From ad47f737312e70662567e068215a636914b56c9d Mon Sep 17 00:00:00 2001
From: macmpi <16296055+macmpi@users.noreply.github.com>
Date: Mon, 20 Nov 2023 09:00:41 +0100
Subject: [PATCH] version 1.2

New feature: auto-update apkovl file with latest master
gadget: improved setup if several ports available
wlan: only start wpa_supplicant if needed
updated doc
---
 README.md                                |  15 +--
 headless.apkovl.tar.gz                   | Bin 7547 -> 8555 bytes
 headless.apkovl.tar.gz.sha512            |   1 +
 make.sh                                  |   3 +-
 overlay/usr/local/bin/headless_bootstrap | 123 ++++++++++++++++-------
 sample_auto-updt                         |  10 ++
 sample_unattended.sh                     |   7 +-
 7 files changed, 114 insertions(+), 45 deletions(-)
 create mode 100644 headless.apkovl.tar.gz.sha512
 create mode 100644 sample_auto-updt

diff --git a/README.md b/README.md
index 8427b02..3a5dfb6 100644
--- a/README.md
+++ b/README.md
@@ -25,15 +25,18 @@ Extra files may be added next to `headless.apkovl.tar.gz` to customise boostrapp
 - `interfaces`[^3] (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
 - `authorized_keys` (*optional*): provide client's public SSH key to secure `root` ssh login.
 - `ssh_host_*_key*` (*optional*): provide server's custom ssh keys to be injected (may be stored), instead of using bundled ones[^2] (not stored). Providing an empty key file will trigger new keys generation (ssh server may take longer to start).
-
-
-**Goody:** seamless USB-serial & USB-ethernet gadget mode (PiZero for instance):\
-On supporting Pi devices, just add `dtoverlay=dwc2,dr_mode=peripheral` in `usercfg.txt` (or `config.txt`), and plug USB cable into host Computer port.\
-Serial terminal can then be connected-to from host Computer (e.g. `cu -l ttyACM0` on Linux. xon/xoff flow control).\
-Alternatively, with host Computer set-up to share networking with USB interface as 10.42.0.1 gateway, one can log into device from host with: `ssh root@10.42.0.2`.
+- `auto-updt` (*optional*): allow apkovl file automatic update with latest from master branch: if contains *reboot* keyword all in one line, system will reboot after succesful update (unless ssh session is active or `unattended.sh` script is available).
 
 Main execution steps are logged: `cat /var/log/messages | grep headless`.
 
+## Goody:
+Seamless USB-serial & USB-ethernet gadget mode (*e.g. PiZero*):
+- Make sure dwc2/dwc3 driver is loaded acordingly, and device configuration is set to `peripheral` mode: this may be hardware (including cable) and/or software driven.\
+(on supporting Pi devices, just add `dtoverlay=dwc2,dr_mode=peripheral` in `usercfg.txt` (or `config.txt`) to force by software)
+- Plug USB cable into host Computer port before boot.\
+Serial terminal can then be connected-to from host Computer (e.g. `cu -l ttyACM0` on Linux. xon/xoff flow control).\
+Alternatively, with host Computer set-up to share networking with USB interface as 10.42.0.1 gateway, one can log into device from host with: `ssh root@10.42.0.2`.
+
 [^1]: Initial boot fully preserves system's original state (config files & installed packages): a fresh system will therefore come-up as unconfigured.
 
