]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/firstboot/firstboot.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
basic: split out glyph/emoji related calls from locale-util.[ch] into glyph-util...
[thirdparty/systemd.git] / src / firstboot / firstboot.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
418b9be5 2
418b9be5 3#include <fcntl.h>
418b9be5 4#include <getopt.h>
3ff9fa59 5#include <linux/loop.h>
3f6fd1ba 6#include <unistd.h>
418b9be5 7
dccca82b
LP		 8#include "sd-id128.h"
9
b5efdb8a 10#include "alloc-util.h"
3f6fd1ba 11#include "ask-password-api.h"
418b9be5 12#include "copy.h"
416f7b3a 13#include "creds-util.h"
3ff9fa59 14#include "dissect-image.h"
686d13b9 15#include "env-file.h"
6bedfcbb 16#include "fd-util.h"
3f6fd1ba 17#include "fileio.h"
f4f15635 18#include "fs-util.h"
d8e32c47 19#include "glyph-util.h"
3f6fd1ba 20#include "hostname-util.h"
f05e1d0d 21#include "kbd-util.h"
42f3b2f9 22#include "libcrypt-util.h"
3f6fd1ba 23#include "locale-util.h"
45f39418 24#include "main-func.h"
9ae4ef49 25#include "memory-util.h"
418b9be5 26#include "mkdir.h"
3ff9fa59 27#include "mount-util.h"
d58ad743 28#include "os-util.h"
614b022c 29#include "parse-argument.h"
6bedfcbb 30#include "parse-util.h"
418b9be5 31#include "path-util.h"
294bf0c3 32#include "pretty-print.h"
f582cbca 33#include "proc-cmdline.h"
7baf10a7 34#include "pwquality-util.h"
3df3e884 35#include "random-util.h"
ce0458be 36#include "smack-util.h"
6bedfcbb 37#include "string-util.h"
3f6fd1ba 38#include "strv.h"
288a74cc 39#include "terminal-util.h"
3f6fd1ba 40#include "time-util.h"
b4909a3f 41#include "tmpfile-util-label.h"
3ff9fa59 42#include "tmpfile-util.h"
affb60b1 43#include "umask-util.h"
e929bee0 44#include "user-util.h"
418b9be5
LP		 45
46static char *arg_root = NULL;
3ff9fa59 47static char *arg_image = NULL;
418b9be5
LP		 48static char *arg_locale = NULL; /* $LANG */
49static char *arg_locale_messages = NULL; /* $LC_MESSAGES */
f8fd0930 50static char *arg_keymap = NULL;
418b9be5
LP		 51static char *arg_timezone = NULL;
52static char *arg_hostname = NULL;
53static sd_id128_t arg_machine_id = {};
54static char *arg_root_password = NULL;
28900a1b 55static char *arg_root_shell = NULL;
a5925354 56static char *arg_kernel_cmdline = NULL;
418b9be5 57static bool arg_prompt_locale = false;
ed457f13 58static bool arg_prompt_keymap = false;
418b9be5
LP		 59static bool arg_prompt_timezone = false;
60static bool arg_prompt_hostname = false;
61static bool arg_prompt_root_password = false;
28900a1b 62static bool arg_prompt_root_shell = false;
418b9be5 63static bool arg_copy_locale = false;
ed457f13 64static bool arg_copy_keymap = false;
418b9be5
LP		 65static bool arg_copy_timezone = false;
66static bool arg_copy_root_password = false;
28900a1b 67static bool arg_copy_root_shell = false;
b4909a3f 68static bool arg_force = false;
4926ceaf 69static bool arg_delete_root_password = false;
676339a1 70static bool arg_root_password_is_hashed = false;
a1225020 71static bool arg_welcome = true;
418b9be5 72
45f39418 73STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
3ff9fa59 74STATIC_DESTRUCTOR_REGISTER(arg_image, freep);
45f39418
YW		 75STATIC_DESTRUCTOR_REGISTER(arg_locale, freep);
76STATIC_DESTRUCTOR_REGISTER(arg_locale_messages, freep);
77STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep);
78STATIC_DESTRUCTOR_REGISTER(arg_timezone, freep);
79STATIC_DESTRUCTOR_REGISTER(arg_hostname, freep);
9ae4ef49 80STATIC_DESTRUCTOR_REGISTER(arg_root_password, erase_and_freep);
45f39418 81
418b9be5
LP		 82static bool press_any_key(void) {
83 char k = 0;
84 bool need_nl = true;
85
86 printf("-- Press any key to proceed --");
87 fflush(stdout);
88
94956f8f 89 (void) read_one_char(stdin, &k, USEC_INFINITY, &need_nl);
418b9be5
LP		 90
91 if (need_nl)
92 putchar('\n');
93
94 return k != 'q';
95}
96
97static void print_welcome(void) {
4aeadec7 98 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
418b9be5 99 static bool done = false;
ae0d36c1 100 const char *pn, *ac;
418b9be5
LP		 101 int r;
102
a1225020
LP		 103 if (!arg_welcome)
104 return;
105
418b9be5
LP		 106 if (done)
107 return;
108
4aeadec7
LP		 109 r = parse_os_release(
110 arg_root,
111 "PRETTY_NAME", &pretty_name,
209c1470 112 "ANSI_COLOR", &ansi_color);
d58ad743
LP		 113 if (r < 0)
114 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r,
115 "Failed to read os-release file, ignoring: %m");
418b9be5 116
4aeadec7 117 pn = isempty(pretty_name) ? "Linux" : pretty_name;
ae0d36c1 118 ac = isempty(ansi_color) ? "0" : ansi_color;
4aeadec7
LP		 119
120 if (colors_enabled())
ae0d36c1 121 printf("\nWelcome to your new installation of \x1B[%sm%s\x1B[0m!\n", ac, pn);
4aeadec7
LP		 122 else
123 printf("\nWelcome to your new installation of %s!\n", pn);
124
125 printf("\nPlease configure your system!\n\n");
418b9be5
LP		 126
127 press_any_key();
128
129 done = true;
130}
131
132static int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) {
418b9be5 133 unsigned break_lines, break_modulo;
da6053d0 134 size_t n, per_column, i, j;
418b9be5
LP		 135
136 assert(n_columns > 0);
137
138 n = strv_length(x);
be6b0c21 139 per_column = DIV_ROUND_UP(n, n_columns);
418b9be5
LP		 140
141 break_lines = lines();
142 if (break_lines > 2)
143 break_lines--;
144
145 /* The first page gets two extra lines, since we want to show
146 * a title */
147 break_modulo = break_lines;
148 if (break_modulo > 3)
149 break_modulo -= 3;
150
151 for (i = 0; i < per_column; i++) {
152
153 for (j = 0; j < n_columns; j ++) {
