]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/firstboot/firstboot.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tree-wide: use UINT64_MAX or friends
[thirdparty/systemd.git] / src / firstboot / firstboot.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
418b9be5 2
418b9be5 3#include <fcntl.h>
418b9be5 4#include <getopt.h>
3ff9fa59 5#include <linux/loop.h>
3f6fd1ba 6#include <unistd.h>
418b9be5 7
dccca82b
LP		 8#include "sd-id128.h"
9
b5efdb8a 10#include "alloc-util.h"
3f6fd1ba 11#include "ask-password-api.h"
418b9be5 12#include "copy.h"
3ff9fa59 13#include "dissect-image.h"
686d13b9 14#include "env-file.h"
6bedfcbb 15#include "fd-util.h"
3f6fd1ba 16#include "fileio.h"
f4f15635 17#include "fs-util.h"
3f6fd1ba 18#include "hostname-util.h"
f05e1d0d 19#include "kbd-util.h"
42f3b2f9 20#include "libcrypt-util.h"
3f6fd1ba 21#include "locale-util.h"
45f39418 22#include "main-func.h"
9ae4ef49 23#include "memory-util.h"
418b9be5 24#include "mkdir.h"
3ff9fa59 25#include "mount-util.h"
d58ad743 26#include "os-util.h"
614b022c 27#include "parse-argument.h"
6bedfcbb 28#include "parse-util.h"
418b9be5 29#include "path-util.h"
294bf0c3 30#include "pretty-print.h"
f582cbca 31#include "proc-cmdline.h"
7baf10a7 32#include "pwquality-util.h"
3df3e884 33#include "random-util.h"
6bedfcbb 34#include "string-util.h"
3f6fd1ba 35#include "strv.h"
288a74cc 36#include "terminal-util.h"
3f6fd1ba 37#include "time-util.h"
b4909a3f 38#include "tmpfile-util-label.h"
3ff9fa59 39#include "tmpfile-util.h"
affb60b1 40#include "umask-util.h"
e929bee0 41#include "user-util.h"
418b9be5
LP		 42
43static char *arg_root = NULL;
3ff9fa59 44static char *arg_image = NULL;
418b9be5 45static char *arg_locale = NULL; /* $LANG */
ed457f13 46static char *arg_keymap = NULL;
418b9be5
LP		 47static char *arg_locale_messages = NULL; /* $LC_MESSAGES */
48static char *arg_timezone = NULL;
49static char *arg_hostname = NULL;
50static sd_id128_t arg_machine_id = {};
51static char *arg_root_password = NULL;
28900a1b 52static char *arg_root_shell = NULL;
a5925354 53static char *arg_kernel_cmdline = NULL;
418b9be5 54static bool arg_prompt_locale = false;
ed457f13 55static bool arg_prompt_keymap = false;
418b9be5
LP		 56static bool arg_prompt_timezone = false;
57static bool arg_prompt_hostname = false;
58static bool arg_prompt_root_password = false;
28900a1b 59static bool arg_prompt_root_shell = false;
418b9be5 60static bool arg_copy_locale = false;
ed457f13 61static bool arg_copy_keymap = false;
418b9be5
LP		 62static bool arg_copy_timezone = false;
63static bool arg_copy_root_password = false;
28900a1b 64static bool arg_copy_root_shell = false;
b4909a3f 65static bool arg_force = false;
4926ceaf 66static bool arg_delete_root_password = false;
676339a1 67static bool arg_root_password_is_hashed = false;
a1225020 68static bool arg_welcome = true;
418b9be5 69
45f39418 70STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
3ff9fa59 71STATIC_DESTRUCTOR_REGISTER(arg_image, freep);
45f39418
YW		 72STATIC_DESTRUCTOR_REGISTER(arg_locale, freep);
73STATIC_DESTRUCTOR_REGISTER(arg_locale_messages, freep);
74STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep);
75STATIC_DESTRUCTOR_REGISTER(arg_timezone, freep);
76STATIC_DESTRUCTOR_REGISTER(arg_hostname, freep);
9ae4ef49 77STATIC_DESTRUCTOR_REGISTER(arg_root_password, erase_and_freep);
45f39418 78
418b9be5
LP		 79static bool press_any_key(void) {
80 char k = 0;
81 bool need_nl = true;
82
83 printf("-- Press any key to proceed --");
84 fflush(stdout);
85
94956f8f 86 (void) read_one_char(stdin, &k, USEC_INFINITY, &need_nl);
418b9be5
LP		 87
88 if (need_nl)
89 putchar('\n');
90
91 return k != 'q';
92}
93
94static void print_welcome(void) {
4aeadec7 95 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
418b9be5 96 static bool done = false;
ae0d36c1 97 const char *pn, *ac;
418b9be5
LP		 98 int r;
99
a1225020
LP		 100 if (!arg_welcome)
101 return;
102
418b9be5
LP		 103 if (done)
104 return;
105
4aeadec7
LP		 106 r = parse_os_release(
107 arg_root,
108 "PRETTY_NAME", &pretty_name,
209c1470 109 "ANSI_COLOR", &ansi_color);
d58ad743
LP		 110 if (r < 0)
111 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r,
112 "Failed to read os-release file, ignoring: %m");
418b9be5 113
4aeadec7 114 pn = isempty(pretty_name) ? "Linux" : pretty_name;
ae0d36c1 115 ac = isempty(ansi_color) ? "0" : ansi_color;
4aeadec7
LP		 116
117 if (colors_enabled())
ae0d36c1 118 printf("\nWelcome to your new installation of \x1B[%sm%s\x1B[0m!\n", ac, pn);
4aeadec7
LP		 119 else
120 printf("\nWelcome to your new installation of %s!\n", pn);
121
122 printf("\nPlease configure your system!\n\n");
418b9be5
LP		 123
124 press_any_key();
125
126 done = true;
127}
128
129static int show_menu(char **x, unsigned n_columns, unsigned width, unsigned percentage) {
418b9be5 130 unsigned break_lines, break_modulo;
da6053d0 131 size_t n, per_column, i, j;
418b9be5
LP		 132
133 assert(n_columns > 0);
134
135 n = strv_length(x);
be6b0c21 136 per_column = DIV_ROUND_UP(n, n_columns);
418b9be5
LP		 137
138 break_lines = lines();
139 if (break_lines > 2)
140 break_lines--;
141
142 /* The first page gets two extra lines, since we want to show
