[BRE-2009] fix(marketplace): run setup wizard on demand, not on login

[BRE-2009](https://bitwarden.atlassian.net/browse/BRE-2009) The edition-selection wizard auto-launched on every login via /etc/profile.d, blocking any login-shell session — including the Azure Marketplace certification harness — on its `read` prompt. Stop auto-launching it; advertise it through the MOTD and let the user run it on demand. Robust for every session type (PTY or non-PTY, login or command exec) and fixes the latent hang for non-interactive SSH (scp/automation) against customer VMs. * Delete the /etc/profile.d/bitwarden-first-login.sh auto-launch trigger and its references in the Azure/AWS/DO packer builds * MOTD now instructs the user to run `sudo bitwarden-setup` when no edition has been selected * Symlink setup-wizard.sh to /usr/local/bin/bitwarden-setup; drop the wizard's self-removal of the trigger * Update the 001_onboot comment to reference the on-demand wizard
2026-06-28 06:15:46 +00:00 · 2026-06-11 16:09:00 -04:00
parent 4cf50517d0
commit c9826baa33
8 changed files with 17 additions and 40 deletions
--- a/AWSMarketplace/marketplace-image.pkr.hcl
+++ b/AWSMarketplace/marketplace-image.pkr.hcl
@@ -121,11 +121,6 @@ build {
    destination = "/tmp/001_onboot"
  }

-  provisioner "file" {
-    source      = "../CommonMarketplace/files/etc/profile.d/bitwarden-first-login.sh"
-    destination = "/tmp/bitwarden-first-login.sh"
-  }
-
  # Move staged files to their final system locations
  provisioner "shell" {
    inline = [
@@ -136,9 +131,8 @@ build {
      "sudo mv /tmp/install-standard.sh /opt/bitwarden/install-standard.sh",
      "sudo mv /tmp/install-lite.sh /opt/bitwarden/install-lite.sh",
      "sudo mv /tmp/001_onboot /var/lib/cloud/scripts/per-instance/001_onboot",
-      "sudo mv /tmp/bitwarden-first-login.sh /etc/profile.d/bitwarden-first-login.sh",
-      "sudo chown root:root /etc/update-motd.d/99-bitwarden-welcome /etc/ufw/applications.d/bitwarden /opt/bitwarden/setup-wizard.sh /opt/bitwarden/install-standard.sh /opt/bitwarden/install-lite.sh /var/lib/cloud/scripts/per-instance/001_onboot /etc/profile.d/bitwarden-first-login.sh",
-      "sudo chmod 644 /etc/ufw/applications.d/bitwarden /etc/profile.d/bitwarden-first-login.sh"
+      "sudo chown root:root /etc/update-motd.d/99-bitwarden-welcome /etc/ufw/applications.d/bitwarden /opt/bitwarden/setup-wizard.sh /opt/bitwarden/install-standard.sh /opt/bitwarden/install-lite.sh /var/lib/cloud/scripts/per-instance/001_onboot",
+      "sudo chmod 644 /etc/ufw/applications.d/bitwarden"
    ]
  }

--- a/AzureMarketplace/marketplace-image.pkr.hcl
+++ b/AzureMarketplace/marketplace-image.pkr.hcl
@@ -141,11 +141,6 @@ build {
    destination = "/tmp/001_onboot"
  }

