From c253075f696612cb136fbc2fe8bc005eb045eb6f Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 23 Oct 2023 12:23:51 +0200
Subject: [SSPS] Change firstboot/run logic once again

truncating the currently running script is not too clever, since
it just ends the script after the current line... Do a two-staged
approach now, and also make sure the user cannot login on the web
interface before finishing the firstrun.sh script, by disabling
lighttpd.
---
 satellit_installer/static_files/system/etc/issue   | 10 +++----
 .../static_files/system/etc/issue.disabled         |  9 ++++++
 .../static_files/system/opt/openslx/firstboot.sh   | 34 +++++++++++++++-------
 .../static_files/system/opt/openslx/firstrun.sh    |  2 --
 4 files changed, 37 insertions(+), 18 deletions(-)
 create mode 100644 satellit_installer/static_files/system/etc/issue.disabled

diff --git a/satellit_installer/static_files/system/etc/issue b/satellit_installer/static_files/system/etc/issue
index 90e548a..286fcf6 100644
--- a/satellit_installer/static_files/system/etc/issue
+++ b/satellit_installer/static_files/system/etc/issue
@@ -1,9 +1,7 @@
 -------------------------------------------------
-bwLehrpool Satelliteserver (Debian \S{VERSION_ID})
+   bwLehrpool Satellite Server (Debian \S{VERSION_ID})
 -------------------------------------------------
 
-Web interface for configuration:
-
-\e{lightred}http(s)://\4/\e{reset}
-\e{lightred}http(s)://\n.\O/\e{reset}
-
+Bitte loggen Sie sich als Nutzer "openslx" ein, um die
+Einrichtung des Systems abzuschließen.
+ 
diff --git a/satellit_installer/static_files/system/etc/issue.disabled b/satellit_installer/static_files/system/etc/issue.disabled
new file mode 100644
index 0000000..857ec97
--- /dev/null
+++ b/satellit_installer/static_files/system/etc/issue.disabled
@@ -0,0 +1,9 @@
+-------------------------------------------------
+   bwLehrpool Satellite Server (Debian \S{VERSION_ID})
+-------------------------------------------------
+
+Web interface for configuration:
+
+\e{lightred}http(s)://\4/\e{reset}
+\e{lightred}http(s)://\n.\O/\e{reset}
+ 
diff --git a/satellit_installer/static_files/system/opt/openslx/firstboot.sh b/satellit_installer/static_files/system/opt/openslx/firstboot.sh
index 9c3c1cf..c8a6a36 100755
--- a/satellit_installer/static_files/system/opt/openslx/firstboot.sh
+++ b/satellit_installer/static_files/system/opt/openslx/firstboot.sh
@@ -1,6 +1,11 @@
 #!/bin/bash
 
 MY_PID=$$
+conf="/opt/openslx/config.install"
+
+# Logfile
+exec &>> /opt/openslx/firstboot.log
+
 perror() {
 	echo "[ERROR] $*"
 	[ "$MY_PID" != "$$" ] && kill "$MY_PID"
@@ -19,12 +24,26 @@ perror() {
 	exit 5
 }
 
-# Logfile
-exec &> /opt/openslx/firstboot.log
+if ! [ -e "$conf" ]; then
+	# First time this script runs, it will delete the config at the end; this
+	# means this has to be the second bootup, after the user finished the
+	# firstrun.sh script on first login as "openslx".
+	# Completely delete the script now, and also firstrun.sh
+	unlink "/opt/openslx/firstrun.sh"
+	unlink "/opt/openslx/firstboot.sh"
+	unlink "/etc/systemd/system/firstboot.service"
+	unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service"
+	# Only now enable the web interface, so the user cannot login via browser
+	# before finishing the firstrun.sh script via ssh/tty login
+	systemctl enable lighttpd.service || perror "Konnte systemd-Service lighttpd nicht aktivieren!"
+	systemctl --no-block start lighttpd.service
+	# Also activate our issue that hints at the webif URL
+	mv /etc/issue.disabled /etc/issue
+	exit 0
+fi
 
 echo "+++ $(basename "$0") gestartet: $(date "+%Y-%m-%d %H:%m:%S")"
 
-conf="/opt/openslx/config.install"
 [ -s "$conf" ] || perror "Config file $conf missing"
 bash -n "$conf" || perror "Config file $conf has errors"
 . "$conf"
@@ -36,8 +55,8 @@ generate_password() {
 patchfiles() {
 	# <find> <replace> <file1> <file2> ... <fileN>
 	# Warning: does not escape!
-	FIND=$1
-	REPLACE=$2
+	local FIND="$1"
+	local REPLACE="$2"
 	shift 2
 	while [ $# -gt 0 ]; do
 		sed -i "s/${FIND}/${REPLACE}/g" "$1"
@@ -54,8 +73,6 @@ ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa -q
 ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa -q
 ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 -q
 
-export LANG=de_DE.UTF-8
-
 echo "+++ Generiere intern genutzte Passwörter (z.B. MySQL-Zugänge) neu ..."
 umask 0077
 
@@ -114,9 +131,6 @@ cat > /etc/motd <<THEREDOC
 THEREDOC
 
 echo "+++ Daten des Firstrun-Scripts werden aufgeräumt..."
-unlink "/opt/openslx/firstboot.sh"
 unlink "$conf"
-unlink "/etc/systemd/system/firstboot.service"
-unlink "/etc/systemd/system/multi-user.target.wants/firstboot.service"
 
 exit 0
diff --git a/satellit_installer/static_files/system/opt/openslx/firstrun.sh b/satellit_installer/static_files/system/opt/openslx/firstrun.sh
index 951fa8e..41e386c 100755
--- a/satellit_installer/static_files/system/opt/openslx/firstrun.sh
+++ b/satellit_installer/static_files/system/opt/openslx/firstrun.sh
@@ -48,7 +48,5 @@ cat <<YONDERDOC
 YONDERDOC
 
 sed -i "/opt.openslx.firstrun.sh/d" ~/.profile
-# Just to be safe, empty script... Cannot delete as dir is owned by root
-truncate -s0 /opt/openslx/firstrun.sh
 
 sudo reboot
-- 
cgit v1.2.3-55-g7522