143 * a title */
144 break_modulo = break_lines;
145 if (break_modulo > 3)
146 break_modulo -= 3;
147
148 for (i = 0; i < per_column; i++) {
149
150 for (j = 0; j < n_columns; j ++) {
151 _cleanup_free_ char *e = NULL;
152
153 if (j * per_column + i >= n)
154 break;
155
156 e = ellipsize(x[j * per_column + i], width, percentage);
157 if (!e)
158 return log_oom();
159
da6053d0 160 printf("%4zu) %-*s", j * per_column + i + 1, width, e);
418b9be5
LP		 161 }
162
163 putchar('\n');
164
165 /* on the first screen we reserve 2 extra lines for the title */
166 if (i % break_lines == break_modulo) {
167 if (!press_any_key())
168 return 0;
169 }
170 }
171
172 return 0;
173}
174
ecada8f2 175static int prompt_loop(const char *text, char **l, unsigned percentage, bool (*is_valid)(const char *name), char **ret) {
418b9be5
LP		 176 int r;
177
178 assert(text);
179 assert(is_valid);
180 assert(ret);
181
182 for (;;) {
183 _cleanup_free_ char *p = NULL;
184 unsigned u;
185
ecada8f2
ZJS		 186 r = ask_string(&p, "%s %s (empty to skip, \"list\" to list options): ",
187 special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), text);
23bbb0de
MS		 188 if (r < 0)
189 return log_error_errno(r, "Failed to query user: %m");
418b9be5
LP		 190
191 if (isempty(p)) {
192 log_warning("No data entered, skipping.");
193 return 0;
194 }
195
ecada8f2
ZJS		 196 if (streq(p, "list")) {
197 r = show_menu(l, 3, 22, percentage);
198 if (r < 0)
199 return r;
200
201 putchar('\n');
202 continue;
203 };
204
418b9be5
LP		 205 r = safe_atou(p, &u);
206 if (r >= 0) {
418b9be5
LP		 207 if (u <= 0 || u > strv_length(l)) {
208 log_error("Specified entry number out of range.");
209 continue;
210 }
211
212 log_info("Selected '%s'.", l[u-1]);
b3f9c17a 213 return free_and_strdup_warn(ret, l[u-1]);
418b9be5
LP		 214 }
215
216 if (!is_valid(p)) {
217 log_error("Entered data invalid.");
218 continue;
219 }
220
bfbf5f74 221 return free_and_replace(*ret, p);
418b9be5
LP		 222 }
223}
224
a00a78b8
LP		 225static bool locale_is_ok(const char *name) {
226
227 if (arg_root)
228 return locale_is_valid(name);
229
230 return locale_is_installed(name) > 0;
231}
232
418b9be5
LP		 233static int prompt_locale(void) {
234 _cleanup_strv_free_ char **locales = NULL;
235 int r;
236
237 if (arg_locale || arg_locale_messages)
238 return 0;
239
240 if (!arg_prompt_locale)
241 return 0;
242
243 r = get_locales(&locales);
23bbb0de
MS		 244 if (r < 0)
245 return log_error_errno(r, "Cannot query locales list: %m");
418b9be5 246
bdd7cd26
LP		 247 if (strv_isempty(locales))
248 log_debug("No locales found, skipping locale selection.");
249 else if (strv_length(locales) == 1) {
418b9be5 250
bdd7cd26
LP		 251 if (streq(locales[0], SYSTEMD_DEFAULT_LOCALE))
252 log_debug("Only installed locale is default locale anyway, not setting locale explicitly.");
253 else {
254 log_debug("Only a single locale available (%s), selecting it as default.", locales[0]);
418b9be5 255
bdd7cd26
LP		 256 arg_locale = strdup(locales[0]);
257 if (!arg_locale)
258 return log_oom();
418b9be5 259
bdd7cd26
LP		 260 /* Not setting arg_locale_message here, since it defaults to LANG anyway */
261 }
262 } else {
263 print_welcome();
418b9be5 264
ecada8f2 265 r = prompt_loop("Please enter system locale name or number",
a00a78b8 266 locales, 60, locale_is_ok, &arg_locale);
bdd7cd26
LP		 267 if (r < 0)
268 return r;
269
270 if (isempty(arg_locale))
271 return 0;
272
ecada8f2 273 r = prompt_loop("Please enter system message locale name or number",
a00a78b8 274 locales, 60, locale_is_ok, &arg_locale_messages);
bdd7cd26
LP		 275 if (r < 0)
276 return r;
277
278 /* Suppress the messages setting if it's the same as the main locale anyway */
279 if (streq_ptr(arg_locale, arg_locale_messages))
280 arg_locale_messages = mfree(arg_locale_messages);
281 }
418b9be5
LP		 282
283 return 0;
284}
285
286static int process_locale(void) {
287 const char *etc_localeconf;
288 char* locales[3];
289 unsigned i = 0;
290 int r;
291
1d13f648 292 etc_localeconf = prefix_roota(arg_root, "/etc/locale.conf");
b4909a3f 293 if (laccess(etc_localeconf, F_OK) >= 0 && !arg_force)
418b9be5
LP		 294 return 0;
295
296 if (arg_copy_locale && arg_root) {
297
22e596d6 298 (void) mkdir_parents(etc_localeconf, 0755);
8a016c74 299 r = copy_file("/etc/locale.conf", etc_localeconf, 0, 0644, 0, 0, COPY_REFLINK);
418b9be5 300 if (r != -ENOENT) {
23bbb0de
MS		 301 if (r < 0)
302 return log_error_errno(r, "Failed to copy %s: %m", etc_localeconf);
418b9be5
LP		 303
304 log_info("%s copied.", etc_localeconf);
305 return 0;
306 }
307 }
308
309 r = prompt_locale();
310 if (r < 0)
311 return r;
312
313 if (!isempty(arg_locale))
63c372cb 314 locales[i++] = strjoina("LANG=", arg_locale);
418b9be5 315 if (!isempty(arg_locale_messages) && !streq(arg_locale_messages, arg_locale))
63c372cb 316 locales[i++] = strjoina("LC_MESSAGES=", arg_locale_messages);
418b9be5
LP		 317
318 if (i == 0)
319 return 0;
320
321 locales[i] = NULL;
322
22e596d6 323 (void) mkdir_parents(etc_localeconf, 0755);
418b9be5 324 r = write_env_file(etc_localeconf, locales);
23bbb0de
MS		 325 if (r < 0)
326 return log_error_errno(r, "Failed to write %s: %m", etc_localeconf);
418b9be5
