le5/multiterminal initial version

Signed-off-by: Lucas Manika Koeb <lmk08@c3sl.ufpr.br>

conf/le5/multiterminal/create-iso.conf

+LEHOST="windu.c3sl.ufpr.br/le5"
+LEMIRROR="le5-testing"
+TMP="/dev/shm/tmp/DISTNAME/`echo $LEHOST | cut -d"/" -f 1`-\
+`echo $LEMIRROR | sed s@'/'@'-'@g`"
+LOGDIR="$PREFIX/log/DISTNAME"
+LOGINFO="true"
+DISTROBASE=ubuntu-12.04
+RC="alpha1"
+DISTRO=Linux_Educacional_5
+SCRIPTSDIR="$PREFIX/enabled-scripts/DISTNAME"
+INSTLIST="$PREFIX/pkg-list/DISTNAME/install.list"
+RMLIST="$PREFIX/pkg-list/DISTNAME/remove.list"
+CDDIR="$TMP/extract-cd"
+CHROOTDIR="$TMP/live-image"
+MOUNTLIST="$TMP/mountlist"
+SQUASHIMAGE="$PREFIX/squashfs-root"
+DISTROISO="$PREFIX/iso/DISTNAME/$DISTRO-BASENAME-i386"
+TEMPLATES="$PREFIX/templates/DISTNAME"

enabled-scripts/le5/multiterminal/00-update

+../../../scripts/00-update
\ No newline at end of file

enabled-scripts/le5/multiterminal/10-remove

+../../../scripts/10-remove
\ No newline at end of file

enabled-scripts/le5/multiterminal/20-install

+../../../scripts/20-install
\ No newline at end of file

enabled-scripts/le5/multiterminal/30-upgrade

+../../../scripts/30-upgrade
\ No newline at end of file

enabled-scripts/le5/multiterminal/35-upgrade-gnome

+../../../scripts/35-upgrade-gnome
\ No newline at end of file

enabled-scripts/le5/multiterminal/40-configure_le5

+../../../scripts/40-configure_le5
\ No newline at end of file

enabled-scripts/le5/multiterminal/60-update-initrd_le5

+../../../scripts/60-update-initrd_le5
\ No newline at end of file

enabled-scripts/le5/multiterminal/70-update_background_image

+../../../scripts/70-update_background_image
\ No newline at end of file

enabled-scripts/le5/multiterminal/common-functions.sh

+../../../scripts/common-functions.sh
\ No newline at end of file

pkg-list/le5/multiterminal/install.list

+le-desktop
+le-users
+le-plymouth-theme
+le-plymouth-theme-text
+ubiquity-frontend-gtk-le
+ubiquity-le
+ubiquity-le-artwork
+ubiquity-slideshow-le
+le-proinfodata-installer
+kdeedu
+kdegames
+openjdk-7-jre
+openjdk-7-jre-headless
+icedtea-7-jre-jamvm
+evolution
+gnupg
+ubuntu-extras-keyring

pkg-list/le5/multiterminal/install.list-remove

+casper
+ubiquity-le
+ubiquity-frontend-gtk-le
+ubiquity-slideshow-le
+ubiquity-le-artwork

pkg-list/le5/multiterminal/remove.list

+casper
+unity
+unity-2d
+unity-2d-panel
+unity-2d-spread
+unity-2d-shell
+plymouth-theme-ubuntu-logo
+plymouth-theme-ubuntu-text
+apport
+empathy
+thunderbird
+ubuntuone-client
+ubuntuone-client-gnome
+ubuntuone-control-panel
+ubuntuone-couch
+ubuntuone-installer
+deja-dup
+update-notifier
+update-manager
+software-center
+software-center-aptdaemon-plugins
+openjdk-6-jre
+openjdk-6-jre-headless
+icedtea-6-jre-cacao
+icedtea-6-jre-jamvm
+glib-networking

