]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
418b9be5 | 2 | |
418b9be5 | 3 | #include <fcntl.h> |
418b9be5 | 4 | #include <getopt.h> |
3ff9fa59 | 5 | #include <linux/loop.h> |
3f6fd1ba | 6 | #include <unistd.h> |
418b9be5 | 7 | |
dccca82b LP |
8 | #include "sd-id128.h" |
9 | ||
b5efdb8a | 10 | #include "alloc-util.h" |
3f6fd1ba | 11 | #include "ask-password-api.h" |
418b9be5 | 12 | #include "copy.h" |
416f7b3a | 13 | #include "creds-util.h" |
3ff9fa59 | 14 | #include "dissect-image.h" |
686d13b9 | 15 | #include "env-file.h" |
6bedfcbb | 16 | #include "fd-util.h" |
3f6fd1ba | 17 | #include "fileio.h" |
f4f15635 | 18 | #include "fs-util.h" |
d8e32c47 | 19 | #include "glyph-util.h" |
3f6fd1ba | 20 | #include "hostname-util.h" |
f05e1d0d | 21 | #include "kbd-util.h" |
42f3b2f9 | 22 | #include "libcrypt-util.h" |
3f6fd1ba | 23 | #include "locale-util.h" |
45f39418 | 24 | #include "main-func.h" |
9ae4ef49 | 25 | #include "memory-util.h" |
418b9be5 | 26 | #include "mkdir.h" |
3ff9fa59 | 27 | #include "mount-util.h" |
d58ad743 | 28 | #include "os-util.h" |
614b022c | 29 | #include "parse-argument.h" |
6bedfcbb | 30 | #include "parse-util.h" |
418b9be5 | 31 | #include "path-util.h" |
294bf0c3 | 32 | #include "pretty-print.h" |
f582cbca | 33 | #include "proc-cmdline.h" |
7baf10a7 | 34 | #include "pwquality-util.h" |
3df3e884 | 35 | #include "random-util.h" |
ce0458be | 36 | #include "smack-util.h" |
6bedfcbb | 37 | #include "string-util.h" |
3f6fd1ba | 38 | #include "strv.h" |
288a74cc | 39 | #include "terminal-util.h" |
3f6fd1ba | 40 | #include "time-util.h" |
b4909a3f | 41 | #include "tmpfile-util-label.h" |
3ff9fa59 | 42 | #include "tmpfile-util.h" |
affb60b1 | 43 | #include "umask-util.h" |
e929bee0 | 44 | #include "user-util.h" |
418b9be5 LP |
45 | |
46 | static char *arg_root = NULL; | |
3ff9fa59 | 47 | static char *arg_image = NULL; |
418b9be5 LP |
48 | static char *arg_locale = NULL; /* $LANG */ |
49 | static char *arg_locale_messages = NULL; /* $LC_MESSAGES */ | |
f8fd0930 | 50 | static char *arg_keymap = NULL; |
418b9be5 LP |
51 | static char *arg_timezone = NULL; |
52 | static char *arg_hostname = NULL; | |
53 | static sd_id128_t arg_machine_id = {}; | |
54 | static char *arg_root_password = NULL; | |
28900a1b | 55 | static char *arg_root_shell = NULL; |
a5925354 | 56 | static char *arg_kernel_cmdline = NULL; |
418b9be5 | 57 | static bool arg_prompt_locale = false; |
ed457f13 | 58 | static bool arg_prompt_keymap = false; |
418b9be5 LP |
59 | static bool arg_prompt_timezone = false; |
60 | static bool arg_prompt_hostname = false; | |
61 | static bool arg_prompt_root_password = false; | |
28900a1b | 62 | static bool arg_prompt_root_shell = false; |
418b9be5 | 63 | static bool arg_copy_locale = false; |
ed457f13 | 64 | static bool arg_copy_keymap = false; |
418b9be5 LP |
65 | static bool arg_copy_timezone = false; |
66 | static bool arg_copy_root_password = false; | |
28900a1b | 67 | static bool arg_copy_root_shell = false; |
b4909a3f | 68 | static bool arg_force = false; |
4926ceaf | 69 | static bool arg_delete_root_password = false; |
676339a1 | 70 | static bool arg_root_password_is_hashed = false; |
a1225020 | 71 | static bool arg_welcome = true; |
418b9be5 | 72 | |
45f39418 | 73 | STATIC_DESTRUCTOR_REGISTER(arg_root, freep); |
3ff9fa59 | 74 | STATIC_DESTRUCTOR_REGISTER(arg_image, freep); |
45f39418 YW |
75 | STATIC_DESTRUCTOR_REGISTER(arg_locale, freep); |
76 | STATIC_DESTRUCTOR_REGISTER(arg_locale_messages, freep); | |
77 | STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep); | |
78 | STATIC_DESTRUCTOR_REGISTER(arg_timezone, freep); | |
79 | STATIC_DESTRUCTOR_REGISTER(arg_hostname, freep); | |
9ae4ef49 | 80 | STATIC_DESTRUCTOR_REGISTER(arg_root_password, erase_and_freep); |
45f39418 | 81 | |
418b9be5 LP |
82 | static bool press_any_key(void) { |
83 | char k = 0; | |
84 | bool need_nl = true; | |
85 | ||
86 | printf("-- Press any key to proceed --"); | |
87 | fflush(stdout); | |
88 | ||
94956f8f | 89 | (void) read_one_char(stdin, &k, USEC_INFINITY, &need_nl); |
418b9be5 LP |
90 | |
91 | if (need_nl) | |
92 | putchar('\n'); | |
93 | ||
94 | return k != 'q'; | |
95 | } | |
96 | ||
97 | static void print_welcome(void) { | |
4aeadec7 | 98 | _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL; |
418b9be5 | 99 | static bool done = false; |
ae0d36c1 | 100 | const char *pn, *ac; |
418b9be5 LP |
101 | int r; |
102 | ||
a1225020 LP |
103 | if (!arg_welcome) |
104 | return; | |
105 | ||
418b9be5 LP |
106 | if (done) |
107 | return; | |
108 | ||
4aeadec7 LP |
109 | r = parse_os_release( |
110 | arg_root, | |
111 | "PRETTY_NAME", &pretty_name, | |
209c1470 | 112 | "ANSI_COLOR", &ansi_color); |
d58ad743 LP |
113 | if (r < 0) |
114 | log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, | |
115 | "Failed to read os-release file, ignoring: %m"); | |
418b9be5 | 116 | |
4aeadec7 | 117 | pn = isempty(pretty_name) ? "Linux" : pretty_name; |
ae0d36c1 | 118 | ac = isempty(ansi_color) ? "0" : ansi_color; |
4aeadec7 LP |
119 | |
120 | if (colors_enabled()) | |
ae0d36c1 | 121 | printf("\nWelcome to your new installation of \x1B[%sm%s\x1B[0m!\n", ac, pn); |
4aeadec7 LP |
122 | else |
123 | printf("\nWelcome to your new installation of %s!\n", pn); | |
124 | ||
125 | printf("\nPlease configure your system!\n\n"); | |
418b9be5 LP |
126 | |
127 | press_any_key(); | |
128 | ||
129 | done = true; | |
130 | } | |
131 | ||
132 | static int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) { | |
418b9be5 | 133 | unsigned break_lines, break_modulo; |
da6053d0 | 134 | size_t n, per_column, i, j; |
418b9be5 LP |
135 | |
136 | assert(n_columns > 0); | |
137 | ||
138 | n = strv_length(x); | |
be6b0c21 | 139 | per_column = DIV_ROUND_UP(n, n_columns); |
418b9be5 LP |
140 | |
141 | break_lines = lines(); | |
142 | if (break_lines > 2) | |
143 | break_lines--; | |
144 | ||
145 | /* The first page gets two extra lines, since we want to show | |
146 | * a title */ | |
147 | break_modulo = break_lines; | |
148 | if (break_modulo > 3) | |
149 | break_modulo -= 3; | |
150 | ||
151 | for (i = 0; i < per_column; i++) { | |
152 | ||
153 | for (j = 0; j < n_columns; j ++) { | |
154 | _cleanup_free_ char *e = NULL; | |
155 | ||
156 | if (j * per_column + i >= n) | |
157 | break; | |
158 | ||
159 | e = ellipsize(x[j * per_column + i], width, percentage); | |
160 | if (!e) | |
161 | return log_oom(); | |
162 | ||
