]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
418b9be5 | 2 | |
418b9be5 | 3 | #include <fcntl.h> |
418b9be5 | 4 | #include <getopt.h> |
3ff9fa59 | 5 | #include <linux/loop.h> |
3f6fd1ba | 6 | #include <unistd.h> |
418b9be5 | 7 | |
dccca82b LP |
8 | #include "sd-id128.h" |
9 | ||
b5efdb8a | 10 | #include "alloc-util.h" |
3f6fd1ba | 11 | #include "ask-password-api.h" |
d6b4d1c7 | 12 | #include "build.h" |
cea32691 ZJS |
13 | #include "bus-error.h" |
14 | #include "bus-locator.h" | |
a9399358 | 15 | #include "bus-unit-util.h" |
cea32691 | 16 | #include "bus-util.h" |
8eb668b9 | 17 | #include "bus-wait-for-jobs.h" |
f461a28d | 18 | #include "chase.h" |
418b9be5 | 19 | #include "copy.h" |
416f7b3a | 20 | #include "creds-util.h" |
3ff9fa59 | 21 | #include "dissect-image.h" |
686d13b9 | 22 | #include "env-file.h" |
7fc3f9c0 | 23 | #include "errno-util.h" |
6bedfcbb | 24 | #include "fd-util.h" |
3f6fd1ba | 25 | #include "fileio.h" |
f4f15635 | 26 | #include "fs-util.h" |
d8e32c47 | 27 | #include "glyph-util.h" |
3f6fd1ba | 28 | #include "hostname-util.h" |
f05e1d0d | 29 | #include "kbd-util.h" |
42f3b2f9 | 30 | #include "libcrypt-util.h" |
3f6fd1ba | 31 | #include "locale-util.h" |
b352e545 | 32 | #include "lock-util.h" |
45f39418 | 33 | #include "main-func.h" |
9ae4ef49 | 34 | #include "memory-util.h" |
418b9be5 | 35 | #include "mkdir.h" |
3ff9fa59 | 36 | #include "mount-util.h" |
d58ad743 | 37 | #include "os-util.h" |
614b022c | 38 | #include "parse-argument.h" |
6bedfcbb | 39 | #include "parse-util.h" |
d34b1823 | 40 | #include "password-quality-util.h" |
418b9be5 | 41 | #include "path-util.h" |
294bf0c3 | 42 | #include "pretty-print.h" |
f582cbca | 43 | #include "proc-cmdline.h" |
3df3e884 | 44 | #include "random-util.h" |
ce0458be | 45 | #include "smack-util.h" |
6bedfcbb | 46 | #include "string-util.h" |
3f6fd1ba | 47 | #include "strv.h" |
288a74cc | 48 | #include "terminal-util.h" |
3f6fd1ba | 49 | #include "time-util.h" |
b4909a3f | 50 | #include "tmpfile-util-label.h" |
3ff9fa59 | 51 | #include "tmpfile-util.h" |
affb60b1 | 52 | #include "umask-util.h" |
e929bee0 | 53 | #include "user-util.h" |
418b9be5 LP |
54 | |
55 | static char *arg_root = NULL; | |
3ff9fa59 | 56 | static char *arg_image = NULL; |
418b9be5 LP |
57 | static char *arg_locale = NULL; /* $LANG */ |
58 | static char *arg_locale_messages = NULL; /* $LC_MESSAGES */ | |
f8fd0930 | 59 | static char *arg_keymap = NULL; |
418b9be5 LP |
60 | static char *arg_timezone = NULL; |
61 | static char *arg_hostname = NULL; | |
62 | static sd_id128_t arg_machine_id = {}; | |
63 | static char *arg_root_password = NULL; | |
28900a1b | 64 | static char *arg_root_shell = NULL; |
a5925354 | 65 | static char *arg_kernel_cmdline = NULL; |
418b9be5 | 66 | static bool arg_prompt_locale = false; |
ed457f13 | 67 | static bool arg_prompt_keymap = false; |
418b9be5 LP |
68 | static bool arg_prompt_timezone = false; |
69 | static bool arg_prompt_hostname = false; | |
70 | static bool arg_prompt_root_password = false; | |
28900a1b | 71 | static bool arg_prompt_root_shell = false; |
418b9be5 | 72 | static bool arg_copy_locale = false; |
ed457f13 | 73 | static bool arg_copy_keymap = false; |
418b9be5 LP |
74 | static bool arg_copy_timezone = false; |
75 | static bool arg_copy_root_password = false; | |
28900a1b | 76 | static bool arg_copy_root_shell = false; |
b4909a3f | 77 | static bool arg_force = false; |
4926ceaf | 78 | static bool arg_delete_root_password = false; |
676339a1 | 79 | static bool arg_root_password_is_hashed = false; |
a1225020 | 80 | static bool arg_welcome = true; |
05eb2c60 | 81 | static bool arg_reset = false; |
84be0c71 | 82 | static ImagePolicy *arg_image_policy = NULL; |
418b9be5 | 83 | |
45f39418 | 84 | STATIC_DESTRUCTOR_REGISTER(arg_root, freep); |
3ff9fa59 | 85 | STATIC_DESTRUCTOR_REGISTER(arg_image, freep); |
45f39418 YW |
86 | STATIC_DESTRUCTOR_REGISTER(arg_locale, freep); |
87 | STATIC_DESTRUCTOR_REGISTER(arg_locale_messages, freep); | |
88 | STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep); | |
89 | STATIC_DESTRUCTOR_REGISTER(arg_timezone, freep); | |
90 | STATIC_DESTRUCTOR_REGISTER(arg_hostname, freep); | |
9ae4ef49 | 91 | STATIC_DESTRUCTOR_REGISTER(arg_root_password, erase_and_freep); |
84be0c71 | 92 | STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); |
45f39418 | 93 | |
418b9be5 LP |
94 | static bool press_any_key(void) { |
95 | char k = 0; | |
96 | bool need_nl = true; | |
97 | ||
98 | printf("-- Press any key to proceed --"); | |
99 | fflush(stdout); | |
100 | ||
94956f8f | 101 | (void) read_one_char(stdin, &k, USEC_INFINITY, &need_nl); |
418b9be5 LP |
102 | |
103 | if (need_nl) | |
104 | putchar('\n'); | |
105 | ||
106 | return k != 'q'; | |
107 | } | |
108 | ||
a0657479 | 109 | static void print_welcome(int rfd) { |
02b7005e | 110 | _cleanup_free_ char *pretty_name = NULL, *os_name = NULL, *ansi_color = NULL; |
418b9be5 | 111 | static bool done = false; |
ae0d36c1 | 112 | const char *pn, *ac; |
418b9be5 LP |
113 | int r; |
114 | ||
a0657479 DDM |
115 | assert(rfd >= 0); |
116 | ||
a1225020 LP |
117 | if (!arg_welcome) |
118 | return; | |
119 | ||
418b9be5 LP |
120 | if (done) |
121 | return; | |
122 | ||
a0657479 DDM |
123 | r = parse_os_release_at(rfd, |
124 | "PRETTY_NAME", &pretty_name, | |
125 | "NAME", &os_name, | |
126 | "ANSI_COLOR", &ansi_color); | |
d58ad743 LP |
127 | if (r < 0) |
128 | log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, | |
129 | "Failed to read os-release file, ignoring: %m"); | |
418b9be5 | 130 | |
02b7005e | 131 | pn = os_release_pretty_name(pretty_name, os_name); |
ae0d36c1 | 132 | ac = isempty(ansi_color) ? "0" : ansi_color; |
4aeadec7 | 133 | |
5fee4ac0 LP |
134 | (void) reset_terminal_fd(STDIN_FILENO, /* switch_to_text= */ false); |
135 | ||
4aeadec7 | 136 | if (colors_enabled()) |
ae0d36c1 | 137 | printf("\nWelcome to your new installation of \x1B[%sm%s\x1B[0m!\n", ac, pn); |
4aeadec7 LP |
138 | else |
139 | printf("\nWelcome to your new installation of %s!\n", pn); | |
140 | ||
141 | printf("\nPlease configure your system!\n\n"); | |
418b9be5 LP |
142 | |
143 | press_any_key(); | |
144 | ||
145 | done = true; | |
146 | } | |
147 | ||
148 | static int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) { | |
418b9be5 | 149 | unsigned break_lines, break_modulo; |
da6053d0 | 150 | size_t n, per_column, i, j; |
418b9be5 LP |
151 | |
152 | assert(n_columns > 0); | |
153 | ||
154 | n = strv_length(x); | |
be6b0c21 | 155 | per_column = DIV_ROUND_UP(n, n_columns); |
418b9be5 LP |
156 | |
157 | break_lines = lines(); | |
158 | if (break_lines > 2) | |
159 | break_lines--; | |
160 | ||
161 | /* The first page gets two extra lines, since we want to show | |
162 | * a title */ | |
163 | break_modulo = break_lines; | |
164 | if (break_modulo > 3) | |
165 | break_modulo -= 3; | |
166 | ||
167 | for (i = 0; i < per_column; i++) { | |
168 | ||
169 | for (j = 0; j < n_columns; j ++) { | |
170 | _cleanup_free_ char *e = NULL; | |
171 | ||
172 | if (j * per_column + i >= n) | |
173 | break; | |
174 | ||
175 | e = ellipsize(x[j * per_column + i], width, percentage); | |
176 | if (!e) | |
177 | return log_oom(); | |
178 | ||
f996072f | 179 | printf("%4zu) %-*s", j * per_column + i + 1, (int) width, e); |
418b9be5 LP |
180 | } |
181 | ||
182 | putchar('\n'); | |
183 | ||
184 | /* on the first screen we reserve 2 extra lines for the title */ | |
185 | if (i % break_lines == break_modulo) { | |
186 | if (!press_any_key()) | |
187 | return 0; | |
188 | } | |
189 | } | |
190 | ||
191 | return 0; | |
192 | } | |
193 | ||
ecada8f2 | 194 | static int prompt_loop(const char *text, char **l, unsigned percentage, bool (*is_valid)(const char *name), char **ret) { |
418b9be5 LP |
195 | int r; |
196 | ||
197 | assert(text); | |
198 | assert(is_valid); | |
199 | assert(ret); | |
200 | ||
201 | for (;;) { | |
202 | _cleanup_free_ char *p = NULL; | |
203 | unsigned u; | |
204 | ||
ecada8f2 ZJS |
205 | r = ask_string(&p, "%s %s (empty to skip, \"list\" to list options): ", |
206 | special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), text); | |
23bbb0de MS |
207 | if (r < 0) |
208 | return log_error_errno(r, "Failed to query user: %m"); | |
418b9be5 LP |
209 | |
210 | if (isempty(p)) { | |
211 | log_warning("No data entered, skipping."); | |
212 | return 0; | |