templates/le5/multiterminal/casper/10adduser

+#!/bin/sh
+
+PREREQ=""
+DESCRIPTION="Adding live session user..."
+
+prereqs()
+{
+       echo "$PREREQ"
+}
+
+case $1 in
+# get pre-requisites
+prereqs)
+       prereqs
+       exit 0
+       ;;
+esac
+
+. /scripts/casper-functions
+load_confmodule
+
+log_begin_msg "$DESCRIPTION"
+
+# U6aMy0wojraho is just a blank password
+#db_set passwd/root-password-crypted '*'
+#db_set passwd/user-password-crypted U6aMy0wojraho
+#db_set passwd/user-fullname "$USERFULLNAME"
+#db_set passwd/username "$USERNAME"
+#db_set passwd/user-uid 998
+
+#chroot /root /usr/lib/user-setup/user-setup-apply > /dev/null
+
+# Clear out debconf database again to avoid confusing ubiquity later.
+db_set passwd/root-password-crypted
+db_set passwd/user-password-crypted
+db_set passwd/user-fullname
+db_set passwd/username
+db_set passwd/user-uid
+
+if [ -f /root/etc/sudoers ]; then
+	if grep -q '^%admin' /root/etc/sudoers; then
+	    sed -i -e '/^%admin/s/(ALL) ALL$/(ALL) NOPASSWD: ALL/' /root/etc/sudoers
+	else
+	    echo '%admin  ALL=(ALL) NOPASSWD: ALL' >> /root/etc/sudoers
+	fi
+fi
+
+# XXX - awful hack to stop xscreensaver locking the screen (#7150)
+echo 'RUNNING_UNDER_GDM="yes"' >> /root/etc/environment
+
+LTS="$(cut -d' ' -f3 /root/cdrom/.disk/info 2>/dev/null)" || LTS=
+RELEASE="$(cut -d' ' -f1-2 /root/cdrom/.disk/info 2>/dev/null)" || RELEASE=
+if [ "$LTS" = "LTS" ] && [ -n "$RELEASE" ]; then
+	RELEASE="$RELEASE LTS"
+fi
+for file in /usr/share/applications/ubiquity-gtkui.desktop /usr/share/applications/kde4/ubiquity-kdeui.desktop; do
+    if [ -f "/root/$file" ]; then
+        sed -i "s/RELEASE/$RELEASE/" "/root/$file"
+        sed -i "s/--desktop/--no-migration-assistant --desktop/" "/root/$file"
+        chroot /root install -d -o $USERNAME -g $USERNAME /home/$USERNAME/Desktop
+        chroot /root install -D -o $USERNAME -g $USERNAME $file /home/$USERNAME/Desktop/$(basename "$file")
+        break
+    fi
+done
+
+if [ -L /root/home/$USERNAME/Examples ]; then
+    chroot /root install -o $USERNAME -g $USERNAME -d /home/$USERNAME/Desktop/
+    mv /root/home/$USERNAME/Examples /root/home/$USERNAME/Desktop/
+fi
+
+if [ -f /root/home/$USERNAME/examples.desktop ]; then
+    chroot /root install -o $USERNAME -g $USERNAME -d /home/$USERNAME/Desktop/
+fi
+
+#Kubuntu
+if [ -f "/root/usr/bin/plasma" ]; then
+    if [ -f "/root/usr/share/kde4/apps/khelpcenter/plugins/kubuntu/about-kubuntu.desktop" ]; then
+      chroot /root install -d -o $USERNAME -g $USERNAME /home/$USERNAME/Desktop
+      chroot /root install -D -o $USERNAME -g $USERNAME /usr/share/kde4/apps/khelpcenter/plugins/kubuntu/about-kubuntu.desktop /home/$USERNAME/Desktop/about-kubuntu.desktop
+    fi
+fi
+
+#Ubuntu MID wants to be installed with --automatic
+if [ -f "/root/usr/share/ubuntu-mid-default-settings/mid-gui-start" ]; then
+  if [ -f "/root/usr/share/applications/ubiquity-gtkui.desktop" ]; then
+    sed -i 's/--desktop/--automatic --desktop/' "/root/usr/share/applications/ubiquity-gtkui.desktop"
+  fi
+fi
+
+#Ubuntu MID uses kourou, and the ubiquity icon should be easy to find
+if [ -f "/root/usr/lib/hildon-desktop/kourou.py" ]; then
+  if [ -f "/root/etc/xdg/menus/home.menu" ]; then
+    sed -i '/<\/Include>/i\		<Filename>ubiquity-gtkui.desktop</Filename>' "/root/etc/xdg/menus/home.menu"
+  fi
+fi
+
+log_end_msg