da6053d0 | 163 | printf("%4zu) %-*s", j * per_column + i + 1, width, e); |
418b9be5 LP |
164 | } |
165 | ||
166 | putchar('\n'); | |
167 | ||
168 | /* on the first screen we reserve 2 extra lines for the title */ | |
169 | if (i % break_lines == break_modulo) { | |
170 | if (!press_any_key()) | |
171 | return 0; | |
172 | } | |
173 | } | |
174 | ||
175 | return 0; | |
176 | } | |
177 | ||
ecada8f2 | 178 | static int prompt_loop(const char *text, char **l, unsigned percentage, bool (*is_valid)(const char *name), char **ret) { |
418b9be5 LP |
179 | int r; |
180 | ||
181 | assert(text); | |
182 | assert(is_valid); | |
183 | assert(ret); | |
184 | ||
185 | for (;;) { | |
186 | _cleanup_free_ char *p = NULL; | |
187 | unsigned u; | |
188 | ||
ecada8f2 ZJS |
189 | r = ask_string(&p, "%s %s (empty to skip, \"list\" to list options): ", |
190 | special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), text); | |
23bbb0de MS |
191 | if (r < 0) |
192 | return log_error_errno(r, "Failed to query user: %m"); | |
418b9be5 LP |
193 | |
194 | if (isempty(p)) { | |
195 | log_warning("No data entered, skipping."); | |
196 | return 0; | |
197 | } | |
198 | ||
ecada8f2 ZJS |
199 | if (streq(p, "list")) { |
200 | r = show_menu(l, 3, 22, percentage); | |
201 | if (r < 0) | |
202 | return r; | |
203 | ||
204 | putchar('\n'); | |
205 | continue; | |
206 | }; | |
207 | ||
418b9be5 LP |
208 | r = safe_atou(p, &u); |
209 | if (r >= 0) { | |
418b9be5 LP |
210 | if (u <= 0 || u > strv_length(l)) { |
211 | log_error("Specified entry number out of range."); | |
212 | continue; | |
213 | } | |
214 | ||
215 | log_info("Selected '%s'.", l[u-1]); | |
b3f9c17a | 216 | return free_and_strdup_warn(ret, l[u-1]); |
418b9be5 LP |
217 | } |
218 | ||
219 | if (!is_valid(p)) { | |
220 | log_error("Entered data invalid."); | |
221 | continue; | |
222 | } | |
223 | ||
bfbf5f74 | 224 | return free_and_replace(*ret, p); |
418b9be5 LP |
225 | } |
226 | } | |
227 | ||
a00a78b8 LP |
228 | static bool locale_is_ok(const char *name) { |
229 | ||
230 | if (arg_root) | |
231 | return locale_is_valid(name); | |
232 | ||
233 | return locale_is_installed(name) > 0; | |
234 | } | |
235 | ||
418b9be5 LP |
236 | static int prompt_locale(void) { |
237 | _cleanup_strv_free_ char **locales = NULL; | |
416f7b3a | 238 | bool acquired_from_creds = false; |
418b9be5 LP |
239 | int r; |
240 | ||
241 | if (arg_locale || arg_locale_messages) | |
242 | return 0; | |
243 | ||
416f7b3a LP |
244 | r = read_credential("firstboot.locale", (void**) &arg_locale, NULL); |
245 | if (r < 0) | |
246 | log_debug_errno(r, "Failed to read credential firstboot.locale, ignoring: %m"); | |
247 | else | |
248 | acquired_from_creds = true; | |
249 | ||
250 | r = read_credential("firstboot.locale-messages", (void**) &arg_locale_messages, NULL); | |
251 | if (r < 0) | |
252 | log_debug_errno(r, "Failed to read credential firstboot.locale-message, ignoring: %m"); | |
253 | else | |
254 | acquired_from_creds = true; | |
255 | ||
256 | if (acquired_from_creds) { | |
257 | log_debug("Acquired locale from credentials."); | |
258 | return 0; | |
259 | } | |
260 | ||
418b9be5 LP |
261 | if (!arg_prompt_locale) |
262 | return 0; | |
263 | ||
264 | r = get_locales(&locales); | |
23bbb0de MS |
265 | if (r < 0) |
266 | return log_error_errno(r, "Cannot query locales list: %m"); | |
418b9be5 | 267 | |
bdd7cd26 LP |
268 | if (strv_isempty(locales)) |
269 | log_debug("No locales found, skipping locale selection."); | |
270 | else if (strv_length(locales) == 1) { | |
418b9be5 | 271 | |
bdd7cd26 LP |
272 | if (streq(locales[0], SYSTEMD_DEFAULT_LOCALE)) |
273 | log_debug("Only installed locale is default locale anyway, not setting locale explicitly."); | |
274 | else { | |
275 | log_debug("Only a single locale available (%s), selecting it as default.", locales[0]); | |
418b9be5 | 276 | |
bdd7cd26 LP |
277 | arg_locale = strdup(locales[0]); |
278 | if (!arg_locale) | |
279 | return log_oom(); | |
418b9be5 | 280 | |
bdd7cd26 LP |
281 | /* Not setting arg_locale_message here, since it defaults to LANG anyway */ |
282 | } | |
283 | } else { | |
284 | print_welcome(); | |
418b9be5 | 285 | |
ecada8f2 | 286 | r = prompt_loop("Please enter system locale name or number", |
a00a78b8 | 287 | locales, 60, locale_is_ok, &arg_locale); |
bdd7cd26 LP |
288 | if (r < 0) |
289 | return r; | |
290 | ||
291 | if (isempty(arg_locale)) | |
292 | return 0; | |
293 | ||
ecada8f2 | 294 | r = prompt_loop("Please enter system message locale name or number", |
a00a78b8 | 295 | locales, 60, locale_is_ok, &arg_locale_messages); |
bdd7cd26 LP |
296 | if (r < 0) |
297 | return r; | |
298 | ||
299 | /* Suppress the messages setting if it's the same as the main locale anyway */ | |
300 | if (streq_ptr(arg_locale, arg_locale_messages)) | |
301 | arg_locale_messages = mfree(arg_locale_messages); | |
302 | } | |
418b9be5 LP |
303 | |
304 | return 0; | |
305 | } | |
306 | ||
307 | static int process_locale(void) { | |
308 | const char *etc_localeconf; | |
309 | char* locales[3]; | |
310 | unsigned i = 0; | |
311 | int r; | |
312 | ||
1d13f648 | 313 | etc_localeconf = prefix_roota(arg_root, "/etc/locale.conf"); |
b4909a3f | 314 | if (laccess(etc_localeconf, F_OK) >= 0 && !arg_force) |
418b9be5 LP |
315 | return 0; |
316 | ||
317 | if (arg_copy_locale && arg_root) { | |
318 | ||
22e596d6 | 319 | (void) mkdir_parents(etc_localeconf, 0755); |
8a016c74 | 320 | r = copy_file("/etc/locale.conf", etc_localeconf, 0, 0644, 0, 0, COPY_REFLINK); |
418b9be5 | 321 | if (r != -ENOENT) { |
23bbb0de MS |
322 | if (r < 0) |
323 | return log_error_errno(r, "Failed to copy %s: %m", etc_localeconf); | |
418b9be5 LP |
324 | |
325 | log_info("%s copied.", etc_localeconf); | |
326 | return 0; | |
327 | } | |
328 | } | |
329 | ||
330 | r = prompt_locale(); | |
331 | if (r < 0) | |
332 | return r; | |
333 | ||
334 | if (!isempty(arg_locale)) | |
63c372cb | 335 | locales[i++] = strjoina("LANG=", arg_locale); |
418b9be5 | 336 | if (!isempty(arg_locale_messages) && !streq(arg_locale_messages, arg_locale)) |
63c372cb | 337 | locales[i++] = strjoina("LC_MESSAGES=", arg_locale_messages); |
418b9be5 LP |
338 | |
339 | if (i == 0) | |
340 | return 0; | |
341 | ||
342 | locales[i] = NULL; | |
343 | ||
22e596d6 | 344 | (void) mkdir_parents(etc_localeconf, 0755); |
418b9be5 | 345 | r = write_env_file(etc_localeconf, locales); |
23bbb0de MS |
346 | if (r < 0) |
347 | return log_error_errno(r, "Failed to write %s: %m", etc_localeconf); | |
