summaryrefslogtreecommitdiff
path: root/src/firstboot
Commit message (Collapse)AuthorAgeFilesLines
* firstboot: clean-up the copied hostname, not argv[] directly, as that's uglyLennart Poettering2020-12-151-1/+1
|
* hostname-util: flagsify hostname_is_valid(), drop machine_name_is_valid()Lennart Poettering2020-12-151-2/+2
| | | | | | | | | | | | Let's clean up hostname_is_valid() a bit: let's turn the second boolean argument into a more explanatory flags field, and add a flag that accepts the special name ".host" as valid. This is useful for the container logic, where the special hostname ".host" refers to the "root container", i.e. the host system itself, and can be specified at various places. let's also get rid of machine_name_is_valid(). It was just an alias, which is confusing and even more so now that we have the flags param.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* Add a helper function that does make_salt+crypt_rZbigniew Jędrzejewski-Szmek2020-09-151-12/+5
| | | | No functional change.
* firstboot: don't create/modify passwd and shadow if not askedafg2020-09-031-0/+4
|
* firstboot: fill empty color if ansi_color unavailable from os-releaseafg2020-09-021-2/+3
|
* firstboot: hook up with libpwqualityLennart Poettering2020-08-191-0/+10
|
* firstboot: move --image= logic into common codeLennart Poettering2020-08-111-1/+0
| | | | That way we can reuse it in tmpfiles/sysusers/journalctl and so on.
* firstboot: move --image= logic into common codeLennart Poettering2020-08-051-73/+16
| | | | That way we can reuse it in tmpfiles/sysusers/journalctl and so on.
* service: add new RootImageOptions featureLuca Boccassi2020-07-291-1/+1
| | | | | | | | | | Allows to specify mount options for RootImage. In case of multi-partition images, the partition number can be prefixed followed by colon. Eg: RootImageOptions=1:ro,dev 2:nosuid nodev In absence of a partition number, 0 is assumed.
* firstboot: Update help string with --root-shell optionsDaan De Meyer2020-07-291-0/+3
|
* firstboot: Check if the given shell existsDaan De Meyer2020-07-281-6/+23
|
* firstboot: don't create /etc/passwd with mode 000Lennart Poettering2020-07-231-1/+1
| | | | | | | | It needs to be world readable (unlike /etc/shadow) when created anew. This fixes systems that boot with "systemd-nspawn --volatile=yes", i.e. come up with an entirely empty /etc/ and thus no existing /etc/passwd file when firstboot runs.
* firstboot: Add --root-shell optionDaan De Meyer2020-07-221-8/+91
|
* firstboot: Tighten up passwd/shadow handlingDaan De Meyer2020-07-221-39/+35
| | | | | | | | | | | | | | | | | There are a lot of edge cases that the current implementation doesn't handle, especially in cases where one of passwd/shadow exists and the other doesn't exist. For example, if --root-password is specified, we will write /etc/shadow but won't add a root entry to /etc/passwd if there is none. To fix some of these issues, we constrain systemd-firstboot to only modify /etc/passwd and /etc/shadow if both do not exist already (or --force) is specified. On top of that, we calculate all necessary information for both passwd and shadow upfront so we can take it all into account when writing the actual files. If no root password options are given --force is specified or both files do not exist, we lock the root account for security purposes.
* firstboot: add option to turn off welcome text displayLennart Poettering2020-07-071-0/+15
|
* firstboot: add --image= switchLennart Poettering2020-07-071-6/+108
| | | | | This is like --root=, but takes an image file path or device node path and dissects the image directly, mounting it internally.
* firstboot: Add --kernel-command-line optionDaan De Meyer2020-05-271-0/+35
|
* firstboot: Add --root-password-hashed optionDaan De Meyer2020-05-271-59/+80
|
* firstboot: Add --delete-root-password optionDaan De Meyer2020-05-271-0/+90
|
* firstboot: Add --force optionDaan De Meyer2020-05-271-35/+82
|
* firstboot: Don't check twice if /etc/shadow existsDaan De Meyer2020-05-271-5/+1
|
* tree-wide: port various bits over to locale_is_installed()Lennart Poettering2020-05-071-10/+18
|
* tree-wide: use "hostname" spelling everywhereZbigniew Jędrzejewski-Szmek2020-04-211-1/+1
| | | | | | | | It's not that I think that "hostname" is vastly superior to "host name". Quite the opposite — the difference is small, and in some context the two-word version does fit better. But in the tree, there are ~200 occurrences of the first, and >1600 of the other, and consistent spelling is more important than any particular spelling choice.
* firstboot: add missing checkZbigniew Jędrzejewski-Szmek2020-02-061-4/+6
| | | | If we check length of 'a', we must do the same for 'b'.
* shared: split out crypt() specific helpers into its own .c/.h in src/shared/Lennart Poettering2020-01-151-13/+1
| | | | | | | | | | This way we can use libxcrypt specific functionality such as crypt_gensalt() and thus take benefit of the newer algorithms libxcrypt implements. (Also adds support for a new env var $SYSTEMD_CRYPT_PREFIX which may be used to select the hash algorithm to use for libxcrypt.) Also, let's move the weird crypt.h inclusion into libcrypt.h so that there's a single place for it.
