housekeeping

this was leading to the OOM killer killing dd.

.gitignore

@@ -1 +1,2 @@
 notes.txt
+build/

README.md

@@ -1,56 +1,152 @@
 # What
 
-It's a script to build a customized OpenWRT firmware that will
-automatically set up
-[extroot](http://wiki.openwrt.org/doc/howto/extroot) on any (!)
-storage device plugged into the USB port (`/dev/sda`).
+It's a script to build a customized
+[OpenWrt](https://openwrt.org/docs/guide-user/start)
+firmware image using
+[ImageBuilder](https://openwrt.org/docs/guide-user/additional-software/imagebuilder).
+
+If the generated image is flashed on a router, then during its boot
+process it will try to automatically set up
+[extroot](https://openwrt.org/docs/guide-user/additional-software/extroot_configuration)
+on **any (!)** storage device plugged into the USB port (`/dev/sda`),
+including your already working extroot pendrive if you plug it in too
+late in the boot process.
 
 # Why
 
-So that e.g. customers can buy a router on their own, flash our
+So that e.g. customers can buy a router on their own, download and flash our custom
 firmware, plug in a pendrive, and manage their SIP (telephony) node
 from our webapp.
 
-# Status
+I've extracted the generic parts from the above mentioned auto-provision
+project because I thought it's useful enough for making it public.
 
-This is more of a template than something standalone. You most
-probably want to customize this script here and there; search for
-`CUSTOMIZE` for places of interest.
+It also serves me well on my own routers ever since then.
 
-I've extracted this from a project where OpenWRT nodes auto-provision
-themselves in 3 stages, but I thought it's useful enough for making it
-public (stage 1: extroot setup; stage 2: install packages; stage 3: a
-Python script for app-level sync).
+# How
 
-At the time of writing it only supports a few `ar71xx` routers but
-it's easy to extend it.
+You can read more about the underlying technology on the OpenWrt wiki: see e.g. the
+[ImageBuilder](https://openwrt.org/docs/guide-user/additional-software/imagebuilder)
+page, or the page that lists some other
+[ImageBuilder frontends](https://openwrt.org/docs/guide-developer/imagebuilder_frontends).
 
-## Tested with
+As for the actual mechanism: custom scripts are baked into the boot
+process of the flashed firmware. If the extroot overlay is properly
+set up, then these scripts get hidden by it; i.e. they will only be run
+when the extroot has failed to mount early in the boot process.
 
-[OpenWRT Barrier Breaker 14.07](http://downloads.openwrt.org/barrier_breaker/14.07/)
-on a TP-Link WDR4300.
+Keep in mind that **this will automatically erase/format any inserted
+storage device while the router is in the initial setup phase**!
+Unfortunately there's little that can be done at that point to ask the
+user for confirmation.
 
-# Building
+### Building
 
-e.g. `./build.sh TLWDR4300`
+OpenWrt's ImageBuilder only works on Linux x86_64. To build a firmware, issue the following command:
+`./build.sh architecture variant device-profile`, e.g.:
 
-Results will be under `build/OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64`.
+* `./build.sh ath79 generic tplink_tl-wr1043nd-v1`
+* `./build.sh ath79 generic tplink_archer-c6-v2`
+* `./build.sh ath79 generic tplink_tl-wdr4300-v1`
+* `./build.sh bcm53xx generic dlink_dir-885l`
 
-To see a list of available targets, run this in the ImageBuilder dir: ```make info```.
+Results will be under `build/openwrt-imagebuilder-${release}-${architecture}-${variant}.Linux-x86_64/bin/`.
 
-# Usage
+To see a list of available targets, run `make info` in the ImageBuilder dir.
+
+If you want to change which OpenWrt version is used, then try editing
+the relevant variable(s) in `build.sh`. It's not guaranteed to work
+across OpenWrt releases, therefore we keep git branches for the past
+releases.
+
+### Setup stages
+
+Blinking leds show which phase the extroot setup scripts are in. Consult the
+sources for details: [autoprovision-functions.sh](image-extras/common/root/autoprovision-functions.sh#L49).
+
+#### Stage 1: setup extroot
+
+When the custom firmware first boots, the autoprovision script will
+wait for anything (!) in `/dev/sda` to show up (that is >= 512M), then erase
+it and set up a `swap`, an `extroot`, and a `data`filesystem (for the remaining
+space), and then reboot.
+
+#### Stage 2: download and install some packages from the internet
+
+Once it rebooted into the new extroot, it will continuously keep trying to install
+some OpenWrt packages until an internet connection is set up on the router. You
+need to do that manually either by using ssh or the web UI (LuCI).
+
+#### Stage 3, optional
+
+We also have a 3rd stage, written in Python, but it's commented out here.
+Search for `autoprovision-stage3.py` to see how it's done.
+
+### Login
 