templates/le5/multiterminal/casper/casper

+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          casper
+# Required-Start:    $syslog
+# Required-Stop:
+# Should-Start:      $local_fs
+# Should-Stop:       halt reboot
+# X-Stop-After:      umountroot
+# Default-Start:
+# Default-Stop:      0 6
+# Short-Description: Casper init script
+# Description:       Resyncs snapshots, evantually caches files in order
+#                    to let remove the media.
+### END INIT INFO
+
+# Author: Tollef Fog Heen <tfheen@canonical.com>
+#         Marco Amadori <marco.amadori@gmail.com>
+#
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+NAME=casper
+SCRIPTNAME=/etc/init.d/${NAME}
+DO_SNAPSHOT=/sbin/${NAME}-snapshot
+
+# Exit if system was not booted by casper
+grep -qs boot=casper /proc/cmdline || exit 0
+
+# Exit if the system was booted from an ISO image rather than a physical CD
+grep -qs find_iso= /proc/cmdline && exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/$NAME.conf ] && . /etc/$NAME.conf
+
+# Load the VERBOSE setting and other rcS variables
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+# Try to cache everything we're likely to need after ejecting.  This
+# is fragile and simple-minded, but our options are limited.
+cache_path() {
+    path="$1"
+
+    if [ -d "$path" ]; then
+        find "$path" -type f | xargs cat > /dev/null 2>&1
+    elif [ -f "$path" ]; then
+        if [ -x "$path" ]; then
+            if file "$path" | grep -q 'dynamically linked'; then
+                for lib in $(ldd "$path" | awk '{ print $3 }'); do
+                    cache_path "$lib"
+                done
+            fi
+        fi
+        cat "$path" >/dev/null 2>&1
+    fi
+}
+
+do_stop ()
+{
+    if [ ! -z "${ROOTSNAP}" ]; then
+        $DO_SNAPSHOT --resync-string="${ROOTSNAP}"
+    fi
+
+    if [ ! -z "${HOMESNAP}" ]; then
+        $DO_SNAPSHOT --resync-string="${HOMESNAP}"
+    fi
+
+    # check for netboot
+    if [ ! -z "${NETBOOT}" ] || grep -qs netboot /proc/cmdline || grep -qsi root=/dev/nfs /proc/cmdline  || grep -qsi root=/dev/cifs /proc/cmdline ; then
+        return 0
+    fi
+
+    # Don't prompt to eject the SD card on Babbage board, where we reuse it
+    # as a quasi-boot-floppy. Technically this uses a bit of ubiquity
+    # (archdetect), but since this is mostly only relevant for
+    # installations, who cares ...
+    if type archdetect >/dev/null 2>&1; then
+	subarch="$(archdetect)"
+	case $subarch in
+	    arm*/imx51)
+		return 0
+		;;
+	esac
+    fi
+
+    prompt=1
+    if grep -qs noprompt /proc/cmdline; then
+	prompt=
+    fi
+
+    for path in $(which halt) $(which reboot) /etc/rc?.d /etc/default $(which stty) /bin/plymouth /sbin/usplash_write; do
+        cache_path "$path"
+    done
+
+    eject -p -m /cdrom >/dev/null 2>&1
+
+    [ "$prompt" ] || return 0
+
+    # XXX - i18n
+    MSG="Por favor remova o DVD do LE4 e feche a bandeja, após isto pressione ENTER: "
+
+    if [ -x /bin/plymouth ] && plymouth --ping; then
+        plymouth message --text="$MSG"
+        plymouth watch-keystroke > /dev/null
+    else
+        stty sane < /dev/console
+
+        echo $MSG > /dev/console
+        if [ -x /sbin/usplash_write ]; then
+            /sbin/usplash_write "TIMEOUT 86400"
+            /sbin/usplash_write "TEXT-URGENT Please remove the disc, close the tray (if any)"
+            /sbin/usplash_write "TEXT-URGENT and press ENTER to continue"
+        fi
+        read x < /dev/console
+    fi
+}
+
+case "$1" in
+    restart|reload|force-reload|status)
+        [ "$VERBOSE" != no ] && log_end_msg 0
+        ;;
+    # We normally run on start; stop is just for backwards compatibility.
+    start|stop)
+        log_begin_msg "${NAME} is resyncing snapshots and caching reboot files..."
+        do_stop
+        case "$?" in
+            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+        esac
+        ;;
+    *)
+        log_success_msg "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+        exit 3
+        ;;
+esac

