Revert "Move root password menu into authentication menu (#3650)"

This reverts commit e0c3bb3.

Author: svartkanin

archinstall/lib/args.py

@@ -23,8 +23,6 @@
 from archinstall.lib.models.packages import Repository
 from archinstall.lib.models.profile import ProfileConfiguration
 from archinstall.lib.models.users import Password, User
-from archinstall.lib.models.profile_model import ProfileConfiguration
-from archinstall.lib.models.users import Password, User, UserSerialization
 from archinstall.lib.output import debug, error, logger, warn
 from archinstall.lib.plugins import load_plugin
 from archinstall.lib.translationhandler import Language, tr, translation_handler
@@ -80,15 +78,14 @@ class ArchConfig:
 
 	# Special fields that should be handle with care due to security implications
 	users: list[User] = field(default_factory=list)
+	root_enc_password: Password | None = None
 
 	def unsafe_json(self) -> dict[str, Any]:
-		config: dict[str, list[UserSerialization] | str | None] = {
+		config = {
 			'users': [user.json() for user in self.users],
+			'root_enc_password': self.root_enc_password.enc_password if self.root_enc_password else None,
 		}
 
-		if self.auth_config and self.auth_config.root_enc_password:
-			config['root_enc_password'] = self.auth_config.root_enc_password.enc_password
-
 		if self.disk_config:
 			disk_encryption = self.disk_config.disk_encryption
 			if disk_encryption and disk_encryption.encryption_password:
@@ -225,17 +222,11 @@ def from_config(cls, args_config: dict[str, Any]) -> 'ArchConfig':
 			arch_config.services = services
 
 		# DEPRECATED: backwards compatibility
-		root_password = None
 		if root_password := args_config.get('!root-password', None):
-			root_password = Password(plaintext=root_password)
+			arch_config.root_enc_password = Password(plaintext=root_password)
 
 		if enc_password := args_config.get('root_enc_password', None):
-			root_password = Password(enc_password=enc_password)
-
-		if root_password is not None:
-			if arch_config.auth_config is None:
-				arch_config.auth_config = AuthenticationConfiguration()
-			arch_config.auth_config.root_enc_password = root_password
+			arch_config.root_enc_password = Password(enc_password=enc_password)
 
 		if custom_commands := args_config.get('custom_commands', []):
 			arch_config.custom_commands = custom_commands

archinstall/lib/authentication/authentication_menu.py

@@ -3,9 +3,7 @@
 from archinstall.lib.disk.fido import Fido2
 from archinstall.lib.menu.abstract_menu import AbstractSubMenu
 from archinstall.lib.models.authentication import AuthenticationConfiguration, U2FLoginConfiguration, U2FLoginMethod
-from archinstall.lib.models.users import Password
 from archinstall.lib.translationhandler import tr
-from archinstall.lib.utils.util import get_password
 from archinstall.tui.curses_menu import SelectMenu
 from archinstall.tui.menu_item import MenuItem, MenuItemGroup
 from archinstall.tui.result import ResultType
@@ -35,12 +33,6 @@ def run(self, additional_title: str | None = None) -> AuthenticationConfiguratio
 
 	def _define_menu_options(self) -> list[MenuItem]:
 		return [
-			MenuItem(
-				text=tr('Root password'),
-				action=select_root_password,
-				preview_action=self._prev_root_pwd,
-				key='root_enc_password',
-			),
 			MenuItem(
 				text=tr('U2F login setup'),
 				action=select_u2f_login,
@@ -50,18 +42,6 @@ def _define_menu_options(self) -> list[MenuItem]:
 			),
 		]
 
-	def _prev_root_pwd(self, item: MenuItem) -> str | None:
-		if item.value is not None:
-			password: Password = item.value
-			return f'{tr("Root password")}: {password.hidden()}'
-		return None
-
-	def _depends_on_u2f(self) -> bool:
-		devices = Fido2.get_fido2_devices()
-		if not devices:
-			return False
-		return True
-
 	def _prev_u2f_login(self, item: MenuItem) -> str | None:
 		if item.value is not None:
 			u2f_config: U2FLoginConfiguration = item.value
@@ -81,11 +61,6 @@ def _prev_u2f_login(self, item: MenuItem) -> str | None:
 		return None
 
