mirror of
https://github.com/systemd/systemd
synced 2025-11-10 20:34:45 +01:00
Compare commits
No commits in common. "495454f40f3e9eb7c9ce94b25cd4a8c67a5eb7e6" and "3bb412626298006bfdb38a2eaec025cc2e181f01" have entirely different histories.
495454f40f
...
3bb4126262
17
NEWS
17
NEWS
@ -329,13 +329,6 @@ CHANGES WITH 246:
|
|||||||
MESSAGE=. This is useful to retrieve a very specific set of fields
|
MESSAGE=. This is useful to retrieve a very specific set of fields
|
||||||
without any decoration.
|
without any decoration.
|
||||||
|
|
||||||
* The sd-journal.h API gained two new functions:
|
|
||||||
sd_journal_enumerate_available_unique() and
|
|
||||||
sd_journal_enumerate_available_data() that operate like their
|
|
||||||
counterparts that lack the _available_ in the name, but skip items
|
|
||||||
that cannot be read and processed by the local implementation
|
|
||||||
(i.e. are compressed in an unsupported format or such),
|
|
||||||
|
|
||||||
* coredumpctl gained a new --file= switch, matching the same one in
|
* coredumpctl gained a new --file= switch, matching the same one in
|
||||||
journalctl: a specific journal file may be specified to read the
|
journalctl: a specific journal file may be specified to read the
|
||||||
coredump data from.
|
coredump data from.
|
||||||
@ -445,12 +438,10 @@ CHANGES WITH 246:
|
|||||||
also gained a new switch --root-password-hashed= which is like
|
also gained a new switch --root-password-hashed= which is like
|
||||||
--root-password= but accepts a pre-hashed UNIX password as
|
--root-password= but accepts a pre-hashed UNIX password as
|
||||||
argument. The new option --delete-root-password may be used to unset
|
argument. The new option --delete-root-password may be used to unset
|
||||||
any password for the root user (dangerous!). The --root-shell= switch
|
any password for the root user (dangerous!). A new --force option may
|
||||||
may be used to control the shell to use for the root account. A new
|
be used to override any already set settings with the parameters
|
||||||
--force option may be used to override any already set settings with
|
specified on the command line (by default, the tool will not override
|
||||||
the parameters specified on the command line (by default, the tool
|
what has already been set before, i.e. is purely incremental).
|
||||||
will not override what has already been set before, i.e. is purely
|
|
||||||
incremental).
|
|
||||||
|
|
||||||
* systemd-firstboot gained support for a new --image= switch, which is
|
* systemd-firstboot gained support for a new --image= switch, which is
|
||||||
similar to --root= but accepts the path to a disk image file, on
|
similar to --root= but accepts the path to a disk image file, on
|
||||||
|
|||||||
@ -164,10 +164,9 @@
|
|||||||
<term><option>--root-password-file=<replaceable>PATH</replaceable></option></term>
|
<term><option>--root-password-file=<replaceable>PATH</replaceable></option></term>
|
||||||
<term><option>--root-password-hashed=<replaceable>HASHED_PASSWORD</replaceable></option></term>
|
<term><option>--root-password-hashed=<replaceable>HASHED_PASSWORD</replaceable></option></term>
|
||||||
|
|
||||||
<listitem><para>Sets the password of the system's root user. This creates/modifies the
|
<listitem><para>Sets the password of the system's root user. This creates a
|
||||||
<citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
|
|
||||||
<citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
<citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||||
files. This setting exists in three forms: <option>--root-password=</option> accepts the password to
|
file. This setting exists in three forms: <option>--root-password=</option> accepts the password to
|
||||||
set directly on the command line, <option>--root-password-file=</option> reads it from a file and
|
set directly on the command line, <option>--root-password-file=</option> reads it from a file and
|
||||||
<option>--root-password-hashed=</option> accepts an already hashed password on the command line. See
|
<option>--root-password-hashed=</option> accepts an already hashed password on the command line. See
|
||||||
<citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
<citerefentry project='die-net'><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||||
@ -177,14 +176,6 @@
|
|||||||
</para></listitem>
|
</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><option>--root-shell=<replaceable>SHELL</replaceable></option></term>
|
|
||||||
|
|
||||||
<listitem><para>Sets the shell of the system's root user. This creates/modifies the
|
|
||||||
<citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
||||||
file.</para></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--kernel-command-line=<replaceable>CMDLINE</replaceable></option></term>
|
<term><option>--kernel-command-line=<replaceable>CMDLINE</replaceable></option></term>
|
||||||
|
|
||||||
@ -200,7 +191,6 @@
|
|||||||
<term><option>--prompt-timezone</option></term>
|
<term><option>--prompt-timezone</option></term>
|
||||||
<term><option>--prompt-hostname</option></term>
|
<term><option>--prompt-hostname</option></term>
|
||||||
<term><option>--prompt-root-password</option></term>
|
<term><option>--prompt-root-password</option></term>
|
||||||
<term><option>--prompt-root-shell</option></term>
|
|
||||||
|
|
||||||
<listitem><para>Prompt the user interactively for a specific
|
<listitem><para>Prompt the user interactively for a specific
|
||||||
basic setting. Note that any explicit configuration settings
|
basic setting. Note that any explicit configuration settings
|
||||||
@ -217,8 +207,7 @@
|
|||||||
<option>--prompt-keymap</option>,
|
<option>--prompt-keymap</option>,
|
||||||
<option>--prompt-timezone</option>,
|
<option>--prompt-timezone</option>,
|
||||||
<option>--prompt-hostname</option>,
|
<option>--prompt-hostname</option>,
|
||||||
<option>--prompt-root-password</option>,
|
<option>--prompt-root-password</option> in combination.</para>
|
||||||
<option>--prompt-root-shell</option> in combination.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -227,7 +216,6 @@
|
|||||||
<term><option>--copy-keymap</option></term>
|
<term><option>--copy-keymap</option></term>
|
||||||
<term><option>--copy-timezone</option></term>
|
<term><option>--copy-timezone</option></term>
|
||||||
<term><option>--copy-root-password</option></term>
|
<term><option>--copy-root-password</option></term>
|
||||||
<term><option>--copy-root-shell</option></term>
|
|
||||||
|
|
||||||
<listitem><para>Copy a specific basic setting from the host.
