File jeos-firstboot-1.5.3.obscpio of Package jeos-firstboot
07070100000000000081A400000000000000000000000166FC020700000421000000000000000000000000000000000000001D00000000jeos-firstboot-1.5.3/LICENSECopyright (c) 2015-2022 SUSE LLC
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
07070100000001000081A400000000000000000000000166FC0207000010F1000000000000000000000000000000000000001F00000000jeos-firstboot-1.5.3/README.md# jeos-firstboot
## Description
jeos-firstboot allows initial configuration and adjustments of a Linux system using text based dialogs.
It is a lightweight and customisable firstboot wizard that allows to set basic system settings during and after the first boot of an image. Including showing the license and prompt for language, keyboard, timezone, root passsword and network configuration..
This is mainly developed for openSUSE and SUSE Linux Enterprise Server JeOS images. For more information visit the [JeOS wiki](https://en.opensuse.org/Portal:JeOS).
## Installation
The RPM package is developed in openSUSE OBS [devel package](https://build.opensuse.org/package/show/devel:openSUSE:Factory/jeos-firstboot)
You can also get binaries RPM for openSUSE flavours at [package download](https://software.opensuse.org/package/jeos-firstboot)
<!-- USAGE EXAMPLES -->
## Usage
jeos-firstboot is used as two systemd services [jeos-firstboot.service](https://github.com/openSUSE/jeos-firstboot/blob/master/files/usr/lib/systemd/system/jeos-firstboot.service) and [jeos-firstboot-snapshot](https://github.com/openSUSE/jeos-firstboot/blob/master/files/usr/lib/systemd/system/jeos-firstboot-snapshot.service), for using it you need to copy the appropriate service files and enable it.
You can check the example in the RPM package for installation.
The service is controlled by a file, so after installing it you should be sure that your system is configured appropriately
```sh
# Enable jeos-firstboot
mkdir -p /var/lib/YaST2
touch /var/lib/YaST2/reconfig_system
systemctl mask systemd-firstboot.service
systemctl enable jeos-firstboot.service
```
Beside the service that runs on firstboot there is also a tool to change configuration in a running system, this will also be installed and available as `jeos-config`
jeos-config usage:
```
Usage: jeos-config [OPTION...] [CONFIG_NAME]
Configure system settings using an interactive dialog
-h shows this usage help
locale Show configuration for locale
keytable Show configuration for keyboard
timezone Show configuration for timezone
password Show configuration for password
network Show configuration for network
raspberrywifi Show configuration for raspberrywifi
```
Additional modules (like raspberrywifi) are shown if present.
If no parameter is given it shows a dialog for selection.
## Writing modules
jeos-firstboot can be extended using modules written in bash placed in `/usr/share/jeos-firstboot/modules/` or `/etc/jeos-firstboot/modules/`. Modules in `/etc/jeos-firstboot/modules/` will be preferred. If a link to `/dev/null` is encountered, the module is skipped.
The basename of the module file is its name. It is used as prefix of properties and hooks. It is also used as argument to jeos-config when calling the module directly.
### Properties
```sh
# Shown in jeos-config for module selection
yourmodule_title="Title of your module"
# Shown in jeos-config --help
yourmodule_description="Show an awesome dialog with a nice button"
# Priority of the module. Modules with higher priority are run later in jeos-firstboot and shown below in jeos-config.
# The default is 50.
yourmodule_priority=50
```
### Hooks
```sh
# Runs if called by jeos-firstboot, currently after systemd-firstboot is called
# (that should probably be changed)
yourmodule_systemd_firstboot() { }
# Runs if called by jeos-firstboot, after all systemd_firstboot hooks.
yourmodule_post() { }
# Runs if called by jeos-config
yourmodule_jeos_config() { }
# Runs at the end of jeos-firstboot just before exiting.
yourmodule_cleanup() { }
```
<!-- CONTRIBUTING -->
## Contributing
Any contributions you make are greatly appreciated.
Feel free to create any [Issues](https://github.com/openSUSE/jeos-firstboot/issues) and send pull requests to this repository.
<!-- LICENSE -->
## License
Distributed under the MIT License. See [LICENSE](https://github.com/openSUSE/jeos-firstboot/blob/master/LICENSE) for more information.
## Credentials
jeos-firstboot supports [systemd credentials](https://systemd.io/CREDENTIALS/)
to pre-configure systems. The wizard does not prompt for settings
defined by credentials.
* firstboot.keymap
* firstboot.license-agreed
* firstboot.locale
* firstboot.timezone
* passwd.plaintext-password.root
07070100000002000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000001B00000000jeos-firstboot-1.5.3/files07070100000003000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000001F00000000jeos-firstboot-1.5.3/files/usr07070100000004000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000002300000000jeos-firstboot-1.5.3/files/usr/lib07070100000005000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000002B00000000jeos-firstboot-1.5.3/files/usr/lib/systemd07070100000006000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000003200000000jeos-firstboot-1.5.3/files/usr/lib/systemd/system07070100000007000081A400000000000000000000000166FC02070000042A000000000000000000000000000000000000005200000000jeos-firstboot-1.5.3/files/usr/lib/systemd/system/jeos-firstboot-snapshot.service# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
[Unit]
Description=SUSE JeOS First Boot Wizard - create system snapshot
# Same as YaST2-Firstboot.service here
After=apparmor.service local-fs.target plymouth-start.service YaST2-Second-Stage.service
Conflicts=plymouth-start.service
Before=getty@tty1.service serial-getty@ttyS0.service serial-getty@ttyS1.service serial-getty@ttyS2.service
Before=display-manager.service
ConditionPathExists=/var/lib/YaST2/reconfig_system
# The configuration is already done - so this doesn't make much sense
#OnFailure=poweroff.target
# jeos-firstboot-snapshot starts after jeos-firstboot, time got synced
# and dbus became available
Wants=time-sync.target
Requires=jeos-firstboot.service dbus.service
After=jeos-firstboot.service time-sync.target
[Service]
Type=oneshot
RemainAfterExit=yes
# In Pre - if creation fails, don't do the configuration again
ExecStartPre=/usr/bin/rm -f /var/lib/YaST2/reconfig_system
ExecStart=/usr/sbin/jeos-firstboot-snapshot
[Install]
WantedBy=default.target
07070100000008000081A400000000000000000000000166FC0207000005CB000000000000000000000000000000000000004900000000jeos-firstboot-1.5.3/files/usr/lib/systemd/system/jeos-firstboot.service# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
[Unit]
Description=SUSE JeOS First Boot Wizard
# Same as YaST2-Firstboot.service here
After=apparmor.service local-fs.target plymouth-start.service YaST2-Second-Stage.service
Conflicts=plymouth-start.service
Before=getty@tty1.service serial-getty@hvc0.service serial-getty@ttyS0.service serial-getty@ttyS1.service serial-getty@ttyS2.service serial-getty@ttyAMA0.service
