]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/firstboot/firstboot.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tree-wide: use dissected_image_relinquish()
[thirdparty/systemd.git] / src / firstboot / firstboot.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
418b9be5 2
418b9be5 3#include <fcntl.h>
418b9be5 4#include <getopt.h>
3ff9fa59 5#include <linux/loop.h>
3f6fd1ba 6#include <unistd.h>
418b9be5 7
dccca82b
LP		 8#include "sd-id128.h"
9
b5efdb8a 10#include "alloc-util.h"
3f6fd1ba 11#include "ask-password-api.h"
f4351959 12#include "chase-symlinks.h"
418b9be5 13#include "copy.h"
416f7b3a 14#include "creds-util.h"
3ff9fa59 15#include "dissect-image.h"
686d13b9 16#include "env-file.h"
6bedfcbb 17#include "fd-util.h"
3f6fd1ba 18#include "fileio.h"
f4f15635 19#include "fs-util.h"
d8e32c47 20#include "glyph-util.h"
3f6fd1ba 21#include "hostname-util.h"
f05e1d0d 22#include "kbd-util.h"
42f3b2f9 23#include "libcrypt-util.h"
3f6fd1ba 24#include "locale-util.h"
45f39418 25#include "main-func.h"
9ae4ef49 26#include "memory-util.h"
418b9be5 27#include "mkdir.h"
3ff9fa59 28#include "mount-util.h"
d58ad743 29#include "os-util.h"
614b022c 30#include "parse-argument.h"
6bedfcbb 31#include "parse-util.h"
418b9be5 32#include "path-util.h"
294bf0c3 33#include "pretty-print.h"
f582cbca 34#include "proc-cmdline.h"
7baf10a7 35#include "pwquality-util.h"
3df3e884 36#include "random-util.h"
ce0458be 37#include "smack-util.h"
6bedfcbb 38#include "string-util.h"
3f6fd1ba 39#include "strv.h"
288a74cc 40#include "terminal-util.h"
3f6fd1ba 41#include "time-util.h"
b4909a3f 42#include "tmpfile-util-label.h"
3ff9fa59 43#include "tmpfile-util.h"
affb60b1 44#include "umask-util.h"
e929bee0 45#include "user-util.h"
418b9be5
LP		 46
47static char *arg_root = NULL;
3ff9fa59 48static char *arg_image = NULL;
418b9be5
LP		 49static char *arg_locale = NULL; /* $LANG */
50static char *arg_locale_messages = NULL; /* $LC_MESSAGES */
f8fd0930 51static char *arg_keymap = NULL;
418b9be5
LP		 52static char *arg_timezone = NULL;
53static char *arg_hostname = NULL;
54static sd_id128_t arg_machine_id = {};
55static char *arg_root_password = NULL;
28900a1b 56static char *arg_root_shell = NULL;
a5925354 57static char *arg_kernel_cmdline = NULL;
418b9be5 58static bool arg_prompt_locale = false;
ed457f13 59static bool arg_prompt_keymap = false;
418b9be5
LP		 60static bool arg_prompt_timezone = false;
61static bool arg_prompt_hostname = false;
62static bool arg_prompt_root_password = false;
28900a1b 63static bool arg_prompt_root_shell = false;
418b9be5 64static bool arg_copy_locale = false;
ed457f13 65static bool arg_copy_keymap = false;
418b9be5
LP		 66static bool arg_copy_timezone = false;
67static bool arg_copy_root_password = false;
28900a1b 68static bool arg_copy_root_shell = false;
b4909a3f 69static bool arg_force = false;
4926ceaf 70static bool arg_delete_root_password = false;
676339a1 71static bool arg_root_password_is_hashed = false;
a1225020 72static bool arg_welcome = true;
418b9be5 73
45f39418 74STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
3ff9fa59 75STATIC_DESTRUCTOR_REGISTER(arg_image, freep);
45f39418
YW		 76STATIC_DESTRUCTOR_REGISTER(arg_locale, freep);
77STATIC_DESTRUCTOR_REGISTER(arg_locale_messages, freep);
78STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep);
79STATIC_DESTRUCTOR_REGISTER(arg_timezone, freep);
80STATIC_DESTRUCTOR_REGISTER(arg_hostname, freep);
9ae4ef49 81STATIC_DESTRUCTOR_REGISTER(arg_root_password, erase_and_freep);
45f39418 82
418b9be5
LP		 83static bool press_any_key(void) {
84 char k = 0;
85 bool need_nl = true;
86
87 printf("-- Press any key to proceed --");
88 fflush(stdout);
89
94956f8f 90 (void) read_one_char(stdin, &k, USEC_INFINITY, &need_nl);
418b9be5
LP		 91
92 if (need_nl)
93 putchar('\n');
94
95 return k != 'q';
96}
97
98static void print_welcome(void) {
4aeadec7 99 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
418b9be5 100 static bool done = false;
ae0d36c1 101 const char *pn, *ac;
418b9be5
LP		 102 int r;
103
a1225020
LP		 104 if (!arg_welcome)
105 return;
106
418b9be5
LP		 107 if (done)
108 return;
109
4aeadec7
LP		 110 r = parse_os_release(
111 arg_root,
112 "PRETTY_NAME", &pretty_name,
209c1470 113 "ANSI_COLOR", &ansi_color);
d58ad743
LP		 114 if (r < 0)
115 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r,
116 "Failed to read os-release file, ignoring: %m");
418b9be5 117
4aeadec7 118 pn = isempty(pretty_name) ? "Linux" : pretty_name;
ae0d36c1 119 ac = isempty(ansi_color) ? "0" : ansi_color;
4aeadec7
LP		 120
121 if (colors_enabled())
ae0d36c1 122 printf("\nWelcome to your new installation of \x1B[%sm%s\x1B[0m!\n", ac, pn);
4aeadec7
LP		 123 else
124 printf("\nWelcome to your new installation of %s!\n", pn);
125
126 printf("\nPlease configure your system!\n\n");
418b9be5
LP		 127
128 press_any_key();
129
130 done = true;
131}
132
133static int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) {
418b9be5 134 unsigned break_lines, break_modulo;
da6053d0 135 size_t n, per_column, i, j;
418b9be5
LP		 136
137 assert(n_columns > 0);
138
139 n = strv_length(x);
be6b0c21 140 per_column = DIV_ROUND_UP(n, n_columns);
418b9be5
LP		 141
142 break_lines = lines();
143 if (break_lines > 2)
144 break_lines--;
145
146 /* The first page gets two extra lines, since we want to show
147 * a title */
148 break_modulo = break_lines;
149 if (break_modulo > 3)
