#!/bin/sh

set -e

# This script is called by the piboot-try-validate service to "validate" boot
# assets being tested by piboot-try (under new/ on the boot partition).
#
# If this script exits with return code 0 ("true" in shell parlance), the boot
# assets under new/ will be considered "good", and will be swapped into
# current/, otherwise they will be marked "bad".

# By default, this script simply returns 0. In other words, reaching the
# piboot-try-validate service (which runs as part of multi-user.target) is
# enough to consider the boot "good".
true

# You may want to test if a particular network interface exists. For example,
# if you have a headless server that must connect to the network, and a kernel
# update misses a module necessary for driving that interface, then it may not
# exist.
#ip link show eth0 >/dev/null
#ip link show wlan0 >/dev/null

# You may further wish to test if the interface is "up" and/or has a valid
# address, but be warned that testing to this degree is not necessarily
# advisable.
#
# Firstly, for such a test to be valid, you should add something like
# "After=network-online.target" to piboot-try-validate with a unit override.
# Secondly, consider that, using the examples below, a faulty DHCP server could
# result in your Pi marking perfectly valid boot assets as "bad", resulting in
# it falling back to an older kernel with unpatched security issues.
#
# Test if eth0 is "UP"
#ip --json addr show eth0 | jq -e '.[0].operstate == "UP"' >/dev/null
#
# Test if eth0 has an IPv4 address
#ip --json addr show eth0 | jq -e '[.[0].addr_info[].family == "inet"] | any' >/dev/null
#
# Test if eth0 has an IPv6 address
#ip --json addr show eth0 | jq -e '[.[0].addr_info[].family == "inet6"] | any' >/dev/null
