From 6e86a2ea02767ba8836233c0685371be9c86db01 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Fri, 1 Sep 2023 15:41:55 -0400
Subject: [PATCH] Set temporary root password in installed system

Used only for troubleshooting as this is NOT secure being in this repo.
Users may change this if they wish, but it's intention is not to be used
for any sort of long- (or even medium-) term administration. PVC Ansible
replaces this with a per-site root password.
---
 install.sh | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/install.sh b/install.sh
index f4b9201..374c474 100755
--- a/install.sh
+++ b/install.sh
@@ -11,6 +11,13 @@ debmirror="http://debian.mirror.rafal.ca/debian"
 debpkglist="lvm2,parted,gdisk,grub-pc,grub-efi-amd64,linux-image-amd64,sudo,vim,gpg,gpg-agent,aptitude,openssh-server,vlan,ifenslave,python,python2,python3,ca-certificates,ntp"
 suppkglist="firmware-linux,firmware-linux-nonfree"
 
+# DANGER - THIS PASSWORD IS PUBLIC
+# It should be used ONLY immediately after booting the PVC node in a SECURE environment
+# to facilitate troubleshooting of a failed boot. It should NOT be exposed to the Internet,
+# and it should NOT be left in place after system configuration. The PVC Ansible deployment
+# roles will overwrite it by default during configuration.
+root_password="hCb1y2PF"
+
 clear
 
 echo "-----------------------------------------------------"
@@ -341,6 +348,10 @@ echo -n "Adding interface segment... "
 echo -e "${target_interfaces_block}" | tee -a ${target}/etc/network/interfaces >&2
 echo "done."
 
+echo -n "Setting temporary 'root' password... "
+echo "${root_password}" | chroot ${target} passwd --stdin root >&2
+echo "done."
+
 echo -n "Adding 'deploy' user... "
 mv ${target}/home ${target}/var/home >&2
 chroot ${target} useradd -u 200 -d /var/home/deploy -m -s /bin/bash -g operator -G sudo deploy >&2
@@ -416,6 +427,8 @@ echo "| PVC node installation finished. Next steps:
 echo "| 1. Press <enter> to reboot the system.                                            |"
 echo "| 2. Boot the PVC base hypervisor and verify SSH access (IP shown on login screen). |"
 echo "| 3. Proceed with system deployment via PVC Ansible.                                |"
+echo "|                                                                                   |"
+echo "| The INSECURE temporary root password if the system will not boot is: ${root_password}   |"
 echo "-------------------------------------------------------------------------------------"
 echo
 read