Before=display-manager.service
ConditionPathExists=/var/lib/YaST2/reconfig_system
OnFailure=poweroff.target
# jeos-firstboot starts before wicked and login though.
# It writes wicked configuration manually
Before=wicked.service systemd-user-sessions.service
# For NM it uses nmcli, so NM needs to be running
After=NetworkManager.service
# If cloud-init is used on the system, wait until it's done to be able
# to check whether it performed any configuration.
After=cloud-init-local.service
# jeos-firstboot-snapshot.service deletes the flag file, but starts after us
Wants=jeos-firstboot-snapshot.service
[Service]
Type=oneshot
Environment=TERM=linux
RemainAfterExit=yes
ExecStartPre=/bin/sh -c "/usr/bin/plymouth quit 2>/dev/null || :"
ExecStart=/usr/sbin/jeos-firstboot
StandardOutput=tty
StandardInput=tty
#StandardError=tty
# enable accessing global keyring to get data from eg. initrd
KeyringMode=shared
ImportCredential=passwd.plaintext-password.root
ImportCredential=firstboot.*
[Install]
WantedBy=default.target
07070100000009000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000002400000000jeos-firstboot-1.5.3/files/usr/sbin0707010000000A000081ED00000000000000000000000166FC020700000AB9000000000000000000000000000000000000003000000000jeos-firstboot-1.5.3/files/usr/sbin/jeos-config#!/bin/bash
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
jeos_prefix="$(realpath "$(dirname "${BASH_SOURCE[0]}")/../")"
# shellcheck source-path=SCRIPTDIR/../
. "${jeos_prefix}/share/jeos-firstboot/jeos-firstboot-functions"
# shellcheck source-path=SCRIPTDIR/../
. "${jeos_prefix}/share/jeos-firstboot/jeos-firstboot-dialogs"
# for testing we may run as non root
if [ -w /run ]; then
export TMPDIR=/run
# debugging
if [ -n "$FIRSTBOOT_DEBUG" ]; then
set -x
exec 2>/var/log/firstboot-debug
fi
else
dry=1
fi
if [ -n "$dry" ]; then
run() {
echo "$@"
}
else
run() {
"$@"
}
fi
cleanup() {
#call_module_hook cleanup
echo
}
trap cleanup EXIT
init_modules
# Get a list of all config modules
config_modules=()
for module in "${modules[@]}"; do
if module_has_hook "$module" "jeos_config"; then
config_modules+=("${module}")
fi
done
select_config()
{
local modules_order=("locale" $"Locale" "keytable" $"Keyboard Layout" "timezone" $"Timezone" "password" $"Password")
for module in "${config_modules[@]}"; do
modules_order+=("$module" "$(module_get_prop "${module}" "title" "${module}")")
done
d_with_result --no-tags --menu $"Select configuration module" 0 0 "$(menuheight ${#modules_order[@]})" "${modules_order[@]}" || exit 0
}
usage()
{
cat <<EOF
Usage: jeos-config [OPTION...] [CONFIG_NAME]
Configure system settings using an interactive dialog
-h shows this usage help
locale Show configuration for locale
keytable Show configuration for keyboard
timezone Show configuration for timezone
password Show configuration for password
EOF
for module in "${config_modules[@]}"; do
local fallbackdescription="$(printf $"Show configuration for %s" "${module}")"
printf "\t%-8s\t%s\n" "${module}" "$(module_get_prop "$module" "description" "$fallbackdescription")"
done
}
while getopts ":h" opt; do
case ${opt} in
h)
usage
exit 0
;;
\?)
echo "Invalid Option: -$OPTARG" 1>&2
usage
exit 1
;;
esac
done
if [ ${OPTIND} -gt $# ]; then
select_config
subcommand=${result}
else
subcommand=${!OPTIND}; shift
fi
case "$subcommand" in
locale)
list=() # Set by findlocales
if ! findlocales; then
d --msgbox $"No locales found" 0 0
elif [ "${#list[@]}" -eq 2 ]; then # Only a single entry
d --msgbox $"Locale set to ${list[0]}, no more locales available" 5 50
else
dialog_locale
apply_locale
fi
;;
keytable)
dialog_keytable
JEOS_LOCALE="$(get_current_locale)"
apply_locale_and_keytable
;;
timezone)
dialog_timezone
timedatectl set-timezone "$JEOS_TIMEZONE"
;;
password)
dialog_password
apply_password
;;
*)
call_module "$subcommand" "jeos_config" || echo "Unknown option '$subcommand'"
esac
0707010000000B000081ED00000000000000000000000166FC020700001DED000000000000000000000000000000000000003300000000jeos-firstboot-1.5.3/files/usr/sbin/jeos-firstboot#!/bin/bash
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
set -e
jeos_prefix="$(realpath "$(dirname "${BASH_SOURCE[0]}")/../")"
TEXTDOMAIN='jeos-firstboot'
# shellcheck source-path=SCRIPTDIR/../
. "${jeos_prefix}/share/jeos-firstboot/jeos-firstboot-functions"
# shellcheck source-path=SCRIPTDIR/../
. "${jeos_prefix}/share/jeos-firstboot/jeos-firstboot-dialogs"
# shellcheck source-path=SCRIPTDIR/../
. "${jeos_prefix}/share/jeos-firstboot/welcome-screen"
# Read the optional configuration file
# shellcheck source-path=SCRIPTDIR/../
[ -f "${jeos_prefix}/share/defaults/jeos-firstboot.conf" ] && . "${jeos_prefix}/share/defaults/jeos-firstboot.conf"
# shellcheck source=/dev/null
[ -f /etc/jeos-firstboot.conf ] && . /etc/jeos-firstboot.conf
# for testing we may run as non root
if [ -w /run ]; then
export TMPDIR=/run
# debugging
if [ -n "$FIRSTBOOT_DEBUG" ]; then
set -x
exec 2>/var/log/firstboot-debug
fi
else
dry=1
fi
if [ -e /run/cloud-init/enabled ] && ! grep -qw none /run/cloud-init/cloud-id; then
echo $"System configured with cloud-init, skipping jeos-firstboot"
exit 0
fi
if [ -n "$dry" ]; then
run() {
echo "$@"
}
else
run() {
"$@"
}
fi
cleanup() {
call_module_hook cleanup
# reenable systemd and kernel logs
# Try the race-free DBus method first
if ! run dbus-send --system --print-reply --dest=org.freedesktop.systemd1 /org/freedesktop/systemd1 \
org.freedesktop.systemd1.Manager.SetShowStatus string: &>/dev/null; then
# Fall back to using signals
run kill -s SIGRTMAX-10 1
fi
run setterm -msg on 2>/dev/null || true
echo
}
trap cleanup EXIT
# avoid kernel messages spamming our console
run setterm -msg off 2>/dev/null || true
# Avoid systemd messages spamming our console
# Try the race-free DBus method first
if ! run dbus-send --system --print-reply --dest=org.freedesktop.systemd1 /org/freedesktop/systemd1 \
org.freedesktop.systemd1.Manager.SetShowStatus string:off &>/dev/null; then
# Fall back to using signals
run kill -s SIGRTMAX-9 1
# sleep to avoid systemd bug, bsc#1119382
sleep 1
fi
init_modules
systemd_firstboot_args=()
