Add workaround for kernel bug

foosel · foosel · commit 7fac47f256ec · 2023-03-28T13:52:21.000+02:00
If we install `raspberrypi-kernel = 1:1.20230317-1` we need to patch ssh host key regeneration, otherwise it will take AGES during first boot on anything other than a Pi4, due to some issue with `/dev/hwrng` in that kernel. See also raspberrypi/linux#5390
diff --git a/scripts/02-update-boot b/scripts/02-update-boot
@@ -7,3 +7,19 @@ source /common.sh
 install_cleanup_trap
 
 apt-get install --yes --reinstall raspberrypi-bootloader raspberrypi-kernel
+
+kernel_version=$(dpkg -s raspberrypi-kernel | grep -i version | awk '{print $2}')
+if [ "$kernel_version" = "1:1.20230317-1" ]; then
+    # This kernel version needs a workaround because ssh key generation is slow AF
+    #
+    # Patches from https://github.com/RPi-Distro/pi-gen/issues/682#issuecomment-1484119300
+    #
+    # Note that this is a temporary workaround, and will be removed in the future. Using
+    # /dev/urandom instead of /dev/hwrng is less secure for key generation, however for now
+    # it is the only way to get a working system thanks to a kernel bug in hwrng on anything
+    # other than the Pi 4, see https://github.com/raspberrypi/linux/issues/5390
+    pushd /
+        patch -p1 -u -b < /files/regenerate_ssh_host_keys/regenerate_ssh_host_keys.patch
+        patch -p1 -u -b < /files/regenerate_ssh_host_keys/firstboot.patch
+    popd
+fi
diff --git a/scripts/80-install-user-fix b/scripts/80-install-user-fix
@@ -10,7 +10,7 @@ install_cleanup_trap
 [ -f '/root/bin/user-fix' ] && exit 0
 
 # we need to install virtualenv-tools3, so let's get pip and that
-apt install -y python3-pip
+apt-get install -y python3-pip
 sudo -u pi pip3 install --user virtualenv-tools3
 
 cp /files/user-fix /root/bin/user-fix
diff --git a/scripts/files/regenerate_ssh_host_keys/firstboot.patch b/scripts/files/regenerate_ssh_host_keys/firstboot.patch
@@ -0,0 +1,11 @@
+--- a/usr/lib/raspberrypi-sys-mods/firstboot	2022-09-15 13:46:12.000000000 +0100
++++ b/usr/lib/raspberrypi-sys-mods/firstboot	2023-03-28 12:31:05.529858256 +0100
+@@ -63,7 +63,7 @@
+ fix_partuuid() {
+   mount -o remount,rw "$ROOT_PART_DEV"
+   mount -o remount,rw "$BOOT_PART_DEV"
+-  DISKID="$(tr -dc 'a-f0-9' < /dev/hwrng | dd bs=1 count=8 2>/dev/null)"
++  DISKID="$(tr -dc 'a-f0-9' < /dev/urandom | dd bs=1 count=8 2>/dev/null)"
+   fdisk "$ROOT_DEV" > /dev/null <<EOF
+ x
+ i
diff --git a/scripts/files/regenerate_ssh_host_keys/regenerate_ssh_host_keys.patch b/scripts/files/regenerate_ssh_host_keys/regenerate_ssh_host_keys.patch
@@ -0,0 +1,11 @@
+--- a/usr/lib/raspberrypi-sys-mods/regenerate_ssh_host_keys	2022-09-01 16:22:09.000000000 +0100
++++ b/usr/lib/raspberrypi-sys-mods/regenerate_ssh_host_keys	2023-03-28 12:26:26.822217883 +0100
+@@ -1,8 +1,5 @@
+ #!/bin/sh -e
+ 
+-if [ -c /dev/hwrng ]; then
+-  dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096 status=none
+-fi
+ rm -f /etc/ssh/ssh_host_*_key*
+ ssh-keygen -A > /dev/null
+ systemctl -q disable regenerate_ssh_host_keys