418b9be5 LP |
348 | |
349 | log_info("%s written.", etc_localeconf); | |
350 | return 0; | |
351 | } | |
352 | ||
ed457f13 TB |
353 | static int prompt_keymap(void) { |
354 | _cleanup_strv_free_ char **kmaps = NULL; | |
355 | int r; | |
356 | ||
357 | if (arg_keymap) | |
358 | return 0; | |
359 | ||
416f7b3a LP |
360 | r = read_credential("firstboot.keymap", (void**) &arg_keymap, NULL); |
361 | if (r < 0) | |
362 | log_debug_errno(r, "Failed to read credential firstboot.keymap, ignoring: %m"); | |
363 | else { | |
364 | log_debug("Acquired keymap from credential."); | |
365 | return 0; | |
366 | } | |
367 | ||
ed457f13 TB |
368 | if (!arg_prompt_keymap) |
369 | return 0; | |
370 | ||
371 | r = get_keymaps(&kmaps); | |
372 | if (r == -ENOENT) /* no keymaps installed */ | |
373 | return r; | |
374 | if (r < 0) | |
375 | return log_error_errno(r, "Failed to read keymaps: %m"); | |
376 | ||
377 | print_welcome(); | |
378 | ||
8700b4da | 379 | return prompt_loop("Please enter system keymap name or number", |
ecada8f2 | 380 | kmaps, 60, keymap_is_valid, &arg_keymap); |
ed457f13 TB |
381 | } |
382 | ||
383 | static int process_keymap(void) { | |
384 | const char *etc_vconsoleconf; | |
385 | char **keymap; | |
386 | int r; | |
387 | ||
388 | etc_vconsoleconf = prefix_roota(arg_root, "/etc/vconsole.conf"); | |
b4909a3f | 389 | if (laccess(etc_vconsoleconf, F_OK) >= 0 && !arg_force) |
ed457f13 TB |
390 | return 0; |
391 | ||
392 | if (arg_copy_keymap && arg_root) { | |
393 | ||
22e596d6 | 394 | (void) mkdir_parents(etc_vconsoleconf, 0755); |
8a016c74 | 395 | r = copy_file("/etc/vconsole.conf", etc_vconsoleconf, 0, 0644, 0, 0, COPY_REFLINK); |
ed457f13 TB |
396 | if (r != -ENOENT) { |
397 | if (r < 0) | |
398 | return log_error_errno(r, "Failed to copy %s: %m", etc_vconsoleconf); | |
399 | ||
400 | log_info("%s copied.", etc_vconsoleconf); | |
401 | return 0; | |
402 | } | |
403 | } | |
404 | ||
405 | r = prompt_keymap(); | |
406 | if (r == -ENOENT) | |
407 | return 0; /* don't fail if no keymaps are installed */ | |
408 | if (r < 0) | |
409 | return r; | |
410 | ||
a7353b4d | 411 | if (isempty(arg_keymap)) |
ed457f13 TB |
412 | return 0; |
413 | ||
a7353b4d YW |
414 | keymap = STRV_MAKE(strjoina("KEYMAP=", arg_keymap)); |
415 | ||
416 | r = mkdir_parents(etc_vconsoleconf, 0755); | |
417 | if (r < 0) | |
418 | return log_error_errno(r, "Failed to create the parent directory of %s: %m", etc_vconsoleconf); | |
419 | ||
ed457f13 TB |
420 | r = write_env_file(etc_vconsoleconf, keymap); |
421 | if (r < 0) | |
422 | return log_error_errno(r, "Failed to write %s: %m", etc_vconsoleconf); | |
423 | ||
424 | log_info("%s written.", etc_vconsoleconf); | |
425 | return 0; | |
426 | } | |
427 | ||
089fb865 MG |
428 | static bool timezone_is_valid_log_error(const char *name) { |
429 | return timezone_is_valid(name, LOG_ERR); | |
430 | } | |
431 | ||
418b9be5 LP |
432 | static int prompt_timezone(void) { |
433 | _cleanup_strv_free_ char **zones = NULL; | |
434 | int r; | |
435 | ||
436 | if (arg_timezone) | |
437 | return 0; | |
438 | ||
416f7b3a LP |
439 | r = read_credential("firstboot.timezone", (void**) &arg_timezone, NULL); |
440 | if (r < 0) | |
441 | log_debug_errno(r, "Failed to read credential firstboot.timezone, ignoring: %m"); | |
442 | else { | |
443 | log_debug("Acquired timezone from credential."); | |
444 | return 0; | |
445 | } | |
446 | ||
418b9be5 LP |
447 | if (!arg_prompt_timezone) |
448 | return 0; | |
449 | ||
450 | r = get_timezones(&zones); | |
23bbb0de MS |
451 | if (r < 0) |
452 | return log_error_errno(r, "Cannot query timezone list: %m"); | |
418b9be5 LP |
453 | |
454 | print_welcome(); | |
455 | ||
ecada8f2 ZJS |
456 | r = prompt_loop("Please enter timezone name or number", |
457 | zones, 30, timezone_is_valid_log_error, &arg_timezone); | |
418b9be5 LP |
458 | if (r < 0) |
459 | return r; | |
460 | ||
461 | return 0; | |
462 | } | |
463 | ||
464 | static int process_timezone(void) { | |
465 | const char *etc_localtime, *e; | |
466 | int r; | |
467 | ||
1d13f648 | 468 | etc_localtime = prefix_roota(arg_root, "/etc/localtime"); |
b4909a3f | 469 | if (laccess(etc_localtime, F_OK) >= 0 && !arg_force) |
418b9be5 LP |
470 | return 0; |
471 | ||
472 | if (arg_copy_timezone && arg_root) { | |
473 | _cleanup_free_ char *p = NULL; | |
474 | ||
475 | r = readlink_malloc("/etc/localtime", &p); | |
476 | if (r != -ENOENT) { | |
23bbb0de MS |
477 | if (r < 0) |
478 | return log_error_errno(r, "Failed to read host timezone: %m"); | |
418b9be5 | 479 | |
22e596d6 | 480 | (void) mkdir_parents(etc_localtime, 0755); |
4a62c710 MS |
481 | if (symlink(p, etc_localtime) < 0) |
482 | return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime); | |
418b9be5 LP |
483 | |
484 | log_info("%s copied.", etc_localtime); | |
485 | return 0; | |
486 | } | |
487 | } | |
488 | ||
489 | r = prompt_timezone(); | |
490 | if (r < 0) | |
491 | return r; | |
492 | ||
493 | if (isempty(arg_timezone)) | |
494 | return 0; | |
495 | ||
63c372cb | 496 | e = strjoina("../usr/share/zoneinfo/", arg_timezone); |
418b9be5 | 497 | |
22e596d6 | 498 | (void) mkdir_parents(etc_localtime, 0755); |
4a62c710 MS |
499 | if (symlink(e, etc_localtime) < 0) |
500 | return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime); | |
418b9be5 LP |
501 | |
502 | log_info("%s written", etc_localtime); | |
503 | return 0; | |
504 | } | |
505 | ||
506 | static int prompt_hostname(void) { | |
507 | int r; | |
508 | ||
509 | if (arg_hostname) | |
510 | return 0; | |
511 | ||
512 | if (!arg_prompt_hostname) | |
513 | return 0; | |
514 | ||
515 | print_welcome(); | |
516 | putchar('\n'); | |
517 | ||
518 | for (;;) { | |
519 | _cleanup_free_ char *h = NULL; | |
520 | ||
9a6f746f | 521 | r = ask_string(&h, "%s Please enter hostname for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET)); |
23bbb0de MS |
522 | if (r < 0) |
523 | return log_error_errno(r, "Failed to query hostname: %m"); | |
418b9be5 LP |
524 | |
525 | if (isempty(h)) { | |
526 | log_warning("No hostname entered, skipping."); | |
527 | break; | |
528 | } | |
529 | ||
52ef5dd7 | 530 | if (!hostname_is_valid(h, VALID_HOSTNAME_TRAILING_DOT)) { |
418b9be5 LP |
531 | log_error("Specified hostname invalid."); |
532 | continue; | |
533 | } | |
534 | ||
34ad6090 | 535 | /* Get rid of the trailing dot that we allow, but don't want to see */ |
ae691c1d | 536 | arg_hostname = hostname_cleanup(h); |