# If the configuration is not loaded and we are in the first terminal
# instance, make sure that the variables are declared.
JEOS_LOCALE=${JEOS_LOCALE-}
JEOS_KEYTABLE=${JEOS_KEYTABLE-}
# If there is only a single locale on the system, don't use its
# default timezone but UTC instead.
use_utc_as_default_tz=0
if [ -z "$JEOS_LOCALE" ] && ! get_credential JEOS_LOCALE firstboot.locale; then
welcome_screen_with_console_switch
dialog_locale
# Same check as inside dialog_locale
if [ "${#list[@]}" -eq 2 ]; then
use_utc_as_default_tz=1
fi
fi
# Activate the locale selected
apply_locale
# also add to systemd-firstboot parameters
systemd_firstboot_args+=("--locale=$JEOS_LOCALE")
if [ -z "$JEOS_KEYTABLE" ] && ! get_credential JEOS_KEYTABLE firstboot.keymap; then
welcome_screen_with_console_switch
dialog_keytable
fi
# langset.sh needs locale to set keytable
apply_locale_and_keytable
# apply_locale(_and_keytable) also sets the TZ, override it here
if [ "$use_utc_as_default_tz" -eq "1" ]; then
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/UTC /etc/localtime
fi
[ -n "$JEOS_LOCALE" ] && language="${JEOS_LOCALE%%_*}" || language="en"
force_english_license=0
export LANG="$JEOS_LOCALE"
kmscon_available() {
# kmscon itself is installed
kmscon --help >/dev/null 2>&1 || return 1
# At least one monospace font is available
[ -n "$(fc-match "monospace" 2>/dev/null)" ] || return 1
return 0
}
fbiterm_available() {
# fbiterm itself is installed
fbiterm --help >/dev/null 2>&1 || return 1
# fbiterm comes with its own fallback font
return 0
}
if [[ "$(resolve_tty "$(tty)")" =~ /dev/tty[0-9]+ ]]; then
# Those languages can't be displayed in the console
declare -A start_kmscon
start_kmscon["cs"]=1
start_kmscon["ja"]=1
start_kmscon["zh"]=1
start_kmscon["ko"]=1
# Relay those settings to the nested instance
export JEOS_LOCALE JEOS_KEYTABLE
if [ -n "$JEOS_LOCALE" -a -n "${start_kmscon[${language}]+_}" ]; then
if kmscon_available; then
ret_file="$(mktemp)"
kmscon --silent --font-size 10 --palette vga --no-reset-env -l -- /bin/sh -c "$0; echo \$? > $ret_file; kill \$PPID"
exit $(cat "$ret_file"; rm -f "$ret_file")
elif fbiterm_available; then
exec fbiterm -- "$0"
else
# No kmscon or fbiterm, fall back to english
export LANG="en_US.UTF-8"
force_english_license=1
fi
fi
fi
if [ -z "$JEOS_EULA_ALREADY_AGREED" ] && ! get_credential JEOS_EULA_ALREADY_AGREED firstboot.license-agreed; then
welcome_screen_with_console_switch
# Find the location of the EULA
# An EULA in /etc takes precedence
EULA_FILE=/etc/YaST2/licenses/base/license.txt
[ -e "${EULA_FILE}" ] || EULA_FILE=/usr/share/licenses/product/base/license.txt
# Failsafe: If no license found, quit.
if ! [ -e "$EULA_FILE" ]; then
d --msgbox $"No license found - cannot continue" 6 40
exit 1
fi
if [ "$force_english_license" = "0" ]; then
for i in "${EULA_FILE%.txt}.${JEOS_LOCALE}.txt" \
"${EULA_FILE%.txt}.${JEOS_LOCALE%%.UTF-8}.txt" \
"${EULA_FILE%.txt}.${language}.txt"; do
if [ -e "$i" ]; then
EULA_FILE="$i"
break
fi
done
fi
while true; do
d --exit-label $"Continue" --textbox "$EULA_FILE" $dh_text 85
[ -e "${EULA_FILE%/*}/no-acceptance-needed" ] && break
d_styled --yesno $"Do you agree with the terms of the license?" 0 0 && break
d_styled --msgbox $"Can not continue without agreement" 6 40 || :
done
fi
if [ -z "$JEOS_TIMEZONE" ] && ! get_credential JEOS_TIMEZONE firstboot.timezone; then
welcome_screen_with_console_switch
dialog_timezone
fi
systemd_firstboot_args+=("--timezone=$JEOS_TIMEZONE")
# systemd-firstboot does not set the timezone if it exists, langset.sh created it
run rm -f /etc/localtime
run systemd-firstboot "${systemd_firstboot_args[@]}"
if [ -z "$JEOS_PASSWORD_ALREADY_SET" ] && ! get_credential password passwd.plaintext-password.root; then
welcome_screen_with_console_switch
dialog_password
fi
# Only show the registration prompt on commercial distros and if it's not
# globally disabled. Can't use /etc/products.d/ for that, even TW has a register target.
if [ -z "${CPE_NAME##cpe:*o:suse:*}" ] && [ -z "${JEOS_HIDE_SUSECONNECT}" ]; then
if [ -x /usr/bin/SUSEConnect ] && [ -x /usr/sbin/transactional-update ]; then
welcome_screen_with_console_switch
d --msgbox $"Please register this image using your existing SUSE entitlement.
As \"root\" use the following command:
transactional-update register -e company@example.com -r YOUR_CODE
to register the instance with SCC
Without registration this instance does not have access to updates and
security fixes." 0 0 || true
elif [ -x /usr/bin/SUSEConnect ]; then
welcome_screen_with_console_switch
d --msgbox $"Please register this image using your existing SUSE entitlement.
As \"root\" use the following command:
SUSEConnect -e company@example.com -r YOUR_CODE
to register the instance with SCC
Without registration this instance does not have access to updates and
security fixes." 0 0 || true
fi
fi
call_module_hook systemd_firstboot
d --infobox $"Applying firstboot settings ..." 3 40 || true
apply_password
# Look for EFI dir to see if the machine is booted in UEFI mode
EFI_SYSTAB="/sys/firmware/efi/systab"
# modprobe and efivars are not available everywhere, just ignore those cases
run modprobe efivars &>/dev/null || true
if ! [ -f "$EFI_SYSTAB" ]; then
if [ -f /etc/sysconfig/bootloader ]; then
run sed -i -e "s/LOADER_TYPE=.*/LOADER_TYPE=grub2/g" /etc/sysconfig/bootloader
fi
fi
call_module_hook post
0707010000000C000081ED00000000000000000000000166FC020700000212000000000000000000000000000000000000003C00000000jeos-firstboot-1.5.3/files/usr/sbin/jeos-firstboot-snapshot#!/bin/bash
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
set -euo pipefail
if ! mountpoint -q /.snapshots &>/dev/null; then
echo "Snapshots not enabled, skipping"
exit 0
fi
if mountpoint -q /etc; then
echo "/etc is not part of the snapshot, skipping"
exit 0
fi
if [ ! -e /.snapshots/2 ]; then
snapper -v create -d "After jeos-firstboot configuration" --userdata "important=yes"
fi
if [ -x /usr/lib/snapper/plugins/grub ]; then
/usr/lib/snapper/plugins/grub --refresh
fi
exit 0
0707010000000D000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000002500000000jeos-firstboot-1.5.3/files/usr/share0707010000000E000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000002E00000000jeos-firstboot-1.5.3/files/usr/share/defaults0707010000000F000081A400000000000000000000000166FC02070000058A000000000000000000000000000000000000004200000000jeos-firstboot-1.5.3/files/usr/share/defaults/jeos-firstboot.conf# Example configuration file for jeos-firstboot
