diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-10-25 00:09:19 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-10-25 00:09:24 +0200 |
commit | 9519c960415e6af12ed5fe875ede74366515d5de (patch) | |
tree | e30f37daa413fefb51ec7e6b021d0bd7cc2a4f85 /roles/installer/debian | |
parent | add new ch-pan (diff) |
add support for kali linux (WIP)
Diffstat (limited to 'roles/installer/debian')
5 files changed, 138 insertions, 6 deletions
diff --git a/roles/installer/debian/fetch/defaults/main.yml b/roles/installer/debian/fetch/defaults/main.yml index 1b9f8206..d42ee361 100644 --- a/roles/installer/debian/fetch/defaults/main.yml +++ b/roles/installer/debian/fetch/defaults/main.yml @@ -8,3 +8,4 @@ debian_installer_force_download: no debian_installer_url: debian: "http://{{ apt_repo_providers[apt_repo_provider].debian.host }}{{ apt_repo_providers[apt_repo_provider].debian.path }}" ubuntu: "http://{{ apt_repo_providers[apt_repo_provider].ubuntu.host }}{{ apt_repo_providers[apt_repo_provider].ubuntu.path }}" + kali: "http://{{ apt_repo_providers[apt_repo_provider].kali.host }}{{ apt_repo_providers[apt_repo_provider].kali.path }}" diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml index b0dd59a5..433f2631 100644 --- a/roles/installer/debian/fetch/tasks/main.yml +++ b/roles/installer/debian/fetch/tasks/main.yml @@ -15,6 +15,12 @@ changed_when: false register: debian_installer_sha256sums + - loop: "{{ debian_installer_sha256sums.results }}" + loop_control: + label: "{{ item.item }}" + debug: + msg: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ item.item }}" + - name: download installer files loop: "{{ debian_installer_sha256sums.results }}" loop_control: diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml new file mode 100644 index 00000000..6c1c41cb --- /dev/null +++ b/roles/installer/debian/fetch/tasks/verify-kali.yml @@ -0,0 +1,33 @@ +--- +- name: download Release and Signature file + loop: + - Release + - Release.gpg + get_url: + url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" + dest: "{{ debian_installer_target_dir }}/{{ item }}" + force: "{{ debian_installer_force_download }}" + +- name: verfiy signature of Release file + command: >- + gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg" + "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release" + changed_when: False + register: debian_installer_gpg_result + +- debug: + var: debian_installer_gpg_result.stderr_lines + +### TODO: actually enable Signature verification!!! + +# - name: extract checksum file hash from Release file +# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release" +# changed_when: false +# register: debian_installer_release_sha256 + +- name: download SHA256SUMS + get_url: + url: "{{ debian_installer_base_url }}/SHA256SUMS" + dest: "{{ debian_installer_target_dir }}/SHA256SUMS" +# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}" + force: "{{ debian_installer_force_download }}" diff --git a/roles/installer/debian/fetch/vars/main.yml b/roles/installer/debian/fetch/vars/main.yml index 989fc305..af02ac4b 100644 --- a/roles/installer/debian/fetch/vars/main.yml +++ b/roles/installer/debian/fetch/vars/main.yml @@ -2,19 +2,19 @@ debian_installer_base_url: "{{ debian_installer_url[debian_installer_distro] }}/dists/{{ [debian_installer_distro, debian_installer_codename] | di_dists_path }}/main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}" _debian_installer_variant_path_: - netboot: "netboot/{{ debian_installer_distro }}-installer/{{ debian_installer_arch }}" + netboot: "netboot/{{ (debian_installer_distro == 'ubuntu') | ternary('ubuntu', 'debian') }}-installer/{{ debian_installer_arch }}" hd-media: "hd-media" mini-iso: "netboot" _debian_installer_variant_files_: netboot: - - linux - - initrd.gz + - linux + - initrd.gz hd-media: - - vmlinuz - - initrd.gz + - vmlinuz + - initrd.gz mini-iso: - - mini.iso + - mini.iso debian_installer_variant_path: "{{ _debian_installer_variant_path_[debian_installer_variant] }}" debian_installer_variant_files: "{{ _debian_installer_variant_files_[debian_installer_variant] }}" diff --git a/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 new file mode 100644 index 00000000..17a1732b --- /dev/null +++ b/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 @@ -0,0 +1,92 @@ +######################################################################### +# ansible-generated preseed file for Kali Rolling Release based machines +######################################################################### + +d-i debian-installer/language string {{ debian_preseed_language }} +d-i debian-installer/country string {{ debian_preseed_country }} +d-i debian-installer/locale string {{ debian_preseed_locales | first }} + +d-i keyboard-configuration/xkb-keymap select {{ debian_preseed_keyboard_layout }} +d-i console-keymaps-at/keymap select {{ debian_preseed_keyboard_layout }} + +d-i hw-detect/load_firmware boolean false + +d-i netcfg/choose_interface select {{ install_interface | default(network.primary.name) }} +{% if (install_dhcp | default(false)) %} +d-i netcfg/disable_dhcp boolean false +d-i netcfg/disable_autoconfig boolean false +{% else %} +d-i netcfg/disable_dhcp boolean true +d-i netcfg/disable_autoconfig boolean true +d-i netcfg/get_ipaddress string {{ network.primary.address | ansible.utils.ipaddr('address') }} +d-i netcfg/get_netmask string {{ network.primary.address | ansible.utils.ipaddr('netmask') }} +d-i netcfg/get_gateway string {{ network.primary.gateway }} +d-i netcfg/get_nameservers string {{ network.nameservers | join(' ') }} +d-i netcfg/confirm_static boolean true +{% endif %} + +d-i netcfg/hostname string {{ host_name }} +d-i netcfg/get_hostname string {{ host_name }} +d-i netcfg/domain string {{ network.domain }} +d-i netcfg/get_domain string {{ network.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string {{ apt_repo_providers[apt_repo_provider].kali.host }} +d-i mirror/http/directory string {{ apt_repo_providers[apt_repo_provider].kali.path }} +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string {{ debian_preseed_timezone }} +d-i clock-setup/ntp boolean false + + +{% if not debian_preseed_manual_partitioning %} +{% include 'partman_config.j2' %} +{% endif %} + + +{% if debian_preseed_kernel_image is defined %} +d-i base-installer/kernel/image string {{ debian_preseed_kernel_image }} +{% endif %} + +d-i base-installer/install-recommends boolean false +d-i apt-setup/services-select multiselect +d-i apt-setup/enable-source-repositories boolean false + +tasksel tasksel/first multiselect {{ debian_preseed_install_tasks | join(', ') }} +d-i pkgsel/include string openssh-server {{ python_basename }} {{ python_basename }}-apt +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false + +d-i finish-install/reboot_in_progress note + + +d-i preseed/late_command string \ + lvremove -f {{ host_name }}/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ + in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ + in-target bash -c "rm -f /etc/systemd/network/73-usb-net-by-mac.link /etc/systemd/network/99-default.link"; \ +{% if debian_preseed_force_net_ifnames_policy is defined %} + mkdir -p /target/etc/systemd/network; \ + in-target bash -c "echo '[Match]' > /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo 'OriginalName=*' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo '' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo '[Link]' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo 'NamePolicy={{ debian_preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "update-initramfs -u"; \ +{% endif %} + in-target bash -c "passwd -d root && passwd -l root"; \ +{% if ansible_port is defined %} + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ +{% endif %} + in-target bash -c "systemctl enable ssh"; \ + mkdir -p -m 0700 /target/root/.ssh; \ + cp /authorized_keys /target/root/.ssh/ |