Raspi-image-spec/rootfs/usr/local/sbin/rpi-set-sysconf

#!/usr/bin/perl
use strict;
use warnings;
use IO::File;
use IO::Pipe;
use feature 'switch';

my ($filename, $conf);

$filename = '/boot/firmware/sysconf.txt';

logger('info', "Reading the system configuration settings from $filename");
$conf = read_conf($filename);

if (my $pass = delete($conf->{root_pw})) {
    my $pipe;
    logger('debug', 'Resetting root password');
    unless (open($pipe, '|-', '/usr/sbin/chpasswd')) {
	my $err = $!;
	logger('error', "Could not run chpasswd: $err");
	die $err;
    }
    $pipe->print("root:$pass");
    close($pipe);
}

if (my $root_authorized_key = delete($conf->{root_authorized_key})) {
    my $fh;
    logger('debug', "Adding key to root's authorized_keys");
    if(! -d "/root/.ssh") {
        if(!mkdir("/root/.ssh", 0700)) {
            my $err = sprintf("Could not create /root/.ssh directory: %s", $!);
            logger('error', $err);
            die $err;
        }
    }

    unless ($fh = IO::File->new('/root/.ssh/authorized_keys', 'w', 0600)) {
        my $err = $!;
        logger('error', "Could not write /root/.ssh/authorized_keys: $err");
        die $err;
    }
    $fh->print($root_authorized_key);
    $fh->close;
}

if (my $name = delete($conf->{hostname})) {
    my $fh;
    logger('debug', "Setting hostname to '$name'");
    unless ($fh = IO::File->new('/etc/hostname', 'w')) {
	my $err = $!;
	logger('error', "Could not write hostname '$name': $err");
	die $err;
    }
    $fh->print($name);
    $fh->close;
    system('hostname', '--file', '/etc/hostname');
}

rewrite_conf_file($filename, $conf);

exit 0;

sub read_conf {
    my ($file, $conf, $fh);
    $file = shift;

    $conf = {};
    unless ($fh = IO::File->new($filename, 'r')) {
	my $err = $!;
	logger('error', "Could not read from configuration file '$filename': $err");
	# Not finding the config file is not fatal: there is just
	# nothing to configure!
	return $conf;
    }
    while (my $line = $fh->getline) {
	my ($key, $value);
	# Allow for comments, and properly ignore them
	$line =~ s/#.+//;
	if ( ($key, $value) = ($line =~ m/^\s*([^=]+)\s*=\s*(.*)\s*$/)) {
	    $key = lc($key);
	    if (exists($conf->{$key})) {
		logger('warn',
		       "Repeated configuration key: $key. " .
		       "Overwriting with new value ($value)");
	    }
	    $conf->{$key} = $value;
	}
    }
    $fh->close;

    return $conf;
}

sub logger {
    my ($prio, $msg) = @_;
    system('logger', '-p', "daemon.$prio",
	   '-t', 'rpi-set-sysconf', $msg);
}

sub rewrite_conf_file {
    my ($filename, $conf) = @_;
    my $fh;
    unless ($fh = IO::File->new($filename, 'w')) {
	my $err = $!;
	logger('error', "Could not write to configuration file '$filename': $err");
	die $err;
    }
    $fh->print(
q(# This file will be automatically evaluated and installed at next boot
# time, and regenerated (to avoid leaking passwords and such information).
#
# To force it to be evaluated immediately, you can run (as root):
#
#     /usr/local/sbin/rpi-set-sysconf
#
# You can disable the file evaluation by disabling the rpi-set-sysconf
# service in systemd:
#
#     systemctl disable rpi-set-sysconf
#
# Comments (all portions of a line following a '#' character) are
# ignored. This file is read line by line. Valid
# configuration lines are of the form 'key=value'. Whitespace around
# 'key' and 'value' is ignored. This file will be _regenerated_ every
# time it is evaluated.
#
# We follow the convention to indent with one space comments, and
# leave no space to indicate the line is an example that could be
# uncommented.