213 | } | |
214 | ||
ecada8f2 ZJS |
215 | if (streq(p, "list")) { |
216 | r = show_menu(l, 3, 22, percentage); | |
217 | if (r < 0) | |
218 | return r; | |
219 | ||
220 | putchar('\n'); | |
221 | continue; | |
222 | }; | |
223 | ||
418b9be5 LP |
224 | r = safe_atou(p, &u); |
225 | if (r >= 0) { | |
418b9be5 LP |
226 | if (u <= 0 || u > strv_length(l)) { |
227 | log_error("Specified entry number out of range."); | |
228 | continue; | |
229 | } | |
230 | ||
231 | log_info("Selected '%s'.", l[u-1]); | |
b3f9c17a | 232 | return free_and_strdup_warn(ret, l[u-1]); |
418b9be5 LP |
233 | } |
234 | ||
235 | if (!is_valid(p)) { | |
236 | log_error("Entered data invalid."); | |
237 | continue; | |
238 | } | |
239 | ||
bfbf5f74 | 240 | return free_and_replace(*ret, p); |
418b9be5 LP |
241 | } |
242 | } | |
243 | ||
b352e545 | 244 | static int should_configure(int dir_fd, const char *filename) { |
a777a592 ZJS |
245 | _cleanup_fclose_ FILE *passwd = NULL, *shadow = NULL; |
246 | int r; | |
247 | ||
b352e545 DDM |
248 | assert(dir_fd >= 0); |
249 | assert(filename); | |
250 | ||
a777a592 ZJS |
251 | if (streq(filename, "passwd") && !arg_force) |
252 | /* We may need to do additional checks, so open the file. */ | |
253 | r = xfopenat(dir_fd, filename, "re", O_NOFOLLOW, &passwd); | |
254 | else | |
255 | r = RET_NERRNO(faccessat(dir_fd, filename, F_OK, AT_SYMLINK_NOFOLLOW)); | |
256 | ||
257 | if (r == -ENOENT) | |
258 | return true; /* missing */ | |
259 | if (r < 0) | |
260 | return log_error_errno(r, "Failed to access %s: %m", filename); | |
261 | if (arg_force) | |
262 | return true; /* exists, but if --force was given we should still configure the file. */ | |
263 | ||
264 | if (!passwd) | |
265 | return false; | |
266 | ||
267 | /* In case of /etc/passwd, do an additional check for the root password field. | |
268 | * We first check that passwd redirects to shadow, and then we check shadow. | |
269 | */ | |
270 | struct passwd *i; | |
271 | while ((r = fgetpwent_sane(passwd, &i)) > 0) { | |
272 | if (!streq(i->pw_name, "root")) | |
273 | continue; | |
274 | ||
275 | if (streq_ptr(i->pw_passwd, PASSWORD_SEE_SHADOW)) | |
276 | break; | |
277 | log_debug("passwd: root account with non-shadow password found, treating root as configured"); | |
278 | return false; | |
279 | } | |
280 | if (r < 0) | |
281 | return log_error_errno(r, "Failed to read %s: %m", filename); | |
282 | if (r == 0) { | |
283 | log_debug("No root account found in %s, assuming root is not configured.", filename); | |
284 | return true; | |
285 | } | |
df00c516 | 286 | |
a777a592 ZJS |
287 | r = xfopenat(dir_fd, "shadow", "re", O_NOFOLLOW, &shadow); |
288 | if (r == -ENOENT) { | |
289 | log_debug("No shadow file found, assuming root is not configured."); | |
df00c516 DDM |
290 | return true; /* missing */ |
291 | } | |
a777a592 ZJS |
292 | if (r < 0) |
293 | return log_error_errno(r, "Failed to access shadow: %m"); | |
b352e545 | 294 | |
a777a592 ZJS |
295 | struct spwd *j; |
296 | while ((r = fgetspent_sane(shadow, &j)) > 0) { | |
297 | if (!streq(j->sp_namp, "root")) | |
298 | continue; | |
299 | ||
300 | bool unprovisioned = streq_ptr(j->sp_pwdp, PASSWORD_UNPROVISIONED); | |
301 | log_debug("Root account found, %s.", | |
302 | unprovisioned ? "with unprovisioned password, treating root as not configured" : | |
303 | "treating root as configured"); | |
304 | return unprovisioned; | |
305 | } | |
306 | if (r < 0) | |
307 | return log_error_errno(r, "Failed to read shadow: %m"); | |
308 | assert(r == 0); | |
309 | log_debug("No root account found in shadow, assuming root is not configured."); | |
310 | return true; | |
b352e545 DDM |
311 | } |
312 | ||
a0657479 DDM |
313 | static bool locale_is_installed_bool(const char *name) { |
314 | return locale_is_installed(name) > 0; | |
315 | } | |
a00a78b8 | 316 | |
a0657479 DDM |
317 | static bool locale_is_ok(int rfd, const char *name) { |
318 | assert(rfd >= 0); | |
a00a78b8 | 319 | |
a0657479 | 320 | return dir_fd_is_root(rfd) ? locale_is_installed_bool(name) : locale_is_valid(name); |
a00a78b8 LP |
321 | } |
322 | ||
a0657479 | 323 | static int prompt_locale(int rfd) { |
418b9be5 | 324 | _cleanup_strv_free_ char **locales = NULL; |
416f7b3a | 325 | bool acquired_from_creds = false; |
418b9be5 LP |
326 | int r; |
327 | ||
a0657479 DDM |
328 | assert(rfd >= 0); |
329 | ||
418b9be5 LP |
330 | if (arg_locale || arg_locale_messages) |
331 | return 0; | |
332 | ||
416f7b3a LP |
333 | r = read_credential("firstboot.locale", (void**) &arg_locale, NULL); |
334 | if (r < 0) | |
335 | log_debug_errno(r, "Failed to read credential firstboot.locale, ignoring: %m"); | |
336 | else | |
337 | acquired_from_creds = true; | |
338 | ||
339 | r = read_credential("firstboot.locale-messages", (void**) &arg_locale_messages, NULL); | |
340 | if (r < 0) | |
8914f7e8 | 341 | log_debug_errno(r, "Failed to read credential firstboot.locale-messages, ignoring: %m"); |
416f7b3a LP |
342 | else |
343 | acquired_from_creds = true; | |
344 | ||
345 | if (acquired_from_creds) { | |
346 | log_debug("Acquired locale from credentials."); | |
347 | return 0; | |
348 | } | |
349 | ||
eb650ffe ZJS |
350 | if (!arg_prompt_locale) { |
351 | log_debug("Prompting for locale was not requested."); | |
418b9be5 | 352 | return 0; |
eb650ffe | 353 | } |
418b9be5 LP |
354 | |
355 | r = get_locales(&locales); | |
23bbb0de MS |
356 | if (r < 0) |
357 | return log_error_errno(r, "Cannot query locales list: %m"); | |
418b9be5 | 358 | |
bdd7cd26 LP |
359 | if (strv_isempty(locales)) |
360 | log_debug("No locales found, skipping locale selection."); | |
361 | else if (strv_length(locales) == 1) { | |
418b9be5 | 362 | |
bdd7cd26 LP |
363 | if (streq(locales[0], SYSTEMD_DEFAULT_LOCALE)) |
364 | log_debug("Only installed locale is default locale anyway, not setting locale explicitly."); | |
365 | else { | |
366 | log_debug("Only a single locale available (%s), selecting it as default.", locales[0]); | |
418b9be5 | 367 | |
bdd7cd26 LP |
368 | arg_locale = strdup(locales[0]); |
369 | if (!arg_locale) | |
370 | return log_oom(); | |
418b9be5 | 371 | |
bdd7cd26 LP |
372 | /* Not setting arg_locale_message here, since it defaults to LANG anyway */ |
373 | } | |
374 | } else { | |
a0657479 DDM |
375 | bool (*is_valid)(const char *name) = dir_fd_is_root(rfd) ? locale_is_installed_bool |
376 | : locale_is_valid; | |
377 | ||
378 | print_welcome(rfd); | |
418b9be5 | 379 | |
ecada8f2 | 380 | r = prompt_loop("Please enter system locale name or number", |
a0657479 | 381 | locales, 60, is_valid, &arg_locale); |
bdd7cd26 LP |
382 | if (r < 0) |
383 | return r; | |
384 | ||
385 | if (isempty(arg_locale)) | |
386 | return 0; | |
387 | ||
ecada8f2 | 388 | r = prompt_loop("Please enter system message locale name or number", |
a0657479 | 389 | locales, 60, is_valid, &arg_locale_messages); |
bdd7cd26 LP |
390 | if (r < 0) |
391 | return r; | |
392 | ||
393 | /* Suppress the messages setting if it's the same as the main locale anyway */ | |
394 | if (streq_ptr(arg_locale, arg_locale_messages)) | |
395 | arg_locale_messages = mfree(arg_locale_messages); | |
396 | } | |
418b9be5 LP |
397 | |
398 | return 0; | |
399 | } | |
400 | ||
b352e545 DDM |
401 | static int process_locale(int rfd) { |
402 | _cleanup_close_ int pfd = -EBADF; | |
403 | _cleanup_free_ char *f = NULL; | |
418b9be5 LP |
404 | char* locales[3]; |
405 | unsigned i = 0; | |
406 | int r; | |
407 | ||
b352e545 DDM |
408 | assert(rfd >= 0); |
409 | ||
410 | pfd = chase_and_open_parent_at(rfd, "/etc/locale.conf", | |
b39710cc | 411 | CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW, |
b352e545 DDM |
412 | &f); |
413 | if (pfd < 0) | |
414 | return log_error_errno(pfd, "Failed to chase /etc/locale.conf: %m"); | |
418b9be5 | 415 | |
b352e545 DDM |
416 | r = should_configure(pfd, f); |
417 | if (r == 0) | |
418 | log_debug("Found /etc/locale.conf, assuming locale information has been configured."); | |
419 | if (r <= 0) | |
420 | return r; | |
418b9be5 | 421 | |
fe75d5bc DDM |
422 | r = dir_fd_is_root(rfd); |
423 | if (r < 0) | |
424 | return log_error_errno(r, "Failed to check if directory file descriptor is root: %m"); | |
425 | ||
426 | if (arg_copy_locale && r == 0) { | |
b352e545 | 427 | r = copy_file_atomic_at(AT_FDCWD, "/etc/locale.conf", pfd, f, 0644, COPY_REFLINK); |