418b9be5 LP |
537 | h = NULL; |
538 | break; | |
539 | } | |
540 | ||
541 | return 0; | |
542 | } | |
543 | ||
544 | static int process_hostname(void) { | |
545 | const char *etc_hostname; | |
546 | int r; | |
547 | ||
1d13f648 | 548 | etc_hostname = prefix_roota(arg_root, "/etc/hostname"); |
b4909a3f | 549 | if (laccess(etc_hostname, F_OK) >= 0 && !arg_force) |
418b9be5 LP |
550 | return 0; |
551 | ||
552 | r = prompt_hostname(); | |
553 | if (r < 0) | |
554 | return r; | |
555 | ||
556 | if (isempty(arg_hostname)) | |
557 | return 0; | |
558 | ||
0675e94a | 559 | r = write_string_file(etc_hostname, arg_hostname, |
b4909a3f DDM |
560 | WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 | |
561 | (arg_force ? WRITE_STRING_FILE_ATOMIC : 0)); | |
23bbb0de MS |
562 | if (r < 0) |
563 | return log_error_errno(r, "Failed to write %s: %m", etc_hostname); | |
418b9be5 LP |
564 | |
565 | log_info("%s written.", etc_hostname); | |
566 | return 0; | |
567 | } | |
568 | ||
569 | static int process_machine_id(void) { | |
570 | const char *etc_machine_id; | |
418b9be5 LP |
571 | int r; |
572 | ||
1d13f648 | 573 | etc_machine_id = prefix_roota(arg_root, "/etc/machine-id"); |
b4909a3f | 574 | if (laccess(etc_machine_id, F_OK) >= 0 && !arg_force) |
418b9be5 LP |
575 | return 0; |
576 | ||
3bbaff3e | 577 | if (sd_id128_is_null(arg_machine_id)) |
418b9be5 LP |
578 | return 0; |
579 | ||
85b55869 | 580 | r = write_string_file(etc_machine_id, SD_ID128_TO_STRING(arg_machine_id), |
b4909a3f DDM |
581 | WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 | |
582 | (arg_force ? WRITE_STRING_FILE_ATOMIC : 0)); | |
23bbb0de MS |
583 | if (r < 0) |
584 | return log_error_errno(r, "Failed to write machine id: %m"); | |
418b9be5 LP |
585 | |
586 | log_info("%s written.", etc_machine_id); | |
587 | return 0; | |
588 | } | |
589 | ||
590 | static int prompt_root_password(void) { | |
1fbc95d3 | 591 | const char *msg1, *msg2; |
418b9be5 LP |
592 | int r; |
593 | ||
594 | if (arg_root_password) | |
595 | return 0; | |
596 | ||
416f7b3a LP |
597 | r = read_credential("passwd.hashed-password.root", (void**) &arg_root_password, NULL); |
598 | if (r == -ENOENT) { | |
599 | r = read_credential("passwd.plaintext-password.root", (void**) &arg_root_password, NULL); | |
600 | if (r < 0) | |
601 | log_debug_errno(r, "Couldn't read credential 'passwd.{hashed|plaintext}-password.root', ignoring: %m"); | |
602 | else { | |
603 | arg_root_password_is_hashed = false; | |
604 | return 0; | |
605 | } | |
606 | } else if (r < 0) | |
607 | log_debug_errno(r, "Couldn't read credential 'passwd.hashed-password.root', ignoring: %m"); | |
608 | else { | |
609 | arg_root_password_is_hashed = true; | |
610 | return 0; | |
611 | } | |
612 | ||
418b9be5 LP |
613 | if (!arg_prompt_root_password) |
614 | return 0; | |
615 | ||
418b9be5 LP |
616 | print_welcome(); |
617 | putchar('\n'); | |
618 | ||
3619634c LP |
619 | msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip):"); |
620 | msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again:"); | |
418b9be5 | 621 | |
7baf10a7 LP |
622 | suggest_passwords(); |
623 | ||
418b9be5 | 624 | for (;;) { |
c7b7d74e | 625 | _cleanup_strv_free_erase_ char **a = NULL, **b = NULL; |
7baf10a7 | 626 | _cleanup_free_ char *error = NULL; |
418b9be5 | 627 | |
daa55720 | 628 | r = ask_password_tty(-1, msg1, NULL, 0, 0, NULL, &a); |
23bbb0de MS |
629 | if (r < 0) |
630 | return log_error_errno(r, "Failed to query root password: %m"); | |
39e96f84 ZJS |
631 | if (strv_length(a) != 1) |
632 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
633 | "Received multiple passwords, where we expected one."); | |
418b9be5 | 634 | |
c7b7d74e | 635 | if (isempty(*a)) { |
418b9be5 LP |
636 | log_warning("No password entered, skipping."); |
637 | break; | |
638 | } | |
639 | ||
7baf10a7 LP |
640 | r = quality_check_password(*a, "root", &error); |
641 | if (r < 0) | |
642 | return log_error_errno(r, "Failed to check quality of password: %m"); | |
643 | if (r == 0) | |
644 | log_warning("Password is weak, accepting anyway: %s", error); | |
645 | ||
daa55720 | 646 | r = ask_password_tty(-1, msg2, NULL, 0, 0, NULL, &b); |
ab84f5b9 | 647 | if (r < 0) |
00843602 | 648 | return log_error_errno(r, "Failed to query root password: %m"); |
39e96f84 ZJS |
649 | if (strv_length(b) != 1) |
650 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
651 | "Received multiple passwords, where we expected one."); | |
418b9be5 | 652 | |
c7b7d74e | 653 | if (!streq(*a, *b)) { |
418b9be5 | 654 | log_error("Entered passwords did not match, please try again."); |
418b9be5 LP |
655 | continue; |
656 | } | |
657 | ||
c7b7d74e | 658 | arg_root_password = TAKE_PTR(*a); |
418b9be5 LP |
659 | break; |
660 | } | |
661 | ||
662 | return 0; | |
663 | } | |
664 | ||
31363bd5 DDM |
665 | static int find_shell(const char *path, const char *root) { |
666 | int r; | |
667 | ||
668 | assert(path); | |
669 | ||
670 | if (!valid_shell(path)) | |
671 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "%s is not a valid shell", path); | |
672 | ||
673 | r = chase_symlinks(path, root, CHASE_PREFIX_ROOT, NULL, NULL); | |
674 | if (r < 0) { | |
675 | const char *p; | |
676 | p = prefix_roota(root, path); | |
677 | return log_error_errno(r, "Failed to resolve shell %s: %m", p); | |
678 | } | |
679 | ||
680 | return 0; | |
681 | } | |
682 | ||
28900a1b DDM |
683 | static int prompt_root_shell(void) { |
684 | int r; | |
685 | ||
416f7b3a LP |
686 | if (arg_root_shell) |
687 | return 0; | |
688 | ||
689 | r = read_credential("passwd.shell.root", (void**) &arg_root_shell, NULL); | |
690 | if (r < 0) | |
691 | log_debug_errno(r, "Failed to read credential passwd.shell.root, ignoring: %m"); | |
692 | else { | |
693 | log_debug("Acquired root shell from credential."); | |
694 | return 0; | |
695 | } | |
696 | ||
697 | if (!arg_prompt_root_shell) | |
28900a1b DDM |
698 | return 0; |
699 | ||
700 | print_welcome(); | |
701 | putchar('\n'); | |
702 | ||
703 | for (;;) { | |
704 | _cleanup_free_ char *s = NULL; | |
705 | ||
706 | r = ask_string(&s, "%s Please enter root shell for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET)); | |
707 | if (r < 0) | |
708 | return log_error_errno(r, "Failed to query root shell: %m"); | |
709 | ||
710 | if (isempty(s)) { | |
711 | log_warning("No shell entered, skipping."); | |
712 | break; | |
713 | } | |
714 | ||
31363bd5 DDM |
715 | r = find_shell(s, arg_root); |