# Valid system locale that will be used in JeOS. If empty/unset, a
# dialog box will ask for the system locale.
# JEOS_LOCALE='en_US'
# Keyboard layout used in the system and during jeos-firstboot.
# If empty/unset, a dialog box will ask for the keyboard layout.
# JEOS_KEYTABLE='en'
# Local timezone of the system.
# If empty/unset, a dialog box will ask for the local timezone.
# JEOS_TIMEZONE='UTC'
# If set to a nonempty value, the dialog box for setting the
# initial password for the root user will be skipped. In this case is
# expected that the root password was set by other means.
# JEOS_PASSWORD_ALREADY_SET='yes'
# If set to a nonempty value, the dialog box for accepting the EULA
# will be skipped. Use this option only when building images (ISO /
# PXE / OEM) that are part of another product and than can be used
# when this license was already accepted by other means.
# JEOS_EULA_ALREADY_AGREED='yes'
# If set to a nonempty value, the dialog box for showing the
# SUSEConnect help will not be displayed. By default this dialog is
# present when SUSEConnect is installed on SLE systems.
# JEOS_HIDE_SUSECONNECT='yes'
# If enabled, jeos-firstboot shows a welcome screen on all consoles and
# continues on the console where Ok was pressed. When disabled, only the
# active console (last "console=" on the kernel cmdline) is used.
JEOS_ASK_CONSOLE=1
07070100000010000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000003400000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot07070100000011000081A400000000000000000000000166FC020700000976000000000000000000000000000000000000004B00000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/jeos-firstboot-dialogs# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
# shellcheck shell=bash
menulist()
{
list=()
local line
while read line; do
list+=("$line" '')
done < <("$@"||true)
[ -n "$list" ]
}
dialog_locale()
{
default="en_US"
[ -f /etc/locale.conf ] && locale_lang="$(awk -F= '$1 == "LANG" { split($2,fs,"."); print fs[1]; exit }' /etc/locale.conf)"
[ -n "$locale_lang" ] && default="$locale_lang"
list=() # Set by findlocales
newlocale="$default"
if ! findlocales; then
d --msgbox $"No locales found" 0 0
elif [ "${#list[@]}" -eq 2 ]; then # Only a single entry
newlocale="${list[0]}"
else
d --default-item "$default" --menu $"Select system locale" 0 0 "$(menuheight ${#list[@]})" "${list[@]}"
newlocale="${result}"
fi
JEOS_LOCALE="${newlocale}.UTF-8"
}
dialog_keytable()
{
default="us"
[ -f /etc/vconsole.conf ] && vconsole_keymap="$(awk -F= '$1 == "KEYMAP" { split($2,fs,"."); print fs[1]; exit }' /etc/vconsole.conf)"
[ -n "$vconsole_keymap" ] && default="$vconsole_keymap"
if findkeymaps \
&& d --default-item "$default" --menu $"Select keyboard layout" 0 0 "$(menuheight ${#list[@]})" "${list[@]}"; then
if [ -n "$result" ]; then
JEOS_KEYTABLE="$result"
fi
else
d --msgbox $"Error setting keyboard" 5 26
fi
}
dialog_timezone()
{
default="$(readlink -f /etc/localtime)"
default="${default##/usr/share/zoneinfo/}"
# timedatectl doesn't work as dbus is not up yet
# menulist timedatectl --no-pager list-timezones
if menulist awk \
'BEGIN{print "UTC"; sort="sort"}/^#/{next;}{print $3|sort}END{close(sort)}' \
/usr/share/zoneinfo/zone.tab \
&& d --default-item "$default" --menu $"Select time zone" 0 0 "$(menuheight ${#list[@]})" "${list[@]}"; then
if [ -n "$result" ]; then
JEOS_TIMEZONE="$result"
fi
else
d --msgbox $"Error setting timezone" 5 26
fi
}
dialog_password()
{
while true; do
d --insecure --passwordbox $"Enter root password" 0 0
password="$result"
d --insecure --passwordbox $"Confirm root password" 0 0
if [ "$password" != "$result" ]; then
d --msgbox $"Entered passwords don't match" 5 40
continue
fi
if [ -z "$password" ]; then
warn $"Warning: No root password set.
You cannot log in that way. A debug shell will be started on tty9 just this time. Use it to e.g. import your ssh key." || true
run systemctl start debug-shell.service
fi
break
done
}
# vim: syntax=sh
07070100000012000081A400000000000000000000000166FC020700001502000000000000000000000000000000000000004D00000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/jeos-firstboot-functions# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
# shellcheck shell=bash
if [ -e /etc/os-release ]; then
. /etc/os-release
else
. /usr/lib/os-release
fi
stty_size() {
set -- $(stty size); LINES=$1; COLUMNS=$2
# stty size can return zero when not ready or
# its a serial console
if [ "$COLUMNS" = "0" -o "$LINES" = "0" ]; then
LINES=24
COLUMNS=80
fi
let dh_menu=LINES-15
let dh_text=LINES-5
}
stty_size
# Make sure globs and regex are consistent everywhere.
LC_COLLATE=C.UTF-8
result=
list=
password=''
modules=()
_find_modules() {
local f
for f in /etc/jeos-firstboot/modules/* "${jeos_prefix?}/share/jeos-firstboot/modules"/*; do
if [ -L "$f" ] || [ -f "$f" ]; then
echo "${f##*/}" "$f"
fi
done
}
# Echos the value of the module variable or a fallback if unset.
# Usage: module_get_prop modulename varname defaultvalue
module_get_prop() {
local module="$1"
local varname="$2"
local default="${3-}"
local fullname="${module}_${varname}"
echo -n "${!fullname-"${default}"}"
}
init_modules() {
[ -z "$modules" ] || return 0
local module f _prio
local unordered_modules=()
while read -r module f; do
if [ -L "$f" ] && [ "$(readlink "$f")" = "/dev/null" ]; then
continue
fi
# shellcheck source=/dev/null
source "$f" || continue
unordered_modules+=("${module}")
done < <(_find_modules|sort -k 1,1 -u)
# Sort modules by priority
while read -r _prio module; do
modules+=("${module}")
done < <(for module in "${unordered_modules[@]}"; do
module_get_prop "$module" "priority" 50; echo " $module"
done | sort -n)
}
module_has_hook() {
local module="$1"
local module_func="$2"
module_function="${module}_${module_func}"
[ "$(type -t -- "${module_function}")" = "function" ]
}
call_module() {
local module="$1"
local module_func="$2"
module_function="${module}_${module_func}"
[ "$(type -t -- "${module_function}")" = "function" ] || return 1
"${module_function}" && true # To not trigger errexit
ret=$?
[ $ret -eq 0 ] || return $ret
}
call_module_hook() {
local hook="$1"
for module in "${modules[@]}"; do
call_module "${module}" "${hook}" || continue
done
return 0
}
# Run dialog with jeos-firstboot style options applied
d_styled() {
dialog --backtitle "$PRETTY_NAME" "$@"
}
# Run d_styled and save the output into $result
d_with_result() {
local retval=0
local stdoutfd
# Bash makes it a bit annoying to read the output of a different FD into a variable, it
# only supports reading stdout by itself. So redirect 3 to stdout and 1 to the real stdout.
exec {stdoutfd}>&1
result="$(d_styled --output-fd 3 "$@" 3>&1 1>&${stdoutfd})" || retval=$?
