From 94ac6dc790aa5066b623e9706bdf0c98f7d40aa7 Mon Sep 17 00:00:00 2001
From: Jan Wagner <mail@jwagner.eu>
Date: Sat, 12 Mar 2016 19:01:13 +0100
Subject: code cleanup and even more spliting

---
 bootstrap.d/11-apt.sh        |  6 +++---
 bootstrap.d/12-locale.sh     | 18 +++++++++---------
 bootstrap.d/13-kernel.sh     |  2 +-
 bootstrap.d/20-networking.sh | 17 ++++++++---------
 bootstrap.d/21-firewall.sh   |  6 +++---
 bootstrap.d/30-security.sh   |  3 ++-
 bootstrap.d/31-logging.sh    |  2 +-
 files/network/host.conf      |  1 +
 rpi2-gen-image.sh            |  1 +
 9 files changed, 29 insertions(+), 27 deletions(-)
 create mode 100644 files/network/host.conf

diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh
index e70a6e7..56fcc0e 100644
--- a/bootstrap.d/11-apt.sh
+++ b/bootstrap.d/11-apt.sh
@@ -8,7 +8,7 @@
 # Use proxy inside chroot
 if [ -z "$APT_PROXY" ] ; then
   install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy
-  sed -i -e "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy
+  sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy
 fi
 
 # Pin package flash-kernel to repositories.collabora.co.uk
@@ -21,8 +21,8 @@ chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
 
 # Set up initial sources.list
 install_readonly files/apt/sources.list $R/etc/apt/sources.list
-sed -i -e "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list
-sed -i -e "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list
+sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list
+sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list
 
 # Upgrade package index and update all installed packages and changed dependencies
 chroot_exec apt-get -qq -y update
diff --git a/bootstrap.d/12-locale.sh b/bootstrap.d/12-locale.sh
index cc19ed0..cff48b2 100644
--- a/bootstrap.d/12-locale.sh
+++ b/bootstrap.d/12-locale.sh
@@ -19,40 +19,40 @@ if [ "$ENABLE_MINBASE" = false ] ; then
   else
     # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
     chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
-    chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
+    sed -i "/en_US.UTF-8/s/^#//" $R/etc/locale.gen
   fi
 
-  chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
+  sed -i "/${DEFLOCAL}/s/^#//" $R/etc/locale.gen
   chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
   chroot_exec locale-gen
   chroot_exec update-locale LANG=${DEFLOCAL}
 
   # Keyboard configuration, if requested
   if [ "$XKB_MODEL" != "" ] ; then
-    chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" /etc/default/keyboard
+    sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard
   fi
   if [ "$XKB_LAYOUT" != "" ] ; then
-    chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" /etc/default/keyboard
+    sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" $R/etc/default/keyboard
   fi
   if [ "$XKB_VARIANT" != "" ] ; then
-    chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" /etc/default/keyboard
+    sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" $R/etc/default/keyboard
   fi
   if [ "$XKB_OPTIONS" != "" ] ; then
-    chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" /etc/default/keyboard
+    sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" $R/etc/default/keyboard
   fi
   chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
 
   # Set up font console
   case "${DEFLOCAL}" in
     *UTF-8)
-      chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
+      sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup
       ;;
     *)
-      chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
+      sed -i 's/^CHARMAP.*/CHARMAP="guess"/' $R/etc/default/console-setup
       ;;
   esac
   chroot_exec dpkg-reconfigure -f noninteractive console-setup
-else
+else # ENABLE_MINBASE=true
   # Set POSIX default locales
   install_readonly files/locales/locale $R/etc/default/locale
 fi
diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index 8fa3b08..9fcb86f 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -48,7 +48,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
 
   # Install raspberry bootloader and flash-kernel
   chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
-else
+else # BUILD_KERNEL=false
   # Kernel installation
   chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${COLLABORA_KERNEL} raspberrypi-bootloader-nokernel
 
diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh
index 61270d4..c9f866f 100644
--- a/bootstrap.d/20-networking.sh
+++ b/bootstrap.d/20-networking.sh
@@ -7,10 +7,10 @@
 
