root password now set via ROOTPW env var

1 files changed, 21 insertions, 2 deletions

diff --git a/http/centos-7.3/anaconda-ks.cfg b/http/centos-7.3/anaconda-ks.cfg
index 8cb0be2..c75033c 100644
--- a/http/centos-7.3/anaconda-ks.cfg
+++ b/http/centos-7.3/anaconda-ks.cfg
@@ -6,11 +6,10 @@ lang en_US.UTF-8
 keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)'
 timezone Europe/Berlin --isUtc --nontp
 auth --enableshadow --passalgo=sha512
-rootpw --iscrypted $6$6yzbOJJy5auuBh9$XUAtAt/ErLkz6.1t8J4UpyZPPUbKjGO1uATaZaxmG02IhJbOwnJMqI6MTJw.SzbBvy8THCmmoia1tVMfXhGVJ1
 clearpart --none --initlabel
 bootloader --location=mbr --boot-drive=sda
 part biosboot --fstype="biosboot" --ondisk=sda --size=1
-part / --fstype="ext4" --ondisk=sda --grow --label=SLX_SYS
+part / --fstype="xfs" --ondisk=sda --grow --label=SLX_SYS
 
 %packages
 @^minimal
@@ -18,6 +17,26 @@ part / --fstype="ext4" --ondisk=sda --grow --label=SLX_SYS
 kexec-tools
 %end
 
+# small python script to extract the password from the kernel command line
+# expects the password given as: rootpw=<password>
+%pre --interpreter=/usr/bin/python
+import shlex, crypt
+arg = 'rootpw='
+with open('/proc/cmdline', 'r') as f:
+  kcl = f.read().split()
+# extract the password
+passwords = [x[len(arg):] for x in kcl if x.startswith(arg)]
+if len(passwords) == 1:
+  kclpass = passwords[0]
+# TODO sane fallbacks. This should work most of the time though :)
+# generate SHA512 hash
+hash = crypt.crypt(kclpass, crypt.mksalt(crypt.METHOD_SHA512))
+with open('/tmp/setup-root-pass', 'w') as f:
+  f.write('rootpw --iscrypted ' + hash)
+%end
+# include the created password file
+%include /tmp/setup-root-pass
+
 %post --erroronfail
 yum -y update
 yum -y install wget