed -d '//*[name()="AdministratorPassword" or name()="Password"]' $wim_autounattend_xml | cat -n
apk del xmlstarlet apk del xmlstarlet
# 避免无参数运行 setup.exe 时自动安装 # 避免无参数运行 setup.exe 时自动安装
@ -7747,7 +7819,7 @@ mount / -o remount,size=100%
sync_time || true sync_time || true
# 安装 ssh 并更改端口 # 安装 ssh 并更改端口
apk add openssh apk add openssh-server
if is_need_change_ssh_port; then if is_need_change_ssh_port; then
change_ssh_port / $ssh_port change_ssh_port / $ssh_port
fi fi
@ -7755,6 +7827,8 @@ fi
# 设置密码,添加开机启动 + 开启 ssh 服务 # 设置密码,添加开机启动 + 开启 ssh 服务
if is_need_set_ssh_keys; then if is_need_set_ssh_keys; then
set_ssh_keys_and_del_password / set_ssh_keys_and_del_password /
# 目前脚本只用 root不需要设置这个
# change_ssh_conf_if_different / PasswordAuthentication no
printf '\n' | setup-sshd printf '\n' | setup-sshd
else else
change_root_password / change_root_password /

75
windows-setup.bat
View File

@ -63,7 +63,7 @@ for /f "tokens=2" %%a in ('echo list vol ^| diskpart ^| find " installer "') do
rem 及时退出 rem 及时退出
if "%VolIndex%"=="" ( if "%VolIndex%"=="" (
echo "Error: Cannot find installer partition." >&2 echo Error: Cannot find installer partition. >&2
exit /b 1 exit /b 1
) )
@ -80,11 +80,54 @@ rem wmic pagefile
rem 获取主硬盘 id rem 获取主硬盘 id
rem vista pe 没有 wmic因此用 diskpart rem vista pe 没有 wmic因此用 diskpart
(echo select vol %VolIndex% & echo list disk) | diskpart | find "* Disk " > X:\disk.txt
for /f "tokens=3" %%a in (X:\disk.txt) do ( rem 法语版 win7 diskpart 始终输出法语,即使设置了 chcp 437因此不能用这个方法
set "DiskIndex=%%a" rem (echo select vol %VolIndex% & echo list disk) | diskpart | find "* Disk " > X:\disk.txt
rem for /f "tokens=3" %%a in (X:\disk.txt) do (
rem set "DiskIndex=%%a"
rem )
rem PE 下没有 findstr因此不能从 wmic 的输出直接选出开头为 * 的行,要用复杂的方法取出磁盘编号
rem 输出 diskpart 结果到文件
(echo select vol %VolIndex% & echo list disk) | diskpart | find "* " > X:\disk.txt
type X:\disk.txt
rem 逐行读取文件
setlocal enabledelayedexpansion
for /f "delims=" %%a in (X:\disk.txt) do (
set "line=%%a"
rem 寻找 * 开头的行
call :is_x_starts_with_char_y "!line!" "*" && (
rem 注意在 for %%b in (!safe_line!) do 中 * 会展开成文件列表,因此要先删除 *
rem 下面用的方法是用 * 作为分割符,获取 * 后面的第一列
rem for /f 会自动忽略行首的分隔符
for /f "tokens=1 delims=*" %%i in ("!line!") do (
set "safe_line=%%i"
)
rem 遍历每一列,找到是数字的那一列,就是磁盘编号
for %%b in (!safe_line!) do (
call :is_number "%%b" && (
set "DiskIndex=%%b"
goto :found_main_disk
)
)
rem 普通 for 是把“一段话”里的“每个词”排成队,让一个变量(%%b轮流去当这些词
rem for /f 是把“一段话”拆成“几个零件”存在不同的变量里(%%i, %%j...
)
) )
:not_found_main_disk
echo Error: Cannot find main disk. >&2
exit /b 1
:found_main_disk
del X:\disk.txt del X:\disk.txt
endlocal & set "DiskIndex=%DiskIndex%"
rem 判断 efi 还是 bios rem 判断 efi 还是 bios
rem 或者用 https://learn.microsoft.com/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode rem 或者用 https://learn.microsoft.com/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode
@ -142,7 +185,8 @@ rem 重新分区/格式化
)) > X:\diskpart.txt )) > X:\diskpart.txt
rem 使用 diskpart /s ,出错不会执行剩下的 diskpart 命令 rem 使用 diskpart /s ,出错不会执行剩下的 diskpart 命令
rem 但是返回值始终是 0
diskpart /s X:\diskpart.txt diskpart /s X:\diskpart.txt
del X:\diskpart.txt del X:\diskpart.txt
@ -252,6 +296,27 @@ echo on
%setup% %ResizeRecoveryPartition% %EMS% %Unattended% %setup% %ResizeRecoveryPartition% %EMS% %Unattended%
exit /b exit /b
:is_number
rem 尝试转换字符串为数字,如果转换失败则说明不是数字
rem 如果转换失败num 是 0
rem 这不影响参数是 0 时的判断
set /a "num=%~1" >nul 2>nul
if "%num%"=="%~1" (
exit /b 0
)
exit /b 1
:is_x_starts_with_char_y
set "tempStr=%~1"
if "%tempStr:~0,1%"=="%~2" (
exit /b 0
)
exit /b 1
:sleep :sleep
rem 没有加载网卡驱动,无法用 ping 来等待 rem 没有加载网卡驱动,无法用 ping 来等待
rem 没有 timeout 命令 rem 没有 timeout 命令

