44r0n7/pi-kit
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 12 Wiki Activity

Fix firstboot tls bundle script and prep checks

Browse Source
This commit is contained in:
Aaron
2026-01-03 17:51:11 -05:00
parent 452b787c30
commit 5b0cc80d0a
3 changed files with 61 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
pikit-prep.sh
View File

@@ -23,6 +23,7 @@ DID_PREP=0
ERRORS=0 ERRORS=0
WARNINGS=0 WARNINGS=0
STOPPED_PIHOLE_FTL=0
usage() { usage() {
cat <<'USAGE' cat <<'USAGE'
@@ -211,14 +212,14 @@ reset_iface_to_dhcp() {
local tmp local tmp
tmp="$(mktemp)" tmp="$(mktemp)"
awk -v target="$iface" ' awk -v target="$iface" '
BEGIN{in=0} BEGIN{in_iface=0}
/^[[:space:]]*iface[[:space:]]+/ { /^[[:space:]]*iface[[:space:]]+/ {
split($0, parts, /[[:space:]]+/); split($0, parts, /[[:space:]]+/);
if (parts[2]==target) { in=1; print "iface " target " inet dhcp"; next; } if (parts[2]==target) { in_iface=1; print "iface " target " inet dhcp"; next; }
else { in=0; } else { in_iface=0; }
} }
{ {
if (in==1) { if (in_iface==1) {
if ($1=="address"||$1=="netmask"||$1=="gateway"||$1=="dns-nameservers") next; if ($1=="address"||$1=="netmask"||$1=="gateway"||$1=="dns-nameservers") next;
} }
print; print;
@@ -321,7 +322,14 @@ prep_image() {
fi fi
if command -v pihole >/dev/null 2>&1; then if command -v pihole >/dev/null 2>&1; then
pihole -f >/dev/null 2>&1 && status CLEANED "pihole logs via pihole -f" || status FAIL "pihole -f" if command -v systemctl >/dev/null 2>&1; then
if systemctl stop pihole-FTL >/dev/null 2>&1; then
status CLEANED "stopped pihole-FTL"
STOPPED_PIHOLE_FTL=1
else
status WARN "unable to stop pihole-FTL"
fi
fi
clean_logs_dir /var/log/pihole '*' clean_logs_dir /var/log/pihole '*'
clean_file /etc/pihole/pihole-FTL.db clean_file /etc/pihole/pihole-FTL.db
clean_file /etc/pihole/pihole-FTL.db-wal clean_file /etc/pihole/pihole-FTL.db-wal
@@ -609,12 +617,22 @@ check_image() {
section "Logs" section "Logs"
if [ -d /var/log ]; then if [ -d /var/log ]; then
local nonempty local nonempty filtered
nonempty="$(find /var/log -type f -size +0c 2>/dev/null | wc -l | tr -d ' ')" nonempty="$(find /var/log -type f -size +0c 2>/dev/null)"
if [ "$nonempty" -gt 0 ]; then filtered="$(printf "%s\n" "$nonempty" | grep -Ev '/(lastlog|faillog|btmp|wtmp)$' || true)"
status WARN "/var/log has non-empty files: $nonempty" if [ -n "$filtered" ]; then
local count
count="$(printf "%s\n" "$filtered" | wc -l | tr -d ' ')"
status WARN "/var/log has non-empty files: $count"
printf "%s\n" "$filtered" | head -n 5 | sed 's/^/[WARN] /'
else else
status OK "/var/log empty" if [ -n "$nonempty" ]; then
local count
count="$(printf "%s\n" "$nonempty" | wc -l | tr -d ' ')"
status WARN "/var/log has only login tracking files: $count"
else
status OK "/var/log empty"
fi
fi fi
else else
status WARN "/var/log missing" status WARN "/var/log missing"
@@ -713,6 +731,13 @@ maybe_shutdown() {
status OK "Shutting down" status OK "Shutting down"
shutdown -f now || status FAIL "shutdown" shutdown -f now || status FAIL "shutdown"
else else
if [ "$STOPPED_PIHOLE_FTL" -eq 1 ] && command -v systemctl >/dev/null 2>&1; then
if systemctl start pihole-FTL >/dev/null 2>&1; then
status OK "restarted pihole-FTL (shutdown skipped)"
else
status WARN "failed to restart pihole-FTL after prep"
fi
fi
status OK "Shutdown skipped" status OK "Shutdown skipped"
fi fi
} }