templates/le5/multiterminal/casper/user-setup-apply

+#! /bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+if [ "$1" ]; then
+	export LANG=C # avoid locale errors from perl
+	ROOT="$1"
+	chroot=chroot
+	log='log-output -t user-setup'
+else
+	ROOT=
+	chroot=
+	log=
+fi
+
+. /usr/lib/user-setup/functions.sh
+
+# Set a password, via chpasswd.
+# Use a heredoc rather than echo, to avoid the password
+# showing in the process table. (However, this is normally
+# only called when first installing the system, when root has no
+# password at all, so that should be an unnecessary precaution).
+#
+# Pass in four arguments: the user, the password, 'true' if the
+# password has been pre-crypted (by preseeding), and a 'true' if
+# the home directory is encrypted
+setpassword () {
+	local USER PASSWD PAM_SET_PWD
+	USER="$1"
+	PASSWD="$2"
+
+	local VERSION=$($chroot $ROOT dpkg-query -W -f '${Version}\n' passwd)
+	PAM_SET_PWD=false
+	if $chroot $ROOT dpkg --compare-versions "$VERSION" ge "1:4.1.4-1"; then
+		# support for versions with PAM support (Squeeze)
+		PAM_SET_PWD=true
+		if [ "$3" = true ]; then
+			$chroot $ROOT usermod --password=$PASSWD $USER
+		else
+			$chroot $ROOT chpasswd <<EOF
+$USER:$PASSWD
+EOF
+		fi
+	else
+		# compatibility support for versions without PAM support (Lenny)
+		local OPTS
+		if [ "$3" = true ]; then
+			OPTS=-e
+		else
+			OPTS=-m
+		fi
+		$chroot $ROOT chpasswd $OPTS <<EOF
+$USER:$PASSWD
+EOF
+	fi
+	# If the password was set using PAM, pam_ecryptfs will handle the initial
+	# passphrase wrapping.  Otherwise, we need this hack...
+	if [ "$4" = true ] && [ "$PAM_SET_PWD" = false ]; then
+		local UNWRAPPED_PASSPHRASE_FILE WRAPPED_PASSPHRASE_FILE MOUNT_PASSPHRASE
+		UNWRAPPED_PASSPHRASE_FILE=/dev/shm/.ecryptfs-$USER
+		if [ -e "$UNWRAPPED_PASSPHRASE_FILE" ]; then
+			WRAPPED_PASSPHRASE_FILE=/home/$USER/.ecryptfs/wrapped-passphrase
+			MOUNT_PASSPHRASE=$($chroot $ROOT cat $UNWRAPPED_PASSPHRASE_FILE)
+			$chroot $ROOT ecryptfs-wrap-passphrase $WRAPPED_PASSPHRASE_FILE - <<EOF
+$MOUNT_PASSPHRASE
+$PASSWD
+EOF
+			$chroot $ROOT rm -f $UNWRAPPED_PASSPHRASE_FILE
+			$chroot $ROOT chown $USER:$USER $WRAPPED_PASSPHRASE_FILE
+		else
+			echo "$UNWRAPPED_PASSPHRASE_FILE does not exist, but should!" >&2
+			db_input critical user-setup/encrypt-home-failed || true
+			db_go || true
+		fi
+	fi
+}
+
+# Enable/disable shadow passwords.
+db_get passwd/shadow
+if [ "$RET" = true ]; then
+	$log $chroot $ROOT shadowconfig on
+else
+	$log $chroot $ROOT shadowconfig off
+fi
+
+if ! root_password; then
+	# Was the root password preseeded encrypted?
+	if db_get passwd/root-password-crypted && [ "$RET" ]; then
