rc: add installer user (1/2)

Prefer LiveCD boot during install media boot, then
set up an extra user for installation.  This user
shall be reached via console or SSH soon enough for
a sort of remote install experience.

PR: https://forum.opnsense.org/index.php?topic=3403

Inspired by: DragonFlyBSD (and we're using its installer anyway!)

src/etc/inc/auth.inc

@@ -337,7 +337,6 @@ function userHasPrivilege($userent, $privid = false)
     return true;
 }
 
-
 function local_sync_accounts()
 {
     global $config;
@@ -429,10 +428,10 @@ function local_user_set(&$user)
 
     /* root user special handling */
     if ($user_uid == 0) {
+        $user_shell = isset($user['shell']) ? $user['shell'] : '/usr/local/etc/rc.initial';
+        $lock_account = 'unlock';
         $user_group = 'wheel';
         $user_home = '/root';
-        $user_shell = '/usr/local/etc/rc.initial';
-        $lock_account = 'unlock';
     }
 
     /* read from pw db */

src/etc/rc.bootup

@@ -62,16 +62,16 @@ function is_interface_mismatch()
     return false;
 }
 
-
 function rescue_detect_keypress()
 {
     $timer = 7;
 
     echo "\n";
-    echo "(I)nstaller will be invoked by default.\n\n";
-    echo "(C)ontinue with LiveCD bootup instead.\n\n";
+    echo "Please choose your preferred boot sequence.\n\n";
+    echo "(C)ontinue with system bootup (default).\n";
+    echo "(I)nvoke the early installer instead.\n";
     echo "(R)ecovery mode escapes to a root shell.\n\n";
-    echo "Timeout before auto boot continues (seconds):  ";
+    echo "Timeout before boot continues:  ";
 
     $key = null;
     while (!isset($key) || !in_array($key, array('c', 'C', 'r', 'R', 'i', 'I'))) {
@@ -98,9 +98,7 @@ function rescue_detect_keypress()
         echo "Recovery shell selected...\n\n";
         touch('/tmp/donotbootup');
         exit;
-    } elseif (in_array($key, array('c', 'C'))) {
-        /* nothing */
-    } else {
+    } elseif (in_array($key, array('i', 'I'))) {
         echo "Installer mode selected...\n";
         passthru('/usr/local/etc/rc.installer');
         if (file_exists('/tmp/install_complete')) {
@@ -108,6 +106,8 @@ function rescue_detect_keypress()
             exit;
         }
     }
+
+    /* normal bootup continues... */
 }
 
 echo " done.\n";
@@ -155,10 +155,11 @@ echo "done.\n";
 /* configure console menu */
 system_console_configure();
 
-/* Display live system's early boot options */
-if (is_install_media()) {
+$setup_installer = is_install_media();
+if ($setup_installer) {
+    /* display live system's early boot options */
     rescue_detect_keypress();
-    // config may have changed (copied by installer)
+    /* config may have changed via installer import */
     OPNsense\Core\Config::getInstance()->forceReload();
 }
 
@@ -343,3 +344,31 @@ if ($ipsec_dynamic_hosts) {
 
 // generate configuration data for all installed templates
 configd_run('template reload *');
+
+if ($setup_installer) {
+    /*
+     * Installer mode requires setting up an extra user and
+     * we will protect it with root's password.  We can only
+     * do this if user does not exist, though.
+     */
+
+    $root = null;
+
+    if (isset($config['system']['user'])) {
+        foreach ($config['system']['user'] as $user) {
+            if ($user['name'] == 'installer') {
+                $root = null;
+                break;
+            }
+            if ($user['uid'] == 0) {
+                $root = $user;
+            }
+        }
+    }
+
+    if ($root) {
+        $root['shell'] = '/usr/local/etc/rc.installer';
+        $root['name'] = 'installer';
+        local_user_set($root);
+    }
+}

src/etc/rc.initial

@@ -28,13 +28,6 @@ while : ; do
 
 echo
 
-# If we are on the install media advertise that fact
-if _tmpdir=$(mktemp -d -q /.diskless.XXXXXX); then
-	rmdir ${_tmpdir}
-else
-	option99="99) Launch the installer"
-fi
-
 echo " 0) Logout                             7) Ping host"
 echo " 1) Assign Interfaces                  8) Shell"
 echo " 2) Set interface(s) IP address        9) pfTop"
@@ -42,10 +35,6 @@ echo " 3) Reset the root password           10) Filter Logs"
 echo " 4) Reset to factory defaults         11) Restart web interface"
 echo " 5) Power off system                  12) Upgrade from console"
 echo " 6) Reboot system                     13) Restore a configuration"
-if [ -n "${option99}" ]; then
-# flat for alignment...
-echo "                                      ${option99}"
-fi
 
 echo
 read -p "Enter an option: " OPCODE
@@ -95,9 +84,6 @@ case ${OPCODE} in
 13)
 	/usr/local/etc/rc.restore_config_backup
 	;;
-99)
-	/usr/local/etc/rc.installer
-	;;
 *)
 	/bin/sh -c "${OPCODE}"
 	;;

src/etc/rc.installer

@@ -40,7 +40,7 @@ daemon -f lua50c51 /usr/local/share/dfuibe_lua/main.lua \
 conscontrol mute on > /dev/null
 
 # Launch the frontend goo (must include cons25 for first boot)
-TERM=cons25 dfuife_curses
+TERM=cons25 dfuife_curses -b /usr/local/share/dfuife_curses/hourglass.txt
 
 conscontrol mute off > /dev/null
 

src/etc/rc.recover

@@ -70,6 +70,7 @@ $etc_master_passwd = <<<EOF
 #
 root::0:0::0:0:Charlie &:/root:/bin/csh
 toor:*:0:0::0:0:Bourne-again Superuser:/root:
+installer:*:0:0::0:0:Installer Superuser:/root:/usr/sbin/nologin
 daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
 operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
 bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
@@ -106,6 +107,7 @@ $etc_shells = <<<EOF
 /bin/csh
 /bin/tcsh
 /usr/local/etc/rc.initial
+/usr/local/etc/rc.installer
 
 EOF;