418b9be5 | 428 | if (r != -ENOENT) { |
23bbb0de | 429 | if (r < 0) |
b352e545 | 430 | return log_error_errno(r, "Failed to copy host's /etc/locale.conf: %m"); |
418b9be5 | 431 | |
b352e545 | 432 | log_info("Copied host's /etc/locale.conf."); |
418b9be5 LP |
433 | return 0; |
434 | } | |
435 | } | |
436 | ||
a0657479 | 437 | r = prompt_locale(rfd); |
418b9be5 LP |
438 | if (r < 0) |
439 | return r; | |
440 | ||
441 | if (!isempty(arg_locale)) | |
63c372cb | 442 | locales[i++] = strjoina("LANG=", arg_locale); |
4c4a73ce | 443 | if (!isempty(arg_locale_messages) && !streq_ptr(arg_locale_messages, arg_locale)) |
63c372cb | 444 | locales[i++] = strjoina("LC_MESSAGES=", arg_locale_messages); |
418b9be5 LP |
445 | |
446 | if (i == 0) | |
447 | return 0; | |
448 | ||
449 | locales[i] = NULL; | |
450 | ||
f155cb6d | 451 | r = write_env_file(pfd, f, NULL, locales); |
23bbb0de | 452 | if (r < 0) |
b352e545 | 453 | return log_error_errno(r, "Failed to write /etc/locale.conf: %m"); |
418b9be5 | 454 | |
b352e545 | 455 | log_info("/etc/locale.conf written."); |
d0c50d8d | 456 | return 1; |
418b9be5 LP |
457 | } |
458 | ||
a0657479 | 459 | static int prompt_keymap(int rfd) { |
ed457f13 TB |
460 | _cleanup_strv_free_ char **kmaps = NULL; |
461 | int r; | |
462 | ||
a0657479 DDM |
463 | assert(rfd >= 0); |
464 | ||
ed457f13 TB |
465 | if (arg_keymap) |
466 | return 0; | |
467 | ||
416f7b3a LP |
468 | r = read_credential("firstboot.keymap", (void**) &arg_keymap, NULL); |
469 | if (r < 0) | |
470 | log_debug_errno(r, "Failed to read credential firstboot.keymap, ignoring: %m"); | |
471 | else { | |
472 | log_debug("Acquired keymap from credential."); | |
473 | return 0; | |
474 | } | |
475 | ||
eb650ffe ZJS |
476 | if (!arg_prompt_keymap) { |
477 | log_debug("Prompting for keymap was not requested."); | |
ed457f13 | 478 | return 0; |
eb650ffe | 479 | } |
ed457f13 TB |
480 | |
481 | r = get_keymaps(&kmaps); | |
482 | if (r == -ENOENT) /* no keymaps installed */ | |
eb650ffe | 483 | return log_debug_errno(r, "No keymaps are installed."); |
ed457f13 TB |
484 | if (r < 0) |
485 | return log_error_errno(r, "Failed to read keymaps: %m"); | |
486 | ||
a0657479 | 487 | print_welcome(rfd); |
ed457f13 | 488 | |
8700b4da | 489 | return prompt_loop("Please enter system keymap name or number", |
ecada8f2 | 490 | kmaps, 60, keymap_is_valid, &arg_keymap); |
ed457f13 TB |
491 | } |
492 | ||
b352e545 DDM |
493 | static int process_keymap(int rfd) { |
494 | _cleanup_close_ int pfd = -EBADF; | |
495 | _cleanup_free_ char *f = NULL; | |
ed457f13 TB |
496 | char **keymap; |
497 | int r; | |
498 | ||
b352e545 | 499 | assert(rfd >= 0); |
ed457f13 | 500 | |
b352e545 | 501 | pfd = chase_and_open_parent_at(rfd, "/etc/vconsole.conf", |
b39710cc | 502 | CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW, |
b352e545 DDM |
503 | &f); |
504 | if (pfd < 0) | |
505 | return log_error_errno(pfd, "Failed to chase /etc/vconsole.conf: %m"); | |
ed457f13 | 506 | |
b352e545 DDM |
507 | r = should_configure(pfd, f); |
508 | if (r == 0) | |
509 | log_debug("Found /etc/vconsole.conf, assuming console has been configured."); | |
510 | if (r <= 0) | |
511 | return r; | |
512 | ||
fe75d5bc DDM |
513 | r = dir_fd_is_root(rfd); |
514 | if (r < 0) | |
515 | return log_error_errno(r, "Failed to check if directory file descriptor is root: %m"); | |
516 | ||
517 | if (arg_copy_keymap && r == 0) { | |
b352e545 | 518 | r = copy_file_atomic_at(AT_FDCWD, "/etc/vconsole.conf", pfd, f, 0644, COPY_REFLINK); |
ed457f13 TB |
519 | if (r != -ENOENT) { |
520 | if (r < 0) | |
b352e545 | 521 | return log_error_errno(r, "Failed to copy host's /etc/vconsole.conf: %m"); |
ed457f13 | 522 | |
b352e545 | 523 | log_info("Copied host's /etc/vconsole.conf."); |
ed457f13 TB |
524 | return 0; |
525 | } | |
526 | } | |
527 | ||
a0657479 | 528 | r = prompt_keymap(rfd); |
ed457f13 TB |
529 | if (r == -ENOENT) |
530 | return 0; /* don't fail if no keymaps are installed */ | |
531 | if (r < 0) | |
532 | return r; | |
533 | ||
a7353b4d | 534 | if (isempty(arg_keymap)) |
ed457f13 TB |
535 | return 0; |
536 | ||
a7353b4d YW |
537 | keymap = STRV_MAKE(strjoina("KEYMAP=", arg_keymap)); |
538 | ||
0e7a7cd4 | 539 | r = write_vconsole_conf(pfd, f, keymap); |
ed457f13 | 540 | if (r < 0) |
b352e545 | 541 | return log_error_errno(r, "Failed to write /etc/vconsole.conf: %m"); |
ed457f13 | 542 | |
b352e545 | 543 | log_info("/etc/vconsole.conf written."); |
cea32691 | 544 | return 1; |
ed457f13 TB |
545 | } |
546 | ||
089fb865 MG |
547 | static bool timezone_is_valid_log_error(const char *name) { |
548 | return timezone_is_valid(name, LOG_ERR); | |
549 | } | |
550 | ||
a0657479 | 551 | static int prompt_timezone(int rfd) { |
418b9be5 LP |
552 | _cleanup_strv_free_ char **zones = NULL; |
553 | int r; | |
554 | ||
a0657479 DDM |
555 | assert(rfd >= 0); |
556 | ||
418b9be5 LP |
557 | if (arg_timezone) |
558 | return 0; | |
559 | ||
416f7b3a LP |
560 | r = read_credential("firstboot.timezone", (void**) &arg_timezone, NULL); |
561 | if (r < 0) | |
562 | log_debug_errno(r, "Failed to read credential firstboot.timezone, ignoring: %m"); | |
563 | else { | |
564 | log_debug("Acquired timezone from credential."); | |
565 | return 0; | |
566 | } | |
567 | ||
eb650ffe ZJS |
568 | if (!arg_prompt_timezone) { |
569 | log_debug("Prompting for timezone was not requested."); | |
418b9be5 | 570 | return 0; |
eb650ffe | 571 | } |
418b9be5 LP |
572 | |
573 | r = get_timezones(&zones); | |
23bbb0de MS |
574 | if (r < 0) |
575 | return log_error_errno(r, "Cannot query timezone list: %m"); | |
418b9be5 | 576 | |
a0657479 | 577 | print_welcome(rfd); |
418b9be5 | 578 | |
ecada8f2 ZJS |
579 | r = prompt_loop("Please enter timezone name or number", |
580 | zones, 30, timezone_is_valid_log_error, &arg_timezone); | |
418b9be5 LP |
581 | if (r < 0) |
582 | return r; | |
583 | ||
584 | return 0; | |
585 | } | |
586 | ||
b352e545 DDM |
587 | static int process_timezone(int rfd) { |
588 | _cleanup_close_ int pfd = -EBADF; | |
589 | _cleanup_free_ char *f = NULL; | |
590 | const char *e; | |
418b9be5 LP |
591 | int r; |
592 | ||
b352e545 | 593 | assert(rfd >= 0); |
418b9be5 | 594 | |
b352e545 DDM |
595 | pfd = chase_and_open_parent_at(rfd, "/etc/localtime", |
596 | CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW, | |
597 | &f); | |
598 | if (pfd < 0) | |
599 | return log_error_errno(pfd, "Failed to chase /etc/localtime: %m"); | |
418b9be5 | 600 | |
b352e545 DDM |
601 | r = should_configure(pfd, f); |
602 | if (r == 0) | |
603 | log_debug("Found /etc/localtime, assuming timezone has been configured."); | |
604 | if (r <= 0) | |
605 | return r; | |
606 | ||
fe75d5bc DDM |
607 | r = dir_fd_is_root(rfd); |
608 | if (r < 0) | |
609 | return log_error_errno(r, "Failed to check if directory file descriptor is root: %m"); | |
610 | ||
611 | if (arg_copy_timezone && r == 0) { | |
b352e545 DDM |
612 | _cleanup_free_ char *s = NULL; |
613 | ||
614 | r = readlink_malloc("/etc/localtime", &s); | |
418b9be5 | 615 | if (r != -ENOENT) { |
23bbb0de | 616 | if (r < 0) |
b352e545 | 617 | return log_error_errno(r, "Failed to read host's /etc/localtime: %m"); |
418b9be5 | 618 | |
b352e545 | 619 | r = symlinkat_atomic_full(s, pfd, f, /* make_relative= */ false); |
e56dc320 | 620 | if (r < 0) |
b352e545 | 621 | return log_error_errno(r, "Failed to create /etc/localtime symlink: %m"); |
418b9be5 | 622 | |
b352e545 | 623 | log_info("Copied host's /etc/localtime."); |
418b9be5 LP |
624 | return 0; |
625 | } | |
626 | } | |
627 | ||
a0657479 | 628 | r = prompt_timezone(rfd); |
418b9be5 LP |
629 | if (r < 0) |
630 | return r; | |
631 | ||
632 | if (isempty(arg_timezone)) | |
633 | return 0; | |
634 | ||
63c372cb | 635 | e = strjoina("../usr/share/zoneinfo/", arg_timezone); |
418b9be5 | 636 | |
b352e545 | 637 | r = symlinkat_atomic_full(e, pfd, f, /* make_relative= */ false); |
e56dc320 | 638 | if (r < 0) |
b352e545 | 639 | return log_error_errno(r, "Failed to create /etc/localtime symlink: %m"); |
418b9be5 | 640 | |
b352e545 | 641 | log_info("/etc/localtime written"); |
418b9be5 LP |
642 | return 0; |
643 | } | |
644 | ||
a0657479 | 645 | static int prompt_hostname(int rfd) { |
418b9be5 LP |
646 | int r; |
647 | ||
a0657479 DDM |
648 | assert(rfd >= 0); |
649 | ||
418b9be5 LP |
650 | if (arg_hostname) |
651 | return 0; | |
652 | ||
eb650ffe ZJS |
