install: support password as cmdline arg (MR 2125)

So I can finally run `pmbootstrap install --password 147147` and go and make a cup of tea. Based on MR 1919. Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
2021-10-10 22:55:50 +01:00 · 2021-10-10 22:55:50 +01:00 · 4c4bd77c87
parent 498738abcc
commit 4c4bd77c87
2 changed files with 41 additions and 10 deletions
--- a/pmb/install/_install.py
+++ b/pmb/install/_install.py
@ -204,6 +204,30 @@ def set_user(args):
        pmb.chroot.root(args, ["addgroup", args.user, group], suffix)


+def setup_login_chpasswd_user_from_arg(args, suffix):
+    """
+    Set the user's password from what the user passed as --password. Make an
+    effort to not have the password end up in the log file by writing it to
+    a temp file, instead of "echo user:$pass | chpasswd". The user should of
+    course only use this with a test password anyway, but let's be nice and try
+    to have the user protected from accidentally posting their password in
+    any case.
+
+    :param suffix: of the chroot, where passwd will be execute (either the
+                   f"rootfs_{args.device}", or f"installer_{args.device}")
+    """
+    path = "/tmp/pmbootstrap_chpasswd_in"
+    path_outside = f"{args.work}/chroot_{suffix}{path}"
+
+    with open(path_outside, "w", encoding="utf-8") as handle:
+        handle.write(f"{args.user}:{args.password}")
+
+    pmb.chroot.root(args, ["sh", "-c", f"cat {shlex.quote(path)} | chpasswd"],
+                    suffix)
+
+    os.unlink(path_outside)
+
+
 def setup_login(args, suffix):
    """
    Loop until the password for user has been set successfully, and disable
@ -214,16 +238,19 @@ def setup_login(args, suffix):
    """
    if not args.on_device_installer:
        # User password
-        logging.info(" *** SET LOGIN PASSWORD FOR: '" + args.user + "' ***")
-        while True:
-            try:
-                pmb.chroot.root(args, ["passwd", args.user], suffix,
-                                output="interactive")
-                break
-            except RuntimeError:
-                logging.info("WARNING: Failed to set the password. Try it"
-                             " one more time.")
-                pass
+        logging.info(f" *** SET LOGIN PASSWORD FOR: '{args.user}' ***")
+        if args.password:
+            setup_login_chpasswd_user_from_arg(args, suffix)
+        else:
+            while True:
+                try:
+                    pmb.chroot.root(args, ["passwd", args.user], suffix,
+                                    output="interactive")
+                    break
+                except RuntimeError:
+                    logging.info("WARNING: Failed to set the password. Try it"
+                                 " one more time.")
+                    pass

    # Disable root login
    pmb.chroot.root(args, ["passwd", "-l", "root"], suffix)
--- a/pmb/parse/arguments.py
+++ b/pmb/parse/arguments.py
@ -55,6 +55,10 @@ def arguments_install(subparser):
                     help="do not enable the SSH daemon by default")
    ret.add_argument("--no-firewall", action="store_true",
                     help="do not enable the firewall by default")
+    ret.add_argument("--password", help="dummy password for automating the"
+                     " installation - will be handled in PLAIN TEXT during"
+                     " install and may be logged to the logfile, do not use an"
+                     " important password!")

    # Image type
    group_desc = ret.add_argument_group(