 
-def select_root_password(preset: str | None = None) -> Password | None:
-	password = get_password(text=tr('Root password'), allow_skip=True)
-	return password
-
-
 def select_u2f_login(preset: U2FLoginConfiguration) -> U2FLoginConfiguration | None:
 	devices = Fido2.get_fido2_devices()
 	if not devices:

archinstall/lib/global_menu.py

@@ -34,11 +34,10 @@
 from .models.packages import Repository
 from .models.profile import ProfileConfiguration
 from .models.users import Password, User
-from .models.profile_model import ProfileConfiguration
-from .models.users import User
 from .output import FormattedOutput
 from .pacman.config import PacmanConfig
 from .translationhandler import Language, tr, translation_handler
+from .utils.util import get_password
 
 
 class GlobalMenu(AbstractMenu[None]):
@@ -111,9 +110,16 @@ def _get_menu_options(self) -> list[MenuItem]:
 				preview_action=self._prev_hostname,
 				key='hostname',
 			),
+			MenuItem(
+				text=tr('Root password'),
+				action=self._set_root_password,
+				preview_action=self._prev_root_pwd,
+				key='root_enc_password',
+			),
 			MenuItem(
 				text=tr('Authentication'),
 				action=self._select_authentication,
+				value=[],
 				preview_action=self._prev_authentication,
 				key='auth_config',
 			),
@@ -224,16 +230,13 @@ def has_superuser() -> bool:
 
 		missing = set()
 
-		item: MenuItem = self._item_group.find_by_key('auth_config')
-		auth_config: AuthenticationConfiguration | None = item.value
-
-		if (auth_config is None or auth_config.root_enc_password is None) and not has_superuser():
-			missing.add(
-				tr('Either root-password or at least 1 user with sudo privileges must be specified'),
-			)
-
 		for item in self._item_group.items:
-			if item.mandatory:
+			if item.key in ['root_enc_password', 'users']:
+				if not check('root_enc_password') and not has_superuser():
+					missing.add(
+						tr('Either root-password or at least 1 user with sudo privileges must be specified'),
+					)
+			elif item.mandatory:
 				assert item.key is not None
 				if not check(item.key):
 					missing.add(item.text)
@@ -311,9 +314,6 @@ def _prev_authentication(self, item: MenuItem) -> str | None:
 			auth_config: AuthenticationConfiguration = item.value
 			output = ''
 
-			if auth_config.root_enc_password:
-				output += f'{tr("Root password")}: {auth_config.root_enc_password.hidden()}\n'
-
 			if auth_config.u2f_config:
 				u2f_config = auth_config.u2f_config
 				login_method = u2f_config.u2f_login_method.display_value()
@@ -400,6 +400,12 @@ def _prev_hostname(self, item: MenuItem) -> str | None:
 			return f'{tr("Hostname")}: {item.value}'
 		return None
 
+	def _prev_root_pwd(self, item: MenuItem) -> str | None:
+		if item.value is not None:
+			password: Password = item.value
+			return f'{tr("Root password")}: {password.hidden()}'
+		return None
+
 	def _prev_parallel_dw(self, item: MenuItem) -> str | None:
 		if item.value is not None:
 			return f'{tr("Parallel Downloads")}: {item.value}'
@@ -504,6 +510,10 @@ def _prev_profile(self, item: MenuItem) -> str | None:
 
 		return None
 
+	def _set_root_password(self, preset: str | None = None) -> Password | None:
+		password = get_password(text=tr('Root password'), allow_skip=True)
+		return password
+
 	def _select_disk_config(
 		self,
 		preset: DiskLayoutConfiguration | None = None,

archinstall/lib/models/authentication.py

@@ -2,7 +2,6 @@
 from enum import Enum
 from typing import Any, NotRequired, TypedDict
 
-from archinstall.lib.models.users import Password
 from archinstall.lib.translationhandler import tr
 
 
@@ -59,7 +58,6 @@ def parse_arg(args: U2FLoginConfigSerialization) -> 'U2FLoginConfiguration | Non
 
 @dataclass
 class AuthenticationConfiguration:
-	root_enc_password: Password | None = None
 	u2f_config: U2FLoginConfiguration | None = None
 
 	@staticmethod
@@ -69,9 +67,6 @@ def parse_arg(args: dict[str, Any]) -> 'AuthenticationConfiguration':
 		if (u2f_config := args.get('u2f_config')) is not None:
 			auth_config.u2f_config = U2FLoginConfiguration.parse_arg(u2f_config)
 
