Fix duplicate root entries and password hash issues in auto-installer

- Prevent duplicate root entries in /etc/shadow by cleaning before adding - Fix password hash compatibility by using proper shadow file format - Improve password verification and account configuration - Ensure root account is properly unlocked and configured - Add better logging for password hash verification This resolves the 'password hash x is unknown to libcrypt' error and duplicate root entries that were preventing login to installed systems.

Fix duplicate root entries and password hash issues in auto-installer
- Prevent duplicate root entries in /etc/shadow by cleaning before adding - Fix password hash compatibility by using proper shadow file format - Improve password verification and account configuration - Ensure root account is properly unlocked and configured - Add better logging for password hash verification This resolves the 'password hash x is unknown to libcrypt' error and duplicate root entries that were preventing login to installed systems.
a5992460 · Stefy Lanza (nextime / spora ) · c87db627 · a5992460
Commit a5992460 authored Sep 06, 2025 by Stefy Lanza (nextime / spora )
Show whitespace changes
Inline Side-by-side

Showing with 25 additions and 13 deletions

auto-installer.sh config/includes.chroot/usr/local/bin/auto-installer.sh +25 -13

No files found.
--- a/config/includes.chroot/usr/local/bin/auto-installer.sh
+++ b/config/includes.chroot/usr/local/bin/auto-installer.sh
@@ -572,8 +572,10 @@ configure_target_system() {
        log "Setting root password from crypted preseed"
        # Extract the crypted password (remove "password " prefix)
        CRYPTED_PASS=$(echo "$ROOT_PASS_CRYPTED" | sed 's/^password //')
-        # Set the crypted password directly in shadow file
-        sed -i "s|^root:.*|root:$CRYPTED_PASS|" "$TARGET_MOUNT/etc/shadow"
+        # Ensure we have a clean shadow file first - remove any duplicate root entries
+        sed -i '/^root:/d' "$TARGET_MOUNT/etc/shadow"
+        # Add the root entry with the crypted password
+        echo "root:$CRYPTED_PASS:19453:0:99999:7:::" >> "$TARGET_MOUNT/etc/shadow"
    elif [ -n "$ROOT_PASS" ]; then
        print_status "Setting root password from preseed file..."
        log "Setting root password from preseed: ${ROOT_PASS:0:10}..."
@@ -589,8 +591,9 @@ configure_target_system() {

            # Get the full root line from live shadow
            LIVE_ROOT_LINE=$(grep '^root:' /etc/shadow)
-            # Replace the root line in target shadow file
-            sed -i "s|^root:.*|${LIVE_ROOT_LINE}|" "$TARGET_MOUNT/etc/shadow"
+            # Ensure clean shadow file and add the live system's root entry
+            sed -i '/^root:/d' "$TARGET_MOUNT/etc/shadow"
+            echo "$LIVE_ROOT_LINE" >> "$TARGET_MOUNT/etc/shadow"

            if [ $? -eq 0 ]; then
                print_status "Live system root password copied successfully"
@@ -607,21 +610,30 @@ configure_target_system() {
        fi
    fi

-    # Verify password was set
-    if chroot "$TARGET_MOUNT" passwd -S root | grep -q "Password set"; then
-        print_status "Root password verification successful"
-    else
-        print_warning "Root password verification failed"
-    fi
-
-    # Ensure password is not expired and account is unlocked
-    print_status "Ensuring root account is active and password is not expired..."
+    # Verify password was set and ensure account is properly configured
+    print_status "Ensuring root account is properly configured..."
+    # Make sure the root account is unlocked and has proper password aging
    chroot "$TARGET_MOUNT" passwd -u root 2>/dev/null || print_warning "Could not unlock root account"
    chroot "$TARGET_MOUNT" chage -d 99999 root 2>/dev/null || print_warning "Could not remove password expiration"
    chroot "$TARGET_MOUNT" chage -E -1 root 2>/dev/null || print_warning "Could not remove account expiration"
    chroot "$TARGET_MOUNT" chage -m 0 root 2>/dev/null || print_warning "Could not set minimum password age"
    chroot "$TARGET_MOUNT" chage -M 99999 root 2>/dev/null || print_warning "Could not set maximum password age"

+    # Verify the shadow entry is correct
+    ROOT_SHADOW_ENTRY=$(grep '^root:' "$TARGET_MOUNT/etc/shadow")
+    if [ -n "$ROOT_SHADOW_ENTRY" ]; then
+        ROOT_PASS_FIELD=$(echo "$ROOT_SHADOW_ENTRY" | cut -d: -f2)
+        if [ "$ROOT_PASS_FIELD" != "x" ] && [ "$ROOT_PASS_FIELD" != "*" ] && [ "$ROOT_PASS_FIELD" != "!" ]; then
+            print_status "Root password verification successful"
+            log "Root password hash: ${ROOT_PASS_FIELD:0:20}..."
+        else
+            print_warning "Root password appears to be disabled or invalid"
+            log "Root password field: $ROOT_PASS_FIELD"
+        fi
+    else
+        print_error "No root entry found in shadow file!"
+    fi
+
    # Create mbetterclient user with no password for autologin
    print_status "Creating mbetterclient user for autologin..."
    chroot "$TARGET_MOUNT" useradd -m -s /bin/bash mbetterclient 2>/dev/null || true