LP		 327
328 log_info("%s written.", etc_localeconf);
329 return 0;
330}
331
ed457f13
TB		 332static int prompt_keymap(void) {
333 _cleanup_strv_free_ char **kmaps = NULL;
334 int r;
335
336 if (arg_keymap)
337 return 0;
338
339 if (!arg_prompt_keymap)
340 return 0;
341
342 r = get_keymaps(&kmaps);
343 if (r == -ENOENT) /* no keymaps installed */
344 return r;
345 if (r < 0)
346 return log_error_errno(r, "Failed to read keymaps: %m");
347
348 print_welcome();
349
8700b4da 350 return prompt_loop("Please enter system keymap name or number",
ecada8f2 351 kmaps, 60, keymap_is_valid, &arg_keymap);
ed457f13
TB		 352}
353
354static int process_keymap(void) {
355 const char *etc_vconsoleconf;
356 char **keymap;
357 int r;
358
359 etc_vconsoleconf = prefix_roota(arg_root, "/etc/vconsole.conf");
b4909a3f 360 if (laccess(etc_vconsoleconf, F_OK) >= 0 && !arg_force)
ed457f13
TB		 361 return 0;
362
363 if (arg_copy_keymap && arg_root) {
364
22e596d6 365 (void) mkdir_parents(etc_vconsoleconf, 0755);
8a016c74 366 r = copy_file("/etc/vconsole.conf", etc_vconsoleconf, 0, 0644, 0, 0, COPY_REFLINK);
ed457f13
TB		 367 if (r != -ENOENT) {
368 if (r < 0)
369 return log_error_errno(r, "Failed to copy %s: %m", etc_vconsoleconf);
370
371 log_info("%s copied.", etc_vconsoleconf);
372 return 0;
373 }
374 }
375
376 r = prompt_keymap();
377 if (r == -ENOENT)
378 return 0; /* don't fail if no keymaps are installed */
379 if (r < 0)
380 return r;
381
a7353b4d 382 if (isempty(arg_keymap))
ed457f13
TB		 383 return 0;
384
a7353b4d
YW		 385 keymap = STRV_MAKE(strjoina("KEYMAP=", arg_keymap));
386
387 r = mkdir_parents(etc_vconsoleconf, 0755);
388 if (r < 0)
389 return log_error_errno(r, "Failed to create the parent directory of %s: %m", etc_vconsoleconf);
390
ed457f13
TB		 391 r = write_env_file(etc_vconsoleconf, keymap);
392 if (r < 0)
393 return log_error_errno(r, "Failed to write %s: %m", etc_vconsoleconf);
394
395 log_info("%s written.", etc_vconsoleconf);
396 return 0;
397}
398
089fb865
MG		 399static bool timezone_is_valid_log_error(const char *name) {
400 return timezone_is_valid(name, LOG_ERR);
401}
402
418b9be5
LP		 403static int prompt_timezone(void) {
404 _cleanup_strv_free_ char **zones = NULL;
405 int r;
406
407 if (arg_timezone)
408 return 0;
409
410 if (!arg_prompt_timezone)
411 return 0;
412
413 r = get_timezones(&zones);
23bbb0de
MS		 414 if (r < 0)
415 return log_error_errno(r, "Cannot query timezone list: %m");
418b9be5
LP		 416
417 print_welcome();
418
ecada8f2
ZJS		 419 r = prompt_loop("Please enter timezone name or number",
420 zones, 30, timezone_is_valid_log_error, &arg_timezone);
418b9be5
LP		 421 if (r < 0)
422 return r;
423
424 return 0;
425}
426
427static int process_timezone(void) {
428 const char *etc_localtime, *e;
429 int r;
430
1d13f648 431 etc_localtime = prefix_roota(arg_root, "/etc/localtime");
b4909a3f 432 if (laccess(etc_localtime, F_OK) >= 0 && !arg_force)
418b9be5
LP		 433 return 0;
434
435 if (arg_copy_timezone && arg_root) {
436 _cleanup_free_ char *p = NULL;
437
438 r = readlink_malloc("/etc/localtime", &p);
439 if (r != -ENOENT) {
23bbb0de
MS		 440 if (r < 0)
441 return log_error_errno(r, "Failed to read host timezone: %m");
418b9be5 442
22e596d6 443 (void) mkdir_parents(etc_localtime, 0755);
4a62c710
MS		 444 if (symlink(p, etc_localtime) < 0)
445 return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime);
418b9be5
LP		 446
447 log_info("%s copied.", etc_localtime);
448 return 0;
449 }
450 }
451
452 r = prompt_timezone();
453 if (r < 0)
454 return r;
455
456 if (isempty(arg_timezone))
457 return 0;
458
63c372cb 459 e = strjoina("../usr/share/zoneinfo/", arg_timezone);
418b9be5 460
22e596d6 461 (void) mkdir_parents(etc_localtime, 0755);
4a62c710
MS		 462 if (symlink(e, etc_localtime) < 0)
463 return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime);
418b9be5
LP		 464
465 log_info("%s written", etc_localtime);
466 return 0;
467}
468
469static int prompt_hostname(void) {
470 int r;
471
472 if (arg_hostname)
473 return 0;
474
475 if (!arg_prompt_hostname)
476 return 0;
477
478 print_welcome();
479 putchar('\n');
480
481 for (;;) {
482 _cleanup_free_ char *h = NULL;
483
9a6f746f 484 r = ask_string(&h, "%s Please enter hostname for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET));
23bbb0de
MS		 485 if (r < 0)
486 return log_error_errno(r, "Failed to query hostname: %m");
418b9be5
LP		 487
488 if (isempty(h)) {
489 log_warning("No hostname entered, skipping.");
490 break;
491 }
492
52ef5dd7 493 if (!hostname_is_valid(h, VALID_HOSTNAME_TRAILING_DOT)) {
418b9be5
LP		 494 log_error("Specified hostname invalid.");
495 continue;
496 }
497
34ad6090 498 /* Get rid of the trailing dot that we allow, but don't want to see */
ae691c1d 499 arg_hostname = hostname_cleanup(h);
418b9be5
LP		 500 h = NULL;
501 break;
502 }
503
504 return 0;
505}
506
507static int process_hostname(void) {
508 const char *etc_hostname;
509 int r;
510
1d13f648 511 etc_hostname = prefix_roota(arg_root, "/etc/hostname");
b4909a3f 512 if (laccess(etc_hostname, F_OK) >= 0 && !arg_force)
418b9be5
LP		 513 return 0;
514
515 r = prompt_hostname();
516 if (r < 0)
517 return r;
518
519 if (isempty(arg_hostname))