653 | if (!arg_prompt_hostname) { |
654 | log_debug("Prompting for hostname was not requested."); | |
418b9be5 | 655 | return 0; |
eb650ffe | 656 | } |
418b9be5 | 657 | |
a0657479 | 658 | print_welcome(rfd); |
418b9be5 LP |
659 | putchar('\n'); |
660 | ||
661 | for (;;) { | |
662 | _cleanup_free_ char *h = NULL; | |
663 | ||
9a6f746f | 664 | r = ask_string(&h, "%s Please enter hostname for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET)); |
23bbb0de MS |
665 | if (r < 0) |
666 | return log_error_errno(r, "Failed to query hostname: %m"); | |
418b9be5 LP |
667 | |
668 | if (isempty(h)) { | |
669 | log_warning("No hostname entered, skipping."); | |
670 | break; | |
671 | } | |
672 | ||
52ef5dd7 | 673 | if (!hostname_is_valid(h, VALID_HOSTNAME_TRAILING_DOT)) { |
418b9be5 LP |
674 | log_error("Specified hostname invalid."); |
675 | continue; | |
676 | } | |
677 | ||
34ad6090 | 678 | /* Get rid of the trailing dot that we allow, but don't want to see */ |
ae691c1d | 679 | arg_hostname = hostname_cleanup(h); |
418b9be5 LP |
680 | h = NULL; |
681 | break; | |
682 | } | |
683 | ||
684 | return 0; | |
685 | } | |
686 | ||
b352e545 DDM |
687 | static int process_hostname(int rfd) { |
688 | _cleanup_close_ int pfd = -EBADF; | |
689 | _cleanup_free_ char *f = NULL; | |
418b9be5 LP |
690 | int r; |
691 | ||
b352e545 DDM |
692 | assert(rfd >= 0); |
693 | ||
694 | pfd = chase_and_open_parent_at(rfd, "/etc/hostname", | |
695 | CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN, | |
696 | &f); | |
697 | if (pfd < 0) | |
698 | return log_error_errno(pfd, "Failed to chase /etc/hostname: %m"); | |
699 | ||
700 | r = should_configure(pfd, f); | |
701 | if (r == 0) | |
702 | log_debug("Found /etc/hostname, assuming hostname has been configured."); | |
703 | if (r <= 0) | |
704 | return r; | |
418b9be5 | 705 | |
a0657479 | 706 | r = prompt_hostname(rfd); |
418b9be5 LP |
707 | if (r < 0) |
708 | return r; | |
709 | ||
710 | if (isempty(arg_hostname)) | |
711 | return 0; | |
712 | ||
b352e545 DDM |
713 | r = write_string_file_at(pfd, f, arg_hostname, |
714 | WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_ATOMIC); | |
23bbb0de | 715 | if (r < 0) |
b352e545 | 716 | return log_error_errno(r, "Failed to write /etc/hostname: %m"); |
418b9be5 | 717 | |
b352e545 | 718 | log_info("/etc/hostname written."); |
418b9be5 LP |
719 | return 0; |
720 | } | |
721 | ||
b352e545 DDM |
722 | static int process_machine_id(int rfd) { |
723 | _cleanup_close_ int pfd = -EBADF; | |
724 | _cleanup_free_ char *f = NULL; | |
418b9be5 LP |
725 | int r; |
726 | ||
b352e545 DDM |
727 | assert(rfd >= 0); |
728 | ||
729 | pfd = chase_and_open_parent_at(rfd, "/etc/machine-id", | |
b39710cc | 730 | CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW, |
b352e545 DDM |
731 | &f); |
732 | if (pfd < 0) | |
733 | return log_error_errno(pfd, "Failed to chase /etc/machine-id: %m"); | |
734 | ||
735 | r = should_configure(pfd, f); | |
736 | if (r == 0) | |
737 | log_debug("Found /etc/machine-id, assuming machine-id has been configured."); | |
738 | if (r <= 0) | |
739 | return r; | |
418b9be5 | 740 | |
eb650ffe ZJS |
741 | if (sd_id128_is_null(arg_machine_id)) { |
742 | log_debug("Initialization of machine-id was not requested, skipping."); | |
418b9be5 | 743 | return 0; |
eb650ffe | 744 | } |
418b9be5 | 745 | |
b352e545 DDM |
746 | r = write_string_file_at(pfd, "machine-id", SD_ID128_TO_STRING(arg_machine_id), |
747 | WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_ATOMIC); | |
23bbb0de | 748 | if (r < 0) |
c7c1edd6 | 749 | return log_error_errno(r, "Failed to write /etc/machine-id: %m"); |
418b9be5 | 750 | |
b352e545 | 751 | log_info("/etc/machine-id written."); |
418b9be5 LP |
752 | return 0; |
753 | } | |
754 | ||
a0657479 | 755 | static int prompt_root_password(int rfd) { |
1fbc95d3 | 756 | const char *msg1, *msg2; |
418b9be5 LP |
757 | int r; |
758 | ||
a0657479 DDM |
759 | assert(rfd >= 0); |
760 | ||
418b9be5 LP |
761 | if (arg_root_password) |
762 | return 0; | |
763 | ||
ff86850b | 764 | if (get_credential_user_password("root", &arg_root_password, &arg_root_password_is_hashed) >= 0) |
416f7b3a | 765 | return 0; |
416f7b3a | 766 | |
eb650ffe ZJS |
767 | if (!arg_prompt_root_password) { |
768 | log_debug("Prompting for root password was not requested."); | |
418b9be5 | 769 | return 0; |
eb650ffe | 770 | } |
418b9be5 | 771 | |
a0657479 | 772 | print_welcome(rfd); |
418b9be5 LP |
773 | putchar('\n'); |
774 | ||
3619634c LP |
775 | msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip):"); |
776 | msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again:"); | |
418b9be5 | 777 | |
7baf10a7 LP |
778 | suggest_passwords(); |
779 | ||
418b9be5 | 780 | for (;;) { |
c7b7d74e | 781 | _cleanup_strv_free_erase_ char **a = NULL, **b = NULL; |
7baf10a7 | 782 | _cleanup_free_ char *error = NULL; |
418b9be5 | 783 | |
daa55720 | 784 | r = ask_password_tty(-1, msg1, NULL, 0, 0, NULL, &a); |
23bbb0de MS |
785 | if (r < 0) |
786 | return log_error_errno(r, "Failed to query root password: %m"); | |
39e96f84 ZJS |
787 | if (strv_length(a) != 1) |
788 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
789 | "Received multiple passwords, where we expected one."); | |
418b9be5 | 790 | |
c7b7d74e | 791 | if (isempty(*a)) { |
418b9be5 LP |
792 | log_warning("No password entered, skipping."); |
793 | break; | |
794 | } | |
795 | ||
d34b1823 | 796 | r = check_password_quality(*a, /* old */ NULL, "root", &error); |
bb44fd07 ZJS |
797 | if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) |
798 | log_warning("Password quality check is not supported, proceeding anyway."); | |
799 | else if (r < 0) | |
800 | return log_error_errno(r, "Failed to check password quality: %m"); | |
801 | else if (r == 0) | |
7baf10a7 LP |
802 | log_warning("Password is weak, accepting anyway: %s", error); |
803 | ||
daa55720 | 804 | r = ask_password_tty(-1, msg2, NULL, 0, 0, NULL, &b); |
ab84f5b9 | 805 | if (r < 0) |
00843602 | 806 | return log_error_errno(r, "Failed to query root password: %m"); |
39e96f84 ZJS |
807 | if (strv_length(b) != 1) |
808 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
809 | "Received multiple passwords, where we expected one."); | |
418b9be5 | 810 | |
c7b7d74e | 811 | if (!streq(*a, *b)) { |
418b9be5 | 812 | log_error("Entered passwords did not match, please try again."); |
418b9be5 LP |
813 | continue; |
814 | } | |
815 | ||
c7b7d74e | 816 | arg_root_password = TAKE_PTR(*a); |
418b9be5 LP |
817 | break; |
818 | } | |
819 | ||
820 | return 0; | |
821 | } | |
822 | ||
b352e545 | 823 | static int find_shell(int rfd, const char *path) { |
31363bd5 DDM |
824 | int r; |
825 | ||
826 | assert(path); | |
827 | ||
828 | if (!valid_shell(path)) | |
829 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "%s is not a valid shell", path); | |
830 | ||
b352e545 DDM |
831 | r = chaseat(rfd, path, CHASE_AT_RESOLVE_IN_ROOT, NULL, NULL); |
832 | if (r < 0) | |
833 | return log_error_errno(r, "Failed to resolve shell %s: %m", path); | |
31363bd5 DDM |
834 | |
835 | return 0; | |
836 | } | |
837 | ||
b352e545 | 838 | static int prompt_root_shell(int rfd) { |
28900a1b DDM |
839 | int r; |
840 | ||
a0657479 DDM |
841 | assert(rfd >= 0); |
842 | ||
416f7b3a LP |
843 | if (arg_root_shell) |
844 | return 0; | |
845 | ||
846 | r = read_credential("passwd.shell.root", (void**) &arg_root_shell, NULL); | |
847 | if (r < 0) | |
848 | log_debug_errno(r, "Failed to read credential passwd.shell.root, ignoring: %m"); | |
849 | else { | |
850 | log_debug("Acquired root shell from credential."); | |
851 | return 0; | |
852 | } | |
853 | ||
eb650ffe ZJS |
854 | if (!arg_prompt_root_shell) { |
855 | log_debug("Prompting for root shell was not requested."); | |
28900a1b | 856 | return 0; |
eb650ffe | 857 | } |
28900a1b | 858 | |
a0657479 | 859 | print_welcome(rfd); |
28900a1b DDM |
860 | putchar('\n'); |
861 | ||
862 | for (;;) { | |
863 | _cleanup_free_ char *s = NULL; | |
864 | ||
865 | r = ask_string(&s, "%s Please enter root shell for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET)); | |
866 | if (r < 0) | |
867 | return log_error_errno(r, "Failed to query root shell: %m"); | |
868 | ||
869 | if (isempty(s)) { | |
870 | log_warning("No shell entered, skipping."); | |
871 | break; | |
872 | } | |
873 | ||
b352e545 | 874 | r = find_shell(rfd, s); |