 [^2]: About bundled ssh keys: this overlay is meant to **quickly bootstrap** system in order to then proceed with proper install; therefore it purposely embeds [some ssh keys](https://github.com/macmpi/alpine-linux-headless-bootstrap/tree/main/overlay/tmp/.trash) so that bootstrapping is as fast as possible. Those temporary keys are moved in RAM /tmp: they will **not be stored/reused** once actual system install is performed (whether or not ssh server is installed in final setup).
diff --git a/headless.apkovl.tar.gz b/headless.apkovl.tar.gz
index 8a57b83d8c4d9a00aef5eeab6b579d268fb77a0a..e7dcbe170e485dcfeb2fb90d1f5ca15ebc8146ed 100644
GIT binary patch
delta 6586
zcma*pb6?$$!+`N@EH86u8LMU6r^R(LmzPiVsc$XwgoV|~T(-4rTg%om&i#7`_kY(T
zc)zY^krSB&Gc2f-`SlxBFmLixqJtpG7Pr&`Ih>_OlI!nXO49@Gk)#aWLt_0IlKE~@
zJ|Z{Z_RDVpz8UfcH(BT&aM`3px}4k#nVsl-9AbXy7*Vv@R+M{KW_nS5om8zVQyqkV
z<=x_rhik=z!gjh$5#je(#4F&#rmD4C3<<~^`ZMbrBQH)sBV5x0E*V_`$8u~fV?QCq
z*=)_mrt!S{u&EGe@^F(MZWmlP_n5OT@fQ%`Vg05RD?JGm&>(J!o@}<4OGpNOgMeQL
znoN@(z6to8%~mDuoqWJk_`dsKVkp(gT)J2ZU+Dq2U4Gkq%bGY0Y<ZhJ=e~hRev<%U
zU2fLEg&!T^FdDcwHe$3XB@mN0W%~k%zeqZ<KLkt4zxuyuBgxyoOzT&X-fSMI1Df!O
zt1d-#SX;blj3koeBpmh*?mb*T84Vw7hVMSn#)<8~|2zn(|GVSOx)V>POW0eTqm?9o
z+tu8XRD{s(!?phUzFsIF?qwN(lSy2wuA?edbIOKU2DW-|T_jWx(JlFlwU{$y9ZsN)
z;9h=j3;8_n>z!Aq_qDYxb=n0G*+J{o_qwFPMbWrGE*ul()_!)OMg^hM)8^I?2uVLy
zmLV|OQLA!cp81{b=lNa01)X~2o%<_<^2DcDKMHoKkK7z8>3F;8MBI#@G1?a6=^gxT
z18T`Rm}PWIBtcEAUzVCs>(b{MwMujEifC8}N%WdC-}^CYx%JigMMMUmH`6I^-lq6s
zhw8)7>?6N+`TT%lzb=|Kkan<Y28(or#PQwy7F>`|PwUGR>fV{X9yx{qcboscb(M)6
z)Exi`pO>EL;K-AwlTUCIfsnUr>WwWE=g+6P2k8w^g8r?@XMV#6w{1A@GWx~l5peoD
z3LCz654t;08v~NzRRHC4(&HO!8;+Uw;Q9&+syVprf_uOxZSdh2;$jWP2rB<rDfUOa
z6_RYjEcupFN?jko<Ua`buwA+jhjN?rR2^rInfY3K*Iny0*#0EZZ{X`lRZrCVbM%w+
zkX;@Ym@^phHPSwXgrUghqKEl+9+kV3WRkj^aR_tFjyB@10<EyS{!~LN3IWuhZ!(NJ
zZ7ku(wP#$|#NOOT)t#}jVf>2rKZ`i{ewd@1<0)^{@(>QF36&HwXztAoC@;CbP9W;c
z)TbH_-kd`PLs-Mc5GBEt+L<~}Pel-$qhYy%IErOzE@++mr4s<Ubo#~Z`9WRB&EeJ^
zMUOnP|F)Y1@Ioy$@R_5=iefF&aVu|E@v~7xwRh^Xw0NKHH|HEtTIO_+zHDth%Cs_<
zzK22}^;JBaocpvg#!GPD=igtdD*=B6&>zaUrs@*sVdroRP7_^QkL7N++K?$#ZQ-Rv
z;=$X})E}d`7*UbedM1!5@kntQ9?M<qO>u|S%n=h|puEqCZSTp?MaW2t+Wkq#{VTaw
zII6c)WW8LOdORnunW|L>!$^trOlscg#GP}%K6{Uc(Z5Dq0}rYr=-;1n0j<OzkKKZp
zke5sGdCj|SWb>nuyv>OWZCHlteZ;Hq*4f<{n<f|2$~ks#{*$FPt@>0+dOe(b)sI_a
z3ic3$0$Bfv!z?tGs_6?5PxiQ2tR7QOM&=yNH`=DY`J~e2ehy;_ImlzC$YXI?=v7KL
z&de)zpwj*OUf?}*SzStZD8C$HibMtXtTjmwC+*IMzTGxEqbl;r{ynG7Jgr58qTem^
zygx|8IvKr_4gVS!Wy@K>qJ#J3eitBx*M(*VbONi`NQNQ{G;!;eZW~HZ8v=)ORiN!K
zJk~$j_1oWl=4pvknU}&uz~1!RO%EwH?EkP(h6%|YsEm@|s(I<AH{@JBxj0!D-K4Xf
z%7ZT}y}|0qpkIr{h_Uxh9rP2nIQM6N#ZGH`mWG0A4D$?f7z&HnWsKR#^q11V%?K8!
z<l%kp$q;Mk$RFA(Xe5`;sr!Pih6X7AkCgk;OSm(9%>@(wc<u{_6YT(-sMp3lwDK@G
zyss)4e()H(uDKIWkAViXzdgS^$Ft;Cy<H-7MoKI;a@#k|8?H~yHL-wa_d2fkQLnKA
z5D{F?*k5miwwk(s;y)s<uR(79e%tN8zyCrpaqm6BZPIqtQ)P?B!xh90bk&PrP+pcl
z`h{_gcGnIm@ZfdlIZBI`+Y-?9l-*_e((&K?{60+E-BOh<$=U-)?OUnp{@F+3e|6jR
zofd#xkyXdOK-#{K@~^HveHHlGjsSm9yzKnYf!i(ls*n736o7kK1)u`WxVP&{{udic
z?<NPkUaTd20=;Mt{I87x_$$vr?ycLh;C&nILS}RzPrV{sas^%Z{_GLHxY6*bA=YYo
z@=#wOEHYR=)u|h?c1)Mq+@>xwL08Gf>!X!PEz>H6mGU(5j`G6=<owK8+>wY+u&u##
z?hB^U@xd8nGN9p4EXlqB1pchpQTS-tJn{k(;0c)4s3_Mqp6mhw1Z#iaHF21`{HzqW
zrHCZuMwsh4>?uuS(H17~b<h;knrge{pC3?l8f@-+yQX0hqH(!Sb*<*73*kHz7vqnY
z7a+|U!&znWI+Sk@;Eh9CRK1gLO+yXziLH^uxbbFy;LE|4PL$g@G-alD6v1bS$SccF
zaWB)6-Hl@8V;_KMLh+w}GUbIfWc#p1J+uY!90!T=QCE&SJ}v~Q*SR=KRx1YI&o49c
zn=@P9R)6x%&i^gZMzG)PWjx=tqwi1zekTl??4fyPi}mq({Jkl9ip{g^`F>nBaUgpq
zi9^~9NA&Vc7bnDy?+RMi_`)_OkPmJ%HinQ2BT|D14h#VHPfU$TYF3HweS61uy1lEd
znLL{tUMd@w+!#N6Pygw7K0+OTYpHz1c@^f90lpxArnhNa!{$W`RMmOc#_%pJ;ydnw
ziZ8wn_vni&RL5G1z((jwRuTnnKC(QgiRwf*{=AYueLc0k7>=|5rd3}7xSU-Pib5P3
zR~L#|c;$dC`d5}?XeVF5JEfP~s{O|kSgN#n;qgGK&q+(*-_Pkv{6ZuA;9ozP2vXyR
zMbq3vJ<S&96x05QVXc;k$L?E%bw)5GR2xqcbX<_5dQc)E(G{*ZP5UW?{AXh}qfv|;
zH%mxoM4I)eY27_ZJwqAzX4QbSe$o6joW{W__dXP0v-tzf`dyzfc$WZvWthOMD^v~4
ztX?sEy;8Bw{W+e$OR*HnNhymlJ8!Sk4c)+ZRwkgtKB3&O6R_hZMvF<ZW8RdW6&Tc5
z5=z8xjJ^piH0h*@CEZG*OHnW5=DPVf+JNal`jJFFB-|&V`1upQ{@~YM+6sbk@-a^6
z^&vA5apvf^SUXab<-vXqG4zvfddF^pxP;x=8rmRN%ev5@N9=f{7isB`S6QJEKrYzI
z*>zIWG&Y0M>P(DO(Q(;iNB_y#ipENCm~z=X0?mO_MFvNwI><zEW4yM1@~6pFjaD{F
za1H|}?%F5I>fWJ1)@jZ8L3a#O%t<tlJ=am-U9D(rns<>G#^_;2Yvgn+H8jx8)w?$a
zHIx`VYa=q~vfw4mvOq7c)4e3xF_@;18i8LbZpEmKzSEyT=flYXiuh>O(ESt3TDL!&
zpSZ!INk?4f@9=0vv~oY4jl6G;2!C*Fv6cydmRFJFM1{S@+wf3)iev6a)VHzBer*eY
z1zXylDU!${e9TsPGJrwfv6#(jbse<;e%uptDMvA$V|_FA;b9Xo_?8S|C?ne0-*t@Z
zG9WP(N#v?}^3!}CnR0p-58}f6PjaF+wltaPj<cNf`sUed=n<nN4nYQe0X3D#mOHpL
z+IOVbz_5Qk-RYb5^*(!>%5@0UBoYkp8JMVJQw!P@_a2Hyla>-{RYhy;EC19zQ#jV=
zSvLCOPBt(76Si)vOFE;kr1)#6SXQ)$@+&NHPEb|Fjnnf}_5wxcH4m-OmyZ1JUt}k)
