trigger new keys generation if supplied key file is empty

README.md

@@ -3,40 +3,42 @@
 [Alpine Linux documentation](https://docs.alpinelinux.org/user-handbook/0.1a/Installing/setup_alpine.html) assumes **initial setup** is carried-out on a system with a keyboard & display to interract with.\
 However, there are many cases where one might want to deploy a headless system, only available through a network connection (ethernet, wifi or as USB ethernet gadget).
 
-This repo provides an **overlay file** to initially boot such headless system (leveraging Alpine distro's `initramfs` feature): it enables a basic ssh server to log-into from another Computer, in order to finalize system setup.
+This repo provides an **overlay file** to initially boot such headless system (leveraging Alpine distro's `initramfs` feature): it starts a basic ssh server to log-into from another Computer, in order to then perform actual system setup.
 
 
 ## Install procedure:
 Please follow [Alpine Linux Wiki](https://wiki.alpinelinux.org/wiki/Installation#Installation_Overview) to download & create installation media for the target platform.\
 Tools provided here can be used on any plaform for any install modes (diskless, data disk, system disk).
 
-Just add [**headless.apkovl.tar.gz**](https://github.com/macmpi/alpine-linux-headless-bootstrap/raw/main/headless.apkovl.tar.gz)[^1] overlay file at the root of Alpine Linux boot media (or onto any custom side-media) and boot the system.
+Just add [**headless.apkovl.tar.gz**](https://github.com/macmpi/alpine-linux-headless-bootstrap/raw/main/headless.apkovl.tar.gz)[^1] overlay file at the root of Alpine Linux boot media (or onto any custom side-media) and boot-up the system.\
-
+With default network interface definitions (and SSID/pass file if using wifi), system can then be accessed under `ssh` with: \
-With default network interface definitions (and SSID/pass file if using wifi), one may then access the system under `ssh` with: `ssh root@<IP>`\
+`ssh root@<IP>`\
 (system IP address may be determined with any IP scanning tools such as `nmap`).
 
-As with Alpine Linux initial bring-up, `root` account has no password initially (change that after setup!).\
+As with Alpine Linux initial bring-up, `root` account has no password initially (change that during setup!).\
-From there, system install can be fine-tuned as usual with `setup-alpine` for instance (check [wiki](https://wiki.alpinelinux.org/wiki/Alpine_setup_scripts#setup-alpine) for details).
+From there, system install can be performed as usual with `setup-alpine` for instance (check [wiki](https://wiki.alpinelinux.org/wiki/Alpine_setup_scripts#setup-alpine) for details).
 
 
-Add-on files may be added next to `headless.apkovl.tar.gz` to customise setup (sample files are provided):
+Add-on files may be added next to `headless.apkovl.tar.gz` to customise boostrapping configuration (sample files are provided):
-- `wpa_supplicant.conf` (*mandatory for wifi usecase*): define wifi SSID & password.
+- `wpa_supplicant.conf`[^2] (*mandatory for wifi usecase*): define wifi SSID & password.
-- `interfaces` (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
+- `interfaces`[^2] (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
-- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (can be stored), instead of bundled ones[^1] (not stored).
+- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (may be stored), instead of using bundled ones[^1] (not stored). Providing an empty key file will trigger new keys generation (ssh server may take longer to start).
-- `unattended.sh` (*optional*): make custom automated deployment script to further tune & extend setup (backgrounded).
+- `unattended.sh`[^2] (*optional*): create custom automated deployment script to further tune & extend actual setup (backgrounded).
 
-*Note:* these files are linux text files: Windows/macOS users need to use text editors supporting linux text line-ending (such as [notepad++](https://notepad-plus-plus.org/), BBEdit or any other).
 