150 break_modulo -= 3;
151
152 for (i = 0; i < per_column; i++) {
153
154 for (j = 0; j < n_columns; j ++) {
155 _cleanup_free_ char *e = NULL;
156
157 if (j * per_column + i >= n)
158 break;
159
160 e = ellipsize(x[j * per_column + i], width, percentage);
161 if (!e)
162 return log_oom();
163
f996072f 164 printf("%4zu) %-*s", j * per_column + i + 1, (int) width, e);
418b9be5
LP		 165 }
166
167 putchar('\n');
168
169 /* on the first screen we reserve 2 extra lines for the title */
170 if (i % break_lines == break_modulo) {
171 if (!press_any_key())
172 return 0;
173 }
174 }
175
176 return 0;
177}
178
ecada8f2 179static int prompt_loop(const char *text, char **l, unsigned percentage, bool (*is_valid)(const char *name), char **ret) {
418b9be5
LP		 180 int r;
181
182 assert(text);
183 assert(is_valid);
184 assert(ret);
185
186 for (;;) {
187 _cleanup_free_ char *p = NULL;
188 unsigned u;
189
ecada8f2
ZJS		 190 r = ask_string(&p, "%s %s (empty to skip, \"list\" to list options): ",
191 special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), text);
23bbb0de
MS		 192 if (r < 0)
193 return log_error_errno(r, "Failed to query user: %m");
418b9be5
LP		 194
195 if (isempty(p)) {
196 log_warning("No data entered, skipping.");
197 return 0;
198 }
199
ecada8f2
ZJS		 200 if (streq(p, "list")) {
201 r = show_menu(l, 3, 22, percentage);
202 if (r < 0)
203 return r;
204
205 putchar('\n');
206 continue;
207 };
208
418b9be5
LP		 209 r = safe_atou(p, &u);
210 if (r >= 0) {
418b9be5
LP		 211 if (u <= 0 || u > strv_length(l)) {
212 log_error("Specified entry number out of range.");
213 continue;
214 }
215
216 log_info("Selected '%s'.", l[u-1]);
b3f9c17a 217 return free_and_strdup_warn(ret, l[u-1]);
418b9be5
LP		 218 }
219
220 if (!is_valid(p)) {
221 log_error("Entered data invalid.");
222 continue;
223 }
224
bfbf5f74 225 return free_and_replace(*ret, p);
418b9be5
LP		 226 }
227}
228
a00a78b8
LP		 229static bool locale_is_ok(const char *name) {
230
231 if (arg_root)
232 return locale_is_valid(name);
233
234 return locale_is_installed(name) > 0;
235}
236
418b9be5
LP		 237static int prompt_locale(void) {
238 _cleanup_strv_free_ char **locales = NULL;
416f7b3a 239 bool acquired_from_creds = false;
418b9be5
LP		 240 int r;
241
242 if (arg_locale || arg_locale_messages)
243 return 0;
244
416f7b3a
LP		 245 r = read_credential("firstboot.locale", (void**) &arg_locale, NULL);
246 if (r < 0)
247 log_debug_errno(r, "Failed to read credential firstboot.locale, ignoring: %m");
248 else
249 acquired_from_creds = true;
250
251 r = read_credential("firstboot.locale-messages", (void**) &arg_locale_messages, NULL);
252 if (r < 0)
253 log_debug_errno(r, "Failed to read credential firstboot.locale-message, ignoring: %m");
254 else
255 acquired_from_creds = true;
256
257 if (acquired_from_creds) {
258 log_debug("Acquired locale from credentials.");
259 return 0;
260 }
261
418b9be5
LP		 262 if (!arg_prompt_locale)
263 return 0;
264
265 r = get_locales(&locales);
23bbb0de
MS		 266 if (r < 0)
267 return log_error_errno(r, "Cannot query locales list: %m");
418b9be5 268
bdd7cd26
LP		 269 if (strv_isempty(locales))
270 log_debug("No locales found, skipping locale selection.");
271 else if (strv_length(locales) == 1) {
418b9be5 272
bdd7cd26
LP		 273 if (streq(locales[0], SYSTEMD_DEFAULT_LOCALE))
274 log_debug("Only installed locale is default locale anyway, not setting locale explicitly.");
275 else {
276 log_debug("Only a single locale available (%s), selecting it as default.", locales[0]);
418b9be5 277
bdd7cd26
LP		 278 arg_locale = strdup(locales[0]);
279 if (!arg_locale)
280 return log_oom();
418b9be5 281
bdd7cd26
LP		 282 /* Not setting arg_locale_message here, since it defaults to LANG anyway */
283 }
284 } else {
285 print_welcome();
418b9be5 286
ecada8f2 287 r = prompt_loop("Please enter system locale name or number",
a00a78b8 288 locales, 60, locale_is_ok, &arg_locale);
bdd7cd26
LP		 289 if (r < 0)
290 return r;
291
292 if (isempty(arg_locale))
293 return 0;
294
ecada8f2 295 r = prompt_loop("Please enter system message locale name or number",
a00a78b8 296 locales, 60, locale_is_ok, &arg_locale_messages);
bdd7cd26
LP		 297 if (r < 0)
298 return r;
299
300 /* Suppress the messages setting if it's the same as the main locale anyway */
301 if (streq_ptr(arg_locale, arg_locale_messages))
302 arg_locale_messages = mfree(arg_locale_messages);
303 }
418b9be5
LP		 304
305 return 0;
306}
307
308static int process_locale(void) {
309 const char *etc_localeconf;
310 char* locales[3];
311 unsigned i = 0;
312 int r;
313
1d13f648 314 etc_localeconf = prefix_roota(arg_root, "/etc/locale.conf");
b4909a3f 315 if (laccess(etc_localeconf, F_OK) >= 0 && !arg_force)
418b9be5
LP		 316 return 0;
317
318 if (arg_copy_locale && arg_root) {
319
22e596d6 320 (void) mkdir_parents(etc_localeconf, 0755);
8a016c74 321 r = copy_file("/etc/locale.conf", etc_localeconf, 0, 0644, 0, 0, COPY_REFLINK);
418b9be5 322 if (r != -ENOENT) {
23bbb0de
MS		 323 if (r < 0)
324 return log_error_errno(r, "Failed to copy %s: %m", etc_localeconf);
418b9be5
LP		 325
326 log_info("%s copied.", etc_localeconf);
327 return 0;
328 }
329 }
330
331 r = prompt_locale();
332 if (r < 0)
333 return r;
334
335 if (!isempty(arg_locale))
63c372cb 336 locales[i++] = strjoina("LANG=", arg_locale);
418b9be5 337 if (!isempty(arg_locale_messages) && !streq(arg_locale_messages, arg_locale))
