[pve-devel] [RFC PATCH installer 5/5] fix #5579: install: copy over `proxmox-first-boot` script if present

Wed, 13 Nov 2024 05:59:51 -0800 

The auto-installer will place an executable file named
`proxmox-first-boot` in the installer runtime-directory if the user set
up.

Based on the presence of this file, we copy it over to the target system
and set a flag file, indicating to the 'proxmox-first-boot' service that
it is indeed the very first boot of the new system and should run.

Signed-off-by: Christoph Heiss <c.he...@proxmox.com>
---
 Proxmox/Install.pm | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/Proxmox/Install.pm b/Proxmox/Install.pm
index 5c64c3d..f46d86a 100644
--- a/Proxmox/Install.pm
+++ b/Proxmox/Install.pm
@@ -681,6 +681,7 @@ sub extract_data {
 
     my $proxmox_libdir = $iso_env->{locations}->{lib};
     my $proxmox_cddir = $iso_env->{locations}->{iso};
+    my $proxmox_rundir = $iso_env->{locations}->{run};
     my $proxmox_pkgdir = "${proxmox_cddir}/proxmox/packages/";
 
     my $targetdir = is_test_mode() ? "target" : "/target";
@@ -1241,6 +1242,25 @@ _EOD
            debconfig_set($targetdir, "pve-manager pve-manager/country string 
$ucc\n");
        }
 
+       my $firstboot_exec_name = 'proxmox-first-boot';
+       if (-f "$proxmox_rundir/$firstboot_exec_name") {
+           my $firstboot_pending_flagfile = "pending-first-boot-setup";
+           my $targetpath = "$targetdir/var/lib/proxmox-first-boot";
+
+           syscmd("mkdir -p $targetpath/") == 0
+               || die "failed to create $targetpath directory\n";
+
+           syscmd("cp $proxmox_rundir/$firstboot_exec_name $targetpath/") == 0
+               || die "unable to copy $firstboot_exec_name executable\n";
+           syscmd("touch $targetpath/$firstboot_pending_flagfile") == 0
+               || die "unable to create $firstboot_pending_flagfile flag 
file\n";
+
+           # Explicitly mark the entire directory only accessible, to prevent
+           # possible secret leaks from the bootstrap script.
+           syscmd("chmod -R 0700 $targetpath") == 0
+               || warn "failed to set permissions for $targetpath\n";
+       }
+
        update_progress(0.8, 0.95, 1, "make system bootable");
        my $target_cmdline='';
        if ($target_cmdline = Proxmox::Install::Config::get_target_cmdline()) {
-- 
2.47.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to