|
<listitem><para>Copy a specific basic setting from the host.
|
||||||
This only works in combination with <option>--root=</option>
|
This only works in combination with <option>--root=</option>
|
||||||
@ -242,8 +230,7 @@
|
|||||||
<option>--copy-locale</option>,
|
<option>--copy-locale</option>,
|
||||||
<option>--copy-keymap</option>,
|
<option>--copy-keymap</option>,
|
||||||
<option>--copy-timezone</option>,
|
<option>--copy-timezone</option>,
|
||||||
<option>--copy-root-password</option>,
|
<option>--copy-root-password</option> in combination.</para>
|
||||||
<option>--copy-root-shell</option> in combination.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|||||||
@ -679,10 +679,6 @@ if time_epoch == -1
|
|||||||
source_date_epoch = run_command('sh', ['-c', 'echo "$SOURCE_DATE_EPOCH"']).stdout().strip()
|
source_date_epoch = run_command('sh', ['-c', 'echo "$SOURCE_DATE_EPOCH"']).stdout().strip()
|
||||||
if source_date_epoch != ''
|
if source_date_epoch != ''
|
||||||
time_epoch = source_date_epoch.to_int()
|
time_epoch = source_date_epoch.to_int()
|
||||||
elif git.found() and run_command('test', '-e', '.git').returncode() == 0
|
|
||||||
# If we're in a git repository, use the creation time of the latest git tag.
|
|
||||||
latest_tag = run_command('git', 'describe', '--abbrev=0', '--tags').stdout().strip()
|
|
||||||
time_epoch = run_command('git', 'log', '-1', '--format=%at', latest_tag).stdout().to_int()
|
|
||||||
else
|
else
|
||||||
NEWS = files('NEWS')
|
NEWS = files('NEWS')
|
||||||
time_epoch = run_command(stat, '-c', '%Y', NEWS).stdout().to_int()
|
time_epoch = run_command(stat, '-c', '%Y', NEWS).stdout().to_int()
|
||||||
|
|||||||
@ -5761,10 +5761,7 @@ void exec_params_clear(ExecParameters *p) {
|
|||||||
if (!p)
|
if (!p)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
p->environment = strv_free(p->environment);
|
strv_free(p->environment);
|
||||||
p->fd_names = strv_free(p->fd_names);
|
|
||||||
p->fds = mfree(p->fds);
|
|
||||||
p->exec_fd = safe_close(p->exec_fd);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
|
static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
|
||||||
|
|||||||
@ -990,10 +990,9 @@ int job_finish_and_invalidate(Job *j, JobResult result, bool recursive, bool alr
|
|||||||
|
|
||||||
j->result = result;
|
j->result = result;
|
||||||
|
|
||||||
log_unit_debug(u, "Job %" PRIu32 " %s/%s finished, result=%s",
|
log_unit_debug(u, "Job %" PRIu32 " %s/%s finished, result=%s", j->id, u->id, job_type_to_string(t), job_result_to_string(result));
|
||||||
j->id, u->id, job_type_to_string(t), job_result_to_string(result));
|
|
||||||
|
|
||||||
/* If this job did nothing to the respective unit we don't log the status message */
|
/* If this job did nothing to respective unit we don't log the status message */
|
||||||
if (!already)
|
if (!already)
|
||||||
job_emit_done_status_message(u, j->id, t, result);
|
job_emit_done_status_message(u, j->id, t, result);
|
||||||
|
|
||||||
|
|||||||
@ -1442,15 +1442,17 @@ static int service_spawn(
|
|||||||
pid_t *_pid) {
|
pid_t *_pid) {
|
||||||
|
|
||||||
_cleanup_(exec_params_clear) ExecParameters exec_params = {
|
_cleanup_(exec_params_clear) ExecParameters exec_params = {
|
||||||
.flags = flags,
|
.flags = flags,
|
||||||
.stdin_fd = -1,
|
.stdin_fd = -1,
|
||||||
.stdout_fd = -1,
|
.stdout_fd = -1,
|
||||||
.stderr_fd = -1,
|
.stderr_fd = -1,
|
||||||
.exec_fd = -1,
|
.exec_fd = -1,
|
||||||
};
|
};
|
||||||
|
_cleanup_strv_free_ char **final_env = NULL, **our_env = NULL, **fd_names = NULL;
|
||||||
_cleanup_(sd_event_source_unrefp) sd_event_source *exec_fd_source = NULL;
|
_cleanup_(sd_event_source_unrefp) sd_event_source *exec_fd_source = NULL;
|
||||||
_cleanup_strv_free_ char **final_env = NULL, **our_env = NULL;
|
size_t n_socket_fds = 0, n_storage_fds = 0, n_env = 0;
|
||||||
size_t n_env = 0;
|
_cleanup_close_ int exec_fd = -1;
|
||||||
|
_cleanup_free_ int *fds = NULL;