520 return 0;
521
0675e94a 522 r = write_string_file(etc_hostname, arg_hostname,
b4909a3f
DDM		 523 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
524 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
23bbb0de
MS		 525 if (r < 0)
526 return log_error_errno(r, "Failed to write %s: %m", etc_hostname);
418b9be5
LP		 527
528 log_info("%s written.", etc_hostname);
529 return 0;
530}
531
532static int process_machine_id(void) {
533 const char *etc_machine_id;
534 char id[SD_ID128_STRING_MAX];
535 int r;
536
1d13f648 537 etc_machine_id = prefix_roota(arg_root, "/etc/machine-id");
b4909a3f 538 if (laccess(etc_machine_id, F_OK) >= 0 && !arg_force)
418b9be5
LP		 539 return 0;
540
3bbaff3e 541 if (sd_id128_is_null(arg_machine_id))
418b9be5
LP		 542 return 0;
543
0675e94a 544 r = write_string_file(etc_machine_id, sd_id128_to_string(arg_machine_id, id),
b4909a3f
DDM		 545 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
546 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
23bbb0de
MS		 547 if (r < 0)
548 return log_error_errno(r, "Failed to write machine id: %m");
418b9be5
LP		 549
550 log_info("%s written.", etc_machine_id);
551 return 0;
552}
553
554static int prompt_root_password(void) {
1fbc95d3 555 const char *msg1, *msg2;
418b9be5
LP		 556 int r;
557
558 if (arg_root_password)
559 return 0;
560
561 if (!arg_prompt_root_password)
562 return 0;
563
418b9be5
LP		 564 print_welcome();
565 putchar('\n');
566
3619634c
LP		 567 msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip):");
568 msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again:");
418b9be5 569
7baf10a7
LP		 570 suggest_passwords();
571
418b9be5 572 for (;;) {
c7b7d74e 573 _cleanup_strv_free_erase_ char **a = NULL, **b = NULL;
7baf10a7 574 _cleanup_free_ char *error = NULL;
418b9be5 575
daa55720 576 r = ask_password_tty(-1, msg1, NULL, 0, 0, NULL, &a);
23bbb0de
MS		 577 if (r < 0)
578 return log_error_errno(r, "Failed to query root password: %m");
39e96f84
ZJS		 579 if (strv_length(a) != 1)
580 return log_error_errno(SYNTHETIC_ERRNO(EIO),
581 "Received multiple passwords, where we expected one.");
418b9be5 582
c7b7d74e 583 if (isempty(*a)) {
418b9be5
LP		 584 log_warning("No password entered, skipping.");
585 break;
586 }
587
7baf10a7
LP		 588 r = quality_check_password(*a, "root", &error);
589 if (r < 0)
590 return log_error_errno(r, "Failed to check quality of password: %m");
591 if (r == 0)
592 log_warning("Password is weak, accepting anyway: %s", error);
593
daa55720 594 r = ask_password_tty(-1, msg2, NULL, 0, 0, NULL, &b);
ab84f5b9 595 if (r < 0)
00843602 596 return log_error_errno(r, "Failed to query root password: %m");
39e96f84
ZJS		 597 if (strv_length(b) != 1)
598 return log_error_errno(SYNTHETIC_ERRNO(EIO),
599 "Received multiple passwords, where we expected one.");
418b9be5 600
c7b7d74e 601 if (!streq(*a, *b)) {
418b9be5 602 log_error("Entered passwords did not match, please try again.");
418b9be5
LP		 603 continue;
604 }
605
c7b7d74e 606 arg_root_password = TAKE_PTR(*a);
418b9be5
LP		 607 break;
608 }
609
610 return 0;
611}
612
31363bd5
DDM		 613static int find_shell(const char *path, const char *root) {
614 int r;
615
616 assert(path);
617
618 if (!valid_shell(path))
619 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "%s is not a valid shell", path);
620
621 r = chase_symlinks(path, root, CHASE_PREFIX_ROOT, NULL, NULL);
622 if (r < 0) {
623 const char *p;
624 p = prefix_roota(root, path);
625 return log_error_errno(r, "Failed to resolve shell %s: %m", p);
626 }
627
628 return 0;
629}
630
28900a1b
DDM		 631static int prompt_root_shell(void) {
632 int r;
633
634 if (arg_root_shell || !arg_prompt_root_shell)
635 return 0;
636
637 print_welcome();
638 putchar('\n');
639
640 for (;;) {
641 _cleanup_free_ char *s = NULL;
642
643 r = ask_string(&s, "%s Please enter root shell for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET));
644 if (r < 0)
645 return log_error_errno(r, "Failed to query root shell: %m");
646
647 if (isempty(s)) {
648 log_warning("No shell entered, skipping.");
649 break;
650 }
651
31363bd5
DDM		 652 r = find_shell(s, arg_root);
653 if (r < 0)
28900a1b 654 continue;
28900a1b
DDM		 655
656 arg_root_shell = TAKE_PTR(s);
657 break;
658 }
659
660 return 0;
661}
662
663static int write_root_passwd(const char *passwd_path, const char *password, const char *shell) {
4926ceaf
DDM		 664 _cleanup_fclose_ FILE *original = NULL, *passwd = NULL;
665 _cleanup_(unlink_and_freep) char *passwd_tmp = NULL;
666 int r;
667
c4a53ebf
DDM		 668 assert(password);
669
4926ceaf
DDM		 670 r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
671 if (r < 0)
672 return r;
673
674 original = fopen(passwd_path, "re");
675 if (original) {
676 struct passwd *i;
677
678 r = sync_rights(fileno(original), fileno(passwd));
679 if (r < 0)
680 return r;
681
682 while ((r = fgetpwent_sane(original, &i)) > 0) {
683
28900a1b 684 if (streq(i->pw_name, "root")) {
4926ceaf 685 i->pw_passwd = (char *) password;
28900a1b
DDM		 686 if (shell)
687 i->pw_shell = (char *) shell;
688 }
4926ceaf
DDM		 689
690 r = putpwent_sane(i, passwd);
691 if (r < 0)
692 return r;
693 }
694 if (r < 0)
695 return r;
696
