[pve-devel] [RFC PATCH installer 4/5] fix #5579: auto-installer: add optional first-boot hook script

Thu Nov 14 21:33:31 CET 2024

Am 13.11.24 um 14:59 schrieb Christoph Heiss:
> Users can specifying an optional file - either fetched from an URL or
> backed into the ISO - to execute on the first boot after the
> installation, using the 'proxmox-first-boot' oneshot service.
> 
> Essentially adds an (optional) `[first-boot]` section to the answer
> file. If specified, the `source` key must be at least set, which gives
> the location of the hook script.
> 
> Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
> ---
>  proxmox-auto-installer/Cargo.toml             |  2 +-
>  proxmox-auto-installer/src/answer.rs          | 27 ++++++++++++
>  .../src/bin/proxmox-auto-installer.rs         | 42 +++++++++++++++++--
>  proxmox-auto-installer/src/utils.rs           | 15 ++++++-
>  4 files changed, 80 insertions(+), 6 deletions(-)
> 

> +fn setup_first_boot_executable(first_boot: &FirstBootHookInfo) -> Result<()> {
> +    let content = match first_boot.source {
> +        FirstBootSourceMode::FromUrl => {
> +            if let Some(url) = &first_boot.url {
> +                info!("Fetching first-boot hook from {url} ..");
> +                Some(http::get(url, first_boot.cert_fingerprint.as_deref())?)
> +            } else {
> +                bail!("first-boot hook source set to URL, but none specified!");
> +            }
> +        }

I'd sleep slightly better if we size limit this to something around 1 MiB, or
at max 10 MiB if one really wants to allow a lot of convenience.
In that amount of space one can fit far more than enough stuff to bootstrap
oneself.

Same for when embedding this into the ISO for consistency.

Tangentially related: do we already support sending along some sort of
Authorization header? Definitively not a blocker for this, but if we do not
have that already it could be great to add for some basic form of authentication
so that one can limit their fetch-answer/post-hook server to not answer setup
details or, even worse, secrets to any unauthenticated client.