zXww)TKbRULsapI+z2g+7zoLE(b8D4Rp_IX>4bE?t6lmW?tJ0E0O>qmkLpnSIzF@c#
zR2W~tjGZu;`ecXM4(f!B+qM5oRPox5lu{TTheG8(3itm582M$QBV4xzWZ0(r0xU>A
zkY{6bv@E69T%cvf2^P1t#h+_M7Q~@UFh=&N>D0*H{VKCk62dXbtD{fj@My0itx`#c
z$v&PsN=H4O{5IGny)T&tD;Gila{MBi%vO{J8tt&p&gXq=*z?!(zcrPy<Br;Bo^L%>
zD|5mn=yIuMel0gulG%c$iEJ7p%u%{kLJ1IsN+l*gjd{=*x5dKbil^Rd8PAVbHulYa
zXl*D{`KM1CU7?;L99{HrPtkoN?9bnx?d^aat+2+Gi|1sNdOD2`kn1!dpg4L=;Xd6E
zs{hGlLn7c7-RjXLjnJx|Ir{|6;!{#KBBuWUK5jXq5L6A&@3G3aaGYwO6HPqDp84W?
zYEyvGonU0RP1=_459%gVLxRx1Mkpc`8K>=S?V+~Pi{c>Nyq&3jReCl#rdv+VltNbT
z&UnNaksN1z*e=eBR855d&}oHl)C!fBSP%8eHHdgKc&&kD-0w4pyP*^zhH4h0&>+rU
zJ+(Rx4NcDIwx;S{j<Y|r58+~%6T6{d?r3N&;J4T_sQ`sT7q`~APpO)v4Y^iXseA?5
zMz>`RamHotA`K^=9}vyVCOOC{Yjs=SIWTr{Lc?s#7mXstn+}nIpdZ20iHx4rZdt<@
z)w*Z-U{m~|Or?(#vvmva6{^sKS;FI+)7q^Ymy^v=Urnk%p9w6MI`Z*1)im%HYidjV
z9$$nq@)q!HM$&BmG%`P-DSzKxyJl1qdM-74(@DehofhXQ96c_;<Hd*PkoMo%hL68H
zpKFJ7)qOK?=mUlWyCsX_<S?rH0rZW-A#p0)wJT+pEh<{vR&?az)w5N`rjusH!Pg$M
zsk3<efeE{{3(3HjrK8vZXBROMi6d%STF78X-`nu^q0d&_X-JQm*!%louJOE7FONus
z8Gm>X$tgw)y1hhs#btE$!D8NP`u}#f&3lowjni#_Q!g7Je$7*{cg278NRy+wL+}cT
zA!xID@RUqntVfqN|4Ip#*kdt0VKzFq0da7v-2Y?IE9l4~Gyv*NesC9mu+-bOumQc3
zRnUltwp^Moh2E%JjQd^M<qtgBpLdgJ4EjznMCfjSeu(&asWNOuo~cN3hA3%wNJm%v
zi~Z3v$;u4W6ec7jbB3o6NGOI4(M72pD{?u7yJDxZmnIRLB)ZZ3NQyw=Vam_nk6;&S
zyfpWYRVPsWg8kXQZ_f5UPGVZVTElezKa`Z2Q0fwJYE*`L3dq-)enRIgnGk!3ZZ%-S
zttMAq6P~KN>0Gh2=&<*Zs+$5##6gViI`*%z2(ce1!P~{FbJl(%V`E3y(V|b&)1AyS
zRC7SgHj#-7_8Tioz^JaUSE#Xu`CFv9y!qskyg%V4sihm?C;B~WrQ#_qU-N~0mFNOq
z+I`6A0mwm=ZxQ&TlocCO+mn2D>K24f7~-vY8u%a<>%<}lVCx8Fnc&~kh@gj>tAZ)S
zZ`%OS-{vPx&-Ek>9l!QwPo_hvuP)*zL>`Vsu{Y4Sy(pV6i!COHixHmTo80W~m`Z&0
z+~uad#~6(gR$W#al#}s@GAB+|PT2kSUsno>2FV}QJQwFEQ({{k<7!Q|c`KUN_7O{q
z?{zk$E+-p@&gniaSXI4Vw@2;;Uqq)a$-%(KaEusJq04Hmr37YKVj9I8UDp8%5*(FM
z8wXt{MG_uEzI^>VjTL5`i4>*CC>td7lPf5;uW7QjMn423N<D#CXF;>H&7;I`S>mFN
zPmy7~`s92P+05@@y-$AhP!K)mjwGC#df~g_*0gzI2uXceAVoE-=!jCC`@)roy$FQ=
z9Yc_tC2(q>UW(<O{}=q=&r+Gqf#~ju2fMx4Gzn;7%<3B}a$%1%UJn%vw!E62!WLhB
z3udaK8;lYbw;W_Tm{bO#k{~VS=A<;==#(5}<}I0Cc`c5=QHp|zJk4lWn?tDXM@Pvf
zIk9q;Q$Ds$Q8l%vd1`x1MCy?ukO6g#LA905#qr_vxcpVRRq7tJ8pX8D^`h)z*_9%h
z_pxf2W)USAtQtG~%19I=`41MvAe#v-yj`?X@iC~bt2|cP9t=asV#oldcS1v@V{{gf
z2Ese)*W~8PhQUE&#qBXM^$?1^$PimT%5E&OSLNw|z_-yhpyM+cH`hiM(DizBRQG)y
z*`dUik4cLXeCMM#MKUS6ME12;ZW?*$>%&3b!9}NK!e(1ii<?>ysF5$AZQB~;+cFSq
zs=9(JzkX(c;0q#bZU2aQu0cJbp=ItzwlmVsn|eRzmKW-sQ5S^(<_#Brw}<F^7-V09
zrp~#-DHHaWKd2VFA`n>;K!wE+O@@%TXUV&<s4%By34`Ehew5FdzWj?GY!?={Z5^^V
z7hY+r!@b9MaT*#LBD0R9B@&9hXmL9U{PC=eR_>PORa@bouZ!+t(XpYuR;VbW`}YMF
z=q!KuwUoCwFWcYH7=AEHBcv#2mwv~jMD<TmX_8VcFAy+Gy}cv^Y{1I3@ZbQGt{VIc
z$C?J?UhLUlYSR(<#ntq;gH)<M3>_CGOPI$$*fkWHd!9#W`|(;N<P3z-n{Cmd+ICk_
zxIPWFt4}%&Hv=l;{)Q=sYo02x%&X@$X-y-Z4aX{RDVfK<vTUCjnAw^xboC)YGS*)B
z+c!Ry3*IyQ{=gLwAHCQGp0j<7HSR?x)tkZ_qDB?cAt>26Uv7B5i^Xx+WMju9eiC60
z5NcUGqq-Aa*VsI!U0_!;V;QgEY?Ya0r8%i6mLbqdnK<%}7Y!NA3hdH^cN*oZ!u3S0
z(zfy$D3d43|2#F)aB+V5g2ppQu>Aehv@%Vnm~&!ojfD&V%>Iyc7};c7bF13!82f2@
zip#<o#$c)0?*&=4oDY1}_q%!(RMQt)wY5W~KMJa-){`=&*pwyHIOU-w;<Dh;*d;&l
z6e<75{TbC^y6QNoGT3!H)_j(>)WzonrK~1HJdeAFeJp{xCey&5GWC-1PB}4)MY&r>
z*k34mjVc-VU_GJo&WTiu`PbMLKa3!JU-d}Vb|0#^HtbwyA`3%%XLGHr7RDYfO7166
z_VUNEaDwG_db#&Y@sc9(f6fjmAPHEaHL<`?k)YbkZ5c~?O9?YqlGhwnnWB>8Nc@W6
zN80WN3KYyF^(!ta3CEX;EHxc-FLKpR-8|9>byOI@^wo25psY8-d){2K;uqgnesWNG
zqQ-O~1{S&TO3-Y&TRNdINt3qSy24J)`=pV<b&g0R#yzWlp&xRfKj59tDiq1ulVW)4
zQjg4RYFl(#pF%V81lqt*A?}U%Yo5{ZMD-#H%r8Ab#fKxi5<?SPiu87AWsDmBD{K_9
z;j4%M^<ZvQ-=KwJzZ2mF==^(Yj88H|XQWe%{Q6&(7VM|KFVP771b8`DoNZ9x^ZY~I
zE}lG#1))bvggYJ@Y50!8#CHZonXwJGiX<W;tJ*BXGL+&zP1YK62xdjKKmu!H;-lM$
z^ut)*j)NIh5@9aCon&?j=KVsA<!O%X{?QPSOvINmZhae%Um@|sW1|BCd0h4eu4IH%
z&L<{}*7M)A%bVfM!NMZs;??+0Z4KNL+<}iTe;+UB%jpFkqiqlR$RthM10jLl3&)5O
z^t?~Mb*xV?ePSx$HuQ6T*3U1tIBy>ZE6&B8zC=uc6axEWW>dQKnVj`3SuN_d(Cq*=
z>|h0H4nj5Vj30BUoZBLCH>GGJ-_CYx8LCnC*|V6*PZyx3W|sw_UU+{~H9akHUpy)k
zcr&GPkj&TyeTOAd^@$g6F#cFik^MRt1l4W|kH&$y7^1u;BY)Y)*_^K(89!VE<-Cir
zQ?c79X7AdwFUm<WmJ9*{Me4&-2m}G7g`Lh(yXI?MMn*<@y6In1DfbRJ248~ZG7hrk
z2z}N?JT&oWU>!?HUzZqr-f{y+j<ejlQQ>MhYX`zOrX=*OO7*7yy_bN&P?3*zVr#8!
zFX}sf#R|9P8w==&HfV@KRz3W^f4)AbobFZ<rh_`$sn#`pEGnGV3Jc5WkevYW7R~=0
zuplx(6n1a-aFTFd@Uj-IFSsO*r-jN@BLbNxM(h*%tCTr+Gf0d*UP<eBm@ZNNLw+`h
zAT2{$;w;K=gWFP5tne;-K9|b>*X|P1R7G|Lx5&?dc5sovbXPSKRvnAiZF>|#c;T$#
zwN*bqX6NzJ`?GxBrlbV1e+&Ss)~EB+fCtx%f$B~T$w0NdYYRBzm_S}wKd~ANLqlD=
zT7|jvSX;ESpI$V7%zW6*TNf>wBzf{66Z*LC{OxFN+5uy3=>cS5<@lZwu0vt3k%OF^
zT)eoQ&f_FH&#^E>IV-JJ$hF;WaqV3^5LQrGQ<I+ux7zxiVW-fExeD0-YBvy{up{(~
zoXhSnu#%OG6JK%(6QOJ%R4N>YC_dt+ps^uOh$u4<G1d>dvmXiG9?d`v_n<f{dDQ*s
zn5fe>o&Wi!PTCxE1dX@0)jC)T8k8E1h8ha~V5CWT7+F#;miY$s6hV<eBN;n0*8BD+
ze{V0ZuU$q<i~aCFF1uOhkgFGp<u!Q-ua=-xEqmxCC9`~_KSt4D&a5b4o$nb<tvQ#n
py&`KjfR%jJyRmTvWy~ZO2^6xa+pGM)6W(`Co7j&@i;#nW@PBH=40`|o