697 } else {
698 struct passwd root = {
699 .pw_name = (char *) "root",
700 .pw_passwd = (char *) password,
701 .pw_uid = 0,
702 .pw_gid = 0,
703 .pw_gecos = (char *) "Super User",
704 .pw_dir = (char *) "/root",
28900a1b 705 .pw_shell = (char *) (shell ?: "/bin/sh"),
4926ceaf
DDM		 706 };
707
708 if (errno != ENOENT)
709 return -errno;
710
b226422c 711 r = fchmod(fileno(passwd), 0644);
4926ceaf
DDM		 712 if (r < 0)
713 return -errno;
714
715 r = putpwent_sane(&root, passwd);
716 if (r < 0)
717 return r;
718 }
719
720 r = fflush_sync_and_check(passwd);
721 if (r < 0)
722 return r;
723
724 r = rename_and_apply_smack_floor_label(passwd_tmp, passwd_path);
725 if (r < 0)
726 return r;
727
728 return 0;
729}
730
b4909a3f
DDM		 731static int write_root_shadow(const char *shadow_path, const char *hashed_password) {
732 _cleanup_fclose_ FILE *original = NULL, *shadow = NULL;
733 _cleanup_(unlink_and_freep) char *shadow_tmp = NULL;
100d5f6e
FB		 734 int r;
735
c4a53ebf
DDM		 736 assert(hashed_password);
737
b4909a3f
DDM		 738 r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
739 if (r < 0)
740 return r;
741
742 original = fopen(shadow_path, "re");
743 if (original) {
744 struct spwd *i;
745
746 r = sync_rights(fileno(original), fileno(shadow));
747 if (r < 0)
748 return r;
749
750 while ((r = fgetspent_sane(original, &i)) > 0) {
751
752 if (streq(i->sp_namp, "root")) {
753 i->sp_pwdp = (char *) hashed_password;
754 i->sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
755 }
756
757 r = putspent_sane(i, shadow);
758 if (r < 0)
759 return r;
760 }
761 if (r < 0)
762 return r;
763
764 } else {
765 struct spwd root = {
766 .sp_namp = (char*) "root",
767 .sp_pwdp = (char *) hashed_password,
768 .sp_lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY),
769 .sp_min = -1,
770 .sp_max = -1,
771 .sp_warn = -1,
772 .sp_inact = -1,
773 .sp_expire = -1,
f5fbe71d 774 .sp_flag = ULONG_MAX, /* this appears to be what everybody does ... */
b4909a3f
DDM		 775 };
776
777 if (errno != ENOENT)
778 return -errno;
418b9be5 779
b4909a3f
DDM		 780 r = fchmod(fileno(shadow), 0000);
781 if (r < 0)
782 return -errno;
418b9be5 783
b4909a3f
DDM		 784 r = putspent_sane(&root, shadow);
785 if (r < 0)
786 return r;
787 }
788
789 r = fflush_sync_and_check(shadow);
100d5f6e
FB		 790 if (r < 0)
791 return r;
418b9be5 792
b4909a3f
DDM		 793 r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path);
794 if (r < 0)
795 return r;
796
797 return 0;
418b9be5
LP		 798}
799
28900a1b 800static int process_root_args(void) {
45035609 801 _cleanup_close_ int lock = -1;
0e98d17e 802 _cleanup_(erase_and_freep) char *_hashed_password = NULL;
c4a53ebf
DDM		 803 const char *password, *hashed_password;
804 const char *etc_passwd, *etc_shadow;
418b9be5
LP		 805 int r;
806
c4a53ebf 807 etc_passwd = prefix_roota(arg_root, "/etc/passwd");
1d13f648 808 etc_shadow = prefix_roota(arg_root, "/etc/shadow");
c4a53ebf
DDM		 809
810 /* We only mess with passwd and shadow if both do not exist or --force is specified. These files are
811 * tightly coupled and hence we make sure we have permission from the user to create/modify both
812 * files. */
813 if ((laccess(etc_passwd, F_OK) >= 0 || laccess(etc_shadow, F_OK) >= 0) && !arg_force)
418b9be5 814 return 0;
67d5d9d5 815 /* Don't create/modify passwd and shadow if not asked */
816 if (!(arg_root_password || arg_prompt_root_password || arg_copy_root_password || arg_delete_root_password ||
817 arg_root_shell || arg_prompt_root_shell || arg_copy_root_shell))
818 return 0;
418b9be5 819
c4a53ebf 820 (void) mkdir_parents(etc_passwd, 0755);
45035609 821
e929bee0 822 lock = take_etc_passwd_lock(arg_root);
45035609 823 if (lock < 0)
c4a53ebf 824 return log_error_errno(lock, "Failed to take a lock on %s: %m", etc_passwd);
4926ceaf 825
28900a1b
DDM		 826 if (arg_copy_root_shell && arg_root) {
827 struct passwd *p;
828
829 errno = 0;
830 p = getpwnam("root");
831 if (!p)
832 return log_error_errno(errno_or_else(EIO), "Failed to find passwd entry for root: %m");
833
834 r = free_and_strdup(&arg_root_shell, p->pw_shell);
835 if (r < 0)
836 return log_oom();
837 }
838
839 r = prompt_root_shell();
840 if (r < 0)
841 return r;
842
418b9be5
LP		 843 if (arg_copy_root_password && arg_root) {
844 struct spwd *p;
845
846 errno = 0;
847 p = getspnam("root");
c4a53ebf
DDM		 848 if (!p)
849 return log_error_errno(errno_or_else(EIO), "Failed to find shadow entry for root: %m");
418b9be5 850
c4a53ebf
DDM		 851 r = free_and_strdup(&arg_root_password, p->sp_pwdp);
852 if (r < 0)
853 return log_oom();
418b9be5 854
c4a53ebf 855 arg_root_password_is_hashed = true;
418b9be5
LP		 856 }
857
858 r = prompt_root_password();
859 if (r < 0)
860 return r;
861
c4a53ebf
DDM		 862 if (arg_root_password && arg_root_password_is_hashed) {
863 password = "x";
676339a1 864 hashed_password = arg_root_password;
c4a53ebf 865 } else if (arg_root_password) {
0e98d17e
ZJS		 866 r = hash_password(arg_root_password, &_hashed_password);
867 if (r < 0)
868 return log_error_errno(r, "Failed to hash password: %m");
676339a1 869
c4a53ebf 870 password = "x";
0e98d17e 871 hashed_password = _hashed_password;
c4a53ebf 872
c4a53ebf
DDM		 873 } else if (arg_delete_root_password)