716 | if (r < 0) | |
28900a1b | 717 | continue; |
28900a1b DDM |
718 | |
719 | arg_root_shell = TAKE_PTR(s); | |
720 | break; | |
721 | } | |
722 | ||
723 | return 0; | |
724 | } | |
725 | ||
726 | static int write_root_passwd(const char *passwd_path, const char *password, const char *shell) { | |
4926ceaf DDM |
727 | _cleanup_fclose_ FILE *original = NULL, *passwd = NULL; |
728 | _cleanup_(unlink_and_freep) char *passwd_tmp = NULL; | |
729 | int r; | |
730 | ||
c4a53ebf DDM |
731 | assert(password); |
732 | ||
4926ceaf DDM |
733 | r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp); |
734 | if (r < 0) | |
735 | return r; | |
736 | ||
737 | original = fopen(passwd_path, "re"); | |
738 | if (original) { | |
739 | struct passwd *i; | |
740 | ||
bb72c434 | 741 | r = copy_rights(fileno(original), fileno(passwd)); |
4926ceaf DDM |
742 | if (r < 0) |
743 | return r; | |
744 | ||
745 | while ((r = fgetpwent_sane(original, &i)) > 0) { | |
746 | ||
28900a1b | 747 | if (streq(i->pw_name, "root")) { |
4926ceaf | 748 | i->pw_passwd = (char *) password; |
28900a1b DDM |
749 | if (shell) |
750 | i->pw_shell = (char *) shell; | |
751 | } | |
4926ceaf DDM |
752 | |
753 | r = putpwent_sane(i, passwd); | |
754 | if (r < 0) | |
755 | return r; | |
756 | } | |
757 | if (r < 0) | |
758 | return r; | |
759 | ||
760 | } else { | |
761 | struct passwd root = { | |
762 | .pw_name = (char *) "root", | |
763 | .pw_passwd = (char *) password, | |
764 | .pw_uid = 0, | |
765 | .pw_gid = 0, | |
766 | .pw_gecos = (char *) "Super User", | |
767 | .pw_dir = (char *) "/root", | |
28900a1b | 768 | .pw_shell = (char *) (shell ?: "/bin/sh"), |
4926ceaf DDM |
769 | }; |
770 | ||
771 | if (errno != ENOENT) | |
772 | return -errno; | |
773 | ||
b226422c | 774 | r = fchmod(fileno(passwd), 0644); |
4926ceaf DDM |
775 | if (r < 0) |
776 | return -errno; | |
777 | ||
778 | r = putpwent_sane(&root, passwd); | |
779 | if (r < 0) | |
780 | return r; | |
781 | } | |
782 | ||
783 | r = fflush_sync_and_check(passwd); | |
784 | if (r < 0) | |
785 | return r; | |
786 | ||
787 | r = rename_and_apply_smack_floor_label(passwd_tmp, passwd_path); | |
788 | if (r < 0) | |
789 | return r; | |
790 | ||
791 | return 0; | |
792 | } | |
793 | ||
b4909a3f DDM |
794 | static int write_root_shadow(const char *shadow_path, const char *hashed_password) { |
795 | _cleanup_fclose_ FILE *original = NULL, *shadow = NULL; | |
796 | _cleanup_(unlink_and_freep) char *shadow_tmp = NULL; | |
100d5f6e FB |
797 | int r; |
798 | ||
c4a53ebf DDM |
799 | assert(hashed_password); |
800 | ||
b4909a3f DDM |
801 | r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp); |
802 | if (r < 0) | |
803 | return r; | |
804 | ||
805 | original = fopen(shadow_path, "re"); | |
806 | if (original) { | |
807 | struct spwd *i; | |
808 | ||
bb72c434 | 809 | r = copy_rights(fileno(original), fileno(shadow)); |
b4909a3f DDM |
810 | if (r < 0) |
811 | return r; | |
812 | ||
813 | while ((r = fgetspent_sane(original, &i)) > 0) { | |
814 | ||
815 | if (streq(i->sp_namp, "root")) { | |
816 | i->sp_pwdp = (char *) hashed_password; | |
817 | i->sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY); | |
818 | } | |
819 | ||
820 | r = putspent_sane(i, shadow); | |
821 | if (r < 0) | |
822 | return r; | |
823 | } | |
824 | if (r < 0) | |
825 | return r; | |
826 | ||
827 | } else { | |
828 | struct spwd root = { | |
829 | .sp_namp = (char*) "root", | |
830 | .sp_pwdp = (char *) hashed_password, | |
831 | .sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY), | |
832 | .sp_min = -1, | |
833 | .sp_max = -1, | |
834 | .sp_warn = -1, | |
835 | .sp_inact = -1, | |
836 | .sp_expire = -1, | |
f5fbe71d | 837 | .sp_flag = ULONG_MAX, /* this appears to be what everybody does ... */ |
b4909a3f DDM |
838 | }; |
839 | ||
840 | if (errno != ENOENT) | |
841 | return -errno; | |
418b9be5 | 842 | |
b4909a3f DDM |
843 | r = fchmod(fileno(shadow), 0000); |
844 | if (r < 0) | |
845 | return -errno; | |
418b9be5 | 846 | |
b4909a3f DDM |
847 | r = putspent_sane(&root, shadow); |
848 | if (r < 0) | |
849 | return r; | |
850 | } | |
851 | ||
852 | r = fflush_sync_and_check(shadow); | |
100d5f6e FB |
853 | if (r < 0) |
854 | return r; | |
418b9be5 | 855 | |
b4909a3f DDM |
856 | r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); |
857 | if (r < 0) | |
858 | return r; | |
859 | ||
860 | return 0; | |
418b9be5 LP |
861 | } |
862 | ||
28900a1b | 863 | static int process_root_args(void) { |
45035609 | 864 | _cleanup_close_ int lock = -1; |
0e98d17e | 865 | _cleanup_(erase_and_freep) char *_hashed_password = NULL; |
c4a53ebf DDM |
866 | const char *password, *hashed_password; |
867 | const char *etc_passwd, *etc_shadow; | |
418b9be5 LP |
868 | int r; |
869 | ||
c4a53ebf | 870 | etc_passwd = prefix_roota(arg_root, "/etc/passwd"); |
1d13f648 | 871 | etc_shadow = prefix_roota(arg_root, "/etc/shadow"); |
c4a53ebf DDM |
872 | |
873 | /* We only mess with passwd and shadow if both do not exist or --force is specified. These files are | |
874 | * tightly coupled and hence we make sure we have permission from the user to create/modify both | |
875 | * files. */ | |
876 | if ((laccess(etc_passwd, F_OK) >= 0 || laccess(etc_shadow, F_OK) >= 0) && !arg_force) | |
418b9be5 | 877 | return 0; |
67d5d9d5 | 878 | /* Don't create/modify passwd and shadow if not asked */ |
879 | if (!(arg_root_password || arg_prompt_root_password || arg_copy_root_password || arg_delete_root_password || | |
880 | arg_root_shell || arg_prompt_root_shell || arg_copy_root_shell)) | |
881 | return 0; | |
418b9be5 | 882 | |
c4a53ebf | 883 | (void) mkdir_parents(etc_passwd, 0755); |
45035609 | 884 | |
e929bee0 | 885 | lock = take_etc_passwd_lock(arg_root); |
45035609 | 886 | if (lock < 0) |
c4a53ebf | 887 | return log_error_errno(lock, "Failed to take a lock on %s: %m", etc_passwd); |
4926ceaf | 888 | |
28900a1b DDM |
889 | if (arg_copy_root_shell && arg_root) { |
890 | struct passwd *p; | |
891 | ||
892 | errno = 0; | |
893 | p = getpwnam("root"); | |
894 | if (!p) | |
895 | return log_error_errno(errno_or_else(EIO), "Failed to find passwd entry for root: %m"); | |
896 | ||
897 | r = free_and_strdup(&arg_root_shell, p->pw_shell); | |
898 | if (r < 0) | |
899 | return log_oom(); | |
900 | } | |
901 | ||
902 | r = prompt_root_shell(); | |
903 | if (r < 0) | |
904 | return r; | |
905 | ||
418b9be5 LP |
906 | if (arg_copy_root_password && arg_root) { |
907 | struct spwd *p; | |