17
windows.xml
View File

@ -86,7 +86,7 @@
<Order>4</Order> <Order>4</Order>
<Path>powercfg /setactive SCHEME_MIN</Path> <Path>powercfg /setactive SCHEME_MIN</Path>
</RunSynchronousCommand> </RunSynchronousCommand>
<!-- 启用 administrator 账户 --> <!-- 按需启用 administrator 账户 -->
<RunSynchronousCommand wcm:action="add"> <RunSynchronousCommand wcm:action="add">
<Order>5</Order> <Order>5</Order>
<!-- vista 没有自带 powershell --> <!-- vista 没有自带 powershell -->
@ -94,7 +94,8 @@
<!-- win7 此时无法用 wmic useraccount --> <!-- win7 此时无法用 wmic useraccount -->
<!-- <Path>wmic useraccount where "sid like '%-500'" set Disabled=false</Path> --> <!-- <Path>wmic useraccount where "sid like '%-500'" set Disabled=false</Path> -->
<!-- https://learn.microsoft.com/archive/technet-wiki/13813.localized-names-for-administrator-account-in-windows --> <!-- https://learn.microsoft.com/archive/technet-wiki/13813.localized-names-for-administrator-account-in-windows -->
<Path>cmd /c "for %a in (Administrator Administrador Administrateur Administratör Администратор Järjestelmänvalvoja Rendszergazda) do (net user %a /active:yes &amp;&amp; exit)"</Path> <!-- %enable_administrator% 会被 trans.sh 替换成 1 或 0 -->
<Path>cmd /c "if "%enable_administrator%"=="1" for %a in (Administrator Administrador Administrateur Administratör Администратор Järjestelmänvalvoja Rendszergazda) do (net user %a /active:yes &amp;&amp; exit)"</Path>
</RunSynchronousCommand> </RunSynchronousCommand>
<!-- 禁用保留空间 --> <!-- 禁用保留空间 -->
<RunSynchronousCommand wcm:action="add"> <RunSynchronousCommand wcm:action="add">
@ -152,6 +153,18 @@
<Value>%administrator_password%</Value> <Value>%administrator_password%</Value>
<PlainText>false</PlainText> <PlainText>false</PlainText>
</AdministratorPassword> </AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Name>%user_username%</Name>
<Password>
<Value>%user_password%</Value>
<PlainText>false</PlainText>
</Password>
<!-- 需要填英文的 Administrators任何语言都是 -->
<!-- https://learn.microsoft.com/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-useraccounts-localaccounts-localaccount-group -->
<Group>Administrators</Group>
</LocalAccount>
</LocalAccounts>
</UserAccounts> </UserAccounts>
<OOBE> <OOBE>
<HideEULAPage>true</HideEULAPage> <HideEULAPage>true</HideEULAPage>