874 password = hashed_password = "";
875 else
876 password = hashed_password = "!";
877
28900a1b 878 r = write_root_passwd(etc_passwd, password, arg_root_shell);
c4a53ebf
DDM		 879 if (r < 0)
880 return log_error_errno(r, "Failed to write %s: %m", etc_passwd);
881
882 log_info("%s written", etc_passwd);
418b9be5 883
b4909a3f 884 r = write_root_shadow(etc_shadow, hashed_password);
23bbb0de
MS		 885 if (r < 0)
886 return log_error_errno(r, "Failed to write %s: %m", etc_shadow);
418b9be5
LP		 887
888 log_info("%s written.", etc_shadow);
889 return 0;
890}
891
a5925354
DDM		 892static int process_kernel_cmdline(void) {
893 const char *etc_kernel_cmdline;
894 int r;
895
896 etc_kernel_cmdline = prefix_roota(arg_root, "/etc/kernel/cmdline");
897 if (laccess(etc_kernel_cmdline, F_OK) >= 0 && !arg_force)
898 return 0;
899
900 if (!arg_kernel_cmdline)
901 return 0;
902
903 r = write_string_file(etc_kernel_cmdline, arg_kernel_cmdline,
904 WRITE_STRING_FILE_CREATE | WRITE_STRING_FILE_SYNC | WRITE_STRING_FILE_MKDIR_0755 |
905 (arg_force ? WRITE_STRING_FILE_ATOMIC : 0));
906 if (r < 0)
907 return log_error_errno(r, "Failed to write %s: %m", etc_kernel_cmdline);
908
909 log_info("%s written.", etc_kernel_cmdline);
910 return 0;
911}
912
37ec0fdd
LP		 913static int help(void) {
914 _cleanup_free_ char *link = NULL;
915 int r;
916
917 r = terminal_urlify_man("systemd-firstboot", "1", &link);
918 if (r < 0)
919 return log_oom();
920
418b9be5
LP		 921 printf("%s [OPTIONS...]\n\n"
922 "Configures basic settings of the system.\n\n"
676339a1
DDM		 923 " -h --help Show this help\n"
924 " --version Show package version\n"
925 " --root=PATH Operate on an alternate filesystem root\n"
3ff9fa59 926 " --image=PATH Operate on an alternate filesystem image\n"
676339a1
DDM		 927 " --locale=LOCALE Set primary locale (LANG=)\n"
928 " --locale-messages=LOCALE Set message locale (LC_MESSAGES=)\n"
929 " --keymap=KEYMAP Set keymap\n"
930 " --timezone=TIMEZONE Set timezone\n"
931 " --hostname=NAME Set hostname\n"
932 " --machine-ID=ID Set machine ID\n"
933 " --root-password=PASSWORD Set root password from plaintext password\n"
934 " --root-password-file=FILE Set root password from file\n"
935 " --root-password-hashed=HASHED_PASSWORD Set root password from hashed password\n"
f649325b 936 " --root-shell=SHELL Set root shell\n"
676339a1
DDM		 937 " --prompt-locale Prompt the user for locale settings\n"
938 " --prompt-keymap Prompt the user for keymap settings\n"
939 " --prompt-timezone Prompt the user for timezone\n"
940 " --prompt-hostname Prompt the user for hostname\n"
941 " --prompt-root-password Prompt the user for root password\n"
f649325b 942 " --prompt-root-shell Prompt the user for root shell\n"
676339a1
DDM		 943 " --prompt Prompt for all of the above\n"
944 " --copy-locale Copy locale from host\n"
945 " --copy-keymap Copy keymap from host\n"
946 " --copy-timezone Copy timezone from host\n"
947 " --copy-root-password Copy root password from host\n"
f649325b 948 " --copy-root-shell Copy root shell from host\n"
676339a1
DDM		 949 " --copy Copy locale, keymap, timezone, root password\n"
950 " --setup-machine-id Generate a new random machine ID\n"
951 " --force Overwrite existing files\n"
952 " --delete-root-password Delete root password\n"
a1225020 953 " --welcome=no Disable the welcome text\n"
bc556335
DDM		 954 "\nSee the %s for details.\n",
955 program_invocation_short_name,
956 link);
37ec0fdd
LP		 957
958 return 0;
418b9be5
LP		 959}
960
961static int parse_argv(int argc, char *argv[]) {
962
963 enum {
964 ARG_VERSION = 0x100,
965 ARG_ROOT,
3ff9fa59 966 ARG_IMAGE,
418b9be5
LP		 967 ARG_LOCALE,
968 ARG_LOCALE_MESSAGES,
ed457f13 969 ARG_KEYMAP,
418b9be5
LP		 970 ARG_TIMEZONE,
971 ARG_HOSTNAME,
972 ARG_MACHINE_ID,
973 ARG_ROOT_PASSWORD,
974 ARG_ROOT_PASSWORD_FILE,
676339a1 975 ARG_ROOT_PASSWORD_HASHED,
28900a1b 976 ARG_ROOT_SHELL,
a5925354 977 ARG_KERNEL_COMMAND_LINE,
418b9be5
LP		 978 ARG_PROMPT,
979 ARG_PROMPT_LOCALE,
ed457f13 980 ARG_PROMPT_KEYMAP,
418b9be5
LP		 981 ARG_PROMPT_TIMEZONE,
982 ARG_PROMPT_HOSTNAME,
983 ARG_PROMPT_ROOT_PASSWORD,
28900a1b 984 ARG_PROMPT_ROOT_SHELL,
418b9be5
LP		 985 ARG_COPY,
986 ARG_COPY_LOCALE,
ed457f13 987 ARG_COPY_KEYMAP,
418b9be5
LP		 988 ARG_COPY_TIMEZONE,
989 ARG_COPY_ROOT_PASSWORD,
28900a1b 990 ARG_COPY_ROOT_SHELL,
418b9be5 991 ARG_SETUP_MACHINE_ID,
b4909a3f 992 ARG_FORCE,
4926ceaf 993 ARG_DELETE_ROOT_PASSWORD,
a1225020 994 ARG_WELCOME,
418b9be5
LP		 995 };
996
997 static const struct option options[] = {
676339a1
DDM		 998 { "help", no_argument, NULL, 'h' },
999 { "version", no_argument, NULL, ARG_VERSION },
1000 { "root", required_argument, NULL, ARG_ROOT },
3ff9fa59 1001 { "image", required_argument, NULL, ARG_IMAGE },
676339a1
DDM		 1002 { "locale", required_argument, NULL, ARG_LOCALE },
1003 { "locale-messages", required_argument, NULL, ARG_LOCALE_MESSAGES },
1004 { "keymap", required_argument, NULL, ARG_KEYMAP },
1005 { "timezone", required_argument, NULL, ARG_TIMEZONE },
1006 { "hostname", required_argument, NULL, ARG_HOSTNAME },
1007 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
1008 { "root-password", required_argument, NULL, ARG_ROOT_PASSWORD },