-**Goody:** seamless USB bootstrapping for PiZero devices (or similar which can support USB ethernet gadget networking):\
+**Goody:** seamless USB bootstrapping for PiZero devices (or similar supporting USB ethernet gadget networking):\
-Just add `dtoverlay=dwc2` in `usercfg.txt` (or `config.txt`), and plug-in USB to Computer port.\
+Just add `dtoverlay=dwc2` in `usercfg.txt` (or `config.txt`), and plug-in USB cable to Computer port.\
-With Computer set-up to share networking with USB interface as 10.42.0.1 gateway, one can log into device from Computer with `ssh root@10.42.0.2` !...
+With Computer set-up to share networking with USB interface as 10.42.0.1 gateway, one can log into device from Computer with:\
+`ssh root@10.42.0.2`
 
 Main execution steps are logged in `/var/log/messages`.
 
 [^1]: About bundled ssh keys: as this package is essentially intended to **quickly bootstrap** system in order to configure it, it purposely embeds [some ssh keys](https://github.com/macmpi/alpine-linux-headless-bootstrap/tree/main/overlay/etc/ssh) so that bootstrapping is as fast as possible. Those (temporary) keys are moved in RAM /tmp, so they will **not be saved/reused** once permanent configuration is set (with or without ssh server voluntarily installed in permanent setup).
 
+[^2]: These files are linux text files: Windows/macOS users need to use text editors supporting linux text line-ending (such as [notepad++](https://notepad-plus-plus.org/), BBEdit or any similar).
 
-## How to customize further ?
+
+## How to customize ?
 This repository may be forked/cloned/downloaded.\
 Main script file is [`headless.start`](https://github.com/macmpi/alpine-linux-headless-bootstrap/blob/main/overlay/etc/local.d/headless.start).\
 Execute `./make.sh` to rebuild `headless.apkovl.tar.gz` after changes.

make.sh

@@ -1,8 +1,8 @@
+#!/bin/sh
+
 # Copyright 2022 - 2023, macmpi
 # SPDX-License-Identifier: MIT
 
-#!/bin/sh
-
 chmod 600 overlay/etc/ssh/ssh_host_*_key
 chmod +x overlay/etc/local.d/headless.start
 tar czvf headless.apkovl.tar.gz -C overlay etc --owner=0 --group=0

overlay/etc/local.d/headless.start

@@ -1,8 +1,8 @@
+#!/bin/sh
+
 # Copyright 2022 - 2023, macmpi
 # SPDX-License-Identifier: MIT
 
-#!/bin/sh
-
 VERSION="0.6"
 
 # Redirect stdout and errors to console as rc.local does not log anything
@@ -94,10 +94,6 @@ cat <<-EOF >> /etc/ssh/sshd_config
 	Banner /tmp/.trash/banner
 	EOF
 
-cat <<-EOF >> /etc/conf.d/sshd
-	sshd_disable_keygen=yes
-	EOF
-
 # banner file
 cat <<-EOF > /tmp/.trash/banner
 
@@ -115,6 +111,20 @@ if ! install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/; then
 		HostKey /tmp/.trash/ssh_host_ed25519_key
 		HostKey /tmp/.trash/ssh_host_rsa_key
 		EOF
+	cat <<-EOF >> /etc/conf.d/sshd
+		sshd_disable_keygen=yes
+		EOF
+else
+	# look for empty key within injected ones: generate new keys if found
+	if find /etc/ssh/ -maxdepth 1 -type f -name 'ssh_host_*_key*' -empty | grep -q .; then
+		rm /etc/ssh/ssh_host_*_key*
+		logger -st ${0##*/} "Will generate new SSH keys..."
+	else
+		logger -st ${0##*/} "Using injected SSH keys..."
+		cat <<-EOF >> /etc/conf.d/sshd
+			sshd_disable_keygen=yes
+			EOF
+	fi
 fi
 
 rc-service sshd start

sample_unattended.sh

@@ -1,8 +1,8 @@
+#/bin/sh
+
 # Copyright 2022 - 2023, macmpi
 # SPDX-License-Identifier: MIT
 
-#/bin/sh
-
 ## collection of few code snippets as sample unnatteded actions some may find usefull