delta 5570
zcmV;z6+P<fLi;+9U<!gjN&NmCfiVpIk!m#+urEOP8UH82KQ7|-mACi}=|4gs)RDC9
z0^!J$qX92}=euY9|2^pc-(?MK{Pw*e0RLP*IPL74k8Hx<t9)b@enf<yO~Sv_|Gf07
zx^(={6$AeA_z%TM>^c7X74UzrK%wo0e*4NTi{P{8f3T0@KN6c=!n6H<3j6<AZ2ebY
z(^XYjw_y0z^<40%voHBJ^6SE%A3a11oTbhO?e-CW*MUJ<gK7+V{v-7W0N+{v=3Vvq
z@mt&T>Nmdqn#5nD!E2v>jVxa;aWI-A$M4Dl@-<1lcKz25_S%JC`}Xg2M)%A0e|CSF
z-}_nfnNooNj{PT)XZ!#3_`h2SSp3@fV-!U^<Nxd7|7laf5Bw?W=i`qOC_3YhzIwHo
z|2}Vjdir;c|2=B@+<p9F{1Nzh{{Mvdze}clUi?4C{U_J|=5XN||EI;jX`;7}>9p_7
zP$0{<sXu-){K=ode~$J(%>SXp^ZMVD(91iqyeKQ+UgZ^Cmq1mMPmIBX8{T}B0uIJz
zPN7UTht$?3ZM}qN?!<~j@8rk(CGX_R&N?uE-xGU3?1uZXom@0*tut^K72|l@-<de}
zK&+x(oM;9!)suuGw8oiU-%O-gGxh4`Xx<Jwlp*B$_cqq?POlU{;jad834hq?zuPEq
zA2gSD8SCx>A-pBWT8=xl*e85CD6Uj3A!Xl&;S{$$?%@KmO7|k|sKd$&m&d@l-1v2W
zghIfiR&m2Ms?ZAXL~!wnxZ(Hl3DUZEFpV+Kx4}LW+4dY|=2>g3i!w2XH*bK)r{$H^
zKmY8%1^s_jb<Stc{~$Q|Vg3iksb~Fv3YtNG`3`UJF1H-^(DTe%$%ta`#Qm8p{J8M{
znCyf1@AN-*R>g(?^7|?Kb0+3L%Kz7Yjs3}d|IhIM1WbIm{!hU8^ZMU^y8mahhyV8;
zp4u${C3+MMbLBgu$uq+-8SKhbIDD^+!U&m#H(+$+&|9k|HfePe8C~ISxLKzZ;>i&2
z2Pq&}XIVa$;)>u4cy!V*5iJ?p5B)(yf}zj@Lq6a1Rk?~yi??<b9G2;2+lFm_-B0^s
z%PcYtngYNzp%JOwlS6gcc9#W;yO(rW-^L-snWMBzQx=)Ru!As%ByU+531g-k)KZbB
za%$rwY`A{s04Zr&%dF#hcgdPT6hr2KA1~LaO(}hS(>=5FWFk^WjqDB=$yqu0w!bO(
zHqMv2k|wD*wR$-MtBl0rdf*CwyMk0KJn9YwMHEx1xK&;yJ+q^Nw6@_fF^o(-YB$7G
z)wc7@?6R_D5^d_ta)JmTuAak;7j{=hyBc#mdU1|;8a|^b;tj`JSX8%Uw?l-ME~+!S
zY~VQALFlC@9PCJn<N8#~!sP}8#YB0lu080U#2z7-G4h4)9<}XF<u06m)#0|3a(%tG
z8!e~~IejTPt_-`wf;*r@S|Zh^$CendC9+--Wz-;POHp=bd$&Gwm0&t8dfNspI*xQn
z@k{DHU5XX;I6#tt?9_*tu;2Ni(M5r~u!$_Q6J%Pvo>zx%mAH}H=WEPW7V>$)p^mRt
z8&?bY<k0xyhS)DJx*AD;1;L(AF(+);5YmA4a+edbe9LuZYPK-%UFbDDOOVhULz2OB
zQ4<Z(lQ(N&q|B{N(Ni@JDsc=N3=`GaN?^hnqJT=D)|ctBir|)y@seTkT{NxNjOXI=
zwr^3WYb;aN-0GM@3q#+LJIXBaEmKb-vCqZ8aw1kzfx}tC%|73M?FE4>9cvHA?y)#;
zBz<ohbn4fsa6<<a;wakiIlStRi6s+kLmjWXknmglN;4ID1%hOW3w#bON`KfGkZ5lr
zxH^{>l<T-4&$iV-c-K3xCdw(!>(hY7`?lT?=QD=;c5xnd*<fsBz}PHNEKreBQx&1D
zl#46u%r)tn(@N0}oM26!+TKy*a#GuDw$igz2TTTkDfoH)_o?vzZvWhG34a79pZEVi
zG5+^mAiov-QS|x$Kl~c_f1cmi{WSh4Mv>S@>%S!YJpX?R`sxo4;G5`kZTpf|Tb<Pn
zO?`XfHC^5-Z(bm;kQV^()~?b&e*=CCeEE<+(9OL!FTS2j-rZMeINzf)=a;VC_~6$w
z0~i;7z?Wazp7#y-)qFiemt|mCWFr^{U{SW9oz=4lk6=~%%{-8q`OCTF58&L_%pa8C
z|AJxdSK!Ox3cmRI+qsXwz4!~*M*h9sx#gK{ZhbDAOJ0C~{3CeZlHLa3pZ==>|Mb2F
z_}9OJKir1;ZX~{UZzPE4<6r(VA3Q(1k8?hM`K|wcnDfy3xa^wy-4E-{ML!tYqyHc6
z1DyNz{C@F&?OknC+r}3DZ2gKw&=@GPY?tIVq_mSJBxRbA3?%981nLpeVynoKqLnai
z%74GlIlFqXZ1OVgw~J;n*xI+VXU}=g%X&9)fw>QVyf<jkkKr2hD>QII(N*s0dAFp0
zzk7P_y4^3C!uA$@m;NLXHctTD!RXPRm}N;k7KQT05*(D*VQ$(;<@weP)|b~HyOO-f
z>%zy%fDN9Yb9hdXisV9oGgB;+*rbDaJK`dV0-5ayHJ?Ude2KB&3+FFl`v6Qoqxobq
zFS1w+xJWJ(`QV*bzR`br3B;C(0WEodl9jY%a++Mp&kZlUI6&1j@_Z@I=V({1T{Q<R
zns?=ek#`=+Pg0vrg_B*F!Uf`)MqPb+C7g?e*QWjrAE}whDDo%L#~O!<M%+JnG92s<
z1%&J}PG+%Csq{nAB`A#LMWLs}C`!g-neBJ=U*V{ndhM^TZ@Z8LbWD#pz*Mn+AgPz-
zB2UD*6hV<jp^qgat;4JKS!=NwBu3|QnXPT<6;I1z&FOXVnq-=e_gsWAC~NmZf`Lz&
z0<#+m0Ydysh?e3tP%_WMc&w;0pa|5B!#Io~e;_%Zgi6o?65W@QMk`{Uj}KWa{jun}
zf2?ow6noo-+70)^qZBIeIr}Gn7Bzi|d@xA-@Pl*k>RB5Uma2Bv#jy;+O!~P{d5{!2
zPfli8g6V^JA0#K32Ug8o!X#!%+(qq4G80quMI3>KT}xjKeq<CV+Yk@{Da~pN`w0yS
zo<T@^y&fd4)Bs_-^qYUB6Mn&nPWXl6<qGt^7jPXaERluI2~*C9H9K2>YBfu}5gq*^
z$%*sUS3XVH>};`ksk2z-vn0C&HetywpoD6fOiEbN`CwbC*oAPv;6$TEYhf_pB1@+F
z3|h%^tb})!gb=&5$XMI;;b^pgoJ2}DX&zkWBg+c}e94iDs=?=EkjXtR;^i@0_)}U$
zX9{<Vv^=?rQZJv}*lyi_w5KNGw!_j(wuMmX6u@4|)d{>M(nYbVwc(&$w#s~`Wa`T5
z)R(ouxAs|&?Y2l0=mtp)w3hLo$y}`2<R0V;ns@HSF&db;7!9$=zyfxC{Wj0%&rkZ|
ztTLVif#4!d4bnDcu)@e;tkKWZ$8-o^3C|wTH=kR^(A`PGvNQ32Vt7WE)J=+RyqN5Z
zkGEqMEFh%#t~Yonpgf9CI3{N1=&OLa$mi%$`vGtR^r&{LhWPt$p-pmGPSDftM4#&)
za|7pv7!2+Y`~7krSNQ;6?pbW=0bZ6rfzF6;uRjf8WJ&p${)lj)g!mIaxSz{unq*!!
z7qoq(@j+~o+pPJ2xI=78J*A-2!4{zWHwpJa3YAP@U5hv%*xv+W%ai})#U)oEBxMV@