+		# The root password was preseeded encrypted.
+		ROOT_PW="$RET"
+		PRECRYPTED=true
+	else
+		db_get passwd/root-password
+		ROOT_PW="$RET"
+		PRECRYPTED=false
+	fi
+	# Clear the root password from the database, and set the password.
+	db_set passwd/root-password-crypted ''
+	db_set passwd/root-password ''
+	db_set passwd/root-password-again ''
+	if [ "$ROOT_PW" ]; then
+		setpassword root "$ROOT_PW" "$PRECRYPTED"
+	fi
+	ROOT_PW=
+else
+	# Just in case, clear any preseeded root password from the database
+	# anyway.
+	db_set passwd/root-password-crypted ''
+	db_set passwd/root-password ''
+	db_set passwd/root-password-again ''
+fi
+#db_get passwd/make-user
+#if [ "$RET" = true ] && ! is_system_user; then
+if true; then
+	if db_get passwd/user-password-crypted && [ "$RET" ]; then
+		USER_PW="$RET"
+		USER_PW_CRYPTED=true
+	else
+		db_get passwd/user-password
+		USER_PW="$RET"
+		USER_PW_CRYPTED=false
+	fi
+
+	if db_get passwd/user-uid && [ "$RET" ]; then
+		if [ -x $ROOT/usr/sbin/adduser ]; then
+			UIDOPT="--uid $RET"
+		else
+			UIDOPT="-u $RET"
+		fi
+	else
+		UIDOPT=
+	fi
+
+	ENCRYPT_HOME="false"
+	ENCRYPT_HOME_OPT=
+	db_get user-setup/encrypt-home
+	if [ "$RET" = true ]; then
+		ENCRYPT_HOME="true"
+		ENCRYPT_HOME_OPT="--encrypt-home"
+		if type anna-install >/dev/null 2>&1 && [ -d /lib/debian-installer ]; then
+			ANNA_QUIET=1 DEBIAN_FRONTEND=none $log anna-install crypto-modules || true
+			depmod -a >/dev/null 2>&1 || true
+		fi
+		for module in aes cbc ecb; do
+			modprobe -q "$module" || true
+		done
+		
+		umountproc=false
+		umountdev=false
+		if [ ! -e $ROOT/proc/cmdline ]; then
+			$log $chroot $ROOT mount -t proc proc /proc
+			umountproc=:
+		fi
+		if ! grep -qE '^[^ ]+ /dev' $ROOT/proc/mounts; then
+			mount --bind /dev $ROOT/dev
+			umountdev=:
+		fi
+		if ! $log $chroot $ROOT ecryptfs-setup-swap -f -n; then
+			echo "ecryptfs-setup-swap failed." >&2
+			db_input critical user-setup/encrypt-home-failed || true
+			db_go || true
+			ENCRYPT_HOME="false"
+			ENCRYPT_HOME_OPT=
+		fi
+		if $umountproc; then
+			$log $chroot $ROOT umount /proc
+		fi
+		if $umountdev; then
+			umount $ROOT/dev
+		fi
+	fi
+
+
+	# Add the user to the database, using adduser in noninteractive
+	# mode.
+	db_get passwd/username
+	USER="$RET"
+	db_get passwd/user-fullname
+
+	HOME_EXISTED=
+	if [ -d "$ROOT/home/$USER" ]; then
+		HOME_EXISTED=1
+		# user-setup-ask shouldn't have allowed this, but for safety:
+		ENCRYPT_HOME="false"
+		ENCRYPT_HOME_OPT=
+	fi
+
+	umountsys=false
+	if [ -n "$ENCRYPT_HOME_OPT" ]; then
+		if [ ! -e $ROOT/sys/kernel ]; then
+			$log $chroot $ROOT mount -t sysfs sysfs /sys
+			umountsys=:
+		fi