 After flashing the firmware the router will have the standard
-`192.168.1.1` IP address, and SSH will listen there using the keys
-specified in `image-extras/etc/dropbear/authorized_keys`.
+`192.168.1.1` IP address.
+
+By default the root passwd is not set, so the router will start telnet with
+no password. If you want to set up a password, then edit the stage 2 script:
+[autoprovision-stage2.sh](image-extras/common/root/autoprovision-stage2.sh#L53).
+
+If a password is set, then telnet is disabled by OpenWrt and SSH will listen
+using the keys specified in [authorized_keys](image-extras/common/etc/dropbear/authorized_keys).
 
 Once connected, you can read the log with `logread -f`.
 
-The autoprovision script will wait for any `/dev/sda` to show up, then
-erase it and set up a `swap`, an `extroot`, and a `data` filesystem,
-and then reboots.
+# Status
 
-In stage 2 it will need an internet connection, so you should connect
-to its [LuCI interface](http://192.168.1.1) to set up an Internet
-upstream, and then it will automatically continue installing packages,
-finishing the whole process, and then do a final reboot.
+This is more of a template than something standalone, but I use it for
+my home routers as is. For more specific applications you most
+probably want to customize this script here and there; search for
+`CUSTOMIZE` for places of interest.
+
+Most importantly, **set up a password and maybe add your ssh key** by
+adding it to `image-extras/common/etc/dropbear/authorized_keys`.
+
+None of this script is hardware specific except `setLedAttribute`,
+which is used to provide feedback about the progress of the initial
+setup phase. At the time of writing it only works on a few routers
+(mostly `ath79` ones), but without this everything should work fine,
+if only a bit less convenient.
+
+# Troubleshooting
+
+## Which file should I flash?
+
+You should consult the [OpenWrt documentation](https://openwrt.org/docs/guide-user/start).
+The produced firmware files should be somewhere around
+```./build/openwrt-imagebuilder-21.02.0-ath79-generic.Linux-x86_64/bin/targets/ath79/generic/```.
+
+In short:
+
+* You need a file with the name ```-factory.bin``` or ```-sysupgrade.bin```. The former is to
+  be used when you first install OpenWrt, the latter is when you upgrade an already installed
+  OpenWrt.
+
+* You must carefully pick the proper firmware file for your **hardware version**! I advise you
+  to look up the wiki page for your hardware on the [OpenWrt wiki](https://openwrt.org),
+  because most of them have a table of the released hardware versions with comments on their
+  status (sometimes new hardware revisions are only supported by the latest OpenWrt, which is
+  not released yet).
+
+## Help! The build has finished but there's no firmware file!
+
+If the build doesn't yield a firmware file (```*-factory.bin``` and/or ```*-sysupgrade.bin```):
+when there's not enough space in the flash memory of the target device to install everything
+then the OpenWrt ImageBuilder prints a hardly visible error into its flow of output and
+silently continues. Look into [build.sh](build.sh#L31) and try to remove some packages
+that you can live without.
+
+## Extroot is not mounted after a `sysupgrade`
+
+In short, this is an OpenWrt issue, and the solution is to mount the extroot
+somewhere, and delete `/etc/.extroot-uuid`. More details are available in
+[this issue](https://github.com/attila-lendvai/openwrt-auto-extroot/issues/12),
+and a way to deal with it can be found in
+[this blog post](https://blog.mbirth.de/archives/2014/05/26/openwrt-sysupgrade-with-extroot.html).
+You may also want to check out the
+[official OpenWrt wiki](https://openwrt.org/docs/guide-user/additional-software/extroot_configuration#system_upgrade)
+on this topic.

build.sh

@@ -1,59 +1,92 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
+# Note: this runs as-is, pretty much without external
+# dependencies. The OpenWrt ImageBuilder contains the toolchain and
+# everything that is needed to build the firmware images.
 
 set -e
 
-absolutize ()
-{
-  if [ ! -d "$1" ]; then
-    echo
-    echo "ERROR: '$1' doesn't exist or not a directory!"
-    kill -INT $$
-  fi
+TARGET_ARCHITECTURE=$1
+TARGET_VARIANT=$2
+TARGET_DEVICE=$3
 
