<?xml version='1.0'?> <!--*-nxml-*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-
-<!--
- This file is part of systemd.
-
- Copyright 2014 Lennart Poettering
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
--->
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="systemd-firstboot" conditional='ENABLE_FIRSTBOOT'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-firstboot</title>
<productname>systemd</productname>
-
- <authorgroup>
- <author>
- <contrib>Developer</contrib>
- <firstname>Lennart</firstname>
- <surname>Poettering</surname>
- <email>lennart@poettering.net</email>
- </author>
- </authorgroup>
</refentryinfo>
<refmeta>
<para><command>systemd-firstboot</command> initializes the most
basic system settings interactively on the first boot, or
- optionally non-interactively when a system image is created. The
- following settings may be set up:</para>
+ optionally non-interactively when a system image is created.
+ The service is started if <varname>ConditionFirstBoot=yes</varname>
+ is satisfied. This essentially means that <filename>/etc</filename>
+ is empty, see
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.</para>
+
+ <para>The following settings may be set up:</para>
<itemizedlist>
<listitem><para>The system locale, more specifically the two
locale variables <varname>LANG=</varname> and
<varname>LC_MESSAGES</varname></para></listitem>
+ <listitem><para>The system keyboard map</para></listitem>
+
<listitem><para>The system time zone</para></listitem>
- <listitem><para>The system host name</para></listitem>
+ <listitem><para>The system hostname</para></listitem>
<listitem><para>The machine ID of the system</para></listitem>
<listitem><para>The root user's password</para></listitem>
</itemizedlist>
- <para>Each of the fields may either be queried interactively from
- the users, set non-interactively on the tool's command line, or be
+ <para>Each of the fields may either be queried interactively by
+ users, set non-interactively on the tool's command line, or be
copied from a host system that is used to set up the system
image.</para>
- <para>If a setting is already initialized it will not be
+ <para>If a setting is already initialized, it will not be
overwritten and the user will not be prompted for the
setting.</para>
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--image=<replaceable>path</replaceable></option></term>
+ <listitem><para>Takes a path to a disk image file or block device node. If specified all operations
+ are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
+ but operates on file systems stored in disk images or block devices. The disk image should either
+ contain just a file system or a set of file systems within a GPT partition table, following the
+ <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions
+ Specification</ulink>. For further information on supported disk images, see
+ <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+ switch of the same name.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--locale=<replaceable>LOCALE</replaceable></option></term>
<term><option>--locale-messages=<replaceable>LOCALE</replaceable></option></term>
configuration file.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--keymap=<replaceable>KEYMAP</replaceable></option></term>
+
+ <listitem><para>Sets the system keyboard layout. The argument should be a valid keyboard map,
+ such as <literal>de-latin1</literal>. This controls the <literal>KEYMAP</literal> entry in the
+ <citerefentry project='man-pages'><refentrytitle>vconsole.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ configuration file.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--timezone=<replaceable>TIMEZONE</replaceable></option></term>
<term><option>--hostname=<replaceable>HOSTNAME</replaceable></option></term>
<listitem><para>Sets the system hostname. The argument should
- be a host name, compatible with DNS. This controls the
+ be a hostname, compatible with DNS. This controls the
<citerefentry><refentrytitle>hostname</refentrytitle><manvolnum>5</manvolnum></citerefentry>
configuration file.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--root-password=<replaceable>PASSWORD</replaceable></option></term>
<term><option>--root-password-file=<replaceable>PATH</replaceable></option></term>
+ <term><option>--root-password-hashed=<replaceable>HASHED_PASSWORD</replaceable></option></term>
- <listitem><para>Sets the password of the system's root user.
- This creates a
+ <listitem><para>Sets the password of the system's root user. This creates/modifies the
+ <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
+ <citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ files. This setting exists in three forms: <option>--root-password=</option> accepts the password to
+ set directly on the command line, <option>--root-password-file=</option> reads it from a file and
+ <option>--root-password-hashed=</option> accepts an already hashed password on the command line. See
<citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- file. This setting exists in two forms:
- <option>--root-password=</option> accepts the password to set
- directly on the command line,
- <option>--root-password-file=</option> reads it from a file.