908 | ||
909 | errno = 0; | |
910 | p = getspnam("root"); | |
c4a53ebf DDM |
911 | if (!p) |
912 | return log_error_errno(errno_or_else(EIO), "Failed to find shadow entry for root: %m"); | |
418b9be5 | 913 | |
c4a53ebf DDM |
914 | r = free_and_strdup(&arg_root_password, p->sp_pwdp); |
915 | if (r < 0) | |
916 | return log_oom(); | |
418b9be5 | 917 | |
c4a53ebf | 918 | arg_root_password_is_hashed = true; |
418b9be5 LP |
919 | } |
920 | ||
921 | r = prompt_root_password(); | |
922 | if (r < 0) | |
923 | return r; | |
924 | ||
c4a53ebf | 925 | if (arg_root_password && arg_root_password_is_hashed) { |
53c25ac9 | 926 | password = PASSWORD_SEE_SHADOW; |
676339a1 | 927 | hashed_password = arg_root_password; |
c4a53ebf | 928 | } else if (arg_root_password) { |
0e98d17e ZJS |
929 | r = hash_password(arg_root_password, &_hashed_password); |
930 | if (r < 0) | |
931 | return log_error_errno(r, "Failed to hash password: %m"); | |
676339a1 | 932 | |
53c25ac9 | 933 | password = PASSWORD_SEE_SHADOW; |
0e98d17e | 934 | hashed_password = _hashed_password; |
c4a53ebf | 935 | |
c4a53ebf | 936 | } else if (arg_delete_root_password) |
53c25ac9 | 937 | password = hashed_password = PASSWORD_NONE; |
c4a53ebf | 938 | else |
53c25ac9 | 939 | password = hashed_password = PASSWORD_LOCKED_AND_INVALID; |
c4a53ebf | 940 | |
28900a1b | 941 | r = write_root_passwd(etc_passwd, password, arg_root_shell); |
c4a53ebf DDM |
942 | if (r < 0) |
943 | return log_error_errno(r, "Failed to write %s: %m", etc_passwd); | |
944 | ||
945 | log_info("%s written", etc_passwd); | |
418b9be5 | 946 | |
b4909a3f | 947 | r = write_root_shadow(etc_shadow, hashed_password); |
23bbb0de MS |
948 | if (r < 0) |
949 | return log_error_errno(r, "Failed to write %s: %m", etc_shadow); | |
418b9be5 LP |
950 | |
951 | log_info("%s written.", etc_shadow); | |
952 | return 0; | |
953 | } | |
954 | ||
a5925354 DDM |
955 | static int process_kernel_cmdline(void) { |
956 | const char *etc_kernel_cmdline; | |
957 | int r; | |
958 | ||
959 | etc_kernel_cmdline = prefix_roota(arg_root, "/etc/kernel/cmdline"); | |
960 | if (laccess(etc_kernel_cmdline, F_OK) >= 0 && !arg_force) | |
961 | return 0; | |
962 | ||
963 | if (!arg_kernel_cmdline) | |
964 | return 0; | |
965 | ||
966 | r = write_string_file(etc_kernel_cmdline, arg_kernel_cmdline, | |
967 | WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 | | |
968 | (arg_force ? WRITE_STRING_FILE_ATOMIC : 0)); | |
969 | if (r < 0) | |
970 | return log_error_errno(r, "Failed to write %s: %m", etc_kernel_cmdline); | |
971 | ||
972 | log_info("%s written.", etc_kernel_cmdline); | |
973 | return 0; | |
974 | } | |
975 | ||
37ec0fdd LP |
976 | static int help(void) { |
977 | _cleanup_free_ char *link = NULL; | |
978 | int r; | |
979 | ||
980 | r = terminal_urlify_man("systemd-firstboot", "1", &link); | |
981 | if (r < 0) | |
982 | return log_oom(); | |
983 | ||
418b9be5 LP |
984 | printf("%s [OPTIONS...]\n\n" |
985 | "Configures basic settings of the system.\n\n" | |
676339a1 DDM |
986 | " -h --help Show this help\n" |
987 | " --version Show package version\n" | |
988 | " --root=PATH Operate on an alternate filesystem root\n" | |
3ff9fa59 | 989 | " --image=PATH Operate on an alternate filesystem image\n" |
676339a1 DDM |
990 | " --locale=LOCALE Set primary locale (LANG=)\n" |
991 | " --locale-messages=LOCALE Set message locale (LC_MESSAGES=)\n" | |
992 | " --keymap=KEYMAP Set keymap\n" | |
993 | " --timezone=TIMEZONE Set timezone\n" | |
994 | " --hostname=NAME Set hostname\n" | |
995 | " --machine-ID=ID Set machine ID\n" | |
996 | " --root-password=PASSWORD Set root password from plaintext password\n" | |
997 | " --root-password-file=FILE Set root password from file\n" | |
998 | " --root-password-hashed=HASHED_PASSWORD Set root password from hashed password\n" | |
f649325b | 999 | " --root-shell=SHELL Set root shell\n" |
676339a1 DDM |
1000 | " --prompt-locale Prompt the user for locale settings\n" |
1001 | " --prompt-keymap Prompt the user for keymap settings\n" | |
1002 | " --prompt-timezone Prompt the user for timezone\n" | |
1003 | " --prompt-hostname Prompt the user for hostname\n" | |
1004 | " --prompt-root-password Prompt the user for root password\n" | |
f649325b | 1005 | " --prompt-root-shell Prompt the user for root shell\n" |
676339a1 DDM |
1006 | " --prompt Prompt for all of the above\n" |
1007 | " --copy-locale Copy locale from host\n" | |
1008 | " --copy-keymap Copy keymap from host\n" | |
1009 | " --copy-timezone Copy timezone from host\n" | |
1010 | " --copy-root-password Copy root password from host\n" | |
f649325b | 1011 | " --copy-root-shell Copy root shell from host\n" |
676339a1 DDM |
1012 | " --copy Copy locale, keymap, timezone, root password\n" |
1013 | " --setup-machine-id Generate a new random machine ID\n" | |
1014 | " --force Overwrite existing files\n" | |
1015 | " --delete-root-password Delete root password\n" | |
a1225020 | 1016 | " --welcome=no Disable the welcome text\n" |
bc556335 DDM |
1017 | "\nSee the %s for details.\n", |
1018 | program_invocation_short_name, | |
1019 | link); | |
37ec0fdd LP |
1020 | |
1021 | return 0; | |
418b9be5 LP |
1022 | } |
1023 | ||
1024 | static int parse_argv(int argc, char *argv[]) { | |
1025 | ||
1026 | enum { | |
1027 | ARG_VERSION = 0x100, | |
1028 | ARG_ROOT, | |
3ff9fa59 | 1029 | ARG_IMAGE, |
418b9be5 LP |
1030 | ARG_LOCALE, |
1031 | ARG_LOCALE_MESSAGES, | |
ed457f13 | 1032 | ARG_KEYMAP, |
418b9be5 LP |
1033 | ARG_TIMEZONE, |
1034 | ARG_HOSTNAME, | |
1035 | ARG_MACHINE_ID, | |
1036 | ARG_ROOT_PASSWORD, | |
1037 | ARG_ROOT_PASSWORD_FILE, | |
676339a1 | 1038 | ARG_ROOT_PASSWORD_HASHED, |
28900a1b | 1039 | ARG_ROOT_SHELL, |
a5925354 | 1040 | ARG_KERNEL_COMMAND_LINE, |
418b9be5 LP |
1041 | ARG_PROMPT, |
1042 | ARG_PROMPT_LOCALE, | |
ed457f13 | 1043 | ARG_PROMPT_KEYMAP, |
418b9be5 LP |
1044 | ARG_PROMPT_TIMEZONE, |
1045 | ARG_PROMPT_HOSTNAME, | |
1046 | ARG_PROMPT_ROOT_PASSWORD, | |
28900a1b | 1047 | ARG_PROMPT_ROOT_SHELL, |
418b9be5 LP |
1048 | ARG_COPY, |
1049 | ARG_COPY_LOCALE, | |
ed457f13 | 1050 | ARG_COPY_KEYMAP, |
418b9be5 LP |
1051 | ARG_COPY_TIMEZONE, |
1052 | ARG_COPY_ROOT_PASSWORD, | |
28900a1b | 1053 | ARG_COPY_ROOT_SHELL, |
418b9be5 | 1054 | ARG_SETUP_MACHINE_ID, |
b4909a3f | 1055 | ARG_FORCE, |
4926ceaf | 1056 | ARG_DELETE_ROOT_PASSWORD, |
a1225020 | 1057 | ARG_WELCOME, |
418b9be5 LP |
1058 | }; |
1059 | ||
1060 | static const struct option options[] = { | |
676339a1 DDM |