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
@ -1475,21 +1477,17 @@ static int service_spawn(
|
|||||||
s->exec_context.std_output == EXEC_OUTPUT_SOCKET ||
|
s->exec_context.std_output == EXEC_OUTPUT_SOCKET ||
|
||||||
s->exec_context.std_error == EXEC_OUTPUT_SOCKET) {
|
s->exec_context.std_error == EXEC_OUTPUT_SOCKET) {
|
||||||
|
|
||||||
r = service_collect_fds(s,
|
r = service_collect_fds(s, &fds, &fd_names, &n_socket_fds, &n_storage_fds);
|
||||||
&exec_params.fds,
|
|
||||||
&exec_params.fd_names,
|
|
||||||
&exec_params.n_socket_fds,
|
|
||||||
&exec_params.n_storage_fds);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
log_unit_debug(UNIT(s), "Passing %zu fds to service", exec_params.n_socket_fds + exec_params.n_storage_fds);
|
log_unit_debug(UNIT(s), "Passing %zu fds to service", n_socket_fds + n_storage_fds);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!FLAGS_SET(flags, EXEC_IS_CONTROL) && s->type == SERVICE_EXEC) {
|
if (!FLAGS_SET(flags, EXEC_IS_CONTROL) && s->type == SERVICE_EXEC) {
|
||||||
assert(!s->exec_fd_event_source);
|
assert(!s->exec_fd_event_source);
|
||||||
|
|
||||||
r = service_allocate_exec_fd(s, &exec_fd_source, &exec_params.exec_fd);
|
r = service_allocate_exec_fd(s, &exec_fd_source, &exec_fd);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
@ -1529,6 +1527,7 @@ static int service_spawn(
|
|||||||
|
|
||||||
if (getpeername(s->socket_fd, &sa.sa, &salen) >= 0 &&
|
if (getpeername(s->socket_fd, &sa.sa, &salen) >= 0 &&
|
||||||
IN_SET(sa.sa.sa_family, AF_INET, AF_INET6, AF_VSOCK)) {
|
IN_SET(sa.sa.sa_family, AF_INET, AF_INET6, AF_VSOCK)) {
|
||||||
|
|
||||||
_cleanup_free_ char *addr = NULL;
|
_cleanup_free_ char *addr = NULL;
|
||||||
char *t;
|
char *t;
|
||||||
unsigned port;
|
unsigned port;
|
||||||
@ -1583,6 +1582,10 @@ static int service_spawn(
|
|||||||
MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE));
|
MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE));
|
||||||
|
|
||||||
strv_free_and_replace(exec_params.environment, final_env);
|
strv_free_and_replace(exec_params.environment, final_env);
|
||||||
|
exec_params.fds = fds;
|
||||||
|
exec_params.fd_names = fd_names;
|
||||||
|
exec_params.n_socket_fds = n_socket_fds;
|
||||||
|
exec_params.n_storage_fds = n_storage_fds;
|
||||||
exec_params.watchdog_usec = service_get_watchdog_usec(s);
|
exec_params.watchdog_usec = service_get_watchdog_usec(s);
|
||||||
exec_params.selinux_context_net = s->socket_fd_selinux_context_net;
|
exec_params.selinux_context_net = s->socket_fd_selinux_context_net;
|
||||||
if (s->type == SERVICE_IDLE)
|
if (s->type == SERVICE_IDLE)
|
||||||
@ -1590,6 +1593,7 @@ static int service_spawn(
|
|||||||
exec_params.stdin_fd = s->stdin_fd;
|
exec_params.stdin_fd = s->stdin_fd;
|
||||||
exec_params.stdout_fd = s->stdout_fd;
|
exec_params.stdout_fd = s->stdout_fd;
|
||||||
exec_params.stderr_fd = s->stderr_fd;
|
exec_params.stderr_fd = s->stderr_fd;
|
||||||
|
exec_params.exec_fd = exec_fd;
|
||||||
|
|
||||||
r = exec_spawn(UNIT(s),
|
r = exec_spawn(UNIT(s),
|
||||||
c,
|
c,
|
||||||
|
|||||||
@ -193,8 +193,6 @@ const UnitVTable target_vtable = {
|
|||||||
"Target\0"
|
"Target\0"
|
||||||
"Install\0",
|
"Install\0",
|
||||||
|
|
||||||
.can_fail = true,
|
|
||||||
|
|
||||||
.load = target_load,
|
.load = target_load,
|
||||||
.coldplug = target_coldplug,
|
.coldplug = target_coldplug,
|
||||||
|
|
||||||
|
|||||||
@ -49,19 +49,16 @@ static char *arg_timezone = NULL;
|
|||||||
static char *arg_hostname = NULL;
|
static char *arg_hostname = NULL;
|
||||||
static sd_id128_t arg_machine_id = {};
|
static sd_id128_t arg_machine_id = {};
|
||||||
static char *arg_root_password = NULL;
|
static char *arg_root_password = NULL;
|
||||||
static char *arg_root_shell = NULL;
|
|
||||||
static char *arg_kernel_cmdline = NULL;
|
static char *arg_kernel_cmdline = NULL;
|
||||||
static bool arg_prompt_locale = false;
|