# root_pw - Set a password for the root user (by default, it allows
# for a passwordless login)
#root_pw=FooBar

# root_authorized_key - Set an authorized key for a root ssh login
#root_authorized_key=

# hostname - Set the system hostname.
#hostname=rpi
));

    if (scalar keys %$conf) {
	logger('warn', 'Unprocessed keys left in $filename: ' .
	       join(', ', sort keys %$conf));
	$fh->print(
q(
# We found the following unhandled keys - That means, the
# configuration script does not know how to handle them. Please
# double-check them!
));
	$fh->print(join('', map {sprintf("%s=%s\n", $_, $conf->{$_})} sort keys %$conf));
    }
    $fh->close;
}
First sketch of a sysconfig-parser 2019-07-19 04:54:47 +01:00			`#!/usr/bin/perl`
			`use strict;`
			`use warnings;`
			`use IO::File;`
			`use IO::Pipe;`
			`use feature 'switch';`

Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`my ($filename, $conf);`
First sketch of a sysconfig-parser 2019-07-19 04:54:47 +01:00
			`$filename = '/boot/firmware/sysconf.txt';`

Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`logger('info', "Reading the system configuration settings from $filename");`
			`$conf = read_conf($filename);`
First sketch of a sysconfig-parser 2019-07-19 04:54:47 +01:00
Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`if (my $pass = delete($conf->{root_pw})) {`
Rework set-sysconf not to require Sys::Sysconf Used a module not in the base Perl install; we fork to "logger" instead. 2019-07-19 15:34:17 +01:00			`my $pipe;`
Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`logger('debug', 'Resetting root password');`
Regenerate sysconf.txt once it has been processed 2019-07-20 02:40:14 +01:00			`unless (open($pipe, '\|-', '/usr/sbin/chpasswd')) {`
			`my $err = $!;`
			`logger('error', "Could not run chpasswd: $err");`
			`die $err;`
			`}`
Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`$pipe->print("root:$pass");`
Rework set-sysconf not to require Sys::Sysconf Used a module not in the base Perl install; we fork to "logger" instead. 2019-07-19 15:34:17 +01:00			`close($pipe);`
First sketch of a sysconfig-parser 2019-07-19 04:54:47 +01:00			`}`

Allow setting ssh authorized key for root, so pi can be configured via network Merging changes proposed by Nik LaBelle in merge request #22 2020-08-15 06:01:54 +01:00			`if (my $root_authorized_key = delete($conf->{root_authorized_key})) {`
			`my $fh;`
			`logger('debug', "Adding key to root's authorized_keys");`
			`if(! -d "/root/.ssh") {`
			`if(!mkdir("/root/.ssh", 0700)) {`
			`my $err = sprintf("Could not create /root/.ssh directory: %s", $!);`
			`logger('error', $err);`
			`die $err;`
			`}`
			`}`

			`unless ($fh = IO::File->new('/root/.ssh/authorized_keys', 'w', 0600)) {`
			`my $err = $!;`
			`logger('error', "Could not write /root/.ssh/authorized_keys: $err");`
			`die $err;`
			`}`
			`$fh->print($root_authorized_key);`
			`$fh->close;`
			`}`

Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`if (my $name = delete($conf->{hostname})) {`
			`my $fh;`
			`logger('debug', "Setting hostname to '$name'");`
Regenerate sysconf.txt once it has been processed 2019-07-20 02:40:14 +01:00			`unless ($fh = IO::File->new('/etc/hostname', 'w')) {`
			`my $err = $!;`
			`logger('error', "Could not write hostname '$name': $err");`
			`die $err;`
			`}`
Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`$fh->print($name);`
			`$fh->close;`
			`system('hostname', '--file', '/etc/hostname');`
			`}`

Regenerate sysconf.txt once it has been processed 2019-07-20 02:40:14 +01:00			`rewrite_conf_file($filename, $conf);`
Rework set-sysconf not to require Sys::Sysconf Used a module not in the base Perl install; we fork to "logger" instead. 2019-07-19 15:34:17 +01:00
			`exit 0;`
First sketch of a sysconfig-parser 2019-07-19 04:54:47 +01:00
Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`sub read_conf {`
			`my ($file, $conf, $fh);`
			`$file = shift;`