63c372cb 338 locales[i++] = strjoina("LC_MESSAGES=", arg_locale_messages);
418b9be5
LP		 339
340 if (i == 0)
341 return 0;
342
343 locales[i] = NULL;
344
22e596d6 345 (void) mkdir_parents(etc_localeconf, 0755);
418b9be5 346 r = write_env_file(etc_localeconf, locales);
23bbb0de
MS		 347 if (r < 0)
348 return log_error_errno(r, "Failed to write %s: %m", etc_localeconf);
418b9be5
LP		 349
350 log_info("%s written.", etc_localeconf);
351 return 0;
352}
353
ed457f13
TB		 354static int prompt_keymap(void) {
355 _cleanup_strv_free_ char **kmaps = NULL;
356 int r;
357
358 if (arg_keymap)
359 return 0;
360
416f7b3a
LP		 361 r = read_credential("firstboot.keymap", (void**) &arg_keymap, NULL);
362 if (r < 0)
363 log_debug_errno(r, "Failed to read credential firstboot.keymap, ignoring: %m");
364 else {
365 log_debug("Acquired keymap from credential.");
366 return 0;
367 }
368
ed457f13
TB		 369 if (!arg_prompt_keymap)
370 return 0;
371
372 r = get_keymaps(&kmaps);
373 if (r == -ENOENT) /* no keymaps installed */
374 return r;
375 if (r < 0)
376 return log_error_errno(r, "Failed to read keymaps: %m");
377
378 print_welcome();
379
8700b4da 380 return prompt_loop("Please enter system keymap name or number",
ecada8f2 381 kmaps, 60, keymap_is_valid, &arg_keymap);
ed457f13
TB		 382}
383
384static int process_keymap(void) {
385 const char *etc_vconsoleconf;
386 char **keymap;
387 int r;
388
389 etc_vconsoleconf = prefix_roota(arg_root, "/etc/vconsole.conf");
b4909a3f 390 if (laccess(etc_vconsoleconf, F_OK) >= 0 && !arg_force)
ed457f13
TB		 391 return 0;
392
393 if (arg_copy_keymap && arg_root) {
394
22e596d6 395 (void) mkdir_parents(etc_vconsoleconf, 0755);
8a016c74 396 r = copy_file("/etc/vconsole.conf", etc_vconsoleconf, 0, 0644, 0, 0, COPY_REFLINK);
ed457f13
TB		 397 if (r != -ENOENT) {
398 if (r < 0)
399 return log_error_errno(r, "Failed to copy %s: %m", etc_vconsoleconf);
400
401 log_info("%s copied.", etc_vconsoleconf);
402 return 0;
403 }
404 }
405
406 r = prompt_keymap();
407 if (r == -ENOENT)
408 return 0; /* don't fail if no keymaps are installed */
409 if (r < 0)
410 return r;
411
a7353b4d 412 if (isempty(arg_keymap))
ed457f13
TB		 413 return 0;
414
a7353b4d
YW		 415 keymap = STRV_MAKE(strjoina("KEYMAP=", arg_keymap));
416
417 r = mkdir_parents(etc_vconsoleconf, 0755);
418 if (r < 0)
419 return log_error_errno(r, "Failed to create the parent directory of %s: %m", etc_vconsoleconf);
420
ed457f13
TB		 421 r = write_env_file(etc_vconsoleconf, keymap);
422 if (r < 0)
423 return log_error_errno(r, "Failed to write %s: %m", etc_vconsoleconf);
424
425 log_info("%s written.", etc_vconsoleconf);
426 return 0;
427}
428
089fb865
MG		 429static bool timezone_is_valid_log_error(const char *name) {
430 return timezone_is_valid(name, LOG_ERR);
431}
432
418b9be5
LP		 433static int prompt_timezone(void) {
434 _cleanup_strv_free_ char **zones = NULL;
435 int r;
436
437 if (arg_timezone)
438 return 0;
439
416f7b3a
LP		 440 r = read_credential("firstboot.timezone", (void**) &arg_timezone, NULL);
441 if (r < 0)
442 log_debug_errno(r, "Failed to read credential firstboot.timezone, ignoring: %m");
443 else {
444 log_debug("Acquired timezone from credential.");
445 return 0;
446 }
447
418b9be5
LP		 448 if (!arg_prompt_timezone)
449 return 0;
450
451 r = get_timezones(&zones);
23bbb0de
MS		 452 if (r < 0)
453 return log_error_errno(r, "Cannot query timezone list: %m");
418b9be5
LP		 454
455 print_welcome();
456
ecada8f2
ZJS		 457 r = prompt_loop("Please enter timezone name or number",
458 zones, 30, timezone_is_valid_log_error, &arg_timezone);
418b9be5
LP		 459 if (r < 0)
460 return r;
461
462 return 0;
463}
464
465static int process_timezone(void) {
466 const char *etc_localtime, *e;
467 int r;
468
1d13f648 469 etc_localtime = prefix_roota(arg_root, "/etc/localtime");
b4909a3f 470 if (laccess(etc_localtime, F_OK) >= 0 && !arg_force)
418b9be5
LP		 471 return 0;
472
473 if (arg_copy_timezone && arg_root) {
474 _cleanup_free_ char *p = NULL;
475
476 r = readlink_malloc("/etc/localtime", &p);
477 if (r != -ENOENT) {
23bbb0de
MS		 478 if (r < 0)
479 return log_error_errno(r, "Failed to read host timezone: %m");
418b9be5 480
22e596d6 481 (void) mkdir_parents(etc_localtime, 0755);
e56dc320 482 r = symlink_atomic(p, etc_localtime);
483 if (r < 0)
484 return log_error_errno(r, "Failed to create %s symlink: %m", etc_localtime);
418b9be5
LP		 485
486 log_info("%s copied.", etc_localtime);
487 return 0;
488 }
489 }
490
491 r = prompt_timezone();
492 if (r < 0)
493 return r;
494
495 if (isempty(arg_timezone))
496 return 0;
497
63c372cb 498 e = strjoina("../usr/share/zoneinfo/", arg_timezone);
418b9be5 499
22e596d6 500 (void) mkdir_parents(etc_localtime, 0755);
e56dc320 501 r = symlink_atomic(e, etc_localtime);
502 if (r < 0)
503 return log_error_errno(r, "Failed to create %s symlink: %m", etc_localtime);
418b9be5
LP		 504
505 log_info("%s written", etc_localtime);
506 return 0;
507}
508
509static int prompt_hostname(void) {
510 int r;
511
512 if (arg_hostname)
513 return 0;
514
515 if (!arg_prompt_hostname)
516 return 0;
517
518 print_welcome();
519 putchar('\n');
520
521 for (;;) {
522 _cleanup_free_ char *h = NULL;
523
9a6f746f 524 r = ask_string(&h, "%s Please enter hostname for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET));
23bbb0de
MS		 525 if (r < 0)
526 return log_error_errno(r, "Failed to query hostname: %m");
418b9be5
LP		 527
528 if (isempty(h)) {
