Merge branch 'fixes' into 'main'v0.4

prepare 0.4 release

See merge request larswirzenius/v-i!57

7 files changed, 78 insertions, 21 deletions

diff --git a/NEWS.md b/NEWS.md
index d844266..a8b70c7 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -4,6 +4,22 @@ This file summarizes user-visible changes between releases of v-i, the
 vmdb2-based installer of Debian onto bare metal systems.
 
 
+# Version 0.4, released 2023-08-13
+
+Brown paper bag release.
+
+* Fix tutorial to actually work. Some examples were wrong or obsolete.
+  Some details were missing. Also, simplify things a little by
+  reducing unnecessary friction: for example, the download links now
+  work to the release version.
+
+* Fix `configure-installer` to deal with no host key or user CA key
+  being set.
+
+* Fix published files to be HTML, not Markdown, so they are easier to
+  read.
+
+
 # Version 0.3, released 2023-08-12
 
 ## Major changes
diff --git a/configure-installer b/configure-installer
index 2e97354..269816b 100755
--- a/configure-installer
+++ b/configure-installer
@@ -50,7 +50,8 @@ class Config:
         log(f"reading configuration from {filename}")
         with open(filename) as f:
             obj = yaml.safe_load(f)
-        self.config.update(obj)
+        if obj is not None:
+            self.config.update(obj)
         for key in self.exandable:
             if self.config[key] is not None:
                 self.config[key] = os.path.expanduser(self.config[key])
@@ -77,6 +78,8 @@ class Config:
             return cat(filename)
 
         cmd = self.config.get(f"{prefix}_cmd")
+        if cmd is None:
+            return None
         if hostname is not None:
             cmd = hostname.join(cmd.split("$HOST"))
         if cmd is not None:
@@ -138,8 +141,8 @@ def dir_exists(mp, path):
 def host_id(config, mp, installer_hostname):
     key = config.host_key(installer_hostname)
     cert = config.host_cert(installer_hostname)
-    if key is None:
-        sys.exit("could not find host key for installer")
+    if key is None or cert is None:
+        return
 
     config_d = "/etc/ssh/sshd_config.d"
     host_key = "/etc/ssh/ssh_host_key"
@@ -176,6 +179,8 @@ def authorized_keys(config, mp):
 
 def user_ca(config, mp):
     ca_key = config.user_ca_pub()
+    if ca_key is None:
+        return
 
     include = f"{mp}/etc/ssh/sshd_config.d/user_ca.conf"
     write(include, "TrustedUserCAKeys /etc/ssh/user_ca_pubs\n", 0, 0, 0o644)
diff --git a/publish-release.sh b/publish-release.sh
new file mode 100755
index 0000000..76c21d3
--- /dev/null
+++ b/publish-release.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -euo pipefail
+
+img="$1"
+dir="$2"
+
+version="$(basename "$dir")"
+
+mkdir "$dir"
+xz -0vT0 <"$img" >"$dir/v-i.img.xz"
+cp configure-installer write-and-config.sh "$dir/"
+for file in NEWS.md README.md tutorial.md spec.md; do
+	sed "s/VERSION/$version/" "$file" >tmp.md
+	pandoc tmp.md -o "$dir/$(basename "$file" .md).html"
+	rm tmp.md
+done
diff --git a/std.yml b/std.yml
index 08724a9..a69b6bb 100644
--- a/std.yml
+++ b/std.yml
@@ -116,10 +116,17 @@
         name: ifupdown
         state: absent
 
-    - name: "enable the non-free-firmware component on bookworm"
+    - name: "enable the non-free-firmware component"
       when: debian_release != "bullseye"
       apt_repository:
-        repo: "deb http://deb.debian.org/debian {{ debian_release}} non-free-firmware"
+        repo: "deb http://deb.debian.org/debian {{ debian_release }} non-free-firmware"
+        state: present
+        update_cache: yes
+
+    - name: "enable the non-free component"
+      when: debian_release == "bullseye"
+      apt_repository:
+        repo: "deb http://deb.debian.org/debian {{ debian_release }} non-free"
         state: present
         update_cache: yes
 
diff --git a/tutorial.md b/tutorial.md
index c8e48e0..53171f1 100644
--- a/tutorial.md
+++ b/tutorial.md
@@ -8,14 +8,13 @@ You need:
 