19
pikit-smoke-test.sh
View File

@@ -169,6 +169,7 @@ sys.exit(1)
check_firstboot() { check_firstboot() {
local url="$1" local url="$1"
local body state error_present local body state error_present
local done_present error_file_present log_present state_present
if ! body="$(remote_cmd "curl -fsS --max-time 5 $url")"; then if ! body="$(remote_cmd "curl -fsS --max-time 5 $url")"; then
status FAIL "firstboot API not reachable" status FAIL "firstboot API not reachable"
return return
@@ -186,10 +187,26 @@ check_firstboot() {
status FAIL "firstboot status invalid or missing" status FAIL "firstboot status invalid or missing"
return return
fi fi
done_present="$(remote_sudo_cmd "test -f /var/lib/pikit/firstboot/firstboot.done && echo yes || echo no" 2>/dev/null || true)"
error_file_present="$(remote_sudo_cmd "test -f /var/lib/pikit/firstboot/firstboot.error && echo yes || echo no" 2>/dev/null || true)"
log_present="$(remote_sudo_cmd "test -f /var/lib/pikit/firstboot/firstboot.log && echo yes || echo no" 2>/dev/null || true)"
state_present="$(remote_sudo_cmd "test -f /var/lib/pikit/firstboot/state.json && echo yes || echo no" 2>/dev/null || true)"
if [ "$state" = "done" ] && [ "$error_present" != "true" ]; then if [ "$state" = "done" ] && [ "$error_present" != "true" ]; then
status OK "firstboot completed" status OK "firstboot completed"
return
fi
if [ "$state" = "error" ] || [ "$error_present" = "true" ] || [ "$error_file_present" = "yes" ]; then
status FAIL "firstboot failed (state=$state error=$error_present)"
return
fi
if [ "$done_present" = "yes" ]; then
status FAIL "firstboot state mismatch (done file present but state=$state)"
return
fi
if [ "$log_present" != "yes" ] && [ "$state_present" != "yes" ]; then
status WARN "firstboot not started yet (image prepped?)"
else else
status FAIL "firstboot not complete (state=$state error=$error_present)" status WARN "firstboot in progress (state=$state)"
fi fi
} }

16
systemd/pikit-firstboot.sh
View File

@@ -215,11 +215,11 @@ if isinstance(actions, list) and actions:
log(f"TLS bundle skipped (missing cert/key): {dest}") log(f"TLS bundle skipped (missing cert/key): {dest}")
continue continue
dest.parent.mkdir(parents=True, exist_ok=True) dest.parent.mkdir(parents=True, exist_ok=True)
content = src_cert.read_bytes() + b\"\\n\" + src_key.read_bytes() + b\"\\n\" content = src_cert.read_bytes() + b"\n" + src_key.read_bytes() + b"\n"
dest.write_bytes(content) dest.write_bytes(content)
owner = action.get("owner") owner = action.get("owner")
if owner: if owner:
user, _, group = str(owner).partition(\":\") user, _, group = str(owner).partition(":")
try: try:
uid = pwd.getpwnam(user).pw_uid if user else -1 uid = pwd.getpwnam(user).pw_uid if user else -1
except Exception: except Exception:
@@ -238,8 +238,8 @@ if isinstance(actions, list) and actions:
pass pass
restart = action.get("restart") restart = action.get("restart")
if restart: if restart:
subprocess.run([\"systemctl\", \"restart\", str(restart)], check=False) subprocess.run(["systemctl", "restart", str(restart)], check=False)
log(f\"TLS bundle written: {dest}\") log(f"TLS bundle written: {dest}")
continue continue
if action_type == "replace_text": if action_type == "replace_text":
@@ -247,17 +247,17 @@ if isinstance(actions, list) and actions:
match = str(action.get("match", "")) match = str(action.get("match", ""))
replacement = str(action.get("replace", "")) replacement = str(action.get("replace", ""))
if not file_path.exists(): if not file_path.exists():
log(f\"Replace skipped (missing file): {file_path}\") log(f"Replace skipped (missing file): {file_path}")
continue continue
content = file_path.read_text() content = file_path.read_text()
if match not in content: if match not in content:
log(f\"Replace skipped (pattern not found): {file_path}\") log(f"Replace skipped (pattern not found): {file_path}")
continue continue
file_path.write_text(content.replace(match, replacement, 1)) file_path.write_text(content.replace(match, replacement, 1))
restart = action.get("restart") restart = action.get("restart")
if restart: if restart:
subprocess.run([\"systemctl\", \"restart\", str(restart)], check=False) subprocess.run(["systemctl", "restart", str(restart)], check=False)
log(f\"Replaced text in: {file_path}\") log(f"Replaced text in: {file_path}")
continue continue
else: else:
log("Profile actions step skipped (none).") log("Profile actions step skipped (none).")