From 4c4bd77c87e7aa4db97ebfc245c66c72b2a97a2f Mon Sep 17 00:00:00 2001
From: Caleb Connolly <caleb@connolly.tech>
Date: Sun, 10 Oct 2021 22:55:50 +0100
Subject: [PATCH] install: support password as cmdline arg (MR 2125)

So I can finally run `pmbootstrap install --password 147147` and go and
make a cup of tea.

Based on MR 1919.

Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
---
 pmb/install/_install.py | 47 ++++++++++++++++++++++++++++++++---------
 pmb/parse/arguments.py  |  4 ++++
 2 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/pmb/install/_install.py b/pmb/install/_install.py
index 7ce52bcf..8070fee0 100644
--- a/pmb/install/_install.py
+++ b/pmb/install/_install.py
@@ -204,6 +204,30 @@ def set_user(args):
         pmb.chroot.root(args, ["addgroup", args.user, group], suffix)
 
 
+def setup_login_chpasswd_user_from_arg(args, suffix):
+    """
+    Set the user's password from what the user passed as --password. Make an
+    effort to not have the password end up in the log file by writing it to
+    a temp file, instead of "echo user:$pass | chpasswd". The user should of
+    course only use this with a test password anyway, but let's be nice and try
+    to have the user protected from accidentally posting their password in
+    any case.
+
+    :param suffix: of the chroot, where passwd will be execute (either the
+                   f"rootfs_{args.device}", or f"installer_{args.device}")
+    """
+    path = "/tmp/pmbootstrap_chpasswd_in"
+    path_outside = f"{args.work}/chroot_{suffix}{path}"
+
+    with open(path_outside, "w", encoding="utf-8") as handle:
+        handle.write(f"{args.user}:{args.password}")
+
+    pmb.chroot.root(args, ["sh", "-c", f"cat {shlex.quote(path)} | chpasswd"],
+                    suffix)
+
+    os.unlink(path_outside)
+
+
 def setup_login(args, suffix):
     """
     Loop until the password for user has been set successfully, and disable
@@ -214,16 +238,19 @@ def setup_login(args, suffix):
     """
     if not args.on_device_installer:
         # User password
-        logging.info(" *** SET LOGIN PASSWORD FOR: '" + args.user + "' ***")
-        while True:
-            try:
-                pmb.chroot.root(args, ["passwd", args.user], suffix,
-                                output="interactive")
-                break
-            except RuntimeError:
-                logging.info("WARNING: Failed to set the password. Try it"
-                             " one more time.")
-                pass
+        logging.info(f" *** SET LOGIN PASSWORD FOR: '{args.user}' ***")
+        if args.password:
+            setup_login_chpasswd_user_from_arg(args, suffix)
+        else:
+            while True:
+                try:
+                    pmb.chroot.root(args, ["passwd", args.user], suffix,
+                                    output="interactive")
+                    break
+                except RuntimeError:
+                    logging.info("WARNING: Failed to set the password. Try it"
+                                 " one more time.")
+                    pass
 
     # Disable root login
     pmb.chroot.root(args, ["passwd", "-l", "root"], suffix)
diff --git a/pmb/parse/arguments.py b/pmb/parse/arguments.py
index a32efae5..8fb28897 100644
--- a/pmb/parse/arguments.py
+++ b/pmb/parse/arguments.py
@@ -55,6 +55,10 @@ def arguments_install(subparser):
                      help="do not enable the SSH daemon by default")
     ret.add_argument("--no-firewall", action="store_true",
                      help="do not enable the firewall by default")
+    ret.add_argument("--password", help="dummy password for automating the"
+                     " installation - will be handled in PLAIN TEXT during"
+                     " install and may be logged to the logfile, do not use an"
+                     " important password!")
 
     # Image type
     group_desc = ret.add_argument_group(