#!/bin/sh
# SPDX-FileCopyrightText: Copyright 2022-2023, macmpi
# SPDX-License-Identifier: MIT
HDLSBSTRP_VERSION="1.2"
_apk() {
local cmd="$1"
local pkg="$2"
case $cmd in
add) # install only if not already present
if ! apk info | grep -wq "${pkg}"; then
apk add "$pkg" && printf '%s ' "${pkg}" >> /tmp/.trash/installed
fi
;;
del) # delete only if previously installed
if grep -wq "$pkg" /tmp/.trash/installed > /dev/null 2>&1; then
apk del "$pkg" && sed -i 's/\b'"${pkg}"'\b//' /tmp/.trash/installed
fi
;;
*)
echo "only add/del: wrong usage"; exit
;;
esac
}
_preserve() {
# create a back-up of element (file, folder, symlink)
[ -z "${1}" ] && return 1
[ -e "${1}" ] && cp -a "${1}" "${1}".orig
}
_restore() {
# remove element (file, folder, symlink) and replace by
# previous back-up if available
[ -z "${1}" ] && return 1
rm -rf "${1}"
[ -e "${1}".orig ] && mv -f "${1}".orig "${1}"
}
# shellcheck disable=SC2142 # known special case
alias _logger='logger -st "${0##*/}"'
##### End of part to be duplicated into headless_cleanup (do not alter!)
_prep_cleanup() {
## Prep for final headless_cleanup
# clears any installed packages and settings
# copy begininng of this file to keep functions
sed -n '/^#* End .*alter!)$/q;p' /usr/local/bin/headless_bootstrap > /tmp/.trash/headless_cleanup
cat <<-EOF >> /tmp/.trash/headless_cleanup
# Redirect stdout and errors to console as service won't show messages
exec 1>/dev/console 2>&1
_logger "Cleaning-up..."
_restore "/etc/ssh/sshd_config"
_restore "/etc/conf.d/sshd"
_apk del openssh-server
_restore "/etc/wpa_supplicant/wpa_supplicant.conf"
_apk del wpa_supplicant
_restore "/etc/network/interfaces"
_restore "/etc/hostname"
rm -f /etc/modprobe.d/headless_gadget.conf
# remove from boot service to avoid spurious openrc recalls from unattended script
rm -f /etc/runlevels/default/headless_bootstrap
rm -f /usr/local/bin/headless_bootstrap
# Run unattended script if available
install -m755 "${ovlpath}"/unattended.sh /tmp/headless_unattended > /dev/null 2>&1 && \
_logger "Starting headless_unattended service" && \
rc-service headless_unattended start
rm -f /etc/init.d/headless_*
_logger "Clean-up done, enjoy !"
cat /tmp/.trash/banner > /dev/console
if [ -n "${gdgt_term}" ]; then
# Enabling terminal login into valid serial port
# no choice than making permanent change to /etc/securetty (Alpine 3.19 already has ttyGS0)
grep -q "${gdgt_term}" /etc/securetty || echo "${gdgt_term}" >> /etc/securetty
/sbin/getty -L 115200 "${gdgt_term}" vt100 &
fi
exit 0
EOF
chmod +x /tmp/.trash/headless_cleanup
}
_setup_sshd() {
## Setup temporary SSH server (root login, no password)
# We use some bundled (or optionaly provided) keys to avoid generation at startup and save time
_apk add openssh-server
_preserve "/etc/ssh/sshd_config"
_preserve "/etc/conf.d/sshd"
cat <<-EOF > /etc/ssh/sshd_config
PermitRootLogin yes
Banner /tmp/.trash/banner
EOF
# Client authorized_keys or no authentication
if install -m600 "${ovlpath}"/authorized_keys /tmp/.trash/authorized_keys > /dev/null 2>&1; then
_logger "Enabling public key SSH authentication..."