static bool arg_prompt_locale = false;
|
||||||
static bool arg_prompt_keymap = false;
|
static bool arg_prompt_keymap = false;
|
||||||
static bool arg_prompt_timezone = false;
|
static bool arg_prompt_timezone = false;
|
||||||
static bool arg_prompt_hostname = false;
|
static bool arg_prompt_hostname = false;
|
||||||
static bool arg_prompt_root_password = false;
|
static bool arg_prompt_root_password = false;
|
||||||
static bool arg_prompt_root_shell = false;
|
|
||||||
static bool arg_copy_locale = false;
|
static bool arg_copy_locale = false;
|
||||||
static bool arg_copy_keymap = false;
|
static bool arg_copy_keymap = false;
|
||||||
static bool arg_copy_timezone = false;
|
static bool arg_copy_timezone = false;
|
||||||
static bool arg_copy_root_password = false;
|
static bool arg_copy_root_password = false;
|
||||||
static bool arg_copy_root_shell = false;
|
|
||||||
static bool arg_force = false;
|
static bool arg_force = false;
|
||||||
static bool arg_delete_root_password = false;
|
static bool arg_delete_root_password = false;
|
||||||
static bool arg_root_password_is_hashed = false;
|
static bool arg_root_password_is_hashed = false;
|
||||||
@ -604,46 +601,11 @@ static int prompt_root_password(void) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int prompt_root_shell(void) {
|
static int write_root_passwd(const char *passwd_path, const char *password) {
|
||||||
int r;
|
|
||||||
|
|
||||||
if (arg_root_shell || !arg_prompt_root_shell)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
print_welcome();
|
|
||||||
putchar('\n');
|
|
||||||
|
|
||||||
for (;;) {
|
|
||||||
_cleanup_free_ char *s = NULL;
|
|
||||||
|
|
||||||
r = ask_string(&s, "%s Please enter root shell for new system (empty to skip): ", special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET));
|
|
||||||
if (r < 0)
|
|
||||||
return log_error_errno(r, "Failed to query root shell: %m");
|
|
||||||
|
|
||||||
if (isempty(s)) {
|
|
||||||
log_warning("No shell entered, skipping.");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!valid_shell(s)) {
|
|
||||||
log_error("Specified shell invalid.");
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
arg_root_shell = TAKE_PTR(s);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int write_root_passwd(const char *passwd_path, const char *password, const char *shell) {
|
|
||||||
_cleanup_fclose_ FILE *original = NULL, *passwd = NULL;
|
_cleanup_fclose_ FILE *original = NULL, *passwd = NULL;
|
||||||
_cleanup_(unlink_and_freep) char *passwd_tmp = NULL;
|
_cleanup_(unlink_and_freep) char *passwd_tmp = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(password);
|
|
||||||
|
|
||||||
r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
|
r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
@ -658,11 +620,8 @@ static int write_root_passwd(const char *passwd_path, const char *password, cons
|
|||||||
|
|
||||||
while ((r = fgetpwent_sane(original, &i)) > 0) {
|
while ((r = fgetpwent_sane(original, &i)) > 0) {
|
||||||
|
|
||||||
if (streq(i->pw_name, "root")) {
|
if (streq(i->pw_name, "root"))
|
||||||
i->pw_passwd = (char *) password;
|
i->pw_passwd = (char *) password;
|
||||||
if (shell)
|
|
||||||
i->pw_shell = (char *) shell;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = putpwent_sane(i, passwd);
|
r = putpwent_sane(i, passwd);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -679,7 +638,7 @@ static int write_root_passwd(const char *passwd_path, const char *password, cons
|
|||||||
.pw_gid = 0,
|
.pw_gid = 0,
|
||||||
.pw_gecos = (char *) "Super User",
|
.pw_gecos = (char *) "Super User",
|
||||||
.pw_dir = (char *) "/root",
|
.pw_dir = (char *) "/root",
|
||||||
.pw_shell = (char *) (shell ?: "/bin/sh"),
|
.pw_shell = (char *) "/bin/sh",
|
||||||
};
|
};
|
||||||
|
|
||||||
if (errno != ENOENT)
|
if (errno != ENOENT)
|
||||||
@ -710,8 +669,6 @@ static int write_root_shadow(const char *shadow_path, const char *hashed_passwor