zK3BD3jwRODqgr%;l*I@Hu%+;z(s?+Q>|U}j*FvnyEx8Q{+Z7goZ~^bdst&BqYZ9OQ
z7!!ZN@-rvQ{#nc9vY2Z2gB?$zkYvRx@(E1;Uosf+q`?q>@QvP*W9{>-Er@ch>kqJ!
z3%cI!qB&^0>^5hz(z;43(gJ^dS_xj@MT)eIX&J+n-03`CX!ufso<N!2(YdLiY5Wx=
zQatjhDX<1+GV-n=30dfuCyUh*D?KP5*anH>{?PD*8@xn)1uo+Stp!k9HW+Y}teWpX
zn{5mPL!p*`l!IxS&tDtGP+DA=5a=d_S6Y*3274g?PjVkh6%jtdR~REI+#yjhnju9j
zXJT{8F&lh2wwS@z4!T1n(mGN&Ng4-Al-MLc&Q!8=_=PUf*$6@w`*PprSsAx;q|5f_
zWRO2Ciq)RtHZ|I=xpb@G!Np@2mmpRWXISE9A>6!w*i7G0y+_vXg6{L!S)8|)3Mvc%
z3H6Z9)VmI3noq<)IQcw<@rQQ^=K<l-BAs2h=R9^9E`AWb%2L2wH5a?t4y7%=*-hj5
zTZqXnkV=w8<ZAuVlGo8#{9t$YwsB}@w%PAnMG9ImXR%XAQA?tA^%8Q?wT4%AYmOhk
z{0d!v{skmKM;Fv{)iHw4RW&=#4Y}9$ZDWC(wVi8Vvej@h=(`~Qko*d=Rq&ri#?qR|
z?+r>Z>9@x(P*FSMY*@w+u;QF74l7s+PaE>3dgFk+?<}W9EA0`5e+p3Ok&%LGs~$Rj
zTz+AgF<?n139c=vAWJny23se2o~k|9<?da7P@Ah>I!S*jvS=Sx3)(ZHdw3{z3a>mL
zb}&I_^SxHXRF_gyqqC4Go-T=<enXuX_<jK&k?z9LZ!>wZZ@W5y<C;A^V0>|1?d&;~
z^XURwCBjMN=HA%7Vuhd4{SD9w=aum!VZzg~aNdYPzeQv{pIbG)q)`<<TzvBJF^7GB
zdt=k+9?1bH?ropi_QH6javmh2`@ZiyJp1<jX-|JRg9>leF+tskL+=<pVhj_cufZ)e
z-}muhDPd)*kwaTEcx_F*(}E?aDMY1q#DPxY`LaBTwKaRmpWZ0DtcvQ4(`kGfcNeO(
zLQLa9Kwql<4k=cmTQ)pq=APKl?6n(zzMF}w00N61+>w4S>Uhh@%fwToSxCc_pQvG(
z-LN;xxAr4}Q8enRxpMsoR?Q8il;8J<gMqv4>I*(7vU9f^c-%L5jA)&MTj-Z$VE%X`
zP9Ie<_$>0`Q532i@>9u@g#}eh6?n<sn{-NTk5&Yv;>;@P-{1I&#Jig1k~8#wgn_T%
zYbvRN39U<4b19x}xsqQL9e=`_uA=@6JGPp^*kXBwn9Gh2&9N2-@*Pf24xhT@#p{%d
z?uC$rK)XHPRRKJwV;ggXm0Or&U02-F$LD=kP~ND%K<EzaUKj<mfF?3m%l7WJktz3F
zz*t1&Du&FGh=!6B;v^|01ubKL!#d=@fJ&4$b%6!{5h7UjT32WE`rqwRM(=H0Q2Ofd
z+2PUCga3-zgr|{{3!#!C^HHV~5%NlBy0xx8J$U!#_tyvF@aWCK@w3NI4$2--!<1>S
zWMO#S<9@AFolXzyg0Hq)4WQHTAFH0f`G&!E`$nhbK>%lqb>_GOS66?3UExWrWNpWA
zccU6WztoJb-)e>j6Q2?z^f14xadpbNQz<b4K^0Kfz1T~TVet3sC|*tS=V`8pCfj4y
zh3$_{Q#EYPm(s&2@FgLJLMG9bfq<_jm~2Prn<@ei-Lyn^@D2LC-C?ia8@j{YM)4Sa
z?aZ53#e?>2VL}1xCOI&F?0?^T@SomrIHZ4{DDTt1c2~UGyxGv9giyn4T>t!Io2uFs
zzDS}dnbD_s$pr4%9P{5M1Ya@Y5<J$qOWjNB*Hw18hGjjg{2-iXt&*k}T$}d_*&A+9
zE$|JGKnq>z4Md3tw>6oji3$;?ygm7ug3!>5T>5D4@rpzM{}Zc!bkAJeSZ2+v<<tRP
z|7C9d(jBp5TwMr87lpwxM2f<mI^wc}nLo5C*;S@<@m2|XTW{fzV8e`YN)puyFpeOX
zp$h#Ya+DnPhdG9g<~%pbGx^g1q{&`>oo`un|JesI9+@QHcqEBJeFs^i&IfZV8SSn`
zwBInGup046$&m?vC-C!}qALxrFnT_FhHw)>am;bro+x5wwcfk52njY>h3$<Z@Xeyw
zu3uys0C=QQi4M0ICEgzWdi3hIhHF{}cUU4l7RB_{V5RffnyQ&cwNGWOmu9g{b?R7e
zPh2Old!1Y$sD`T0+dNAmOL2B_%mUd+tNyrXpe;&~=8^+{Ef}>-!Lf*Rsx>J|)W+-u
zMIquXV$-~E$O{bkhPO(%_Ry8XeUOvQMKQRd%$^l*UnLi?rd~w*D|FpwDmF983I0re
zC_>JIko<8^#_ZOq{>N{Gxi8cN#FQMGzC@@uuE%sZhxA-awBZv8F}j>5g_r^XtKCl4
z(}LKMk#Hh^YJK?70h<tfDWeoUE}@K7Dl?j48A9opEDuu!0H3<KOZ$%y1&1<RQ@GDe
zm6Ioq@1<Bl=@jbR(F8f>E<Jbn{jN(2^Z3o1<CBkJ@J_}-lHKg@+x`2)`*!vIbq4kE
zb1Lw5J<r||2S@Kd9zGqtd^v)FI(%|4I(&Zg>iFP)X5Xg$dq{Y>`P5i?0u^ih-+Ty>
zUV0(lOZ%_vpWV8BR_V}V24W+Olcfvj#np0<D9-2R7ZElQ3ePGP8OTefF|{Rcu;q1g
zx|$Len}x0jIDmIY+XD}_7P1-;@T>-N0>nmX*|>yy+9+l`CLm~DwFs0!ggr5LESh&p
zNCIhp8CW&qaOe#_v!$WW9MCy0ntm*5F9dMIRzl4V)yNw`oWm3l>P2=lVgrOBHopz-
zS}mIm4fypNu-CL-H20@cLj{7Bt4O>4<QH?+d>we;oeOrW%TlJ66+M7}j4iy^^QUi>
zF-k=D1&})AUpzoU$_;7VvbVk0MOANhDY_qjIeZrz_iyMGjnq}{UT=GYesHnH;ZGwf
zrQZpZ(TfRzTHME5=9Z4lXl=a=i%2zvH>UqQ0n$EAAUbJ615aoJ<Xp<wY&r!Z0uE(l
z6ETe5=!5~F+yLSp9+gL|BJPSXN}rT8l|tZ7p@80sb%%T~N!@L?N7>UfE3gFMTT3i|
z%FcC|Urtj;`G2#j31=X-O1i4J&@~NBPW*{RSF_Pa>uAlqET+JwcJ-^qz3un!_f!gh
zZSU+XOX@E>XNUrb8!mHDJrc*SC<j2IdHjl~{7_4q9$=IF4%B5+6Y>^RHe1`WTN^{m
zNgAv3k5I+xSe@UEZJ7~#0Ppk<i{RpaGZT9{)uv_sTwc%~xiNejABp&zJ*%VHXmvJC
zR+2nt+S*8_<mj`9M5*=_JIxN^kWk(<C36{vX)574S!VlcDYImmTq}zo{?y4alaHm}
zLxCN%n3@!INqq)1Wj3CqY@X;QY3=~(yDUI~2#V=+uIK2n6>iMhTF&>F)>uJ#pk^~2
zEbi4v$tX-4_6wJb(>}SGyD_`)Ec05v{#ZYHH99%@WyAi|PW#e^IzWp^sdrIZznf{M
z^4MuLMCwg%=ro~_laQZDCeQ4N+t#YR_Ub=Z(CMA)Fc*F6?$E~FbNAdmchB8(_uM^q
Q&;RrDKa?qOssMNZ0Ax5humAu6

