SPDX stuff

and add log info about temp key use

LICENSE.spdx

@@ -0,0 +1,7 @@
+SPDXVersion: SPDX-2.1
+DataLicense: CC0-1.0
+PackageName: alpine-linux-headless-bootstrap
+PackageOriginator: macmpi
+PackageHomePage: https://github.com/macmpi/alpine-linux-headless-bootstrap
+PackageLicenseDeclared: MIT
+

make.sh

@@ -1,3 +1,6 @@
+# Copyright 2022 - 2023, macmpi
+# SPDX-License-Identifier: MIT
+
 #!/bin/sh
 
 chmod 600 overlay/etc/ssh/ssh_host_*_key

overlay/etc/local.d/headless.start

@@ -1,3 +1,6 @@
+# Copyright 2022 - 2023, macmpi
+# SPDX-License-Identifier: MIT
+
 #!/bin/sh
 
 VERSION="0.6"
@@ -10,6 +13,8 @@ logger -st ${0##*/} "Alpine Linux headless bootstrap v$VERSION by macmpi"
 mkdir /tmp/.trash
 ovlpath=$( find /media -maxdepth 2 -type d -path '*/.*' -prune -o -type f -name *.apkovl.tar.gz -exec dirname {} \; | head -1 )
 
+# Help randomess for wpa_supplicant and ssh server
+rc-service seedrng start
 
 ## Setup Network interfaces
 if [ -f "${ovlpath}/wpa_supplicant.conf" ]; then
@@ -79,6 +84,19 @@ rc-service networking start
 ## Setup temporary SSH server (root login, no password)
 ## we use some bundled or optionaly provided keys to avoid generation at boot and save time
 apk add openssh
+cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
+cp /etc/conf.d/sshd /etc/conf.d/sshd.orig
+
+cat <<-EOF >> /etc/ssh/sshd_config
+	AuthenticationMethods none
+	PermitEmptyPasswords yes
+	PermitRootLogin yes
+	Banner /tmp/.trash/banner
+	EOF
+
+cat <<-EOF >> /etc/conf.d/sshd
+	sshd_disable_keygen=yes
+	EOF
 
 # banner file
 cat <<-EOF > /tmp/.trash/banner
@@ -90,25 +108,14 @@ cat <<-EOF > /tmp/.trash/banner
 # bundled temporary keys are moved in RAM /tmp so they won't be stored
 # within permanent config later (new ones will then be generated)
 mv /etc/ssh/ssh_host_*_key* /tmp/.trash/.
-
-cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
-cat <<-EOF >> /etc/ssh/sshd_config
-	AuthenticationMethods none
-	PermitEmptyPasswords yes
-	PermitRootLogin yes
-	Banner /tmp/.trash/banner
-	EOF
-
 # inject optional custom keys (those might be stored)
 if ! install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/; then
-	echo "HostKey /tmp/.trash/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
+	logger -st ${0##*/} "Using bundled ssh keys from RAM..."
-	echo "HostKey /tmp/.trash/ssh_host_rsa_key" >> /etc/ssh/sshd_config
+	cat <<-EOF >> /etc/ssh/sshd_config
-fi
+		HostKey /tmp/.trash/ssh_host_ed25519_key
-
+		HostKey /tmp/.trash/ssh_host_rsa_key
-cp /etc/conf.d/sshd /etc/conf.d/sshd.orig
-cat <<-EOF >> /etc/conf.d/sshd
-	sshd_disable_keygen=yes
 		EOF
+fi
 
 rc-service sshd start
 

overlay/etc/modprobe.d/g_ether.conf

@@ -1,3 +1,6 @@
+# Copyright 2022 - 2023, macmpi
+# SPDX-License-Identifier: MIT
+
 # added to support USB-Ethernet gadget mode at boot for Pi devices
 
 options g_ether dev_addr=ea:64:2f:e8:19:94 host_addr=f6:67:ce:b3:c0:ea

overlay/etc/modules-load.d/g_ether.conf

@@ -1,3 +1,6 @@
+# Copyright 2022 - 2023, macmpi
+# SPDX-License-Identifier: MIT
+
 # added to support USB-Ethernet gadget mode at boot for Pi devices
 # also requires dtoverlay=dwc2 is added to usercfg.txt or config.txt
 

sample_interfaces

@@ -1,3 +1,6 @@
+# Copyright 2022 - 2023, macmpi
+# SPDX-License-Identifier: MIT
+
 # Sample network interfaces file
 
 auto lo

sample_unattended.sh

@@ -1,3 +1,6 @@
+# Copyright 2022 - 2023, macmpi
+# SPDX-License-Identifier: MIT
+
 #/bin/sh
 
 ## collection of few code snippets as sample unnatteded actions some may find usefull

sample_wpa_supplicant.conf

@@ -1,3 +1,6 @@
+# Copyright 2022 - 2023, macmpi
+# SPDX-License-Identifier: MIT
+
 # Sample wpa_supplicant.conf
 country=FR