|
|||||||
_cleanup_(unlink_and_freep) char *shadow_tmp = NULL;
|
_cleanup_(unlink_and_freep) char *shadow_tmp = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(hashed_password);
|
|
||||||
|
|
||||||
r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
|
r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
@ -774,73 +731,73 @@ static int write_root_shadow(const char *shadow_path, const char *hashed_passwor
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int process_root_args(void) {
|
static int process_root_password(void) {
|
||||||
_cleanup_close_ int lock = -1;
|
_cleanup_close_ int lock = -1;
|
||||||
struct crypt_data cd = {};
|
struct crypt_data cd = {};
|
||||||
const char *password, *hashed_password;
|
const char *hashed_password;
|
||||||
const char *etc_passwd, *etc_shadow;
|
const char *etc_shadow;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
etc_passwd = prefix_roota(arg_root, "/etc/passwd");
|
|
||||||
etc_shadow = prefix_roota(arg_root, "/etc/shadow");
|
etc_shadow = prefix_roota(arg_root, "/etc/shadow");
|
||||||
|
if (laccess(etc_shadow, F_OK) >= 0 && !arg_force)
|
||||||
/* We only mess with passwd and shadow if both do not exist or --force is specified. These files are
|
|
||||||
* tightly coupled and hence we make sure we have permission from the user to create/modify both
|
|
||||||
* files. */
|
|
||||||
if ((laccess(etc_passwd, F_OK) >= 0 || laccess(etc_shadow, F_OK) >= 0) && !arg_force)
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
(void) mkdir_parents(etc_passwd, 0755);
|
(void) mkdir_parents(etc_shadow, 0755);
|
||||||
|
|
||||||
lock = take_etc_passwd_lock(arg_root);
|
lock = take_etc_passwd_lock(arg_root);
|
||||||
if (lock < 0)
|
if (lock < 0)
|
||||||
return log_error_errno(lock, "Failed to take a lock on %s: %m", etc_passwd);
|
return log_error_errno(lock, "Failed to take a lock: %m");
|
||||||
|
|
||||||
if (arg_copy_root_shell && arg_root) {
|
if (arg_delete_root_password) {
|
||||||
struct passwd *p;
|
const char *etc_passwd;
|
||||||
|
|
||||||
errno = 0;
|
/* Mixing alloca() and other stuff that touches the stack in one expression is not portable. */
|
||||||
p = getpwnam("root");
|
etc_passwd = prefix_roota(arg_root, "/etc/passwd");
|
||||||
if (!p)
|
|
||||||
return log_error_errno(errno_or_else(EIO), "Failed to find passwd entry for root: %m");
|
|
||||||
|
|
||||||
r = free_and_strdup(&arg_root_shell, p->pw_shell);
|
r = write_root_passwd(etc_passwd, "");
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_oom();
|
return log_error_errno(r, "Failed to write %s: %m", etc_passwd);
|
||||||
}
|
|
||||||
|
|
||||||
r = prompt_root_shell();
|
log_info("%s written", etc_passwd);
|
||||||
if (r < 0)
|
|
||||||
return r;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (arg_copy_root_password && arg_root) {
|
if (arg_copy_root_password && arg_root) {
|
||||||
struct spwd *p;
|
struct spwd *p;
|
||||||
|
|
||||||
errno = 0;
|
errno = 0;
|
||||||
p = getspnam("root");
|
p = getspnam("root");
|
||||||
if (!p)
|
if (p || errno != ENOENT) {
|
||||||
return log_error_errno(errno_or_else(EIO), "Failed to find shadow entry for root: %m");
|
if (!p) {
|
||||||
|
if (!errno)
|
||||||
|
errno = EIO;
|
||||||
|
|
||||||
r = free_and_strdup(&arg_root_password, p->sp_pwdp);
|
return log_error_errno(errno, "Failed to find shadow entry for root: %m");
|
||||||
if (r < 0)
|
}
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
arg_root_password_is_hashed = true;
|
r = write_root_shadow(etc_shadow, p->sp_pwdp);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to write %s: %m", etc_shadow);
|
||||||
|
|
||||||
|
log_info("%s copied.", etc_shadow);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
r = prompt_root_password();
|
r = prompt_root_password();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (arg_root_password && arg_root_password_is_hashed) {
|
if (!arg_root_password)
|