1009 { "root-password-file", required_argument, NULL, ARG_ROOT_PASSWORD_FILE },
1010 { "root-password-hashed", required_argument, NULL, ARG_ROOT_PASSWORD_HASHED },
28900a1b 1011 { "root-shell", required_argument, NULL, ARG_ROOT_SHELL },
a5925354 1012 { "kernel-command-line", required_argument, NULL, ARG_KERNEL_COMMAND_LINE },
676339a1
DDM		 1013 { "prompt", no_argument, NULL, ARG_PROMPT },
1014 { "prompt-locale", no_argument, NULL, ARG_PROMPT_LOCALE },
1015 { "prompt-keymap", no_argument, NULL, ARG_PROMPT_KEYMAP },
1016 { "prompt-timezone", no_argument, NULL, ARG_PROMPT_TIMEZONE },
1017 { "prompt-hostname", no_argument, NULL, ARG_PROMPT_HOSTNAME },
1018 { "prompt-root-password", no_argument, NULL, ARG_PROMPT_ROOT_PASSWORD },
28900a1b 1019 { "prompt-root-shell", no_argument, NULL, ARG_PROMPT_ROOT_SHELL },
676339a1
DDM		 1020 { "copy", no_argument, NULL, ARG_COPY },
1021 { "copy-locale", no_argument, NULL, ARG_COPY_LOCALE },
1022 { "copy-keymap", no_argument, NULL, ARG_COPY_KEYMAP },
1023 { "copy-timezone", no_argument, NULL, ARG_COPY_TIMEZONE },
1024 { "copy-root-password", no_argument, NULL, ARG_COPY_ROOT_PASSWORD },
28900a1b 1025 { "copy-root-shell", no_argument, NULL, ARG_COPY_ROOT_SHELL },
676339a1
DDM		 1026 { "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID },
1027 { "force", no_argument, NULL, ARG_FORCE },
1028 { "delete-root-password", no_argument, NULL, ARG_DELETE_ROOT_PASSWORD },
a1225020 1029 { "welcome", required_argument, NULL, ARG_WELCOME },
418b9be5
LP		 1030 {}
1031 };
1032
1033 int r, c;
1034
1035 assert(argc >= 0);
1036 assert(argv);
1037
601185b4 1038 while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
418b9be5
LP		 1039
1040 switch (c) {
1041
1042 case 'h':
37ec0fdd 1043 return help();
418b9be5
LP		 1044
1045 case ARG_VERSION:
3f6fd1ba 1046 return version();
418b9be5
LP		 1047
1048 case ARG_ROOT:
614b022c 1049 r = parse_path_argument(optarg, true, &arg_root);
0f474365 1050 if (r < 0)
0f03c2a4 1051 return r;
418b9be5
LP		 1052 break;
1053
3ff9fa59 1054 case ARG_IMAGE:
614b022c 1055 r = parse_path_argument(optarg, false, &arg_image);
3ff9fa59
LP		 1056 if (r < 0)
1057 return r;
1058 break;
1059
418b9be5 1060 case ARG_LOCALE:
2fc09a9c
DM		 1061 r = free_and_strdup(&arg_locale, optarg);
1062 if (r < 0)
418b9be5
LP		 1063 return log_oom();
1064
1065 break;
1066
1067 case ARG_LOCALE_MESSAGES:
2fc09a9c
DM		 1068 r = free_and_strdup(&arg_locale_messages, optarg);
1069 if (r < 0)
418b9be5
LP		 1070 return log_oom();
1071
1072 break;
1073
ed457f13 1074 case ARG_KEYMAP:
baaa35ad
ZJS		 1075 if (!keymap_is_valid(optarg))
1076 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1077 "Keymap %s is not valid.", optarg);
ed457f13
TB		 1078
1079 r = free_and_strdup(&arg_keymap, optarg);
1080 if (r < 0)
1081 return log_oom();
1082
1083 break;
1084
418b9be5 1085 case ARG_TIMEZONE:
baaa35ad
ZJS		 1086 if (!timezone_is_valid(optarg, LOG_ERR))
1087 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1088 "Timezone %s is not valid.", optarg);
418b9be5 1089
2fc09a9c
DM		 1090 r = free_and_strdup(&arg_timezone, optarg);
1091 if (r < 0)
418b9be5
LP		 1092 return log_oom();
1093
1094 break;
1095
1096 case ARG_ROOT_PASSWORD:
2fc09a9c
DM		 1097 r = free_and_strdup(&arg_root_password, optarg);
1098 if (r < 0)
418b9be5 1099 return log_oom();
676339a1
DDM		 1100
1101 arg_root_password_is_hashed = false;
418b9be5
LP		 1102 break;
1103
1104 case ARG_ROOT_PASSWORD_FILE:
0da16248 1105 arg_root_password = mfree(arg_root_password);
418b9be5
LP		 1106
1107 r = read_one_line_file(optarg, &arg_root_password);
23bbb0de
MS		 1108 if (r < 0)
1109 return log_error_errno(r, "Failed to read %s: %m", optarg);
418b9be5 1110
676339a1
DDM		 1111 arg_root_password_is_hashed = false;
1112 break;
1113
1114 case ARG_ROOT_PASSWORD_HASHED:
1115 r = free_and_strdup(&arg_root_password, optarg);
1116 if (r < 0)
1117 return log_oom();
1118
1119 arg_root_password_is_hashed = true;
418b9be5
LP		 1120 break;
1121
28900a1b 1122 case ARG_ROOT_SHELL:
31363bd5
DDM		 1123 r = find_shell(optarg, arg_root);
1124 if (r < 0)
1125 return r;
28900a1b
DDM		 1126
1127 r = free_and_strdup(&arg_root_shell, optarg);
1128 if (r < 0)
1129 return log_oom();
1130
1131 break;
1132
418b9be5 1133 case ARG_HOSTNAME:
52ef5dd7 1134 if (!hostname_is_valid(optarg, VALID_HOSTNAME_TRAILING_DOT))
baaa35ad
ZJS		 1135 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1136 "Host name %s is not valid.", optarg);
418b9be5 1137
2fc09a9c
DM		 1138 r = free_and_strdup(&arg_hostname, optarg);
1139 if (r < 0)
418b9be5
LP		 1140 return log_oom();
1141
79485fc2 1142 hostname_cleanup(arg_hostname);
418b9be5
LP		 1143 break;
1144
1145 case ARG_MACHINE_ID:
7fb1d980
YW		 1146 r = sd_id128_from_string(optarg, &arg_machine_id);
1147 if (r < 0)
1148 return log_error_errno(r, "Failed to parse machine id %s.", optarg);
418b9be5
LP		 1149
1150 break;
1151
a5925354
DDM		 1152 case ARG_KERNEL_COMMAND_LINE:
1153 r = free_and_strdup(&arg_kernel_cmdline, optarg);
1154 if (r < 0)
1155 return log_oom();
1156
1157 break;
1158
418b9be5 1159 case ARG_PROMPT:
28900a1b
DDM		 1160 arg_prompt_locale = arg_prompt_keymap = arg_prompt_timezone = arg_prompt_hostname =