* firstboot: drop duplicate trailing whitespace from root pw questionLennart Poettering2019-08-111-2/+2
| | | | | | | Since ask_password() (and related calls) already append one char, we ended up appending two. That's not pretty. Let's fix this, and do it like in all other cases ask_password() (or an equivalent function) is called.
* firstboot: only list all options on demandZbigniew Jędrzejewski-Szmek2019-07-171-27/+19
| | | | | | | | | The user most likely knows the name of their locale/keymap/whatever, and paging through multiple pages of output has little benefit. The header that was printed before is now not printed anymore. But now it's obvious from the context what we are printing, so we don't need to print the header.
* firstboot: use free_and_strdup, free_and_replaceZbigniew Jędrzejewski-Szmek2019-07-171-11/+2
|
* firstboot: use color in welcome textLennart Poettering2019-07-131-4/+15
|
* firstboot: suppress locale menu if there's nothing to choose fromLennart Poettering2019-07-131-14/+35
|
* Remove string_free_eraseZbigniew Jędrzejewski-Szmek2019-07-101-1/+2
|
* Merge pull request #12390 from poettering/string-file-mkdirZbigniew Jędrzejewski-Szmek2019-05-281-10/+8
|\ | | | | fileio: add a WRITE_STRING_FILE_MKDIR_0755 flag to write_string_file() that creates parent directories if needed
| * tree-wide: make use of the new WRITE_STRING_FILE_MKDIR_0755 flagLennart Poettering2019-05-081-4/+2
| |
| * tree-wide: voidify a few callsLennart Poettering2019-05-081-6/+6
| |
* | firstboot: port to make_salt()Lennart Poettering2019-04-291-28/+7
|/ | | | | Also, let's use crypt_r() over crypt(). Not because we actually use threads, but because it's safer and more future proof in general.
* util-lib: when copying files make sure to apply some chattrs early, some lateLennart Poettering2019-03-281-2/+2
| | | | | | | Some chattrs only work sensible if you set them right after opening a file for create (think: FS_NOCOW_FL). Others only work when they are applied when the file is fully written (think: FS_IMMUTABLE_FL). Let's take that into account when copying files and applying a chattr to them.
* util: split out kbd related stuffLennart Poettering2019-03-141-0/+1
| | | | | This stuff is neither generic enough to be in def.h, nor really has much to do with locale, hence give it its own .c/.h file pair.
* locale-util: prefix special glyph enum values with SPECIAL_GLYPH_Lennart Poettering2018-12-141-4/+4
| | | | | | | This has been irritating me for quite a while: let's prefix these enum values with a common prefix, like we do for almost all other enums. No change in behaviour, just some renaming.
* util-lib: split out env file parsing code into env-file.cLennart Poettering2018-12-021-0/+1
| | | | | | It's quite complex, let's split this out. No code changes, just some file rearranging.
* coccinelle: make use of SYNTHETIC_ERRNOZbigniew Jędrzejewski-Szmek2018-11-221-24/+18
| | | | | | | | | | | Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
* Split out pretty-print.c and move pager.c and main-func.h to shared/Zbigniew Jędrzejewski-Szmek2018-11-201-0/+1
| | | | | This is high-level functionality, and fits better in shared/ (which is for our executables), than in basic/ (which is also for libraries).
* firstboot: use static destructor and DEFINE_MAIN_FUNCTION() macroYu Watanabe2018-11-201-28/+25
|
* log: introduce new helper call log_setup_service()Lennart Poettering2018-11-201-3/+1
| | | | | Let's reduce the common boilerplate and have a single setup function used by all service code to setup logging.
* random-util: optionally enable blocking getrandom() behaviourLennart Poettering2018-11-081-1/+2
| | | | | When generating the salt for the firstboot password logic, let's use getrandom() blocking mode, and insist in the very best entropy.
* random-util: change high_quality_required bool parameter into a flags parameterLennart Poettering2018-11-081-1/+1
| | | | No change in behaviour, just some refactoring.
* random-util: rename acquire_random_bytes() → genuine_random_bytes()Lennart Poettering2018-11-081-1/+1
| | | | | | | | | It's more descriptive, since we also have a function random_bytes() which sounds very similar. Also rename pseudorandom_bytes() to pseudo_random_bytes(). This way the two functions are nicely systematic, one returning genuine random bytes and the other pseudo random ones.
* ask-password: check keyring in ask_password_tty and ask_password_agentXiang Fan2018-10-311-4/+8
| | | | | | | A race condition happens when calling ask_password_auto() multiple times to unlock several disks on boot and effectively no password caching is utilized. This patch fixes it by polling the cache when waiting for the password.
* firstboot: include error cause in log messageYu Watanabe2018-10-201-1/+1
|
* tree-wide: add clickable man page link to all --help textsLennart Poettering2018-08-201-4/+15
| | | | | | | | | | This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
View Lorry Controller Status