diff --git a/headless.apkovl.tar.gz.sha512 b/headless.apkovl.tar.gz.sha512
new file mode 100644
index 0000000..df6b8d6
--- /dev/null
+++ b/headless.apkovl.tar.gz.sha512
@@ -0,0 +1 @@
+2dde95eb40fd626a7908ac33f41d47dbd46b0029d110ae8daaaed3575d1ada20e0b4f0268c040311159375b11eac48ce812c8f66993cb5e47c3078a6eb95a7b8  headless.apkovl.tar.gz
diff --git a/make.sh b/make.sh
index ca10909..0297fb7 100755
--- a/make.sh
+++ b/make.sh
@@ -30,7 +30,8 @@ if [ -n "$build_path" ]; then
 	doas tar cv -C "$build_path"/overlay --no-recursion \
 		$(doas find "$build_path"/overlay/ | sed "s|$build_path/overlay/||" | sort | xargs ) | \
 			gzip -c9n > headless.apkovl.tar.gz
-	TZ=UTC touch -cm -t "$t_stamp" headless.apkovl.tar.gz
+	sha512sum headless.apkovl.tar.gz > headless.apkovl.tar.gz.sha512
+	TZ=UTC touch -cm -t "$t_stamp" headless.apkovl.tar.gz*
 	doas rm -rf "$build_path"
 fi
 