31363bd5 | 875 | if (r < 0) |
28900a1b | 876 | continue; |
28900a1b DDM |
877 | |
878 | arg_root_shell = TAKE_PTR(s); | |
879 | break; | |
880 | } | |
881 | ||
882 | return 0; | |
883 | } | |
884 | ||
a0657479 | 885 | static int write_root_passwd(int rfd, int etc_fd, const char *password, const char *shell) { |
4926ceaf DDM |
886 | _cleanup_fclose_ FILE *original = NULL, *passwd = NULL; |
887 | _cleanup_(unlink_and_freep) char *passwd_tmp = NULL; | |
888 | int r; | |
889 | ||
c4a53ebf DDM |
890 | assert(password); |
891 | ||
b352e545 | 892 | r = fopen_temporary_at_label(etc_fd, "passwd", "passwd", &passwd, &passwd_tmp); |
4926ceaf DDM |
893 | if (r < 0) |
894 | return r; | |
895 | ||
b352e545 DDM |
896 | r = xfopenat(etc_fd, "passwd", "re", O_NOFOLLOW, &original); |
897 | if (r < 0 && r != -ENOENT) | |
898 | return r; | |
899 | ||
4926ceaf DDM |
900 | if (original) { |
901 | struct passwd *i; | |
902 | ||
bb72c434 | 903 | r = copy_rights(fileno(original), fileno(passwd)); |
4926ceaf DDM |
904 | if (r < 0) |
905 | return r; | |
906 | ||
907 | while ((r = fgetpwent_sane(original, &i)) > 0) { | |
908 | ||
28900a1b | 909 | if (streq(i->pw_name, "root")) { |
4926ceaf | 910 | i->pw_passwd = (char *) password; |
28900a1b DDM |
911 | if (shell) |
912 | i->pw_shell = (char *) shell; | |
913 | } | |
4926ceaf DDM |
914 | |
915 | r = putpwent_sane(i, passwd); | |
916 | if (r < 0) | |
917 | return r; | |
918 | } | |
919 | if (r < 0) | |
920 | return r; | |
921 | ||
922 | } else { | |
923 | struct passwd root = { | |
924 | .pw_name = (char *) "root", | |
925 | .pw_passwd = (char *) password, | |
926 | .pw_uid = 0, | |
927 | .pw_gid = 0, | |
928 | .pw_gecos = (char *) "Super User", | |
929 | .pw_dir = (char *) "/root", | |
a0657479 | 930 | .pw_shell = (char *) (shell ?: default_root_shell_at(rfd)), |
4926ceaf DDM |
931 | }; |
932 | ||
933 | if (errno != ENOENT) | |
934 | return -errno; | |
935 | ||
b226422c | 936 | r = fchmod(fileno(passwd), 0644); |
4926ceaf DDM |
937 | if (r < 0) |
938 | return -errno; | |
939 | ||
940 | r = putpwent_sane(&root, passwd); | |
941 | if (r < 0) | |
942 | return r; | |
943 | } | |
944 | ||
945 | r = fflush_sync_and_check(passwd); | |
946 | if (r < 0) | |
947 | return r; | |
948 | ||
b352e545 | 949 | r = renameat_and_apply_smack_floor_label(etc_fd, passwd_tmp, etc_fd, "passwd"); |
4926ceaf DDM |
950 | if (r < 0) |
951 | return r; | |
952 | ||
953 | return 0; | |
954 | } | |
955 | ||
b352e545 | 956 | static int write_root_shadow(int etc_fd, const char *hashed_password) { |
b4909a3f DDM |
957 | _cleanup_fclose_ FILE *original = NULL, *shadow = NULL; |
958 | _cleanup_(unlink_and_freep) char *shadow_tmp = NULL; | |
100d5f6e FB |
959 | int r; |
960 | ||
c4a53ebf DDM |
961 | assert(hashed_password); |
962 | ||
b352e545 | 963 | r = fopen_temporary_at_label(etc_fd, "shadow", "shadow", &shadow, &shadow_tmp); |
b4909a3f DDM |
964 | if (r < 0) |
965 | return r; | |
966 | ||
b352e545 DDM |
967 | r = xfopenat(etc_fd, "shadow", "re", O_NOFOLLOW, &original); |
968 | if (r < 0 && r != -ENOENT) | |
969 | return r; | |
970 | ||
b4909a3f DDM |
971 | if (original) { |
972 | struct spwd *i; | |
973 | ||
bb72c434 | 974 | r = copy_rights(fileno(original), fileno(shadow)); |
b4909a3f DDM |
975 | if (r < 0) |
976 | return r; | |
977 | ||
978 | while ((r = fgetspent_sane(original, &i)) > 0) { | |
979 | ||
980 | if (streq(i->sp_namp, "root")) { | |
981 | i->sp_pwdp = (char *) hashed_password; | |
982 | i->sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY); | |
983 | } | |
984 | ||
985 | r = putspent_sane(i, shadow); | |
986 | if (r < 0) | |
987 | return r; | |
988 | } | |
989 | if (r < 0) | |
990 | return r; | |
991 | ||
992 | } else { | |
993 | struct spwd root = { | |
994 | .sp_namp = (char*) "root", | |
995 | .sp_pwdp = (char *) hashed_password, | |
996 | .sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY), | |
997 | .sp_min = -1, | |
998 | .sp_max = -1, | |
999 | .sp_warn = -1, | |
1000 | .sp_inact = -1, | |
1001 | .sp_expire = -1, | |
f5fbe71d | 1002 | .sp_flag = ULONG_MAX, /* this appears to be what everybody does ... */ |
b4909a3f DDM |
1003 | }; |
1004 | ||
1005 | if (errno != ENOENT) | |
1006 | return -errno; | |
418b9be5 | 1007 | |
b4909a3f DDM |
1008 | r = fchmod(fileno(shadow), 0000); |
1009 | if (r < 0) | |
1010 | return -errno; | |
418b9be5 | 1011 | |
b4909a3f DDM |
1012 | r = putspent_sane(&root, shadow); |
1013 | if (r < 0) | |
1014 | return r; | |
1015 | } | |
1016 | ||
1017 | r = fflush_sync_and_check(shadow); | |
100d5f6e FB |
1018 | if (r < 0) |
1019 | return r; | |
418b9be5 | 1020 | |
b352e545 | 1021 | r = renameat_and_apply_smack_floor_label(etc_fd, shadow_tmp, etc_fd, "shadow"); |
b4909a3f DDM |
1022 | if (r < 0) |
1023 | return r; | |
1024 | ||
1025 | return 0; | |
418b9be5 LP |
1026 | } |
1027 | ||
b352e545 DDM |
1028 | static int process_root_account(int rfd) { |
1029 | _cleanup_close_ int pfd = -EBADF; | |
1030 | _cleanup_(release_lock_file) LockFile lock = LOCK_FILE_INIT; | |
0e98d17e | 1031 | _cleanup_(erase_and_freep) char *_hashed_password = NULL; |
c4a53ebf | 1032 | const char *password, *hashed_password; |
b352e545 DDM |
1033 | int k = 0, r; |
1034 | ||
1035 | assert(rfd >= 0); | |
1036 | ||
1037 | pfd = chase_and_open_parent_at(rfd, "/etc/passwd", | |
1038 | CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW, | |
1039 | NULL); | |
1040 | if (pfd < 0) | |
1041 | return log_error_errno(pfd, "Failed to chase /etc/passwd: %m"); | |
1042 | ||
1043 | /* Ensure that passwd and shadow are in the same directory and are not symlinks. */ | |
1044 | ||
1045 | FOREACH_STRING(s, "passwd", "shadow") { | |
1046 | r = verify_regular_at(pfd, s, /* follow = */ false); | |
1047 | if (IN_SET(r, -EISDIR, -ELOOP, -EBADFD)) | |
1048 | return log_error_errno(r, "/etc/%s is not a regular file", s); | |
1049 | if (r < 0 && r != -ENOENT) | |
1050 | return log_error_errno(r, "Failed to check whether /etc/%s is a regular file: %m", s); | |
1051 | ||
1052 | r = should_configure(pfd, s); | |
1053 | if (r < 0) | |
1054 | return r; | |
418b9be5 | 1055 | |
b352e545 DDM |
1056 | k += r; |
1057 | } | |
c4a53ebf | 1058 | |
b352e545 DDM |
1059 | if (k == 0) { |
1060 | log_debug("Found /etc/passwd and /etc/shadow, assuming root account has been initialized."); | |
418b9be5 | 1061 | return 0; |
eb650ffe | 1062 | } |
87a3a4a8 | 1063 | |
67d5d9d5 | 1064 | /* Don't create/modify passwd and shadow if not asked */ |
1065 | if (!(arg_root_password || arg_prompt_root_password || arg_copy_root_password || arg_delete_root_password || | |
eb650ffe ZJS |
1066 | arg_root_shell || arg_prompt_root_shell || arg_copy_root_shell)) { |
1067 | log_debug("Initialization of root account was not requested, skipping."); | |
67d5d9d5 | 1068 | return 0; |
eb650ffe | 1069 | } |
418b9be5 | 1070 | |
fe585662 | 1071 | r = make_lock_file_at(pfd, ETC_PASSWD_LOCK_FILENAME, LOCK_EX, &lock); |
b352e545 DDM |
1072 | if (r < 0) |
1073 | return log_error_errno(r, "Failed to take a lock on /etc/passwd: %m"); | |
4926ceaf | 1074 | |
fe75d5bc DDM |
1075 | k = dir_fd_is_root(rfd); |
1076 | if (k < 0) | |
1077 | return log_error_errno(k, "Failed to check if directory file descriptor is root: %m"); | |
1078 | ||
1079 | if (arg_copy_root_shell && k == 0) { | |
28900a1b DDM |
1080 | struct passwd *p; |
1081 | ||
1082 | errno = 0; | |
1083 | p = getpwnam("root"); | |
1084 | if (!p) | |
1085 | return log_error_errno(errno_or_else(EIO), "Failed to find passwd entry for root: %m"); | |
1086 | ||
1087 | r = free_and_strdup(&arg_root_shell, p->pw_shell); | |
1088 | if (r < 0) | |
1089 | return log_oom(); | |
1090 | } | |
1091 | ||
b352e545 | 1092 | r = prompt_root_shell(rfd); |
28900a1b DDM |
1093 | if (r < 0) |
1094 | return r; | |
1095 | ||
fe75d5bc | 1096 | if (arg_copy_root_password && k == 0) { |
418b9be5 LP |
1097 | struct spwd *p; |
1098 | ||
1099 | errno = 0; | |
1100 | p = getspnam("root"); | |
c4a53ebf DDM |
1101 | if (!p) |
1102 | return log_error_errno(errno_or_else(EIO), "Failed to find shadow entry for root: %m"); | |
418b9be5 | 1103 | |
c4a53ebf DDM |
1104 | r = free_and_strdup(&arg_root_password, p->sp_pwdp); |
1105 | if (r < 0) | |
1106 | return log_oom(); | |
418b9be5 | 1107 | |
c4a53ebf | 1108 | arg_root_password_is_hashed = true; |
418b9be5 LP |
1109 | } |
1110 | ||
a0657479 | 1111 | r = prompt_root_password(rfd); |