154 _cleanup_free_ char *e = NULL;
155
156 if (j * per_column + i >= n)
157 break;
158
159 e = ellipsize(x[j * per_column + i], width, percentage);
160 if (!e)
161 return log_oom();
162
da6053d0 163 printf("%4zu) %-*s", j * per_column + i + 1, width, e);
418b9be5
LP		 164 }
165
166 putchar('\n');
167
168 /* on the first screen we reserve 2 extra lines for the title */
169 if (i % break_lines == break_modulo) {
170 if (!press_any_key())
171 return 0;
172 }
173 }
174
175 return 0;
176}
177
ecada8f2 178static int prompt_loop(const char *text, char **l, unsigned percentage, bool (*is_valid)(const char *name), char **ret) {
418b9be5
LP		 179 int r;
180
181 assert(text);
182 assert(is_valid);
183 assert(ret);
184
185 for (;;) {
186 _cleanup_free_ char *p = NULL;
187 unsigned u;
188
ecada8f2
ZJS		 189 r = ask_string(&p, "%s %s (empty to skip, \"list\" to list options): ",
190 special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), text);
23bbb0de
MS		 191 if (r < 0)
192 return log_error_errno(r, "Failed to query user: %m");
418b9be5
LP		 193
194 if (isempty(p)) {
195 log_warning("No data entered, skipping.");
196 return 0;
197 }
198
ecada8f2
ZJS		 199 if (streq(p, "list")) {
200 r = show_menu(l, 3, 22, percentage);
201 if (r < 0)
202 return r;
203
204 putchar('\n');
205 continue;
206 };
207
418b9be5
LP		 208 r = safe_atou(p, &u);
209 if (r >= 0) {
418b9be5
LP		 210 if (u <= 0 || u > strv_length(l)) {
211 log_error("Specified entry number out of range.");
212 continue;
213 }
214
215 log_info("Selected '%s'.", l[u-1]);
b3f9c17a 216 return free_and_strdup_warn(ret, l[u-1]);
418b9be5
LP		 217 }
218
219 if (!is_valid(p)) {
220 log_error("Entered data invalid.");
221 continue;
222 }
223
bfbf5f74 224 return free_and_replace(*ret, p);
418b9be5
LP		 225 }
226}
227
a00a78b8
LP		 228static bool locale_is_ok(const char *name) {
229
230 if (arg_root)
231 return locale_is_valid(name);
232
233 return locale_is_installed(name) > 0;
234}
235
418b9be5
LP		 236static int prompt_locale(void) {
237 _cleanup_strv_free_ char **locales = NULL;
416f7b3a 238 bool acquired_from_creds = false;
418b9be5
LP		 239 int r;
240
241 if (arg_locale || arg_locale_messages)
242 return 0;
243
416f7b3a
LP		 244 r = read_credential("firstboot.locale", (void**) &arg_locale, NULL);
245 if (r < 0)
246 log_debug_errno(r, "Failed to read credential firstboot.locale, ignoring: %m");
247 else
248 acquired_from_creds = true;
249
250 r = read_credential("firstboot.locale-messages", (void**) &arg_locale_messages, NULL);
251 if (r < 0)
252 log_debug_errno(r, "Failed to read credential firstboot.locale-message, ignoring: %m");
253 else
254 acquired_from_creds = true;
255
256 if (acquired_from_creds) {
257 log_debug("Acquired locale from credentials.");
258 return 0;
259 }
260
418b9be5
LP		 261 if (!arg_prompt_locale)
262 return 0;
263
264 r = get_locales(&locales);
23bbb0de
MS		 265 if (r < 0)
266 return log_error_errno(r, "Cannot query locales list: %m");
418b9be5 267
bdd7cd26
LP		 268 if (strv_isempty(locales))
269 log_debug("No locales found, skipping locale selection.");
270 else if (strv_length(locales) == 1) {
418b9be5 271
bdd7cd26
LP		 272 if (streq(locales[0], SYSTEMD_DEFAULT_LOCALE))
273 log_debug("Only installed locale is default locale anyway, not setting locale explicitly.");
274 else {
275 log_debug("Only a single locale available (%s), selecting it as default.", locales[0]);
418b9be5 276
bdd7cd26
LP		 277 arg_locale = strdup(locales[0]);
278 if (!arg_locale)
279 return log_oom();
418b9be5 280
bdd7cd26
LP		 281 /* Not setting arg_locale_message here, since it defaults to LANG anyway */
282 }
283 } else {
284 print_welcome();
418b9be5 285
ecada8f2 286 r = prompt_loop("Please enter system locale name or number",
a00a78b8 287 locales, 60, locale_is_ok, &arg_locale);
bdd7cd26
LP		 288 if (r < 0)
289 return r;
290
291 if (isempty(arg_locale))
292 return 0;
293
ecada8f2 294 r = prompt_loop("Please enter system message locale name or number",
a00a78b8 295 locales, 60, locale_is_ok, &arg_locale_messages);
bdd7cd26
LP		 296 if (r < 0)
297 return r;
298
299 /* Suppress the messages setting if it's the same as the main locale anyway */
300 if (streq_ptr(arg_locale, arg_locale_messages))
301 arg_locale_messages = mfree(arg_locale_messages);
302 }
418b9be5
LP		 303
304 return 0;
305}
306
307static int process_locale(void) {
308 const char *etc_localeconf;
309 char* locales[3];
310 unsigned i = 0;
311 int r;
312
1d13f648 313 etc_localeconf = prefix_roota(arg_root, "/etc/locale.conf");
b4909a3f 314 if (laccess(etc_localeconf, F_OK) >= 0 && !arg_force)
418b9be5
LP		 315 return 0;
316
317 if (arg_copy_locale && arg_root) {
318
22e596d6 319 (void) mkdir_parents(etc_localeconf, 0755);
8a016c74 320 r = copy_file("/etc/locale.conf", etc_localeconf, 0, 0644, 0, 0, COPY_REFLINK);
418b9be5 321 if (r != -ENOENT) {
23bbb0de
MS		 322 if (r < 0)
323 return log_error_errno(r, "Failed to copy %s: %m", etc_localeconf);
418b9be5
LP		 324
325 log_info("%s copied.", etc_localeconf);
326 return 0;
327 }
328 }
329
330 r = prompt_locale();
331 if (r < 0)
332 return r;
333
334 if (!isempty(arg_locale))
63c372cb 335 locales[i++] = strjoina("LANG=", arg_locale);
418b9be5 336 if (!isempty(arg_locale_messages) && !streq(arg_locale_messages, arg_locale))
63c372cb 337 locales[i++] = strjoina("LC_MESSAGES=", arg_locale_messages);
418b9be5
LP		 338
339 if (i == 0)
340 return 0;
341
342 locales[i] = NULL;
343
22e596d6 344 (void) mkdir_parents(etc_localeconf, 0755);