1161 arg_prompt_root_password = arg_prompt_root_shell = true;
418b9be5
LP		 1162 break;
1163
1164 case ARG_PROMPT_LOCALE:
1165 arg_prompt_locale = true;
1166 break;
1167
ed457f13
TB		 1168 case ARG_PROMPT_KEYMAP:
1169 arg_prompt_keymap = true;
1170 break;
1171
418b9be5
LP		 1172 case ARG_PROMPT_TIMEZONE:
1173 arg_prompt_timezone = true;
1174 break;
1175
1176 case ARG_PROMPT_HOSTNAME:
1177 arg_prompt_hostname = true;
1178 break;
1179
1180 case ARG_PROMPT_ROOT_PASSWORD:
1181 arg_prompt_root_password = true;
1182 break;
1183
28900a1b
DDM		 1184 case ARG_PROMPT_ROOT_SHELL:
1185 arg_prompt_root_shell = true;
1186 break;
1187
418b9be5 1188 case ARG_COPY:
28900a1b
DDM		 1189 arg_copy_locale = arg_copy_keymap = arg_copy_timezone = arg_copy_root_password =
1190 arg_copy_root_shell = true;
e926f647 1191 break;
418b9be5
LP		 1192
1193 case ARG_COPY_LOCALE:
1194 arg_copy_locale = true;
1195 break;
1196
ed457f13
TB		 1197 case ARG_COPY_KEYMAP:
1198 arg_copy_keymap = true;
1199 break;
1200
418b9be5
LP		 1201 case ARG_COPY_TIMEZONE:
1202 arg_copy_timezone = true;
1203 break;
1204
1205 case ARG_COPY_ROOT_PASSWORD:
1206 arg_copy_root_password = true;
1207 break;
1208
28900a1b
DDM		 1209 case ARG_COPY_ROOT_SHELL:
1210 arg_copy_root_shell = true;
1211 break;
1212
418b9be5 1213 case ARG_SETUP_MACHINE_ID:
418b9be5 1214 r = sd_id128_randomize(&arg_machine_id);
23bbb0de
MS		 1215 if (r < 0)
1216 return log_error_errno(r, "Failed to generate randomized machine ID: %m");
418b9be5
LP		 1217
1218 break;
1219
b4909a3f
DDM		 1220 case ARG_FORCE:
1221 arg_force = true;
1222 break;
1223
4926ceaf
DDM		 1224 case ARG_DELETE_ROOT_PASSWORD:
1225 arg_delete_root_password = true;
1226 break;
1227
a1225020
LP		 1228 case ARG_WELCOME:
1229 r = parse_boolean(optarg);
1230 if (r < 0)
1231 return log_error_errno(r, "Failed to parse --welcome= argument: %s", optarg);
1232
1233 arg_welcome = r;
1234 break;
1235
418b9be5
LP		 1236 case '?':
1237 return -EINVAL;
1238
1239 default:
1240 assert_not_reached("Unhandled option");
1241 }
418b9be5 1242
a00a78b8
LP		 1243 /* We check if the specified locale strings are valid down here, so that we can take --root= into
1244 * account when looking for the locale files. */
1245
1246 if (arg_locale && !locale_is_ok(arg_locale))
1247 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale);
1248 if (arg_locale_messages && !locale_is_ok(arg_locale_messages))
1249 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Locale %s is not installed.", arg_locale_messages);
1250
4926ceaf
DDM		 1251 if (arg_delete_root_password && (arg_copy_root_password || arg_root_password || arg_prompt_root_password))
1252 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1253 "--delete-root-password cannot be combined with other root password options");
1254
3ff9fa59
LP		 1255 if (arg_image && arg_root)
1256 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported.");
1257
418b9be5
LP		 1258 return 1;
1259}
1260
45f39418 1261static int run(int argc, char *argv[]) {
3ff9fa59
LP		 1262 _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
1263 _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
1264 _cleanup_(umount_and_rmdir_and_freep) char *unlink_dir = NULL;
418b9be5
LP		 1265 int r;
1266
1267 r = parse_argv(argc, argv);
1268 if (r <= 0)
45f39418 1269 return r;
418b9be5 1270
d2acb93d 1271 log_setup();
418b9be5
LP		 1272
1273 umask(0022);
1274
3ff9fa59
LP		 1275 if (!arg_root && !arg_image) {
1276 bool enabled;
1277
1278 /* If we are called without --root=/--image= let's honour the systemd.firstboot kernel
1279 * command line option, because we are called to provision the host with basic settings (as
1280 * opposed to some other file system tree/image) */
1281
1282 r = proc_cmdline_get_bool("systemd.firstboot", &enabled);
1283 if (r < 0)
1284 return log_error_errno(r, "Failed to parse systemd.firstboot= kernel command line argument, ignoring: %m");
1285 if (r > 0 && !enabled)
1286 return 0; /* disabled */
1287 }
1288
6aa05ebd
LP		 1289 if (arg_image) {
1290 assert(!arg_root);
1291
1292 r = mount_image_privately_interactively(
1293 arg_image,
1294 DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_VALIDATE_OS|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK,
1295 &unlink_dir,
1296 &loop_device,
1297 &decrypted_image);
1298 if (r < 0)
1299 return r;
1300
1301 arg_root = strdup(unlink_dir);
1302 if (!arg_root)
1303 return log_oom();
1304 }
f582cbca 1305
418b9be5
LP		 1306 r = process_locale();
1307 if (r < 0)
45f39418 1308 return r;
418b9be5 1309
ed457f13
TB		 1310 r = process_keymap();
1311 if (r < 0)
45f39418 1312 return r;
ed457f13 1313
418b9be5
LP		 1314 r = process_timezone();
1315 if (r < 0)
45f39418 1316 return r;
418b9be5
LP		 1317
1318 r = process_hostname();
1319 if (r < 0)
45f39418 1320 return r;
418b9be5
LP		 1321
1322 r = process_machine_id();
1323 if (r < 0)
45f39418 1324 return r;
418b9be5 1325
28900a1b 1326 r = process_root_args();
418b9be5 1327 if (r < 0)
45f39418
YW		 1328 return r;
1329
a5925354
DDM		 1330 r = process_kernel_cmdline();
1331 if (r < 0)
1332 return r;
1333
45f39418 1334 return 0;
418b9be5 1335}
45f39418
YW		 1336
1337DEFINE_MAIN_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.