diff --git a/overlay/usr/local/bin/headless_bootstrap b/overlay/usr/local/bin/headless_bootstrap
index 6ba5a96..04f2e1f 100755
--- a/overlay/usr/local/bin/headless_bootstrap
+++ b/overlay/usr/local/bin/headless_bootstrap
@@ -3,7 +3,7 @@
 # SPDX-FileCopyrightText: Copyright 2022-2023, macmpi
 # SPDX-License-Identifier: MIT
 
-HDLSBSTRP_VERSION="1.1"
+HDLSBSTRP_VERSION="1.2"
 
 _apk() {
 	local cmd="$1"
@@ -82,6 +82,7 @@ cat <<-EOF >> /tmp/.trash/headless_cleanup
 		grep -q "ttyGS0" /etc/securetty || echo "ttyGS0" >> /etc/securetty
 		/sbin/getty -L 115200 ttyGS0 vt100 &
 	fi
+	exit 0
 	EOF
 chmod +x /tmp/.trash/headless_cleanup
 }
@@ -140,39 +141,78 @@ echo "$keygen_stance" >> /etc/conf.d/sshd
 rc-service sshd restart
 }
 
+_updt_apkovl() {
+## update apkovl overlay file & eventually reboot
+# URL redirects to apkovl file on github master: is.gd shortener provides basic analytics.
+# Analytics are public and can be checked at https://is.gd/stats.php?url=apkovl_master
+# Privacy policy: https://is.gd/privacy.php
+
+local file_url="https://is.gd/apkovl_master"
+local sha_url="https://github.com/macmpi/alpine-linux-headless-bootstrap/raw/main/headless.apkovl.tar.gz.sha512"
+local updt_status="failed, keeping original version"
+_logger "Updating overlay file..."
+
+#	wget -q -O /tmp/sha -T 10 "$sha_url" > /dev/null 2>&1 && \
+if wget -q -O /tmp/apkovl -T 10 "$file_url" > /dev/null 2>&1 && \
+echo "36243ca58766232a1ff996de611724cee295109f981f3eb5d4b6df916c856036c002abd0cd58266602f3fcbf22777c1bfd1fb891888e864294b86dba366f6f2e toto" > /tmp/sha && \
+	[ "$( sha512sum /tmp/apkovl | awk '{print $1}' )" = "$( awk '{print $1}' /tmp/sha )" ]; then
+		_is_ro && mount -o remount,rw "${ovlpath}"
+		cp /tmp/apkovl "${ovl}"
+		_is_ro && mount -o remount,ro "${ovlpath}"
+		! [ "$( sha512sum "${ovl}" | awk '{print $1}' )" = "$( awk '{print $1}' /tmp/sha )" ] && \
+			_logger "Bad update: original apkovl file may be altered, please check!..." && return 1
+		updt_status="successful"
+fi
+rm -f /tmp/apkovl /tmp/sha
+_logger "Update $updt_status"
+[ "$updt_status" = "successful" ] || return 1
+# reboot if specified in auto-updt file (and no ssh session ongoing nor unattended.sh script available)
+! pgrep -a -P "$( cat /run/sshd.pid 2>/dev/null )" 2>/dev/null | grep -q "sshd: root@pts" && \
+	! [ -f "${ovlpath}"/unattended.sh ] && \
+		grep -q "^reboot$" "${ovlpath}"/auto-updt && \
+			_logger "Will reboot in 3sec..." && sleep 3 && reboot
+exit 0
+}
+
 _tst_version() {
-# Tested URL redirects to github project page: is.gd shortener provides basic analytics.
+## Compare current version with latest online, notify & eventally calls for update
+# URL redirects to github project page: is.gd shortener provides basic analytics.
 # Analytics are public and can be checked at https://is.gd/stats.php?url=apkovl_run
 # Privacy policy: https://is.gd/privacy.php
 local new_vers=""
-local status="failed"
 local ref="/macmpi/alpine-linux-headless-bootstrap/releases/tag/v"
-if wget -q -O /tmp/homepg -T 10 https://is.gd/apkovl_run > /dev/null 2>&1; then
-	status="success"
+local url="https://is.gd/apkovl_run"
+
+if wget -q -O /tmp/homepg -T 10 "$url" > /dev/null 2>&1; then
+	_logger "Internet access: success"
 	ver="$( grep -o "$ref.*\"" /tmp/homepg | grep -Eo '[0-9]+[\.[0-9]+]*' )"
 	rm -f /tmp/homepg
-	[ -n "$ver" ] && ! [ "$ver" = "$HDLSBSTRP_VERSION" ] && \
-		new_vers="!! Version $ver is available on Github project page !!" && \
-		_logger "$new_vers" && \
+	if [ -n "$ver" ] && ! [ "$ver" = "$HDLSBSTRP_VERSION" ]; then
+		new_vers="!! Version $ver is available on Github project page !!"
+		_logger "$new_vers"
 		printf '%s\n\n' "$new_vers" >> /tmp/.trash/banner
+		# Optionally update apkovl if key-file allows it
+		[ -f "${ovlpath}"/auto-updt ] && _updt_apkovl &
+	fi
+else
+	_logger "Internet access: failed"
 fi
-_logger "Internet access: $status"
+
 }
 