			`$conf = {};`
Regenerate sysconf.txt once it has been processed 2019-07-20 02:40:14 +01:00			`unless ($fh = IO::File->new($filename, 'r')) {`
			`my $err = $!;`
			`logger('error', "Could not read from configuration file '$filename': $err");`
			`# Not finding the config file is not fatal: there is just`
			`# nothing to configure!`
			`return $conf;`
			`}`
Added the ability to configure the hostname 2019-07-19 19:34:46 +01:00			`while (my $line = $fh->getline) {`
			`my ($key, $value);`
			`# Allow for comments, and properly ignore them`
			`$line =~ s/#.+//;`
			`if ( ($key, $value) = ($line =~ m/^\s([^=]+)\s=\s(.)\s*$/)) {`
			`$key = lc($key);`
			`if (exists($conf->{$key})) {`
			`logger('warn',`
			`"Repeated configuration key: $key. " .`
			`"Overwriting with new value ($value)");`
			`}`
			`$conf->{$key} = $value;`
			`}`
			`}`
			`$fh->close;`

			`return $conf;`
			`}`

Rework set-sysconf not to require Sys::Sysconf Used a module not in the base Perl install; we fork to "logger" instead. 2019-07-19 15:34:17 +01:00			`sub logger {`
			`my ($prio, $msg) = @_;`
Regenerate sysconf.txt once it has been processed 2019-07-20 02:40:14 +01:00			`system('logger', '-p', "daemon.$prio",`
Replace "set-sysconf" for a more descriptive "rpi-set-sysconf" 2019-07-19 16:46:52 +01:00			`'-t', 'rpi-set-sysconf', $msg);`
Rework set-sysconf not to require Sys::Sysconf Used a module not in the base Perl install; we fork to "logger" instead. 2019-07-19 15:34:17 +01:00			`}`
Regenerate sysconf.txt once it has been processed 2019-07-20 02:40:14 +01:00
			`sub rewrite_conf_file {`
			`my ($filename, $conf) = @_;`
			`my $fh;`
			`unless ($fh = IO::File->new($filename, 'w')) {`
			`my $err = $!;`
			`logger('error', "Could not write to configuration file '$filename': $err");`
			`die $err;`
			`}`
			`$fh->print(`
			`q(# This file will be automatically evaluated and installed at next boot`
			`# time, and regenerated (to avoid leaking passwords and such information).`
			`#`
			`# To force it to be evaluated immediately, you can run (as root):`
			`#`
Update rpi-set-sysconf as it's in /usr/local/sbin, not /usr/sbin. 2020-09-08 17:25:35 +01:00			`# /usr/local/sbin/rpi-set-sysconf`
Regenerate sysconf.txt once it has been processed 2019-07-20 02:40:14 +01:00			`#`
			`# You can disable the file evaluation by disabling the rpi-set-sysconf`
			`# service in systemd:`
			`#`
			`# systemctl disable rpi-set-sysconf`
			`#`
			`# Comments (all portions of a line following a '#' character) are`
			`# ignored. This file is read line by line. Valid`
			`# configuration lines are of the form 'key=value'. Whitespace around`
			`# 'key' and 'value' is ignored. This file will be _regenerated_ every`
			`# time it is evaluated.`
			`#`
			`# We follow the convention to indent with one space comments, and`
			`# leave no space to indicate the line is an example that could be`
			`# uncommented.`

			`# root_pw - Set a password for the root user (by default, it allows`
			`# for a passwordless login)`
			`#root_pw=FooBar`

Allow setting ssh authorized key for root, so pi can be configured via network Merging changes proposed by Nik LaBelle in merge request #22 2020-08-15 06:01:54 +01:00			`# root_authorized_key - Set an authorized key for a root ssh login`
			`#root_authorized_key=`

Regenerate sysconf.txt once it has been processed 2019-07-20 02:40:14 +01:00			`# hostname - Set the system hostname.`
			`#hostname=rpi`
			`));`

			`if (scalar keys %$conf) {`
			`logger('warn', 'Unprocessed keys left in $filename: ' .`
			`join(', ', sort keys %$conf));`
			`$fh->print(`
			`q(`
			`# We found the following unhandled keys - That means, the`
			`# configuration script does not know how to handle them. Please`
			`# double-check them!`
			`));`
			`$fh->print(join('', map {sprintf("%s=%s\n", $_, $conf->{$_})} sort keys %$conf));`
			`}`
			`$fh->close;`
			`}`