cat <<-EOF >> /etc/ssh/sshd_config
AuthenticationMethods publickey
AuthorizedKeysFile /tmp/.trash/authorized_keys
# relax strict mode as authorized_keys are inside /tmp
StrictModes no
EOF
else
_logger "No SSH authentication."
cat <<-EOF >> /etc/ssh/sshd_config
AuthenticationMethods none
PermitEmptyPasswords yes
EOF
fi
# Server keys: inject optional custom keys, or generate new (might be stored),
# or use bundeled ones (not stored)
local keygen_stance="sshd_disable_keygen=yes"
if install -m600 "${ovlpath}"/ssh_host_*_key* /etc/ssh/ > /dev/null 2>&1; then
# check for empty key within injected ones: if found, generate new keys
if find /etc/ssh/ -maxdepth 1 -type f -name 'ssh_host_*_key*' -empty | grep -q .; then
rm /etc/ssh/ssh_host_*_key*
keygen_stance=""
_logger "Will generate new SSH keys..."
else
chmod 644 /etc/ssh/ssh_host_*_key.pub
_logger "Using injected SSH keys..."
fi
else
_logger "Using bundled ssh keys from RAM..."
cat <<-EOF >> /etc/ssh/sshd_config
HostKey /tmp/.trash/ssh_host_ed25519_key
HostKey /tmp/.trash/ssh_host_rsa_key
EOF
fi
echo "$keygen_stance" >> /etc/conf.d/sshd
rc-service sshd restart
}
_updt_apkovl() {
## update apkovl overlay file & eventually reboot
# URL redirects to apkovl file on github master: is.gd shortener provides basic analytics.
# Analytics are public and can be checked at https://is.gd/stats.php?url=apkovl_master
# Privacy policy: https://is.gd/privacy.php
local file_url="https://is.gd/apkovl_master"
local sha_url="https://github.com/macmpi/alpine-linux-headless-bootstrap/raw/main/headless.apkovl.tar.gz.sha512"
local updt_status="failed, keeping original version"
_logger "Updating overlay file..."
# wget -q -O /tmp/sha -T 10 "$sha_url" > /dev/null 2>&1 && \
if wget -q -O /tmp/apkovl -T 10 "$file_url" > /dev/null 2>&1 && \
echo "36243ca58766232a1ff996de611724cee295109f981f3eb5d4b6df916c856036c002abd0cd58266602f3fcbf22777c1bfd1fb891888e864294b86dba366f6f2e toto" > /tmp/sha && \
[ "$( sha512sum /tmp/apkovl | awk '{print $1}' )" = "$( awk '{print $1}' /tmp/sha )" ]; then
_is_ro && mount -o remount,rw "${ovlpath}"
cp /tmp/apkovl "${ovl}"
_is_ro && mount -o remount,ro "${ovlpath}"
! [ "$( sha512sum "${ovl}" | awk '{print $1}' )" = "$( awk '{print $1}' /tmp/sha )" ] && \
_logger "Bad update: original apkovl file may be altered, please check!..." && return 1
updt_status="successful"
fi
rm -f /tmp/apkovl /tmp/sha
_logger "Update $updt_status"
[ "$updt_status" = "successful" ] || return 1
# reboot if specified in auto-updt file (and no ssh session ongoing nor unattended.sh script available)
! pgrep -a -P "$( cat /run/sshd.pid 2>/dev/null )" 2>/dev/null | grep -q "sshd: root@pts" && \
