[pve-devel] [PATCH installer v2 5/5] fix #5579: install: setup proxmox-first-boot service if enabled

From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH installer v2 5/5] fix #5579: install: setup proxmox-first-boot service if enabled
Date: Mon, 18 Nov 2024 13:38:41 +0100	[thread overview]
Message-ID: <20241118123843.1090243-6-c.heiss@proxmox.com> (raw)
In-Reply-To: <20241118123843.1090243-1-c.heiss@proxmox.com>

The auto-installer will place an executable file named
`proxmox-first-boot` in the installer runtime-directory if the user set
up.

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v1 -> v2:
  * factor out of extract_data()
  * implement enabling correct service depending on set order

 Proxmox/Install.pm | 55 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/Proxmox/Install.pm b/Proxmox/Install.pm
index d409577..c64e1d4 100644
--- a/Proxmox/Install.pm
+++ b/Proxmox/Install.pm
@@ -15,7 +15,7 @@ use Proxmox::Install::StorageConfig;
 
 use Proxmox::Sys::Block qw(get_cached_disks wipe_disk partition_bootable_disk);
 use Proxmox::Sys::Command qw(run_command syscmd);
-use Proxmox::Sys::File qw(file_read_firstline file_write_all);
+use Proxmox::Sys::File qw(file_read_firstline file_read_all file_write_all);
 use Proxmox::Sys::ZFS;
 use Proxmox::UI;
 
@@ -678,6 +678,55 @@ my sub setup_root_password {
     }
 }
 
+my sub setup_proxmox_first_boot_service {
+    my ($targetdir) = @_;
+
+    return if !Proxmox::Install::Config::get_first_boot_opt('enabled');
+
+    my $iso_env = Proxmox::Install::ISOEnv::get();
+    my $proxmox_rundir = $iso_env->{locations}->{run};
+
+    my $exec_name = 'proxmox-first-boot';
+    my $pending_flagfile = "pending-first-boot-setup";
+    my $targetpath = "$targetdir/var/lib/proxmox-first-boot";
+
+    die "cannot find proxmox-first-boot hook executable?\n"
+	if ! -f "$proxmox_rundir/$exec_name";
+
+    # Create /var/lib/proxmox-first-boot state directory
+    syscmd("mkdir -p $targetpath/") == 0
+	|| die "failed to create $targetpath directory\n";
+
+    syscmd("cp $proxmox_rundir/$exec_name $targetpath/") == 0
+	|| die "unable to copy $exec_name executable\n";
+    syscmd("touch $targetpath/$pending_flagfile") == 0
+	|| die "unable to create $pending_flagfile flag file\n";
+
+    # Explicitly mark the entire directory only accessible, to prevent
+    # possible secret leaks from the bootstrap script.
+    syscmd("chmod -R 0700 $targetpath") == 0
+	|| warn "failed to set permissions for $targetpath\n";
+
+    # Enable the correct unit according the requested target ordering
+    my $ordering = Proxmox::Install::Config::get_first_boot_opt('ordering_target');
+
+    # .. so do it ourselves
+    my $linktarget = "/lib/systemd/system/proxmox-first-boot-$ordering.service";
+    syscmd("ln -sf $linktarget $targetdir/etc/systemd/system/proxmox-first-boot.service") == 0
+	|| die "failed to link proxmox-first-boot-$ordering.service\n";
+
+    my $servicefile = file_read_all("$targetdir/$linktarget");
+    if ($servicefile =~ m/^WantedBy=(.+)$/m) {
+	my $wantedby = $1;
+
+	syscmd("mkdir -p $targetdir/etc/systemd/system/$wantedby.wants") == 0
+	    || die "failed to create $wantedby.wants directory\n";
+
+	syscmd("ln -sf $linktarget $targetdir/etc/systemd/system/$wantedby.wants/proxmox-first-boot-$ordering.service") == 0
+	    || die "failed to link $wantedby.wants/proxmox-first-boot-$ordering.service\n";
+    }
+}
+
 sub extract_data {
     my $iso_env = Proxmox::Install::ISOEnv::get();
     my $run_env = Proxmox::Install::RunEnv::get();
@@ -1171,6 +1220,7 @@ _EOD
 	    next if ($deb =~ /grub-efi-amd64_/ && $run_env->{boot_type} ne 'efi');
 	    next if ($deb =~ /^proxmox-grub/ && $run_env->{boot_type} ne 'efi');
 	    next if ($deb =~ /^proxmox-secure-boot-support_/ && !$run_env->{secure_boot});
+	    next if ($deb =~ /^proxmox-first-boot/ && !Proxmox::Install::Config::get_first_boot_opt('enabled'));
 
 	    update_progress($count/$pkg_count, 0.5, 0.75, "extracting $deb");
 
@@ -1251,6 +1301,9 @@ _EOD
 	my $ask_for_patience = "";
 	$ask_for_patience = " (multiple disks detected, please be patient)" if $diskcount > 3;
 	update_progress(0.8, 0.95, 1, "make system bootable$ask_for_patience");
+
+	setup_proxmox_first_boot_service($targetdir);
+
 	my $target_cmdline='';
 	if ($target_cmdline = Proxmox::Install::Config::get_target_cmdline()) {
 	    my $target_cmdline_snippet = '';
-- 
2.47.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