||||||
password = "x";
|
return 0;
|
||||||
|
|
||||||
|
if (arg_root_password_is_hashed)
|
||||||
hashed_password = arg_root_password;
|
hashed_password = arg_root_password;
|
||||||
} else if (arg_root_password) {
|
else {
|
||||||
_cleanup_free_ char *salt = NULL;
|
_cleanup_free_ char *salt = NULL;
|
||||||
/* hashed_password points inside cd after crypt_r returns so cd has function scope. */
|
/* hashed_password points inside cd after crypt_r returns so cd has function scope. */
|
||||||
|
|
||||||
password = "x";
|
|
||||||
|
|
||||||
r = make_salt(&salt);
|
r = make_salt(&salt);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to get salt: %m");
|
return log_error_errno(r, "Failed to get salt: %m");
|
||||||
@ -850,16 +807,7 @@ static int process_root_args(void) {
|
|||||||
if (!hashed_password)
|
if (!hashed_password)
|
||||||
return log_error_errno(errno == 0 ? SYNTHETIC_ERRNO(EINVAL) : errno,
|
return log_error_errno(errno == 0 ? SYNTHETIC_ERRNO(EINVAL) : errno,
|
||||||
"Failed to encrypt password: %m");
|
"Failed to encrypt password: %m");
|
||||||
} else if (arg_delete_root_password)
|
}
|
||||||
password = hashed_password = "";
|
|
||||||
else
|
|
||||||
password = hashed_password = "!";
|
|
||||||
|
|
||||||
r = write_root_passwd(etc_passwd, password, arg_root_shell);
|
|
||||||
if (r < 0)
|
|
||||||
return log_error_errno(r, "Failed to write %s: %m", etc_passwd);
|
|
||||||
|
|
||||||
log_info("%s written", etc_passwd);
|
|
||||||
|
|
||||||
r = write_root_shadow(etc_shadow, hashed_password);
|
r = write_root_shadow(etc_shadow, hashed_password);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -1020,7 +968,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
ARG_ROOT_PASSWORD,
|
ARG_ROOT_PASSWORD,
|
||||||
ARG_ROOT_PASSWORD_FILE,
|
ARG_ROOT_PASSWORD_FILE,
|
||||||
ARG_ROOT_PASSWORD_HASHED,
|
ARG_ROOT_PASSWORD_HASHED,
|
||||||
ARG_ROOT_SHELL,
|
|
||||||
ARG_KERNEL_COMMAND_LINE,
|
ARG_KERNEL_COMMAND_LINE,
|
||||||
ARG_PROMPT,
|
ARG_PROMPT,
|
||||||
ARG_PROMPT_LOCALE,
|
ARG_PROMPT_LOCALE,
|
||||||
@ -1028,13 +975,11 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
ARG_PROMPT_TIMEZONE,
|
ARG_PROMPT_TIMEZONE,
|
||||||
ARG_PROMPT_HOSTNAME,
|
ARG_PROMPT_HOSTNAME,
|
||||||
ARG_PROMPT_ROOT_PASSWORD,
|
ARG_PROMPT_ROOT_PASSWORD,
|
||||||
ARG_PROMPT_ROOT_SHELL,
|
|
||||||
ARG_COPY,
|
ARG_COPY,
|
||||||
ARG_COPY_LOCALE,
|
ARG_COPY_LOCALE,
|
||||||
ARG_COPY_KEYMAP,
|
ARG_COPY_KEYMAP,
|
||||||
ARG_COPY_TIMEZONE,
|
ARG_COPY_TIMEZONE,
|
||||||
ARG_COPY_ROOT_PASSWORD,
|
ARG_COPY_ROOT_PASSWORD,
|
||||||
ARG_COPY_ROOT_SHELL,
|
|
||||||
ARG_SETUP_MACHINE_ID,
|
ARG_SETUP_MACHINE_ID,
|
||||||
ARG_FORCE,
|
ARG_FORCE,
|
||||||
ARG_DELETE_ROOT_PASSWORD,
|
ARG_DELETE_ROOT_PASSWORD,
|
||||||
@ -1055,7 +1000,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
{ "root-password", required_argument, NULL, ARG_ROOT_PASSWORD },
|
{ "root-password", required_argument, NULL, ARG_ROOT_PASSWORD },
|
||||||
{ "root-password-file", required_argument, NULL, ARG_ROOT_PASSWORD_FILE },
|
{ "root-password-file", required_argument, NULL, ARG_ROOT_PASSWORD_FILE },
|
||||||
{ "root-password-hashed", required_argument, NULL, ARG_ROOT_PASSWORD_HASHED },
|
{ "root-password-hashed", required_argument, NULL, ARG_ROOT_PASSWORD_HASHED },
|
||||||
{ "root-shell", required_argument, NULL, ARG_ROOT_SHELL },
|
|
||||||
{ "kernel-command-line", required_argument, NULL, ARG_KERNEL_COMMAND_LINE },
|
{ "kernel-command-line", required_argument, NULL, ARG_KERNEL_COMMAND_LINE },
|
||||||
{ "prompt", no_argument, NULL, ARG_PROMPT },
|
{ "prompt", no_argument, NULL, ARG_PROMPT },
|
||||||
{ "prompt-locale", no_argument, NULL, ARG_PROMPT_LOCALE },
|
{ "prompt-locale", no_argument, NULL, ARG_PROMPT_LOCALE },
|
||||||
@ -1063,13 +1007,11 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
{ "prompt-timezone", no_argument, NULL, ARG_PROMPT_TIMEZONE },
|
{ "prompt-timezone", no_argument, NULL, ARG_PROMPT_TIMEZONE },