- Note that it is not recommended specifying passwords on the
- command line as other users might be able to see them simply
- by invoking
- <citerefentry project='die-net'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
+ for more information on the format of the hashed password. Note that it is not recommended to specify
+ plaintext passwords on the command line, as other users might be able to see them simply by invoking
+ <citerefentry project='die-net'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--root-shell=<replaceable>SHELL</replaceable></option></term>
+
+ <listitem><para>Sets the shell of the system's root user. This creates/modifies the
+ <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ file.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--kernel-command-line=<replaceable>CMDLINE</replaceable></option></term>
+
+ <listitem><para>Sets the system's kernel command line. This controls the
+ <filename>/etc/kernel/cmdline</filename> file which is used by
+ <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ </para></listitem>
</varlistentry>
<varlistentry>
<term><option>--prompt-locale</option></term>
+ <term><option>--prompt-keymap</option></term>
<term><option>--prompt-timezone</option></term>
<term><option>--prompt-hostname</option></term>
<term><option>--prompt-root-password</option></term>
+ <term><option>--prompt-root-shell</option></term>
<listitem><para>Prompt the user interactively for a specific
basic setting. Note that any explicit configuration settings
<varlistentry>
<term><option>--prompt</option></term>
- <listitem><para>Query the user for locale, timezone, hostname
+ <listitem><para>Query the user for locale, keymap, timezone, hostname
and root password. This is equivalent to specifying
<option>--prompt-locale</option>,
+ <option>--prompt-keymap</option>,
<option>--prompt-timezone</option>,
<option>--prompt-hostname</option>,
- <option>--prompt-root-password</option> in combination.</para>
+ <option>--prompt-root-password</option>,
+ <option>--prompt-root-shell</option> in combination.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--copy-locale</option></term>
+ <term><option>--copy-keymap</option></term>
<term><option>--copy-timezone</option></term>
<term><option>--copy-root-password</option></term>
+ <term><option>--copy-root-shell</option></term>
<listitem><para>Copy a specific basic setting from the host.
This only works in combination with <option>--root=</option>
<varlistentry>
<term><option>--copy</option></term>
- <listitem><para>Copy locale, time zone and root password from
+ <listitem><para>Copy locale, keymap, time zone and root password from
the host. This is equivalent to specifying
<option>--copy-locale</option>,
+ <option>--copy-keymap</option>,
<option>--copy-timezone</option>,
- <option>--copy-root-password</option> in combination.</para>
+ <option>--copy-root-password</option>,
+ <option>--copy-root-shell</option> in combination.</para>
</listitem>
</varlistentry>
<option>--root=</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--force</option></term>
+
+ <listitem><para>systemd-firstboot doesn't modify existing files unless <option>--force</option>
+ is specified. For modifications to <filename>/etc/passwd</filename> and
+ <filename>/etc/shadow</filename>, systemd-firstboot only modifies the entry of the
+ <literal>root</literal> user instead of overwriting the entire file.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--delete-root-password</option></term>
+
+ <listitem><para>Removes the password of the system's root user, enabling login as root without a
+ password unless the root account is locked. Note that this is extremely insecure and hence this
+ option should not be used lightly.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--welcome=</option></term>
+
+ <listitem><para>Takes a boolean argument. By default when prompting the user for configuration
+ options a brief welcome text is shown before the first question is asked. Pass false to this option
+ to turn off the welcome text.</para></listitem>
+ </varlistentry>
+
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
</variablelist>
otherwise.</para>
</refsect1>
+ <refsect1>
+ <title>Kernel Command Line</title>
+
+ <variablelist class='kernel-commandline-options'>
+ <varlistentry>
+ <term><varname>systemd.firstboot=</varname></term>
+
+ <listitem><para>Takes a boolean argument, defaults to on. If off, <filename>systemd-firstboot.service</filename>
+ won't interactively query the user for basic settings at first boot, even if those settings are not
+ initialized yet.</para></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>vconsole.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>localtime</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>hostname</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
projects / thirdparty / systemd.git / blobdiff