# Word splitting makes it necessary to use eval here.
eval "exec ${stdoutfd}>&-"
return "$retval"
}
# Run d_with_result but exit if cancelled (ESC or Cancel/No button pressed)
d_with_exit_on_fail() {
while true
do
retval=0
d_with_result "$@" || retval=$?
case $retval in
0)
return 0
;;
1|255)
d_styled --yesno $"Do you really want to quit?" 0 0 && exit 1
continue
;;
esac
done
}
# Run d_with_exit_on_fail, just with the previous unclear name for backwards compat
d() {
d_with_exit_on_fail "$@"
}
warn(){
d --title $"Warning" --msgbox "$1" 0 0
}
# Given the number of total item pairs, outputs the number of items to display at once
menuheight() {
local height=$(($1 / 2))
[ "$height" -le "$dh_menu" ] || height="$dh_menu"
echo $height
}
# localectl --no-pager list-keymaps does not list aliases (symlinks), but those are used
# by YaST/langset.sh, so we need to show them.
findkeymaps()
{
list=()
local line
while read line; do
list+=("${line%.map.gz}" '')
done < <(find /usr/share/kbd/keymaps -name '*.map.gz' -printf "%f\n" | sort -u)
[ -n "$list" ]
}
findlocales()
{
list=()
local l locale
# List only locales which are both in live-langset-data and glibc-locale(-base)
for l in /usr/share/langset/*; do
locale="${l#/usr/share/langset/}"
[ -d "/usr/lib/locale/${locale}.utf8" ] || continue
list+=("${locale}" '')
done
[ -n "$list" ]
}
get_current_locale()
{
cur_locale=$(awk -F= '$1 == "LANG" { print $2; exit }' /etc/locale.conf)
[ -z "$cur_locale" ] && cur_locale="en_US"
echo "${cur_locale}"
}
apply_locale()
{
if [ ! -z "$JEOS_LOCALE" ]; then
run langset.sh "$JEOS_LOCALE" || warn $"Setting the locale failed"
fi
}
apply_locale_and_keytable()
{
if [ ! -z "$JEOS_LOCALE" -a ! -z "$JEOS_KEYTABLE" ]; then
# Activate the selected keyboard layout
run langset.sh "$JEOS_LOCALE" "$JEOS_KEYTABLE" || warn $"Setting the keyboard layout failed"
fi
}
apply_password()
{
# FIXME: systemd-firstboot doesn't set password if shadow present
if [ -n "$password" ]; then
run echo "root:$password" | run /usr/sbin/chpasswd
fi
}
# Resolves /dev/console and /dev/tty0
resolve_tty() {
local tty="$1"
if [ "$tty" = "/dev/console" ]; then
tty=$(awk '{printf "/dev/%s", $NF}' /sys/class/tty/console/active)
fi
if [ "$tty" = "/dev/tty0" ]; then
printf "/dev/%s" "$(cat /sys/class/tty/tty0/active)"
else
echo -n "$tty"
fi
}
# get systemd credential
# https://systemd.io/CREDENTIALS/
get_credential()
{
local var="${1:?}"
local name="${2:?}"
[ -n "$CREDENTIALS_DIRECTORY" ] || return 1
[ -e "$CREDENTIALS_DIRECTORY/$name" ] || return 1
read -r "$var" < "$CREDENTIALS_DIRECTORY/$name" || [ -n "${!var}" ]
}
# vim: syntax=sh
07070100000013000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000003C00000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules07070100000014000081A400000000000000000000000166FC020700000292000000000000000000000000000000000000004400000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/network# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
# shellcheck shell=bash
# Returns the basename of the target of network.service,
# e.g. "wicked" or "NetworkManager"
current_network_service()
{
systemctl show -P Id network.service | cut -d. -f1
}
network_service="$(current_network_service)"
if [ -e "${jeos_prefix?}/share/jeos-firstboot/modules/network-modules/${network_service}" ]; then
# shellcheck source=SCRIPTDIR/network-modules/NetworkManager
. "${jeos_prefix?}/share/jeos-firstboot/modules/network-modules/${network_service}"
else
echo "No network configuration module for ${network_service} found" >&2
fi
07070100000015000041ED00000000000000000000000266FC020700000000000000000000000000000000000000000000004C00000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/network-modules07070100000016000081A400000000000000000000000166FC02070000030F000000000000000000000000000000000000005B00000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/network-modules/NetworkManager# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
# shellcheck shell=bash
network_jeos_config()
{
nmtui
}
network_systemd_firstboot()
{
if [ "$(nmcli networking connectivity)" = "none" ]; then
welcome_screen_with_console_switch
# Note: Dialog also flushes the input queue here. Without that,
# nmtui would react to what is typed before it shows up.
if d_styled --yesno $"No active network connection detected.\nDo you want to configure network connections?" 0 0; then
# nmtui (resp. libslang used by newt) uses /dev/tty,
# so setsid is required to set it to the current one.
setsid -wc nmtui
# setsid steals our tty connection, reopen it
if [ "$console" != "$(tty)" ]; then
exec 0<>"$console" 1>&0
fi
fi
fi
}
07070100000017000081A400000000000000000000000166FC0207000005DC000000000000000000000000000000000000005300000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/network-modules/wicked# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
# shellcheck shell=bash
do_wicked_autoconfig()
{
d --infobox $"Collecting network info ..." 3 33
shopt -s nullglob
for net_path in /sys/class/net/*; do
[ -d "$net_path" ] || continue # skip bonding_masters file
net_device=${net_path##*/}
[ "$net_device" = "lo" ] && continue
# Only devices having ID_NET_NAME.* attrs
# Ignore errors if udev not available
udevadm info -q property -p "$net_path" 2>/dev/null | grep -qs ID_NET_NAME || continue
# But don't touch WLAN interfaces
udevadm info -q property -p "$net_path" | grep -qs "DEVTYPE=wlan" && continue
unset IPADDR
eval $(wicked test dhcp4 "$net_device" 2>/dev/null | grep -E "^IPADDR=")
ip link set down "$net_device" # set link down after probe once done
# Create a configuration file for each interface that provides
# an IPADDR
if [ -n "$IPADDR" ]; then
printf "STARTMODE=auto\nBOOTPROTO=dhcp\n" \
> "/etc/sysconfig/network/ifcfg-$net_device"
fi
done
run sed -i -E 's/^DHCLIENT(6?)_SET_HOSTNAME=.*$/DHCLIENT\1_SET_HOSTNAME=yes/' /etc/sysconfig/network/dhcp
}
network_jeos_config()
{
if ! d_styled --yesno $"This will create a new network configuration from scratch,
all connections will be lost.\nDo you want to continue?" 7 50; then
return
fi
do_wicked_autoconfig
d --infobox $"Restarting network ..." 3 26 || true
systemctl restart network
}
network_systemd_firstboot()
{
do_wicked_autoconfig
}
07070100000018000081A400000000000000000000000166FC020700001397000000000000000000000000000000000000004000000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/otp# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2024 SUSE LLC
# shellcheck shell=bash
otp_title=$"TOTP for Cockpit Login"
otp_description=$"Set up TOTP for cockpit user authentication"
otp_priority=70
_otp_do_config_for_user()
{
local user="$1"