529 log_warning("No hostname entered, skipping.");
530 break;
531 }
532
52ef5dd7 533 if (!hostname_is_valid(h, VALID_HOSTNAME_TRAILING_DOT)) {
418b9be5
LP		 534 log_error("Specified hostname invalid.");
535 continue;
536 }
537
34ad6090 538 /* Get rid of the trailing dot that we allow, but don't want to see */
ae691c1d 539 arg_hostname = hostname_cleanup(h);
418b9be5
LP		 540 h = NULL;
541 break;
542 }
543
544 return 0;
545}
546
547static int process_hostname(void) {
548 const char *etc_hostname;
549 int r;
550
1d13f648 551 etc_hostname = prefix_roota(arg_root, "/etc/hostname");
b4909a3f 552 if (laccess(etc_hostname, F_OK) >= 0 && !arg_force)
418b9be5
LP		 553 return 0;
554
555 r = prompt_hostname();
556 if (r < 0)
557 return r;
558
559 if (isempty(arg_hostname))
560 return 0;
561
0675e94a 562 r = write_string_file(etc_hostname, arg_hostname,
b4909a3f
DDM		 563 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
564 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
23bbb0de
MS		 565 if (r < 0)
566 return log_error_errno(r, "Failed to write %s: %m", etc_hostname);
418b9be5
LP		 567
568 log_info("%s written.", etc_hostname);
569 return 0;
570}
571
572static int process_machine_id(void) {
573 const char *etc_machine_id;
418b9be5
LP		 574 int r;
575
1d13f648 576 etc_machine_id = prefix_roota(arg_root, "/etc/machine-id");
b4909a3f 577 if (laccess(etc_machine_id, F_OK) >= 0 && !arg_force)
418b9be5
LP		 578 return 0;
579
3bbaff3e 580 if (sd_id128_is_null(arg_machine_id))
418b9be5
LP		 581 return 0;
582
85b55869 583 r = write_string_file(etc_machine_id, SD_ID128_TO_STRING(arg_machine_id),
b4909a3f
DDM		 584 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
585 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
23bbb0de
MS		 586 if (r < 0)
587 return log_error_errno(r, "Failed to write machine id: %m");
418b9be5
LP		 588
589 log_info("%s written.", etc_machine_id);
590 return 0;
591}
592
593static int prompt_root_password(void) {
1fbc95d3 594 const char *msg1, *msg2;
418b9be5
LP		 595 int r;
596
597 if (arg_root_password)
598 return 0;
599
ff86850b 600 if (get_credential_user_password("root", &arg_root_password, &arg_root_password_is_hashed) >= 0)
416f7b3a 601 return 0;
416f7b3a 602
418b9be5
LP		 603 if (!arg_prompt_root_password)
604 return 0;
605
418b9be5
LP		 606 print_welcome();
607 putchar('\n');
608
3619634c
LP		 609 msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip):");
610 msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again:");
418b9be5 611
7baf10a7
LP		 612 suggest_passwords();
613
418b9be5 614 for (;;) {
c7b7d74e 615 _cleanup_strv_free_erase_ char **a = NULL, **b = NULL;
7baf10a7 616 _cleanup_free_ char *error = NULL;
418b9be5 617
daa55720 618 r = ask_password_tty(-1, msg1, NULL, 0, 0, NULL, &a);
23bbb0de
MS		 619 if (r < 0)
620 return log_error_errno(r, "Failed to query root password: %m");
39e96f84
ZJS		 621 if (strv_length(a) != 1)
622 return log_error_errno(SYNTHETIC_ERRNO(EIO),
623 "Received multiple passwords, where we expected one.");
418b9be5 624
c7b7d74e 625 if (isempty(*a)) {
418b9be5
LP		 626 log_warning("No password entered, skipping.");
627 break;
628 }
629
7baf10a7
LP		 630 r = quality_check_password(*a, "root", &error);
631 if (r < 0)
632 return log_error_errno(r, "Failed to check quality of password: %m");
633 if (r == 0)
634 log_warning("Password is weak, accepting anyway: %s", error);
635
daa55720 636 r = ask_password_tty(-1, msg2, NULL, 0, 0, NULL, &b);
ab84f5b9 637 if (r < 0)
00843602 638 return log_error_errno(r, "Failed to query root password: %m");
39e96f84
ZJS		 639 if (strv_length(b) != 1)
640 return log_error_errno(SYNTHETIC_ERRNO(EIO),
641 "Received multiple passwords, where we expected one.");
418b9be5 642
c7b7d74e 643 if (!streq(*a, *b)) {
418b9be5 644 log_error("Entered passwords did not match, please try again.");
418b9be5
LP		 645 continue;
646 }
647
c7b7d74e 648 arg_root_password = TAKE_PTR(*a);
418b9be5
LP		 649 break;
650 }
651
652 return 0;
653}
654
31363bd5
DDM		 655static int find_shell(const char *path, const char *root) {
656 int r;
657
658 assert(path);
659
660 if (!valid_shell(path))
661 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "%s is not a valid shell", path);
662
663 r = chase_symlinks(path, root, CHASE_PREFIX_ROOT, NULL, NULL);
664 if (r < 0) {
665 const char *p;
666 p = prefix_roota(root, path);
667 return log_error_errno(r, "Failed to resolve shell %s: %m", p);
668 }
669
670 return 0;
671}
672
28900a1b
DDM		 673static int prompt_root_shell(void) {
674 int r;
675
416f7b3a
LP		 676 if (arg_root_shell)
677 return 0;
678
679 r = read_credential("passwd.shell.root", (void**) &arg_root_shell, NULL);
680 if (r < 0)
681 log_debug_errno(r, "Failed to read credential passwd.shell.root, ignoring: %m");
682 else {
683 log_debug("Acquired root shell from credential.");
684 return 0;
685 }
686
687 if (!arg_prompt_root_shell)
28900a1b
DDM		 688 return 0;
689
690 print_welcome();
691 putchar('\n');
692
693 for (;;) {
694 _cleanup_free_ char *s = NULL;
695
696 r = ask_string(&s, "%s Please enter root shell for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET));
697 if (r < 0)
698 return log_error_errno(r, "Failed to query root shell: %m");
699
700 if (isempty(s)) {
701 log_warning("No shell entered, skipping.");
702 break;
703 }
704
31363bd5
DDM		 705 r = find_shell(s, arg_root);
706 if (r < 0)
28900a1b 707 continue;
28900a1b
DDM		 708