+		$log $chroot $ROOT mount -t tmpfs tmpfs /dev/shm
+	fi
+	if [ -x $ROOT/usr/sbin/adduser ]; then
+		echo "$log $chroot $ROOT adduser --disabled-password --gecos \"$RET\" $UIDOPT $ENCRYPT_HOME_OPT \"$USER\" >/dev/null || true"
+		$log $chroot $ROOT adduser --disabled-password --gecos "$RET" $UIDOPT $ENCRYPT_HOME_OPT "$USER" || true
+	else
+		$log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT >/dev/null || true
+	fi
+
+	# Clear the user password from the database.
+	db_set passwd/user-password-crypted ''
+	db_set passwd/user-password ''
+	db_set passwd/user-password-again ''
+	setpassword "$USER" "$USER_PW" "$USER_PW_CRYPTED" "$ENCRYPT_HOME"
+	if [ -n "$ENCRYPT_HOME_OPT" ]; then
+		if $umountsys; then
+			$log $chroot $ROOT umount /sys
+		fi
+		$log $chroot $ROOT umount /dev/shm
+	fi
+
+	if [ "$HOME_EXISTED" ]; then
+		# The user's home directory already existed before we called
+		# adduser. This often means that a mount point under
+		# /home/$USER was selected in (and thus created by) partman,
+		# and the home directory may have ended up owned by root.
+		$log $chroot $ROOT chown "$USER:$USER" "/home/$USER" >/dev/null || true
+	fi
+
+	if [ -n "$USER" ]; then
+		for group in lpadmin sambashare; do
+			$log $chroot $ROOT addgroup --system $group >/dev/null 2>&1 || true
+		done
+		if type archdetect >/dev/null 2>&1; then
+			SUBARCH="$(archdetect)"
+			case $SUBARCH in
+				powerpc/ps3|powerpc/cell)
+					$log $chroot $ROOT addgroup --system spu >/dev/null 2>&1 || true
+					;;
+			esac
+		fi
+		db_get passwd/user-default-groups
+		for group in $RET; do
+			$log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true
+		done
+ 
+ 		# Configure desktop auto-login if instructed by preseeding
+ 		db_get passwd/auto-login
+ 		if [ "$RET" = true ]; then
+			db_get passwd/auto-login-backup
+			BACKUP="${RET:+.$RET}"
+
+			if [ -d "$ROOT/etc/gdm" ]; then
+				# Configure GDM autologin
+				GDMCustomFile=$ROOT/etc/gdm/custom.conf
+				if [ -e "$GDMCustomFile" ] && [ "$BACKUP" ]; then
+					cp "$GDMCustomFile" "${GDMCustomFile}$BACKUP"
+				fi
+				AutologinParameters="AutomaticLoginEnable=true\n\
+AutomaticLogin=$USER\n\
+TimedLoginEnable=true\n\
+TimedLogin=$USER\n\
+TimedLoginDelay=10"
+
+				# Prevent from updating if parameters already present (persistent usb key)
+				if ! `grep -qs "AutomaticLogin=$USER" $GDMCustomFile` ; then
+					if [ -e "$GDMCustomFile" ]; then
+						sed -i '/\(Automatic\|Timed\)Login/d' $GDMCustomFile
+					fi
+					if ! `grep -qs '\[daemon\]' $GDMCustomFile` ; then
+						echo '[daemon]' >> $GDMCustomFile
+					fi
+					sed -i "s/\[daemon\]/\[daemon\]\n$AutologinParameters/" $GDMCustomFile
+				fi
+			fi