418b9be5 LP |
1112 | if (r < 0) |
1113 | return r; | |
1114 | ||
c4a53ebf | 1115 | if (arg_root_password && arg_root_password_is_hashed) { |
53c25ac9 | 1116 | password = PASSWORD_SEE_SHADOW; |
676339a1 | 1117 | hashed_password = arg_root_password; |
c4a53ebf | 1118 | } else if (arg_root_password) { |
0e98d17e ZJS |
1119 | r = hash_password(arg_root_password, &_hashed_password); |
1120 | if (r < 0) | |
1121 | return log_error_errno(r, "Failed to hash password: %m"); | |
676339a1 | 1122 | |
53c25ac9 | 1123 | password = PASSWORD_SEE_SHADOW; |
0e98d17e | 1124 | hashed_password = _hashed_password; |
c4a53ebf | 1125 | |
c4a53ebf | 1126 | } else if (arg_delete_root_password) |
53c25ac9 | 1127 | password = hashed_password = PASSWORD_NONE; |
c4a53ebf | 1128 | else |
53c25ac9 | 1129 | password = hashed_password = PASSWORD_LOCKED_AND_INVALID; |
c4a53ebf | 1130 | |
a0657479 | 1131 | r = write_root_passwd(rfd, pfd, password, arg_root_shell); |
c4a53ebf | 1132 | if (r < 0) |
b352e545 | 1133 | return log_error_errno(r, "Failed to write /etc/passwd: %m"); |
c4a53ebf | 1134 | |
b352e545 | 1135 | log_info("/etc/passwd written."); |
418b9be5 | 1136 | |
b352e545 | 1137 | r = write_root_shadow(pfd, hashed_password); |
23bbb0de | 1138 | if (r < 0) |
b352e545 | 1139 | return log_error_errno(r, "Failed to write /etc/shadow: %m"); |
418b9be5 | 1140 | |
b352e545 | 1141 | log_info("/etc/shadow written."); |
418b9be5 LP |
1142 | return 0; |
1143 | } | |
1144 | ||
b352e545 DDM |
1145 | static int process_kernel_cmdline(int rfd) { |
1146 | _cleanup_close_ int pfd = -EBADF; | |
1147 | _cleanup_free_ char *f = NULL; | |
a5925354 DDM |
1148 | int r; |
1149 | ||
b352e545 DDM |
1150 | assert(rfd >= 0); |
1151 | ||
1152 | pfd = chase_and_open_parent_at(rfd, "/etc/kernel/cmdline", | |
b39710cc | 1153 | CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW, |
b352e545 DDM |
1154 | &f); |
1155 | if (pfd < 0) | |
1156 | return log_error_errno(pfd, "Failed to chase /etc/kernel/cmdline: %m"); | |
1157 | ||
1158 | r = should_configure(pfd, f); | |
1159 | if (r == 0) | |
1160 | log_debug("Found /etc/kernel/cmdline, assuming kernel command line has been configured."); | |
1161 | if (r <= 0) | |
1162 | return r; | |
a5925354 | 1163 | |
eb650ffe ZJS |
1164 | if (!arg_kernel_cmdline) { |
1165 | log_debug("Creation of /etc/kernel/cmdline was not requested, skipping."); | |
a5925354 | 1166 | return 0; |
eb650ffe | 1167 | } |
a5925354 | 1168 | |
b352e545 DDM |
1169 | r = write_string_file_at(pfd, "cmdline", arg_kernel_cmdline, |
1170 | WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_ATOMIC); | |
a5925354 | 1171 | if (r < 0) |
b352e545 | 1172 | return log_error_errno(r, "Failed to write /etc/kernel/cmdline: %m"); |
a5925354 | 1173 | |
b352e545 | 1174 | log_info("/etc/kernel/cmdline written."); |
a5925354 DDM |
1175 | return 0; |
1176 | } | |
1177 | ||
05eb2c60 DDM |
1178 | static int reset_one(int rfd, const char *path) { |
1179 | _cleanup_close_ int pfd = -EBADF; | |
1180 | _cleanup_free_ char *f = NULL; | |
1181 | ||
1182 | assert(rfd >= 0); | |
1183 | assert(path); | |
1184 | ||
1185 | pfd = chase_and_open_parent_at(rfd, path, CHASE_AT_RESOLVE_IN_ROOT|CHASE_WARN|CHASE_NOFOLLOW, &f); | |
1186 | if (pfd == -ENOENT) | |
1187 | return 0; | |
1188 | if (pfd < 0) | |
1189 | return log_error_errno(pfd, "Failed to resolve %s: %m", path); | |
1190 | ||
1191 | if (unlinkat(pfd, f, 0) < 0) | |
1192 | return errno == ENOENT ? 0 : log_error_errno(errno, "Failed to remove %s: %m", path); | |
1193 | ||
1194 | log_info("Removed %s", path); | |
1195 | return 0; | |
1196 | } | |
1197 | ||
1198 | static int process_reset(int rfd) { | |
1199 | int r; | |
1200 | ||
1201 | assert(rfd >= 0); | |
1202 | ||
1203 | if (!arg_reset) | |
1204 | return 0; | |
1205 | ||
1206 | FOREACH_STRING(p, | |
1207 | "/etc/locale.conf", | |
1208 | "/etc/vconsole.conf", | |
1209 | "/etc/hostname", | |
1210 | "/etc/machine-id", | |
cd320749 NR |
1211 | "/etc/kernel/cmdline", |
1212 | "/etc/localtime") { | |
05eb2c60 DDM |
1213 | r = reset_one(rfd, p); |
1214 | if (r < 0) | |
1215 | return r; | |
1216 | } | |
1217 | ||
1218 | return 0; | |
1219 | } | |
1220 | ||
37ec0fdd LP |
1221 | static int help(void) { |
1222 | _cleanup_free_ char *link = NULL; | |
1223 | int r; | |
1224 | ||
1225 | r = terminal_urlify_man("systemd-firstboot", "1", &link); | |
1226 | if (r < 0) | |
1227 | return log_oom(); | |
1228 | ||
418b9be5 LP |
1229 | printf("%s [OPTIONS...]\n\n" |
1230 | "Configures basic settings of the system.\n\n" | |
e16793ee ZJS |
1231 | " -h --help Show this help\n" |
1232 | " --version Show package version\n" | |
1233 | " --root=PATH Operate on an alternate filesystem root\n" | |
84be0c71 LP |
1234 | " --image=PATH Operate on disk image as filesystem root\n" |
1235 | " --image-policy=POLICY Specify disk image dissection policy\n" | |
e16793ee ZJS |
1236 | " --locale=LOCALE Set primary locale (LANG=)\n" |
1237 | " --locale-messages=LOCALE Set message locale (LC_MESSAGES=)\n" | |
1238 | " --keymap=KEYMAP Set keymap\n" | |
1239 | " --timezone=TIMEZONE Set timezone\n" | |
1240 | " --hostname=NAME Set hostname\n" | |
fd6ee7ed ZJS |
1241 | " --setup-machine-id Set a random machine ID\n" |
1242 | " --machine-ID=ID Set specified machine ID\n" | |
e16793ee ZJS |
1243 | " --root-password=PASSWORD Set root password from plaintext password\n" |
1244 | " --root-password-file=FILE Set root password from file\n" | |
1245 | " --root-password-hashed=HASH Set root password from hashed password\n" | |
1246 | " --root-shell=SHELL Set root shell\n" | |
1247 | " --prompt-locale Prompt the user for locale settings\n" | |
1248 | " --prompt-keymap Prompt the user for keymap settings\n" | |
1249 | " --prompt-timezone Prompt the user for timezone\n" | |
1250 | " --prompt-hostname Prompt the user for hostname\n" | |
1251 | " --prompt-root-password Prompt the user for root password\n" | |
1252 | " --prompt-root-shell Prompt the user for root shell\n" | |
1253 | " --prompt Prompt for all of the above\n" | |
1254 | " --copy-locale Copy locale from host\n" | |
1255 | " --copy-keymap Copy keymap from host\n" | |
1256 | " --copy-timezone Copy timezone from host\n" | |
1257 | " --copy-root-password Copy root password from host\n" | |
1258 | " --copy-root-shell Copy root shell from host\n" | |
1259 | " --copy Copy locale, keymap, timezone, root password\n" | |
e16793ee ZJS |
1260 | " --force Overwrite existing files\n" |
1261 | " --delete-root-password Delete root password\n" | |
1262 | " --welcome=no Disable the welcome text\n" | |
05eb2c60 | 1263 | " --reset Remove existing files\n" |
bc556335 DDM |
1264 | "\nSee the %s for details.\n", |
1265 | program_invocation_short_name, | |
1266 | link); | |
37ec0fdd LP |
1267 | |
1268 | return 0; | |
418b9be5 LP |
1269 | } |
1270 | ||
1271 | static int parse_argv(int argc, char *argv[]) { | |
1272 | ||
1273 | enum { | |
1274 | ARG_VERSION = 0x100, | |
1275 | ARG_ROOT, | |
3ff9fa59 | 1276 | ARG_IMAGE, |
06e78680 | 1277 | ARG_IMAGE_POLICY, |
418b9be5 LP |
1278 | ARG_LOCALE, |
1279 | ARG_LOCALE_MESSAGES, | |
ed457f13 | 1280 | ARG_KEYMAP, |
418b9be5 LP |
1281 | ARG_TIMEZONE, |
1282 | ARG_HOSTNAME, | |
fd6ee7ed | 1283 | ARG_SETUP_MACHINE_ID, |
418b9be5 LP |
1284 | ARG_MACHINE_ID, |
1285 | ARG_ROOT_PASSWORD, | |
1286 | ARG_ROOT_PASSWORD_FILE, | |
676339a1 | 1287 | ARG_ROOT_PASSWORD_HASHED, |
28900a1b | 1288 | ARG_ROOT_SHELL, |
a5925354 | 1289 | ARG_KERNEL_COMMAND_LINE, |
418b9be5 LP |
1290 | ARG_PROMPT, |
1291 | ARG_PROMPT_LOCALE, | |
ed457f13 | 1292 | ARG_PROMPT_KEYMAP, |
418b9be5 LP |
1293 | ARG_PROMPT_TIMEZONE, |
1294 | ARG_PROMPT_HOSTNAME, | |
1295 | ARG_PROMPT_ROOT_PASSWORD, | |
28900a1b | 1296 | ARG_PROMPT_ROOT_SHELL, |
418b9be5 LP |
1297 | ARG_COPY, |
1298 | ARG_COPY_LOCALE, | |
ed457f13 | 1299 | ARG_COPY_KEYMAP, |
418b9be5 LP |
1300 | ARG_COPY_TIMEZONE, |
1301 | ARG_COPY_ROOT_PASSWORD, | |
28900a1b | 1302 | ARG_COPY_ROOT_SHELL, |
b4909a3f | 1303 | ARG_FORCE, |
4926ceaf | 1304 | ARG_DELETE_ROOT_PASSWORD, |
a1225020 | 1305 | ARG_WELCOME, |
05eb2c60 | 1306 | ARG_RESET, |
418b9be5 LP |
1307 | }; |
1308 | ||
1309 | static const struct option options[] = { | |
676339a1 DDM |
1310 | { "help", no_argument, NULL, 'h' }, |
1311 | { "version", no_argument, NULL, ARG_VERSION }, | |
1312 | { "root", required_argument, NULL, ARG_ROOT }, | |