# Generate secret in base32 (most common format).
# 20 bytes (-> 160 bits) result in 32 base32 characters (5 bits each) and
# 40 hex digits (4 bits each), so no padding is necessary.
local totp_secret
if ! totp_secret="$(dd if=/dev/urandom bs=1 count=20 status=none | base32)"; then
d_styled --title "$otp_title" --msgbox $"Failed to generate TOTP secret" 6 45 || :
return 1
fi
# oath-toolkit prefers to work with the hex format.
local totp_secret_hex
totp_secret_hex="$(base32 -d <<<"$totp_secret" | hexdump -ve '1/1 "%.2x"')"
local url="otpauth://totp/${user}?secret=${totp_secret}&issuer=$(uname -n)"
local msg="$(
printf $"Configuring time-based one-time password (TOTP) authentication for the user '%s'.\n\n" "$user"
printf $"Enroll with your desired TOTP application by scanning the QR code or entering the secret manually, then enter the generated 6 digit code below to confirm successful enrollment. "
printf $"Once confirmed, the Cockpit Web UI will ask for an OTP value on each login.\n\n"
printf $"TOTP Secret: %s" "${totp_secret}"
)"
local qrcode="$(qrencode -t UTF8i -m 1 <<<"$url")"
local msg_with_qr="$(printf "%s\n\n%s" "${msg}" "${qrcode}")"
while true; do
# If the screen is to small to fit the text and QR code at once,
# show only the text but add a button to show the QR code.
if [ "$LINES" -ge 37 ] && [ "$COLUMNS" -ge 24 ]; then
d_with_result --title "$otp_title" \
--cancel-label $"Skip" \
--no-nl-expand --no-collapse \
--mixedform "${msg_with_qr}" 37 60 1 \
$"OTP value:" 1 0 "" 1 15 45 0 0
else
d_with_result --title "$otp_title" \
--cancel-label $"Skip" \
--no-nl-expand --no-collapse \
--extra-button --extra-label $"QR Code" \
--mixedform "${msg}" 17 60 1 \
$"OTP value:" 1 0 "" 1 15 45 0 0
fi
local ret=$?
if [ "$ret" -eq 1 ]; then
# Skip button pressed
return 0
elif [ "$ret" -eq 3 ]; then
# QR code button pressed
d_styled --title "$otp_title" --no-nl-expand --no-collapse --msgbox "${qrcode}" 23 50 || :
continue
elif [ "$ret" -eq 255 ]; then
# ESC
if d_styled --yesno $"Do you really want to quit?" 0 0; then
exit 1
fi
continue
fi
readarray -t input <<<"$result"
if ! echo "${totp_secret_hex}" | oathtool --totp -d 6 -w 3 - "${input[0]}" >/dev/null; then
d_styled --title "$otp_title" --msgbox $"TOTP did not match" 6 45 || :
continue
fi
# Replace or create token in ~/.pam_oath.
# Use su to run as the target user (not root) if necessary.
local run_as_user=("su" "$user" "-c")
if [ "$(whoami)" = "${user}" ]; then
run_as_user=("sh" "-e" "-c")
fi
# Iterate all lines, find the matching entry to modify or append a new one.
# FIXME: Use file used by the PAM configuration?
if "${run_as_user[@]}" "set -e; umask 077; touch ~/.pam_oath_usersfile; awk -i inplace -f - ~/.pam_oath_usersfile" <<EOF; then
\$2 == "${user}" { \$1 = "HOTP/T30/6"; \$4="${totp_secret_hex}"; replaced=1 }
1 { print }
ENDFILE { if (!replaced) { print "HOTP/T30/6 ${user} - ${totp_secret_hex}" } }
EOF
break
fi
d_styled --title "$otp_title" --msgbox $"Failed to configure pam_oath" 6 45 || :
continue
done
}
# There might be multiple user accounts, ask if necessary.
# Accepts an option --msg-if-no-users to show a dialog if no users found.
_otp_do_config()
{
# If not root, only allow configuration for the calling user
if [ "$(id -u)" != "0" ]; then
_otp_do_config_for_user "$(whoami)"
return
fi
# Otherwise allow configuring it for all users
local users
# Technically this should read login.defs for the UID range but that's not trivial.
readarray -t users < <(getent passwd | awk -F: '$3 >= 1000 && $3 <= 60000 { print $1; print $5; }')
if [ "${#users[@]}" -eq 0 ]; then
# No user to configure found
if [ "${1-}" = "--msg-if-no-users" ]; then
d_styled --title "$otp_title" --msgbox $"No users for TOTP configuration found" 6 45 || :
fi
return 0
elif [ "${#users[@]}" -eq 2 ]; then
_otp_do_config_for_user "${users[0]}"
else
while true; do
d_with_result --title "$otp_title" \
--cancel-label $"Skip" \
--menu $"Select user to configure" 0 0 "$(menuheight ${#users[@]})" "${users[@]}"
local ret=$?
if [ "$ret" -eq 1 ]; then
# Skip button pressed
return 0
elif [ "$ret" -eq 255 ]; then
# ESC
if d_styled --yesno $"Do you really want to quit?" 0 0; then
exit 1
fi
continue
fi
_otp_do_config_for_user "$result"
done
fi
}
# Only show the configuration if necessary packages are installed.
if command -v oathtool >/dev/null && command -v qrencode >/dev/null; then
otp_systemd_firstboot()
{
_otp_do_config
}
otp_jeos_config()
{
_otp_do_config --msg-if-no-users
}
fi
07070100000019000081A400000000000000000000000166FC020700000F76000000000000000000000000000000000000004A00000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/raspberrywifi# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
# shellcheck shell=bash
config_wireless=false
# Raspberry pi Wi-fi functions
raspberrywifi_get_wlan_devices()
{
list=()
local line
while read line; do
list+=("${line}" '')
done < <(ls -d /sys/class/net/*/wireless | awk -F'/' '{ print $5 }')
[ -n "$list" ]
}
raspberrywifi_get_wlan_networks()
{
list=()
local line
while read line; do
if [ -n "${line}" ]; then
list+=("SSID=${line}" "${line}")
fi
done < <(ip link set "$wlan_device" up && iwlist "$wlan_device" scan|grep ESSID|cut -d':' -f2|cut -d'"' -f2|sort -u)
list+=("manual" "Enter SSID manually")
[ -n "${list[*]}" ]
}
raspberrywifi_wlan_error()
{
dialog --backtitle "$PRETTY_NAME" --title $"Error" --yesno $"$1\n\nDo you want to retry?" 0 0
}
is_raspberry()
