From 957f6ed6462475de5af73da9e1ebf30e14b282d6 Mon Sep 17 00:00:00 2001 From: Gunnar Wolf Date: Fri, 19 Jul 2019 22:40:14 -0300 Subject: [PATCH] Regenerate sysconf.txt once it has been processed --- rpi-set-sysconf | 83 ++++++++++++++++++++++++++++++++++++----- rpi-set-sysconf.service | 1 - sysconf.txt | 22 ++++++++--- 3 files changed, 90 insertions(+), 16 deletions(-) diff --git a/rpi-set-sysconf b/rpi-set-sysconf index 312c35c..2bd2904 100644 --- a/rpi-set-sysconf +++ b/rpi-set-sysconf @@ -8,7 +8,6 @@ use feature 'switch'; my ($filename, $conf); $filename = '/boot/firmware/sysconf.txt'; -exit 0 unless -f $filename; logger('info', "Reading the system configuration settings from $filename"); $conf = read_conf($filename); @@ -16,7 +15,11 @@ $conf = read_conf($filename); if (my $pass = delete($conf->{root_pw})) { my $pipe; logger('debug', 'Resetting root password'); - open($pipe, '|-', '/usr/sbin/chpasswd') or die $!; + unless (open($pipe, '|-', '/usr/sbin/chpasswd')) { + my $err = $!; + logger('error', "Could not run chpasswd: $err"); + die $err; + } $pipe->print("root:$pass"); close($pipe); } @@ -24,16 +27,17 @@ if (my $pass = delete($conf->{root_pw})) { if (my $name = delete($conf->{hostname})) { my $fh; logger('debug', "Setting hostname to '$name'"); - $fh = IO::File->new('/etc/hostname', 'w') or die $!; + unless ($fh = IO::File->new('/etc/hostname', 'w')) { + my $err = $!; + logger('error', "Could not write hostname '$name': $err"); + die $err; + } $fh->print($name); $fh->close; system('hostname', '--file', '/etc/hostname'); } -if (scalar keys %$conf) { - logger('warn', 'Unprocessed keys left in $filename: ' . - join(', ', sort keys %$conf)); -} +rewrite_conf_file($filename, $conf); exit 0; @@ -42,7 +46,13 @@ sub read_conf { $file = shift; $conf = {}; - $fh = IO::File->new($filename, 'r'); + unless ($fh = IO::File->new($filename, 'r')) { + my $err = $!; + logger('error', "Could not read from configuration file '$filename': $err"); + # Not finding the config file is not fatal: there is just + # nothing to configure! + return $conf; + } while (my $line = $fh->getline) { my ($key, $value); # Allow for comments, and properly ignore them @@ -64,6 +74,61 @@ sub read_conf { sub logger { my ($prio, $msg) = @_; - system('/bin/logger', '-p', "daemon.$prio", + system('logger', '-p', "daemon.$prio", '-t', 'rpi-set-sysconf', $msg); } + +sub rewrite_conf_file { + my ($filename, $conf) = @_; + my $fh; + unless ($fh = IO::File->new($filename, 'w')) { + my $err = $!; + logger('error', "Could not write to configuration file '$filename': $err"); + die $err; + } + $fh->print( +q(# This file will be automatically evaluated and installed at next boot +# time, and regenerated (to avoid leaking passwords and such information). +# +# To force it to be evaluated immediately, you can run (as root): +# +# /usr/sbin/rpi-set-sysconf +# +# You can disable the file evaluation by disabling the rpi-set-sysconf +# service in systemd: +# +# systemctl disable rpi-set-sysconf +# +# Comments (all portions of a line following a '#' character) are +# ignored. This file is read line by line. Valid +# configuration lines are of the form 'key=value'. Whitespace around +# 'key' and 'value' is ignored. This file will be _regenerated_ every +# time it is evaluated. +# +# We follow the convention to indent with one space comments, and +# leave no space to indicate the line is an example that could be +# uncommented. + +# root_pw - Set a password for the root user (by default, it allows +# for a passwordless login) +#root_pw=FooBar + +# hostname - Set the system hostname. +#hostname=rpi +)); + + if (scalar keys %$conf) { + logger('warn', 'Unprocessed keys left in $filename: ' . + join(', ', sort keys %$conf)); + $fh->print( +q( +# We found the following unhandled keys - That means, the +# configuration script does not know how to handle them. Please +# double-check them! +)); + $fh->print(join('', map {sprintf("%s=%s\n", $_, $conf->{$_})} sort keys %$conf)); + } + $fh->close; +} + + diff --git a/rpi-set-sysconf.service b/rpi-set-sysconf.service index 94adcef..46bddcf 100644 --- a/rpi-set-sysconf.service +++ b/rpi-set-sysconf.service @@ -4,7 +4,6 @@ Description=Set up system configuration [Service] Type=oneshot ExecStart=/usr/local/sbin/rpi-set-sysconf -ExecStart=/bin/systemctl --no-reload disable %n [Install] RequiredBy=basic.target diff --git a/sysconf.txt b/sysconf.txt index 0ecc408..faaca5f 100644 --- a/sysconf.txt +++ b/sysconf.txt @@ -1,14 +1,20 @@ -# This file will be automatically evaluated and installed _only_ at -# the first boot of this image. +# This file will be automatically evaluated and installed at next boot +# time, and regenerated (to avoid leaking passwords and such information). # -# To force it to be evaluated later, you can run (as root): +# To force it to be evaluated immediately, you can run (as root): # -# /usr/sbin/set-sysconf +# /usr/sbin/rpi-set-sysconf +# +# You can disable the file evaluation by disabling the rpi-set-sysconf +# service in systemd: +# +# systemctl disable rpi-set-sysconf # # Comments (all portions of a line following a '#' character) are -# ignored. This file is read line by line (ordering is ignored). Valid +# ignored. This file is read line by line. Valid # configuration lines are of the form 'key=value'. Whitespace around -# 'key' and 'value' is ignored. +# 'key' and 'value' is ignored. This file will be _regenerated_ every +# time it is evaluated. # # We follow the convention to indent with one space comments, and # leave no space to indicate the line is an example that could be @@ -20,3 +26,7 @@ # hostname - Set the system hostname. #hostname=rpi + +# We found the following unhandled keys - That means, the +# configuration script does not know how to handle them. Please +# double-check them!