+	 
+			if $chroot $ROOT [ -f /etc/kde4/kdm/kdmrc ]; then
+				# Configure KDM autologin
+				$log $chroot $ROOT sed -i$BACKUP -r \
+					-e "s/^#?AutoLoginEnable=.*\$/AutoLoginEnable=true/" \
+					-e "s/^#?AutoLoginUser=.*\$/AutoLoginUser=$USER/" \
+					-e "s/^#?AutoReLogin=.*\$/AutoReLogin=true/" \
+					/etc/kde4/kdm/kdmrc
+			fi
+		fi
+	fi
+
+	db_get passwd/root-login
+	if [ "$RET" = false ] && [ -n "$USER" ]; then
+		# Ensure sudo is installed, and set up the user to be able
+		# to use it.
+		if [ ! -e $ROOT/etc/sudoers ]; then
+			# try to work in d-i and out; it's better to
+			# use apt-install in d-i
+			apt-install sudo 2>/dev/null || $log $chroot $ROOT apt-get -q -y install sudo || true
+		fi
+		if [ -e $ROOT/etc/sudoers ]; then
+			$log $chroot $ROOT addgroup --system admin >/dev/null 2>&1 || true
+			$log $chroot $ROOT adduser "$USER" admin >/dev/null 2>&1 || true
+			cat <<EOF >>$ROOT/etc/sudoers
+
+# Members of the admin group may gain root privileges
+%admin ALL=(ALL) ALL
+EOF
+		else
+			# sudo failed to install, system won't be usable
+			exit 1
+		fi
+		# Configure gksu to use sudo, via an alternative, if it's
+		# installed and the alternative is registered.
+		if $chroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>&1; then
+			$log $chroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
+			$log $chroot $ROOT update-gconf-defaults || true
+		fi
+	else
+		# Configure gksu to use su, via an alternative, if it's
+		# installed and the alternative is registered.
+		if $chroot $ROOT update-alternatives --display libgksu-gconf-defaults >/dev/null 2>&1; then
+			$log $chroot $ROOT update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-su
+			$log $chroot $ROOT update-gconf-defaults || true
+		fi
+	fi
+	if [ -n "$ENCRYPT_HOME_OPT" ] && [ -e $ROOT/etc/crypttab ]; then
+		# Zero out all encrypted swap partitions.  It is assumed that
+		# passwords are not used beyond this point in the install.
+		# cryptswap0 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
+		# Ideally we would set up a new progress bar here, but we're
+		# inside finish-install's and cdebconf doesn't support nested
+		# progress bars.
+		db_progress INFO user-setup/progress/wipe-swap
+		while read name device source options; do
+			if echo "$options" | grep -q "swap"; then
+				if swapoff $device; then
+					dd if=/dev/zero of=$device 2>/dev/null || true
+				fi
+			fi
+		done < $ROOT/etc/crypttab
+	fi
+
+else
+	# Just in case, clear any preseeded user password from the database
+	# anyway.
+	db_set passwd/user-password-crypted ''
+	db_set passwd/user-password ''
+	db_set passwd/user-password-again ''
+fi
+
+exit 0