{
grep -q Raspberry /proc/device-tree/model 2> /dev/null
}
# This function is called as part of jeos-config module hook implementation
# and also used to run the config dialogs for the module itself for
# jeos-firstboot modules extension.
raspberrywifi_jeos_config()
{
while true
do
if ! raspberrywifi_get_wlan_devices; then
if raspberrywifi_wlan_error $"Error listing wlan devices"; then
continue
fi
break
fi
if [ "${#list[@]}" -eq "2" ]; then
wlan_device="${list[0]}"
else
d --menu $"Select wireless card to configure" 0 0 "$(menuheight ${#list[@]})" "${list[@]}"
wlan_device="${result}"
fi
if raspberrywifi_get_wlan_networks; then
d --no-tags --menu $"Select wireless network to connect" 0 0 "$(menuheight ${#list[@]})" "${list[@]}"
wlan_network="$result"
else
if raspberrywifi_wlan_error $"Error listing wireless networks"; then
continue
fi
break
fi
if [ "$wlan_network" == "manual" ]; then
d --inputbox $"SSID of hidden network" 0 0
wlan_network="$result"
else
wlan_network="$(cut -d "=" -f2- <<< "$wlan_network")"
fi
list=($"WPA-PSK" '' $"WPA-EAP" '' $"Open" '')
d --menu $"Select authentication mode" 0 0 "$(menuheight ${#list[@]})" "${list[@]}"
wlan_auth_mode="$result"
wlan_auth_mode_conf=
if [ "$wlan_auth_mode" = "WPA-EAP" ]; then
wlan_auth_mode_conf=eap
d --inputbox $"Username" 0 0
wlan_username="$result"
fi
if [ "$wlan_auth_mode" = "WPA-PSK" ]; then
wlan_auth_mode_conf=psk
fi
if [ "$wlan_auth_mode" = "Open" ]; then
wlan_auth_mode_conf=open
fi
if [ "$wlan_auth_mode" != "Open" ]; then
wlan_password=
d --insecure --passwordbox $"Network password" 0 0
wlan_password="$result"
fi
config_file=$(mktemp -qt 'firstboot-XXXXXX')
cat << EOF > "$config_file"
BOOTPROTO='dhcp'
STARTMODE='auto'
WIRELESS_AP_SCANMODE='1'
WIRELESS_AUTH_MODE='$wlan_auth_mode_conf'
WIRELESS_ESSID='$wlan_network'
WIRELESS_MODE='Managed'
EOF
if [ "$wlan_auth_mode" = "WPA-PSK" ]; then
echo "WIRELESS_WPA_PSK='$wlan_password'" >> "$config_file"
fi
if [ "$wlan_auth_mode" = "WPA-EAP" ]; then
echo "WIRELESS_WPA_IDENTITY='$wlan_username'" >> "$config_file"
echo "WIRELESS_WPA_PASSWORD='$wlan_password'" >> "$config_file"
echo "WIRELESS_EAP_AUTH='mschapv2'" >> "$config_file"
fi
run mv -f "$config_file" /etc/sysconfig/network/ifcfg-"$wlan_device"
d --infobox $"Connecting to wireless network ..." 3 38 || true
run ifdown "$wlan_device" &>/dev/null || true
if ! run ifup "$wlan_device" &>/dev/null; then
if dialog --backtitle "$PRETTY_NAME" --yesno $"Connection failed, do you wish to retry?" 0 0; then
continue
fi
fi
return 0
done
}
# This is called by jeos-firstboot for user
# interaction and access to the global systemd_firstboot_args array
raspberrywifi_systemd_firstboot()
{
if is_raspberry && stat -t /sys/class/net/*/wireless &> /dev/null; then
if dialog --backtitle "$PRETTY_NAME" --yesno $"Configure wireless network?" 0 0; then
config_wireless=true
fi
fi
[ "$config_wireless" = "true" ] || return 0
raspberrywifi_jeos_config
}
# vim: syntax=sh
0707010000001A000081A400000000000000000000000166FC02070000028B000000000000000000000000000000000000004700000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/ssh_enroll# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2024 SUSE LLC
# shellcheck shell=bash
# Only show the configuration if the package is installed
if command -v ssh-pairing >/dev/null; then
ssh_enroll_jeos_config()
{
DIALOGOPTS="--backtitle \"$PRETTY_NAME\"" ssh-pairing || :
}
ssh_enroll_systemd_firstboot()
{
if d_styled --title $"SSH Key Enrollment" --yesno $"Do you want to enroll keys for SSH access?" 0 0; then
while ! DIALOGOPTS="--backtitle \"$PRETTY_NAME\"" ssh-pairing; do
if ! d_styled --title $"SSH Key Enrollment" --yesno $"No keys enrolled. Try again?" 0 0; then
return 0
fi
done
fi
}
fi
0707010000001B000081A400000000000000000000000166FC020700000CDC000000000000000000000000000000000000004800000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/status_mail# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2024 SUSE LLC
# shellcheck shell=bash
# This also gets the password as value, so make sure not to leak that in the process list
status_mail_set_config_option()
{
key="$1"
value="$2"
# Create the config file in /etc if necessary
[ -e /etc/default/systemd-status-mail ] || touch /etc/default/systemd-status-mail
# Ensure the permissions are correct
chown systemd-status-mail:systemd-journal /etc/default/systemd-status-mail
chmod 600 /etc/default/systemd-status-mail
# Escape string for the file itself
value="${value@Q}"
# awk only supports " quoting, so \ and " need to be escaped
# Escape backslash for awk
value="${value//\\/\\\\}"
# Escape double quotes for awk
value="${value//\"/\\\"}"
# Replace existing assignment(s) or append at the end
awk -i inplace -F= -f - /etc/default/systemd-status-mail <<EOF
\$1 == "${key}" { \$0="${key}=${value}"; replaced=1 }
1 { print }
ENDFILE { if (!replaced) { print "${key}=${value}" } }
EOF
}
status_mail_do_config()
{
if [ -e /usr/etc/default/systemd-status-mail ]; then
. /usr/etc/default/systemd-status-mail
fi
if [ -e /etc/default/systemd-status-mail ]; then
. /etc/default/systemd-status-mail
fi
# Add a (fake) placeholder to demonstrate the smtps:// syntax
if [ -z "${RELAYHOST}" ]; then
RELAYHOST="smtps://server:port"
fi
# If a password is set, don't pass it to dialog as default value
# to not leak it to ps
pw_placeholder="${MAILX_AUTH_PASSWORD}"
if [ -n "${pw_placeholder}" ]; then
pw_placeholder="^^^"
fi
d --title $"E-Mail Notifications" \
--insecure \
--mixedform $"If desired, enter a mail address to receive system status notifications:" 8 0 10 \
$"Destination" 1 0 "$ADDRESS" 1 18 35 0 0 \
$"Sender address" 2 0 "$FROM" 2 18 35 0 0 \
$"SMTP configuration (optional):" 4 0 "" 4 35 0 0 2 \
$"Server" 5 0 "$RELAYHOST" 5 18 35 0 0 \
$"Authentication (if needed):" 6 0 "" 6 35 0 0 2 \
$"Username" 7 0 "$MAILX_AUTH_USER" 7 18 35 0 0 \
$"Password" 8 0 "$pw_placeholder" 8 18 35 0 1 \
$"Additional mailx options (if needed):" 9 0 "" 6 35 0 0 2 \
$"" 10 0 "$MAILX_OPTIONS" 10 0 52 0 0
readarray -t input <<<"$result"
# Undo the placeholder
if [ "${input[3]}" = "smtps://server:port" ]; then
input[3]=
fi
if [ "${input[0]}" != "${ADDRESS}" ]; then
status_mail_set_config_option ADDRESS "${input[0]}"
fi
if [ "${input[1]}" != "${FROM}" ]; then
status_mail_set_config_option FROM "${input[1]}"
fi
if [ "${input[2]}" != "${RELAYHOST}" ]; then
status_mail_set_config_option RELAYHOST "${input[2]}"
fi
if [ "${input[3]}" != "${MAILX_AUTH_USER}" ]; then
status_mail_set_config_option MAILX_AUTH_USER "${input[3]}"
fi
if [ "${input[4]}" != "${pw_placeholder}" ] && [ "${input[4]}" != "${MAILX_AUTH_PASSWORD}" ]; then
status_mail_set_config_option MAILX_AUTH_PASSWORD "${input[4]}"
fi
if [ "${input[5]}" != "${MAILX_OPTIONS}" ]; then
status_mail_set_config_option MAILX_OPTIONS "${input[5]}"
fi
# The config file impacts the generator, run it again.
systemctl daemon-reload
return 0
}
# Only show the configuration if the package is installed
if [ -e /usr/lib/systemd/system/systemd-status-mail@.service ]; then
status_mail_jeos_config()
{
status_mail_do_config
}
fi
0707010000001C000081A400000000000000000000000166FC020700000B04000000000000000000000000000000000000004100000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/modules/user# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2024 SUSE LLC
# shellcheck shell=bash
user_title=$"User Creation"
user_description=$"Create an unprivileged user account"
user_priority=60
user_do_config()
{
local username=""
local fullname=""
local errmsg
# Loop until cancelled or successfully completed.
while true; do
local msg="$(
echo $"If desired, create an additional user account."
echo $"This is necessary for password-based SSH login and the Cockpit Web UI."