418b9be5 345 r = write_env_file(etc_localeconf, locales);
23bbb0de
MS		 346 if (r < 0)
347 return log_error_errno(r, "Failed to write %s: %m", etc_localeconf);
418b9be5
LP		 348
349 log_info("%s written.", etc_localeconf);
350 return 0;
351}
352
ed457f13
TB		 353static int prompt_keymap(void) {
354 _cleanup_strv_free_ char **kmaps = NULL;
355 int r;
356
357 if (arg_keymap)
358 return 0;
359
416f7b3a
LP		 360 r = read_credential("firstboot.keymap", (void**) &arg_keymap, NULL);
361 if (r < 0)
362 log_debug_errno(r, "Failed to read credential firstboot.keymap, ignoring: %m");
363 else {
364 log_debug("Acquired keymap from credential.");
365 return 0;
366 }
367
ed457f13
TB		 368 if (!arg_prompt_keymap)
369 return 0;
370
371 r = get_keymaps(&kmaps);
372 if (r == -ENOENT) /* no keymaps installed */
373 return r;
374 if (r < 0)
375 return log_error_errno(r, "Failed to read keymaps: %m");
376
377 print_welcome();
378
8700b4da 379 return prompt_loop("Please enter system keymap name or number",
ecada8f2 380 kmaps, 60, keymap_is_valid, &arg_keymap);
ed457f13
TB		 381}
382
383static int process_keymap(void) {
384 const char *etc_vconsoleconf;
385 char **keymap;
386 int r;
387
388 etc_vconsoleconf = prefix_roota(arg_root, "/etc/vconsole.conf");
b4909a3f 389 if (laccess(etc_vconsoleconf, F_OK) >= 0 && !arg_force)
ed457f13
TB		 390 return 0;
391
392 if (arg_copy_keymap && arg_root) {
393
22e596d6 394 (void) mkdir_parents(etc_vconsoleconf, 0755);
8a016c74 395 r = copy_file("/etc/vconsole.conf", etc_vconsoleconf, 0, 0644, 0, 0, COPY_REFLINK);
ed457f13
TB		 396 if (r != -ENOENT) {
397 if (r < 0)
398 return log_error_errno(r, "Failed to copy %s: %m", etc_vconsoleconf);
399
400 log_info("%s copied.", etc_vconsoleconf);
401 return 0;
402 }
403 }
404
405 r = prompt_keymap();
406 if (r == -ENOENT)
407 return 0; /* don't fail if no keymaps are installed */
408 if (r < 0)
409 return r;
410
a7353b4d 411 if (isempty(arg_keymap))
ed457f13
TB		 412 return 0;
413
a7353b4d
YW		 414 keymap = STRV_MAKE(strjoina("KEYMAP=", arg_keymap));
415
416 r = mkdir_parents(etc_vconsoleconf, 0755);
417 if (r < 0)
418 return log_error_errno(r, "Failed to create the parent directory of %s: %m", etc_vconsoleconf);
419
ed457f13
TB		 420 r = write_env_file(etc_vconsoleconf, keymap);
421 if (r < 0)
422 return log_error_errno(r, "Failed to write %s: %m", etc_vconsoleconf);
423
424 log_info("%s written.", etc_vconsoleconf);
425 return 0;
426}
427
089fb865
MG		 428static bool timezone_is_valid_log_error(const char *name) {
429 return timezone_is_valid(name, LOG_ERR);
430}
431
418b9be5
LP		 432static int prompt_timezone(void) {
433 _cleanup_strv_free_ char **zones = NULL;
434 int r;
435
436 if (arg_timezone)
437 return 0;
438
416f7b3a
LP		 439 r = read_credential("firstboot.timezone", (void**) &arg_timezone, NULL);
440 if (r < 0)
441 log_debug_errno(r, "Failed to read credential firstboot.timezone, ignoring: %m");
442 else {
443 log_debug("Acquired timezone from credential.");
444 return 0;
445 }
446
418b9be5
LP		 447 if (!arg_prompt_timezone)
448 return 0;
449
450 r = get_timezones(&zones);
23bbb0de
MS		 451 if (r < 0)
452 return log_error_errno(r, "Cannot query timezone list: %m");
418b9be5
LP		 453
454 print_welcome();
455
ecada8f2
ZJS		 456 r = prompt_loop("Please enter timezone name or number",
457 zones, 30, timezone_is_valid_log_error, &arg_timezone);
418b9be5
LP		 458 if (r < 0)
459 return r;
460
461 return 0;
462}
463
464static int process_timezone(void) {
465 const char *etc_localtime, *e;
466 int r;
467
1d13f648 468 etc_localtime = prefix_roota(arg_root, "/etc/localtime");
b4909a3f 469 if (laccess(etc_localtime, F_OK) >= 0 && !arg_force)
418b9be5
LP		 470 return 0;
471
472 if (arg_copy_timezone && arg_root) {
473 _cleanup_free_ char *p = NULL;
474
475 r = readlink_malloc("/etc/localtime", &p);
476 if (r != -ENOENT) {
23bbb0de
MS		 477 if (r < 0)
478 return log_error_errno(r, "Failed to read host timezone: %m");
418b9be5 479
22e596d6 480 (void) mkdir_parents(etc_localtime, 0755);
4a62c710
MS		 481 if (symlink(p, etc_localtime) < 0)
482 return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime);
418b9be5
LP		 483
484 log_info("%s copied.", etc_localtime);
485 return 0;
486 }
487 }
488
489 r = prompt_timezone();
490 if (r < 0)
491 return r;
492
493 if (isempty(arg_timezone))
494 return 0;
495
63c372cb 496 e = strjoina("../usr/share/zoneinfo/", arg_timezone);
418b9be5 497
22e596d6 498 (void) mkdir_parents(etc_localtime, 0755);
4a62c710
MS		 499 if (symlink(e, etc_localtime) < 0)
500 return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime);
418b9be5
LP		 501
502 log_info("%s written", etc_localtime);
503 return 0;
504}
505
506static int prompt_hostname(void) {
507 int r;
508
509 if (arg_hostname)
510 return 0;
511
512 if (!arg_prompt_hostname)
513 return 0;
514
515 print_welcome();
516 putchar('\n');
517
518 for (;;) {
519 _cleanup_free_ char *h = NULL;
520
9a6f746f 521 r = ask_string(&h, "%s Please enter hostname for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET));
23bbb0de
MS		 522 if (r < 0)
523 return log_error_errno(r, "Failed to query hostname: %m");
418b9be5
LP		 524
525 if (isempty(h)) {
526 log_warning("No hostname entered, skipping.");
527 break;
528 }
529
52ef5dd7 530 if (!hostname_is_valid(h, VALID_HOSTNAME_TRAILING_DOT)) {
418b9be5
LP		 531 log_error("Specified hostname invalid.");
532 continue;
533 }
534
34ad6090 535 /* Get rid of the trailing dot that we allow, but don't want to see */
