Raspi-image-spec/rootfs/usr/local/sbin/rpi-set-sysconf

158 lines
4.1 KiB
Perl

#!/usr/bin/perl
use strict;
use warnings;
use IO::File;
use IO::Pipe;
use feature 'switch';
my ($filename, $conf);
$filename = '/boot/firmware/sysconf.txt';
logger('info', "Reading the system configuration settings from $filename");
$conf = read_conf($filename);
if (my $pass = delete($conf->{root_pw})) {
my $pipe;
logger('debug', 'Resetting root password');
unless (open($pipe, '|-', '/usr/sbin/chpasswd')) {
my $err = $!;
logger('error', "Could not run chpasswd: $err");
die $err;
}
$pipe->print("root:$pass");
close($pipe);
}
if (my $root_authorized_key = delete($conf->{root_authorized_key})) {
my $fh;
logger('debug', "Adding key to root's authorized_keys");
if(! -d "/root/.ssh") {
if(!mkdir("/root/.ssh", 0700)) {
my $err = sprintf("Could not create /root/.ssh directory: %s", $!);
logger('error', $err);
die $err;
}
}
unless ($fh = IO::File->new('/root/.ssh/authorized_keys', 'w', 0600)) {
my $err = $!;
logger('error', "Could not write /root/.ssh/authorized_keys: $err");
die $err;
}
$fh->print($root_authorized_key);
$fh->close;
}
if (my $name = delete($conf->{hostname})) {
my $fh;
logger('debug', "Setting hostname to '$name'");
unless ($fh = IO::File->new('/etc/hostname', 'w')) {
my $err = $!;
logger('error', "Could not write hostname '$name': $err");
die $err;
}
$fh->print($name);
$fh->close;
system('hostname', '--file', '/etc/hostname');
}
rewrite_conf_file($filename, $conf);
exit 0;
sub read_conf {
my ($file, $conf, $fh);
$file = shift;
$conf = {};
unless ($fh = IO::File->new($filename, 'r')) {
my $err = $!;
logger('error', "Could not read from configuration file '$filename': $err");
# Not finding the config file is not fatal: there is just
# nothing to configure!
return $conf;
}
while (my $line = $fh->getline) {
my ($key, $value);
# Allow for comments, and properly ignore them
$line =~ s/#.+//;
if ( ($key, $value) = ($line =~ m/^\s*([^=]+)\s*=\s*(.*)\s*$/)) {
$key = lc($key);
if (exists($conf->{$key})) {
logger('warn',
"Repeated configuration key: $key. " .
"Overwriting with new value ($value)");
}
$conf->{$key} = $value;
}
}
$fh->close;
return $conf;
}
sub logger {
my ($prio, $msg) = @_;
system('logger', '-p', "daemon.$prio",
'-t', 'rpi-set-sysconf', $msg);
}
sub rewrite_conf_file {
my ($filename, $conf) = @_;
my $fh;
unless ($fh = IO::File->new($filename, 'w')) {
my $err = $!;
logger('error', "Could not write to configuration file '$filename': $err");
die $err;
}
$fh->print(
q(# This file will be automatically evaluated and installed at next boot
# time, and regenerated (to avoid leaking passwords and such information).
#
# To force it to be evaluated immediately, you can run (as root):
#
# /usr/local/sbin/rpi-set-sysconf
#
# You can disable the file evaluation by disabling the rpi-set-sysconf
# service in systemd:
#
# systemctl disable rpi-set-sysconf
#
# Comments (all portions of a line following a '#' character) are
# ignored. This file is read line by line. Valid
# configuration lines are of the form 'key=value'. Whitespace around
# 'key' and 'value' is ignored. This file will be _regenerated_ every
# time it is evaluated.
#
# We follow the convention to indent with one space comments, and
# leave no space to indicate the line is an example that could be
# uncommented.
# root_pw - Set a password for the root user (by default, it allows
# for a passwordless login)
#root_pw=FooBar
# root_authorized_key - Set an authorized key for a root ssh login
#root_authorized_key=
# hostname - Set the system hostname.
#hostname=rpi
));
if (scalar keys %$conf) {
logger('warn', 'Unprocessed keys left in $filename: ' .
join(', ', sort keys %$conf));
$fh->print(
q(
# We found the following unhandled keys - That means, the
# configuration script does not know how to handle them. Please
# double-check them!
));
$fh->print(join('', map {sprintf("%s=%s\n", $_, $conf->{$_})} sort keys %$conf));
}
$fh->close;
}