-  provisioner "file" {
-    source      = "../CommonMarketplace/files/etc/profile.d/bitwarden-first-login.sh"
-    destination = "/tmp/bitwarden-first-login.sh"
-  }
-
  provisioner "file" {
    source      = "../CommonMarketplace/files/etc/systemd/system/disable-swap.service"
    destination = "/tmp/disable-swap.service"
@@ -161,10 +156,9 @@ build {
      "sudo mv /tmp/install-standard.sh /opt/bitwarden/install-standard.sh",
      "sudo mv /tmp/install-lite.sh /opt/bitwarden/install-lite.sh",
      "sudo mv /tmp/001_onboot /var/lib/cloud/scripts/per-instance/001_onboot",
-      "sudo mv /tmp/bitwarden-first-login.sh /etc/profile.d/bitwarden-first-login.sh",
      "sudo mv /tmp/disable-swap.service /etc/systemd/system/disable-swap.service",
-      "sudo chown root:root /etc/update-motd.d/99-bitwarden-welcome /etc/ufw/applications.d/bitwarden /opt/bitwarden/setup-wizard.sh /opt/bitwarden/install-standard.sh /opt/bitwarden/install-lite.sh /var/lib/cloud/scripts/per-instance/001_onboot /etc/profile.d/bitwarden-first-login.sh /etc/systemd/system/disable-swap.service",
-      "sudo chmod 644 /etc/ufw/applications.d/bitwarden /etc/profile.d/bitwarden-first-login.sh /etc/systemd/system/disable-swap.service",
+      "sudo chown root:root /etc/update-motd.d/99-bitwarden-welcome /etc/ufw/applications.d/bitwarden /opt/bitwarden/setup-wizard.sh /opt/bitwarden/install-standard.sh /opt/bitwarden/install-lite.sh /var/lib/cloud/scripts/per-instance/001_onboot /etc/systemd/system/disable-swap.service",
+      "sudo chmod 644 /etc/ufw/applications.d/bitwarden /etc/systemd/system/disable-swap.service",
      "sudo systemctl enable disable-swap.service"
    ]
  }
--- a/CommonMarketplace/files/etc/profile.d/bitwarden-first-login.sh
+++ b/CommonMarketplace/files/etc/profile.d/bitwarden-first-login.sh
@@ -1,16 +0,0 @@
-#!/bin/bash
-#
-# First-login trigger for Bitwarden installation.
-# This script runs once on the first interactive login, then removes itself.
-# Skip for the bitwarden service account (it doesn't have sudo).
-
-if [ "$(whoami)" = "bitwarden" ]; then
-  return 0 2>/dev/null || exit 0
-fi
-
-if [ -f /opt/bitwarden/setup-wizard.sh ]; then
-  # Wait for cloud-init to finish before running the setup wizard
-  echo "Waiting for cloud-init to complete..."
-  sudo cloud-init status --wait > /dev/null 2>&1
-  sudo /opt/bitwarden/setup-wizard.sh
-fi
--- a/CommonMarketplace/files/etc/update-motd.d/99-bitwarden-welcome
+++ b/CommonMarketplace/files/etc/update-motd.d/99-bitwarden-welcome
@@ -111,8 +111,10 @@ else
 Welcome to your Bitwarden server
  https://bitwarden.com

-  Setup has not been completed. Please log in to complete the Bitwarden
-  edition selection and installation wizard.
+  Setup has not been completed. To choose your deployment edition
+  (Standard or Lite) and install, run:
+
+      sudo bitwarden-setup

 ********************************************************************************
 EOF
--- a/CommonMarketplace/files/opt/bitwarden/setup-wizard.sh
+++ b/CommonMarketplace/files/opt/bitwarden/setup-wizard.sh
@@ -66,6 +66,3 @@ if [ "$EDITION" = "standard" ]; then
 else
    /opt/bitwarden/install-lite.sh
 fi
-
-# Remove the first-login trigger so this wizard doesn't run again
-rm -f /etc/profile.d/bitwarden-first-login.sh
--- a/CommonMarketplace/files/var/lib/cloud/scripts/per-instance/001_onboot
+++ b/CommonMarketplace/files/var/lib/cloud/scripts/per-instance/001_onboot
@@ -4,5 +4,6 @@
 # created from your image.  Things like generating passwords, configuration requiring IP address
 # or other items that will be unique to each instance should be done in scripts here.

-# The Bitwarden edition selection and installation wizard runs on the first interactive login.
-# See /etc/profile.d/bitwarden-first-login.sh
+# The Bitwarden edition selection and installation wizard is run on demand by
+# the user via `sudo bitwarden-setup` (advertised in the message of the day).
+# See /opt/bitwarden/setup-wizard.sh
--- a/CommonMarketplace/scripts/01-setup-first-run.sh
+++ b/CommonMarketplace/scripts/01-setup-first-run.sh
@@ -29,3 +29,9 @@ chmod +x /etc/update-motd.d/99-bitwarden-welcome
 chmod +x /opt/bitwarden/setup-wizard.sh
 chmod +x /opt/bitwarden/install-standard.sh
 chmod +x /opt/bitwarden/install-lite.sh
+
+#
+# Expose the setup wizard as `bitwarden-setup` (advertised by the MOTD)
+#
+
+ln -sf /opt/bitwarden/setup-wizard.sh /usr/local/bin/bitwarden-setup
--- a/DigitalOceanMarketplace/marketplace-image.pkr.hcl
+++ b/DigitalOceanMarketplace/marketplace-image.pkr.hcl
@@ -92,7 +92,6 @@ build {
      "chmod +x /opt/bitwarden/setup-wizard.sh",
      "chmod +x /opt/bitwarden/install-standard.sh",
      "chmod +x /opt/bitwarden/install-lite.sh",
-      "chmod 644 /etc/profile.d/bitwarden-first-login.sh",
      "chmod 644 /etc/ufw/applications.d/bitwarden"
    ]
  }