3ff9fa59 | 1313 | { "image", required_argument, NULL, ARG_IMAGE }, |
06e78680 | 1314 | { "image-policy", required_argument, NULL, ARG_IMAGE_POLICY }, |
676339a1 DDM |
1315 | { "locale", required_argument, NULL, ARG_LOCALE }, |
1316 | { "locale-messages", required_argument, NULL, ARG_LOCALE_MESSAGES }, | |
1317 | { "keymap", required_argument, NULL, ARG_KEYMAP }, | |
1318 | { "timezone", required_argument, NULL, ARG_TIMEZONE }, | |
1319 | { "hostname", required_argument, NULL, ARG_HOSTNAME }, | |
fd6ee7ed | 1320 | { "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID }, |
676339a1 DDM |
1321 | { "machine-id", required_argument, NULL, ARG_MACHINE_ID }, |
1322 | { "root-password", required_argument, NULL, ARG_ROOT_PASSWORD }, | |
1323 | { "root-password-file", required_argument, NULL, ARG_ROOT_PASSWORD_FILE }, | |
1324 | { "root-password-hashed", required_argument, NULL, ARG_ROOT_PASSWORD_HASHED }, | |
28900a1b | 1325 | { "root-shell", required_argument, NULL, ARG_ROOT_SHELL }, |
a5925354 | 1326 | { "kernel-command-line", required_argument, NULL, ARG_KERNEL_COMMAND_LINE }, |
676339a1 DDM |
1327 | { "prompt", no_argument, NULL, ARG_PROMPT }, |
1328 | { "prompt-locale", no_argument, NULL, ARG_PROMPT_LOCALE }, | |
1329 | { "prompt-keymap", no_argument, NULL, ARG_PROMPT_KEYMAP }, | |
1330 | { "prompt-timezone", no_argument, NULL, ARG_PROMPT_TIMEZONE }, | |
1331 | { "prompt-hostname", no_argument, NULL, ARG_PROMPT_HOSTNAME }, | |
1332 | { "prompt-root-password", no_argument, NULL, ARG_PROMPT_ROOT_PASSWORD }, | |
28900a1b | 1333 | { "prompt-root-shell", no_argument, NULL, ARG_PROMPT_ROOT_SHELL }, |
676339a1 DDM |
1334 | { "copy", no_argument, NULL, ARG_COPY }, |
1335 | { "copy-locale", no_argument, NULL, ARG_COPY_LOCALE }, | |
1336 | { "copy-keymap", no_argument, NULL, ARG_COPY_KEYMAP }, | |
1337 | { "copy-timezone", no_argument, NULL, ARG_COPY_TIMEZONE }, | |
1338 | { "copy-root-password", no_argument, NULL, ARG_COPY_ROOT_PASSWORD }, | |
28900a1b | 1339 | { "copy-root-shell", no_argument, NULL, ARG_COPY_ROOT_SHELL }, |
676339a1 DDM |
1340 | { "force", no_argument, NULL, ARG_FORCE }, |
1341 | { "delete-root-password", no_argument, NULL, ARG_DELETE_ROOT_PASSWORD }, | |
a1225020 | 1342 | { "welcome", required_argument, NULL, ARG_WELCOME }, |
05eb2c60 | 1343 | { "reset", no_argument, NULL, ARG_RESET }, |
418b9be5 LP |
1344 | {} |
1345 | }; | |
1346 | ||
1347 | int r, c; | |
1348 | ||
1349 | assert(argc >= 0); | |
1350 | assert(argv); | |
1351 | ||
601185b4 | 1352 | while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) |
418b9be5 LP |
1353 | |
1354 | switch (c) { | |
1355 | ||
1356 | case 'h': | |
37ec0fdd | 1357 | return help(); |
418b9be5 LP |
1358 | |
1359 | case ARG_VERSION: | |
3f6fd1ba | 1360 | return version(); |
418b9be5 LP |
1361 | |
1362 | case ARG_ROOT: | |
614b022c | 1363 | r = parse_path_argument(optarg, true, &arg_root); |
0f474365 | 1364 | if (r < 0) |
0f03c2a4 | 1365 | return r; |
418b9be5 LP |
1366 | break; |
1367 | ||
3ff9fa59 | 1368 | case ARG_IMAGE: |
614b022c | 1369 | r = parse_path_argument(optarg, false, &arg_image); |
3ff9fa59 LP |
1370 | if (r < 0) |
1371 | return r; | |
1372 | break; | |
1373 | ||
06e78680 YW |
1374 | case ARG_IMAGE_POLICY: |
1375 | r = parse_image_policy_argument(optarg, &arg_image_policy); | |
1376 | if (r < 0) | |
1377 | return r; | |
1378 | break; | |
1379 | ||
418b9be5 | 1380 | case ARG_LOCALE: |
2fc09a9c DM |
1381 | r = free_and_strdup(&arg_locale, optarg); |
1382 | if (r < 0) | |
418b9be5 LP |
1383 | return log_oom(); |
1384 | ||
1385 | break; | |
1386 | ||
1387 | case ARG_LOCALE_MESSAGES: | |
2fc09a9c DM |
1388 | r = free_and_strdup(&arg_locale_messages, optarg); |
1389 | if (r < 0) | |
418b9be5 LP |
1390 | return log_oom(); |
1391 | ||
1392 | break; | |
1393 | ||
ed457f13 | 1394 | case ARG_KEYMAP: |
baaa35ad ZJS |
1395 | if (!keymap_is_valid(optarg)) |
1396 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
1397 | "Keymap %s is not valid.", optarg); | |
ed457f13 TB |
1398 | |
1399 | r = free_and_strdup(&arg_keymap, optarg); | |
1400 | if (r < 0) | |
1401 | return log_oom(); | |
1402 | ||
1403 | break; | |
1404 | ||
418b9be5 | 1405 | case ARG_TIMEZONE: |
baaa35ad ZJS |
1406 | if (!timezone_is_valid(optarg, LOG_ERR)) |
1407 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
1408 | "Timezone %s is not valid.", optarg); | |
418b9be5 | 1409 | |
2fc09a9c DM |
1410 | r = free_and_strdup(&arg_timezone, optarg); |
1411 | if (r < 0) | |
418b9be5 LP |
1412 | return log_oom(); |
1413 | ||
1414 | break; | |
1415 | ||
1416 | case ARG_ROOT_PASSWORD: | |
2fc09a9c DM |
1417 | r = free_and_strdup(&arg_root_password, optarg); |
1418 | if (r < 0) | |
418b9be5 | 1419 | return log_oom(); |
676339a1 DDM |
1420 | |
1421 | arg_root_password_is_hashed = false; | |
418b9be5 LP |
1422 | break; |
1423 | ||
1424 | case ARG_ROOT_PASSWORD_FILE: | |
0da16248 | 1425 | arg_root_password = mfree(arg_root_password); |
418b9be5 LP |
1426 | |
1427 | r = read_one_line_file(optarg, &arg_root_password); | |
23bbb0de MS |
1428 | if (r < 0) |
1429 | return log_error_errno(r, "Failed to read %s: %m", optarg); | |
418b9be5 | 1430 | |
676339a1 DDM |
1431 | arg_root_password_is_hashed = false; |
1432 | break; | |
1433 | ||
1434 | case ARG_ROOT_PASSWORD_HASHED: | |
1435 | r = free_and_strdup(&arg_root_password, optarg); | |
1436 | if (r < 0) | |
1437 | return log_oom(); | |
1438 | ||
1439 | arg_root_password_is_hashed = true; | |
418b9be5 LP |
1440 | break; |
1441 | ||
28900a1b | 1442 | case ARG_ROOT_SHELL: |
28900a1b DDM |
1443 | r = free_and_strdup(&arg_root_shell, optarg); |
1444 | if (r < 0) | |
1445 | return log_oom(); | |
1446 | ||
1447 | break; | |
1448 | ||
418b9be5 | 1449 | case ARG_HOSTNAME: |
52ef5dd7 | 1450 | if (!hostname_is_valid(optarg, VALID_HOSTNAME_TRAILING_DOT)) |
baaa35ad ZJS |
1451 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), |
1452 | "Host name %s is not valid.", optarg); | |
418b9be5 | 1453 | |
2fc09a9c DM |
1454 | r = free_and_strdup(&arg_hostname, optarg); |
1455 | if (r < 0) | |
418b9be5 LP |
1456 | return log_oom(); |
1457 | ||
79485fc2 | 1458 | hostname_cleanup(arg_hostname); |
418b9be5 LP |
1459 | break; |
1460 | ||
fd6ee7ed ZJS |
1461 | case ARG_SETUP_MACHINE_ID: |
1462 | r = sd_id128_randomize(&arg_machine_id); | |
1463 | if (r < 0) | |
1464 | return log_error_errno(r, "Failed to generate randomized machine ID: %m"); | |
1465 | ||
1466 | break; | |
1467 | ||
418b9be5 | 1468 | case ARG_MACHINE_ID: |
7fb1d980 YW |
1469 | r = sd_id128_from_string(optarg, &arg_machine_id); |
1470 | if (r < 0) | |
1471 | return log_error_errno(r, "Failed to parse machine id %s.", optarg); | |
418b9be5 LP |
1472 | |
1473 | break; | |
1474 | ||
a5925354 DDM |
1475 | case ARG_KERNEL_COMMAND_LINE: |
1476 | r = free_and_strdup(&arg_kernel_cmdline, optarg); | |
1477 | if (r < 0) | |
1478 | return log_oom(); | |
1479 | ||
1480 | break; | |
1481 | ||
418b9be5 | 1482 | case ARG_PROMPT: |
28900a1b DDM |
1483 | arg_prompt_locale = arg_prompt_keymap = arg_prompt_timezone = arg_prompt_hostname = |
1484 | arg_prompt_root_password = arg_prompt_root_shell = true; | |
418b9be5 LP |
1485 | break; |
1486 | ||
1487 | case ARG_PROMPT_LOCALE: | |
1488 | arg_prompt_locale = true; | |
1489 | break; | |
1490 | ||
ed457f13 TB |
1491 | case ARG_PROMPT_KEYMAP: |
1492 | arg_prompt_keymap = true; | |
1493 | break; | |
1494 | ||
418b9be5 LP |
1495 | case ARG_PROMPT_TIMEZONE: |
1496 | arg_prompt_timezone = true; | |
1497 | break; | |
1498 | ||
1499 | case ARG_PROMPT_HOSTNAME: | |
1500 | arg_prompt_hostname = true; | |
1501 | break; | |
1502 | ||
1503 | case ARG_PROMPT_ROOT_PASSWORD: | |
1504 | arg_prompt_root_password = true; | |
1505 | break; | |
1506 | ||
28900a1b DDM |
1507 | case ARG_PROMPT_ROOT_SHELL: |
1508 | arg_prompt_root_shell = true; | |
1509 | break; | |
1510 | ||
418b9be5 | 1511 | case ARG_COPY: |
28900a1b DDM |
1512 | arg_copy_locale = arg_copy_keymap = arg_copy_timezone = arg_copy_root_password = |
1513 | arg_copy_root_shell = true; | |
e926f647 | 1514 | break; |
418b9be5 LP |
1515 | |
1516 | case ARG_COPY_LOCALE: | |
1517 | arg_copy_locale = true; | |
1518 | break; | |
1519 | ||
ed457f13 TB |
1520 | case ARG_COPY_KEYMAP: |
1521 | arg_copy_keymap = true; | |
1522 | break; | |
1523 | ||
418b9be5 LP |
1524 | case ARG_COPY_TIMEZONE: |
1525 | arg_copy_timezone = true; | |