ae691c1d 536 arg_hostname = hostname_cleanup(h);
418b9be5
LP		 537 h = NULL;
538 break;
539 }
540
541 return 0;
542}
543
544static int process_hostname(void) {
545 const char *etc_hostname;
546 int r;
547
1d13f648 548 etc_hostname = prefix_roota(arg_root, "/etc/hostname");
b4909a3f 549 if (laccess(etc_hostname, F_OK) >= 0 && !arg_force)
418b9be5
LP		 550 return 0;
551
552 r = prompt_hostname();
553 if (r < 0)
554 return r;
555
556 if (isempty(arg_hostname))
557 return 0;
558
0675e94a 559 r = write_string_file(etc_hostname, arg_hostname,
b4909a3f
DDM		 560 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
561 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
23bbb0de
MS		 562 if (r < 0)
563 return log_error_errno(r, "Failed to write %s: %m", etc_hostname);
418b9be5
LP		 564
565 log_info("%s written.", etc_hostname);
566 return 0;
567}
568
569static int process_machine_id(void) {
570 const char *etc_machine_id;
418b9be5
LP		 571 int r;
572
1d13f648 573 etc_machine_id = prefix_roota(arg_root, "/etc/machine-id");
b4909a3f 574 if (laccess(etc_machine_id, F_OK) >= 0 && !arg_force)
418b9be5
LP		 575 return 0;
576
3bbaff3e 577 if (sd_id128_is_null(arg_machine_id))
418b9be5
LP		 578 return 0;
579
85b55869 580 r = write_string_file(etc_machine_id, SD_ID128_TO_STRING(arg_machine_id),
b4909a3f
DDM		 581 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
582 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
23bbb0de
MS		 583 if (r < 0)
584 return log_error_errno(r, "Failed to write machine id: %m");
418b9be5
LP		 585
586 log_info("%s written.", etc_machine_id);
587 return 0;
588}
589
590static int prompt_root_password(void) {
1fbc95d3 591 const char *msg1, *msg2;
418b9be5
LP		 592 int r;
593
594 if (arg_root_password)
595 return 0;
596
416f7b3a
LP		 597 r = read_credential("passwd.hashed-password.root", (void**) &arg_root_password, NULL);
598 if (r == -ENOENT) {
599 r = read_credential("passwd.plaintext-password.root", (void**) &arg_root_password, NULL);
600 if (r < 0)
601 log_debug_errno(r, "Couldn't read credential 'passwd.{hashed|plaintext}-password.root', ignoring: %m");
602 else {
603 arg_root_password_is_hashed = false;
604 return 0;
605 }
606 } else if (r < 0)
607 log_debug_errno(r, "Couldn't read credential 'passwd.hashed-password.root', ignoring: %m");
608 else {
609 arg_root_password_is_hashed = true;
610 return 0;
611 }
612
418b9be5
LP		 613 if (!arg_prompt_root_password)
614 return 0;
615
418b9be5
LP		 616 print_welcome();
617 putchar('\n');
618
3619634c
LP		 619 msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip):");
620 msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again:");
418b9be5 621
7baf10a7
LP		 622 suggest_passwords();
623
418b9be5 624 for (;;) {
c7b7d74e 625 _cleanup_strv_free_erase_ char **a = NULL, **b = NULL;
7baf10a7 626 _cleanup_free_ char *error = NULL;
418b9be5 627
daa55720 628 r = ask_password_tty(-1, msg1, NULL, 0, 0, NULL, &a);
23bbb0de
MS		 629 if (r < 0)
630 return log_error_errno(r, "Failed to query root password: %m");
39e96f84
ZJS		 631 if (strv_length(a) != 1)
632 return log_error_errno(SYNTHETIC_ERRNO(EIO),
633 "Received multiple passwords, where we expected one.");
418b9be5 634
c7b7d74e 635 if (isempty(*a)) {
418b9be5
LP		 636 log_warning("No password entered, skipping.");
637 break;
638 }
639
7baf10a7
LP		 640 r = quality_check_password(*a, "root", &error);
641 if (r < 0)
642 return log_error_errno(r, "Failed to check quality of password: %m");
643 if (r == 0)
644 log_warning("Password is weak, accepting anyway: %s", error);
645
daa55720 646 r = ask_password_tty(-1, msg2, NULL, 0, 0, NULL, &b);
ab84f5b9 647 if (r < 0)
00843602 648 return log_error_errno(r, "Failed to query root password: %m");
39e96f84
ZJS		 649 if (strv_length(b) != 1)
650 return log_error_errno(SYNTHETIC_ERRNO(EIO),
651 "Received multiple passwords, where we expected one.");
418b9be5 652
c7b7d74e 653 if (!streq(*a, *b)) {
418b9be5 654 log_error("Entered passwords did not match, please try again.");
418b9be5
LP		 655 continue;
656 }
657
c7b7d74e 658 arg_root_password = TAKE_PTR(*a);
418b9be5
LP		 659 break;
660 }
661
662 return 0;
663}
664
31363bd5
DDM		 665static int find_shell(const char *path, const char *root) {
666 int r;
667
668 assert(path);
669
670 if (!valid_shell(path))
671 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "%s is not a valid shell", path);
672
673 r = chase_symlinks(path, root, CHASE_PREFIX_ROOT, NULL, NULL);
674 if (r < 0) {
675 const char *p;
676 p = prefix_roota(root, path);
677 return log_error_errno(r, "Failed to resolve shell %s: %m", p);
678 }
679
680 return 0;
681}
682
28900a1b
DDM		 683static int prompt_root_shell(void) {
684 int r;
685
416f7b3a
LP		 686 if (arg_root_shell)
687 return 0;
688
689 r = read_credential("passwd.shell.root", (void**) &arg_root_shell, NULL);
690 if (r < 0)
691 log_debug_errno(r, "Failed to read credential passwd.shell.root, ignoring: %m");
692 else {
693 log_debug("Acquired root shell from credential.");
694 return 0;
695 }
696
697 if (!arg_prompt_root_shell)
28900a1b
DDM		 698 return 0;
699
700 print_welcome();
701 putchar('\n');
702
703 for (;;) {
704 _cleanup_free_ char *s = NULL;
705
706 r = ask_string(&s, "%s Please enter root shell for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET));
707 if (r < 0)
708 return log_error_errno(r, "Failed to query root shell: %m");
709
710 if (isempty(s)) {
711 log_warning("No shell entered, skipping.");
712 break;
713 }
714
31363bd5
DDM		 715 r = find_shell(s, arg_root);
716 if (r < 0)