-  pushd "$1" >/dev/null
-  echo `pwd`
-  popd >/dev/null
-}
+BUILD="$(dirname "${0}")/build/"
+BUILD="$(readlink -f "${BUILD}")"
 
-TARGET_PLATFORM=$1
+###
+### chose a release
+###
+RELEASE="22.03.5"
 
-if [ -z ${TARGET_PLATFORM} ]; then
-    echo "Usage: $0 target-platform (e.g. 'TLWDR4300')"
+IMGBUILDER_NAME="openwrt-imagebuilder-${RELEASE}-${TARGET_ARCHITECTURE}-${TARGET_VARIANT}.Linux-x86_64"
+IMGBUILDER_DIR="${BUILD}/${IMGBUILDER_NAME}"
+IMGBUILDER_ARCHIVE="${IMGBUILDER_NAME}.tar.xz"
+
+IMGTEMPDIR="${BUILD}/image-extras"
+# see this feature request:
+# FS#1670 - consistent naming convention for the imagebuilder.tar.xz URL
+# https://bugs.openwrt.org/index.php?do=details&task_id=1670
+IMGBUILDERURL="https://downloads.openwrt.org/releases/${RELEASE}/targets/${TARGET_ARCHITECTURE}/${TARGET_VARIANT}/${IMGBUILDER_ARCHIVE}"
+
+if [ -z ${TARGET_DEVICE} ]; then
+    echo "Usage: $0 architecture variant device-profile"
+    echo " e.g.: $0 ath79 generic tplink_tl-wr1043nd-v1"
+    echo "       $0 ath79 generic tplink_archer-c6-v2"
+    echo "       $0 ath79 generic tplink_tl-wdr4300-v1"
+    echo "       $0 bcm53xx generic dlink_dir-885l"
+    echo " to get a list of supported devices issue a 'make info' in the OpenWRT image builder directory:"
+    echo "   '${IMGBUILDER_DIR}'"
+    echo " the build results will be under '${IMGBUILDER_DIR}/bin/targets/'"
     kill -INT $$
 fi
 
-BUILD=`dirname "$0"`"/build/"
-BUILD=`absolutize $BUILD`
-IMGTEMPDIR="${BUILD}/openwrt-build-image-extras"
-IMGBUILDERDIR="${BUILD}/OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64"
-IMGBUILDERURL="https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2"
+# the absolute minimum for extroot to work at all (i.e. when the disk is already set up, for example by hand).
+# this list may be smaller and/or different for your router, but it works with my ath79.
+# blockdev is needed to re-read the partition table using `blockdev --rereadpt /dev/sdX`
+PREINSTALLED_PACKAGES="block-mount kmod-fs-ext4 kmod-usb-storage blockdev"
 
-PREINSTALLED_PACKAGES="wireless-tools firewall iptables"
+# some kernel modules may also be needed for your hardware
+#PREINSTALLED_PACKAGES+=" kmod-usb-uhci kmod-usb-ohci"
+
+# these are needed for the proper functioning of the auto extroot scripts
+PREINSTALLED_PACKAGES+=" blkid mount-utils swap-utils e2fsprogs fdisk"
+
+# the following packages are optional, feel free to (un)comment them
+PREINSTALLED_PACKAGES+=" wireless-tools firewall4"
+PREINSTALLED_PACKAGES+=" kmod-usb-storage-extras kmod-mmc"
 PREINSTALLED_PACKAGES+=" ppp ppp-mod-pppoe ppp-mod-pppol2tp ppp-mod-pptp kmod-ppp kmod-pppoe"
-PREINSTALLED_PACKAGES+=" fdisk blkid swap-utils mount-utils block-mount e2fsprogs kmod-fs-ext4 kmod-usb2 kmod-usb-uhci kmod-usb-ohci kmod-usb-storage kmod-usb-storage-extras kmod-mmc"
 PREINSTALLED_PACKAGES+=" luci"
 
-mkdir --parents ${BUILD}
+# you exclude packages with this to shrink the image for
+# routers with smaller flash storage.
+# SAVE_SPACE_PACKAGES=" -ppp -ppp-mod-pppoe -ip6tables -odhcp6c -kmod-ipv6 -kmod-ip6tables -ath10k"
+SAVE_SPACE_PACKAGES=""
 