templates/le5/multiterminal/disk.key

+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+mQENBFErpagBCADBu0zEC3hX8HS/NkQQr1UQai+74UZWqvQMHykcLqxKWPzKGCKu
++ulC3fliNBH5A/+UYxEuFaGO2wQYnnWoF5I2i5rboZTJnn6wpPT+kVcEMQHKSHVE
+79z4FFDtz4VMf/0tyGa6nM1vqmLcbUr1G9V8No5JFXzJRKEIcUBaCfKM5rnXCgUA
+DdJxksjLyj9vphwCbG4aAalufKbfzRF5SPzRmheTLyuU9zLfo042TSpecKNW4hiD
+8+7MQlOvjkNaQYKNhIMaV3Gie2S/+lpBEL5KqsTFnXEWpiD5b9aeSeO++LdiEApR
+qDw1L6/T66JQ9N7kyYPcQWRh6Sx4ykgZJ1oDABEBAAG0GGplbmtpbnMgPGplbmtp
+bnNAbWFydWxhPokBOAQTAQIAIgUCUSulqAIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC
+HgECF4AACgkQqjjBOGWf3m8e1gf9FIic27zryGFs72phcHFj8gyWv5TEm20UnQnE
+/dkNs283NCIeRI/e/WJQmVSZ8z42a/owqsGeHgOICrN7nVxw+4yCaMrNSUnlNCOe
+FxtuEJvrm/1bDmarThunPaOUwYSHKuXhOticOT4qjwBr8rCWYuIJL9mGX/u9j+gs
+HaLCiRZ7a73H9leFyxy9nI+8HgXPVvx4P0/pXqoc5HjY8r9w8P0suyW6TI/Xy952
+/nJf6YM1UJWlFbiYyuHlAkJAiNU1sGXcWBXga9p8z5Ty9WxnwuqBbWrsg0wI378x
+qbFYhZ93phENH3hrhbFekqwUZi9OuG0/i/IsYg9GIsJAW3Kz5LkBDQRRK6WoAQgA
+1roqSCCwpMQSv1djaAwz8nYBsv9VTrb2wJhWEBJt0wuvX5aTvorFGCyjQo69a2jt
+CmRBAcIPNiCqG7SvV0NHyinrz8u3xDaex6ZEANv97AIeimzvsO5oikhGyNlhPlHS
+ioXVj7TXpuFaP75N2ymNa4p+Z7D6//HkZ67J8oW6XuZYkjaJJepAsyM8n/OrU73A
+jWl83s/Bp+e75DyxEstV7cjcwRvYAomzC/zLy5HJAWRdSWd9Rdep4hZ8uOZoGksx
+YdW1csvj+EO547VPIAEHju+gB85szFrqXKoBUgQ/fTFkd2igvyqTvw903Xl9NOxH
+rW0Aw1JsIRMWn/l1Hox8cQARAQABiQEfBBgBAgAJBQJRK6WoAhsMAAoJEKo4wThl
+n95vPK0H/jAGCPshPiydV23vP7osoQYrlQ1N/heev9xF+qoj5p3DZy7PVESRz4KH
+BamzpwK1UZofwPTKT7qiXO1XZphysD9smMnThWhMnx+ebpBp4xM0mL/4o5SVy2gi
+1fjyOhdbfP6+npZWX7u05ui0ynhtRKLtDa7tGcTmdPJoDtIBBuheSYL6jbeY9idP
+lqdsSxtBjqN4+5vI6QwwYnjImN9vH8VUW5IRjIiat5AuU5xbkbFQCXw9KXnfpUPU
+qK6pUHJvrS17EhlE8IcZ2p3f+9FUxykIkzTWW5qRSqHnujP65+wEWHxGc0oDr2QL
+K2+QdslZ3AX57dOa7BLpkYqLB16U+KI=
+=ZZZW
+-----END PGP PUBLIC KEY BLOCK-----