 The steps:
 
-1. Download the installer image from
-   <https://files.liw.fi/v-i/v-i.img.xz>. You can use `curl` or `wget`
-   or your web browser. Use **one of** the following commands:
-
-    ~~~sh
-    curl https://files.liw.fi/v-i/v-i.img.xz > v-i.img.xz
-    wget -c https://files.liw.fi/v-i/v-i.img.xz
-    ~~~
+1. Download the installer image (`v-i.img.xz`) and related scripts
+   (`configure-installer` and `write-and-config.sh`) from a
+   subdirectory or <https://files.liw.fi/v-i/>.
+   
+   * <https://files.liw.fi/v-i/VERSION/v-i.img.xz>
+   * <https://files.liw.fi/v-i/VERSION/configure-installer>
+   * <https://files.liw.fi/v-i/VERSION/write-and-config.sh>
 
 2. Unpack the downloaded image.
 
@@ -40,6 +39,14 @@ The steps:
    to log in as `root` using SSH. Password logins are not allowed for
    SSH. You can also log in via the console, as `root`, without a
    password.
+   
+   The installer configuration file can specify a wifi access point to
+   connect to, if you need that.
+   
+   ~~~yaml
+   wifi_name: DadItIsThisOne
+   wifi_password: hunter2
+   ~~~
 
 4. Insert USB drive and find out the device allocated it. I prefer GNOME
    Disks for this, but you can also look up the device of the USB
@@ -49,7 +56,7 @@ The steps:
 5. Write the installer image to the USB drive, and configure it.
 
    ~~~sh
-   sudo ./write-and-config.sh config.yaml /dev/sdx v-i.img
+   sudo bash write-and-config.sh config.yaml /dev/sdx v-i.img
    ~~~
 
    This will take a few minutes.
@@ -58,8 +65,7 @@ The steps:
    prefer GNOME Disks for this, but from the command line:
 
     ~~~sh
-    sync
-    eject /dev/sdx
+    udisksctl power-off -b /dev/sdx
     ~~~
 
 7. Move the USB drive to the target machine and boot off the drive.
@@ -75,7 +81,7 @@ The steps:
 
     ~~~sh
     iwctl station wlan0 get-networks
-    iwctl stations wlan0 connect DadItIsThisOne
+    iwctl station wlan0 connect DadItIsThisOne
     ~~~
 
    Substitute the name of the network as needed. Enter wifi password
@@ -87,11 +93,17 @@ The steps:
    will be encrypted using LUKS, with the password "hunter2".
 
     ~~~yaml
+    hostname: x220
     drive: /dev/nvme0n1
     luks: hunter2
+    ansible_vars:
+      user_pub: |
+       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP
     ~~~
     
-    See [spec.md][] for a full description of the specification file.
+    The SSH public key will be added to the root user's
+    `authorized_keys` file. See [spec.md][] for a full description of
+    the target specification file.
 
 10. Install. Add the `--verbose` option to `./v-i` if you want to know
     what's happening. The first time you run this on a given v-i USB
@@ -115,5 +127,5 @@ The steps:
 
 13. Optional: Let me know how it went.
 
-[spec.md]: spec.md
+[spec.md]: spec.html
 
diff --git a/v-i b/v-i
index 96b76e6..4430918 100755
--- a/v-i
+++ b/v-i
@@ -549,8 +549,8 @@ def main():
         log(f"reading Ansible vars from {filename}")
         with open(filename) as f:
             vars_dict = yaml.safe_load(f)
-        vars_dict["debian_release"] = system.debian_release
         ansible_vars.update(vars_dict)
+    ansible_vars["debian_release"] = system.debian_release
     ansible_vars_json = json.dumps(ansible_vars, indent=4)
     log(f"ansible_vars:\n{ansible_vars_json}")
     timings.reached("read configuration")
diff --git a/write-and-config.sh b/write-and-config.sh
index 1d293d3..a758100 100755
--- a/write-and-config.sh
+++ b/write-and-config.sh
@@ -25,4 +25,4 @@ done
 
 echo
 echo "Configure installer"
-./configure-installer "$config" "$dev"
+python3 ./configure-installer "$config" "$dev"