-rm -rf $IMGTEMPDIR
-cp -r image-extras $IMGTEMPDIR
-if [ -e image-extras.$TARGET_PLATFORM/ ]; then
-    rsync -pr image-extras.$TARGET_PLATFORM/ $IMGTEMPDIR/
+PREINSTALLED_PACKAGES+=${SAVE_SPACE_PACKAGES}
+
+mkdir -pv "${BUILD}"
+
+rm -rf "${IMGTEMPDIR}"
+cp -r image-extras/common/ "${IMGTEMPDIR}"
+PER_PLATFORM_IMAGE_EXTRAS="image-extras/${TARGET_DEVICE}/"
+if [ -e "${PER_PLATFORM_IMAGE_EXTRAS}" ]; then
+    rsync -pr "${PER_PLATFORM_IMAGE_EXTRAS}" "${IMGTEMPDIR}/"
 fi
 
-if [ ! -e ${IMGBUILDERDIR} ]; then
-    pushd ${BUILD}
-    wget --continue ${IMGBUILDERURL}
-    tar jvxf OpenWrt-ImageBuilder*.tar.bz2
+if [ ! -e "${IMGBUILDER_DIR}" ]; then
+    pushd "${BUILD}"
+    # --no-check-certificate if needed
+    wget --continue "${IMGBUILDERURL}"
+    xz -d <"${IMGBUILDER_ARCHIVE}" | tar vx
     popd
 fi
 
-pushd ${IMGBUILDERDIR}
+pushd "${IMGBUILDER_DIR}"
 
-make image PROFILE=${TARGET_PLATFORM} PACKAGES="${PREINSTALLED_PACKAGES}" FILES=${IMGTEMPDIR}
+make image PROFILE=${TARGET_DEVICE} PACKAGES="${PREINSTALLED_PACKAGES}" FILES=${IMGTEMPDIR}
 
-pushd bin/ar71xx/
-ln -s ../../packages .
+pushd "bin/targets/${TARGET_ARCHITECTURE}/"
+ln -sf ../../../packages .
 popd
 
 popd

build/.gitignore

@@ -1,4 +0,0 @@
-# Ignore everything in this directory
-*
-# Except this file
-!.gitignore

default.nix

@@ -0,0 +1,19 @@
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.mkShell {
+  buildInputs = with pkgs; [
+    coreutils posix_man_pages bash-completion less
+    gitFull diffutils
+    gnumake which
+    ncurses perl python2 python3
+
+    # keep this line if you use bash
+    bashInteractive
+  ];
+
+  shellHook =
+  ''
+    alias ..='cd ..'
+    alias ...='cd ../..'
+  '';
+}

image-extras.TLMR3020/etc/config/network

@@ -1,11 +0,0 @@
-
-config interface 'loopback'
-	option ifname 'lo'
-	option proto 'static'
-	option ipaddr '127.0.0.1'
-	option netmask '255.0.0.0'
-
-config interface 'lan'
-	option ifname 'eth0'
-	option type 'bridge'
-	option proto 'dhcp'

image-extras/TLMR3020/etc/config/placeholder

@@ -0,0 +1 @@
+# this is just a file to show how platform specific image extras can be specified

image-extras/common/etc/dropbear/.gitignore

@@ -0,0 +1,3 @@
+# you can put your ssh public key into authorized_keys,
+# but we don't ever want it to be committed to the repo
+authorized_keys

image-extras/common/root/autoprovision-functions.sh

@@ -10,32 +10,43 @@ rootUUID=05d615b3-bef8-460c-9a23-52db8d09e000
 dataUUID=05d615b3-bef8-460c-9a23-52db8d09e001
 swapUUID=05d615b3-bef8-460c-9a23-52db8d09e002
 
-. /lib/ar71xx.sh
+. /lib/functions.sh
 
-# let's try some defaults...
-autoprovisionUSBLed="tp-link:green:usb"
-autoprovisionStatusLed="tp-link:green:qss"
+# let's attempt to define some defaults...
+autoprovisionUSBLed="green:usb"
+autoprovisionStatusLed="green:qss"
+
+echo Board name is [$(board_name)]
 