 _setup_networking() {
 ## Setup Network interfaces
-local has_wifi
+local has_wifi wlan_lst
 _has_wifi() { return "$has_wifi"; }
-
-find /sys/class/ieee80211/*/device/net/* -maxdepth 0 -type d -exec basename {} \; > /tmp/.wlan_list 2>/dev/null
-[ -s /tmp/.wlan_list ] && [ -f "${ovlpath}"/wpa_supplicant.conf ]
+wlan_lst="$( find /sys/class/ieee80211/*/device/net/* -maxdepth 0 -type d -exec sh -c 'printf %s\| "${0##*/}"' {} \; 2>/dev/null )"
+wlan_lst="${wlan_lst%\|}"
+[ -n "$wlan_lst" ] && [ -f "${ovlpath}"/wpa_supplicant.conf ]
 has_wifi=$?
 if _has_wifi; then
 	_logger "Configuring wifi..."
 	_apk add wpa_supplicant
 	_preserve "/etc/wpa_supplicant/wpa_supplicant.conf"
 	install -m600 "${ovlpath}"/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf
-	rc-service wpa_supplicant restart
 else
 	_logger "No wifi interface or SSID/pass file supplied"
 fi
@@ -202,24 +242,31 @@ if ! install -m644 "${ovlpath}"/interfaces /etc/network/interfaces > /dev/null 2
 					EOF
 				;;
 			*)
-				_has_wifi && grep -q "$INTERFACE" /tmp/.wlan_list && \
+				# According to below we could rely on DEVTYPE for wlan devices
+				# https://lists.freedesktop.org/archives/systemd-devel/2014-January/015999.html
+				# but...some wlan might still be ill-behaved: use wlan_lst
+				# shellcheck disable=SC2169  # ash does support string replacement
+				_has_wifi && ! [ "${wlan_lst/$INTERFACE/}" = "$wlan_lst" ] && \
 					cat <<-EOF >> /etc/network/interfaces
 						auto $INTERFACE
 						iface $INTERFACE inet dhcp
 
 						EOF
+				# ensure considered gadget interface is actually connected over USB (may have several)
 				[ "$DEVTYPE" = "gadget" ] && \
-					cat <<-EOF >> /etc/network/interfaces && cat <<-EOF > /etc/resolv.conf
-						auto $INTERFACE
-						iface $INTERFACE inet static
-						    address 10.42.0.2/24
-						    gateway 10.42.0.1
+					! [ "$( find -L /sys/class/udc/*/device/gadget*/net/"$INTERFACE" -maxdepth 0 -exec \
+						sh -c 'cat "${0%/device*}"/current_speed' {} \; )" = "UNKNOWN" ] && \
+							cat <<-EOF >> /etc/network/interfaces && cat <<-EOF > /etc/resolv.conf
+								auto $INTERFACE
+								iface $INTERFACE inet static
+								    address 10.42.0.2/24
+								    gateway 10.42.0.1
 
-						EOF
-						nameserver 208.67.222.222
-						nameserver 208.67.220.220
+								EOF
+								nameserver 208.67.222.222
+								nameserver 208.67.220.220
 
-						EOF
+								EOF
 				;;
 		esac
 	done
@@ -234,20 +281,22 @@ _preserve "/etc/hostname"
 echo "alpine-headless" > /etc/hostname
 hostname -F /etc/hostname
 
+_has_wifi && grep -qE "$wlan_lst" /etc/network/interfaces && \
+		rc-service wpa_supplicant restart
 rc-service networking restart
-rm -f /tmp/.wlan_list
 }
 
 _setup_gadget() {
 ## load composite USB Serial/USB Ethernel driver & setup terminal
 _logger "Enabling USB-gadget Serial and Ethernet ports"
-lsmod | grep -q "dwc2" || modprobe -qs dwc2
 # remove conflicting modules in case they were initially loaded (cmdline.txt)
 modprobe -rq g_serial g_ether g_cdc
 modprobe -q g_cdc && sleep 1
-# once driver has settled check if cable is connected: unload if not
-[ "$( cat "$udc_gadget"/current_speed )" = "UNKNOWN" ] && \
-	_logger "USB cable not connected !!" && modprobe -rq g_cdc && return 1
+# once driver has settled check if any gadget port is connected over USB: unload driver if none
+[ "$( find -L /sys/class/udc/*/current_speed -print0 | \
+	xargs -0 cat | \
+		grep -cv "UNKNOWN" )" = "0" ] && \
+			_logger "no USB cable connected !!" && modprobe -rq g_cdc && return 1
 
 # default serial config: xon/xoff flow control
 stty -g -F /dev/ttyGS0 >/dev/null 2>&1
@@ -272,10 +321,12 @@ _logger "Alpine Linux headless bootstrap v$HDLSBSTRP_VERSION by macmpi"
 # help randomness for wpa_supplicant and sshd (urandom until 3.16)
 rc-service seedrng restart || rc-service urandom restart
 
-# setup USB gadget mode if such device mode is enabled
-udc_gadget="$( dirname "$( find -L /sys/class/udc/* -maxdepth 2 -type f -name "is_a_peripheral" 2>/dev/null)" )"
-[ "$( cat "$udc_gadget"/is_a_peripheral 2>/dev/null )" = "0" ] && \
-	_setup_gadget
+# setup USB gadget ports if some ports are enabled in peripheral mode
+# Note: we assume dwc2/dwc3 is pre-loaded, we just check mode
+[ "$( find -L /sys/class/udc/*/is_a_peripheral -print0 2>/dev/null | \
+	xargs -0 cat 2>/dev/null | \
+		grep -c "0" )" -ge "1" ] && \
+			_setup_gadget
 
 # Determine ovl file location
 # grab used ovl filename from dmesg
@@ -291,8 +342,10 @@ fi
 
 # Create banner file
 warn=""
-grep -q "${ovlpath}.*[[:space:]]ro[[:space:],]" /proc/mounts; RO=$?
-[ "$RO" -eq "0" ] && warn="(remount partition rw!)"
+grep -q "${ovlpath}.*[[:space:]]ro[[:space:],]" /proc/mounts; is_ro=$?
+_is_ro() { return "$is_ro"; }
+
+_is_ro && warn="(remount partition rw!)"
 cat <<-EOF > /tmp/.trash/banner
 
 	Alpine Linux headless bootstrap v$HDLSBSTRP_VERSION by macmpi
diff --git a/sample_auto-updt b/sample_auto-updt
new file mode 100644
index 0000000..5fbe9ba
--- /dev/null
+++ b/sample_auto-updt
@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: Copyright 2022-2023, macmpi
+# SPDX-License-Identifier: MIT
+
+# Automated reboot after update is cancelled if:
+# - there is an opened ssh session
+# - unattended.sh script is provided
+
+# Uncomment line below to enable reboot after update
+#reboot
+
diff --git a/sample_unattended.sh b/sample_unattended.sh
index 110e74f..c03ba8f 100644
--- a/sample_unattended.sh
+++ b/sample_unattended.sh
@@ -37,10 +37,11 @@ else
 fi
 
 # also works in case volume is mounted read-only
-grep -q "${ovlpath}.*[[:space:]]ro[[:space:],]" /proc/mounts; RO=$?
-[ "$RO" -eq "0" ] && mount -o remount,rw "${ovlpath}"
+grep -q "${ovlpath}.*[[:space:]]ro[[:space:],]" /proc/mounts; is_ro=$?
+_is_ro() { return "$is_ro"; }
+_is_ro && mount -o remount,rw "${ovlpath}"
 rm -f "${ovl}"
-[ "$RO" -eq "0" ] && mount -o remount,ro "${ovlpath}"
+_is_ro && mount -o remount,ro "${ovlpath}"
 
 ########################################################