709 arg_root_shell = TAKE_PTR(s);
710 break;
711 }
712
713 return 0;
714}
715
716static int write_root_passwd(const char *passwd_path, const char *password, const char *shell) {
4926ceaf
DDM		 717 _cleanup_fclose_ FILE *original = NULL, *passwd = NULL;
718 _cleanup_(unlink_and_freep) char *passwd_tmp = NULL;
719 int r;
720
c4a53ebf
DDM		 721 assert(password);
722
4926ceaf
DDM		 723 r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
724 if (r < 0)
725 return r;
726
727 original = fopen(passwd_path, "re");
728 if (original) {
729 struct passwd *i;
730
bb72c434 731 r = copy_rights(fileno(original), fileno(passwd));
4926ceaf
DDM		 732 if (r < 0)
733 return r;
734
735 while ((r = fgetpwent_sane(original, &i)) > 0) {
736
28900a1b 737 if (streq(i->pw_name, "root")) {
4926ceaf 738 i->pw_passwd = (char *) password;
28900a1b
DDM		 739 if (shell)
740 i->pw_shell = (char *) shell;
741 }
4926ceaf
DDM		 742
743 r = putpwent_sane(i, passwd);
744 if (r < 0)
745 return r;
746 }
747 if (r < 0)
748 return r;
749
750 } else {
751 struct passwd root = {
752 .pw_name = (char *) "root",
753 .pw_passwd = (char *) password,
754 .pw_uid = 0,
755 .pw_gid = 0,
756 .pw_gecos = (char *) "Super User",
757 .pw_dir = (char *) "/root",
8a7adccb 758 .pw_shell = (char *) (shell ?: default_root_shell(arg_root)),
4926ceaf
DDM		 759 };
760
761 if (errno != ENOENT)
762 return -errno;
763
b226422c 764 r = fchmod(fileno(passwd), 0644);
4926ceaf
DDM		 765 if (r < 0)
766 return -errno;
767
768 r = putpwent_sane(&root, passwd);
769 if (r < 0)
770 return r;
771 }
772
773 r = fflush_sync_and_check(passwd);
774 if (r < 0)
775 return r;
776
777 r = rename_and_apply_smack_floor_label(passwd_tmp, passwd_path);
778 if (r < 0)
779 return r;
780
781 return 0;
782}
783
b4909a3f
DDM		 784static int write_root_shadow(const char *shadow_path, const char *hashed_password) {
785 _cleanup_fclose_ FILE *original = NULL, *shadow = NULL;
786 _cleanup_(unlink_and_freep) char *shadow_tmp = NULL;
100d5f6e
FB		 787 int r;
788
c4a53ebf
DDM		 789 assert(hashed_password);
790
b4909a3f
DDM		 791 r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
792 if (r < 0)
793 return r;
794
795 original = fopen(shadow_path, "re");
796 if (original) {
797 struct spwd *i;
798
bb72c434 799 r = copy_rights(fileno(original), fileno(shadow));
b4909a3f
DDM		 800 if (r < 0)
801 return r;
802
803 while ((r = fgetspent_sane(original, &i)) > 0) {
804
805 if (streq(i->sp_namp, "root")) {
806 i->sp_pwdp = (char *) hashed_password;
807 i->sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
808 }
809
810 r = putspent_sane(i, shadow);
811 if (r < 0)
812 return r;
813 }
814 if (r < 0)
815 return r;
816
817 } else {
818 struct spwd root = {
819 .sp_namp = (char*) "root",
820 .sp_pwdp = (char *) hashed_password,
821 .sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY),
822 .sp_min = -1,
823 .sp_max = -1,
824 .sp_warn = -1,
825 .sp_inact = -1,
826 .sp_expire = -1,
f5fbe71d 827 .sp_flag = ULONG_MAX, /* this appears to be what everybody does ... */
b4909a3f
DDM		 828 };
829
830 if (errno != ENOENT)
831 return -errno;
418b9be5 832
b4909a3f
DDM		 833 r = fchmod(fileno(shadow), 0000);
834 if (r < 0)
835 return -errno;
418b9be5 836
b4909a3f
DDM		 837 r = putspent_sane(&root, shadow);
838 if (r < 0)
839 return r;
840 }
841
842 r = fflush_sync_and_check(shadow);
100d5f6e
FB		 843 if (r < 0)
844 return r;
418b9be5 845
b4909a3f
DDM		 846 r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path);
847 if (r < 0)
848 return r;
849
850 return 0;
418b9be5
LP		 851}
852
28900a1b 853static int process_root_args(void) {
45035609 854 _cleanup_close_ int lock = -1;
0e98d17e 855 _cleanup_(erase_and_freep) char *_hashed_password = NULL;
c4a53ebf
DDM		 856 const char *password, *hashed_password;
857 const char *etc_passwd, *etc_shadow;
418b9be5
LP		 858 int r;
859
c4a53ebf 860 etc_passwd = prefix_roota(arg_root, "/etc/passwd");
1d13f648 861 etc_shadow = prefix_roota(arg_root, "/etc/shadow");
c4a53ebf 862
87a3a4a8 863 if (laccess(etc_passwd, F_OK) >= 0 && laccess(etc_shadow, F_OK) >= 0 && !arg_force)
418b9be5 864 return 0;
87a3a4a8 865
67d5d9d5 866 /* Don't create/modify passwd and shadow if not asked */
867 if (!(arg_root_password || arg_prompt_root_password || arg_copy_root_password || arg_delete_root_password ||
868 arg_root_shell || arg_prompt_root_shell || arg_copy_root_shell))
869 return 0;
418b9be5 870
c4a53ebf 871 (void) mkdir_parents(etc_passwd, 0755);
45035609 872
e929bee0 873 lock = take_etc_passwd_lock(arg_root);
45035609 874 if (lock < 0)
c4a53ebf 875 return log_error_errno(lock, "Failed to take a lock on %s: %m", etc_passwd);
4926ceaf 876
28900a1b
DDM		 877 if (arg_copy_root_shell && arg_root) {
878 struct passwd *p;
879
880 errno = 0;
881 p = getpwnam("root");
882 if (!p)
883 return log_error_errno(errno_or_else(EIO), "Failed to find passwd entry for root: %m");
884
885 r = free_and_strdup(&arg_root_shell, p->pw_shell);
886 if (r < 0)
887 return log_oom();
888 }
889
890 r = prompt_root_shell();
891 if (r < 0)
892 return r;
893
418b9be5
LP		 894 if (arg_copy_root_password && arg_root) {
895 struct spwd *p;
896
897 errno = 0;
898 p = getspnam("root");
c4a53ebf
DDM		 899 if (!p)
900 return log_error_errno(errno_or_else(EIO), "Failed to find shadow entry for root: %m");
418b9be5 901
c4a53ebf
DDM		 902 r = free_and_strdup(&arg_root_password, p->sp_pwdp);
903 if (r < 0)
904 return log_oom();
418b9be5 905
