1. 22 Dec, 2015 15 commits
  2. 07 Dec, 2015 1 commit
  3. 02 Dec, 2015 2 commits
    • Nikos Skalkotos's avatar
      Use check_yes_no on all boolean img properties · 718828a0
      Nikos Skalkotos authored
      Fix the code for OFFLINE_NTFSRESIZE and OFFLINE_NTFSRESIZE_NOCHECK
      image properties.
      718828a0
    • Nikos Skalkotos's avatar
      Merge branch 'feature-windows-legacy' into develop · 3be9e215
      Nikos Skalkotos authored
      The main goal of this patch set is to add support for Windows XP/Server
      2003 Images.  In the process, it also adds:
      
       * The ability for a simple debug shell under KVM, so a developer or the
         administrator can access the helper VM directly for simpler debugging,
       * Robust helper shutdown and mounting/un-mounting of NTFS, fixing the
         remote possibility of data loss.
      
      Conflicts:
      	docs/interface.rst
      	snf-image-helper/common.sh.in
      	snf-image-helper/tasks/50AssignHostname.in
      	snf-image-host/kvm-common.sh
      3be9e215
  4. 01 Dec, 2015 1 commit
  5. 30 Nov, 2015 1 commit
  6. 27 Nov, 2015 1 commit
  7. 26 Nov, 2015 3 commits
  8. 19 Nov, 2015 2 commits
  9. 18 Nov, 2015 2 commits
  10. 17 Nov, 2015 1 commit
  11. 16 Nov, 2015 3 commits
  12. 12 Nov, 2015 1 commit
  13. 06 Oct, 2015 1 commit
  14. 29 Sep, 2015 1 commit
  15. 28 Sep, 2015 1 commit
    • Nikos Skalkotos's avatar
      Add check_yes_no() to test boolean img properties · 52572781
      Nikos Skalkotos authored
      Use check_yes_no() to test if a boolean property is set.
      
      Although the documentation states that to set a boolean image property
      you need to assign the "yes" value to it, this function will accept
      "yes", "true", 1, "on" and "set" in a case-insensitive way and reject
      "no", "false", 0, "off" and "unset".
      
      An empty or not-set variable is treated as false.
      
      An unknown value will raise a warning but will be accepted. This is done
      to protect the users because prior to this commit, in some cases we only
      tested if an image property had a non-empty value.
      
      This resolves #80
      52572781
  16. 24 Jun, 2015 4 commits
    • Vangelis Koukis's avatar
      Make disabling and enabling RDP more robust · 37773398
      Vangelis Koukis authored
      Enhance the DisableRemoteDesktopConnections task,
      so disabling and re-enabling RDP is more robust,
      and respects Image-specific policy.
      
      Previously, snf-image would disable RDP unconditionally
      inside DisableRemoteDesktopConnections and assume there would be
      an appropriate <RunSynchronousCommand> entry in unattend.xml
      so SYSPREP would enable RDP unconditionally during the specialize
      pass of the Windows Setup.
      
      This has two main problems:
         * It assumes a specific answer file, with snf-image specific content.
           However, the answer file is Image-specific policy, and ideally
           snf-image should not make any assumption on its contents.
         * It enables RDP unconditionally, even though it may have been
           disabled inside a specific Image by the Administrator, on purpose,
           thus introducing a potential security risk.
      
      To solve this problem, make DisableRemoteDesktopConnections
      self-standing:
         * Note whether RDP was initially disabled or not,
         * Disable it unconditionally via a direct edit of the Registry,
           so no incoming RDP connections are allowed while SYSPREP is running,
         * Insert a command to set it to its original state when Setup is
           complete, without depending on the contents of unattend.xml
           or other answer file.
      37773398
    • Vangelis Koukis's avatar
      Add support for Windows XP / Server 2003 Images · 3bcb05ab
      Vangelis Koukis authored
      Introduce support for Windows XP / Server 2003 Images.
      
      To do this:
          * Extend common.sh and 40InstallUnattend so they can also detect
            Windows XP / Server 2003 SYSPREP.INF answer files.
          * Extend 50AssignHostname so it can set the hostname inside
            SYSPREP.INF, based on a small handle-ini-file.py utility.
          * Remove the seemingly unnecessary addition of /LOGONPASSWORDCHG:NO,
            which is unsupported under XP / Server 2003. More on this below.
          * Warn the user about Windows XP / Server 2003 not supporting
            online NTFS resize, and the need to use OFFLINE_NTFSRESIZE
            instead.
      
      Regarding the use of /LOGONPASSWORDCHG:NO while using NET USER
      to change a user password:
          * This argument is unsupported under Windows XP / Server 2003,
            see http://blog.johnmuellerbooks.com/2011/04/12/working-with-net-user/
          * Its default value is "NO" anyway, so it shouldn't make a
            difference whether it is explicitly specified in the command line
            or not:
            https://answers.microsoft.com/en-us/windows/forum/windows_vista-security/setting-up-passwords-for-new-users/1704349b-31a3-4340-ae9e-1473c5adb919
          * Even if the security policies of a specific Image were set up
            in such way that users *were* required to change their passwords
            immediately upon their first logon, it is not snf-image's job
            to modify this behavior by specifying /LOGONPASSWORDCHG:NO.
            The password policy is Image-specific, and snf-image shouldn't
            mess with it.
      3bcb05ab
    • Vangelis Koukis's avatar
      Move DisableRemoteDesktopConnections to prio 41 · 83cd6ea0
      Vangelis Koukis authored
      Move DisableRemoteDesktopConnections from priority 40
      to priority 41, ensuring it runs after 40InstalUnattend.in.
      
      This makes the dependency between the installed answer file and
      the DisableRemoteDesktopConnections task explicit:
      The task assumes that RDP connections will be re-enabled via
      an appropriate <RunSynchronousCommand> entry in the answer file,
      which must already exist.
      
      Making the dependency explicit, allows making the process more robust
      in the future: The DisableRemoteDesktopConnections task should not
      blindly assume that a potentially Image-specific unattend.xml file
      contains the specific <RunSynchronousCommand> entry it requires,
      but may insert it explicitly, since the answer file is bound to have
      been detected or installed via the the previously executed
      40InstallUnattend task.
      83cd6ea0
    • Vangelis Koukis's avatar
      Introduce support for offline NTFS resize · 88406207
      Vangelis Koukis authored
      snf-image already supports online resizing of NTFS; it creates
      an appopriate DISKPART script inside the target NTFS and assumes
      it will be called by SYSPREP via a pre-existing <RunSynchronousCommand>
      entry in the unattend.xml answer file. This is generally the safest
      option, since it uses native Windows code, but has two drawbacks:
      a) It is only supported by Windows Vista and later,
      b) It is possible the Image will fail before SYSPREP has a chance
      to run the DISKPART script, because it does not have enough free space.
      
      Extend snf-image to also support offline resize of NTFS via ntfsresize,
      before the Image is booted. This works with all Windows versions and
      ensures the Image is resized to the right size even before booting.
      
      To be on the safe side, offline NTFS resize is not the default:
      
      The user must set the OFFLINE_NTFSRESIZE property explicitly.
      Running ntfsresize leaves the filesystem dirty, i.e., a CHKDSK is
      performed during the next boot. The user may set the
      OFFLINE_NTFSRESIZE_NOCHECK property to skip this.
      88406207