1526 | break; | |
1527 | ||
1528 | case ARG_COPY_ROOT_PASSWORD: | |
1529 | arg_copy_root_password = true; | |
1530 | break; | |
1531 | ||
28900a1b DDM |
1532 | case ARG_COPY_ROOT_SHELL: |
1533 | arg_copy_root_shell = true; | |
1534 | break; | |
1535 | ||
b4909a3f DDM |
1536 | case ARG_FORCE: |
1537 | arg_force = true; | |
1538 | break; | |
1539 | ||
4926ceaf DDM |
1540 | case ARG_DELETE_ROOT_PASSWORD: |
1541 | arg_delete_root_password = true; | |
1542 | break; | |
1543 | ||
a1225020 LP |
1544 | case ARG_WELCOME: |
1545 | r = parse_boolean(optarg); | |
1546 | if (r < 0) | |
1547 | return log_error_errno(r, "Failed to parse --welcome= argument: %s", optarg); | |
1548 | ||
1549 | arg_welcome = r; | |
1550 | break; | |
1551 | ||
05eb2c60 DDM |
1552 | case ARG_RESET: |
1553 | arg_reset = true; | |
1554 | break; | |
1555 | ||
418b9be5 LP |
1556 | case '?': |
1557 | return -EINVAL; | |
1558 | ||
1559 | default: | |
04499a70 | 1560 | assert_not_reached(); |
418b9be5 | 1561 | } |
418b9be5 | 1562 | |
4926ceaf DDM |
1563 | if (arg_delete_root_password && (arg_copy_root_password || arg_root_password || arg_prompt_root_password)) |
1564 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
fd6ee7ed | 1565 | "--delete-root-password cannot be combined with other root password options."); |
4926ceaf | 1566 | |
3ff9fa59 | 1567 | if (arg_image && arg_root) |
fd6ee7ed ZJS |
1568 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), |
1569 | "--root= and --image= cannot be used together."); | |
1570 | ||
1571 | if (!sd_id128_is_null(arg_machine_id) && !(arg_image || arg_root) && !arg_force) | |
1572 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
1573 | "--machine-id=/--setup-machine-id only works with --root= or --image=."); | |
3ff9fa59 | 1574 | |
418b9be5 LP |
1575 | return 1; |
1576 | } | |
1577 | ||
d0c50d8d | 1578 | static int reload_system_manager(sd_bus **bus) { |
d0c50d8d ZJS |
1579 | int r; |
1580 | ||
1581 | assert(bus); | |
1582 | ||
1583 | if (!*bus) { | |
1584 | r = bus_connect_transport_systemd(BUS_TRANSPORT_LOCAL, NULL, RUNTIME_SCOPE_SYSTEM, bus); | |
1585 | if (r < 0) | |
1586 | return bus_log_connect_error(r, BUS_TRANSPORT_LOCAL); | |
1587 | } | |
1588 | ||
a9399358 | 1589 | r = bus_service_manager_reload(*bus); |
d0c50d8d | 1590 | if (r < 0) |
a9399358 LP |
1591 | return r; |
1592 | ||
d0c50d8d ZJS |
1593 | log_info("Requested manager reload to apply locale configuration."); |
1594 | return 0; | |
1595 | } | |
1596 | ||
cea32691 ZJS |
1597 | static int reload_vconsole(sd_bus **bus) { |
1598 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; | |
8eb668b9 ZJS |
1599 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; |
1600 | _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL; | |
1601 | const char *object; | |
cea32691 ZJS |
1602 | int r; |
1603 | ||
1604 | assert(bus); | |
1605 | ||
1606 | if (!*bus) { | |
1607 | r = bus_connect_transport_systemd(BUS_TRANSPORT_LOCAL, NULL, RUNTIME_SCOPE_SYSTEM, bus); | |
1608 | if (r < 0) | |
1609 | return bus_log_connect_error(r, BUS_TRANSPORT_LOCAL); | |
1610 | } | |
1611 | ||
8eb668b9 ZJS |
1612 | r = bus_wait_for_jobs_new(*bus, &w); |
1613 | if (r < 0) | |
1614 | return log_error_errno(r, "Could not watch jobs: %m"); | |
1615 | ||
1616 | r = bus_call_method(*bus, bus_systemd_mgr, "RestartUnit", &error, &reply, | |
1617 | "ss", "systemd-vconsole-setup.service", "replace"); | |
cea32691 ZJS |
1618 | if (r < 0) |
1619 | return log_error_errno(r, "Failed to issue method call: %s", bus_error_message(&error, r)); | |
8eb668b9 ZJS |
1620 | |
1621 | r = sd_bus_message_read(reply, "o", &object); | |
1622 | if (r < 0) | |
1623 | return bus_log_parse_error(r); | |
1624 | ||
1625 | r = bus_wait_for_jobs_one(w, object, false, NULL); | |
1626 | if (r < 0) | |
1627 | return log_error_errno(r, "Failed to wait for systemd-vconsole-setup.service/restart: %m"); | |
cea32691 ZJS |
1628 | return 0; |
1629 | } | |
1630 | ||
45f39418 | 1631 | static int run(int argc, char *argv[]) { |
cea32691 | 1632 | _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; |
3ff9fa59 | 1633 | _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; |
a4b3e942 | 1634 | _cleanup_(umount_and_freep) char *mounted_dir = NULL; |
b352e545 | 1635 | _cleanup_close_ int rfd = -EBADF; |
418b9be5 LP |
1636 | int r; |
1637 | ||
1638 | r = parse_argv(argc, argv); | |
1639 | if (r <= 0) | |
45f39418 | 1640 | return r; |
418b9be5 | 1641 | |
d2acb93d | 1642 | log_setup(); |
418b9be5 LP |
1643 | |
1644 | umask(0022); | |
1645 | ||
cea32691 | 1646 | bool offline = arg_root || arg_image; |
3ff9fa59 | 1647 | |
cea32691 | 1648 | if (!offline) { |
3ff9fa59 LP |
1649 | /* If we are called without --root=/--image= let's honour the systemd.firstboot kernel |
1650 | * command line option, because we are called to provision the host with basic settings (as | |
1651 | * opposed to some other file system tree/image) */ | |
1652 | ||
cea32691 | 1653 | bool enabled; |
3787934b | 1654 | r = proc_cmdline_get_bool("systemd.firstboot", /* flags = */ 0, &enabled); |
3ff9fa59 LP |
1655 | if (r < 0) |
1656 | return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m"); | |
eb650ffe ZJS |
1657 | if (r > 0 && !enabled) { |
1658 | log_debug("Found systemd.firstboot=no kernel command line argument, terminating."); | |
3ff9fa59 | 1659 | return 0; /* disabled */ |
eb650ffe | 1660 | } |
3ff9fa59 LP |
1661 | } |
1662 | ||
6aa05ebd LP |
1663 | if (arg_image) { |
1664 | assert(!arg_root); | |
1665 | ||
1666 | r = mount_image_privately_interactively( | |
1667 | arg_image, | |
84be0c71 | 1668 | arg_image_policy, |
4b5de5dd LP |
1669 | DISSECT_IMAGE_GENERIC_ROOT | |
1670 | DISSECT_IMAGE_REQUIRE_ROOT | | |
1671 | DISSECT_IMAGE_VALIDATE_OS | | |
1672 | DISSECT_IMAGE_RELAX_VAR_CHECK | | |
c65f854a LP |
1673 | DISSECT_IMAGE_FSCK | |
1674 | DISSECT_IMAGE_GROWFS, | |
a4b3e942 | 1675 | &mounted_dir, |
b352e545 | 1676 | &rfd, |
e330f97a | 1677 | &loop_device); |
6aa05ebd LP |
1678 | if (r < 0) |
1679 | return r; | |
1680 | ||
a4b3e942 | 1681 | arg_root = strdup(mounted_dir); |
6aa05ebd LP |
1682 | if (!arg_root) |
1683 | return log_oom(); | |
b352e545 DDM |
1684 | } else { |
1685 | rfd = open(empty_to_root(arg_root), O_DIRECTORY|O_CLOEXEC); | |
1686 | if (rfd < 0) | |
1687 | return log_error_errno(errno, "Failed to open %s: %m", empty_to_root(arg_root)); | |
1688 | } | |
1689 | ||
1690 | LOG_SET_PREFIX(arg_image ?: arg_root); | |
1691 | ||
a0657479 DDM |
1692 | /* We check these conditions here instead of in parse_argv() so that we can take the root directory |
1693 | * into account. */ | |
1694 | ||
1695 | if (arg_locale && !locale_is_ok(rfd, arg_locale)) | |
1696 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale); | |
1697 | if (arg_locale_messages && !locale_is_ok(rfd, arg_locale_messages)) | |
1698 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale_messages); | |
1699 | ||
b352e545 DDM |
1700 | if (arg_root_shell) { |
1701 | r = find_shell(rfd, arg_root_shell); | |
1702 | if (r < 0) | |
1703 | return r; | |
6aa05ebd | 1704 | } |
f582cbca | 1705 | |
05eb2c60 DDM |
1706 | r = process_reset(rfd); |
1707 | if (r < 0) | |
1708 | return r; | |
1709 | ||
b352e545 | 1710 | r = process_locale(rfd); |
418b9be5 | 1711 | if (r < 0) |
45f39418 | 1712 | return r; |
d0c50d8d ZJS |
1713 | if (r > 0 && !offline) |
1714 | (void) reload_system_manager(&bus); | |
418b9be5 | 1715 | |
b352e545 | 1716 | r = process_keymap(rfd); |
ed457f13 | 1717 | if (r < 0) |
45f39418 | 1718 | return r; |
cea32691 ZJS |
1719 | if (r > 0 && !offline) |
1720 | (void) reload_vconsole(&bus); | |
ed457f13 | 1721 | |
b352e545 | 1722 | r = process_timezone(rfd); |
418b9be5 | 1723 | if (r < 0) |
45f39418 | 1724 | return r; |
418b9be5 | 1725 | |
b352e545 | 1726 | r = process_hostname(rfd); |
418b9be5 | 1727 | if (r < 0) |
45f39418 | 1728 | return r; |
418b9be5 | 1729 | |
b352e545 | 1730 | r = process_machine_id(rfd); |
418b9be5 | 1731 | if (r < 0) |
45f39418 | 1732 | return r; |
418b9be5 | 1733 | |
b352e545 | 1734 | r = process_root_account(rfd); |
418b9be5 | 1735 | if (r < 0) |
45f39418 YW |
1736 | return r; |
1737 | ||
b352e545 | 1738 | r = process_kernel_cmdline(rfd); |
a5925354 DDM |
1739 | if (r < 0) |
1740 | return r; | |
1741 | ||
45f39418 | 1742 | return 0; |
418b9be5 | 1743 | } |
45f39418 YW |
1744 | |
1745 | DEFINE_MAIN_FUNCTION(run); |