1061 | { "help", no_argument, NULL, 'h' }, |
1062 | { "version", no_argument, NULL, ARG_VERSION }, | |
1063 | { "root", required_argument, NULL, ARG_ROOT }, | |
3ff9fa59 | 1064 | { "image", required_argument, NULL, ARG_IMAGE }, |
676339a1 DDM |
1065 | { "locale", required_argument, NULL, ARG_LOCALE }, |
1066 | { "locale-messages", required_argument, NULL, ARG_LOCALE_MESSAGES }, | |
1067 | { "keymap", required_argument, NULL, ARG_KEYMAP }, | |
1068 | { "timezone", required_argument, NULL, ARG_TIMEZONE }, | |
1069 | { "hostname", required_argument, NULL, ARG_HOSTNAME }, | |
1070 | { "machine-id", required_argument, NULL, ARG_MACHINE_ID }, | |
1071 | { "root-password", required_argument, NULL, ARG_ROOT_PASSWORD }, | |
1072 | { "root-password-file", required_argument, NULL, ARG_ROOT_PASSWORD_FILE }, | |
1073 | { "root-password-hashed", required_argument, NULL, ARG_ROOT_PASSWORD_HASHED }, | |
28900a1b | 1074 | { "root-shell", required_argument, NULL, ARG_ROOT_SHELL }, |
a5925354 | 1075 | { "kernel-command-line", required_argument, NULL, ARG_KERNEL_COMMAND_LINE }, |
676339a1 DDM |
1076 | { "prompt", no_argument, NULL, ARG_PROMPT }, |
1077 | { "prompt-locale", no_argument, NULL, ARG_PROMPT_LOCALE }, | |
1078 | { "prompt-keymap", no_argument, NULL, ARG_PROMPT_KEYMAP }, | |
1079 | { "prompt-timezone", no_argument, NULL, ARG_PROMPT_TIMEZONE }, | |
1080 | { "prompt-hostname", no_argument, NULL, ARG_PROMPT_HOSTNAME }, | |
1081 | { "prompt-root-password", no_argument, NULL, ARG_PROMPT_ROOT_PASSWORD }, | |
28900a1b | 1082 | { "prompt-root-shell", no_argument, NULL, ARG_PROMPT_ROOT_SHELL }, |
676339a1 DDM |
1083 | { "copy", no_argument, NULL, ARG_COPY }, |
1084 | { "copy-locale", no_argument, NULL, ARG_COPY_LOCALE }, | |
1085 | { "copy-keymap", no_argument, NULL, ARG_COPY_KEYMAP }, | |
1086 | { "copy-timezone", no_argument, NULL, ARG_COPY_TIMEZONE }, | |
1087 | { "copy-root-password", no_argument, NULL, ARG_COPY_ROOT_PASSWORD }, | |
28900a1b | 1088 | { "copy-root-shell", no_argument, NULL, ARG_COPY_ROOT_SHELL }, |
676339a1 DDM |
1089 | { "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID }, |
1090 | { "force", no_argument, NULL, ARG_FORCE }, | |
1091 | { "delete-root-password", no_argument, NULL, ARG_DELETE_ROOT_PASSWORD }, | |
a1225020 | 1092 | { "welcome", required_argument, NULL, ARG_WELCOME }, |
418b9be5 LP |
1093 | {} |
1094 | }; | |
1095 | ||
1096 | int r, c; | |
1097 | ||
1098 | assert(argc >= 0); | |
1099 | assert(argv); | |
1100 | ||
601185b4 | 1101 | while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) |
418b9be5 LP |
1102 | |
1103 | switch (c) { | |
1104 | ||
1105 | case 'h': | |
37ec0fdd | 1106 | return help(); |
418b9be5 LP |
1107 | |
1108 | case ARG_VERSION: | |
3f6fd1ba | 1109 | return version(); |
418b9be5 LP |
1110 | |
1111 | case ARG_ROOT: | |
614b022c | 1112 | r = parse_path_argument(optarg, true, &arg_root); |
0f474365 | 1113 | if (r < 0) |
0f03c2a4 | 1114 | return r; |
418b9be5 LP |
1115 | break; |
1116 | ||
3ff9fa59 | 1117 | case ARG_IMAGE: |
614b022c | 1118 | r = parse_path_argument(optarg, false, &arg_image); |
3ff9fa59 LP |
1119 | if (r < 0) |
1120 | return r; | |
1121 | break; | |
1122 | ||
418b9be5 | 1123 | case ARG_LOCALE: |
2fc09a9c DM |
1124 | r = free_and_strdup(&arg_locale, optarg); |
1125 | if (r < 0) | |
418b9be5 LP |
1126 | return log_oom(); |
1127 | ||
1128 | break; | |
1129 | ||
1130 | case ARG_LOCALE_MESSAGES: | |
2fc09a9c DM |
1131 | r = free_and_strdup(&arg_locale_messages, optarg); |
1132 | if (r < 0) | |
418b9be5 LP |
1133 | return log_oom(); |
1134 | ||
1135 | break; | |
1136 | ||
ed457f13 | 1137 | case ARG_KEYMAP: |
baaa35ad ZJS |
1138 | if (!keymap_is_valid(optarg)) |
1139 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
1140 | "Keymap %s is not valid.", optarg); | |
ed457f13 TB |
1141 | |
1142 | r = free_and_strdup(&arg_keymap, optarg); | |
1143 | if (r < 0) | |
1144 | return log_oom(); | |
1145 | ||
1146 | break; | |
1147 | ||
418b9be5 | 1148 | case ARG_TIMEZONE: |
baaa35ad ZJS |
1149 | if (!timezone_is_valid(optarg, LOG_ERR)) |
1150 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
1151 | "Timezone %s is not valid.", optarg); | |
418b9be5 | 1152 | |
2fc09a9c DM |
1153 | r = free_and_strdup(&arg_timezone, optarg); |
1154 | if (r < 0) | |
418b9be5 LP |
1155 | return log_oom(); |
1156 | ||
1157 | break; | |
1158 | ||
1159 | case ARG_ROOT_PASSWORD: | |
2fc09a9c DM |
1160 | r = free_and_strdup(&arg_root_password, optarg); |
1161 | if (r < 0) | |
418b9be5 | 1162 | return log_oom(); |
676339a1 DDM |
1163 | |
1164 | arg_root_password_is_hashed = false; | |
418b9be5 LP |
1165 | break; |
1166 | ||
1167 | case ARG_ROOT_PASSWORD_FILE: | |
0da16248 | 1168 | arg_root_password = mfree(arg_root_password); |
418b9be5 LP |
1169 | |
1170 | r = read_one_line_file(optarg, &arg_root_password); | |
23bbb0de MS |
1171 | if (r < 0) |
1172 | return log_error_errno(r, "Failed to read %s: %m", optarg); | |
418b9be5 | 1173 | |
676339a1 DDM |
1174 | arg_root_password_is_hashed = false; |
1175 | break; | |
1176 | ||
1177 | case ARG_ROOT_PASSWORD_HASHED: | |
1178 | r = free_and_strdup(&arg_root_password, optarg); | |
1179 | if (r < 0) | |
1180 | return log_oom(); | |
1181 | ||
1182 | arg_root_password_is_hashed = true; | |
418b9be5 LP |
1183 | break; |
1184 | ||
28900a1b | 1185 | case ARG_ROOT_SHELL: |
31363bd5 DDM |
1186 | r = find_shell(optarg, arg_root); |
1187 | if (r < 0) | |
1188 | return r; | |
28900a1b DDM |
1189 | |
1190 | r = free_and_strdup(&arg_root_shell, optarg); | |
1191 | if (r < 0) | |
1192 | return log_oom(); | |
1193 | ||
1194 | break; | |
1195 | ||
418b9be5 | 1196 | case ARG_HOSTNAME: |
52ef5dd7 | 1197 | if (!hostname_is_valid(optarg, VALID_HOSTNAME_TRAILING_DOT)) |
baaa35ad ZJS |
1198 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), |
1199 | "Host name %s is not valid.", optarg); | |
418b9be5 | 1200 | |
2fc09a9c DM |
1201 | r = free_and_strdup(&arg_hostname, optarg); |
1202 | if (r < 0) | |
418b9be5 LP |
1203 | return log_oom(); |
1204 | ||
79485fc2 | 1205 | hostname_cleanup(arg_hostname); |
418b9be5 LP |
1206 | break; |
1207 | ||
1208 | case ARG_MACHINE_ID: | |
7fb1d980 YW |
1209 | r = sd_id128_from_string(optarg, &arg_machine_id); |
1210 | if (r < 0) | |
1211 | return log_error_errno(r, "Failed to parse machine id %s.", optarg); | |
418b9be5 LP |
1212 | |
1213 | break; | |
1214 | ||
a5925354 DDM |
1215 | case ARG_KERNEL_COMMAND_LINE: |