28900a1b 717 continue;
28900a1b
DDM		 718
719 arg_root_shell = TAKE_PTR(s);
720 break;
721 }
722
723 return 0;
724}
725
726static int write_root_passwd(const char *passwd_path, const char *password, const char *shell) {
4926ceaf
DDM		 727 _cleanup_fclose_ FILE *original = NULL, *passwd = NULL;
728 _cleanup_(unlink_and_freep) char *passwd_tmp = NULL;
729 int r;
730
c4a53ebf
DDM		 731 assert(password);
732
4926ceaf
DDM		 733 r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
734 if (r < 0)
735 return r;
736
737 original = fopen(passwd_path, "re");
738 if (original) {
739 struct passwd *i;
740
bb72c434 741 r = copy_rights(fileno(original), fileno(passwd));
4926ceaf
DDM		 742 if (r < 0)
743 return r;
744
745 while ((r = fgetpwent_sane(original, &i)) > 0) {
746
28900a1b 747 if (streq(i->pw_name, "root")) {
4926ceaf 748 i->pw_passwd = (char *) password;
28900a1b
DDM		 749 if (shell)
750 i->pw_shell = (char *) shell;
751 }
4926ceaf
DDM		 752
753 r = putpwent_sane(i, passwd);
754 if (r < 0)
755 return r;
756 }
757 if (r < 0)
758 return r;
759
760 } else {
761 struct passwd root = {
762 .pw_name = (char *) "root",
763 .pw_passwd = (char *) password,
764 .pw_uid = 0,
765 .pw_gid = 0,
766 .pw_gecos = (char *) "Super User",
767 .pw_dir = (char *) "/root",
28900a1b 768 .pw_shell = (char *) (shell ?: "/bin/sh"),
4926ceaf
DDM		 769 };
770
771 if (errno != ENOENT)
772 return -errno;
773
b226422c 774 r = fchmod(fileno(passwd), 0644);
4926ceaf
DDM		 775 if (r < 0)
776 return -errno;
777
778 r = putpwent_sane(&root, passwd);
779 if (r < 0)
780 return r;
781 }
782
783 r = fflush_sync_and_check(passwd);
784 if (r < 0)
785 return r;
786
787 r = rename_and_apply_smack_floor_label(passwd_tmp, passwd_path);
788 if (r < 0)
789 return r;
790
791 return 0;
792}
793
b4909a3f
DDM		 794static int write_root_shadow(const char *shadow_path, const char *hashed_password) {
795 _cleanup_fclose_ FILE *original = NULL, *shadow = NULL;
796 _cleanup_(unlink_and_freep) char *shadow_tmp = NULL;
100d5f6e
FB		 797 int r;
798
c4a53ebf
DDM		 799 assert(hashed_password);
800
b4909a3f
DDM		 801 r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
802 if (r < 0)
803 return r;
804
805 original = fopen(shadow_path, "re");
806 if (original) {
807 struct spwd *i;
808
bb72c434 809 r = copy_rights(fileno(original), fileno(shadow));
b4909a3f
DDM		 810 if (r < 0)
811 return r;
812
813 while ((r = fgetspent_sane(original, &i)) > 0) {
814
815 if (streq(i->sp_namp, "root")) {
816 i->sp_pwdp = (char *) hashed_password;
817 i->sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
818 }
819
820 r = putspent_sane(i, shadow);
821 if (r < 0)
822 return r;
823 }
824 if (r < 0)
825 return r;
826
827 } else {
828 struct spwd root = {
829 .sp_namp = (char*) "root",
830 .sp_pwdp = (char *) hashed_password,
831 .sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY),
832 .sp_min = -1,
833 .sp_max = -1,
834 .sp_warn = -1,
835 .sp_inact = -1,
836 .sp_expire = -1,
f5fbe71d 837 .sp_flag = ULONG_MAX, /* this appears to be what everybody does ... */
b4909a3f
DDM		 838 };
839
840 if (errno != ENOENT)
841 return -errno;
418b9be5 842
b4909a3f
DDM		 843 r = fchmod(fileno(shadow), 0000);
844 if (r < 0)
845 return -errno;
418b9be5 846
b4909a3f
DDM		 847 r = putspent_sane(&root, shadow);
848 if (r < 0)
849 return r;
850 }
851
852 r = fflush_sync_and_check(shadow);
100d5f6e
FB		 853 if (r < 0)
854 return r;
418b9be5 855
b4909a3f
DDM		 856 r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path);
857 if (r < 0)
858 return r;
859
860 return 0;
418b9be5
LP		 861}
862
28900a1b 863static int process_root_args(void) {
45035609 864 _cleanup_close_ int lock = -1;
0e98d17e 865 _cleanup_(erase_and_freep) char *_hashed_password = NULL;
c4a53ebf
DDM		 866 const char *password, *hashed_password;
867 const char *etc_passwd, *etc_shadow;
418b9be5
LP		 868 int r;
869
c4a53ebf 870 etc_passwd = prefix_roota(arg_root, "/etc/passwd");
1d13f648 871 etc_shadow = prefix_roota(arg_root, "/etc/shadow");
c4a53ebf
DDM		 872
873 /* We only mess with passwd and shadow if both do not exist or --force is specified. These files are
874 * tightly coupled and hence we make sure we have permission from the user to create/modify both
875 * files. */
876 if ((laccess(etc_passwd, F_OK) >= 0 || laccess(etc_shadow, F_OK) >= 0) && !arg_force)
418b9be5 877 return 0;
67d5d9d5 878 /* Don't create/modify passwd and shadow if not asked */
879 if (!(arg_root_password || arg_prompt_root_password || arg_copy_root_password || arg_delete_root_password ||
880 arg_root_shell || arg_prompt_root_shell || arg_copy_root_shell))
881 return 0;
418b9be5 882
c4a53ebf 883 (void) mkdir_parents(etc_passwd, 0755);
45035609 884
e929bee0 885 lock = take_etc_passwd_lock(arg_root);
45035609 886 if (lock < 0)
c4a53ebf 887 return log_error_errno(lock, "Failed to take a lock on %s: %m", etc_passwd);
4926ceaf 888
28900a1b
DDM		 889 if (arg_copy_root_shell && arg_root) {
890 struct passwd *p;
891
892 errno = 0;
893 p = getpwnam("root");
894 if (!p)
895 return log_error_errno(errno_or_else(EIO), "Failed to find passwd entry for root: %m");
896
897 r = free_and_strdup(&arg_root_shell, p->pw_shell);
898 if (r < 0)
899 return log_oom();
900 }
901
902 r = prompt_root_shell();
903 if (r < 0)
904 return r;
905
418b9be5
LP		 906 if (arg_copy_root_password && arg_root) {
907 struct spwd *p;
908
909 errno = 0;
910 p = getspnam("root");
c4a53ebf
DDM		 911 if (!p)
912 return log_error_errno(errno_or_else(EIO), "Failed to find shadow entry for root: %m");
