[local] feat: declarative password salt, secret config

core/Command/Maintenance/Install.php

@@ -48,7 +48,9 @@ protected function configure(): void {
 			->addOption('admin-user', null, InputOption::VALUE_REQUIRED, 'Login of the admin account', 'admin')
 			->addOption('admin-pass', null, InputOption::VALUE_REQUIRED, 'Password of the admin account')
 			->addOption('admin-email', null, InputOption::VALUE_OPTIONAL, 'E-Mail of the admin account')
-			->addOption('data-dir', null, InputOption::VALUE_REQUIRED, 'Path to data directory', \OC::$SERVERROOT . '/data');
+			->addOption('data-dir', null, InputOption::VALUE_REQUIRED, 'Path to data directory', \OC::$SERVERROOT . '/data')
+			->addOption('password-salt', null, InputOption::VALUE_OPTIONAL, 'Password salt, at least ' . Setup::MIN_PASSWORD_SALT_LENGTH . ' characters (will be randomly generated if not provided)')
+			->addOption('server-secret', null, InputOption::VALUE_OPTIONAL, 'Server secret, at least ' . Setup::MIN_SECRET_LENGTH . ' characters (will be randomly generated if not provided)');
 	}
 
 	protected function execute(InputInterface $input, OutputInterface $output): int {
@@ -152,6 +154,16 @@ protected function validateInput(InputInterface $input, OutputInterface $output,
 			throw new InvalidArgumentException('Invalid e-mail-address <' . $adminEmail . '> for <' . $adminLogin . '>.');
 		}
 
+		$passwordSalt = $input->getOption('password-salt');
+		$secret = $input->getOption('server-secret');
+
+		if ($passwordSalt !== null && strlen($passwordSalt) < Setup::MIN_PASSWORD_SALT_LENGTH) {
+			throw new InvalidArgumentException('Password salt must be at least ' . Setup::MIN_PASSWORD_SALT_LENGTH . ' characters long.');
+		}
+		if ($secret !== null && strlen($secret) < Setup::MIN_SECRET_LENGTH) {
+			throw new InvalidArgumentException('Server secret must be at least ' . Setup::MIN_SECRET_LENGTH . ' characters long.');
+		}
+
 		$options = [
 			'dbtype' => $db,
 			'dbuser' => $dbUser,
@@ -162,7 +174,9 @@ protected function validateInput(InputInterface $input, OutputInterface $output,
 			'adminlogin' => $adminLogin,
 			'adminpass' => $adminPassword,
 			'adminemail' => $adminEmail,
-			'directory' => $dataDir
+			'directory' => $dataDir,
+			'passwordsalt' => $passwordSalt,
+			'secret' => $secret,
 		];
 		if ($db === 'oci') {
 			$options['dbtablespace'] = $input->getParameterOption('--database-table-space', '');

lib/private/Setup.php

@@ -43,6 +43,9 @@
 use Psr\Log\LoggerInterface;
 
 class Setup {
+	public const MIN_PASSWORD_SALT_LENGTH = 30;
+	public const MIN_SECRET_LENGTH = 48;
+
 	protected IL10N $l10n;
 
 	public function __construct(
@@ -357,10 +360,8 @@ public function install(array $options, ?IOutput $output = null): array {
 			$dbType = 'sqlite3';
 		}
 
-		//generate a random salt that is used to salt the local  passwords
-		$salt = $this->random->generate(30);
-		// generate a secret
-		$secret = $this->random->generate(48);
+		$salt = $options['passwordsalt'] ?: $this->random->generate(self::MIN_PASSWORD_SALT_LENGTH);
+		$secret = $options['secret'] ?: $this->random->generate(self::MIN_SECRET_LENGTH);
 
 		//write the config file
 		$newConfigValues = [