1216 | r = free_and_strdup(&arg_kernel_cmdline, optarg); | |
1217 | if (r < 0) | |
1218 | return log_oom(); | |
1219 | ||
1220 | break; | |
1221 | ||
418b9be5 | 1222 | case ARG_PROMPT: |
28900a1b DDM |
1223 | arg_prompt_locale = arg_prompt_keymap = arg_prompt_timezone = arg_prompt_hostname = |
1224 | arg_prompt_root_password = arg_prompt_root_shell = true; | |
418b9be5 LP |
1225 | break; |
1226 | ||
1227 | case ARG_PROMPT_LOCALE: | |
1228 | arg_prompt_locale = true; | |
1229 | break; | |
1230 | ||
ed457f13 TB |
1231 | case ARG_PROMPT_KEYMAP: |
1232 | arg_prompt_keymap = true; | |
1233 | break; | |
1234 | ||
418b9be5 LP |
1235 | case ARG_PROMPT_TIMEZONE: |
1236 | arg_prompt_timezone = true; | |
1237 | break; | |
1238 | ||
1239 | case ARG_PROMPT_HOSTNAME: | |
1240 | arg_prompt_hostname = true; | |
1241 | break; | |
1242 | ||
1243 | case ARG_PROMPT_ROOT_PASSWORD: | |
1244 | arg_prompt_root_password = true; | |
1245 | break; | |
1246 | ||
28900a1b DDM |
1247 | case ARG_PROMPT_ROOT_SHELL: |
1248 | arg_prompt_root_shell = true; | |
1249 | break; | |
1250 | ||
418b9be5 | 1251 | case ARG_COPY: |
28900a1b DDM |
1252 | arg_copy_locale = arg_copy_keymap = arg_copy_timezone = arg_copy_root_password = |
1253 | arg_copy_root_shell = true; | |
e926f647 | 1254 | break; |
418b9be5 LP |
1255 | |
1256 | case ARG_COPY_LOCALE: | |
1257 | arg_copy_locale = true; | |
1258 | break; | |
1259 | ||
ed457f13 TB |
1260 | case ARG_COPY_KEYMAP: |
1261 | arg_copy_keymap = true; | |
1262 | break; | |
1263 | ||
418b9be5 LP |
1264 | case ARG_COPY_TIMEZONE: |
1265 | arg_copy_timezone = true; | |
1266 | break; | |
1267 | ||
1268 | case ARG_COPY_ROOT_PASSWORD: | |
1269 | arg_copy_root_password = true; | |
1270 | break; | |
1271 | ||
28900a1b DDM |
1272 | case ARG_COPY_ROOT_SHELL: |
1273 | arg_copy_root_shell = true; | |
1274 | break; | |
1275 | ||
418b9be5 | 1276 | case ARG_SETUP_MACHINE_ID: |
418b9be5 | 1277 | r = sd_id128_randomize(&arg_machine_id); |
23bbb0de MS |
1278 | if (r < 0) |
1279 | return log_error_errno(r, "Failed to generate randomized machine ID: %m"); | |
418b9be5 LP |
1280 | |
1281 | break; | |
1282 | ||
b4909a3f DDM |
1283 | case ARG_FORCE: |
1284 | arg_force = true; | |
1285 | break; | |
1286 | ||
4926ceaf DDM |
1287 | case ARG_DELETE_ROOT_PASSWORD: |
1288 | arg_delete_root_password = true; | |
1289 | break; | |
1290 | ||
a1225020 LP |
1291 | case ARG_WELCOME: |
1292 | r = parse_boolean(optarg); | |
1293 | if (r < 0) | |
1294 | return log_error_errno(r, "Failed to parse --welcome= argument: %s", optarg); | |
1295 | ||
1296 | arg_welcome = r; | |
1297 | break; | |
1298 | ||
418b9be5 LP |
1299 | case '?': |
1300 | return -EINVAL; | |
1301 | ||
1302 | default: | |
04499a70 | 1303 | assert_not_reached(); |
418b9be5 | 1304 | } |
418b9be5 | 1305 | |
a00a78b8 LP |
1306 | /* We check if the specified locale strings are valid down here, so that we can take --root= into |
1307 | * account when looking for the locale files. */ | |
1308 | ||
1309 | if (arg_locale && !locale_is_ok(arg_locale)) | |
1310 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale); | |
1311 | if (arg_locale_messages && !locale_is_ok(arg_locale_messages)) | |
1312 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale_messages); | |
1313 | ||
4926ceaf DDM |
1314 | if (arg_delete_root_password && (arg_copy_root_password || arg_root_password || arg_prompt_root_password)) |
1315 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
1316 | "--delete-root-password cannot be combined with other root password options"); | |
1317 | ||
3ff9fa59 LP |
1318 | if (arg_image && arg_root) |
1319 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported."); | |
1320 | ||
418b9be5 LP |
1321 | return 1; |
1322 | } | |
1323 | ||
45f39418 | 1324 | static int run(int argc, char *argv[]) { |
3ff9fa59 LP |
1325 | _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; |
1326 | _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL; | |
1327 | _cleanup_(umount_and_rmdir_and_freep) char *unlink_dir = NULL; | |
418b9be5 LP |
1328 | int r; |
1329 | ||
1330 | r = parse_argv(argc, argv); | |
1331 | if (r <= 0) | |
45f39418 | 1332 | return r; |
418b9be5 | 1333 | |
d2acb93d | 1334 | log_setup(); |
418b9be5 LP |
1335 | |
1336 | umask(0022); | |
1337 | ||
3ff9fa59 LP |
1338 | if (!arg_root && !arg_image) { |
1339 | bool enabled; | |
1340 | ||
1341 | /* If we are called without --root=/--image= let's honour the systemd.firstboot kernel | |
1342 | * command line option, because we are called to provision the host with basic settings (as | |
1343 | * opposed to some other file system tree/image) */ | |
1344 | ||
1345 | r = proc_cmdline_get_bool("systemd.firstboot", &enabled); | |
1346 | if (r < 0) | |
1347 | return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m"); | |
1348 | if (r > 0 && !enabled) | |
1349 | return 0; /* disabled */ | |
1350 | } | |
1351 | ||
6aa05ebd LP |
1352 | if (arg_image) { |
1353 | assert(!arg_root); | |
1354 | ||
1355 | r = mount_image_privately_interactively( | |
1356 | arg_image, | |
4b5de5dd LP |
1357 | DISSECT_IMAGE_GENERIC_ROOT | |
1358 | DISSECT_IMAGE_REQUIRE_ROOT | | |
1359 | DISSECT_IMAGE_VALIDATE_OS | | |
1360 | DISSECT_IMAGE_RELAX_VAR_CHECK | | |
c65f854a LP |
1361 | DISSECT_IMAGE_FSCK | |
1362 | DISSECT_IMAGE_GROWFS, | |
6aa05ebd LP |
1363 | &unlink_dir, |
1364 | &loop_device, | |
1365 | &decrypted_image); | |
1366 | if (r < 0) | |
1367 | return r; | |
1368 | ||
1369 | arg_root = strdup(unlink_dir); | |
1370 | if (!arg_root) | |
1371 | return log_oom(); | |
1372 | } | |
f582cbca | 1373 | |
418b9be5 LP |
1374 | r = process_locale(); |
1375 | if (r < 0) | |
45f39418 | 1376 | return r; |
418b9be5 | 1377 | |
ed457f13 TB |
1378 | r = process_keymap(); |
1379 | if (r < 0) | |
45f39418 | 1380 | return r; |
ed457f13 | 1381 | |
418b9be5 LP |
1382 | r = process_timezone(); |
1383 | if (r < 0) | |
45f39418 | 1384 | return r; |
418b9be5 LP |
1385 | |
1386 | r = process_hostname(); | |
1387 | if (r < 0) | |
45f39418 | 1388 | return r; |
418b9be5 LP |
1389 | |
1390 | r = process_machine_id(); | |
1391 | if (r < 0) | |
45f39418 | 1392 | return r; |
418b9be5 | 1393 | |
28900a1b | 1394 | r = process_root_args(); |
418b9be5 | 1395 | if (r < 0) |
45f39418 YW |
1396 | return r; |
1397 | ||
a5925354 DDM |
1398 | r = process_kernel_cmdline(); |
1399 | if (r < 0) | |
1400 | return r; | |
1401 | ||
45f39418 | 1402 | return 0; |
418b9be5 | 1403 | } |
45f39418 YW |
1404 | |
1405 | DEFINE_MAIN_FUNCTION(run); |