418b9be5 913
c4a53ebf
DDM		 914 r = free_and_strdup(&arg_root_password, p->sp_pwdp);
915 if (r < 0)
916 return log_oom();
418b9be5 917
c4a53ebf 918 arg_root_password_is_hashed = true;
418b9be5
LP		 919 }
920
921 r = prompt_root_password();
922 if (r < 0)
923 return r;
924
c4a53ebf 925 if (arg_root_password && arg_root_password_is_hashed) {
53c25ac9 926 password = PASSWORD_SEE_SHADOW;
676339a1 927 hashed_password = arg_root_password;
c4a53ebf 928 } else if (arg_root_password) {
0e98d17e
ZJS		 929 r = hash_password(arg_root_password, &_hashed_password);
930 if (r < 0)
931 return log_error_errno(r, "Failed to hash password: %m");
676339a1 932
53c25ac9 933 password = PASSWORD_SEE_SHADOW;
0e98d17e 934 hashed_password = _hashed_password;
c4a53ebf 935
c4a53ebf 936 } else if (arg_delete_root_password)
53c25ac9 937 password = hashed_password = PASSWORD_NONE;
c4a53ebf 938 else
53c25ac9 939 password = hashed_password = PASSWORD_LOCKED_AND_INVALID;
c4a53ebf 940
28900a1b 941 r = write_root_passwd(etc_passwd, password, arg_root_shell);
c4a53ebf
DDM		 942 if (r < 0)
943 return log_error_errno(r, "Failed to write %s: %m", etc_passwd);
944
945 log_info("%s written", etc_passwd);
418b9be5 946
b4909a3f 947 r = write_root_shadow(etc_shadow, hashed_password);
23bbb0de
MS		 948 if (r < 0)
949 return log_error_errno(r, "Failed to write %s: %m", etc_shadow);
418b9be5
LP		 950
951 log_info("%s written.", etc_shadow);
952 return 0;
953}
954
a5925354
DDM		 955static int process_kernel_cmdline(void) {
956 const char *etc_kernel_cmdline;
957 int r;
958
959 etc_kernel_cmdline = prefix_roota(arg_root, "/etc/kernel/cmdline");
960 if (laccess(etc_kernel_cmdline, F_OK) >= 0 && !arg_force)
961 return 0;
962
963 if (!arg_kernel_cmdline)
964 return 0;
965
966 r = write_string_file(etc_kernel_cmdline, arg_kernel_cmdline,
967 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
968 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
969 if (r < 0)
970 return log_error_errno(r, "Failed to write %s: %m", etc_kernel_cmdline);
971
972 log_info("%s written.", etc_kernel_cmdline);
973 return 0;
974}
975
37ec0fdd
LP		 976static int help(void) {
977 _cleanup_free_ char *link = NULL;
978 int r;
979
980 r = terminal_urlify_man("systemd-firstboot", "1", &link);
981 if (r < 0)
982 return log_oom();
983
418b9be5
LP		 984 printf("%s [OPTIONS...]\n\n"
985 "Configures basic settings of the system.\n\n"
676339a1
DDM		 986 " -h --help Show this help\n"
987 " --version Show package version\n"
988 " --root=PATH Operate on an alternate filesystem root\n"
3ff9fa59 989 " --image=PATH Operate on an alternate filesystem image\n"
676339a1
DDM		 990 " --locale=LOCALE Set primary locale (LANG=)\n"
991 " --locale-messages=LOCALE Set message locale (LC_MESSAGES=)\n"
992 " --keymap=KEYMAP Set keymap\n"
993 " --timezone=TIMEZONE Set timezone\n"
994 " --hostname=NAME Set hostname\n"
995 " --machine-ID=ID Set machine ID\n"
996 " --root-password=PASSWORD Set root password from plaintext password\n"
997 " --root-password-file=FILE Set root password from file\n"
998 " --root-password-hashed=HASHED_PASSWORD Set root password from hashed password\n"
f649325b 999 " --root-shell=SHELL Set root shell\n"
676339a1
DDM		 1000 " --prompt-locale Prompt the user for locale settings\n"
1001 " --prompt-keymap Prompt the user for keymap settings\n"
1002 " --prompt-timezone Prompt the user for timezone\n"
1003 " --prompt-hostname Prompt the user for hostname\n"
1004 " --prompt-root-password Prompt the user for root password\n"
f649325b 1005 " --prompt-root-shell Prompt the user for root shell\n"
676339a1
DDM		 1006 " --prompt Prompt for all of the above\n"
1007 " --copy-locale Copy locale from host\n"
1008 " --copy-keymap Copy keymap from host\n"
1009 " --copy-timezone Copy timezone from host\n"
1010 " --copy-root-password Copy root password from host\n"
f649325b 1011 " --copy-root-shell Copy root shell from host\n"
676339a1
DDM		 1012 " --copy Copy locale, keymap, timezone, root password\n"
1013 " --setup-machine-id Generate a new random machine ID\n"
1014 " --force Overwrite existing files\n"
1015 " --delete-root-password Delete root password\n"
a1225020 1016 " --welcome=no Disable the welcome text\n"
bc556335
DDM		 1017 "\nSee the %s for details.\n",
1018 program_invocation_short_name,
1019 link);
37ec0fdd
LP		 1020
1021 return 0;
418b9be5
LP		 1022}
1023
1024static int parse_argv(int argc, char *argv[]) {
1025
1026 enum {
1027 ARG_VERSION = 0x100,
1028 ARG_ROOT,
3ff9fa59 1029 ARG_IMAGE,
418b9be5
LP		 1030 ARG_LOCALE,
1031 ARG_LOCALE_MESSAGES,
ed457f13 1032 ARG_KEYMAP,
418b9be5
LP		 1033 ARG_TIMEZONE,
1034 ARG_HOSTNAME,
1035 ARG_MACHINE_ID,
1036 ARG_ROOT_PASSWORD,
1037 ARG_ROOT_PASSWORD_FILE,
676339a1 1038 ARG_ROOT_PASSWORD_HASHED,
28900a1b 1039 ARG_ROOT_SHELL,
a5925354 1040 ARG_KERNEL_COMMAND_LINE,
418b9be5
LP		 1041 ARG_PROMPT,
1042 ARG_PROMPT_LOCALE,
ed457f13 1043 ARG_PROMPT_KEYMAP,
418b9be5
LP		 1044 ARG_PROMPT_TIMEZONE,
1045 ARG_PROMPT_HOSTNAME,
1046 ARG_PROMPT_ROOT_PASSWORD,
28900a1b 1047 ARG_PROMPT_ROOT_SHELL,
418b9be5
LP		 1048 ARG_COPY,
1049 ARG_COPY_LOCALE,
ed457f13 1050 ARG_COPY_KEYMAP,
418b9be5
LP		 1051 ARG_COPY_TIMEZONE,
1052 ARG_COPY_ROOT_PASSWORD,
28900a1b 1053 ARG_COPY_ROOT_SHELL,
418b9be5 1054 ARG_SETUP_MACHINE_ID,
b4909a3f 1055 ARG_FORCE,
4926ceaf 1056 ARG_DELETE_ROOT_PASSWORD,
a1225020 1057 ARG_WELCOME,
418b9be5
LP		 1058 };
1059
1060 static const struct option options[] = {
676339a1
DDM		 1061 { "help", no_argument, NULL, 'h' },