 # Set up IPv4 hosts
 install_readonly files/network/hostname $R/etc/hostname
-sed -i -e "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname
+sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname
 
 install_readonly files/network/hosts $R/etc/hosts
-sed -i -e "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts
+sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts
 
 if [ "$NET_ADDRESS" != "" ] ; then
   NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
@@ -31,13 +31,14 @@ fi
 install_readonly files/network/interfaces $R/etc/network/interfaces
 
 if [ "$ENABLE_DHCP" = true ] ; then
-# Enable systemd-networkd DHCP configuration for interface eth0
-install_readonly files/network/eth.network $R/etc/systemd/network/eth.network
+  # Enable systemd-networkd DHCP configuration for interface eth0
+  install_readonly files/network/eth.network $R/etc/systemd/network/eth.network
 
-# Set DHCP configuration to IPv4 only
+  # Set DHCP configuration to IPv4 only
   if [ "$ENABLE_IPV6" = false ] ; then
     sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
   fi
+
 else # ENABLE_DHCP=false
   cat <<EOM >$R/etc/systemd/network/eth.network
 [Match]
@@ -62,8 +63,6 @@ chroot_exec systemctl enable systemd-networkd
 if [ "$ENABLE_HARDNET" = true ] ; then
   install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf
 
-# Enable resolver warnings about spoofed addresses
-  cat <<EOM >>$R/etc/host.conf
-spoof warn
-EOM
+  # Enable resolver warnings about spoofed addresses
+  install_readonly files/network/host.conf $R/etc/host.conf
 fi
diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh
index 89cf37f..e006e2b 100644
--- a/bootstrap.d/21-firewall.sh
+++ b/bootstrap.d/21-firewall.sh
@@ -37,8 +37,8 @@ if [ "$ENABLE_IPTABLES" = true ] ; then
   fi
 fi
 
-# Remove SSHD related iptables rules
 if [ "$ENABLE_SSHD" = false ] ; then
- sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
- sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
+ # Remove SSHD related iptables rules
+ sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/iptables.rules 2> /dev/null
+ sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/ip6tables.rules 2> /dev/null
 fi
diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh
index 86f1c00..899c250 100644
--- a/bootstrap.d/30-security.sh
+++ b/bootstrap.d/30-security.sh
@@ -19,9 +19,10 @@ if [ "$ENABLE_ROOT" = true ]; then
   chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
 
   if [ "$ENABLE_ROOT_SSH" = true ]; then
-    sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
+    sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" $R/etc/ssh/sshd_config
   fi
 else
+  # Set no root password to disable root login
   chroot_exec usermod -p \'!\' root
 fi
 
diff --git a/bootstrap.d/31-logging.sh b/bootstrap.d/31-logging.sh
index 14c4f44..cfb99a2 100644
--- a/bootstrap.d/31-logging.sh
+++ b/bootstrap.d/31-logging.sh
@@ -7,7 +7,7 @@
 
 # Disable rsyslog
 if [ "$ENABLE_RSYSLOG" = false ]; then
-  sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
+  sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" $R/etc/systemd/journald.conf
   chroot_exec systemctl disable rsyslog
   chroot_exec apt-get purge -q -y --force-yes rsyslog
 fi
diff --git a/files/network/host.conf b/files/network/host.conf
new file mode 100644
index 0000000..114b279
--- /dev/null
+++ b/files/network/host.conf
@@ -0,0 +1 @@
+spoof warn
diff --git a/rpi2-gen-image.sh b/rpi2-gen-image.sh
index 39d5a76..12735af 100755
--- a/rpi2-gen-image.sh
+++ b/rpi2-gen-image.sh
@@ -18,6 +18,7 @@
 # Load utility functions
 . ./functions.sh
 
+# Introduce settings
 set -e
 echo -n -e "\n#\n# RPi2 Bootstrap Settings\n#\n"
 set -x
-- 
cgit v1.2.3