c4a53ebf 906 arg_root_password_is_hashed = true;
418b9be5
LP		 907 }
908
909 r = prompt_root_password();
910 if (r < 0)
911 return r;
912
c4a53ebf 913 if (arg_root_password && arg_root_password_is_hashed) {
53c25ac9 914 password = PASSWORD_SEE_SHADOW;
676339a1 915 hashed_password = arg_root_password;
c4a53ebf 916 } else if (arg_root_password) {
0e98d17e
ZJS		 917 r = hash_password(arg_root_password, &_hashed_password);
918 if (r < 0)
919 return log_error_errno(r, "Failed to hash password: %m");
676339a1 920
53c25ac9 921 password = PASSWORD_SEE_SHADOW;
0e98d17e 922 hashed_password = _hashed_password;
c4a53ebf 923
c4a53ebf 924 } else if (arg_delete_root_password)
53c25ac9 925 password = hashed_password = PASSWORD_NONE;
c4a53ebf 926 else
53c25ac9 927 password = hashed_password = PASSWORD_LOCKED_AND_INVALID;
c4a53ebf 928
28900a1b 929 r = write_root_passwd(etc_passwd, password, arg_root_shell);
c4a53ebf
DDM		 930 if (r < 0)
931 return log_error_errno(r, "Failed to write %s: %m", etc_passwd);
932
933 log_info("%s written", etc_passwd);
418b9be5 934
b4909a3f 935 r = write_root_shadow(etc_shadow, hashed_password);
23bbb0de
MS		 936 if (r < 0)
937 return log_error_errno(r, "Failed to write %s: %m", etc_shadow);
418b9be5
LP		 938
939 log_info("%s written.", etc_shadow);
940 return 0;
941}
942
a5925354
DDM		 943static int process_kernel_cmdline(void) {
944 const char *etc_kernel_cmdline;
945 int r;
946
947 etc_kernel_cmdline = prefix_roota(arg_root, "/etc/kernel/cmdline");
948 if (laccess(etc_kernel_cmdline, F_OK) >= 0 && !arg_force)
949 return 0;
950
951 if (!arg_kernel_cmdline)
952 return 0;
953
954 r = write_string_file(etc_kernel_cmdline, arg_kernel_cmdline,
955 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
956 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
957 if (r < 0)
958 return log_error_errno(r, "Failed to write %s: %m", etc_kernel_cmdline);
959
960 log_info("%s written.", etc_kernel_cmdline);
961 return 0;
962}
963
37ec0fdd
LP		 964static int help(void) {
965 _cleanup_free_ char *link = NULL;
966 int r;
967
968 r = terminal_urlify_man("systemd-firstboot", "1", &link);
969 if (r < 0)
970 return log_oom();
971
418b9be5
LP		 972 printf("%s [OPTIONS...]\n\n"
973 "Configures basic settings of the system.\n\n"
e16793ee
ZJS		 974 " -h --help Show this help\n"
975 " --version Show package version\n"
976 " --root=PATH Operate on an alternate filesystem root\n"
977 " --image=PATH Operate on an alternate filesystem image\n"
978 " --locale=LOCALE Set primary locale (LANG=)\n"
979 " --locale-messages=LOCALE Set message locale (LC_MESSAGES=)\n"
980 " --keymap=KEYMAP Set keymap\n"
981 " --timezone=TIMEZONE Set timezone\n"
982 " --hostname=NAME Set hostname\n"
983 " --machine-ID=ID Set machine ID\n"
984 " --root-password=PASSWORD Set root password from plaintext password\n"
985 " --root-password-file=FILE Set root password from file\n"
986 " --root-password-hashed=HASH Set root password from hashed password\n"
987 " --root-shell=SHELL Set root shell\n"
988 " --prompt-locale Prompt the user for locale settings\n"
989 " --prompt-keymap Prompt the user for keymap settings\n"
990 " --prompt-timezone Prompt the user for timezone\n"
991 " --prompt-hostname Prompt the user for hostname\n"
992 " --prompt-root-password Prompt the user for root password\n"
993 " --prompt-root-shell Prompt the user for root shell\n"
994 " --prompt Prompt for all of the above\n"
995 " --copy-locale Copy locale from host\n"
996 " --copy-keymap Copy keymap from host\n"
997 " --copy-timezone Copy timezone from host\n"
998 " --copy-root-password Copy root password from host\n"
999 " --copy-root-shell Copy root shell from host\n"
1000 " --copy Copy locale, keymap, timezone, root password\n"
1001 " --setup-machine-id Generate a new random machine ID\n"
1002 " --force Overwrite existing files\n"
1003 " --delete-root-password Delete root password\n"
1004 " --welcome=no Disable the welcome text\n"
bc556335
DDM		 1005 "\nSee the %s for details.\n",
1006 program_invocation_short_name,
1007 link);
37ec0fdd
LP		 1008
1009 return 0;
418b9be5
LP		 1010}
1011
1012static int parse_argv(int argc, char *argv[]) {
1013
1014 enum {
1015 ARG_VERSION = 0x100,
1016 ARG_ROOT,
3ff9fa59 1017 ARG_IMAGE,
418b9be5
LP		 1018 ARG_LOCALE,
1019 ARG_LOCALE_MESSAGES,
ed457f13 1020 ARG_KEYMAP,
418b9be5
LP		 1021 ARG_TIMEZONE,
1022 ARG_HOSTNAME,
1023 ARG_MACHINE_ID,
1024 ARG_ROOT_PASSWORD,
1025 ARG_ROOT_PASSWORD_FILE,
676339a1 1026 ARG_ROOT_PASSWORD_HASHED,
28900a1b 1027 ARG_ROOT_SHELL,
a5925354 1028 ARG_KERNEL_COMMAND_LINE,
418b9be5
LP		 1029 ARG_PROMPT,
1030 ARG_PROMPT_LOCALE,
ed457f13 1031 ARG_PROMPT_KEYMAP,
418b9be5
LP		 1032 ARG_PROMPT_TIMEZONE,
1033 ARG_PROMPT_HOSTNAME,
1034 ARG_PROMPT_ROOT_PASSWORD,
28900a1b 1035 ARG_PROMPT_ROOT_SHELL,
418b9be5
LP		 1036 ARG_COPY,
1037 ARG_COPY_LOCALE,
ed457f13 1038 ARG_COPY_KEYMAP,
418b9be5
LP		 1039 ARG_COPY_TIMEZONE,
1040 ARG_COPY_ROOT_PASSWORD,
28900a1b 1041 ARG_COPY_ROOT_SHELL,
418b9be5 1042 ARG_SETUP_MACHINE_ID,
b4909a3f 1043 ARG_FORCE,
4926ceaf 1044 ARG_DELETE_ROOT_PASSWORD,
a1225020 1045 ARG_WELCOME,
418b9be5
LP		 1046 };
1047
1048 static const struct option options[] = {
676339a1
DDM		 1049 { "help", no_argument, NULL, 'h' },
1050 { "version", no_argument, NULL, ARG_VERSION },
1051 { "root", required_argument, NULL, ARG_ROOT },
3ff9fa59 1052 { "image", required_argument, NULL, ARG_IMAGE },
676339a1