1062 { "version", no_argument, NULL, ARG_VERSION },
1063 { "root", required_argument, NULL, ARG_ROOT },
3ff9fa59 1064 { "image", required_argument, NULL, ARG_IMAGE },
676339a1
DDM		 1065 { "locale", required_argument, NULL, ARG_LOCALE },
1066 { "locale-messages", required_argument, NULL, ARG_LOCALE_MESSAGES },
1067 { "keymap", required_argument, NULL, ARG_KEYMAP },
1068 { "timezone", required_argument, NULL, ARG_TIMEZONE },
1069 { "hostname", required_argument, NULL, ARG_HOSTNAME },
1070 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
1071 { "root-password", required_argument, NULL, ARG_ROOT_PASSWORD },
1072 { "root-password-file", required_argument, NULL, ARG_ROOT_PASSWORD_FILE },
1073 { "root-password-hashed", required_argument, NULL, ARG_ROOT_PASSWORD_HASHED },
28900a1b 1074 { "root-shell", required_argument, NULL, ARG_ROOT_SHELL },
a5925354 1075 { "kernel-command-line", required_argument, NULL, ARG_KERNEL_COMMAND_LINE },
676339a1
DDM		 1076 { "prompt", no_argument, NULL, ARG_PROMPT },
1077 { "prompt-locale", no_argument, NULL, ARG_PROMPT_LOCALE },
1078 { "prompt-keymap", no_argument, NULL, ARG_PROMPT_KEYMAP },
1079 { "prompt-timezone", no_argument, NULL, ARG_PROMPT_TIMEZONE },
1080 { "prompt-hostname", no_argument, NULL, ARG_PROMPT_HOSTNAME },
1081 { "prompt-root-password", no_argument, NULL, ARG_PROMPT_ROOT_PASSWORD },
28900a1b 1082 { "prompt-root-shell", no_argument, NULL, ARG_PROMPT_ROOT_SHELL },
676339a1
DDM		 1083 { "copy", no_argument, NULL, ARG_COPY },
1084 { "copy-locale", no_argument, NULL, ARG_COPY_LOCALE },
1085 { "copy-keymap", no_argument, NULL, ARG_COPY_KEYMAP },
1086 { "copy-timezone", no_argument, NULL, ARG_COPY_TIMEZONE },
1087 { "copy-root-password", no_argument, NULL, ARG_COPY_ROOT_PASSWORD },
28900a1b 1088 { "copy-root-shell", no_argument, NULL, ARG_COPY_ROOT_SHELL },
676339a1
DDM		 1089 { "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID },
1090 { "force", no_argument, NULL, ARG_FORCE },
1091 { "delete-root-password", no_argument, NULL, ARG_DELETE_ROOT_PASSWORD },
a1225020 1092 { "welcome", required_argument, NULL, ARG_WELCOME },
418b9be5
LP		 1093 {}
1094 };
1095
1096 int r, c;
1097
1098 assert(argc >= 0);
1099 assert(argv);
1100
601185b4 1101 while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
418b9be5
LP		 1102
1103 switch (c) {
1104
1105 case 'h':
37ec0fdd 1106 return help();
418b9be5
LP		 1107
1108 case ARG_VERSION:
3f6fd1ba 1109 return version();
418b9be5
LP		 1110
1111 case ARG_ROOT:
614b022c 1112 r = parse_path_argument(optarg, true, &arg_root);
0f474365 1113 if (r < 0)
0f03c2a4 1114 return r;
418b9be5
LP		 1115 break;
1116
3ff9fa59 1117 case ARG_IMAGE:
614b022c 1118 r = parse_path_argument(optarg, false, &arg_image);
3ff9fa59
LP		 1119 if (r < 0)
1120 return r;
1121 break;
1122
418b9be5 1123 case ARG_LOCALE:
2fc09a9c
DM		 1124 r = free_and_strdup(&arg_locale, optarg);
1125 if (r < 0)
418b9be5
LP		 1126 return log_oom();
1127
1128 break;
1129
1130 case ARG_LOCALE_MESSAGES:
2fc09a9c
DM		 1131 r = free_and_strdup(&arg_locale_messages, optarg);
1132 if (r < 0)
418b9be5
LP		 1133 return log_oom();
1134
1135 break;
1136
ed457f13 1137 case ARG_KEYMAP:
baaa35ad
ZJS		 1138 if (!keymap_is_valid(optarg))
1139 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1140 "Keymap %s is not valid.", optarg);
ed457f13
TB		 1141
1142 r = free_and_strdup(&arg_keymap, optarg);
1143 if (r < 0)
1144 return log_oom();
1145
1146 break;
1147
418b9be5 1148 case ARG_TIMEZONE:
baaa35ad
ZJS		 1149 if (!timezone_is_valid(optarg, LOG_ERR))
1150 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1151 "Timezone %s is not valid.", optarg);
418b9be5 1152
2fc09a9c
DM		 1153 r = free_and_strdup(&arg_timezone, optarg);
1154 if (r < 0)
418b9be5
LP		 1155 return log_oom();
1156
1157 break;
1158
1159 case ARG_ROOT_PASSWORD:
2fc09a9c
DM		 1160 r = free_and_strdup(&arg_root_password, optarg);
1161 if (r < 0)
418b9be5 1162 return log_oom();
676339a1
DDM		 1163
1164 arg_root_password_is_hashed = false;
418b9be5
LP		 1165 break;
1166
1167 case ARG_ROOT_PASSWORD_FILE:
0da16248 1168 arg_root_password = mfree(arg_root_password);
418b9be5
LP		 1169
1170 r = read_one_line_file(optarg, &arg_root_password);
23bbb0de
MS		 1171 if (r < 0)
1172 return log_error_errno(r, "Failed to read %s: %m", optarg);
418b9be5 1173
676339a1
DDM		 1174 arg_root_password_is_hashed = false;
1175 break;
1176
1177 case ARG_ROOT_PASSWORD_HASHED:
1178 r = free_and_strdup(&arg_root_password, optarg);
1179 if (r < 0)
1180 return log_oom();
1181
1182 arg_root_password_is_hashed = true;
418b9be5
LP		 1183 break;
1184
28900a1b 1185 case ARG_ROOT_SHELL:
31363bd5
DDM		 1186 r = find_shell(optarg, arg_root);
1187 if (r < 0)
1188 return r;
28900a1b
DDM		 1189
1190 r = free_and_strdup(&arg_root_shell, optarg);
1191 if (r < 0)
1192 return log_oom();
1193
1194 break;
1195
418b9be5 1196 case ARG_HOSTNAME:
52ef5dd7 1197 if (!hostname_is_valid(optarg, VALID_HOSTNAME_TRAILING_DOT))
baaa35ad
ZJS		 1198 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1199 "Host name %s is not valid.", optarg);
418b9be5 1200
2fc09a9c
DM		 1201 r = free_and_strdup(&arg_hostname, optarg);
1202 if (r < 0)
418b9be5
LP		 1203 return log_oom();
1204
79485fc2 1205 hostname_cleanup(arg_hostname);
418b9be5
LP		 1206 break;
1207
1208 case ARG_MACHINE_ID:
7fb1d980
YW		 1209 r = sd_id128_from_string(optarg, &arg_machine_id);
1210 if (r < 0)
1211 return log_error_errno(r, "Failed to parse machine id %s.", optarg);
418b9be5
LP		 1212
1213 break;
1214
a5925354