-		if enc_password := args.get('root_enc_password'):
-			auth_config.root_enc_password = Password(enc_password=enc_password)
-
 		return auth_config
 
 	def json(self) -> AuthenticationSerialization:

archinstall/lib/models/users.py

@@ -100,8 +100,8 @@ def _check_password_strength(
 		return PasswordStrength.VERY_WEAK
 
 
-UserSerialization = TypedDict(
-	'UserSerialization',
+_UserSerialization = TypedDict(
+	'_UserSerialization',
 	{
 		'username': str,
 		'!password': NotRequired[str],
@@ -173,7 +173,7 @@ def table_data(self) -> dict[str, str | bool | list[str]]:
 			'groups': self.groups,
 		}
 
-	def json(self) -> UserSerialization:
+	def json(self) -> _UserSerialization:
 		return {
 			'username': self.username,
 			'enc_password': self.password.enc_password,
@@ -184,7 +184,7 @@ def json(self) -> UserSerialization:
 	@classmethod
 	def parse_arguments(
 		cls,
-		args: list[UserSerialization],
+		args: list[_UserSerialization],
 	) -> list['User']:
 		users: list[User] = []
 

archinstall/scripts/guided.py

@@ -138,8 +138,8 @@ def perform_installation(mountpoint: Path) -> None:
 		if accessibility_tools_in_use():
 			installation.enable_espeakup()
 
-		if config.auth_config and config.auth_config.root_enc_password:
-			root_user = User('root', config.auth_config.root_enc_password, False)
+		if root_pw := config.root_enc_password:
+			root_user = User('root', root_pw, False)
 			installation.set_user_password(root_user)
 
 		if (profile_config := config.profile_config) and profile_config.profile:

tests/test_args.py

@@ -134,7 +134,6 @@ def test_config_file_parsing(
 			audio_config=AudioConfiguration(audio=Audio.PIPEWIRE),
 		),
 		auth_config=AuthenticationConfiguration(
-			root_enc_password=Password(enc_password='password_hash'),
 			u2f_config=U2FLoginConfiguration(
 				u2f_login_method=U2FLoginMethod.Passwordless,
 				passwordless_sudo=True,
@@ -224,6 +223,7 @@ def test_config_file_parsing(
 			),
 		],
 		services=['service_1', 'service_2'],
+		root_enc_password=Password(enc_password='password_hash'),
 		custom_commands=["echo 'Hello, World!'"],
 	)
 
@@ -280,8 +280,7 @@ def test_deprecated_creds_config_parsing(
 	handler = ArchConfigHandler()
 	arch_config = handler.config
 
-	assert arch_config.auth_config is not None
-	assert arch_config.auth_config.root_enc_password == Password(plaintext='rootPwd')
+	assert arch_config.root_enc_password == Password(plaintext='rootPwd')
 
 	assert arch_config.users == [
 		User(
@@ -332,8 +331,7 @@ def test_encrypted_creds_with_arg(
 	handler = ArchConfigHandler()
 	arch_config = handler.config
 
-	assert arch_config.auth_config is not None
-	assert arch_config.auth_config.root_enc_password == Password(enc_password='$y$j9T$FWCInXmSsS.8KV4i7O50H.$Hb6/g.Sw1ry888iXgkVgc93YNuVk/Rw94knDKdPVQw7')
+	assert arch_config.root_enc_password == Password(enc_password='$y$j9T$FWCInXmSsS.8KV4i7O50H.$Hb6/g.Sw1ry888iXgkVgc93YNuVk/Rw94knDKdPVQw7')
 	assert arch_config.users == [
 		User(
 			username='t',
@@ -361,8 +359,7 @@ def test_encrypted_creds_with_env_var(
 	handler = ArchConfigHandler()
 	arch_config = handler.config
 
-	assert arch_config.auth_config is not None
-	assert arch_config.auth_config.root_enc_password == Password(enc_password='$y$j9T$FWCInXmSsS.8KV4i7O50H.$Hb6/g.Sw1ry888iXgkVgc93YNuVk/Rw94knDKdPVQw7')
+	assert arch_config.root_enc_password == Password(enc_password='$y$j9T$FWCInXmSsS.8KV4i7O50H.$Hb6/g.Sw1ry888iXgkVgc93YNuVk/Rw94knDKdPVQw7')
 	assert arch_config.users == [
 		User(
 			username='t',