From f145fc2af232b01f0470dbbd101c81d287b3ba83 Mon Sep 17 00:00:00 2001
From: David Andreoletti <david@andreoletti.net>
Date: Thu, 12 Sep 2024 14:53:11 +0800
Subject: [PATCH] armbian-firstrun: Optionally skip OpenSSH host key
 regeneration

---
 lib/functions/bsp/armbian-bsp-cli-deb.sh         |  3 +++
 lib/functions/rootfs/distro-agnostic.sh          |  9 ++++++++-
 .../etc/default/armbian-firstrun.dpkg-dist       |  6 ++++++
 .../lib/systemd/system/armbian-firstrun.service  |  1 +
 .../bsp/common/usr/lib/armbian/armbian-firstrun  | 16 ++++++++++------
 5 files changed, 28 insertions(+), 7 deletions(-)
 create mode 100644 packages/bsp/common/etc/default/armbian-firstrun.dpkg-dist

diff --git a/lib/functions/bsp/armbian-bsp-cli-deb.sh b/lib/functions/bsp/armbian-bsp-cli-deb.sh
index eef3db9ed3..20b5e5dac4 100644
--- a/lib/functions/bsp/armbian-bsp-cli-deb.sh
+++ b/lib/functions/bsp/armbian-bsp-cli-deb.sh
@@ -451,6 +451,9 @@ function board_side_bsp_cli_postinst_finish() {
 	if [ ! -f "/etc/default/armbian-zram-config" ] && [ -f /etc/default/armbian-zram-config.dpkg-dist ]; then
 		mv /etc/default/armbian-zram-config.dpkg-dist /etc/default/armbian-zram-config
 	fi
+    if [ ! -f "/etc/default/armbian-firstrun" ]; then
+		mv /etc/default/armbian-firstrun.dpkg-dist /etc/default/armbian-firstrun
+	fi
 
 	if [ -L "/usr/lib/chromium-browser/master_preferences.dpkg-dist" ]; then
 		mv /usr/lib/chromium-browser/master_preferences.dpkg-dist /usr/lib/chromium-browser/master_preferences
diff --git a/lib/functions/rootfs/distro-agnostic.sh b/lib/functions/rootfs/distro-agnostic.sh
index fdefe8a153..64b17ea36c 100644
--- a/lib/functions/rootfs/distro-agnostic.sh
+++ b/lib/functions/rootfs/distro-agnostic.sh
@@ -398,7 +398,14 @@ function install_distribution_agnostic() {
 
 	# enable additional services, if they exist.
 	display_alert "Enabling Armbian services" "systemd" "info"
-	[[ -f "${SDCARD}"/lib/systemd/system/armbian-firstrun.service ]] && chroot_sdcard systemctl --no-reload enable armbian-firstrun.service
+	if [[ -f "${SDCARD}"/lib/systemd/system/armbian-firstrun.service ]]; then
+	    # Note: armbian-firstrun starts before the user has a chance to edit the env file's values.
+	    # Exceptionaly, the env file can be edited during image build time
+        if test -n "$OPENSSHD_REGENERATE_HOST_KEYS"; then
+            sed -i "s/\(^OPENSSHD_REGENERATE_HOST_KEYS *= *\).*/\1$OPENSSHD_REGENERATE_HOST_KEYS/" "${SDCARD}"/etc/default/armbian-firstrun
+        fi
+		chroot_sdcard systemctl --no-reload enable armbian-firstrun.service
+	fi
 	[[ -f "${SDCARD}"/lib/systemd/system/armbian-zram-config.service ]] && chroot_sdcard systemctl --no-reload enable armbian-zram-config.service
 	[[ -f "${SDCARD}"/lib/systemd/system/armbian-hardware-optimize.service ]] && chroot_sdcard systemctl --no-reload enable armbian-hardware-optimize.service
 	[[ -f "${SDCARD}"/lib/systemd/system/armbian-ramlog.service ]] && chroot_sdcard systemctl --no-reload enable armbian-ramlog.service
diff --git a/packages/bsp/common/etc/default/armbian-firstrun.dpkg-dist b/packages/bsp/common/etc/default/armbian-firstrun.dpkg-dist
new file mode 100644
index 0000000000..cc77a28df8
--- /dev/null
+++ b/packages/bsp/common/etc/default/armbian-firstrun.dpkg-dist
@@ -0,0 +1,6 @@
+# configuration values for the armbian-firstrun service
+
+# Delete + regenerate OpenSSH host keys
+# true  = delete + generate host keys
+# false = no deletion / no generation for host keys
+OPENSSHD_REGENERATE_HOST_KEYS=true
diff --git a/packages/bsp/common/lib/systemd/system/armbian-firstrun.service b/packages/bsp/common/lib/systemd/system/armbian-firstrun.service
index fb94b03823..5df83a0bf6 100644
--- a/packages/bsp/common/lib/systemd/system/armbian-firstrun.service
+++ b/packages/bsp/common/lib/systemd/system/armbian-firstrun.service
@@ -10,6 +10,7 @@ After=ssh.service
 [Service]
 Type=simple
 RemainAfterExit=yes
+EnvironmentFile=/etc/default/armbian-firstrun
 ExecStart=/usr/lib/armbian/armbian-firstrun start
 TimeoutStartSec=2min
 
diff --git a/packages/bsp/common/usr/lib/armbian/armbian-firstrun b/packages/bsp/common/usr/lib/armbian/armbian-firstrun
index caf88cac76..360b264afa 100755
--- a/packages/bsp/common/usr/lib/armbian/armbian-firstrun
+++ b/packages/bsp/common/usr/lib/armbian/armbian-firstrun
@@ -46,12 +46,16 @@ case "$1" in
 	[[ -f /etc/systemd/system/armbian-live-patch.service ]] && systemctl --no-reload enable armbian-live-patch.service
 
 	# SSH Keys creation
-	rm -f /etc/ssh/ssh_host*
-	read entropy_before </proc/sys/kernel/random/entropy_avail
-	dpkg-reconfigure openssh-server >/dev/null 2>&1
-	service ssh restart
-	read entropy_after </proc/sys/kernel/random/entropy_avail
-	echo -e "\n### [firstrun] Recreated SSH keys (entropy: ${entropy_before} ${entropy_after})" >>${Log}
+	if [[ "${OPENSSHD_REGENERATE_HOST_KEYS}" = true ]]; then
+		rm -f /etc/ssh/ssh_host*
+		read entropy_before </proc/sys/kernel/random/entropy_avail
+		dpkg-reconfigure openssh-server >/dev/null 2>&1
+		service ssh restart
+		read entropy_after </proc/sys/kernel/random/entropy_avail
+		echo -e "\n### [firstrun] Recreated SSH keys (entropy: ${entropy_before} ${entropy_after})" >>${Log}
+	else
+		echo -e "\n### [firstrun] SSH host keys unchanged" >>${Log}
+	fi
 
 	# get rid of purple background color in newt apps whiptail, partimage, debconf ... Reverting to Debian look.
 	[[ -f /etc/newt/palette ]] && sed -e 's/magenta/blue/g' -i /etc/newt/palette