DDM		 1053 { "locale", required_argument, NULL, ARG_LOCALE },
1054 { "locale-messages", required_argument, NULL, ARG_LOCALE_MESSAGES },
1055 { "keymap", required_argument, NULL, ARG_KEYMAP },
1056 { "timezone", required_argument, NULL, ARG_TIMEZONE },
1057 { "hostname", required_argument, NULL, ARG_HOSTNAME },
1058 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
1059 { "root-password", required_argument, NULL, ARG_ROOT_PASSWORD },
1060 { "root-password-file", required_argument, NULL, ARG_ROOT_PASSWORD_FILE },
1061 { "root-password-hashed", required_argument, NULL, ARG_ROOT_PASSWORD_HASHED },
28900a1b 1062 { "root-shell", required_argument, NULL, ARG_ROOT_SHELL },
a5925354 1063 { "kernel-command-line", required_argument, NULL, ARG_KERNEL_COMMAND_LINE },
676339a1
DDM		 1064 { "prompt", no_argument, NULL, ARG_PROMPT },
1065 { "prompt-locale", no_argument, NULL, ARG_PROMPT_LOCALE },
1066 { "prompt-keymap", no_argument, NULL, ARG_PROMPT_KEYMAP },
1067 { "prompt-timezone", no_argument, NULL, ARG_PROMPT_TIMEZONE },
1068 { "prompt-hostname", no_argument, NULL, ARG_PROMPT_HOSTNAME },
1069 { "prompt-root-password", no_argument, NULL, ARG_PROMPT_ROOT_PASSWORD },
28900a1b 1070 { "prompt-root-shell", no_argument, NULL, ARG_PROMPT_ROOT_SHELL },
676339a1
DDM		 1071 { "copy", no_argument, NULL, ARG_COPY },
1072 { "copy-locale", no_argument, NULL, ARG_COPY_LOCALE },
1073 { "copy-keymap", no_argument, NULL, ARG_COPY_KEYMAP },
1074 { "copy-timezone", no_argument, NULL, ARG_COPY_TIMEZONE },
1075 { "copy-root-password", no_argument, NULL, ARG_COPY_ROOT_PASSWORD },
28900a1b 1076 { "copy-root-shell", no_argument, NULL, ARG_COPY_ROOT_SHELL },
676339a1
DDM		 1077 { "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID },
1078 { "force", no_argument, NULL, ARG_FORCE },
1079 { "delete-root-password", no_argument, NULL, ARG_DELETE_ROOT_PASSWORD },
a1225020 1080 { "welcome", required_argument, NULL, ARG_WELCOME },
418b9be5
LP		 1081 {}
1082 };
1083
1084 int r, c;
1085
1086 assert(argc >= 0);
1087 assert(argv);
1088
601185b4 1089 while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
418b9be5
LP		 1090
1091 switch (c) {
1092
1093 case 'h':
37ec0fdd 1094 return help();
418b9be5
LP		 1095
1096 case ARG_VERSION:
3f6fd1ba 1097 return version();
418b9be5
LP		 1098
1099 case ARG_ROOT:
614b022c 1100 r = parse_path_argument(optarg, true, &arg_root);
0f474365 1101 if (r < 0)
0f03c2a4 1102 return r;
418b9be5
LP		 1103 break;
1104
3ff9fa59 1105 case ARG_IMAGE:
614b022c 1106 r = parse_path_argument(optarg, false, &arg_image);
3ff9fa59
LP		 1107 if (r < 0)
1108 return r;
1109 break;
1110
418b9be5 1111 case ARG_LOCALE:
2fc09a9c
DM		 1112 r = free_and_strdup(&arg_locale, optarg);
1113 if (r < 0)
418b9be5
LP		 1114 return log_oom();
1115
1116 break;
1117
1118 case ARG_LOCALE_MESSAGES:
2fc09a9c
DM		 1119 r = free_and_strdup(&arg_locale_messages, optarg);
1120 if (r < 0)
418b9be5
LP		 1121 return log_oom();
1122
1123 break;
1124
ed457f13 1125 case ARG_KEYMAP:
baaa35ad
ZJS		 1126 if (!keymap_is_valid(optarg))
1127 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1128 "Keymap %s is not valid.", optarg);
ed457f13
TB		 1129
1130 r = free_and_strdup(&arg_keymap, optarg);
1131 if (r < 0)
1132 return log_oom();
1133
1134 break;
1135
418b9be5 1136 case ARG_TIMEZONE:
baaa35ad
ZJS		 1137 if (!timezone_is_valid(optarg, LOG_ERR))
1138 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1139 "Timezone %s is not valid.", optarg);
418b9be5 1140
2fc09a9c
DM		 1141 r = free_and_strdup(&arg_timezone, optarg);
1142 if (r < 0)
418b9be5
LP		 1143 return log_oom();
1144
1145 break;
1146
1147 case ARG_ROOT_PASSWORD:
2fc09a9c
DM		 1148 r = free_and_strdup(&arg_root_password, optarg);
1149 if (r < 0)
418b9be5 1150 return log_oom();
676339a1
DDM		 1151
1152 arg_root_password_is_hashed = false;
418b9be5
LP		 1153 break;
1154
1155 case ARG_ROOT_PASSWORD_FILE:
0da16248 1156 arg_root_password = mfree(arg_root_password);
418b9be5
LP		 1157
1158 r = read_one_line_file(optarg, &arg_root_password);
23bbb0de
MS		 1159 if (r < 0)
1160 return log_error_errno(r, "Failed to read %s: %m", optarg);
418b9be5 1161
676339a1
DDM		 1162 arg_root_password_is_hashed = false;
1163 break;
1164
1165 case ARG_ROOT_PASSWORD_HASHED:
1166 r = free_and_strdup(&arg_root_password, optarg);
1167 if (r < 0)
1168 return log_oom();
1169
1170 arg_root_password_is_hashed = true;
418b9be5
LP		 1171 break;
1172
28900a1b 1173 case ARG_ROOT_SHELL:
31363bd5
DDM		 1174 r = find_shell(optarg, arg_root);
1175 if (r < 0)
1176 return r;
28900a1b
DDM		 1177
1178 r = free_and_strdup(&arg_root_shell, optarg);
1179 if (r < 0)
1180 return log_oom();
1181
1182 break;
1183
418b9be5 1184 case ARG_HOSTNAME:
52ef5dd7 1185 if (!hostname_is_valid(optarg, VALID_HOSTNAME_TRAILING_DOT))
baaa35ad
ZJS		 1186 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1187 "Host name %s is not valid.", optarg);
418b9be5 1188
2fc09a9c
DM		 1189 r = free_and_strdup(&arg_hostname, optarg);
1190 if (r < 0)
418b9be5
LP		 1191 return log_oom();
1192
79485fc2 1193 hostname_cleanup(arg_hostname);
418b9be5
LP		 1194 break;
1195
1196 case ARG_MACHINE_ID:
7fb1d980
YW		 1197 r = sd_id128_from_string(optarg, &arg_machine_id);
1198 if (r < 0)
1199 return log_error_errno(r, "Failed to parse machine id %s.", optarg);
418b9be5
LP		 1200
1201 break;
1202
a5925354
DDM		 1203 case ARG_KERNEL_COMMAND_LINE:
1204 r = free_and_strdup(&arg_kernel_cmdline, optarg);
1205 if (r < 0)