! [ -f "${ovlpath}"/unattended.sh ] && \
grep -q "^reboot$" "${ovlpath}"/auto-updt && \
_logger "Will reboot in 3sec..." && sleep 3 && reboot
exit 0
}
_tst_version() {
## Compare current version with latest online, notify & eventally calls for update
# URL redirects to github project page: is.gd shortener provides basic analytics.
# Analytics are public and can be checked at https://is.gd/stats.php?url=apkovl_run
# Privacy policy: https://is.gd/privacy.php
local new_vers=""
local ref="/macmpi/alpine-linux-headless-bootstrap/releases/tag/v"
local url="https://is.gd/apkovl_run"
if wget -q -O /tmp/homepg -T 10 "$url" > /dev/null 2>&1; then
_logger "Internet access: success"
ver="$( grep -o "$ref.*\"" /tmp/homepg | grep -Eo '[0-9]+[\.[0-9]+]*' )"
rm -f /tmp/homepg
if [ -n "$ver" ] && ! [ "$ver" = "$HDLSBSTRP_VERSION" ]; then
new_vers="!! Version $ver is available on Github project page !!"
_logger "$new_vers"
printf '%s\n\n' "$new_vers" >> /tmp/.trash/banner
# Optionally update apkovl if key-file allows it
[ -f "${ovlpath}"/auto-updt ] && _updt_apkovl &
fi
else
_logger "Internet access: failed"
fi
}
_setup_networking() {
## Setup Network interfaces
local has_wifi wlan_lst
_has_wifi() { return "$has_wifi"; }
wlan_lst="$( find /sys/class/net/*/phy80211 -exec \
sh -c 'printf %s\| "$( basename "$( dirname "$0" )" )"' {} \; 2>/dev/null )"
wlan_lst="${wlan_lst%\|}"
[ -n "$wlan_lst" ] && [ -f "${ovlpath}"/wpa_supplicant.conf ]
has_wifi=$?
_preserve "/etc/network/interfaces"
if ! install -m644 "${ovlpath}"/interfaces /etc/network/interfaces > /dev/null 2>&1; then
_logger "No interfaces file supplied, building defaults..."
cat <<-EOF > /etc/network/interfaces
auto lo
iface lo inet loopback
EOF
for dev in /sys/class/net/*; do
# shellcheck disable=SC2034 # Unused IFINDEX while still sourced from uevent
local DEVTYPE INTERFACE IFINDEX
DEVTYPE=""
# shellcheck source=/dev/null
. "$dev"/uevent
case ${INTERFACE%%[0-9]*} in
lo)
;;
eth)
cat <<-EOF >> /etc/network/interfaces
auto $INTERFACE
iface $INTERFACE inet dhcp
EOF
;;
*)
# According to below we could rely on DEVTYPE for wlan devices
# https://lists.freedesktop.org/archives/systemd-devel/2014-January/015999.html
# but...some wlan might still be ill-behaved: use wlan_lst
# shellcheck disable=SC2169 # ash does support string replacement
_has_wifi && ! [ "${wlan_lst/$INTERFACE/}" = "$wlan_lst" ] && \
cat <<-EOF >> /etc/network/interfaces
auto $INTERFACE
iface $INTERFACE inet dhcp
EOF
# ensure considered gadget interface is actually connected over USB (may have several)
[ "$DEVTYPE" = "gadget" ] && \
! [ "$( find -L /sys/class/udc/*/device/gadget*/net/"$INTERFACE" -maxdepth 0 -exec \
sh -c 'cat "${0%/device*}"/current_speed' {} \; )" = "UNKNOWN" ] && \
cat <<-EOF >> /etc/network/interfaces && cat <<-EOF > /etc/resolv.conf
auto $INTERFACE
iface $INTERFACE inet static
address 10.42.0.2/24
gateway 10.42.0.1
EOF
nameserver 208.67.222.222
nameserver 208.67.220.220
EOF
;;
esac
done
fi
echo "###################################"
echo "Using following network interfaces:"
cat /etc/network/interfaces
echo "###################################"
if _has_wifi && grep -qE "$wlan_lst" /etc/network/interfaces; then
_logger "Configuring wifi..."