|
||||||
{ "prompt-hostname", no_argument, NULL, ARG_PROMPT_HOSTNAME },
|
{ "prompt-hostname", no_argument, NULL, ARG_PROMPT_HOSTNAME },
|
||||||
{ "prompt-root-password", no_argument, NULL, ARG_PROMPT_ROOT_PASSWORD },
|
{ "prompt-root-password", no_argument, NULL, ARG_PROMPT_ROOT_PASSWORD },
|
||||||
{ "prompt-root-shell", no_argument, NULL, ARG_PROMPT_ROOT_SHELL },
|
|
||||||
{ "copy", no_argument, NULL, ARG_COPY },
|
{ "copy", no_argument, NULL, ARG_COPY },
|
||||||
{ "copy-locale", no_argument, NULL, ARG_COPY_LOCALE },
|
{ "copy-locale", no_argument, NULL, ARG_COPY_LOCALE },
|
||||||
{ "copy-keymap", no_argument, NULL, ARG_COPY_KEYMAP },
|
{ "copy-keymap", no_argument, NULL, ARG_COPY_KEYMAP },
|
||||||
{ "copy-timezone", no_argument, NULL, ARG_COPY_TIMEZONE },
|
{ "copy-timezone", no_argument, NULL, ARG_COPY_TIMEZONE },
|
||||||
{ "copy-root-password", no_argument, NULL, ARG_COPY_ROOT_PASSWORD },
|
{ "copy-root-password", no_argument, NULL, ARG_COPY_ROOT_PASSWORD },
|
||||||
{ "copy-root-shell", no_argument, NULL, ARG_COPY_ROOT_SHELL },
|
|
||||||
{ "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID },
|
{ "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID },
|
||||||
{ "force", no_argument, NULL, ARG_FORCE },
|
{ "force", no_argument, NULL, ARG_FORCE },
|
||||||
{ "delete-root-password", no_argument, NULL, ARG_DELETE_ROOT_PASSWORD },
|
{ "delete-root-password", no_argument, NULL, ARG_DELETE_ROOT_PASSWORD },
|
||||||
@ -1166,17 +1108,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
arg_root_password_is_hashed = true;
|
arg_root_password_is_hashed = true;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_ROOT_SHELL:
|
|
||||||
if (!valid_shell(optarg))
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
|
||||||
"%s is not a valid shell path", optarg);
|
|
||||||
|
|
||||||
r = free_and_strdup(&arg_root_shell, optarg);
|
|
||||||
if (r < 0)
|
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ARG_HOSTNAME:
|
case ARG_HOSTNAME:
|
||||||
if (!hostname_is_valid(optarg, true))
|
if (!hostname_is_valid(optarg, true))
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
@ -1204,8 +1135,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_PROMPT:
|
case ARG_PROMPT:
|
||||||
arg_prompt_locale = arg_prompt_keymap = arg_prompt_timezone = arg_prompt_hostname =
|
arg_prompt_locale = arg_prompt_keymap = arg_prompt_timezone = arg_prompt_hostname = arg_prompt_root_password = true;
|
||||||
arg_prompt_root_password = arg_prompt_root_shell = true;
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_PROMPT_LOCALE:
|
case ARG_PROMPT_LOCALE:
|
||||||
@ -1228,13 +1158,8 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
arg_prompt_root_password = true;
|
arg_prompt_root_password = true;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_PROMPT_ROOT_SHELL:
|
|
||||||
arg_prompt_root_shell = true;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ARG_COPY:
|
case ARG_COPY:
|
||||||
arg_copy_locale = arg_copy_keymap = arg_copy_timezone = arg_copy_root_password =
|
arg_copy_locale = arg_copy_keymap = arg_copy_timezone = arg_copy_root_password = true;
|
||||||
arg_copy_root_shell = true;
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_COPY_LOCALE:
|
case ARG_COPY_LOCALE:
|
||||||
@ -1253,10 +1178,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
arg_copy_root_password = true;
|
arg_copy_root_password = true;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_COPY_ROOT_SHELL:
|
|
||||||
arg_copy_root_shell = true;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ARG_SETUP_MACHINE_ID:
|
case ARG_SETUP_MACHINE_ID:
|
||||||
r = sd_id128_randomize(&arg_machine_id);
|
r = sd_id128_randomize(&arg_machine_id);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -1357,7 +1278,7 @@ static int run(int argc, char *argv[]) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = process_root_args();
|