 # CUSTOMIZE
-case $(ar71xx_board_name) in
-"tl-wr1043nd")
-        autoprovisionUSBLed="tp-link:green:usb"
-        autoprovisionStatusLed="tp-link:green:qss"
-	;;
-"tl-mr3020")
-        autoprovisionUSBLed="tp-link:green:wps"
-        autoprovisionStatusLed="tp-link:green:wlan"
-	;;
-"tl-wr2543n")
-        autoprovisionUSBLed="tp-link:green:wps"
-        autoprovisionStatusLed="tp-link:green:wlan5g"
-	;;
-"tl-wdr4300")
-        autoprovisionUSBLed="tp-link:blue:wan"
-        autoprovisionStatusLed="tp-link:blue:qss"
-	;;
+case $(board_name) in
+    *tl-wr1043nd*)
+        autoprovisionUSBLed="green:usb"
+        autoprovisionStatusLed="green:qss"
+        ;;
+    *tl-mr3020*)
+        autoprovisionUSBLed="green:wps"
+        autoprovisionStatusLed="green:wlan"
+        ;;
+    *tl-wr2543n*)
+        autoprovisionUSBLed="green:wps"
+        autoprovisionStatusLed="green:wlan5g"
+        ;;
+    *tl-wdr3600* | *tl-wdr4300*)
+        autoprovisionUSBLed="green:wlan2g"
+        autoprovisionStatusLed="green:wlan5g"
+        ;;
+    *mynet-n750*)
+        autoprovisionUSBLed="blue:wps"
+        autoprovisionStatusLed="blue:wireless"
+        ;;
+    *archer-c7-v1*)
+        autoprovisionUSBLed="green:wlan2g"
+        autoprovisionStatusLed="green:wlan5g"
+        ;;
 esac
 
+
 log()
 {
     /usr/bin/logger -t autoprov -s $*

image-extras/common/root/autoprovision-stage1.sh

@@ -10,7 +10,7 @@ getPendriveSize()
     # details: https://dev.openwrt.org/ticket/10716#comment:4
     if [ -e /dev/sda ]; then
         # force re-read of the partition table
-        head /dev/sda >/dev/null
+        head -c 1024 /dev/sda >/dev/null
     fi
 
     if (grep -q sda /proc/partitions) then
@@ -23,7 +23,7 @@ getPendriveSize()
 hasBigEnoughPendrive()
 {
     local size=$(getPendriveSize)
-    if [ $size -ge 600000 ]; then
+    if [ $size -ge 100000 ]; then
         log "Found a pendrive of size: $(($size / 2 / 1024)) MB"
         return 0
     else
@@ -31,14 +31,24 @@ hasBigEnoughPendrive()
     fi
 }
 
+rereadPartitionTable()
+{
+    log "Rereading partition table"
+    blockdev --rereadpt /dev/sda
+}
+
 setupPendrivePartitions()
 {
+    log "Erasing partition table"
     # erase partition table
-    dd if=/dev/zero of=/dev/sda bs=1M count=1
+    dd if=/dev/zero of=/dev/sda bs=1k count=256
 
+    rereadPartitionTable
+
+    log "Creating partitions"
     # sda1 is 'swap'
     # sda2 is 'root'
-    # sda3 is 'data'
+    # sda3 is 'data', if there's any space left
     fdisk /dev/sda <<EOF
 o
 n
@@ -64,7 +74,7 @@ q
 EOF
     log "Finished partitioning /dev/sda using fdisk"
 
-    sleep 2
+    rereadPartitionTable
 
     until [ -e /dev/sda1 ]
     do
@@ -73,38 +83,37 @@ EOF
     done
 
     mkswap -L swap -U $swapUUID /dev/sda1
-    mkfs.ext4 -L root -U $rootUUID /dev/sda2
-    mkfs.ext4 -L data -U $dataUUID /dev/sda3
+    mkfs.ext4 -F -L root -U $rootUUID /dev/sda2
+    mkfs.ext4 -F -L data -U $dataUUID /dev/sda3
 
     log "Finished setting up filesystems"
 }
 
 setupExtroot()
 {
-    mkdir -p /mnt/extroot
-    # TODO they said on the wiki that it's optional, an empty overlay also works...
-    # we need to make the internal overlay read-only, otherwise the two md5's may be different
-    # due to writing to the internal overlay from this point until the reboot.
-    # files: /.extroot.md5sum (extroot) and /etc/extroot.md5sum (internal)
-    #mount -o remount,ro /
-    #log "Remounted / as read-only"
-
+    mkdir -p /mnt/extroot/
     mount -U $rootUUID /mnt/extroot
-    #tar -C /overlay -cvf - . | tar -C /mnt/extroot -xf -
 