_apk add wpa_supplicant
_preserve "/etc/wpa_supplicant/wpa_supplicant.conf"
install -m600 "${ovlpath}"/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf
rc-service wpa_supplicant restart
else
_logger "No wifi interface or SSID/pass file supplied"
fi
_preserve "/etc/hostname"
echo "alpine-headless" > /etc/hostname
hostname -F /etc/hostname
rc-service networking restart
}
_setup_gadget() {
## load composite USB Serial/USB Ethernel driver & setup terminal
_logger "Enabling USB-gadget Serial and Ethernet ports"
# remove conflicting modules in case they were initially loaded (cmdline.txt)
modprobe -rq g_serial g_ether g_cdc
modprobe -q g_cdc
# look for valid serial port actually connected with USB cable
# (setting console to unconnect serial port would block boot)
gdgt_term="$( find /dev/ttyGS* -exec \
sh -c 'timeout 1 echo "" > "$0" 2>/dev/null && echo "${0##*/}"' {} \; )"
if [ -n "$gdgt_term" ]; then
# default serial config: xon/xoff flow control
stty -g -F /dev/"$gdgt_term" >/dev/null 2>&1
# notes to users willing to connect from Linux Ubuntu-based host terminal:
# - user on host needs to be part of dialout group (reboot required), and
# - disable spurious AT commands from ModemManager on host-side Gadget serial port
# you may create a /etc/udev/rules.d/99-ttyacms-gadget.rules as per:
# https://linux-tips.com/t/prevent-modem-manager-to-capture-usb-serial-devices/284/2
# ATTRS{idVendor}=="0525" ATTRS{idProduct}=="a4aa", ENV{ID_MM_DEVICE_IGNORE}="1"
setconsole /dev/"$gdgt_term"
fi
}
#############################################################################
## Main
# Redirect stdout and errors to console as service won't show messages
exec 1>/dev/console 2>&1
_logger "Alpine Linux headless bootstrap v$HDLSBSTRP_VERSION by macmpi"
# help randomness for wpa_supplicant and sshd (urandom until 3.16)
rc-service seedrng restart || rc-service urandom restart
# setup USB gadget ports if some ports are enabled in peripheral mode
# Note: we assume dwc2/dwc3 is pre-loaded, we just check mode
gdgt_term=""
[ "$( find -L /sys/class/udc/*/is_a_peripheral -print0 2>/dev/null | \
xargs -0 cat 2>/dev/null | \
grep -c "0" )" -ge "1" ] && \
_setup_gadget
# Determine ovl file location
# grab used ovl filename from dmesg
ovl="$( dmesg | grep -o 'Loading user settings from .*:' | awk '{print $5}' | sed 's/:.*$//' )"
if [ -f "${ovl}" ]; then
ovlpath="$( dirname "$ovl" )"
else
# search path again as mountpoint have been changed later in the boot process...
ovl="$( basename "${ovl}" )"
ovlpath=$( find /media -maxdepth 2 -type d -path '*/.*' -prune -o -type f -name "${ovl}" -exec dirname {} \; | head -1 )
ovl="${ovlpath}/${ovl}"
fi
# Create banner file
warn=""
grep -q "${ovlpath}.*[[:space:]]ro[[:space:],]" /proc/mounts; is_ro=$?
_is_ro() { return "$is_ro"; }
_is_ro && warn="(remount partition rw!)"
cat <<-EOF > /tmp/.trash/banner
Alpine Linux headless bootstrap v$HDLSBSTRP_VERSION by macmpi
You may want to delete/rename .apkovl file before reboot ${warn}:
${ovl}
(can be done automatically with unattended script - see sample snippet)
EOF
_setup_networking
# Test latest available version online
# Can be skipped by creating a 'opt-out'-named dummy file aside apkovl file
[ -f "${ovlpath}"/opt-out ] || _tst_version &
# setup sshd unless unattended.sh script prevents it
grep -q "^#NO_SSH$" "${ovlpath}"/unattended.sh > /dev/null 2>&1 \
|| _setup_sshd
_prep_cleanup
_logger "Initial setup done, handing-over to clean-up"
rc-service headless_cleanup start
exit 0