1206 return log_oom();
1207
1208 break;
1209
418b9be5 1210 case ARG_PROMPT:
28900a1b
DDM		 1211 arg_prompt_locale = arg_prompt_keymap = arg_prompt_timezone = arg_prompt_hostname =
1212 arg_prompt_root_password = arg_prompt_root_shell = true;
418b9be5
LP		 1213 break;
1214
1215 case ARG_PROMPT_LOCALE:
1216 arg_prompt_locale = true;
1217 break;
1218
ed457f13
TB		 1219 case ARG_PROMPT_KEYMAP:
1220 arg_prompt_keymap = true;
1221 break;
1222
418b9be5
LP		 1223 case ARG_PROMPT_TIMEZONE:
1224 arg_prompt_timezone = true;
1225 break;
1226
1227 case ARG_PROMPT_HOSTNAME:
1228 arg_prompt_hostname = true;
1229 break;
1230
1231 case ARG_PROMPT_ROOT_PASSWORD:
1232 arg_prompt_root_password = true;
1233 break;
1234
28900a1b
DDM		 1235 case ARG_PROMPT_ROOT_SHELL:
1236 arg_prompt_root_shell = true;
1237 break;
1238
418b9be5 1239 case ARG_COPY:
28900a1b
DDM		 1240 arg_copy_locale = arg_copy_keymap = arg_copy_timezone = arg_copy_root_password =
1241 arg_copy_root_shell = true;
e926f647 1242 break;
418b9be5
LP		 1243
1244 case ARG_COPY_LOCALE:
1245 arg_copy_locale = true;
1246 break;
1247
ed457f13
TB		 1248 case ARG_COPY_KEYMAP:
1249 arg_copy_keymap = true;
1250 break;
1251
418b9be5
LP		 1252 case ARG_COPY_TIMEZONE:
1253 arg_copy_timezone = true;
1254 break;
1255
1256 case ARG_COPY_ROOT_PASSWORD:
1257 arg_copy_root_password = true;
1258 break;
1259
28900a1b
DDM		 1260 case ARG_COPY_ROOT_SHELL:
1261 arg_copy_root_shell = true;
1262 break;
1263
418b9be5 1264 case ARG_SETUP_MACHINE_ID:
418b9be5 1265 r = sd_id128_randomize(&arg_machine_id);
23bbb0de
MS		 1266 if (r < 0)
1267 return log_error_errno(r, "Failed to generate randomized machine ID: %m");
418b9be5
LP		 1268
1269 break;
1270
b4909a3f
DDM		 1271 case ARG_FORCE:
1272 arg_force = true;
1273 break;
1274
4926ceaf
DDM		 1275 case ARG_DELETE_ROOT_PASSWORD:
1276 arg_delete_root_password = true;
1277 break;
1278
a1225020
LP		 1279 case ARG_WELCOME:
1280 r = parse_boolean(optarg);
1281 if (r < 0)
1282 return log_error_errno(r, "Failed to parse --welcome= argument: %s", optarg);
1283
1284 arg_welcome = r;
1285 break;
1286
418b9be5
LP		 1287 case '?':
1288 return -EINVAL;
1289
1290 default:
04499a70 1291 assert_not_reached();
418b9be5 1292 }
418b9be5 1293
a00a78b8
LP		 1294 /* We check if the specified locale strings are valid down here, so that we can take --root= into
1295 * account when looking for the locale files. */
1296
1297 if (arg_locale && !locale_is_ok(arg_locale))
1298 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale);
1299 if (arg_locale_messages && !locale_is_ok(arg_locale_messages))
1300 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale_messages);
1301
4926ceaf
DDM		 1302 if (arg_delete_root_password && (arg_copy_root_password || arg_root_password || arg_prompt_root_password))
1303 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1304 "--delete-root-password cannot be combined with other root password options");
1305
3ff9fa59
LP		 1306 if (arg_image && arg_root)
1307 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported.");
1308
418b9be5
LP		 1309 return 1;
1310}
1311
45f39418 1312static int run(int argc, char *argv[]) {
3ff9fa59
LP		 1313 _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
1314 _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
1315 _cleanup_(umount_and_rmdir_and_freep) char *unlink_dir = NULL;
418b9be5
LP		 1316 int r;
1317
1318 r = parse_argv(argc, argv);
1319 if (r <= 0)
45f39418 1320 return r;
418b9be5 1321
d2acb93d 1322 log_setup();
418b9be5
LP		 1323
1324 umask(0022);
1325
3ff9fa59
LP		 1326 if (!arg_root && !arg_image) {
1327 bool enabled;
1328
1329 /* If we are called without --root=/--image= let's honour the systemd.firstboot kernel
1330 * command line option, because we are called to provision the host with basic settings (as
1331 * opposed to some other file system tree/image) */
1332
1333 r = proc_cmdline_get_bool("systemd.firstboot", &enabled);
1334 if (r < 0)
1335 return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m");
1336 if (r > 0 && !enabled)
1337 return 0; /* disabled */
1338 }
1339
6aa05ebd
LP		 1340 if (arg_image) {
1341 assert(!arg_root);
1342
1343 r = mount_image_privately_interactively(
1344 arg_image,
4b5de5dd
LP		 1345 DISSECT_IMAGE_GENERIC_ROOT |
1346 DISSECT_IMAGE_REQUIRE_ROOT |
1347 DISSECT_IMAGE_VALIDATE_OS |
1348 DISSECT_IMAGE_RELAX_VAR_CHECK |
c65f854a
LP		 1349 DISSECT_IMAGE_FSCK |
1350 DISSECT_IMAGE_GROWFS,
6aa05ebd
LP		 1351 &unlink_dir,
1352 &loop_device,
1353 &decrypted_image);
1354 if (r < 0)
1355 return r;
1356
1357 arg_root = strdup(unlink_dir);
1358 if (!arg_root)
1359 return log_oom();
1360 }
f582cbca 1361
418b9be5
LP		 1362 r = process_locale();
1363 if (r < 0)
45f39418 1364 return r;
418b9be5 1365
ed457f13
TB		 1366 r = process_keymap();
1367 if (r < 0)
45f39418 1368 return r;
ed457f13 1369
418b9be5
LP		 1370 r = process_timezone();
1371 if (r < 0)
45f39418 1372 return r;
418b9be5
LP		 1373
1374 r = process_hostname();
1375 if (r < 0)
45f39418 1376 return r;
418b9be5
LP		 1377
1378 r = process_machine_id();
1379 if (r < 0)
45f39418 1380 return r;
418b9be5 1381
28900a1b 1382 r = process_root_args();
418b9be5 1383 if (r < 0)
45f39418
YW		 1384 return r;
1385
a5925354
DDM		 1386 r = process_kernel_cmdline();
1387 if (r < 0)
1388 return r;
1389
45f39418 1390 return 0;
418b9be5 1391}
45f39418
YW		 1392
1393DEFINE_MAIN_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.