-    # let's write a new rc.local on extroot which will shadow the one which is in the rom and runs stage1
-    mkdir -p /mnt/extroot/etc/
-    cat >/mnt/extroot/etc/rc.local <<EOF
+    overlay_root=/mnt/extroot/upper
+
+    # at this point we could copy the entire root (a previous version of this script did that), or just the overlay from the flash,
+    # but it seems to work fine if we just create an empty overlay that is only replacing the rc.local from the firmware.
+
+    # let's write a new rc.local on the extroot that will shadow the one which is in the rom (to run stage2 instead of stage1)
+    mkdir -p ${overlay_root}/etc/
+    cat >${overlay_root}/etc/rc.local <<EOF
 /root/autoprovision-stage2.sh
 exit 0
 EOF
 
-    # make sure that we shadow the /var -> /tmp symlink with the extroot, so that /var is permanent
-    mkdir -p /mnt/extroot/var
-    # KLUDGE: but /var/state is assumed to be transient, see https://dev.openwrt.org/ticket/12228
-    cd /mnt/extroot/var
-    ln -s /tmp state
-    cd -
+    # TODO FIXME when this below is enabled then Chaos Calmer doesn't turn on the network and the device remains unreachable
+
+    # make sure that we shadow the /var -> /tmp symlink in the new extroot, so that /var becomes persistent across reboots.
+#    mkdir -p ${overlay_root}/var
+    # KLUDGE: /var/state is assumed to be transient, so link it to tmp, see https://dev.openwrt.org/ticket/12228
+#    cd ${overlay_root}/var
+#    ln -s /tmp state
+#    cd -
 
     log "Finished setting up extroot"
 }

image-extras/common/root/autoprovision-stage2.sh

@@ -9,9 +9,11 @@ installPackages()
     signalAutoprovisionWaitingForUser
 
     until (opkg update)
-    do
+     do
         log "opkg update failed. No internet connection? Retrying in 15 seconds..."
         sleep 15
+        # Initiate a synchronous time update.
+        ntpd -d -q -n -p openwrt.pool.ntp.org
     done
 
     signalAutoprovisionWorking
@@ -30,12 +32,12 @@ installPackages()
 
     # CUSTOMIZE
     # install some more packages that don't need any extra steps
-    opkg install lua luci ppp-mod-pppoe screen mc zip unzip logrotate
+    opkg install lua luci ppp-mod-pppoe screen mc unzip logrotate
 
     # this is needed for the vlans on tp-link 3020 with only a single hw ethernet port
     opkg install kmod-macvlan ip
 
-    # just in case if we were run in a firmware that didn't already had luci
+    # just in case if we were run in a firmware that didn't already have luci
     /etc/init.d/uhttpd enable
 }
 
@@ -50,11 +52,15 @@ autoprovisionStage2()
     else
         signalAutoprovisionWorking
 
+        log "Starting ntpd to update system time; otherwise the openwrt.org certificates are rejected as not yet valid."
+        # Added -l hoping that it may help against ntpd quitting.
+        ntpd -l -N -p openwrt.pool.ntp.org
+
         # CUSTOMIZE: with an empty argument it will set a random password and only ssh key based login will work.
         # please note that stage2 requires internet connection to install packages and you most probably want to log in
         # on the GUI to set up a WAN connection. but on the other hand you don't want to end up using a publically
         # available default password anywhere, therefore the random here...
-        setRootPassword ""
+        #setRootPassword ""
 
         installPackages
 

image-extras/etc/dropbear/authorized_keys

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu9Nwb8tr91hvChHSjEbyS3P0c1+jKtKAdaFCRkyUjVwgCpuzDxiq0auuNulYIfD2oc+THJ6zymJUjWNrVipeUo8BmKkDSMgN0Qf5PlwcSiIj9vDbLqxmVnnvB6xGEROO215Y8XzMOgq8r3Z3WqRUZIeFDHC2sSwJKO3INgsLZd6IoDiM7Dza8pKzYPfY7jJ19JmK4S8lHG3YsoxTy2zkcwCI20sBekJU0iDGvOOJq5UbIumKsAm2uJkMKsKlxkDQr0Y+2J1l0iWBrUHonja6CieO5yNBWluA3DCqxa0pQW3dcOju3mGCQl0j8+3Iblu8lCGoQVSLQ3rUhekmz+cB2Q== alendvai laptop ssh key