DDM		 1215 case ARG_KERNEL_COMMAND_LINE:
1216 r = free_and_strdup(&arg_kernel_cmdline, optarg);
1217 if (r < 0)
1218 return log_oom();
1219
1220 break;
1221
418b9be5 1222 case ARG_PROMPT:
28900a1b
DDM		 1223 arg_prompt_locale = arg_prompt_keymap = arg_prompt_timezone = arg_prompt_hostname =
1224 arg_prompt_root_password = arg_prompt_root_shell = true;
418b9be5
LP		 1225 break;
1226
1227 case ARG_PROMPT_LOCALE:
1228 arg_prompt_locale = true;
1229 break;
1230
ed457f13
TB		 1231 case ARG_PROMPT_KEYMAP:
1232 arg_prompt_keymap = true;
1233 break;
1234
418b9be5
LP		 1235 case ARG_PROMPT_TIMEZONE:
1236 arg_prompt_timezone = true;
1237 break;
1238
1239 case ARG_PROMPT_HOSTNAME:
1240 arg_prompt_hostname = true;
1241 break;
1242
1243 case ARG_PROMPT_ROOT_PASSWORD:
1244 arg_prompt_root_password = true;
1245 break;
1246
28900a1b
DDM		 1247 case ARG_PROMPT_ROOT_SHELL:
1248 arg_prompt_root_shell = true;
1249 break;
1250
418b9be5 1251 case ARG_COPY:
28900a1b
DDM		 1252 arg_copy_locale = arg_copy_keymap = arg_copy_timezone = arg_copy_root_password =
1253 arg_copy_root_shell = true;
e926f647 1254 break;
418b9be5
LP		 1255
1256 case ARG_COPY_LOCALE:
1257 arg_copy_locale = true;
1258 break;
1259
ed457f13
TB		 1260 case ARG_COPY_KEYMAP:
1261 arg_copy_keymap = true;
1262 break;
1263
418b9be5
LP		 1264 case ARG_COPY_TIMEZONE:
1265 arg_copy_timezone = true;
1266 break;
1267
1268 case ARG_COPY_ROOT_PASSWORD:
1269 arg_copy_root_password = true;
1270 break;
1271
28900a1b
DDM		 1272 case ARG_COPY_ROOT_SHELL:
1273 arg_copy_root_shell = true;
1274 break;
1275
418b9be5 1276 case ARG_SETUP_MACHINE_ID:
418b9be5 1277 r = sd_id128_randomize(&arg_machine_id);
23bbb0de
MS		 1278 if (r < 0)
1279 return log_error_errno(r, "Failed to generate randomized machine ID: %m");
418b9be5
LP		 1280
1281 break;
1282
b4909a3f
DDM		 1283 case ARG_FORCE:
1284 arg_force = true;
1285 break;
1286
4926ceaf
DDM		 1287 case ARG_DELETE_ROOT_PASSWORD:
1288 arg_delete_root_password = true;
1289 break;
1290
a1225020
LP		 1291 case ARG_WELCOME:
1292 r = parse_boolean(optarg);
1293 if (r < 0)
1294 return log_error_errno(r, "Failed to parse --welcome= argument: %s", optarg);
1295
1296 arg_welcome = r;
1297 break;
1298
418b9be5
LP		 1299 case '?':
1300 return -EINVAL;
1301
1302 default:
04499a70 1303 assert_not_reached();
418b9be5 1304 }
418b9be5 1305
a00a78b8
LP		 1306 /* We check if the specified locale strings are valid down here, so that we can take --root= into
1307 * account when looking for the locale files. */
1308
1309 if (arg_locale && !locale_is_ok(arg_locale))
1310 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale);
1311 if (arg_locale_messages && !locale_is_ok(arg_locale_messages))
1312 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale_messages);
1313
4926ceaf
DDM		 1314 if (arg_delete_root_password && (arg_copy_root_password || arg_root_password || arg_prompt_root_password))
1315 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1316 "--delete-root-password cannot be combined with other root password options");
1317
3ff9fa59
LP		 1318 if (arg_image && arg_root)
1319 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported.");
1320
418b9be5
LP		 1321 return 1;
1322}
1323
45f39418 1324static int run(int argc, char *argv[]) {
3ff9fa59
LP		 1325 _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
1326 _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
1327 _cleanup_(umount_and_rmdir_and_freep) char *unlink_dir = NULL;
418b9be5
LP		 1328 int r;
1329
1330 r = parse_argv(argc, argv);
1331 if (r <= 0)
45f39418 1332 return r;
418b9be5 1333
d2acb93d 1334 log_setup();
418b9be5
LP		 1335
1336 umask(0022);
1337
3ff9fa59
LP		 1338 if (!arg_root && !arg_image) {
1339 bool enabled;
1340
1341 /* If we are called without --root=/--image= let's honour the systemd.firstboot kernel
1342 * command line option, because we are called to provision the host with basic settings (as
1343 * opposed to some other file system tree/image) */
1344
1345 r = proc_cmdline_get_bool("systemd.firstboot", &enabled);
1346 if (r < 0)
1347 return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m");
1348 if (r > 0 && !enabled)
1349 return 0; /* disabled */
1350 }
1351
6aa05ebd
LP		 1352 if (arg_image) {
1353 assert(!arg_root);
1354
1355 r = mount_image_privately_interactively(
1356 arg_image,
4b5de5dd
LP		 1357 DISSECT_IMAGE_GENERIC_ROOT |
1358 DISSECT_IMAGE_REQUIRE_ROOT |
1359 DISSECT_IMAGE_VALIDATE_OS |
1360 DISSECT_IMAGE_RELAX_VAR_CHECK |
c65f854a
LP		 1361 DISSECT_IMAGE_FSCK |
1362 DISSECT_IMAGE_GROWFS,
6aa05ebd
LP		 1363 &unlink_dir,
1364 &loop_device,
1365 &decrypted_image);
1366 if (r < 0)
1367 return r;
1368
1369 arg_root = strdup(unlink_dir);
1370 if (!arg_root)
1371 return log_oom();
1372 }
f582cbca 1373
418b9be5
LP		 1374 r = process_locale();
1375 if (r < 0)
45f39418 1376 return r;
418b9be5 1377
ed457f13
TB		 1378 r = process_keymap();
1379 if (r < 0)
45f39418 1380 return r;
ed457f13 1381
418b9be5
LP		 1382 r = process_timezone();
1383 if (r < 0)
45f39418 1384 return r;
418b9be5
LP		 1385
1386 r = process_hostname();
1387 if (r < 0)
45f39418 1388 return r;
418b9be5
LP		 1389
1390 r = process_machine_id();
1391 if (r < 0)
45f39418 1392 return r;
418b9be5 1393
28900a1b 1394 r = process_root_args();
418b9be5 1395 if (r < 0)
45f39418
YW		 1396 return r;
1397
a5925354
DDM		 1398 r = process_kernel_cmdline();
1399 if (r < 0)
1400 return r;
1401
45f39418 1402 return 0;
418b9be5 1403}
45f39418
YW		 1404
1405DEFINE_MAIN_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.