r = process_root_password();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|||||||
@ -671,8 +671,7 @@ tests += [
|
|||||||
libseccomp,
|
libseccomp,
|
||||||
libselinux,
|
libselinux,
|
||||||
libmount,
|
libmount,
|
||||||
libblkid],
|
libblkid]],
|
||||||
'', 'timeout=120'],
|
|
||||||
|
|
||||||
[['src/test/test-execute.c'],
|
[['src/test/test-execute.c'],
|
||||||
[libcore,
|
[libcore,
|
||||||
|
|||||||
@ -346,8 +346,10 @@ int main(int argc, char *argv[]) {
|
|||||||
NULL,
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
_cleanup_free_ char *test_path = NULL;
|
|
||||||
_cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
|
_cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
|
||||||
|
_cleanup_free_ char *test_path = NULL;
|
||||||
|
const test_function_t *test = NULL;
|
||||||
|
Manager *m = NULL;
|
||||||
|
|
||||||
umask(022);
|
umask(022);
|
||||||
|
|
||||||
@ -357,8 +359,7 @@ int main(int argc, char *argv[]) {
|
|||||||
assert_se(set_unit_path(test_path) >= 0);
|
assert_se(set_unit_path(test_path) >= 0);
|
||||||
assert_se(runtime_dir = setup_fake_runtime_dir());
|
assert_se(runtime_dir = setup_fake_runtime_dir());
|
||||||
|
|
||||||
for (const test_function_t *test = tests; test && *test; test++) {
|
for (test = tests; test && *test; test++) {
|
||||||
Manager *m = NULL;
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
/* We create a clean environment for each test */
|
/* We create a clean environment for each test */
|
||||||
|
|||||||
@ -10,8 +10,6 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Initrd File Systems
|
Description=Initrd File Systems
|
||||||
Documentation=man:systemd.special(7)
|
Documentation=man:systemd.special(7)
|
||||||
OnFailure=emergency.target
|
|
||||||
OnFailureJobMode=replace-irreversibly
|
|
||||||
ConditionPathExists=/etc/initrd-release
|
ConditionPathExists=/etc/initrd-release
|
||||||
After=initrd-parse-etc.service
|
After=initrd-parse-etc.service
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
|
|||||||
@ -11,7 +11,5 @@
|
|||||||
Description=Initrd Root Device
|
Description=Initrd Root Device
|
||||||
Documentation=man:systemd.special(7)
|
Documentation=man:systemd.special(7)
|
||||||
ConditionPathExists=/etc/initrd-release
|
ConditionPathExists=/etc/initrd-release
|
||||||
OnFailure=emergency.target
|
|
||||||
OnFailureJobMode=replace-irreversibly
|
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
Conflicts=shutdown.target
|
Conflicts=shutdown.target
|
||||||
|
|||||||
@ -11,7 +11,5 @@
|
|||||||
Description=Initrd Root File System
|
Description=Initrd Root File System
|
||||||
Documentation=man:systemd.special(7)
|
Documentation=man:systemd.special(7)
|
||||||
ConditionPathExists=/etc/initrd-release
|
ConditionPathExists=/etc/initrd-release
|
||||||
OnFailure=emergency.target
|
|
||||||
OnFailureJobMode=replace-irreversibly
|
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
Conflicts=shutdown.target
|
Conflicts=shutdown.target
|
||||||
|
|||||||
@ -10,8 +10,6 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Initrd Default Target
|
Description=Initrd Default Target
|
||||||
Documentation=man:systemd.special(7)
|
Documentation=man:systemd.special(7)
|
||||||
OnFailure=emergency.target
|
|
||||||
OnFailureJobMode=replace-irreversibly
|
|
||||||
ConditionPathExists=/etc/initrd-release
|
ConditionPathExists=/etc/initrd-release
|
||||||
Requires=basic.target
|
Requires=basic.target
|
||||||
Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-parse-etc.service
|
Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-parse-etc.service
|
||||||
|
|||||||
@ -13,5 +13,3 @@ Documentation=man:systemd.special(7)
|
|||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
Conflicts=shutdown.target
|
Conflicts=shutdown.target
|
||||||
After=local-fs-pre.target
|
After=local-fs-pre.target
|
||||||
OnFailure=emergency.target
|
|
||||||
OnFailureJobMode=replace-irreversibly
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user