armbian-firstrun: Optionally skip OpenSSH host key regeneration

lib/functions/bsp/armbian-bsp-cli-deb.sh

@@ -451,6 +451,9 @@ function board_side_bsp_cli_postinst_finish() {
 	if [ ! -f "/etc/default/armbian-zram-config" ] && [ -f /etc/default/armbian-zram-config.dpkg-dist ]; then
 		mv /etc/default/armbian-zram-config.dpkg-dist /etc/default/armbian-zram-config
 	fi
+    if [ ! -f "/etc/default/armbian-firstrun" ]; then
+		mv /etc/default/armbian-firstrun.dpkg-dist /etc/default/armbian-firstrun
+	fi
 
 	if [ -L "/usr/lib/chromium-browser/master_preferences.dpkg-dist" ]; then
 		mv /usr/lib/chromium-browser/master_preferences.dpkg-dist /usr/lib/chromium-browser/master_preferences

lib/functions/rootfs/distro-agnostic.sh

@@ -398,7 +398,14 @@ function install_distribution_agnostic() {
 
 	# enable additional services, if they exist.
 	display_alert "Enabling Armbian services" "systemd" "info"
-	[[ -f "${SDCARD}"/lib/systemd/system/armbian-firstrun.service ]] && chroot_sdcard systemctl --no-reload enable armbian-firstrun.service
+	if [[ -f "${SDCARD}"/lib/systemd/system/armbian-firstrun.service ]]; then
+	    # Note: armbian-firstrun starts before the user has a chance to edit the env file's values.
+	    # Exceptionaly, the env file can be edited during image build time
+        if test -n "$OPENSSHD_REGENERATE_HOST_KEYS"; then
+            sed -i "s/\(^OPENSSHD_REGENERATE_HOST_KEYS *= *\).*/\1$OPENSSHD_REGENERATE_HOST_KEYS/" "${SDCARD}"/etc/default/armbian-firstrun
+        fi
+		chroot_sdcard systemctl --no-reload enable armbian-firstrun.service
+	fi
 	[[ -f "${SDCARD}"/lib/systemd/system/armbian-zram-config.service ]] && chroot_sdcard systemctl --no-reload enable armbian-zram-config.service
 	[[ -f "${SDCARD}"/lib/systemd/system/armbian-hardware-optimize.service ]] && chroot_sdcard systemctl --no-reload enable armbian-hardware-optimize.service
 	[[ -f "${SDCARD}"/lib/systemd/system/armbian-ramlog.service ]] && chroot_sdcard systemctl --no-reload enable armbian-ramlog.service

packages/bsp/common/etc/default/armbian-firstrun.dpkg-dist

@@ -0,0 +1,6 @@
+# configuration values for the armbian-firstrun service
+
+# Delete + regenerate OpenSSH host keys
+# true  = delete + generate host keys
+# false = no deletion / no generation for host keys
+OPENSSHD_REGENERATE_HOST_KEYS=true

packages/bsp/common/lib/systemd/system/armbian-firstrun.service

@@ -10,6 +10,7 @@ After=ssh.service
 [Service]
 Type=simple
 RemainAfterExit=yes
+EnvironmentFile=/etc/default/armbian-firstrun
 ExecStart=/usr/lib/armbian/armbian-firstrun start
 TimeoutStartSec=2min
 

packages/bsp/common/usr/lib/armbian/armbian-firstrun

@@ -46,12 +46,16 @@ case "$1" in
 	[[ -f /etc/systemd/system/armbian-live-patch.service ]] && systemctl --no-reload enable armbian-live-patch.service
 
 	# SSH Keys creation
-	rm -f /etc/ssh/ssh_host*
-	read entropy_before </proc/sys/kernel/random/entropy_avail
-	dpkg-reconfigure openssh-server >/dev/null 2>&1
-	service ssh restart
-	read entropy_after </proc/sys/kernel/random/entropy_avail
-	echo -e "\n### [firstrun] Recreated SSH keys (entropy: ${entropy_before} ${entropy_after})" >>${Log}
+	if [[ "${OPENSSHD_REGENERATE_HOST_KEYS}" = true ]]; then
+		rm -f /etc/ssh/ssh_host*
+		read entropy_before </proc/sys/kernel/random/entropy_avail
+		dpkg-reconfigure openssh-server >/dev/null 2>&1
+		service ssh restart
+		read entropy_after </proc/sys/kernel/random/entropy_avail
+		echo -e "\n### [firstrun] Recreated SSH keys (entropy: ${entropy_before} ${entropy_after})" >>${Log}
+	else
+		echo -e "\n### [firstrun] SSH host keys unchanged" >>${Log}
+	fi
 
 	# get rid of purple background color in newt apps whiptail, partimage, debconf ... Reverting to Debian look.
 	[[ -f /etc/newt/palette ]] && sed -e 's/magenta/blue/g' -i /etc/newt/palette