)"
d_with_result --title $"User Creation" \
--insecure \
--cancel-label $"Skip" \
--mixedform "${msg}" 9 0 5 \
$"Username" 1 0 "$username" 1 18 35 0 0 \
$"Full name" 2 0 "$fullname" 2 18 35 0 0 \
$"Password" 4 0 "" 4 18 35 0 1 \
$"Password (again)" 5 0 "" 5 18 35 0 1
local ret=$?
if [ "$ret" -eq 1 ]; then
# Skip button pressed
return 0
elif [ "$ret" -eq 255 ]; then
# ESC
if d_styled --yesno $"Do you really want to quit?" 0 0; then
exit 1
fi
continue
fi
readarray -t input <<<"$result"
# Collect input
username="${input[0]}"
fullname="${input[1]}"
# Make sure not to pass those as parameters to processes!
local password="${input[2]}"
local password_repeat="${input[3]}"
# Input handling and validation
if ! [[ "$username" =~ ^[a-z][-_a-z0-9]*$ ]]; then
d_styled --title $"User Creation" --msgbox $"Invalid username.\nMake sure it starts with a
lowercase letter and only contains -, _, digits and lowercase letters." 8 45
continue
fi
if [ -z "$password" ]; then
d_styled --title $"User Creation" --msgbox $"You have to enter a password" 8 45
continue
fi
if [ "$password" != "$password_repeat" ]; then
d_styled --title $"User Creation" --msgbox $"Passwords do not match." 8 45
continue
fi
# Password strength check
errmsg="$(printf "%s" "$password" | cracklib-check 2>&1)"
# For some reason cracklib-check includes the password in the message.
# https://github.com/cracklib/cracklib/pull/78 improves this, but it's too new.
errmsg="${errmsg/*: /}"
if [ "$errmsg" != "OK" ]; then
d_styled --title $"User Creation" --msgbox "$(printf $"cracklib-check failed: %s" "$errmsg")" 8 45
continue
fi
errmsg="$(useradd "$username" -c "$fullname" 2>&1)"
if [ "$?" -ne 0 ]; then
d_styled --title $"User Creation" --msgbox "$(printf $"useradd failed: %s" "$errmsg")" 8 45
continue
fi
# Set the requested password
if ! printf "%s:%s" "$username" "$password" | chpasswd; then
d_styled --title $"User Creation" --msgbox "$(printf $"chpasswd failed, leaving account locked: %s" "$errmsg")" 8 45
# Nothing we can do here, admin can fix this locally as root
fi
break
done
return 0
}
user_systemd_firstboot()
{
user_do_config
}
user_jeos_config()
{
user_do_config
}
0707010000001D000081A400000000000000000000000166FC020700001061000000000000000000000000000000000000004300000000jeos-firstboot-1.5.3/files/usr/share/jeos-firstboot/welcome-screen# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright 2015-2022 SUSE LLC
# shellcheck shell=bash
# Function to allow showing dialogs (or other stuff) on all consoles.
# At its core, it works by spawning processes with the given command on each
# console and waits for them to finish. If any exits with an exit status other
# than 254, the others are killed and the status returned.
#
# The inner workings are a bit complex, mostly to workaround bash not being
# able to wait for any process to exit, returning pid + status. It can either
# wait for multiple processes (PIDs) to exit or return the exit status of any
# process, but not the corresponding PID. There is no way to deal with
# background processes which exit before "wait" was called. In the case that
# there is no background process anymore, "wait" simply returns 0.
# As a workaround, the spawned background processes stay alive until killed
# explicitly and report their exit status and console through a FIFO.
# Directory the fifo for IPC is stored in. Managed by on_all_consoles.
fifodir=
# Console of the successful console_subproc
console=
# Internal helper used by on_all_consoles.
# This function is called for each console and basically runs "$@" on the
# console given in $1 and writes its exit status into the fifo.
# Bash doesn't forward signals to its child processes, instead that needs
# to be done explicitly. This is necessary for "dialog" to restore the tty.
# Note: When passing a function as parameter, make sure to not spawn
# subprocesses, i.e. use exec when possible.
console_subproc() {
local console="$1"
shift
"$@" <>"$console" >&0 &
pid=$!
trap 'set +e; kill $pid; wait $pid; dialog --clear <>"$console" >&0; exit 0' SIGTERM
ret=0
wait $pid || ret=$?
# Undo the trap to not kill the already dead process and also
# avoid waiting for the current process (sleep 1) before handling it.
trap - SIGTERM
echo "$ret $console" > "${fifodir}/fifo"
# Stay around until explicitly killed.
while :; do sleep 1; done
}
on_all_consoles() {
# Needed to tell apart errors and escape
export DIALOG_ERROR=254
# The linux fbcon uses this, most serial consoles should be fine too
export TERM=linux
# Create a FIFO for communicating the status
fifodir="$(mktemp -d)"
mkfifo "${fifodir}/fifo"
# For every active console, create a background process
local pids=()
local currenttty="$(resolve_tty "$(tty)")"
for console in $(cat /sys/class/tty/console/active); do
console="/dev/${console}"
[ -r "$console" ] || continue
# Skip consoles which aren't ready, e.g. return EIO.
# For those, dialog would switch to /dev/tty as fallback.
stty size <>"$console" &>/dev/null || continue
# Skip current tty
[ "$(resolve_tty "$console")" = "$currenttty" ] && continue
console_subproc "$console" "$@" &
pids+=($!)
done
# Also for the current tty
console_subproc "$currenttty" "$@" &
pids+=($!)
# Wait for either all processes to fail or one to succeed
local finished=0
while read status console < "${fifodir}/fifo"; do
((finished++)) || :
[ "$finished" -eq ${#pids[@]} ] && break
[ "$status" -eq 254 ] || break
done
# All done, kill remaining processes
kill "${pids[@]}" || :
wait "${pids[@]}" 2>/dev/null || :
rm -r "$fifodir"
fifodir=
return "$status"
}
# If JEOS_ASK_CONSOLE is not 0, show the "welcome" screen and switch to the
# console where it was acked on.
welcome_screen_with_console_switch() {
[ "${JEOS_ASK_CONSOLE-0}" -eq "0" ] && return 0
# Only ask once
[ "${JEOS_CONSOLE_ASKED-0}" -eq "1" ] && return 0
export JEOS_CONSOLE_ASKED=1
while true; do
ret=0
on_all_consoles dialog --backtitle "$PRETTY_NAME" --title $"JeOS Firstboot" --ok-label $"Start" --msgbox $"Welcome to $PRETTY_NAME"'!\nThe initial configuration takes just a few steps.' 0 0 || ret=$?
if [ "$ret" -eq 0 ]; then
break;
elif [ "$ret" -eq 254 ]; then
# Error? Just continue and fail later
return;
else
if on_all_consoles dialog --backtitle "$PRETTY_NAME" --yesno $"Do you really want to quit?" 0 0; then
exit 1
fi
fi
done
# Move stdio to the console
if [ "$console" != "$(tty)" ]; then
exec 0<>"$console" 1>&0
stty_size
fi
}
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!110 blocks
